The URL can be used to link to this page

Res No 181-22-15934RESOLUTION NO: 181-22-1593!_ A Resolution authorizing the City Manager to enter into a multi-year lease agreement for City copiers onto a piggyback agreement with OMNIA Partners, a purchasing cooperative. WHEREAS, the City's current copier lease agreement with Canon Solutions America expires in January 2023; therefore, the Procurement Division reviewed cooperative contracts that include volume discounts for large number of copiers where the City can take advantage of the pricing and terms for the City's twelve (12) copiers; and WHEREAS, the City is recommending a piggyback agreement for Xerox copiers onto an OMNIA Partners purchasing cooperative contract where Xerox Corporation is an authorized dealer for the OMNIA Partners Program which utilizes the University of California contract No. 2020002686; and WHEREAS, the contract was competitively bid by the University of California utilizing a solicitation process that is at least as rigorous as that of the City and the termination date is November 17, 2025, with five (5), one (1) year renewals to potentially November 17, 2030; and WHEREAS, the University of California Omnia Partners contract issued multiple awards to Xerox Corporation, Canon Solutions America and Ricoh USA, Inc., therefore the City requested pricing from all three companies; and WHEREAS, the City's current copiers are provided by Canon however, Xerox Corporation provided the lowest, most responsive, and responsible quote for the City's copiers. The monthly lease amounts for a 5-year lease are listed below: COPIER MFG MONTHLY LEASE ANNUAL LEASE 5-YEAR LEASE AMOUNT AMOUNT AMOUNT XEROX $1,426.79 $17,121.48 $85,607.40 RICOH $1,567.06 $18,804.72 $94,023.60 CANON $1,587.65 $19,051.80 $95,259.00 WHEREAS, all service, parts and supplies (toners, drums and staples); except paper, are included and pricing is fixed for the 60-month lease term; and WHEREAS, service and technical support is provided directly by Xerox which is more reliable than third party dealers that represent multiple copier manufacturers who utilize their own technical support group, as is sometimes the practice, and not support directly provided by the copier manufacturer and; Page I of 2 Res. No. 181-22 -15934 WHEREAS, due to supply chain delivery issues, and to ensure there is no i nte rru pti o n in cop ie r se r v i ce, t h e existi ng copier lease wi ll terminate when the City schedules the copiers for pick-u p by Canon; and WHEREAS, t he monthly lease is $1,426.79 plus estimated monthly copy charges base d o n histo r ica l vo lume of $658 per mont h ($238 B&W; $420 Color) and ch arged to vari ous accou nts by department. N OW THEREFORE BE IT RESOLV ED BY THE MAYO R AND CITY COMMISSIO N OF THE CITY OF SOUT H MIAMI, FLORIDA. Sec t ion 1. The forego ing rec i ta ls are h ereby ratified and confirmed as being true and corr ect and ar e hereby made a specific part of this resolution upon adoption hereof. Sectio n 2 . The City Manager is authorized to enter into a multi-year lease agreeme nt for City copiers with Xerox Corporation onto a piggyback agreement w ith OMNIA Partners, a purchasing cooperative. A copy of the agreement is attached. Se ction 3 . Cor re ct io ns . Conforming language or technical scrivene r -type correcti ons may be made by the City Attorney for any conforming ame ndments to be incorporated i nto the fina l resolution for signature. Sectio n 4. Sev erability. If any section clause, se ntence, or phrase of this reso lu tion is for any reason held invalid or unconstitutional by a court of competent jurisd iction, t h e hold i ng will not affect the va li dity of the remain ing portions of this resolution. Se ction 5. Effective Date. This resolution wil l become effective immediately upon adoption. PASSED AND A DO PTED th is 20 t h day of Dece m ber, 2022. ATT EST: READ AND AP PROVED AS TO FORM , LANGUAGE, LEGA LITY AND EXECUTION EX ECUTION THEREO F Page 2 of 2 APPROVED: tf5Y COMMISSION VOTE: 5-0 Mayor Fe rnandez: Vice Mayor Bon ich: Yea Yea Commissioner Liebman: Yea Commissioner Corey: Yea Commissione r Calle: Yea Agenda Item No:Fa. City Commission Agenda Item Report Meeting Date: December 20, 2022 Submitted by: Steven Kulick Submitting Department: Procurement Division Item Type: Resolution Agenda Section: Subject: A Resolution authorizing the City Manager to enter into a multi-year lease agreement for City copiers onto a piggyback agreement with OMNIA Partners, a purchasing cooperative. 3/5 (City Manager) Suggested Action: Attachments: CMf_Memo_Xerox_Copier_Piggyback (2).docx Resolutionf_Xerox_Copier_Piggyback_12.12.22.docx Xerox Omnia Partners Piggyback Contract 12.13.22.pdf XEROXQ~1.PDF Multi Award Goods_and_Services_Multi-Award_Justification.pdf UC ONMIA Canon Xerox Ricoh Comparison.pdf MDBR Ad.pdf MH Ad.pdf 1 CITY OF SOUTH MIAMI OFFICE OF THE CITY MANAGER INTER-OFFICE MEMORANDUM Page 1 of 2 TO:The Honorable Mayor & Members of the City Commission FROM: Shari Kamali, City Manager DATE: December 20, 2022 SUBJECT: A Resolution authorizing the City Manager to enter into a multi-year lease agreement for City copiers onto a piggyback agreement with OMNIA Partners, a purchasing cooperative. BACKGROUND:The City’s current copier lease agreement with Canon Solutions America expires in January 2023; therefore, the Procurement Division reviewed cooperative contracts that include volume discounts for large number of copiers where the City can take advantage of the pricing and terms for the City’s twelve (12) copiers. The City is recommending a piggyback agreement for Xerox copiers onto an OMNIA Partners purchasing cooperative contract. Xerox Corporation is an authorized dealer for the OMNIA Partners Program which utilizes the University of California contract No. 2020002686. The contract was competitively bid by the University of California utilizing a solicitation process. The termination date is November 17, 2025, with five (5), one (1) year renewals to potentially November 17, 2030. The University of California Omnia Partners contract issued multiple awards to Xerox Corporation, Canon Solutions America and Ricoh USA, Inc., therefore the City requested pricing from all three companies. The copier equipment current lease price, which was procured in 2018, is $1,108 per month @48 monthsfor lease of equipment with additional chargesfor color and black and white copies. The City’s current copiers are provided by Canon however, Xerox Corporation provided the lowest, most responsive and responsible quote for the City’s copiers. 2 THE CITY OF PLEASANT LIVING CITY OF SOUTH MIAMI OFFICE OF THE CITY MANAGER INTER-OFFICE MEMORANDUM Page 2 of 2 The monthly lease amounts for a 5-year lease are listed below: COPIER MFG MONTHLY LEASE AMOUNT ANNUAL LEASE AMOUNT 5-YEAR LEASE AMOUNT XEROX $1,426.79 $17,121.48 $85,607.40 RICOH $1,567.06 $18,804.72 $94,023.60 CANON $1,587.65 $19,051.80 $95,259.00 All service, parts, and supplies (toners, drums, and staples); except paper, are included. Pricing is fixed for the 60-month lease term. Service and technical support is provided directly by Xerox which is more reliable than third party dealers that represent multiple copier manufacturers who utilize their own technical support group, as is sometimes the practice, and not support directly provided by the copier manufacturer. In addition to the monthly lease amount for each copier, monthly copy charges apply for B & W and color copies. The City currently has thirteen (13) copiers; now downgraded to twelve (12) with the elimination of the Motor Pool device. Copiers are equipped with various optional equipment to meet individual department needs. AMOUNT:The monthly lease is $1,426.79 plus estimated monthly copy charges based on historical volume of $658 per month ($238 B&W; $420 Color) ACCOUNT:Various accounts by department ATTACHMENTS: Resolution Xerox Corporation Piggyback Agreement Xerox Proposal Multi Award Justification, UC Omnia Partners Pricing Comparison Xerox, Canon and Ricoh 3 THE CITY OF PLEASANT LIV I NG Page 1 of 2 RESOLUTION NO: _______________1 A Resolution authorizing the City Manager to enter into a multi-year lease 2 agreement for City copiers onto a piggyback agreement with OMNIA Partners, a 3 purchasing cooperative.4 WHEREAS, the City’s current copier lease agreement with Canon Solutions 5 America expires in January 2023; therefore, the Procurement Division reviewed 6 cooperative contracts that include volume discounts for large number of copiers where 7 the City can take advantage of the pricing and terms for the City’s twelve (12) copiers; 8 and9 WHEREAS, the City is recommending a piggyback agreement for Xerox copiers 10 onto an OMNIA Partners purchasing cooperative contract where Xerox Corporation is an 11 authorized dealer for the OMNIA Partners Program which utilizes the University of 12 California contract No. 2020002686; and13 WHEREAS, the contract was competitively bid by the University of California 14 utilizing a solicitation process that is at least as rigorous as that of the City and the 15 termination date is November 17, 2025, with five (5), one (1) year renewals to potentially 16 November 17, 2030; and17 WHEREAS, the University of California Omnia Partners contract issued multiple 18 awards to Xerox Corporation, Canon Solutions America and Ricoh USA, Inc., therefore the 19 City requested pricing from all three companies; and20 WHEREAS,the City’s current copiers are provided by Canon however, Xerox 21 Corporation provided the lowest, most responsive, and responsible quote for the City’s 22 copiers. The monthly lease amounts for a 5-year lease are listed below:23 COPIER MFG MONTHLY LEASE AMOUNT ANNUAL LEASE AMOUNT 5-YEAR LEASE AMOUNT XEROX $1,426.79 $17,121.48 $85,607.40 RICOH $1,567.06 $18,804.72 $94,023.60 CANON $1,587.65 $19,051.80 $95,259.00 WHEREAS,all service, parts and supplies (toners, drums and staples); except 24 paper, are included and pricing is fixed for the 60-month lease term; and25 WHEREAS,service and technical support is provided directly by Xerox which is 26 more reliable than third party dealers that represent multiple copier manufacturers who 27 utilize their own technical support group, as is sometimes the practice, and not support 28 directly provided by the copier manufacturer and;29 30 4 Page 2 of 2 WHEREAS,due to supply chain delivery issues, and to ensure there is no 1 interruption in copier service, the existing copier lease will terminate when the City 2 schedules the copiers for pick-up by Canon; and3 WHEREAS,the monthly lease is $1,426.79 plus estimated monthly copy charges 4 based on historical volume of $658 per month ($238 B&W; $420 Color) and charged to 5 various accounts by department.6 NOW THEREFORE BE IT RESOLVED BY THE MAYOR AND CITY COMMISSION OF THE CITY 7 OF SOUTH MIAMI, FLORIDA.8 Section 1. The foregoing recitals are hereby ratified and confirmed as being true 9 and correct and are hereby made a specific part of this resolution upon adoption hereof.10 Section 2. The City Manager is authorized to enter into a multi-year lease 11 agreement for City copiers with Xerox Corporation onto a piggyback agreement with 12 OMNIA Partners, a purchasing cooperative. A copy of the agreement is attached.13 Section 3. Corrections.Conforming language or technical scrivener-type 14 corrections may be made by the City Attorney for any conforming amendments to be 15 incorporated into the final resolution for signature.16 Section 4. Severability. If any section clause, sentence, or phrase of this 17 resolution is for any reason held invalid or unconstitutional by a court of competent 18 jurisdiction, the holding will not affect the validity of the remaining portions of this 19 resolution.20 21 Section 5. Effective Date. This resolution will become effective immediately upon 22 adoption.23 24 PASSED AND ADOPTED this ___ day of __________, 202225 26 ATTEST:APPROVED:27 28 29 _____________________________________________________30 CITY CLERK MAYOR31 32 33 COMMISSION VOTE:34 READ AND APPROVED AS TO FORM,35 LANGUAGE, LEGALITY AND EXECUTION Mayor Fernández:36 EXECUTION THEREOF Vice Mayor Bonich:37 Commissioner Liebman:38 Commissioner Corey:39 _______________________Commissioner Calle:40 CITY ATTORNEY41 5 CONTRACT FOR PRINT GOODS AND SERVICES THIS AGREEMENT made and entered into this 20th day of December, 2022 by and between the City of South Miami, a Florida municipal Corporation by and through its City Manager (hereinafter referred to as “City”) and Xerox Corporation (hereinafter referred to as “Contractor”), an authorized dealer for the OMNIA Partners Program (“Cooperative Purchasing Program”) which utilizes the University of California, CA (the “University”) Contract Number: 2020002686 effective November 25, 2020 (“Master Contract”), whose address is 14025 NW 60 Ave., Miami FL 33014 and a vendor on the Cooperative Purchasing Program Contract. Unless specifically defined herein, capitalized terms shall have the same meaning as in the Master Contract. WITNESSETH: WHEREAS, the University solicited bids pursuant to a public solicitation for Print Goods and Services; and WHEREAS, the University after completing a competitive bidding process, awarded a contract to Contractor; and WHEREAS, the City of South Miami desires to utilize the Master Contract with Contractor as a Participating Public Agency pursuant to its agreement with OMNIA; and WHEREAS, the City is authorized, pursuant to the City of South Miami’s Charter, to piggyback off of contracts, such as the Master Contract, that were entered into in accordance with a solicitation process that is at least as vigorous as that of the City of South Miami; and NOW, THEREFORE, the City and the Contractor, each through their authorized representative/official, agree as follows: 1. The City desires to enter into a contract, under the same provisions as set forth in the Master Contract, as modified by this Agreement. 2. The City has reviewed the Master Contract and agrees to the provisions of that contract which shall be applicable to a purchase order to be issued by the City and further agrees to the fair and reasonableness of the pricing. Contractor hereby agrees to provide such goods and/or services, pursuant to the City’s purchase order made during the term of this Agreement, under the same price(s), terms and conditions as found in the Master Contract, pertinent copies of which are attached hereto as Attachment A and made a part hereof by reference. 3. All references in the Master Contract, shall be assumed to pertain to, and are binding upon Contractor and the City of South Miami. All decisions that are to be made on behalf of the University as set forth in the Master Contract shall all be made by the City Manager for the City of South Miami. Notwithstanding anything contained in the Master Contract to the contrary, this Agreement shall be governed by the laws of the State of Florida and venue for all dispute resolutions or litigation shall be in Miami-Dade County, Florida. 1 of 1132 6 4. Term. The term of the Agreement, including all extensions authorized by the Agreement shall not exceed consecutive five years. 5. Scope of Goods and Services. The scope of goods and services (which may hereinafter be referred to as the “Work”) are set forth in the attached Attachment A and any attachments thereto and the City’s purchase order. Notwithstanding any provision of the purchase order to the contrary‚ the use of the purchase order shall be for the City’s administrative convenience and any terms and conditions on the purchase order which conflict with or vary from the terms of the Master Agreement (as modified by this Agreement) shall be deemed null and void. The City’s purchase order shall include information reasonably required by Contractor to process a transaction. The Contractor has agreed to deliver the goods, if any, and perform the services, if any, in a workman like manner and in accordance with all applicable state, county and City laws, at the locations, if any, designated by the City. The Contractor shall obtain and pay for all permits required for the goods and services rendered, if any, with the exception of permits fees charged by the City, said fees shall be waived. 6. Contract Price. The contract price for the good and services is set forth in Attachment A or B. If not otherwise set forth in the Master Contract, , the Contractor shall be paid upon delivery of all the goods, if any, the completion of all the services, if any, and after final inspection and approval, by the City, that approves of the goods delivered, if any, and the services performed, if any. 7. Precedence. The term, provisions and conditions of this Agreement shall take precedence over the terms, provisions and conditions of the contract between Contractor and the University. 8. Public Records: CONTRACTOR and all of its subcontractors are required to comply with the public records law (s.119.0701) while providing goods and/or services on behalf of the CITY and the CONTRACTOR, under such conditions, shall incorporate this paragraph in all of its subcontracts for this Project and shall: (a) Keep and maintain public records required by the public agency to perform the service; (b) Upon request from the public agency's custodian of public records, provide the public agency with a copy of the requested records or allow the records to be inspected or copied within a reasonable time at a cost that does not exceed the cost provided in this chapter or as otherwise provided by law; (c) Ensure that public records that are exempt or confidential and exempt from public records disclosure requirements are not disclosed except as authorized by law for the duration of the contract term and following completion of the contract if the contractor does not transfer the records to the public agency; and (d) Upon completion of the contract, transfer, at no cost, to the public agency all public records in possession of the contractor or keep and maintain public records required by the public agency to perform the service. If the contractor transfers all public records to the public agency upon completion of the contract, the contractor shall destroy any duplicate public records that are exempt or confidential and exempt from public records disclosure requirements. If the contractor keeps and maintains public records upon completion of the contract, the contractor shall meet all applicable requirements for retaining public records. All records stored electronically must be provided to the public agency, upon request from the public agency's custodian of public records, in a format that is compatible with 2 of 1132 7 - the information technology systems of the public agency. IF THE CONTRACTOR HAS QUESTIONS REGARDING THE APPLICATION OF CHAPTER 119, FLORIDA STATUTES, TO THE CONTRACTOR'S DUTY TO PROVIDE PUBLIC RECORDS RELATING TO THIS CONTRACT, CONTACT THE CUSTODIAN OF PUBLIC RECORDS AT 305-663-6340; E-mail: npayne@southmiamifl.gov; 6130 Sunset Drive, South Miami, FL 33143. 9. Waiver Jury Trial: City and Contractor knowingly, irrevocably voluntarily and intentionally waive any right either may have to a trial by jury in State or Federal Court proceedings in respect to any action, proceeding, or lawsuit arising out of the Contract Documents or the performance of the Work thereunder or any counterclaim, cross-claim or third party claim filed in the same proceeding. 10. Notices: Whenever notice shall be required or permitted herein, it shall be delivered by hand delivery, e-mail (or similar electronic transmission), or certified mail with return receipt requested and shall be deemed delivered on the date shown on the e-mail or delivery confirmation for any facsimile transmission or, if by certified mail, the date on the return receipt or the date shown as the date same was refused or unclaimed. If hand delivered to the CITY, a copy must be stamped with the official CITY receipt stamp showing the date of delivery, otherwise the document shall not be considered to have been hand delivered. Notices shall be delivered to the following individuals or entities at the addresses (including e-mail) set forth below or in the introductory paragraph to this contract: To CITY: City Manager, 6130 Sunset Dr. South Miami, FL 33143 Tel: (305) 668-2510 Fax: (305) 663-6345 E-mail: skamali@southmiamifl.gov With copies to: City Attorney 6130 Sunset Dr. South Miami, FL 33143 Tel: (305) 793-3546 E-mail: tpepe@southmiamifl.gov TO CONTRACTOR: Xerox Corporation 14025 NW 60 Ave., Miami FL 33014 E-mail: marilynn.vallori@xerox.com With copies to: Xerox Corporation. 1800 M Street NW, Washington, DC 20036 Attn: Sharon Steele Emailsharon.steele@xerox.com 3 of 1132 8 11. Validity of Executed Copies: This Agreement may be executed in several counterparts, each of which may be construed as an original. 12. Attorneys’ Fees and Costs: In the event of any litigation between the parties arising out of or relating in any way to this Agreement or a breach thereof, each party shall bear its own costs and legal fees. Nothing contained herein shall prevent or prohibit the right to be indemnified for any attorney fees incurred in the defense of an action by a person or entity who is not a party to this Agreement. 13. Indemnification: Notwithstanding anything contained in the Master Contract, the City does not waive its sovereign immunity granted by Florida Statutes, Section 768.28, and the City’s tort liability shall be limited to the waiver of sovereign immunity provided for in Sec tion 768.28. 14. Severability: If any term or provision of this Agreement or the application thereof to any person or circumstance shall, to any extent, be invalid or unenforceable, the remainder of this Agreement, or the application of such term or provision to persons or circumstances other than those to which it is held invalid or unenforceable, shall not be affected thereby and each term and provision of this Agreement shall be valid and enforceable to the fullest extent permitted by law. 15. E-VERIFY: As a condition precedent to entering into this Agreement, and in compliance with Section 448.095, Fla. Stat., Contractor and its subcontractors must register with and use the E-Verify system to verify work authorization status of all employees hired after January 1, 2021. a) Contractor must require each of its subcontractors to provide Contractor with an affidavit stating that the subcontractor does not employ, contract with, or subcontract with an unauthorized alien. b) Contractor must maintain a copy of the subcontractor's affidavit as part of and pursuant to the records retention requirements of this Agreement. c) The City, Contractor, or any subcontractor who has a good faith belief that a person or entity with which it is contracting has knowingly violated Section 448.09(1), Fla. Stat. or the provisions of this section must terminate the contract with the person or entity. d) The City, upon good faith belief that a subcontractor knowingly violated the provisions of this section, but that the Contractor otherwise complied, must promptly notify Contractor and Contractor must immediately terminate the contract with the subcontractor. e) A contract terminated under the provisions of this Section is not a breach of contract and may not be considered such. 4 of 1132 9 f) Any contract termination under the provisions of this Section may be challenged no later than 20 calendar days after the date on which this Agreement is terminated pursuant to paragraph b. or c. above. g) Contractor acknowledges that upon termination of this Agreement by the City for a violation of this Section by Contractor, Contractor may not be awarded a public contract for at least one (1) year. Contractor further acknowledges that Contractor is liable for any additional costs incurred by the City as a result of termination of any contract for a violation of this Section. h) Subcontracts. Contractor or subcontractor must insert in any subcontracts the clauses set forth in this Section including this Subsection, requiring the subcontractors to include these clauses in any lower tier subcontracts. Contractor is responsible for compliance by any subcontractor or lower tier subcontractor with the clauses set forth in this Section and Contractor's failure to enforce compliance is a substantial and material breach of this Agreement. 17. ANTI-DISCRIMINTION. Contractor and all of its employees, subcontractors and subconsultants, while performing work for the City, including the hiring and retention of employees for the performance of Work, are prohibited from discriminating against anyone on the basis of race, color, religion, and family status, sex (including sexual orientation, gender identity and intersexuality), height, weight, domestic partnership status, labor organization membership, political affiliation, national origin, age, disability or any other classification that is federally defined as a “protected class” and Contractor must take all steps necessary to prevent such discrimination by all of its employees, subcontractors and subconsultants who are performing work for the City and must ensure nondiscrimination in all programs, services and activities that are part of the Scope of Services. A violation of this paragraph is a substantial, material breach of this Contract. IN WITNESS WHEREOF, and as the duly authorized act of the parties, the undersigned representatives of the parties hereto have caused this instrument to be signed in their respective names by their proper officials on or before the day and year first above written. CONTRACTOR: Xerox Corporation By: ____________________________ ____________________________ (type name and title of signatory above) 5 of 1132 10 ATTEST: CITY OF SOUTH MIAMI By: ____________________________ By: ____________________________ Nkenga Payne, CMC Shari Kamali City Clerk City Manager Read and Approved as to Form, Language, Legality and Execution Thereof. By: ____________________________ Thomas F. Pepe City Attorney 6 of 1132 11 CONTRACT FOR PRINT GOODS AND SERVICES ATTACHMENT A • RFP DOCUMENT • XEROX RESPONSE TO SOLICITATION • NOTICE OF AWARD • MULTI AWARD JUSTIFICATION • CONTRACT#2020002686 XEROX & OMNIA PARTNERS • ADVERTISMENTS/PUBLICATIONS • OMNIA PARTNERS PROGRAM SUMMARY 7 of 1132 12 1 | Page RFP EVENT AND PROCESS SUMMARY A. Purpose & Objectives of the Request for Proposal (RFP): The purpose of this Request for Proposal (the “RFP”) is to invite qualified Printer Manufacturers (“Supplier(s)”) to prepare and submit proposals to the University of California (“UC”) to provide multi- function devices (“MFDs”) with copy, print, scan and optional fax functionality, and/or Laser Printers, along with products and support (“Print Goods and Services”) all in accordance with Federal and State of California laws and the requirements of the UC as further detailed in this RFP. The UC has partnered with OMNIA Partners to make the resultant agreement a national cooperative agreement which public agencies, across the country, will be able to utilize. The overall objective of this RFP is to select a Supplier, or multiple Suppliers, to assist UC, and national participating agencies, in obtaining the best, most cost-effective and efficient procurement program for MFDs, Laser Printers, related goods, services and supplies. In addition, Qualified proposers are invited to submit proposals, based on the information provided in this RFP with the intent to establish a business alliance with UC and OMNIA Partners, that will maximize the resources of both organizations to most effectively meet national participating agencies’, and the UC’s, needs. If a Printer Manufacturer does not have capability to independently fulfill the scope of this RFP, Printer Manufacturer may partner with third party to meet that requirement (collectively “Supplier”). Should a Proposer partner to submit a Bid, the Proposer must identify the third party partner by name, location and requirement the partner will meet. The Printer Manufacturer will be responsible for ensuring their partner is fully aware of the terms of any resulting agreement. Historically, UC system-wide annual spend for Print goods and services has been approximately $10- $13 million each year for the last 2 fiscal years. On average, it is estimated that the University replaces 20%-30 % of the total population of devices on annual basis. There are no minimum or maximum guarantees in this RFP. However, based on the total UC historical spend, the Proposer shall provide the best pricing for this RFP in Goods and/or Services. B. Definitions Printer Manufacturers – Original equipment manufacturers (OEM) and/or have MFDs and Laser Printers manufactured by OEM based on Supplier’s unique specifications. MSRP - MSRP is defined as the product sales price list published in some form by the manufacturer or publisher of a product and available to and recognized by the trade. C. Scope of Work Although this section reflects the needs and requirements of the UC, OMNIA Partners Participating Agencies may have different requirements. The awarded Supplier will have the ability to offer their comprehensive Print Goods and Services nationally. OMNIA Partners Participating Agencies may sign a supplemental or usage agreement with the awarded Supplier substantially based on the terms and conditions of UC Agreement. Participating Agencies may elect to negotiate certain terms to conform to their purchasing and contracting requirements. This section sets forth specific product and service requirements for UC Locations for MFDs (with output up to at least 11”x17” tabloid size) and Laser Printers (either single-function [print only] or multifunction [print/copy/scan/fax], to 8.5”x14” legal size). Proposals must address all of the listed requirements in 8 of 1132 13 2 | Page the order presented with a response acknowledging an understanding of the requirements, their commitment to fulfill the requirements, and a description of the Proposers approach to fulfilling each requirement. The scope of the Print Goods and Services includes, but is not limited to, the following methods of acquisition of MFDs, Laser printers. Therefore, all proposals must include the following Options: 1. Proposal Options 1.1. Purchase option: UC will buy MFDs and/or Laser Printers, and or associated products and services, from the successful Proposer. The successful Proposer will provide its products and services in accordance with the requirements of this RFP. The title for the purchased MFDs and/or Laser Printers will be transferred to UC. In conjunction with purchased MFD’s, Proposers must offer a cost per copy (CPC) rate for service and supplies. Proposers response for pricing on purchases, as well as service and supply component, based upon both no volume commitment, and with volume commitment, must be submitted on the “B/W Pricing”, “Color Pricing”, and “Accessories Pricing” tabs of Attachments 1 and 2. 1.2. Lease Option: Successful Proposer must offer MFDs and associated products and services based on the following full Market Value (FMV) and $1 buyout terms:  36 Months  48 Months  60 Months In conjunction with leased MFDs, Proposer must offer a CPC rate for service and Supplies In conjunction with Leased MFDs, on both FMV and $1 buyout option, a service and supply component must be included and reported on the “B&W Pricing” and “Color Pricing”, tabs of Attachments 1 and 2 in the Price Questionnaire. The successful Proposal must include in detail the proposer’s terms and conditions, and processes for the following:  Early Lease termination  Lease renewal/extension  Buyouts of leased MFDs on FMV and $1 buyout options as follows: o At the expiration of the initial term o At any time during the initial terms, please provide a monthly buyout schedule o Residual value use and application for UC reserves the right to lease through a Third Party vendor per the University 2. Required Products 2.1. MFDs required with this RFP are categorized as follows: 2.1.1. Category 1 - B/W Desktop 20+ pages per minute 2.1.2. Category 2 - B/W 20-30 pages per minute 2.1.3. Category 3 - B/W 31-40 pages per minute 2.1.4. Category 4A - B/W 41-50 pages per minute 2.1.5. Category 4B - B/W 51-60 pages per minute 2.1.6. Category 5 - B/W 61-90 pages per minute 2.1.7. Category 1 - Color Desktop 20+ pages per minute 2.1.8. Category 2 - Color 20-30 pages per minute 9 of 1132 14 3 | Page 2.1.9. Category 3 - Color 31-40 pages per minute 2.1.10. Category 4A - Color 41-50 pages per minute 2.1.11. Category 4B - Color 51-60 pages per minute 2.1.12. Category 5 - Color 61-90 pages per minute Proposers must provide service and support for any device proposed as an MFD from a single technical service group. 2.2. Laser Printers required with this RFP are categorized as follows: 2.2.1. Category 1 - Low Volume - B/W 25-40 pages per minute 2.2.2. Category 2 - Mid Volume - B/W 41-55 pages per minute 2.2.3. Category 3 - High Volume - B/W 56-70 pages per minute 2.2.4. 2.2.5. Category 1 - Low Volume - Color 10-20 pages per minute 2.2.6. Category 2 - Mid Volume - Color 21-35 pages per minute 2.2.7. Category 3 - High Volume - Color 36-50 pages per minute Proposers must provide service and support for any device proposed as a Laser Printer from a single technical service group. 2.3. Proposers must provide detailed specifications for each model of MFD included in proposal. At the minimum, Proposers must specify the capability and availability of the features listed on the “Equipment Specifications” tab of the pricing sheet “Attachment 1 MFD Pricing” in the Price Questionnaire. Proposers must provide detailed specifications for each model of Laser Printer included in proposal. Each model MUST have the ability to perform duplex printing and have Ethernet connectivity. At the minimum, Proposers must specify the capability and availability of the features listed on the “Equipment Specifications” tab of “Attachment 2 Laser Printer Pricing” of the pricing sheet in the Price Questionnaire. 2.4. Proposers will provide a discount percentage off the published Manufacturer’s Suggested Resale Price (MSRP) or list price by the Manufacturer. In addition, each proposer is encouraged to provide all other discount percentages off product and services they may do business with in the pricing sheet “Attachment 3 Additional Discounts” provided in the Pricing Questionnaire. 2.5. During the term of the contract, Awarded Suppliers may add or delete contract devices introduced or removed from the market by the manufacturer provided the added device falls 10 of 1132 15 4 | Page within the scope of the respective category. Any new device must be adequately described and be equal to or better than the device it is replacing and the associated price list must be updated to reflect the new device at original contracted price. The Awarded Suppliers must update their dedicated contract websites and published catalogs and lists to reflect this change. 3. MFD/Printer Fleet Management Programs: Some UC Locations utilize established MFD/Printer Fleet Management Programs, or similar groups managing a large population of MFDs and/or Laser Printers for the UC Location. The value-added services provided by these programs may vary, but generally can include:  Institutional knowledge and understanding of UC Location hierarchy, policies & procedures, and local campus geography;  Onsite central point of contact at UC Location for first-tier service response and coordination, and centralized supplies & parts;  Factory-trained UC employees providing on-campus service for the MFD/Printer fleet;  Consultation and equipment needs assessment for multiple departments within the UC Location;  Consolidation of multiple equipment orders onto single purchase orders (lease or purchase);  Coordination for volume deliveries of equipment;  Consolidated billing and meter reading reconciliation through a single contact at the UC Location;  Coordination of internal campus services for: delivery access, electrical upgrades, network access, copy/print control systems, help desk troubleshooting, and service call avoidance;  Summary invoicing, and single-contact invoice reconciliation;  Managed mediation of customer equipment expectations and performance issues in lieu of the vendor 3.1. UC Locations that currently operate such programs are identified in the Campus Profiles located at the end of this RFP Event Summary. If, after the implementation of this contract, a UC Location not operating such a program at this time determines that is in their best interest to deploy such a program, Suppliers will be notified by that UC Location’s procurement office, after appropriate review and authorization. On authorization, such programs will be entitled to all benefits available to those programs currently established as detailed herein. 3.1.1. In recognition of these value-added services currently in place at the UC Locations identified, and their resulting reduction in Suppliers’ efforts, resources, and expenses, Proposers must extend additional discount rates off MSRP to MFD/Printer Fleet Management Programs. Please note, if you are a current supplier this rate must be equal to or exceed current discount rates. 3.1.1.1. Proposers must state these discount rates as an additional percentage discount off of the pertinent UC Net Price provided on the “B&W Pricing”, “Color Pricing”, and “Accessories Pricing” tabs of Attachments 1 and 2 for the following items:  MFD purchase price  Printer purchase prices  MFD monthly lease payment price (including $1 buyout and FMV, 36/48/60 month terms)  Cost per copy and overage rates  Time and materials service 11 of 1132 16 5 | Page  IT Analyst support to support networking issues, printing issues, anything on the network. 3.1.1.2. Proposer must identify further discounts for MFD/Printer Fleet Management Programs they provide, if any in the Price Questionnaire. MFD/Printer Fleet Management Programs reserve the right to negotiate further discounts on any of Suppliers’ products and/or services provided for under this RFP and its resulting contract. 3.1.1.3. Proposers must be willing to provide further discounts as a percentage discount (additional to that offered in section 3.1.1 above) to MFD/Printer Fleet Management Programs that provide UC employees for on-campus service. Additionally, Proposers must provide factory training for these UC employee technicians at no cost to UC, except for travel, hotel, and meals relating to Proposer’s training of these employees. 3.1.1.3.1. MFD/Printer Fleet Management Programs retain the right to negotiate a single cost-per-copy service rate for all MFD categories and units acquired from the same vendor, including existing populations of the same vendor’s equipment. The cost-per-copy would incorporate all supply and maintenance costs, except paper costs. 3.1.1.4. At UC Locations with MFD/Printer Fleet Management Programs, Supplier will partner with these programs and direct all potential campus customers at the UC Location to the program before selling or leasing an MFD/Printer to the campus customer. Additionally, Supplier will provide marketing expertise to further the program development at the UC Location. 4. Product Certification: Proposers certify and warrants that all products sold to UC under any agreement resulting from this RFP:  Shall be new and genuine, except short-term rentals or temporary replacements.  Shall be provided to UC in the manufacturer's original packaging unless otherwise requested by UC.  Shall be manufactured and sold or distributed to the Proposer for retail sale in the United States.  Shall be sold to the Proposer from legal and reputable channels, which are understood to be the manufacturer or authorized representatives of the manufacturer.  Shall not be altered or misbranded within the meaning of the Federal and State laws applicable to such products. 5. Programs for Trade-ins/Upgrades Proposer must include a program for trade-ins for the existing population of UC MFDs or Laser Printers which are manufactured by your company and other suppliers. 12 of 1132 17 6 | Page D. Organizational Context: University of California The UC's fundamental mission is teaching, research, and public service. Founded as the state’s first and only land grant institution in 1868, the University of California (UC) has approximately 273,000 undergraduate and graduate students, a workforce of 223,000, and is comprised of the following locations, their adjacent offices, remote offices, and defined as the following locations: • Ten Campuses - UC Berkeley, UC Davis, UC Irvine, UC Los Angeles, UC Merced, UC Riverside, UC San Diego, UC San Francisco, UC Santa Barbara, UC Santa Cruz • Five Medical Centers – UC Davis, UC Irvine, UC Los Angeles, UC San Diego, UC San Francisco • The UC Office of the President – A central system-wide headquarters with offices primarily located in Oakland and Sacramento, California, and teaching/administrative offices in Washington, D.C. • The Division of Agriculture and Natural Resources – Comprised of over 60 local offices and Research and Extension Centers located throughout California and County Cooperative Extension offices. • UC Hastings College of Law • Lawrence Berkeley National Lab, which is owned by the Federal Government, but managed by the University of California. • Additional centers and offices as further detailed at: http://www.universityofcalifornia.edu/uc-system/parts-of-uc. Any awarded Agreement(s) will be available to all current and future locations of the University of California and its Affiliates. OMNIA Partners – National Master Agreement The University of California, as the Principal Procurement Agency, defined in OMNIA Partners Exhibit, has partnered with OMNIA Partners, Public Sector (“OMNIA Partners”) to make the resultant contract (also known as the “Master Agreement” in materials distributed by OMNIA Partners) from this solicitation available to other public agencies nationally, including state and local governmental entities, public and private primary, secondary and higher education entities, non-profit entities, and agencies for the public benefit (“Public Agencies”), through OMNIA Partners’ cooperative purchasing program. The University of California is acting as the contracting agency for any other Public Agency that elects to utilize the resulting Master Agreement. Use of the Master Agreement by any Public Agency is preceded by their registration with OMNIA Partners (a “Participating Public Agency”) and by using the Master Agreement, any such Participating Public Agency agrees that it is registered with OMNIA Partners, whether pursuant to the terms of a Master Intergovernmental Purchasing Cooperative Agreement, a form of which is attached hereto on OMNIA Partners Exhibits, or as otherwise agreed to. OMNIA Partners Exhibits contains additional information about OMNIA Partners and the cooperative purchasing program. OMNIA Partners is the largest and most experienced purchasing organization for public and private sector procurement. Through the economies of scale created by OMNIA Partners public sector subsidiaries and affiliates, National IPA and U.S. Communities, our participants now have access to more competitively solicited and publicly awarded cooperative agreements. The lead agency contracting process continues to be the foundation on which we are founded. OMNIA Partners is proud 13 of 1132 18 7 | Page to offer more value and resources to state and local government, higher education, K-12 education and non-profits. OMNIA Partners provides shared services and supply chain optimization to government, education and the private sector. With corporate, pricing and sales commitments from the Supplier, OMNIA Partners provides marketing and administrative support for the Supplier that directly promotes the Supplier’s products and services to Participating Public Agencies though multiple channels, each designed to promote specific products and services to Public Agencies on a national basis. Participating Public Agencies benefit from pricing based on aggregate spend and the convenience of a contract that has already been advertised and publicly competed. The Supplier benefits from a contract that generally allows Participating Public Agencies to directly purchase goods and services without the Supplier’s need to respond to additional competitive solicitations. As such, the Supplier must be able to accommodate a nationwide demand for services and to fulfill obligations as a nationwide Supplier and respond to the OMNIA Partners documents (OMNIA Partners Exhibits). While no minimum or maximum volume is guaranteed to the Supplier, the University of California estimates spending approximately $10 – $20 million annually for Print Goods and Services, materials, and related supplies. The estimated annual volume Print Goods and services purchased under the Master Agreement through OMNIA Partners Public Sector is approximately $100 million, however, no minimum or maximum volume is guaranteed to Supplier under the OMNIA Partners Master Agreement. This projection is based on the current annual volumes among the University of California, other Participating Public Agencies anticipated to utilize the resulting Master Agreement to be made available to them through OMNIA Partners, and volume growth into other Public Agencies through a coordinated marketing approach between the Supplier and OMNIA Partners. E. Issuing Office and Communications Regarding the RFP: This RFP, and any subsequent addenda to it, is being issued by UC Procurement Services on behalf of the University of California. UC Procurement Services is the sole point of contact regarding all procurement and contractual matters relating to the requirements described in this RFP. UC Procurement Services is also the only office authorized to change, modify, clarify, etc., the specifications, terms, and conditions of this RFP and any Agreements(s) awarded as a result of this RFP. Proposers are not permitted to communicate with any UC employee regarding this solicitation during the period between the RFP issue date and the announcement of awards, unless authorized by UC Procurement Services sole point of contact named below. All communications, including submission of RFP response and any requests for clarification concerning this RFP, must be submitted via the University of California supplier registration and sourcing web system (CalUsource) (as further detailed herein). IT Commodity Manager contact information: Michael Wegmann IT Commodity Manager E-mail: Michael.wegmann@ucop.edu Phone: 510.987.0428 If a Proposer is found to be in violation of this provision, the UC reserves the right to disqualify that Proposer from further consideration. F. RFP Schedule: Proposers interested in submitting proposals in response to this RFP should do so according to the schedule as reflected in Timelines section in the CalUsource portal. A Proposer may be disqualified for failing to adhere to the dates and times for performance specified in the portal. All times are Pacific Time Zone and dates are subject to change at the sole discretion of the UC. 14 of 1132 19 8 | Page Pre-Proposal Conference Call: A Pre-Proposal Conference Call will be held via Zoom on Monday, April 27, 2020 from 1:00pm - 3:00pm (PDT). This conference call will provide Proposers the opportunity to ask questions about the RFP, OMNIA, and the University’s requirements. Attendance on the Pre-Proposal Conference Call is highly recommended for Suppliers who intend to submit a proposal. Attendance, via the conference call line must be limited to two representatives from each participating company. Any changes to the Pre-Proposal Conference Call requirements are at the sole discretion of the University. Pre-Proposal Conference Call Schedule: Date: Monday, April 27, 2020 Time: 1:00pm – 3:00pm (PDT) Where: Via a Conference Call/Log-in: Join Zoom Meeting https://UCOP.zoom.us/j/720555518 Meeting ID: 720 555 518 One tap mobile +16692192599,,720555518# US (San Jose) +16699006833,,720555518# US (San Jose) Dial by your location +1 669 219 2599 US (San Jose) +1 669 900 6833 US (San Jose) +1 720 928 9299 US (Denver) +1 971 247 1195 US (Portland) +1 346 248 7799 US (Houston) +1 602 753 0140 US (Phoenix) +1 651 372 8299 US +1 786 635 1003 US (Miami) +1 253 215 8782 US +1 301 715 8592 US +1 312 626 6799 US (Chicago) +1 470 250 9358 US (Atlanta) +1 470 381 2552 US (Atlanta) +1 646 518 9805 US (New York) +1 646 876 9923 US (New York) *4 (from UCOP office phone) Meeting ID: 720 555 518 Find your local number: https://UCOP.zoom.us/u/aR271koJD G. Addenda to the RFP: Any changes, additions, or deletions to this RFP will be in the form of written addenda issued by the UC via the CalUsource portal. Any addenda to this RFP will be distributed to all participating Proposers via the CalUsource portal. The UC will not be responsible for failure of any prospective Proposer to receive such Addenda. All Addenda will become part of the RFP. 15 of 1132 20 9 | Page H. Instructions for Submitting Proposals: Proposals, in response to this RFP, must be submitted online using CalUsource no later than the time and due date reflected in the CalUsource portal. No mailed, telephone, emailed, facsimiled, or late proposals will be considered. Responses will take time to enter into the CalUsource portal. It is highly recommended that Proposers go through the Supplier Resources at https://CalUsource.net/supplier-resources/ for guidance on how to navigate and use CalUsource. Proposer’s inability to enter their response into the CalUsource portal will not be accepted as a reason for a late response. If you have questions about CalUsource, please contact UC Procurement Services Support at support@ucprocure.zendesk.com. For any technical issues, contact GEP Support: 1-732-428-1578 or support@gep.com. Please identify yourself as registering in the University of California network. Proposers must provide a complete, straightforward, concise response to all Guidelines, Questionnaires, price sheets, and any other information requested in the RFP as detailed in the CalUsource portal. Proposers warrant that all information provided is true and accurate. The submission of false, inaccurate, or otherwise misleading information may be grounds for disqualification from the RFP process, as well as jeopardize Proposer’s eligibility to participate in future UC business. 1. Attachments may be necessary for some questions to further clarify or illustrate a response. In those cases, please label the attachments with your company name to make it easy for the evaluators to find the referenced attachment, unless otherwise suggested in the specific questionnaire question. 2. Attachment Naming Convention Example: Your Company Name_RFP Name_Questionnaire Name, Questionnaire, Question # XYZ Company_Office Supplies RFP_, Questionnaire-Supplier Information, #3 Proposer must not provide superfluous materials such as marketing materials or website links in response to, or in lieu of, specific responses to the questions herein, and may be disqualified for providing superfluous materials. Collusion among proposers is not allowed. If there is proof of collusion among proposers, all Proposals involved in the collusive action will be rejected. Proposers must operate within the guidelines of all Federal and State Labor Codes. Late proposals will not be accepted. I. Proposer Questions: Each Proposer is expected to exercise their best professional independent judgment in analyzing the requirements of this RFP to ascertain whether additional clarification is necessary or desirable before responding. If there are any discrepancies in, omissions to, or questions about the information provided in the RFP or by any other source, a request must be submitted via the CalUsource ”Discussion Forum” by the stated deadline. Responses to individual Proposer questions will be made available to all Proposers that submit a notification via the CalUsource portal of their intent to bid. J. Proposal Evaluation and Agreement Award: 16 of 1132 21 10 | Page 1. Any Agreements(s) resulting from this RFP will be awarded to the most responsive and responsible Proposer(s) whose Proposal, in the opinion of the UC, offers the greatest benefit to the UC when considering the total value, including, but not limited to, the quality of the Services, and total cost (including prompt payment discounts, available volume discounts, and other elements of value to the UC). A responsive Proposer is one whose offer satisfies the Requirements of this RFP. A responsible Proposer is one that is considered capable of performing and is otherwise eligible and qualified to perform in the manner stated in this RFP. 2. Proposals will be evaluated by the UC using a Best Value Evaluation Methodology which is defined as the most advantageous balance of price, quality, service, performance, and other elements as defined by the University, achieved through methods in accordance with Public Contract Code Section 10507.8 and determined by objective performance criteria that may include price, features, long-term functionality, life-cycle costs, overall sustainability, security, required services, and the reduction of overall operating costs included in the proposal. The Evaluators will examine each Proposal to determine, through the application of uniform criteria, the ability of each Proposer to meet the UC’s specifications. 3. The UC may request additional information either from the Proposer or others, utilize site visits, Proposer presentations, sandbox testing, and make any other investigations, as it deems necessary to verify the Proposer’s qualifications and ability to successfully meet the requirements of this RFP. The UC also reserves the right to obtain Dun & Bradstreet reports, or similar independent reports for further indications of the Proposer’s ability. 4. The UC reserves the right to reject any proposal in which the information submitted fails to satisfy UC and/or the Proposer is unable to provide the information or documentation within the period requested. Any submitted proposal that does fails to comply with the requirements of this RFP will be considered non-responsive and will not be evaluated or eligible for award of any subsequent contract. 5. The UC may waive irregularities in a proposal provided that, in the judgment of the UC, such action will not negate fair competition and will permit proper comparative evaluation of Proposals submitted. The UC’s waiver of an immaterial deviation or defect shall in no way modify the RFP documents or excuse the Proposer from full compliance with the RFP specifications in the event the Agreement is awarded to that Proposer. 6. The UC reserves the right to award an Agreement to a local-only supplier if deemed to be, solely at the discretion of the UC, in the best interests of the UC. For any local-only Agreement, the UC reserves the right to accept or reject any or all proposals, make more than one award, split the award, or make no award. The UC also reserves the right, for a national Agreement, to accept or reject any and all proposals, make more than one award, split the award, or make no award. The UC reserves the right to award any number of local or national contracts at the same time. 7. Any contract awarded pursuant to this RFP will include the requirements and specifications in the RFP, as well as, the contents of the proposal response as accepted by UC and will be in writing. The UC’s selection may be made based on the initial proposals or may elect to negotiate with Proposers selected as finalists. The UC reserves the right to negotiate the modification of proposed prices and/or terms and conditions with the Proposer offering the best value to the UC prior to the execution of an Agreement. Participating Agencies commonly require a modification to a term of the Agreement (e.g. governing law). The awarded Supplier and Participating Agencies may agree to modify terms on any specific purchase by a Participating Agency without being in conflict with the Agreement. The UC reserves the right to withdraw this RFP at any time. K. Multi-Phased Initiative: This Initiative will consist the following separate phases: 17 of 1132 22 11 | Page 1. Phase I- Prerequisites: Proposer must acknowledge and agree to all requirements of the RFP as outlined in the Guidelines section in CalUsource before advancing in the proposal process. Proposer must submit final proposal via the CalUsource portal. 2. Phase II: Selection of Finalists Finalists will be identified based on the quality and responsiveness of the written proposals. 3. Phase III: Finalist Presentations (At UC Discretion) a. The top finalists resulting from Phase II will advance to Phase III. b. Proposers may be requested to conduct a live presentation regarding the Proposers’ ability to provide the Services. However, the UC may determine that presentations are not necessary. In the event presentations are conducted, information provided during the presentation process shall be taken into consideration when evaluating the stated criteria. The UC shall not reimburse the proposer for the costs associated with the interview process. L. Proposal Preparation Costs: All costs incurred in the preparation and submission of Proposals and related documentation, including proposer’s presentations, demonstrations and provision of the Services to UC for independent testing purposes, will be borne by the Proposer. M. Proposal Validity Period: All Proposals shall remain available for UC acceptance for a minimum of one-hundred and twenty (120) days following the RFP closing date. N. Agreement Term: The term of the Agreement shall commence upon execution of the Agreement will be for a period of five (5) years (the “Initial Term”) with Five optional one (1) year extensions (the “Renewal Terms”), at the sole discretion of the UC, for a total of ten (10) years. Category discounts shall remain firm for the Initial Term and all Renewal Terms of any agreement that may be awarded pursuant to this RFP. All pricing must be verifiable and auditable from the date of the contract award. O. No Mandatory Use: Supplier is advised that there is no mandatory use policy at the University of California for agreements. As a result, UC does not guarantee any specific amount of business forthcoming from this RFP. A winning Supplier may still see some competition at any given UC location for any given Service. However, by providing outstanding prices, service, and the overall best total cost and quality to the UC system wide, the winning Supplier is expected to garner a very large percentage of the total available UC business. P. Disclosure of Records/Confidentiality of Information 1. All Proposal responses and related documents, submitted to the UC in response to this RFP will become the exclusive property of the UC upon receipt and will not be returned. 2. Proposal response(s), which are incorporated into any resulting contract(s) with the University of California, may be subject to the State of California Public Records Act (CA State Government Code 6250, et. seq.). This Request for Proposal, together with copies of all documents pertaining to any award, if issued, will be kept for a period of one (1) year from date of contract expiration or termination and made part of a file or record that shall be open to public inspection. Certain private, trade secret or confidential information may be considered exempt from the California Public Records Act. Any trade secret or company confidential information submitted as a part of this proposal shall be clearly marked “Trade Secret Information” or “Confidential Information.” 18 of 1132 23 12 | Page 3. Should a request be made of the University of California for access to the information designated confidential or trade secret by the Proposer and, on the basis of that designation, UC denies the request, the Proposer may be responsible for all legal costs necessary to defend such action if the denial is challenged in a court of law. Q. Business Review/Business Reports Supplier shall meet with the UC for Regular Business Reviews to review contract usage and effectiveness, discuss current Services offerings and provide suggestions and discussion for continuous improvement in Services efficiencies, and address additional topics pertinent to the relationship towards the UC’s strategic goals. For each Business Review the Supplier must provider pertinent performance and management reports detailing a wide range of information related to the resulting agreement at both the UC-wide level and for each individual UC location. R. Errors and Omissions: If the Proposer discovers any discrepancy, error, or omission in this RFP or in any of the attached documents, UC shall be notified immediately, and a clarification/notification will be issued to all Proposers who have access to this RFP. No Proposer will be entitled to additional compensation for any error or discrepancy that appears in the RFP where the UC was not notified and a response provided. All Addendums of Clarification will be distributed to the Proposal Participants via the CalUsource portal. 19 of 1132 24 13 | Page Campus Profiles UNIVERSITY OF CALIFORNIA, BERKELEY - LOCATION PROFILE CURRENT PROGRAM INFRASTRUCTURE With the closing of UC Printing Services in 2010, UCSF Documents & Media (DM) manages office multifunction copiers and printers, for University departments at UC Berkeley who prefer that print professionals handle their office printing needs. From selecting the right multifunction copier or printer and making arrangements for delivery and installation, to basic service calls and replenishment of supplies like toner and solid ink, DM offers turnkey solutions that address diverse department needs, saving the departments both time and money. The UCSF Print Management Program currently manages over 1225 devices in administrative, lab, academic, and public areas across UCSF, UC Berkeley, and UC Hastings College of the Law. DM PMP manages over 620 devices across the Berkeley campus, with key campus partners at the UC Libraries, Berkeley Law, Campus Shared Services, and Haas School of Business. There are no leasing hassles for the department as DM deals directly with the vendors. No need for department to generate a purchase order, since DM leases or buys the equipment. All office machines can be from the same manufacturer. This uniformity enables users the capability to easily operate each machine, which in turn eliminates the frustration and downtime of having to readjust to different machines. Monthly charges are based on equipment selected and per copy use. Codes can be assigned to each user if required. No need to track individual copies, since DM is responsible for tracking copier usage on a monthly basis. A monthly statement listing copy totals and recharges made by department Chart string are available UCB PMP customers via the UCB PMP Monthly online portal. No need for the department to figure out separate monthly bills from vendors for maintenance charges, equipment payments, or supply orders. DM manages all equipment maintenance issues, which helps reduce frequent service calls involving vendor service technicians, and helps get machines back up and running sooner using on-campus DM staff. 20 of 1132 25 14 | Page DM is the key contact for all maintenance needs supporting the UC Berkeley fleet on-campus from the Moffitt Copy Center (which is managed by DM). No more confusing service costs, burdensome maintenance agreements, or tracking down a service technician for office machine repairs for the department – PMP coordinates the service or repair. DM conveniently stores most general machine parts in the Moffitt Copy Center. This reduces the time needed to order vendor parts and results in machines being serviced faster. DM currently has service contracts with Xerox and Ricoh for their equipment. These contracts are for maintenance on the devices that DM owns and include provisions for all parts and supplies (excluding paper). They are billed monthly via per click charge on a summary invoice. DM also contracts with CFI for PMP enrolled HP printers and single-function printer break/fix service. DM supplies toner along with any other consumables, for devices managed in PMP – no need to order supplies from the vendor. DM provides PMP customers with next day delivery of toner/supplies DM can provide tree-free or 100% post-consumer content recycled paper if needed. The UC Berkeley Operational Excellence Procurement Initiative Team endorsed the UCSF Print Management Program in 2011. ORDER PROCESS Departments request devices from PMP via email or a call to DM. Onsite assessments are made including space, connectivity, power, historical volume, user needs, device capability, total users, and user code management. Full office print environment assessments are available free of charge. 60- month equipment agreements are issued between DM (PMP) and the department. DM provides the needed device(s), leasing or purchasing new equipment from vendors or placing pre-owned equipment from the PMP reserve fleet. BILLING FROM VENDOR Within 30 days after Vendor receives monthly meter usage from DM PMP, Vendor must provide accurate monthly billing on a Summary Invoice that includes for each copier: make, model, serial number, starting meter, ending meter, service copies credit, total copies to be charged, rate per copy, net service charge for copier, tax, total. No estimated end meter counts will be paid. Only meters submitted. Invoices are to be sent to: UCSF Documents & Media, 1855 Folsom Street, Room 156, Box 0284 San Francisco, CA 94143. Invoice payment is processed by DM PMP staff directly into our Financial Information System, and a check is sent to the vendor within the normal processing time. Failure to submit timely and accurate invoices may result in invoicing the Vendor to recoup the administrative costs of correcting said invoices. Rate: $65.00/hour, with a minimum of one hour with quarter hour increments. 21 of 1132 26 15 | Page PAYMENT METHOD TO VENDOR Checks are issued through central accounting or Electronic Fund Transfer. EQUIPMENT MAINTENANCE By centrally managing the print equipment fleet, PMP is able to standardize model types, which provides efficiencies in ordering, stocking, and maintaining similar parts & supplies. This also helps reduce multiple delivery vehicles around campus. Additionally, by strategically partnering with key vendors who share the same sustainability values of the University, we are able to place more efficient office multifunction equipment that uses less energy and is environmentally friendly. Maintenance is generally purchased at the time the equipment is purchased. SUPPLIERS XEROX RICOH HP (CDW) CONTRACT EXPIRATIONS Vary depending on purchase or lease date. EQUIPMENT ACQUISITION METHODS Equipment is purchased or leased for departments enrolled in PMP by DM. There are existing leases for those departments not in PMP. Service is often bundled with lease. DELIVERY METHODS Vary according to department and physical location. All deliveries of multifunction copiers must be coordinated with DM PMP. Networked printers are drop-shipped directly to DM PMP. 22 of 1132 27 16 | Page PARKING Parking is always an issue at UC Berkeley, as the campus exists in highly congested urban setting. UCSF PMP does NOT reimburse service vendors for parking or provide parking spots. UNIVERSITY OF CALIFORNIA, DAVIS - LOCATION PROFILE UC Davis operates a semi-centralized copier program run by Repro Graphics. Departments are encouraged to contact Repro Graphics when contemplating MFD and Printer purchases, but they are not required to do so. Two Ways to Procure When a department needs to order a copier, they can contact Repro Graphics for a needs assessment to match the needs of the organization to the appropriate device or spread of devices that can match a range of need. Once the device is chosen by the department, Repro Graphics would finalize the purchase and coordinate the delivery, setup and installation of the device. Repro Graphics pays for the copier upfront charging the organization for usage monthly. If an organization chooses to procure a device on their own they can, by referencing the systemwide agreement in the correct field on a requisition, issue a purchase order directly to the supplier. Requests for devices not on a systemwide agreement pass through Contracting Services who will assess the particulars of the purchase to see if the purchase can be redirected to a systemwide agreement and those that cannot be redirected will have their purchase orders completed by Contracting Services and sent to the vendor. The vendor and the end user must then coordinate schedules for delivery, setup and installation. Sources of Devices UC Davis is primarily uses Canon and Ricoh, devices in the average office setting. Paying the Bill 23 of 1132 28 17 | Page Devices ordered through Repro Graphics are paid by Repro Graphics and the end user recharged for the use of the device. All servicing needs are managed by Repro Graphics, freeing the end user from that responsibility. Those end users who utilize the systemwide agreements directly are responsible for processing all payments according to the terms of the agreement. Maintenance Repro Graphics will purchase a maintenance contract for all devices they order with the contract including supplies (toner, staples, etc.), and all maintenance/repairs charged at a fixed cost per- copy rate. Purchase vs Lease For those devices, whose capabilities and price point are easily absorbed by the average organization a direct purchase is the primary purchase option. This represents the most common choice at UC Davis. As the price point increases the chance the acquisition becomes a FMV lease dramatically increases. UNIVERSITY OF CALIFORNIA, HASTINGS - LOCATION PROFILE CURRENT PROGRAM INFRASTRUCTURE UC Hastings College of the Law ended a managed print services contract with Newcal Industries in 2009, and since then has entered into an MOU with UCSF Documents & Media (DM) to manage department and student multifunction copiers and printers for the College. From selecting the right multifunction copier or printer and making arrangements for delivery and installation, to basic service calls and replenishment of supplies like toner and solid ink, DM offers turnkey solutions that address diverse department needs, saving the departments both time and money. 24 of 1132 29 18 | Page The UCSF Print Management Program currently manages over 1225 devices in administrative, lab, academic, and public areas across UCSF, UC Berkeley, and UC Hastings College of the Law. DM PMP manages over 100 devices across the three primary buildings that form the College, just within walking distance of the San Francisco Civic Center. There are no leasing hassles for the College as DM deals directly with the vendors. No need for the College to generate a purchase order, since DM leases or buys the equipment. All multifunction machines are from the same manufacturer. This uniformity enables users the capability to easily operate each machine, which in turn eliminates the frustration and downtime of having to readjust to different machines. Monthly charges are based on equipment selected and per copy use. Codes can be assigned to each user if required. No need to track individual copies, since DM is responsible for tracking copier usage on a monthly basis. Monthly statement listing copy totals and recharges made to department accounts is provided to the Purchasing Director. No need for the College to figure out separate monthly bills from vendors for maintenance charges, equipment payments, or supply orders. DM manages all equipment maintenance issues, which helps reduce frequent service calls involving vendor technicians and helps get machines back up and running sooner using on-campus DM staff. DM is the key contact for all maintenance needs supporting the UC Hastings fleet on-campus from the Hastings Business Center (which is managed by DM). No more confusing service costs, burdensome maintenance agreements, or tracking down a technician for office machine repairs for the College – PMP coordinates the service or repair. DM conveniently stores most general machine parts in the business center. This reduces the time needed to order vendor parts and results in machines being serviced faster. DM currently has service contracts with Xerox. This contract is for maintenance on the devices that DM owns and includes provisions for all parts and supplies (excluding paper). They are billed monthly via per click charge on a summary invoice. DM also contracts with CFI for PMP enrolled HP printers and single-function printer break/fix service. DM supplies toner or solid ink, along with any other consumables, for devices managed in PMP – no need to order supplies from the vendor. DM provides PMP customers with same day delivery of toner/supplies DM can provide tree-free or 100% post-consumer content recycled paper if needed. UC Hastings departments are mandated to use the UCSF Print Management Program managed by DM. ORDER PROCESS UC Hastings Purchasing request devices from PMP via email or call to DM. Onsite assessments are made including space, connectivity, power, historical volume, user needs, device capability, total users, 25 of 1132 30 19 | Page and user code management. Full office print environment assessments are available free of charge. Equipment agreements are issued between DM (PMP) and UC Hastings Purchasing. DM provides needed device(s), purchasing or leasing new equipment from vendors or placing pre-owned equipment in PMP reserve fleet. BILLING FROM VENDOR Within 30 days after Vendor receives monthly meter usage from DM PMP, Vender must provide accurate monthly billing on a Summary Invoice that includes for each copier: make, model, serial number, starting meter, ending meter, service copies credit, total copies to be charged, rate per copy, net service charge for copier, tax, and total. No estimated end meter counts will be paid. Only meters submitted. Invoices are to be sent to: UCSF Documents & Media, 1855 Folsom Street, Room 156, Box 0284 San Francisco, CA 94143. Invoice payment is processed by DM PMP staff directly into our Financial Information System, and a check is sent to vendor within the normal processing time. Failure to submit timely and accurate invoices may result in invoicing the Vendor to recoup the administrative costs of correcting said invoices. Rate: $65.00/hour, with a minimum of one hour with quarter hour increments. PAYMENT METHOD TO VENDOR Checks are issued through central accounting or Electronic Fund Transfer. EQUIPMENT MAINTENANCE By centrally managing the print equipment fleet, PMP is able to standardize model types, which provides efficiencies in ordering, stocking, and maintaining similar parts & supplies. This also helps reduce multiple delivery vehicles around campus. Additionally, by strategically partnering with key vendors who share the same sustainability values of the University, we are able to place more efficient office multifunction equipment that uses less energy and is environmentally friendly. Maintenance is generally purchased at the time the equipment is purchased. SUPPLIERS XEROX HP (CDW) 26 of 1132 31 20 | Page CONTRACT EXPIRATIONS Vary depending on purchase or lease date. EQUIPMENT ACQUISITION METHODS Equipment is purchased for UC Hastings by DM. DELIVERY METHODS Vary according to physical location. All deliveries of multifunction copiers must be coordinated with DM PMP. Networked printers are drop-shipped directly to DM PMP. PARKING Parking is always an issue at UC Hastings, as the campus exists in highly congested urban setting. UCSF PMP does NOT reimburse service vendors for parking or provide parking spots. UNIVERSITY OF CALIFORNIA, IRVINE - LOCATION PROFILE CURRENT PROGRAM INFRASTRUCTURE We are very decentralized here at UCI. Various "Schools" such as those of Physical Sciences, Biological Sciences, Engineering and Fine Arts, have their own internal copy centers. Numerous departments have their own departmental copiers. The UCI Medical Center, which is located 14 miles from here in Orange, California, has their own internal Materiel Management Department, which acquires copiers and other office equipment items. However, we at the Campus procure some copiers and office equipment which winds up being installed at the Medical Center even though it is ordered from the Campus and paid for by Campus Accounting. ORDERING PROCESS Orders are placed by departments using a purchasing card or purchase order. Departmental requisitions are transmitted electronically to Central Purchasing. Departments are strongly encouraged to use the purchasing card for supply items and equipment purchases under the $2,500.00 purchasing card limit. 27 of 1132 32 21 | Page Many copiers are being ordered on either three year or five-year leases. All of these orders must go through Central Purchasing. BILLING Aside from the purchasing cards, we prefer EDI invoicing. We still currently accept paper invoices but we are seeking to eliminate them. EQUIPMENT MAINTENANCE We do not allow departments to use purchasing cards to pay for maintenance contracts since vendors might attempt to give users in departments vendor agreements to sign which are not fully understood. Such agreements must come through Central Purchasing for our review. Such maintenance orders are set up on blanket purchase orders or special purchase orders which we call "X" orders. SUPPLIERS Our major suppliers are: Xerox, Ricoh, Konica -Minolta, Savin and Panasonic. We usually deal with the educational sales reps of the manufacturers and do not go through dealers. CONTRACT EXPIRATIONS Most users do not purchase equipment. They lease it for either three year or five year terms. The contract expiration dates vary for each individual contract. EQUIPMENT ACQUISITION METHODS Virtually no outright purchase. Usually on 3 or 5-year lease. All supplies are usually included except for paper and staples. DELIVERY METHODS Deliver via vendor truck directly to each individual department. PARKING ISSUES Parking is extremely tight at UCI. Vendors are encouraged to get a vendor parking permit from our UCI Parking Office. There is a fee for the permit. CAMPUS, LAB AND MEDICAL CENTER LOCATIONS 28 of 1132 33 22 | Page There are numerous delivery points at the Campus. Vendors deliver directly to the departments and do not go through Central Receiving. For UCI Medical Center deliveries we tell the vendors to deliver directly to the departments there. If they ask for a street address for deliveries at the Medical Center we give them: UCI Medical Center, 101 the City Drive, Orange, CA 92668. UNIVERSITY OF CALIFORNIA, LOS ANGELES (UCLA) – LOCATION PROFILE CURRENT PROGRAM INFRASTRUCTURE Printer and MFD purchases are handled by each department at UCLA. Purchases are made by referencing the UCOP system-wide contract # on the requisition. Purchases of printers and MFDs from suppliers who are not on the system-wide agreement must be approved by the campus Purchasing Office. The supplier and the UCLA department must then coordinate schedules for delivery, setup, and installation. ORDERING PROCESS All UCLA purchases are assigned a 10-digit number, which may be issued in the following manners: through UCLA’s Bruin-Buy system, as a Low Value Order (LVO), or as a Purchase Order (PO) through the UCLA Purchasing Office. The assigned order number must appear on all packages and invoices. BILLING  Supplier must be able to support EDI, as well as provide hard copy invoices if requested by UCLA’s Accounting Office.  Invoices sent via EDI must match the paper copies of the invoices (e.g., invoice number, line items, description, part numbers, etc.).  All invoices must reference valid PO numbers since UCLA matches all invoices to the PO number.  All invoices are matched by line number, part number, price, quantity and description. Therefore, it is the supplier’s responsibility to ensure that the invoice matches the proper PO number and, if there is a discrepancy, the supplier must contact the department directly to resolve.  Supplier will provide a representative to come on-site, as needed, to resolve any outstanding invoice issues. PAYMENT METHODS Payments are issued through UCLA’s Accounts Payable office by check or via Electronic Fund Transfer (EFT). EQUIPMENT MAINTENANCE Departments select whichever maintenance plan best fits their organization. It is generally purchased at the time the equipment is purchased. 29 of 1132 34 23 | Page SUPPLIERS The current printer and MFD suppliers are HP, Canon, Dell, Xerox, Konica/Minolta, Ricoh, Kyocera, and Samsung. DELIVERY METHODS Equipment delivery is coordinated with the supplier to the final department location or to another designated drop point. PARKING Parking is limited and suppliers must pay for it. Contact UCLA Parking at 310-825-1805 to make arrangements. CAMPUS AND MEDICAL CENTER LOCATIONS Most equipment is located on or near UCLA’s main campus in Westwood, CA. 90095. The UCLA Medical Center is also located in Westwood. Most, but not all, other locations are within 20 miles of the UCLA campus. UNIVERSITY OF CALIFORNIA, RIVERSIDE - LOCATION PROFILE (last updated 2015) 2015 PROGRAM(S) INFRASTRUCTURE UC Riverside currently has a centralized Copier Program for our campus run by Printing & Reprographics (P&R). Departments are encouraged to use P&R’s Copier Program, but they are not required to do so. ORDER PROCESS When a department needs to order a copier, they would contact P&R for a copier proposal, which usually includes two or three models to choose from. The recommended models are based on the requirements and needs of the department. Once the copier is chosen by the user, then P&R types a PO to have the copier ordered. P&R pays for the copier upfront so the department only pays a monthly bill based on a five-year rental through P&R. After P&R types the PO for a new copier, our UCR Purchasing dept. will review it for correctness and proper contract language. Purchasing will then send the finished PO to the vendor to order the new copier or printer. Delivery is then supposed to be within two weeks from the time the vendor receives the PO. BILLING When a new copier is ordered, the vendor sends the bill directly to P&R, and P&R pays for it out of their account. P&R will then take a monthly meter read of their customer’s rented copier and bill them on a 30 of 1132 35 24 | Page sliding scale depending on the number of copies made. The billing is done automatically through P&R’s online copier billing system, and the charges are billed to our customer at the end of the month. PAYMENT METHODS After the vendor sends the invoices to P&R, P&R staff review them for correctness and then forward them to UCR’s Accounting dept., which will then mail the vendor a check. EQUIPMENT MAINTENANCE P&R always purchases a maintenance contract for all our copiers and printers. At this time, our contract includes supplies, maintenance and repairs charged at just a fixed click rate per copier model. SUPPLIERS P&R uses Ricoh as our primary vendor. We have also done business with Canon and Xerox. CONTRACT EXPIRATIONS For the past few years, UCR P&R has used the UCOP Strategic Sourcing agreement for pricing. This contract is up for renewal, and once it is approved, P&R will continue to use it. EQUIPMENT ACQUISITION METHODS In the past UCR P&R has purchased copiers, but starting this year 2015 we are now leasing copiers and printers. DELIVERY METHODS When it comes time to deliver a new copier for P&R’s customers, the vendor will contact P&R with a one- day advance warning and to verify the model and its delivery location. When the copier is actually delivered, the driver will call P&R again and ask for exact directions to the campus building. PARKING Our UCR Transportation and Parking Services (TAPS) charges $600 annually for a vendor parking permit for their delivery truck. This permit allows the vendor to park in reserved delivery spaces. 31 of 1132 36 25 | Page UNIVERSITY OF CALIFORNIA OFFICE OF THE PRESIDENT (Not Upated, will provide later) UNIVERSITY OF CALIFORNIA, SAN DIEGO - LOCATION PROFILE CURRENT PROGRAM INFRASTRUCTURE UC San Diego operates a unique program for monochrome and color multifunctional systems. Imprints, a campus reprographics department operates a self-managed Copier/MFD Fleet Management. In addition to conducting needs-analysis for departments, processing purchase order requests for both monochrome and color multifunctional requests, Imprints provides all service functions, including break-fix, software and firmware updates, card control access, and supplies delivery coordination. The technical group installs services and maintains the copier/MFD population, which totals about 400 machines through a help/dispatch desk and its own university staff manufacturer-certified trained technicians. Imprints currently provides 100% recycled Treezero paper for all monochrome machines. ORDERING PROCESS Monochrome and color multifunctional requests are submitted directly through Imprints. A needs analysis is conducted by Imprints staff with the requesting department to define requirements and identify correct equipment model and configuration. Purchase or lease requests are then submitted through Central Procurement for Purchase or Lease processing. While most units are outright purchases, some color multifunctional systems have been acquired on a cost/copy lease. All other equipment buying activity is processed through Central Procurement, with standard printers and facsimile equipment processed through the campus SYQUEST-based online buying portal –MarketPlace - linking customers to authorized vendor sites. BILLING Within 30 days after vendor receives monthly meter usage from Imprints, vender must provide accurate monthly billing on a summary invoice that includes for each machine, make, model, serial number, starting meter, ending meter, service copies credit, total copies to be charged, rate per copy, net service charge for copier, tax as a separate line item and the total. No estimated meter counts will be paid. Vendors currently submit their invoices electronically through Transcepta and are normally paid within 30 days. PAYMENT METHODS 32 of 1132 37 26 | Page Payments to vendors are according to terms of purchase orders, net 30 is standard and made through direct deposit and/or bank checks. EQUIPMENT MAINTENANCE As stated above, all service functions are handled through Imprints help desk personnel and Imprints’ technical staff. Laser printer service is an optional benefit offered to campus departments on a time and material basis or maintenance agreement. SUPPLIERS UC San Diego’s contract includes an addendum with special conditions for receiving certified training on monochrome and color MFD models, with a provision to order and stock supplies and repair parts and receive analyst support, as needed. DELIVERY METHODS Equipment delivery is coordinated by Imprints to one central location although, the final location is determined by Imprints and may occasionally vary. Imprints requires equipment to be delivered Monday – Friday between the hours of 8:00 am and 12:00 noon with a 30-minute pre-call to a designated Imprints employee. PARKING Parking on campus is very limited and vendors are required to obtain parking permits on the UCSD campus. Pay stations are located in most campus parking lots. Rates vary based on location. Parking is not provided by Imprints, nor does Imprints reimburse vendors for their parking costs. UNIVERSITY OF CALIFORNIA, Santa Barbara The Santa Barbara campus is located in Goleta, CA. We have 23,051 students, and employ over 6,000 faculty and staff. We have a current inventory of 185 copiers valued at or over $5,000, and countless lower-value multi-function devices and printers. Over the last two calendar years, we have submitted 867 orders (517 of those are for monthly maintenance services), and processed 14,476 invoices. CURRENT PROGRAM INFRASTRUCTURE 33 of 1132 38 27 | Page UCSB does business with the following copier (MFD) manufacturers: Canon, Xerox, and Ricoh, and has occasional purchasing through local resellers X-Tech Laser Printing, Docuproducts, and Advanced Office Automation. UCSB does not have any of its own local campus contracts. DELIVERY METHODS All campus points of delivery are based on the building name and room number for location of the equipment. The Santa Barbara campus has no laboratory or medical center facilities. ORDERING PROCESS UCSB campus departments submit purchase requisitions for copiers, printers, leases, and related maintenance through our eProcurement system, Jaggaer. Purchase orders are emailed, faxed, or sent via CXML to the method identified by the vendor. Alternatively, campus departments can use their Flexcard (P-Card) for purchases under the Inventorial Equipment value of $5,000.00. A vendor blanket purchase order is usually issued to a vendor for the equipment maintenance for a total amount not-to- exceed the estimated cost of the maintenance expenditures for that period of time. BILLING Accounts Payable requires that the vendor submit an invoice with the PO # to invoicesONLY@bfs.ucsb.edu, unless the vendor is CXML enabled in Jaggaer. UCSB requires a single account representative for the awarded program. UCSB is a decentralized campus; as such, Procurement Services relies on the account representative to be aware of the campus department locations and needs. Procurement is available to assist with order, invoicing, and campus conflicts, but does not have a dedicated Strategic Source position for our agreement vendors. Our campus values good customer service above all other qualities in this category. UC SANTA CRUZ CAMPUS PROFILE UCSC Copier Program – January 1, 2020 The UCSC Copier Program supports the campus community by providing high quality, self-serve multifunctional devices (MFDs) on a cost-per-page output basis. We offer an economic alternative for a campus unit or location to purchasing and managing their own equipment, device management, and cost accounting. Our program manages these MFDs for campus users, including lease and maintenance payment, provision of all toner and supplies (including paper), user access control and account management, first-tier maintenance, and monthly recharge billing services. We work closely with the campus community to determine the best MFD for their needs and location, with considerations for expected print and copy volume, required MFD features, space and power requirements, and access 34 of 1132 39 28 | Page control needs. The Copier Program has the flexibility to upgrade, downgrade, or move MFDs should circumstances change for a campus unit. CURRENT PROGRAM INFRASTRUCTURE The Copier Program currently has 194 copiers and MFDs in administrative, academic, and public areas, which represent roughly 85% of the copiers and MFDs on campus; the average age of our fleet is less than 4.25 years. 83 of these devices are located in academic and administrative departments, and are charged based on monthly meter usage; of these, 15 are non-networked copiers, and 68 are networked MFDs. The remaining 111 MFDs have their access controlled and accounts managed through Pharos Uniprint. 169 of our MFDs produce color output. The Copier Program currently operates under UCOP contracts with Ricoh and Xerox, and a WSCA- NASPO contract with Canon, for supplying MFDs and associated products and services. The UCOP contracts expire February 28, 2021. We have 164 Ricoh, 9 Lanier (Ricoh), and 21 Canon copiers and MFDs supported by this contract. 71 of our machines are currently under lease, and the remainder are owned by the Copier Program. By contract, our vendor technicians report to and work closely with Copier Program staff for optimum prioritized service and response time. The Copier Program provides our customers with next day delivery of toner/supplies and paper from Copier Program storage. All copier/MFD maintenance is billed on a per- click basis; vendors use meters provided by Copier Program by the fifth business day of the month. Each vendor provides summary maintenance and lease invoices monthly. The Copier Program uses Pharos Uniprint and FileMaker Pro to provide access control, account management, and monthly billing services to campus customers. Users are loaded into Pharos every summer, and as needed through the year; they can be associated with campus funding accounts at any time. The Copier Program billing is generated monthly based on meter and Pharos data, which is uploaded directly into the campus financial information system. All Pharos and meter data uploaded is reconciled to the meter readings from each copier/MFD at the time data is collected to ensure its reliability. Monthly billing reports are generated from this data through FileMaker Pro; they are distributed as PDFs after the upload has cleared. The UCSC Copier Program is a Distributed Office of Record, and handles our own accounts payable and receivable. Copier Program Staff Bill Kasper, Copier Program Manager (primary contact: 831-459-5273; dragon01@ucsc.edu): program development, contracts, financial and administrative management; purchase orders, billing, cash management, accounts payable, database and copier access management, technical support 35 of 1132 40 29 | Page Lucie Kemp, Copier Program Assistant: customer service, database and copier access management, service/supplies dispatch, and technical support Serena Berns, Copier Program Assistant: customer service, database and copier access management, service/supplies dispatch, and technical support The Copier Program is part of UCSC’s Business and Administrative Services (BAS), and reports to Robert Kemp, Director of Copy, Mail, and Receiving Services. Deliveries All deliveries of copiers for UCSC Copier Program must be coordinated with Copier Program staff. Parking: All vendors must purchase a temporary parking permit at the Parking Office prior to reporting to the equipment delivery or repair site. Information regarding daily, weekly, and monthly parking rates may be obtained from Transportation & Parking Services at https://taps.ucsc.edu/parking/visitor-parking.html or (831) 459-4543. 36 of 1132 41 Pre-Proposal Conference Call (non-mandatory) Page 2 of 4 Guideline sequence number Guideline number 5e690bf36ce5cf1174730f06 Guideline name Pre-Proposal Conference Call (non-mandatory) Guideline type General Guidelines Acknowledgment from Supplier Before participating in the event Guideline content Pre-Proposal Conference Call Schedule: Date: Monday, April 27, 2020 Time: 1pm - 3pm (PDT) Where: Via a Conference Call/Log-in Information below: Join Zoom Meeting https://UCOP.zoom.us/j/720555518 Meeting ID: 720 555 518 One tap mobile +16692192599,,720555518# US (San Jose) +16699006833,,720555518# US (San Jose) 37 of 1132 42 Pre-Proposal Conference Call (non-mandatory) Page 3 of 4 Dial by your location +1 669 219 2599 US (San Jose) +1 669 900 6833 US (San Jose) +1 720 928 9299 US (Denver) +1 971 247 1195 US (Portland) +1 346 248 7799 US (Houston) +1 602 753 0140 US (Phoenix) +1 651 372 8299 US +1 786 635 1003 US (Miami) +1 253 215 8782 US +1 301 715 8592 US +1 312 626 6799 US (Chicago) +1 470 250 9358 US (Atlanta) +1 470 381 2552 US (Atlanta) +1 646 518 9805 US (New York) +1 646 876 9923 US (New York) 38 of 1132 43 Pre-Proposal Conference Call (non-mandatory) Page 4 of 4 *4 (from UCOP office phone) Meeting ID: 720 555 518 Find your local number: https://UCOP.zoom.us/u/aR271koJD 39 of 1132 44 Agreement - Purchasing Page 2 of 2 Guideline sequence number Guideline number 5e38739e83916a13e86379b4 Guideline name Agreement - Purchasing Guideline type General Guidelines Acknowledgment from Supplier Before participating in the event Guideline content Proposers must accept, and Proposals must comply with the requirements of the attached University of California Agreement Purchasing. Please acknowledge that you have read, understand and accept the attached Agreement Purchasing. UC reserves the right to update the Agreement at any time before the executed contract. Submission of a Proposal affirms Proposer’s understanding and acceptance of the University of California Agreement Purchasing unless specific exceptions are proposed and alternative language or provisions are offered. If a Proposer is unwilling to accept any of the University of California Agreement Purchasing, then Proposer must attach to their proposal a document labelled “Exceptions UC Agreement Purchasing” that states which specific section of the Agreement is an issue, specify why it is an issue, and propose specific alternative language. The Exceptions document must be attached under Supplier Attachments in the CalUSource portal. 40 of 1132 45 Purchasing Agreement # ____________ The Agreement to furnish certain goods and services described herein and in the documents referenced herein (“Goods and/or Services”) is made by and between The Regents of the University of California, a California public corporation (“UC”) on behalf of the University of California, and the supplier named below (“Supplier”). This Agreement is binding only if it is negotiated and executed by an authorized representative with the proper delegation of authority. 1. Statement of Work Supplier agrees to perform the Services listed in the statement of work attached as Attachment A (“Statement of Work”) and any other documents referenced in the Incorporated Documents section herein , at the prices set forth in the Statement of Work and any other documents referenced in the Incorporated Documents section herein. Unless otherwise provided in the Agreement, UC will not be obligated to purchase a minimum amount of Goods and/or Services from Supplier. 2. Term of Agreement/Termination a) The term of the Agreement will be from Date and through Date and is subject to earlier termination as provided below. It may be extended upon the agreement of the parties. The initial term of the Agreement will be from Date and through Date (Initial Term) and is subject to earlier termination as provided below. UC may renew the Agreement for 3 (three) successive 1 (one) -year periods (each, a Renewal Term), by providing Supplier with at least 15 calendar days’ written notice before the end of the Initial Term or any Renewal Term. b) UC may terminate the Agreement for convenience by giving Supplier at least 30 calendar days' written notice. c) UC or Supplier may terminate the Agreement for cause by giving the other party at least 15 days' notice to cure a breach of the Agreement (Cure Period). If the breaching party fails to cure the breach within the Cure Period, the non-breaching party may immediately terminate the Agreement. 3. Purchase Order; Advance Payments Unless otherwise provided in the Agreement, Supplier may not begin providing Goods and/or Services until UC approves a Purchase Order for the Goods and/or Services. 4. Pricing, Invoicing Method, and Settlement Method and Terms Refer to Statement of Work or Purchase Order for Pricing. For systemwide agreements, each UC Location will specify the Invoicing Method and Payment Options that will apply, taking into account the operational capabilities of Supplier and the UC Location. See UC’s Procure to Pay Standards http://www.ucop.edu/procurement- services/_files/Matrix%20for%20website.pdf for the options that will be considered. In the case of systemwide agreements, each UC Location will specify these terms in a Statement of Work or Purchase Order, as the case may be.] All invoices must clearly indicate the following information: a. California state and local sales tax as a separate line item (if applicable), including the rate employed. b. Purchase Order or Release Number and the Agreement Number c. Description and Quantity, of the Products and Support ordered d. Net Cost of each item e. Any applicable discount(s) f. Reference to original order and invoice number for all credit invoices issued g. Original order and invoice number for all credit invoices issued 41 of 1132 46 UNIVERSITY OF CALIFORNIA Template revised on 10.1.19 Page 2 of 5 h. On invoices for impressions or overage: for each device, (1) the number of impr essions and the impression rate, (2) the number of overage impressions and the impression overage rate, and (3) the taxable amount of these impressions or overage. Tax is NOT to be included for labor or technical service charges. i. Start and end meter counts for each device. 1. Maintenance charges must be invoiced on separate invoices from lease or purchase charges. 2. If a UC Location has an MFD/Printer Fleet management program, individual device maintenance invoices and individual device lease invoices must be consolidated into separate summary invoices. 3. Invoices shall NOT contain line items for training, delivery, or other charges not expressly detailed in this RFP. 4. Supplier will provide a designated contact for billing/invoicing questions and issues. This contact must be available 8-5 PST/PDT, Monday-Friday. 5. Invoices will be submitted directly to the UC Locations’ Accounting Departments unless: a. The MFD/Printer Fleet management program at the UC Location requests invoices from Bidder be sent directly to the program, or b. The Supplier is notified otherwise by Amendment to the Agreement. 6. Usage billing and Meter Reading: a. Meter readings may not be estimated for use in invoicing, unless approved by the end user b. Service meters may not be used for invoicing, unless approved by the end user c. If meters are supplied monthly by MFD/Printer Fleet management programs, these meters must be the basis for maintenance invoicing. Supplier will submit invoices following the designated invoice method directly to UC Accounts Payable Departments at each UC Location, unless UC notifies the Supplier otherwise by amendment to the Agreement. 5. Notices As provided in the UC Terms and Conditions of Purchase, notices may be given by email, which will be considered legal notice only if such communications include the following text in the Subject field: FORMAL LEGAL NOTICE – [insert, as the case may be, Supplier name or University of California]. If a physical format notice is required, it must be sent by overnight delivery or by certified mail with return receipt requested, at the addresses specified below. To UC, regarding confirmed or suspected Breaches as defined under Appendix – Data Security: Name David Rusting Phone 510-987-0086 Email David.rusting@ucop.edu Address 1111 Franklin Street Oakland, CA 94607 To UC, regarding Breaches or Security Incidents as defined under Appendix – Business Associate: Name Monte Ratzlaff Phone 51-987-0858 Email Monte.ratzlaff@ucop.edu 42 of 1132 47 Template revised on 10.1.19 Page 3 of 5 Address 1111 Franklin Street Oakland, CA 94607 To UC, regarding personal data breaches as defined under Appendix – General Data Protection Regulation: Name Phone Email Address To UC, regarding contract issues not addressed above: Name Michael Wegmann Phone 510-987-0428 Email Michael.wegmann@ucop.edu Address 260 Cousteau Place Suite 150 Davis, CA 95618 To Supplier: Name Phone Email Address 6. Intellectual Property, Copyright and Patents /___/ The Goods and/or Services involve Work Made for Hire /__X_/ The Goods and/or Services do not involve Work Made for Hire 7. Patient Protection and Affordable Care Act (PPACA) /___/ Because the Services involve temporary or supplementary staffing, they are subject to the PPACA warranties in the T&Cs. /_X__/ The Services do not involve temporary or supplementary staffing, and they are not subject to the PPACA warranties in the T&Cs. 8. Prevailing Wages /___/ Supplier is not required to pay prevailing wages when providing the Services. 9. Fair Wage/Fair Work 43 of 1132 48 Template revised on 10.1.19 Page 4 of 5 /___/ Supplier is not required to pay the UC Fair Wage (defined as $13 per hour as of 10/1/15, $14 per hour as of 10/1/16, and $15 per hour as of 10/1/17) when providing the Services. 10. Federally Funded Contracts, Grants, and Cooperative Agreements [include this section ONLY if you have knowledge of the prime award number] /___/ Grant or Cooperative Agreement /___/ Contract The Prime Award Number is: ______________________. 11. Restriction Relating to Consulting Services or Similar Contracts – Follow-on Contracts Please note a Supplier that is awarded a consulting services or similar contract cannot later submit a bid or be considered for any work “required, suggested, or otherwise deemed appropriate” as the end product of the Services (see Public Contract Code Section 10515). 12. Insurance Deliver the PDF version of the Certificate of Insurance to UC’s Buyer, by email with the following text in the Subject field: CERTIFICATE OF INSURANCE – [insert Supplier name]. 13. Service-Specific and/or Goods-Specific Provisions TBD 14. Records about Individuals Records created pursuant to the Agreement that contain personal information about individuals (including statements made by or about individuals) may become subject to the California Information Practices Act of 1977, which includes a right of access by the subject individual. While ownership of confidential or personal information about individuals is subject to negotiated agreement between UC and Supplier, records will normally become UC’s property, and subject to state law and UC policies governing privacy and access to files. When collecting the information, Supplier must inform the individual that the record is being made, and the purpose of the record. Use of recording devices in discussions with employees is permitted only as specified in the Statement of Work. 15. Incorporated Documents This Agreement and its Incorporated Documents contain the entire agreement between the Parties, in order of the below precedent, concerning its subject matter and shall supersede all prior or other agreements, oral and written declarations of intent and other legal arrangements (whether binding or non-binding) made by the Parties in respect thereof. a. [insert Purchase Agreement Title/#] 44 of 1132 49 Template revised on 10.1.19 Page 5 of 5 b. [insert Prime Contract #] c. [UC Terms and Conditions of Purchase or Contract Addendum - UC Required Terms] d. [UC Appendix – Data Security] e. [UC Appendix - Business Associate (HIPAA)] f. [UC Appendix – General Data Protection Regulation (GDPR)] g. Statement of Work – Attachment A h. [Any additional documents necessary, with all incorporated documents being in order of precedence. Buyer may reference the Supplier’s proposal and quote as long as the Supplier’s T&C’s are removed or there aren’t any conflicts with the UC T&C’s.] 16. Entire Agreement The Agreement and its Incorporated Documents contain the entire Agreement between the parties and supersede all prior written or oral agreements with respect to the subject matter herein. This Agreement can only be signed by an authorized representativ e with the proper delegation of authority. THE REGENTS OF THE [SUPPLIER NAME] UNIVERSITY OF CALIFORNIA ________________________________ ___________________________________ (Signature) (Signature) ________________________________ ___________________________________ (Printed Name, Title) (Printed Name, Title) ________________________________ ____________________________________ (Date) (Date) 45 of 1132 50 Appendix - Business Associate Agreement Page 2 of 2 Guideline sequence number Guideline number 5e38739e83916a13e86379b7 Guideline name Appendix - Business Associate Agreement Guideline type General Guidelines Acknowledgment from Supplier Before participating in the event Guideline content Proposers must accept, and Proposals must comply with the requirements of the attached University of California Appendix-Business Associate Agreement dated 8/1/19. Please acknowledge that you have read, understand and accept the attached UC Appendix-Business Associate Agreement. UC reserves the right to update the UC Appendix Business Asscociate Agreement at any time before the executed contract. Submission of a Proposal affirms Proposer’s understanding and acceptance of the University of California Appendix-Business Associate Agreement unless specific exceptions are proposed and alternative language or provisions are offered. If a Proposer is unwilling to accept any of the University of California Appendix-Business Associate Agreement, then Proposer must attach to their proposal a document labelled “Exceptions Appendix-BAA” that states which specific section of the University of California Appendix-Business Associate Agreement is an issue, specify why it is an issue, and propose specific alternative language. The Exceptions document must be attached under Supplier Attachments in the CalUSource portal. 46 of 1132 51 47 of 1132 52 { '=u"ia"'-"'-"' } ········ UNIVERSITY OF CALIFORNIA Appendix -Business Associate Agreement This Appendix -Business Associate Agreement ("Appendix BAA") supplements and is made a part of any and all agreements entered into by and between The Regents of the University of California, a California corporation ("UC"), on behalf of its University of California Health System and ------------, Business Associate ("BA"). RECITALS A. UC is a "Covered Entity" as defined under 45 C.F.R. § 160.103 B. UC and BA are entering into or have entered into, and may in the future enter into, one or more agreements (each an "Underlying Agreement") under which BA performs functions or activities for or on behalf of, or provides services to UC ("Services") that involve receiving, creating, maintaining and/or transmitting Protected Health Information ("PHI") of UC as a "Business Associate" of UC as defined under 45 C.F.R. § 160.103. This Appendix BAA shall only be operative in the event and to the extent this Appendix BAA is incorporated into an Underlying Agreement between UC and BA. C. UC and BA desire to protect the privacy and provide for the security of PHI used by or disclosed to BA in compliance with the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), the regulations promulgated thereunder by the U.S. Department of Health and Human Services (45 C.F.R. Parts 160, 162 and 164) (the "HIP AA Regulations"), the Health Information Technology for Economic and Clinical Health Act of 2009 (the "HITECH Act"), California Civil Code § 56 et seq., §§ 1798.82 and 1798.29, and other applicable laws and regulations. The purpose of this BA Agreement is to satisfy certain standards and requirements of HIP AA, the HIP AA Regulations, including 45 CFR § 164.504( e ), the HITECH Act, including Subtitle D, part 1, as they may be amended from time to time, and similar requirements under California law. D. UC has designated all of its HIP AA health care components as a single component of its hybrid entity and therefore this BA Agreement is binding on all other UC health care components (collectively, the Single Health Care Component or the SHCC). This BA Agreement is effective on the date of the Underlying Agreement under which BA provides Services to UC ("Effective Date"). 1. DEFINITIONS Except for PHI, all capitalized terms in this Appendix BAA shall have the same meaning as those terms in the HIPAA Regulations. PHI shall have the same meaning as "protected health information" in the HIPAA Regulations that is created, received, maintained, or transmitted by Business Associate or any Subcontractor on behalf of UC and shall also include "medical information" as defined at Cal. Civ . Code § 56.05. 1 8 .1.19 48 of 1132 53 2. OBLIGATIONS OF BA BA agrees to: A. Comply with the requirements of the Privacy Rule that apply to UC in carrying out such obligations, to the extent BA carries out any obligations of UC under the Privacy Rule. BA also agrees to comply with the requirements of California state privacy laws and regulations that apply to UC in carrying out such obligations, to the extent BA carries out any obligations of UC under California Civil Code § 1798 et seq., California Civil Code § 56 et seq., and California Health & Safety Code §§ 1280.15 and 1280.18, as applicable, unless otherwise mutually agreed to by BA and UC. B. Not Use or Disclose PHI other than as permitted or required by the Underlying Agreement or as required by law. C. Use appropriate safeguards, and comply, where applicable, with 45 C.F.R. § 164 Subpart C with respect to ePHI, to prevent the Use or Disclosure of PHI other than as provided for by the Underlying Agreement(s) and the Appendix BAA. D. Notify UC, orally and in writing, as soon as possible, but in no event more than five (5) calendar days, after BA becomes aware of any Use or Disclosure of the PHI not permitted or required by the Appendix BAA or Underlying Agreement(s), including Breaches of unsecured PHI as required by 45 C.F .R. § 164.410 and potential compromises of UC PHI, including potential inappropriate access, acquisition, use or disclosure of UC PHI ( each, collectively an "Incident"). BA shall be deemed to be aware of any such Incident, as of the first day on which it becomes aware of it, or by exercising reasonable diligence, should have been known to its officers, employees, agents or sub-suppliers. The notification to UC shall include, to the extent possible, each individual whose unsecured PHI has been, or is reasonably believed by BA to have been, accessed, acquired, used or disclosed during such Incident. BA shall further provide UC with any other available information that UC is required to include in a notification to affected individuals at the time of the notification to UC, or promptly thereafter as information becomes available. BA shall take prompt corrective action to remedy any such Incident, and, as soon as possible, shall provide to UC in writing: (i) the actions initiated by the BA to mitigate, to the extent practicable, any harmful effect of such Incident; and (ii) the corrective action BA has initiated or plans to initiate to prevent future similar Incidents. E. Ensure that any Subcontractors that create, receive, maintain, or transmit PHI on behalf of the BA agree to the same restrictions, conditions, and requirements that apply to the BA with respect to such PHI. F. If BA maintains PHI in a Designated Record Set, BA shall make the PHI in the Designated Record Set available to UC, or if directed by UC to the Individual or the Individual's designee, as necessary to satisfy UC's obligations under 45 C.F .R. § 164.524. G . If BA maintains PHI in a Designated Record Set, BA shall make any amendments directed or agreed to by UC pursuant to 45 C.F.R. § 164 .526, or take other measures as necessary to satisfy UC's obligations under 45 C .F .R . § 164 .526 . 2 8.1.19 49 of 1132 54 H. Maintain and make available the information required to provide an accounting of disclosures to UC, or if directed by UC to the Individual, as necessary to satisfy UC's obligations under 45 C.F.R. § 164.528. I. Make its internal practices, books, and records, relating to the Use and Disclosure of PHI available to UC, and to the Secretary for purposes of determining UC's compliance with HIP AA, HITECH and their implementing regulations. 3. PERMITTED USES AND DISCLOSURES BY BA BA may only Use or Disclose the Minimum Necessary PHI to perform the services set forth in the Underlying Agreement. 4. TERM AND TERMINATION A. Termination for Cause. UC may terminate this Appendix BAA and any Underlying Agreement(s), if UC determines BA has violated a material term of the Appendix BAA. B. Upon termination of this Appendix BAA for any reason, with respect to PHI received from UC, or created, maintained, or received by BA on behalf of UC, BA shall return to UC, or if agreed to by UC, destroy, all such PHI that BA still maintains in any form, and retain no copies of such PHI. To the extent return or destruction of UC PHI is not feasible, BA shall (I) retain only that PHI which is necessary for BA to continue its proper management and administration or to carry out its legal responsibilities; and (2) continue to use appropriate safeguards for such UC PHI and comply with Subpart C of 45 C.F.R. Part 164 with respect to ePHI to prevent Use or Disclosure of the PHI, other than as provided for in this Section, for as long as BA retains the PHI. C. Survival. The obligations of BA under this Section 4.8 shall survive the termination of this Appendix BAA and any Underlying Agreement(s). The Appendix BAA is signed below by the parties' duly authorized representatives. THE REGENTS OF THE UNIVERSITY OF CALIFORNIA bt/, ._ '-, l"I /l'\ /11 . (Printed Name, Title) 4-Vf>-,._ CpO J"/2-(11 (Date) 8 .1.19 BUSINESS AS SOCIA TE (Supplier Name) (Signature) (Printed Name, Title) (Date) 3 Appendix - Data Security Page 2 of 2 Guideline sequence number Guideline number 5e38739e83916a13e86379b6 Guideline name Appendix - Data Security Guideline type General Guidelines Acknowledgment from Supplier Before participating in the event Guideline content Proposers must accept, and Proposals must comply with the requirements of the attached University of California Appendix Data Security dated 8/12/19. Please acknowledge that you have read, understand and accept the attached UC Appendix Data Security. UC reserves the right to update the UC Appendix at any time before the executed contract. Submission of a Proposal affirms Proposer’s understanding and acceptance of the University of California Appendix Data Security unless specific exceptions are proposed and alternative language or provisions are offered. If a Proposer is unwilling to accept any of the University of California Appendix Data Security, then Proposer must attach to their proposal a document labelled “Exceptions Appendix DS” that states which specific section of the University of California Appendix Data Security is an issue, specify why it is an issue, and propose specific alternative language. The Exceptions document must be attached under Supplier Attachments in the CalUSource portal. 50 of 1132 55 51 of 1132 56 ... { ~~) UNIVERSITY OF CALIFORNIA 52 of 1132 57 "Breach" "Illicit Code" "Institutional Information" "IT Resource" 53 of 1132 58 "Major Change" "Security Incident" 54 of 1132 59 55 of 1132 60 56 of 1132 61 Reporting of Breach or Security Incident 57 of 1132 62 Coordination of Breach Response or Security Incident Activities: Breaches and Security Incidents-Corrective And Preventive Action 58 of 1132 63 Costs Grounds for Termination: 59 of 1132 64 60 of 1132 65 UNIVERSITY OF CALIFORNIA Appendix Data Security Exhibit 1-Institutional Information 1. Protection Level Classification 1 : □ Protection Level 1 □ Protection Level 2 □ Protection Level 3 0 Protection Level 4 Explanation: I [Optional, add detail if needed, may be covered in SOW] The Protection Level determines the applicable cyber security insurance requirement in the Terms and Conditions . 2. Institutional Information data element descriptors: Select all data types that apply: A. 0 Animal Research Data. B. 0 Controlled Technical Information (CTI}. C. 0 Controlled Unclassified Information (CUl}-800-171/NARA. D. 0 Defense Department: Covered Defense Information (CDI}. E. 0 Federal Acquisition Regulations (FARS/DFAR) other than CUI. F. 0 GDPR personal data. G. 0 GDPR special data . H. 0 Health data -other identifiable medical data not covered by HIPAA. (Including but not limited to: occupational health, special accommodation, or services qualification, etc.) I. 0 Health Records subject to HIPAA Privacy or Security Rule (PHI}. J. 0 Human Subject Research Data . 1. □ Identified. 2. □ Anonymized . K. 0 Intellectual property (IP}, such as patents, copyright, or trade secrets . L. 0 !TAR/EAR-controlled data. M . 0 Payment card data (PCI, PCI DSS}. N. 0 Personally identifiable information -PII. 0. 0 Student data, whether or not subject to FERPA. 1 For reference see : https://security.ucop .edu/policies/institutional-information-and-it-resource- classification.html 8/12/2019 Page 1 of 2 61 of 1132 66 University of California Appendix Data Security P. □ Other: Q. □ Other: R. □ Other: S. □ Other: 3. Institutional Information Regulation or Contract Requirements: Select all regulations or external obligations that apply to inform UC and the Supplier of obligations related to this Appendix : Privacy(* indicates data security requirements are also present) A. 0 California Confidentiality of Medical Information Act (CMIA} *. B. 0 California Consumer Privacy Act (CCPA). C. 0 California Information Practices Act (IPA). D. 0 European Union General Data Protection Regulation (GDPR)*. E. 0 Family Educational Rights and Privacy Act (FERPA) *. F. 0 Federal Policy for the Protection of Human Subjects ("Common Rule"). G. 0 Genetic Information Nondiscrimination Act (GINA). H. 0 Gramm-Leach-Bliley Act (GLBA) (Student Financial Aid)*. I. 0 Health Insurance Portability and Accountability Act/Health Information Technology for Economic and Clinical Health Act (HIPAA/HITECH} *. J. 0 Substance Abuse and Mental Health Services Administration SAMHSA (CFR 42 Part 2). K. 0 The Fair and Accurate Credit Transaction Act (FACTA). L. 0 The Fair Credit Reporting Act (FCRA). Data Security M . 0 Chemical Facility Anti-Terrorism Standards (CFATS}. N. 0. P. Q. R. S. T. U. V. W. X. 8/12/2019 0 Defense Federal Acquisition Regulations (DFARS). 0 Export Administration Regulations (EAR). 0 Federal Acquisition Regulations (FARS}. 0 Federal Information Security Modernization Act (FISMA). 0 International Traffic in Arms Regulations (ITAR). 0 Payment card data (PCI, PCI DSS}. 0 Toxic Substances Control Act (TSCA}. □ Other: ------------------------- □ Other: ------------------------- □ Other: ------------------------- □ Other: ------------------------- Page 2 of 2 62 of 1132 67 Appendix - Electronic Commerce Page 2 of 2 Guideline sequence number Guideline number 5e38739e83916a13e86379b8 Guideline name Appendix - Electronic Commerce Guideline type General Guidelines Acknowledgment from Supplier Before participating in the event Guideline content Proposers must accept, and Proposals must comply with the requirements of the attached University of California Appendix-Electronic Commerce dated 7/19/19. Please acknowledge that you have read, understand and accept the attached UC Appendix-Electronic Commerce. UC reserves the right to update the UC Appendix at any time before the executed contract. Submission of a Proposal affirms Proposer’s understanding and acceptance of the University of California Appendix-Electronic Commerce unless specific exceptions are proposed and alternative language or provisions are offered. If a Proposer is unwilling to accept any of the University of California Appendix- Electronic Commerce, then Proposer must attach to their proposal a document labelled “Exceptions Appendix eCommerce” that states which specific section of the University of California Appendix- Electronic Commerce is an issue, specify why it is an issue, and propose specific alternative language. The Exceptions document must be attached under Supplier Attachments in the CalUSource portal 63 of 1132 68 Revised 7/18/2019 Page 1 of 6 This Electronic Commerce Appendix specifies the electronic commerce requirements applicable to Supplier in providing the Goods and/or Services. SECTION 1 ‐ GENERAL TERMS Each UC Location offers an electronic web‐based purchasing and catalog system to facilitate the purchase of Goods and/or Services from UC suppliers. UC Locations’ eProcurement systems currently are provided by multiple service providers. Eight of the ten UC campuses utilize the same platfo rm but may require separate implementations, as will the remaining campuses and/or Medical Centers. This Appendix sets forth the terms and conditions that will govern Supplier’s sale of Goods and/or Services through UC’s eProcurement systems. SECTION 2 ‐ DEFINITIONS Catalog(s) refers to the list of detailed product information, agreement pricing, manufacturer part numbers and/or service descriptions relating to the Goods and/or Services to be offered either as a Punch‐out Catalog, a Hosted Catalog or in a combination. This may include the creation of multiple Hosted Catalogs. eProcurement and eCommerce are used interchangeably to mean UC’s electronic web‐based purchasing and catalog systems. Each UC location has a branded eProcurement site. Go Live Date means the date on which a Catalog will be active. Hosted Catalog means a Catalog that is a properly formatted computer file supplied to all UC Locations through the Locations’ respective eProcurement systems. Order means a purchase order for Goods and/or Services placed by a User through an eProcurement system. Order Data means all data and information relating to Orders, including, without limitation, the specifics of a given transaction. Punch‐out Catalog means a Catalog hosted by Supplier on Supplier’s Site. Users may access this Punch‐out Catalog via an Internet link provided by Supplier to UC that redirects a User from the Location’s eProcurement system to Supplier Site. Supplier Mark means Supplier’s name, trade name and/or trademarks, service mark, or any derivation thereof. Supplier Site means an internet site operated and maintained by Supplier that has been made subject to this Appendix. UC Mark means UC’s name, trade name and/or trademarks, service marks, or any derivation thereof. User means an individual authorized by a UC location to use an eProcurement system. SECTION 3 – RIGHT TO USE UC grants to Supplier the right to sell Goods and/or Services to UC through the eProcurement systems, subject to the terms of this agreement. Supplier will be responsible for any cost of operation or dispute with regard to its interface with UC’s eProcurement systems. Appendix- Electronic Commerce 64 of 1132 69 UNIVERSITY OF CALIFORNIA Revised 7/18/2019 Page 2 of 6 SECTION 4 – e‐PROCUREMENT SYSTEM RESPONSIBILITIES; MAINTENANCE OF CATALOG(S); LICENSE (a) e‐Procurement System Responsibilities. Except as otherwise set forth herein, each party will be responsible, at its own expense, for: (i) developing, operating and maintaining its relevant system(s); (ii) acquiring and maintaining its server hardware and software (or obtaining third‐party hosting services) for its relevant system(s); and (iii) maintaining Internet connectivity. The supplier will enable its catalog with any UC location that requests one, as long as it is not out of the scope of the terms of the agreement or this appendix. The parties agree to electronically link the functionality of their respective systems, using commercially reasonable efforts. Purchase Order and Invoice/Credit Memo Data will be transmitted between the systems according to the appropriate method for each University location, cXML, xCBL or EDI standards being preferred. Other methods of PO or Invoice/Credit Memo transmission will only be allowed at the discretion of each University location. A supplier’s Punch‐out site (if applicable) will permit: (a) Users to access the Supplier Site when a User selects the Punch‐out Catalog; (b) Supplier site to send back user selected items to Location’s eProcurement system; (c) User to create an Order through the Location’s eProcurement system; and (d) UC eProcurement systems to forward an Order to Supplier for confirmation and Order processing along with Order status inquiry. Supplier must be able to accommodate orders and invoices for multiple UC locations sharing a single eProcurement platform. Supplier must be able to identify the Punch‐out session and transmitted PO as being from the individual locations. If providing a Punch‐out catalog, Supplier must be able to accommodate multiple UC locations on a single platform using a single Punch‐out site, unless requested otherwise by UC. (b) Maintenance of Hosted and Punch‐out Catalogs. Supplier will provide its Catalog(s) to UC in a file format that will interface seamlessly with UC’s eProcurement systems. These Catalog files will be in compliance with each UC Location’s eProcurement system. UC makes no guarantee of a Go Live Schedule for establishment of a new catalog Systemwide, as each Location is a separate enablement and subject to resource availability. Timelines will be estimated and adjusted by UC as needed for concurrent implementations. For Hosted Catalogs, Supplier must provide UC with updated versions of the Catalog file with, at a minimum, full descriptions and images that Supplier currently utilizes for items offered in its proprietary websites and Punch‐out Catalogs. The parties will update each other regarding eCommerce specifications as needed from time to time. Supplier must notify UC’s Contract Administrator at least three (3) weeks in advance of the proposed Go Live Date if it will be requesting additions, deletions, or modifications to the Catalogs. After such advance notification, Supplier must provide UC with Catalog files containing the requested additions, deletions, or modifications with no less than the lead time specified in Section 10 of this appendix. In addition, for price file updates with a mutually agreed upon activation of January 1, Supplier must submit proposed files at least five (5) weeks prior to the first working day in January. Upon UC’s approval of the new Catalog file, UC and Supplier will confirm the Go Live Date; the updated version of the Catalog file will be made effective on that Go Live date. If UC rejects a Catalog more than once because it does not meet UC’s acceptance criteria, the Contract Administrator will suspend Supplier’s price/content change until the date of Supplier’s next acceptable contracted change. If there is a conflict between a price in a Hosted Catalog and a Punch‐out Catalog, UC will be invoiced at the lower price. Supplier must notify UC in advance when substituting items, changing SKU numbers or changing the number of items in a package in any Catalog. 65 of 1132 70 Revised 7/18/2019 Page 3 of 6 Content in Supplier catalog is limited to the categories specified in this agreement, with additional categories allowed at UC’s discretion. Supplier agrees that UC may block Catalog items at the category and/or SKU level. The University will require Supplier to clearly identify products as Hazardous Materials, Radioactive, and Controlled Substances in the Supplier’s catalog, whether Hosted or Punch‐out. For Punch‐out the identifier will be returned to the cart of the Location’s eProcurement system, in a manner/field acceptable to the Location. The University will require Supplier to clearly identify products with UC‐recognized sustainability/green certifications in both hosted and Punch‐out catalogs. UC’s Contract Administrator will work with Supplier to ensure that contract items that meet the UC criteria for Green/Sustainable products will be prioritized in all product searches. Products that do not meet UC’s minimum criteria requirements may be blocked in all hosted catalogs and Punch‐out catalogs at UC’s discretion. Supplier is responsible for providing UC with Catalogs that contain accurate pricing and data in accordance with the Agreement. If UC determines there are errors in the pricing or data attributes of a Catalog, UC will notify Supplier of those errors in writing and reject the Catalog. Supplier will have no more than ten (10) business days to review and correct the errors. (c) License. Supplier hereby grants to UC, at no additional cost, a limited, non‐exclusive, royalty‐free right to link to and access the Supplier Site from the eProcurement sites, subject to the terms and conditions herein and solely for the purpose of permitting Users to access the Services. All Supplier Marks will remain the sole property of Supplier. (d) Accessibility Requirements. Supplier agrees that Supplier will make available Goods/Services accessible to people with disabilities and conform to the technical requirements of the relevant Revised Standards of Section 508 of the federal Rehabilitation Act. In addition, Supplier warrants that: i. Any catalog content provided to UC will comply with the accessibility requirements of WCAG 2.0AA. ii. Supplier will promptly respond to and resolve any complaint regarding accessibility of any catalog content provided to UC. SECTION 5 – USER SUPPORT (a) UC Duties. Each UC Location will provide its Users with initial contact and system support assistance on all functionality and use issues for eProcurement (including links to the Supplier Site). When known, UC will promptly notify Supplier of any such issues relating to the Catalog, the Supplier Site, and/or other Supplier materials/systems. (b) Supplier Duties. Supplier will provide all customer support relating to the Catalog, Supplier Goods and/or Services, Invoicing/Payment/Credits, and Supplier Sites in a manner consistent with the customer support that Supplier provides to other customers, and at least as good as the customer support that Supplier provides to customers who are purchasing through any other means. SECTION 6 – PROPRIETARY RIGHTS UC’s Terms and Conditions of Purchase contains provisions regarding the parties’ rights and responsibilities with respect to intellectual property relating to the Goods and Services. Without altering those provisions, the parties additionally agree as follows: UC may require Supplier to “brand” Supplier’s Punch‐out Catalog with one or more UC Marks. If UC requires Supplier to utilize one or more UC Marks on Supplier’s Punch‐out Catalog, UC will provide the appropriate artwork and such artwork will be deemed to have been provided with a limited, non‐exclusive, non‐sub‐ 66 of 1132 71 Revised 7/18/2019 Page 4 of 6 licensable right for Supplier to use it solely for the purpose of a UC‐branded Punch‐out Catalog hosted by Supplier and subject to the following terms: (i) Supplier may not make any additional use of the UC Marks without UC’s prior written approval. Supplier’s use of the UC Marks in the Punch‐out Catalog must acknowledge UC's ownership of the UC Marks. Supplier will include all notices and legends with respect to UC trademarks, trade names, or copyrights as may be required by applicable trademark and copyright laws or which may be reasonably requested by UC. Supplier agrees not to claim any title to UC Marks or any right to use UC Marks except as permitted by this Appendix. Upon termination of this Appendix or the Agreement, all rights to UC Marks conveyed by UC to Supplier will cease and Supplier will destroy or return to UC all media with UC Marks. UC specifically reserves any and all rights to UC Marks not specifically granted to Supplier. Supplier grants to UC the right to use Supplier's trademarks, logos, trade names, and service marks for the purpose of promoting UC eProcurement sites to the UC community. UC acknowledges Supplier's right, title, and interest in and to Supplier’s Marks and Supplier’s exclusive right to use and license the use of Supplier Marks and agrees not to claim any title to Supplier Marks or any right to use Supplier Marks except as permitted by this Appendix. UC will include all notices and legends with respect to Supplier trademarks, trade names, or copyrights as may be required by applicable trademark and copyright laws or which may be reasonably requested by Supplier. Upon termination of this Appendix, all rights to Supplier Marks conveyed by Supplier to UC will cease and UC will destroy or return to Supplier all media with Supplier Marks. Supplier specifically reserves any and all right to Supplier Marks not specifically granted to UC. (ii) The licenses granted in the previous paragraphs regarding UC Marks and Supplier Marks are subject to the ongoing approval of the party owning the respective trademarks, logos, trade names, or copyrights. Such ongoing approval includes the ability to terminate – at any time, for any reason, and in the sole discretion of the owner of the respective trademarks, logos, trade names, or copyrights – the trademark licenses provided in the preceding paragraphs for any particular trademark, logo, trade name, or copyrighted work without necessarily terminating this Appendix. Each party agrees not to take any action that will adversely reflect upon or damage the goodwill, reputation, or the brand value of the other party. Each party further agrees not to take any action that is inconsistent with the other party’s ownership of the respective trademarks, trade names, or copyrights. At all times (including following termination of the Agreement), Supplier agrees to comply with Section 92000 of California’s Education Code. (a) Grant of License. Supplier hereby grants UC a non‐exclusive, royalty‐free: (i) license to use, copy, transmit, and display the Catalog, any information contained therein and the Supplier Marks for the purposes of permitting Customers to access information about and order Supplier Goods and/or Services from a Catalog and (ii) if Supplier is using a Punch‐out Catalog, right to link to and access the Punch‐out Catalog on the Supplier Site, for the purposes of permitting Customers to access the Supplier Website and permitting Customers to order Supplier Goods and/or Services. (b) Modifications. UC will not modify or remove any of the proprietary rights markings in the Catalog. UC will not modify the content of the Catalog, except as indicated by Supplier, but may require Supplier to make and submit modifications if required as part of this agreement. However, for hosted catalogs, UC reserves the right to attach flags to catalog items as an aid to shoppers in selecting preferred items, such as green or recycled. UC will not make any representations or warranties, or provide any information, to any third party regarding any Supplier Goods and/or Services (including, but not limited to, any representations or warranties of any information regarding availability, delivery, pricing, characteristics, qualifications or specifications thereof). If UC believes in good faith that any Supplier information does not conform to the requirements of the associated UC Agreement or this Appendix, UC will be entitled to withdraw the Catalog from UC eProcurement sites. In such a case, UC will promptly notify the Supplier of the actions it has taken and will work with the Supplier promptly to resolve UC’s concerns. When UC’s 67 of 1132 72 Revised 7/18/2019 Page 5 of 6 concerns are satisfactorily resolved UC will promptly restore the Catalog, if appropriate. UC will have no liability to the Supplier or anyone else for exercising these rights. (c) Acknowledgment. Each party acknowledges that the technology embodied in the other party’s Site may be based on patented or patentable inventions, trade secrets, copyrights or other intellectual property or proprietary rights (“Intellectual Property Rights”) owned by the other party and its applicable licensors. (d) UC Rights. As between the parties, UC will be the sole owner of – or, with respect to any items licensed by UC, will retain all rights to all Intellectual Property Rights associated with UC eProcurement sites, including any modifications, updates, enhancements or upgrades to any of the foregoing, as well as any Order Data generated or collected on such site (collectively, the “UC Materials”). Except as provided herein, Supplier may not copy or use in any way, in whole or in part, any UC Materials without UC’s prior written approval. Any permitted copies of such property, in whole or in part, alone or as part of a derivative work, will remain UC’s sole property. Supplier agrees to reproduce and include UC’s copyright, trademark and other proprietary rights notices on any permitted copies of UC Materials including, without limitation, partial copies and copied materials in derivative works. Supplier will not copy or reproduce any third‐party copyrighted or trademarked materials, which appear on or are otherwise associated with any UC eProcurement site without UC’s prior written consent. SECTION 7 – MULTIPLE SUPPLIERS Supplier acknowledges that all UC eProcurement sites are intended to facilitate Users’ ability to obtain Goods and/or Services from more than one supplier. Nothing in this Appendix will be construed to prevent UC from entering into similar agreements with any third parties including, without limitation, suppliers that may be in competition with Supplier. SECTION 8 – WARRANTY DISCLAIMER UC does not warrant that access to UC eProcurement sites will be uninterrupted or that the results obtained by use of UC eProcurement sites will be error‐free. SECTION 9 – DISPUTES AND CHANGES IN THE SERVICES (a) UC and Supplier agree to negotiate in good faith to resolve problems, questions and disputes. (b) Where improvements and clarifications can be made in the business processes related to eProcurement, both parties agree to incorporate such changes as long as they are mutually agreed upon. SECTION 10 – ADDITIONAL CONTRACTUAL TERMS In addition to the provisions of Section 4, Section 10 provisions will govern the Catalogs. If the provisions of Sections 4 and 10 conflict, Section 10 will govern. Type(s) of Catalog(s): At UC’s campus discretion, Supplier is allowed to implement a [specify hosted, Punch‐out, or both] catalog in the UC eProcurement systems. Supplier will be required to comply with UC Location e‐commerce requirements on a location by location basis, which includes the decision to move forward with Punch‐out or Hosted. Any deviation from the type(s) specified herein must first be agreed upon by UC’s Contract Administrator. Annual Number of Catalogs: Supplier is allowed to submit no more than [number] catalogs per calendar year, with changes as follows:  Content Additions, Deletions and Other Non‐pricing Edits: [insert number of times Supplier can change its content; quarterly or biannually would be recommended]  Price Changes: [insert number of times Supplier can change its price; once per year would be recommended] 68 of 1132 73 Revised 7/18/2019 Page 6 of 6 o Allowable level of price change ($/%) will be in accordance with the terms of this agreement. o If a price file includes both content and pricing changes, it will count toward the pricing allocation. Lead time: Supplier must load the Catalog price file into the e‐Procurement system [insert number, 10 is the minimum] working days prior to the planned go‐live date. (Exception – for January 1 updates to enabled catalogs, Supplier must submit the price file no later than 5 weeks prior, as specified in section 4.) Buyer – [Choose those that apply]:  Number of catalog/price file versions to be supported for this agreement: [insert number]  If more than one catalog/price file version is supported, please include a description/justification (e.g., special pricing for cores): [insert description]  Maximum Number of SKUs allowed: [insert number] (optional)  Categories allowed within Catalog: [list specific categories] or  Categories blocked within Catalog: [list specific categories] 69 of 1132 74 - Appendix - GDPR Page 1 of 2 Instructions 1. This template can be used to download and update the guidelines in an event. 2. This template does not support the creation or deletion of guidelines. 3. The guideline name is limited to 100 characters. 4. This template will work for updating guidelines only in the event from which it is downloaded. 5. Only the “Guideline name” and “Guideline content” are open for editing. 70 of 1132 75 Appendix - GDPR Page 2 of 2 Guideline sequence number Guideline number 5e948dbe111e832fc0475530 Guideline name Appendix - GDPR Guideline type General Guidelines Acknowledgment from Supplier Before participating in the event Guideline content Proposers must accept, and Proposals must comply with the requirements of the attached University of California Appendix General Data Protection Regulation dated August 21, 2019. Please acknowledge that you have read, understand and accept the attached UC Appendix General Data Protection Regulation. UC reserves the right to update the UC Appendix at any time before the executed contract. Submission of a Proposal affirms Proposer’s understanding and acceptance of the University of California Appendix General Data Protection Regulation unless specific exceptions are proposed and alternative language or provisions are offered. If a Proposer is unwilling to accept any of the University of California Appendix General Data Protection Regulation, then Proposer must attach to their proposal a document labelled “Exceptions Appendix GDPR” that states which specific section of the University of California Appendix General Data Protection Regulation is an issue, specify why it is an issue, and propose specific alternative language. The Exceptions document must be attached under Supplier Attachments in the CalUSource portal. 71 of 1132 76 72 of 1132 77 73 of 1132 78 74 of 1132 79 75 of 1132 80 76 of 1132 81 77 of 1132 82 78 of 1132 83 79 of 1132 84 80 of 1132 85 81 of 1132 86 82 of 1132 87 83 of 1132 88 84 of 1132 89 National Defense Authorization Act Section 889. Page 2 of 2 Guideline sequence number Guideline number 5e38739e83916a13e86379ba Guideline name National Defense Authorization Act Section 889. Guideline type General Guidelines Acknowledgment from Supplier Before participating in the event Guideline content Where applicable, Proposer warrants that it complies with the requirements in National Defense Authorization Act (NDAA) Section 889. Consistent with NDAA Section 889, these requirements do not permit UC to contract with entities in violation of Federal cyber security laws. Please acknowledge that you have read, understand and accept compliance to this requirement 85 of 1132 90 OMNIA Partnership Page 2 of 2 Guideline sequence number Guideline number 5e600ef2c031f523ec571b4e Guideline name OMNIA Partnership Guideline type General Guidelines Acknowledgment from Supplier Before participating in the event Guideline content The University of California has partnered with OMNIA Partners, Public Sector, to be their marketing partner for their national cooperative contracts which will be available for other public agencies, including state and local governments, public and private primary, secondary, and higher education entities, non- profit entities, and agencies for the public benefit, to utilize on a national basis. Proposers are encouraged to partner with OMNIA Partners for a national contract. Please acknowlege your acceptance of a national contract and partnership with OMNIA Partners and complete the required questionnaire in this RFP. If a Proposer is unwilling to participate on a national level, or is not a national supplier, then Proposer must attach to their response a document labelled “Reasons for Declining OMNIA Partners Partnership” and include specific reasons or issues for declining a national contract or partnership. The Reasons for Declining OMNIA Partners Partnership document must be attached under Supplier Attachments in the CalUSource portal. 86 of 1132 91 Required Historical UC Sales Data Report NOTE: ATTACH REPORT FORMAT AND DELETE THIS NOTE Page 2 of 2 Guideline sequence number Guideline number 5e38739e83916a13e86379b9 Guideline name Required Historical UC Sales Data Report NOTE: ATTACH REPORT FORMAT AND DELETE THIS NOTE Guideline type General Guidelines Acknowledgment from Supplier Before participating in the event Guideline content If you have sold products or services within the context of this RFP to the University of California in the last 2 UC Fiscal years, (July 1 - June 30), you must provide spend data in the spreadsheet attached. If you did not sell products or services within the context of this RFP to the University of California in the last 2 UC Fiscal years, please complete the attached spreadsheet with N/A in the required fields 87 of 1132 92 Supplier name here: Instructions: (C). Tabs *FY'18 MFDs *FY'18 Laser Printers *FY'19 MFDs *FY'19 Laser Printers Note: Please Do Not change any of the exsiting row and column headers. (A). Enter your company name in the yellow cell above. (B). If you have done business with UC in the last 2 Fiscal Years FY 2018 (July 1, 2017 –June 30, 2018) and FY 2019 (July 1, 2018 –June 30, 2019), populate each tab with UC Historical 88 of 1132 93 Purchases Leases Services UCB UCD UCI UCLA UCM UCR UCSB UCSC UCSD UCSF UCOP LBNL UCIMC UCDMC UCLAMC UCSDMC UCSFMC UC Hastings UC FY 2 Multifunction Devices Monochrome 89 of 1132 94 Other (accessories, parts, supplies, etc.)Purchases Leases Services 018 Historical Purchases (MFDs) July 1, 2017 - June 30, 2018 Color 90 of 1132 95 Other (accessories, parts, supplies, etc.) 91 of 1132 96 Purchases Leases Services UCB UCD UCI UCLA UCM UCR UCSB UCSC UCSD UCSF UCOP LBNL UCIMC UCDMC UCLAMC UCSDMC UCSFMC UC Hastings Multifunction Devices Monochrome UC FY 2 92 of 1132 97 Other (accessories, parts, supplies, etc.)Purchases Leases Services Color July 1, 2018 - June 30, 2019 019 Historical Purchases (MFDs) 93 of 1132 98 Other (accessories, parts, supplies, etc.) 94 of 1132 99 Purchases Services Other (accessories, parts, supplies, etc.) UCB UCD UCI UCLA UCM UCR UCSB UCSC UCSD UCSF UCOP LBNL UCIMC UCDMC UCLAMC UCSDMC UCSFMC UC Hastings UC FY 2018 Historica July 1, 20 Laser Printers Monochrome 95 of 1132 100 Purchases Leases Services Other (accessories, parts, supplies, etc.) al Purchases (Laser Printers) 017 - June 30, 2018 Color 96 of 1132 101 Purchases Services Other (accessories, parts, supplies, etc.) UCB UCD UCI UCLA UCM UCR UCSB UCSC UCSD UCSF UCOP LBNL UCIMC UCDMC UCLAMC UCSDMC UCSFMC UC Hastings Laser Printers Monochrome UC FY 2019 Historica July 1, 20 97 of 1132 102 Purchases Leases Services Other (accessories, parts, supplies, etc.) Color al Purchases (Laser Printers) 018 - June 30, 2019 98 of 1132 103 Supplier Bid Response Resources Page 2 of 2 Guideline sequence number Guideline number 5e38739e83916a13e86379b1 Guideline name Supplier Bid Response Resources Guideline type General Guidelines Acknowledgment from Supplier Not necessary Guideline content Please cut and paste the below website to your local browser: http://calusource.net/supplier-resources/ 99 of 1132 104 Sustainability Requirement Page 2 of 2 Guideline sequence number Guideline number 5e38739e83916a13e86379b3 Guideline name Sustainability Requirement Guideline type General Guidelines Acknowledgment from Supplier Before participating in the event Guideline content Supplier(s) awarded a system-wide agreement as a result of this RFP will be required to register and participate in an assessment of their sustainability practices and procedures through the Ecovadis Corporate Social Responsibility (CSR) monitoring platform. For more information on the EcoVadis platform and costs associated with an assessment, please see the EcoVadis Supplier Solutions Website here: https://www.ecovadis.com/us/supplier-solutions-2/. Please acknowledge that you have read, understand and accept compliance to this requirement. 100 of 1132 105 Terms and Conditions of Equipment Lease Page 2 of 2 Guideline sequence number Guideline number 5e8f4f6454ce4a28acc874b9 Guideline name Terms and Conditions of Equipment Lease Guideline type General Guidelines Acknowledgment from Supplier Before participating in the event Guideline content RFP Proposers must accept, and Proposals must comply with the requirements of the attached University of California Terms and Conditions of Equipment Lease dated 12/15/1994. Please acknowledge that you have read, understand and accept the attached UC Terms and Conditions of Equipment Lease. UC reserves the right to update the UC Terms and Conditions of Equipment Lease at any time before the executed contract. Submission of a Proposal affirms Proposer’s understanding and acceptance of the University of California Terms and Conditions of Equipment Lease unless specific exceptions are proposed and alternative language or provisions are offered. If a Proposer is unwilling to accept any of the University of California Terms and Conditions of Equipment Lease, then Proposer must attach to their proposal a document labelled “Exceptions UC Terms and Conditions of Equipment Lease” that states which specific section of the University of California Terms and Conditions of Equipment Lease is an issue, specify why it is an issue, and propose specific alternative language. The Exceptions document must be attached under Supplier Attachments in the CalUSource portal. 101 of 1132 106 BULLETIN NO.: BUS-43 Rev. DATE: 12/15/94 PAGE: 74 Page 1 TERMS AND CONDITIONS OF EQUIPMENT LEASE ARTICLE 1 - GENERAL. For the purpose of these terms and conditions, the terms "University", "Lessor" and "Order" shall hereinafter be defined as follows: A. University: The Regents of the University of California. B. Lessor: The grantor of the use of personal property by lease. C. Order: A straight lease or rental agreement, with or without option to purchase, as indicated on the purchase order. The equipment, supplies and services covered by this order shall be furnished by Lessor subject to all the terms and conditions set forth in this order including the following, which Lessor, in accepting this order agrees to be bound by and to comply with in all particulars and no other terms or conditions shall be binding upon the parties unless hereafter accepted by them in writing. Written acceptance or shipment of all or any portion of the materials or supplies or the performance of all or any portion of the services covered by this order shall constitute unqualified acceptance of all its terms and conditions. The terms of any proposal referred to in this order are included and made a part of the order only to the extent it specifies the equipment, supplies and services ordered, the price therefor, and the delivery thereof, and then only to the extent that such terms are consistent with the terms and conditions of this order. ARTICLE 2 - INSPECTION. The equipment, supplies and services furnished shall be exactly as specified in this order, free from all defects in manufacturer's design, workmanship and materials, and, except as otherwise provided in this order, shall be subject to inspection and testing by University at all times and places. If, prior to final acceptance, any equipment, supplies or services are found to be defective or not as specified, University may reject them, require Lessor to correct them without charge, or require delivery of such equipment, supplies, or services at a reduction in price which is equitable under the circumstances. If Lessor is unable or refuses to correct such items within a time deemed reasonable to University, University may terminate the order in whole or in part. Lessor shall bear all risks as to rejected equipment, supplies and services and, in addition to any costs for which Lessor may become liable to University under other provisions of this order, shall reimburse University for all transportation costs, other related costs incurred, or payments to Lessor in accordance with the terms of this order for unaccepted equipment, supplies and services. Notwithstanding final acceptance and payment Lessor shall be liable for latent defects, fraud or such gross mistakes as amount to fraud. ARTICLE 3 - TERMS OF USE. Except as otherwise provided on the face of this order, the specified rental payments shall entitle University to unlimited use and operation of said equipment at any time and any place and for any period of time at the convenience of University (exclusive of the time required for preventive and remedial maintenance) and shall not be restricted to consecutive hours, length of personnel shifts, or any other restrictions. ARTICLE 4 - CHANGES. No change to the lease shall be allowed without written approval of University. Any claim of Lessor for an adjustment under this Article must be made in writing within thirty (30) days from the date of receipt notification of such change unless University waives this condition in writing. Nothing in the Article shall excuse Lessor from proceeding with performance of the order as changed hereunder. ARTICLE 5 - TERMINATION. University may at its option, by written notice stating the extent and effective date, terminate this order at the anniversary date of the lease or at the end of any fiscal year in whole or in part in the event the funding agency does not appropriate sufficient funds to continue the lease payments. University may by written notice terminate this order for Lessor's default, in whole or in part, at any time, if Lessor refuses or fails to comply with the provisions of this order, or so fails to make progress as to endanger performance and does not cure such failure within a reasonable period of time, or fails to make deliveries of said equipment or supplies or perform the services within the time specified or any written extension thereof. In the event University defaults in the payment of any amount due or to become due under the terms of the lease or defaults in the performance of any of the terms and conditions hereof, all the University's rights hereunder as to use and possession of the equipment shall, at the option of Lessor, terminate and Lessor shall become entitled to retain all rentals and to take possession of the property, provided however, that in such event neither Lessor nor University shall have the right to rent said equipment to any third party so long as it remains on the premises of University. ARTICLE 6 - TITLE. Lessor covenants that it is the sole owner of said property, and that no other person, party, firm or corporation has any right, title, interest in or to same and that during the term of this lease said Lessor will not sell or encumber said property, or any interest therein, except subject to the rights given University by virtue of the lease. Title to said property, including any accessories and devices furnished by Lessor except those subsequently purchased by University, vests in Lessor, and said property may be removed by Lessor at or after termination of this Agreement unless purchased by University pursuant to its Purchase Option, if any. ARTICLE 7 - PAYMENT. Unless otherwise provided for in this order, lease charges shall be invoiced in arrears and shall be payable thirty (30) days after the end of the period for which the charges accrue or thirty (30) days after University's receipt of invoice whichever is later. ARTICLE 8 - TAXES. Lessor alone shall pay any license fees, assessments, sales, use and other taxes lawfully imposed during the term hereof upon the equipment, supplies or services furnished pursuant to this order. ARTICLE 9 - PROPERTY TAX EXEMPTION. Lessor agrees to cooperate with University and do all acts reasonably necessary and appropriate to secure and maintain tax exemption of the property leased hereunder pursuant to Article 13, section 3 of the California Constitution. Lessor agrees to apply the amount of any reduction of tax resulting from such exemption as a credit against rental payments otherwise due by University to Lessor hereunder. ARTICLE 10 - WARRANTY. Lessor warrants that said equipment, including accessories, will be in good operating condition when installed and that any subsequent defects in design, materials or workmanship during the term of this Lease will be corrected by Lessor at its sole expense. Lessor will inform University of the terms and conditions of 102 of 1132 107 UNIVERSITY l i OF CALIFORNIA BULLETIN NO.: BUS-43 Rev. DATE: 12/15/94 PAGE: 74 Page 2 any manufacturer's warranty in effect on the commencement date of this lease. In the event of defect in design, material, or workmanship during the term of the lease, the Lessor will assert any Manufacturer's Warranty in effect between Lessor and the Manufacturer at the time the defect becomes apparent. ARTICLE 11 - PROPRIETARY RIGHTS INDEMNITY. Lessor shall indemnify, defend, and hold harmless University, its officers, agents, and employees against all losses, damages, liabilities, costs, and expenses (including but not limited to attorneys' fees) resulting from any judgment or proceeding in which it is determined, or any settlement agreement arising out of the allegation, that Lessor's furnishing or supplying University with parts, goods, components, programs, practices, or methods under this order or University's use of such parts, goods, components, programs, practices, or methods supplied by Lessor under this order constitutes an infringement of any patent, copyright, trademark, trade name, trade secret, or other proprietary or contractual right of any third party. The foregoing shall not apply unless University has informed Lessor as soon as practicable of the suit or action alleging such infringement. Lessor shall not settle such suit or action without the consent of University. University retains the right to participate in the defense against any such suit or action. ARTICLE 12 - TRANSPORTATION AND INSTALLATION. Unless otherwise provided for in this order, Lessor will be responsible for all transportation and handling costs related to the shipment to and from University of the leased equipment. Should the equipment require specialized installation, Lessor will provide the required technical assistance at no charge. ARTICLE 13 - ASSIGNMENT. This order is not assignable by Lessor, except as to any payment due hereunder, without the written approval of University. ARTICLE 14 - EQUAL OPPORTUNITY AFFIRMATIVE ACTION. Lessor shall not maintain or provide racially segregated facilities for employees at any establishment under its control. Lessor agrees to adhere to the requirements set forth in Executive Orders 11246 and 11375, and with respect to activities occurring in the State of California, to the California Fair Employment and Housing Act (Government Code section 12900 et seq.). Expressly, Lessor shall not discriminate against any employee or applicant for employment because of race, color, religion, sex, national origin, ancestry, medical condition (as defined by California Code section 12925[f]), marital status, age, physical and mental handicap in regard to any position for which the employee or applicant for employment is qualified, or because he or she is a disabled veteran or veteran of the Vietnam era. Lessor shall further specifically undertake affirmative action regarding the hiring, promotion and treatment of minority group persons, women, the handicapped, and disabled veterans and veterans of the Vietnam era. Lessor shall communicate this policy in both English and Spanish to all persons concerned within its company, with outside recruiting services, and the minority community at large. Lessor shall provide the University on request a breakdown of its labor force by groups, specifying the above characteristics within job categories, and shall discuss with the University its policies and practices relating to its affirmative action programs. ARTICLE 15 - SERVICE AND MAINTENANCE. In the event this order includes service and maintenance of said equipment, Lessor will provide such service and maintenance required to keep said equipment in good working condition throughout the term of lease. The service and maintenance will consist of not less than: (1) periodic cleaning, and adjustments in the mechanisms and replacing unserviceable parts, and (2) emergency repair service, including replacement of unserviceable parts. In order to perform maintenance service hereunder Lessor shall have reasonable access to the leased equipment to the extent practical in consonance with operational requirements. Lessor agrees that its failure to provide service and maintenance to keep the equipment in good operating condition shall result on a credit of 1/30th of the monthly lease payments for every twenty-four (24) hour period or portion thereof following the first twenty-four (24) hours after notification to Lessor that the equipment is inoperative. ARTICLE 16 - ALTERATIONS. University or its authorized agents may make alterations or install attachments to the equipment and the Lessor shall be so notified. In the event that such changes substantially increase the cost of maintenance, mutually agreeable arrangements for additional maintenance service shall be made on an individual installation basis. Such alterations or attachments which are not the property of Lessor shall be removed immediately after discontinuation of lease (unless University elects to exercise its Purchase Option) and the equipment restored to the prior configuration (ordinary wear and tear only excluded) at University's expense. Lessor shall inform University of any provisions in the manufacturer's warranty which may cause the warranty to be affected by any such alterations or attachments. ARTICLE 17 - RISK OF LOSS. During the period of time that property covered by this order is in the possession of University, University (and its customers, if installed on University's customers' premises) shall take good care of the property and University shall be responsible for any loss of or damage to the property caused by University while in its possession and control, unless such damage or loss is a consequence, directly or indirectly of intentional or negligent acts or omissions of Lessor or Lessor's agents. ARTICLE 18 - OPTION TO PURCHASE. University is hereby given the option (provided University is not in default in the performance of any of its obligations hereunder) to purchase any or all of said property at the times and for the amounts set forth in this order. As of the date of exercise of the option, University's Standard Terms and Conditions of Purchase shall be substituted for the terms and conditions applicable to this lease. Said terms and conditions of purchase shall be those in effect as of the date the property was installed, provided that the period of manufacturer's warranty set forth therein shall be deemed to have commenced as of the date the Lease Terms commenced, and University shall be entitled to the remaining portion, if any, of said warranty period. University shall exercise such option to purchase said property by notifying Lessor in writing of its intention to do so. Such notice may be delivered to Lessor's office or may be mailed to Lessor at the address specified by Lessor. Such notice shall be given by University to Lessor not less than thirty (30) days before the expiration of the current year of the lease. Lessor shall keep University advised of any change of Lessor's address for the purpose of such notice. ARTICLE 19 - LESSOR'S LIABILITY AND INSURANCE REQUIREMENTS A. INDEMNIFICATION. Lessor shall defend, indemnify, and hold harmless University, its officers employees, and agents, from and against all losses, expenses (including attorney's fees), damages, and liabilities of any kind resulting from or arising out of this agreement and/or Lessor's performance hereunder, provided such losses, expenses, damages, and liabilities are due or claimed to be due to the negligent or willful acts or omissions of Lessor, its officers, employees, agents, subcontractors, or anyone directly or indirectly employed by them, or any person or persons under Lessor's direction and control. 103 of 1132 108 UNIVERSITY ( ) OF CALIFORNIA BULLETIN NO.: BUS-43 Rev. DATE: 12/15/94 PAGE: 74 Page 3 B. INSURANCE. In consideration of the above, Seller shall at its expense obtain, keep in force and maintain insurance to cover its performance under this order as follows: 1. Comprehensive or Commercial Form General Liability Insurance (Contractual Liability Included) Minimum Limits: 1. Each Occurrence $ 2. Products/Completed Operations $ If the above insurance is written on a claims made form, it shall continue for three years following termination of this agreement. The insurance shall have a retroactive date of placement prior to or coinciding with the effective date of this agreement. 2. Business Auto Liability: (Owned, Scheduled, Non-Owned, or Hired Automobiles) with a combined single limit of no less than $ per occurrence. 3. Workers' Compensation as required under California State law. Lessor, upon the execution of this agreement shall furnish University with Certificates of Insurance evidencing compliance with all requirements. Coverages referred to under B 1. and 2. above shall include The Regents of the University of California as an additional insured, but only with respect to the negligent acts or omissions of Seller, its officers, agents, employees, subcontractors or anyone directly or indirectly employed by them, or any other person or persons under its direction and control. The Certificates of Insurance shall obligate Lessor's insurers to notify University at least 30 days prior to cancellation of or change in any of said insurance. ARTICLE 20 - OTHER APPLICABLE LAWS. Any provisions required to be included in a contract of this type by any applicable and valid federal, state or local law, ordinance, rule or regulation shall be deemed to be incorporated herein. 104 of 1132 109 UNIVERSITY ( 1 OF CALIFORNIA UC Terms and Conditions of Purchase Page 2 of 2 Guideline sequence number Guideline number 5e38739e83916a13e86379b5 Guideline name UC Terms and Conditions of Purchase Guideline type General Guidelines Acknowledgment from Supplier Before participating in the event Guideline content RFP Proposers must accept, and Proposals must comply with the requirements of the attached University of California Terms and Conditions of Purchase dated 2/27/2020. Please acknowledge that you have read, understand and accept the attached UC Terms and Conditions of Purchase. UC reserves the right to update the UC Terms and Conditions at any time before the executed contract. Submission of a Proposal affirms Proposer’s understanding and acceptance of the University of California Terms and Conditions of Purchase unless specific exceptions are proposed and alternative language or provisions are offered. If a Proposer is unwilling to accept any of the University of California Terms and Conditions of Purchase, then Proposer must attach to their proposal a document labelled “Exceptions UC Terms and Conditions” that states which specific section of the University of California Terms and Conditions of Purchase is an issue, specify why it is an issue, and propose specific alternative language. The Exceptions document must be attached under Supplier Attachments in the CalUSource portal. 105 of 1132 110 Page 1 of 16 Revised 2/27/2020 Terms and Conditions of Purchase ARTICLE 1 – GENERAL The equipment, materials, or supplies (“Goods”) and/or services (“Services”) furnished by Supplier (together, the “Goods and Services”) and covered by the UC Purchase Order (“PO”) and/or other agreement (which, when combined with these Terms and Conditions and any other documents incorporated by reference, will constitute the “Agreement”) are governed by the terms and conditions set forth herein. As used herein, the term "Supplier" includes Supplier and its sub-suppliers at any tier. As used herein, “UC” refers to The Regents of the University of California, a corporation described in California Constitution Art. IX, Sec. 9, on behalf of the UC Locations identified in the Agreement and/or the PO. UC and Supplier individually will be referred to as “Party” and collectively as “Parties.” Any defined terms not defined in these Terms and Conditions of Purchase will have the meaning ascribed to such term in any of the other documents incorporated in and constituting the Agreement. No other terms or conditions will be binding upon the Parties unless accepted by them in writing. Written acceptance or shipment of all or any portion of the Goods, or the performance of all or any portion of the Services, covered by the Agreement, will constitute Supplier’s unqualified acceptance of all of the Agreement’s terms and conditions. The terms of any proposal referred to in the Agreement are included and made a part of the Agreement only to the extent the proposal specifies the Goods and/or Services ordered, the price therefor, and the delivery thereof, and then only to the extent that such terms are consistent with the terms and conditions of the Agreement. ARTICLE 2 – TERM AND TERMINATION A. As applicable, the term of the Agreement (“Initial Term”) will be stated in the Agreement. Following the Initial Term, the Agreement may be extended by written mutual agreement. B. UC’s obligation to proceed is conditioned upon the appropriation of state, federal and other sources of funds not controlled by UC ("Funding"). UC will have the right to terminate the Agreement without damage, penalty, cost or further obligation in the event that through no action or inaction on the part of UC, the Funding is withdrawn. C. UC may, by written notice stating the extent and effective date thereof, terminate the Agreement for convenience in whole or in part, at any time. The effective date of such termination shall be consistent with any requirements for providing notice specified in the Agreement, or immediate if no such terms are set forth in the Agreement. As specified in the termination notice, UC will pay Supplier as full compensation the pro rata Agreement price for performance through the later of the date that (i) UC provided Supplier with notice of termination or (ii) Supplier’s provision of Goods and/or Services will terminate. D. UC may by written notice terminate the Agreement for Supplier’s breach of the Agreement, in whole or in part, at any time, if Supplier refuses or fails to comply with the provisions of the Agreement, or so fails to make progress as to endanger performance and do es not cure such failure within five (5) business days, or fails to supply the Goods and/or Services within the time specified or any written extension thereof. In such event, UC may purchase or otherwise secure Goods and/or Services and, except as otherwise provided herein, Supplier will be liable to UC for any excess costs UC incurs thereby. E. UC’s Appendix – Data Security, Appendix – BAA, and/or Appendix – GDPR will control in the event that one or more appendices are incorporated into the Agreement and conflicts with the provisions of this Article. ARTICLE 3 – PRICING, INVOICING METHOD, AND SETTLEMENT METHOD AND TERMS. Pricing is set forth in the Agreement or Purchase Order, and the amount UC is charged and responsible for shall not exceed the amount specified in the Agreement unless UC has given prior written approval. Unless otherwise agreed in writing by UC, Supplier will use the invoicing method and payment settlement method (and will extend the terms applicable to such settlement method) set forth in UC’s Supplier Invoicing, Terms & Settlement Matrix. UC will pay Supplier, upon submission of acceptable invoices, for Goods and/or Services provided and accepted. Invoices must be itemized and reference the Agreement or Purchase Order number. UC will not pay shipping, packaging or handling expenses, unless specified in the Agreement or Purchase Order. Unless otherwise provided, freight is to be FOB destination. Any of Supplier’s expenses that UC agrees to reimburse will be reimbursed under UC’s Travel Policy, which may be found at http://www.ucop.edu/central-travel-management/resources/index.html. Where applicable, Supplier will pay all taxes imposed on Supplier in connection with its performance under the Agreement, including any federal, state and local income, sales, use, excise and other taxes or assessments. Notwithstanding any other provision to the contrary, UC will not be responsible for any fees, interest or surcharges Supplier wishes to impose. 106 of 1132 111 UNIVERSITY OF CALIFORNIA Page 2 of 16 Revised 2/27/2020 Terms and Conditions of Purchase ARTICLE 4 – INSPECTION. The Goods and/or Services furnished will be exactly as specified in the Agreement, free from all defects in Supplier's performance, design, skill and materials, and, except as otherwise provided in the Agreement, will be subject to inspection and test by UC at all times and places. If, prior to final acceptance, any Goods and/or Services furnished are found to be incomplete, or not as specified, UC may reject them, require Supplier to correct them at the sole cost of Supplier, or require provision of such Goods and/or Services at a reduction in price that is equitable under the circumstances. If Supplier is unable or refuses to correct such deficiencies within a time UC deems reasonable, UC may terminate the Agreement in whole or in part. Supplier will bear all risks as to rejected Goods and/or Services and, in addition to any costs for which Supplier may become liable to UC under other provisions of the Agreement, will reimburse UC for all transportation costs, other related costs incurred, or payments to Supplier in accordance with the terms of the Agreement for unaccepted Goods and/or Services and materials and supplies incidental thereto. Notwithstanding final acceptance and payment, Supplier will be liable for latent defects, fraud or such gross mistakes as amount to fraud. ARTICLE 5 – ASSIGNED PERSONNEL; CHARACTER OF SERVICES Supplier will provide the Services as an independent contractor and furnish all equipment, personnel and materiel sufficient to provide the Services expeditiously and efficiently, during as many hours per shift and shifts per week, and at such locations as UC may so require. Supplier will devote only its best-qualified personnel to work under the Agreement. Should UC inform Supplier that anyone providing the Services is not working to this standard, Supplier will immediately remove such personnel from providing Services and he or she will not 0again, without UC’s written permission, be assigned to provide Services. At no time will Supplier or Supplier’s employees, sub-suppliers, agents, or assigns be considered employees of UC for any purpose, including but not limited to workers’ compensation provisions. Supplier shall not have the power nor right to bind or obligate UC, and Supplier shall not hold itself out as having such authority. Supplier shall be responsible to UC for all Services performed by Supplier’s employees, agents and subcontractors, including being responsible for ensuring payment of all unemployment, social security, payroll, contributions and other taxes with respect to such employees, agents and subcontractors. ARTICLE 6 – WARRANTIES In addition to the warranties set forth in Articles 11, 12, 17, 23, 24, 25 and 26 herein, Supplier makes the following warranties. Supplier acknowledges that failure to comply with any of the warranties in the Agreement will constitute a material breach of the Agreement and UC will have the right to terminate the Agreement without damage, penalty, cost or further obligation. A. General Warranties. Supplier represents, warrants and covenants that: (i) Supplier is free to enter into this Agreement and that Supplier is not, and will not become, during the Term, subject to any restrictions that might restrict or prohibit Supplier from performing the Services or providing the Goods ordered hereunder; (ii) Supplier will comply with all applicable laws, rules and regulations in performing Supplier’s obligations hereunder; (iii) the Goods and/or Services shall be rendered with promptness and diligence and shall be executed in a skilled manner by competent personnel, in accordance with the prevailing industry standards; and if UC Appendix Data Security is NOT included:(iv) Supplier has developed a business interruption and disaster recovery program and is executing such program to assess and reduce the extent to which Supplier’s hardware, software and embedded systems may be susceptible to errors or failures in various crisis (or force majeure) situations; (v) if Supplier uses electronic systems for creating, modifying, maintaining, archiving, retrieving or transmitting any records, including test results that are required by, or subject to inspection by an applicable regulatory authority, then Supplier represents and warrants that Supplier’s systems for electronic records are in compliance; and (vi) Supplier agrees that the Goods and/or Services furnished under the Agreement will be covered by the most favorable warranties Supplier gives to any customer for the same or substantially similar goods or services, or such other more favorable warranties as specified in the Agreement. The rights and remedies so provided are in addition to and do not limit any rights afforded to UC by any other article of the Agreement. B. Permits and Licenses. Supplier agrees to procure all necessary permits or licenses and abide by all applicable laws, regulations and ordinances of the United States and of the state, territory and political subdivision or any other country in which the Goods and/or Services are provided. C. Federal and State Water and Air Pollution Laws. Where applicable, Supplier warrants that it complies with the requirements in UC Business and Finance Bulletin BUS-56 (Materiel Management; Purchases from Entities Violating State or Federal Water or Air Pollution Laws). Consistent with California Government Code 4477, these requirements do not permit UC to contract with entities in violation of Federal or State water or air pollution laws. D. Web Accessibility Requirements. As applicable to the Supplies and/or Services being provided under the Agreement, Supplier warrants that: 107 of 1132 112 UNIVERSITY OF CALIFORNIA Page 3 of 16 Revised 2/27/2020 Terms and Conditions of Purchase 1. It complies with California and federal disability laws and regulations; and 2. The Goods and/or Services will conform to the accessibility requirements of WCAG 2.0AA. 3. Supplier agrees to promptly respond to and resolve any complaint regarding accessibility of its Goods and/or Services; E. General Accessibility Requirements. Supplier warrants that: 1. It will comply with California and federal disability laws and regulations; 2. Supplier will promptly respond to remediate to any identified accessibility defects in the Goods and Services to conform to WCAG 2.0 AA; and 3. Supplier agrees to promptly respond to and use reasonable efforts to resolve and remediate any complaint regarding accessibility of its Goods and/or Services. F. Warranty of Quiet Enjoyment. Supplier warrants that Supplier has the right of Quiet Enjoyment in, and conveys the right of Quiet Enjoyment to UC for UC’s use of, any and all intellectual property that will be needed for Supplier’s provision, and UC’s use of, the Goods and/or Services provided by Supplier under the Agreement. G. California Child Abuse and Neglect Reporting Act ("CANRA"). Where applicable, Supplier warrants that it complies with CANRA. H. Debarment and Suspension. Supplier warrants that it is not presently debarred, suspended, proposed for debarment, or declared ineligible for award of federal contracts or participation in federal assistance programs or activities. I. UC Trademark Licensing Code of Conduct. If the Goods will bear UC’s name (including UC campus names, abbreviations of these names, UC logos, UC mascots, or UC seals) or other trademarks owned by UC, Supplier warrants that it holds a valid license from UC and complies with the Trademark Licensing Code of Conduct policy, available at http://policy.ucop.edu/doc/3000130/TrademarkLicensing. J. Outsourcing (Public Contract Code section 12147) Compliance. Supplier warrants that if the Agreement will displace UC employees, no funds paid under the Agreement will be used to train workers who are located outside of the United States, or plan to relocate outside the United States as part of the Agreement. Additionally, Supplier warrants that no work will be performed under the Agreement with workers outside the United States, except as described in Supplier’s bid. If Supplier or its sub-supplier performs the Agreement with workers outside the United States during the life of the Agreement and Supplier did not describe such work in its bid, Supplier acknowledges and agrees that (i) UC may terminate the Agreement without further obligation for noncompliance, and (ii) Supplier will forfeit to UC the amount UC paid for the percentage of work that was performed with workers outside the United States and not described in Supplier’s bid. ARTICLE 7 – INTELLECTUAL PROPERTY, COPYRIGHT, PATENTS, AND DATA RIGHTS A. Goods and/or Services Involving Work Made for Hire. 1. Unless UC indicates that the Goods and/or Services do not involve work made for hire, Supplier acknowledges and agrees that any deliverables provided to UC by Supplier in the performance of the Agreement, and any intellectual property rights therein, (hereinafter the "Deliverables") will be owned by UC. The Deliverables will be considered "work made for hire" under U.S. copyright law and all right, title, and interest to and in such Deliverables including, but not limited to, any and all copyrights or trademarks, will be owned by UC. In the event that it is determined that UC is not the owner of such Deliverables under the "work made for hire" doctrine of U.S. copyright law, Supplier hereby irrevocably assigns to UC all right, title, and interest to and in such Deliverables and any copyrights or trademarks thereto. 2. The Deliverables must be new and original. Supplier must not use any pre-existing copyrightable or trademarked images, writings, or other proprietary materials (hereinafter "Pre-Existing Materials") in the Deliverables without UC’s prior written permission. In the event that Supplier uses any Pre-Existing Materials in the Deliverables in which Supplier has an ownership interest, UC is hereby granted, and will have, a non-exclusive, royalty-free, irrevocable, perpetual, paid-up, worldwide license (with the right to sublicense) to make, have made, copy, modify, make derivative works of, use, perform, display publicly, sell, and otherwise distribute such Pre-Existing Materials in connection with the Deliverables. 3. Whenever any invention or discovery is made or conceived by Supplier in the course of or in connection with the Agreement, Supplier will promptly furnish UC with complete information with respect thereto and UC will have the sole power to determine whether and where a patent application will be filed and to determine the disposition of title to and all rights under any application or patent that may result. 4. Supplier is specifically subject to an obligation to, and hereby does, assign all right, title and interest in any such intellectual property rights to UC as well as all right, title and interest in tangible research products embodying any such inventions whether the inventions are patentable or not. Supplier agrees to promptly execute any additional documents or forms that UC may require in order to effectuate such assignment. B. Goods and/or Services Not Involving Work Made for Hire. 108 of 1132 113 UNIVERSITY OF CALIFORNIA Page 4 of 16 Revised 2/27/2020 Terms and Conditions of Purchase 1. If the Goods and/or Services do not involve work made for hire, and in the event that Supplier uses any Pre-Existing Materials in the Deliverables in which Supplier has an ownership interest, UC is hereby granted, and will have, a non-exclusive, royalty-free, irrevocable, perpetual, paid-up, worldwide license (with the right to sublicense) to make, have made, copy, modify, make derivative works of, use, perform, display publicly, sell, and otherwise distribute such Pre-Existing Materials in connection w ith the Deliverables. 2. The Deliverables must be new and original. Supplier must not use any Pre-Existing Materials in the Deliverables without UC’s prior written permission. 3. Whenever any invention or discovery is made or conceived by Supplier in the course of or in connection with the Agreement, Supplier will promptly furnish UC complete information with respect thereto and UC will have the sole power to determine whether and where a patent application will be filed and to determine the disposition of title to and all rights under any application or patent that may result. 4. Supplier is specifically subject to an obligation to, and hereby does, assign all right, title and interest in any such intellectual property rights to UC as well as all right, title and interest in tangible research products embodying any such inventions whether the inventions are patentable or not. Supplier agrees to promptly execute any additional documents or forms that UC may require in order to effectuate such assignment. C. General. Should the Goods and/or Services become, or in Supplier’s opinion be likely to become, the subject of a claim of infringement of any patent, copyright, trademark, trade name, trade secret, or other proprietary or contractual right of any third party, Supplier will provide written notice to UC of the circumstances giving rise to such claim or likely claim. In the event that UC receives notice of a claim of infringement or is made a party to or is threatened with being made a party to any claim of infringement related to the Goods and/or Services, UC will provide Supplier with notice of such claim or threat. Following receipt of such notice, Supplier will either (at Supplier’s sole election) (i) procure for UC the right to continue to use the affected portion of the Goods and/or Services, or (ii) replace or otherwise modify the affected portion of the Goods and/or Services to make them non-infringing, or obtain a reasonable substitute product for the affected portion of the Goods and/or Services, provided that any replacement, modification or substitution under this paragraph does not effect a material change in the Goods and/or Services’ functionality. If none of the foregoing options is r easonably acceptable to UC, UC will have the right to terminate the Agreement without damage, penalty, cost or further obligation. D. UC Rights to Institutional Information. Institutional Information shall belong exclusively to UC and unless expressly provided, this Agreement shall not be construed as conferring on Supplier any patent, copyright, trademark, license right or trade secret owned or obtained by UC. Any right for Supplier to use Institutional Information is solely provided on a non-exclusive basis, and only to the extent required for Supplier to provide the Goods or Services under the Agreement. As used herein, “Institutional Information” means any information or data created, received, and/or collected by UC or on its behalf, including but not limited to application logs, metadata and data derived from such data. ARTICLE 8 – INDEMNITY AND LIABILITY To the fullest extent permitted by law, Supplier will defend, indemnify, and hold harmless UC, its officers, employees, and agents, from and against all losses, expenses (including, without limitation, reasonable attorneys' fees and costs), damages, and liabilities of any kind resulting from or arising out of the Agreement, including the performance hereunder of Supplier, its officers, employees, agents, sub-suppliers, or anyone directly or indirectly employed by Supplier, or any person or persons under Supplier's direction and control, provided such losses, expenses, damages and liabilities are due or claimed to be due to the acts or omissions of Supplier, its officers, employees, agents, sub- suppliers, or anyone directly or indirectly employed by Supplier, or any person or persons under Supplier's direction and control. UC agrees to provide Supplier with prompt notice of any such claim or action and to permit Supplier to defend any claim or action, and that UC will cooperate fully in such defense. UC retains the right to participate in the defense against any such claim or action, and the right to consent to any settlement, which consent will not unreasonably be withheld. In the event Appendix DS applies to this Agreement, Supplier shall reimburse or otherwise be responsible for any costs, fines or penalties imposed against UC as a result of Supplier’s Breach of Institutional Information and/or failure to cooperate with UC’s response to such Breach. As used herein, “Breach” means: (1) any disclosure of Institutional Information to an unauthorized party or in an unlawful manner; (2) unauthorized or unlawful acquisition of information that compromises the security, confidentiality or integrity of Institutional Information and/or IT Resources; and (3) the acquisition, access, use, or disclosure of Protected Health Information or medical information in a manner not permitted under the Health Insurance Portability and Accountability Act (HIPAA) or California law. “IT Resources” means IT infrastructure, cloud services, software, and/or hardware with computing and/or networking capability that is Supplier owned/managed, or UC-owned, or a personally owned device that stores Institutional Information, is connected to UC systems, is connected to UC networks, or is used for UC business. 109 of 1132 114 UNIVERSITY OF CALIFORNIA Page 5 of 16 Revised 2/27/2020 Terms and Conditions of Purchase ARTICLE 9 – INSURANCE Supplier, at its sole cost and expense, will insure its activities in connection with providing the Goods and/or Services and obtain, keep in force, and maintain the following insurance with the minimum limits set forth below, unless UC specifies otherwise: A. Commercial Form General Liability Insurance (contractual liability included) with limits as follows: 1. Each Occurrence $ 1,000,000 2. Products/Completed Operations Aggregate $ 2,000,000 3. Personal and Advertising Injury $ 1,000,000 4. General Aggregate $ 2,000,000 B. Business Automobile Liability Insurance for owned, scheduled, non-owned, or hired automobiles with a combined single limit of not less than one million dollars ($1,000,000) per occurrence. (Required only if Supplier drives on UC premises or transports UC employees, officers, invitees, or agents in the course of supplying the Goods and/or Services to UC.) C. If applicable, Professional Liability Insurance with a limit of two million dollars ($2,000,000) per occurrence or claim with an aggregate of not less than two million dollars ($2,000,000). If this insurance is written on a claims-made form, it will continue for three years following termination of the Agreement. The insurance will have a retroactive date of placement prior to or coinciding with the effective date of the Agreement. D. Workers' Compensation as required by applicable state law and Employer’s Liability with limits of one million dollars ($1,000,000) per occurrence. Workers' Compensation as required by applicable state law and Employer’s Liability with limits of one million dollars ($1,000,000) per occurrence. E. If applicable, Supplier Fidelity Bond or Crime coverage for the dishonest acts of its employees in a minimum amount of one million dollars ($1,000,000). Supplier will endorse such policy to include a “Regents of the University of California Coverage” or “Joint Payee Coverage” endorsement. UC and, if so requested, UC’s officers, employees, agents and sub-suppliers will be named as "Loss Payee, as Their Interest May Appear” in such Fidelity Bond. F. In the event Appendix DS applies to this Agreement, Supplier, at its sole cost and expense, will obtain, keep in force, and maintain one or more insurance policies that provide coverage for technology, professional liability, data protection, and/or cyber liability. Typically referred to as Privacy, Technology and Data Security Liability, Cyber Liability, or Technology Professional Liability insurance, it will cover liabilities for financial loss due to the acts, omissions, or intentional misconduct of Supplier, its officers, employees, agents, sub- suppliers, or anyone directly or indirectly employed by Supplier, or any person or persons under Supplier’s direction and control, in connection with the performance of this Agreement, as well as all Supplier costs, including damages it is obligated to pay UC or any third party, that are associated with any confirmed or suspected Breach or compromise of Institutional Information. In some cases, Professional Liability policies may include some coverage for data breaches or loss of Institutional Information. Regardless of the type of policy(ies) in place, such coverage will include without limitation: (i) costs to notify parties whose data were lost or compromised; (ii) costs to provide credit monitoring and credit restoration services to parties whose data were lost or compromised; (iii) costs associated with third party claims arising from the confirmed or suspected Breach or loss of Institutional Information, including litigation costs and settlement costs; (iv) any investigation, enforcement, fines and penalties, or similar miscellaneous costs; and (v) any payment made to a third party as a result of extortion related to a confirmed or suspected Breach. The following insurance coverage is based on the highest Protection Level Classification of Institutional Information identified in Exhibit 1 to Appendix DS: 1. P1 - This insurance policy must have minimum limits of $500,000 each occurrence and $500,000 in the aggregate. 2. P2 - This insurance policy must have minimum limits of $1,000,000 each occurrence and $1,000,000 in the aggregate. 3. P3 and P4, less than 70,000 records - this insurance policy must have minimum limits of $5,000,000 each occurrence and $5,000,000 in the aggregate. 4. P3 and P4, 70,000 or more records - this insurance policy must have minimum limits of $10,000,000 each occurrence and $10,000,000 in the aggregate. Protection Level Classifications are defined in the UC Systemwide Information Security Classification of Information and IT Resources: https://security.ucop.edu/policies/institutional-information-and-it-resource-classification.html G. Additional other insurance in such amounts as may be reasonably required by UC against other insurable risks relating to performance. If the above insurance is written on a claims-made form, it will continue for three years following termination of the Agreement. The insurance will have a retroactive date of placement prior to or coinciding with the effective date of the Agreement. If the above insurance coverage is modified, changed or cancelled, Supplier will provide UC with not less than fifteen (15) days’ advance written notice of such modification, change, or cancellation, and will promptly obtain replacement coverage that complies with this Article. I. The coverages referred to under A and B of this Article must include UC as an additional insured. It is understood that the coverage and limits referred to under A, B and C of this Article will not in any way limit Supplier’s liability. Supplier will furnish UC with certificates 110 of 1132 115 UNIVERSITY OF CALIFORNIA Page 6 of 16 Revised 2/27/2020 Terms and Conditions of Purchase of insurance (and the relevant endorsement pages) evidencing compliance with all requirements prior to commencing work under the Agreement. Such certificates will: 1. Indicate that The Regents of the University of California has been endorsed as an additional insured for the coverage referred to under A and B of this Article. This provision will only apply in proportion to and to the extent of the negligent acts or omissions of Supplier, its officers, agents, or employees. 2. Include a provision that the coverage will be primary and will not participate with or be excess over any valid and collectible insurance or program of self-insurance carried or maintained by UC. ARTICLE 10 – USE OF UC NAME AND TRADEMARKS Supplier will not use the UC name, abbreviation of the UC name, trade names and/or trademarks (i.e., logos and seals) or any derivation thereof, in any form or manner in advertisements, reports, or other information released to the public, or place the UC name, abbreviations, trade names and/or trademarks or any derivation thereof on any consumer goods, products, or services for sale or distribution to the public, without UC’s prior written approval. Supplier agrees to comply at all times with California Education Code Section 92000. ARTICLE 11 – FEDERAL FUNDS Supplier who supplies Goods and/or Services certifies and represents its compliance with the following clauses, as applicable. Supplier shall promptly notify UC of any change of status with regard to these certifications and representations. These certifications and representations are material statements upon which UC will rely. A. For commercial transactions involving funds on a federal contract (federal awards governed by the FAR), the following provisions apply, as applicable: 1. FAR 52.203-13, Contractor Code of Business Ethics and Conduct; 2. FAR 52.203-17, Contractor Employee Whistleblower Rights and Requirement to Inform Employees of Whistleblower Rights; 3. FAR 52.203-19, Prohibition on Requiring Certain Internal Confidentiality Agreements or Statements; 4. FAR 52.219-8, Utilization of Small Business Concerns; 5. FAR 52.222-17, Non-displacement of Qualified Workers; 6. FAR 52.222-21, Prohibition of Segregated Facilities; 7. FAR 52.222-26, Equal Opportunity; 8. FAR 52.222-35, Equal Opportunity for Veterans; 9. FAR 52.222-36, Equal Opportunity for Workers with Disabilities; 10. FAR 52.222-37, Employment Reports on Veterans; 11. FAR 52.222-40, Notification of Employee Rights Under the National Labor Relations Act; 12. FAR 52.222-41, Service Contract Labor Standards; 13. FAR 52.222-50, Combating Trafficking in Persons; 14. FAR 52.222-51, Exemption from Application of the Service Contract Labor Standards to Contracts for Maintenance, Calibration, or Repair of Certain Equipment - Requirements; 15. FAR 52.222-53, Exemption from Application of the Service Contract Labor Standards to Contracts for Certain Services - Requirements; 16. FAR 52.222-54, Employment Eligibility Verification; 17. FAR 52.222-55, Minimum Wages Under Executive Order 13658; 18. FAR 52.222-62, Paid Sick Leave under Executive Order 13706; 19. FAR 52.224-3, Privacy Training; 20. FAR 52.226-6, Promoting Excess Food Donation to Nonprofit Organizations; 21. FAR 52.233-1, Disputes; and 22. FAR 52.247-64, Preference for Privately Owned U.S.-Flag Commercial Vessels. B. For non-commercial transactions involving funds on a federal contract, the UC Appendix titled ‘Federal Government Contracts Special terms and Conditions (Non-Commercial Items or Services)’ and located at www.ucop.edu/procurement-services/policies- forms/index.html is hereby incorporated herein by this reference. C. For transactions involving funds on a federal grant or cooperative agreement (federal awards governed by eCFR Title 2, Subtitle A, Chapter II, Part 200) the following provisions apply, as applicable: 111 of 1132 116 UNIVERSITY OF CALIFORNIA Page 7 of 16 Revised 2/27/2020 Terms and Conditions of Purchase 1. Rights to Inventions. If Supplier is a small business firm or nonprofit organization, and is providing experimental, development, or research work under this transaction, Supplier must comply with the requirements of 3 CFR Part 401, “Rights to Inventions Made by nonprofit Organizations and Small Business Firms Under Government Grants, Contracts, and Cooperative Agreements”. 2. Clean Air Act. Supplier agrees to comply with all applicable standards, orders or regulations issued pursuant to the Clean Air Act (42 U.S.C. 7401-7671q) and the Federal Water Pollution Control Act as amended (33 U.S.C. 1251-1387). Violations must be reported to the Federal awarding agency and the Regional Office of the Environmental Protection Agency (EPA). 3. Byrd Anti-Lobbying. Supplier certifies that it will not, and has not used Federal appropriated funds to pay any person or organization for influencing or attempting to influence an officer or employee of any agency, a member of Congress, officer or employee of Congress, or an employee of a member of Congress in connection with obtaining any Federal contract, grant or any other award covered by 31 U.S.C. 1352. 4. Procurement of Recovered Materials. If Supplier is a state agency or agency of a political subdivision of a state, then Supplier must comply with section 6002 of the Solid Waste Disposal Act, as amended by the Resource Conservation and Recovery Act. D. In these provisions, the term "contractor" as used therein will refer to Supplier, and the terms “Government” or “Contracting Officer” as used therein will refer to UC. Where a purchase of items is for fulfillment of a specific U.S. Government prime or subcontract, additional information and/or terms and conditions may be included in an attached supplement. By submitting an invoice to UC, Supplier is representing to UC that, at the time of submission: 1. Neither Supplier nor its principals are presently debarred, suspended, or proposed for debarment by the U.S. government (see FAR 52.209-6); 2. Supplier has filed all compliance reports required by the Equal Opportunity clause (see FAR 52.222-22); and 3. Any Supplier representations to UC about U.S. Small Business Administration or state and local classifications, including but not limited to size standards, ownership, and control, are accurate and complete. 4. Byrd Anti-Lobbying. Supplier certifies that it will not, and has not used Federal appropriated funds to pay any person or organization for influencing or attempting to influence an officer or employee of any agency, a member of Congress, officer or employee of Congress, or an employee of a member of Congress in connection with obtaining any Federal contract, grant or any other award covered by 31 U.S.C. 1352. ARTICLE 12 – EQUAL OPPORTUNITY AFFIRMATIVE ACTION Supplier will abide by the requirements set forth in Executive Orders 11246 and 11375. Where applicable, Supplier will comply with 41 CFR §§ 60-1.4(a), 60-300.5(a) and 60-741.5(a), incorporated by reference with this statement: “This contractor and subcontractor shall abide by the requirements of 41 CFR §§ 60-1.4(a), 60-300.5(a) and 60-741.5(a). These regulations prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities, and prohibit discrimination against all individuals based on their race, color, religion, sex, sexual orientation, gender identity, or national origin. Moreover, these regulations require that covered prime contractors and subcontractors take affirmative action to employ and advance in employment individuals without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status or disability.” With respect to activities occurring in the State of California, Supplier agrees to adhere to the California Fair Employment and Housing Act. Supplier will provide UC on request a breakdown of its labor force by groups as specified by UC, and will discuss with UC its policies and practices relating to its affirmative action programs. Supplier will not maintain or provide facilities for employees at any establishment under its control that are segregated on a basis prohibited by federal law. Separate or single-user restrooms and necessary dressing or sleeping areas must be provided, however, to ensure privacy. ARTICLE 13 – LIENS Supplier agrees that upon UC’s request, Supplier will submit a sworn statement setting forth the work performed or material furnished by sub-suppliers and material men, and the amount due and to become due to each, and that before the final payment called for under the Agreement, will upon UC’s request submit to UC a complete set of vouchers showing what payments have been made for such work performed or material furnished. Supplier will promptly notify UC in writing, of any claims, demands, causes of action, liens or suits brought to its attention that arise out of the Agreement. UC will not make final payment until Supplier, if required, delivers to UC a complete release of all liens arising out of the Agreement, or receipts in full in lieu thereof, as UC may require, and if required in either case, an affidavit that as far as it has knowledge or information, the receipts include all the labor and materials for which a lien could be filed; but Supplier may, if any sub-supplier refuses to furnish a release or receipt in full, furnish a bond satisfactory to UC to indemnify it against any claim by lien or otherwise. If any lien or claim remains unsatisfied after all payments are made, Supplier will refund to UC all monies that UC may be compelled to pay in discharging such lien or claim, including all costs and reasonable attorneys' fees. 112 of 1132 117 UNIVERSITY OF CALIFORNIA Page 8 of 16 Revised 2/27/2020 Terms and Conditions of Purchase ARTICLE 14 – PREMISES WHERE SERVICES ARE PROVIDED A. Cleaning Up. Supplier will at all times keep UC premises where the Services are performed and adjoining premises free from accumulations of waste material or rubbish caused by its employees or work of any of its sub-suppliers, and, at the completion of the Services; will remove all rubbish from and about the premises and all its tools, scaffolding, and surplus materials, and will leave the premises "broom clean" or its equivalent, unless more exactly specified. In case of dispute between Supplier and its sub-suppliers as to responsibility for the removal of the rubbish, or if it is not promptly removed, UC may remove the rubbish and charge the cost to Supplier. B. Environmental, Safety, Health and Fire Protection. Supplier will take all reasonable precautions in providing the Goods and Services to protect the health and safety of UC employees and members of the public and to minimize danger from all hazards to life and property, and will comply with all applicable environmental protection, health, safety, and fire protection regulations and requirements (including reporting requirements). In the event that Supplier fails to comply with such regulations and requirements, UC may, without prejudice to any other legal or contractual rights of UC, issue an order stopping all or any part of the provision of the Goods and/or Services; thereafter a start order for resumption of providing the Goods and/or Services may be issued at UC’s discretion. Supplier will not be entitled to make a claim for extension of time or for compensation or damages by reason of or in connection with such stoppage. Supplier will have sole responsibility for the safety of all persons employed by Supplier and its sub-suppliers on UC premises, or any other person who enters upon UC premises for reasons relating to the Agreement. Supplier will at all times maintain good order among its employees and all other persons who come onto UC's premises at Supplier's request and will not engage any unfit or unskilled person to provide the Goods and/or Services. Supplier will confine its employees and all other persons who come onto UC's premises at Supplier's request or for reasons relating to the Agreement and its equipment to that portion of UC's premises where the Services are to be provided or to roads leading to and from such work sites, and to any other area which UC may permit Supplier to use. Supplier will take all reasonable measures and precautions at all times to prevent injuries to or the death of any of its employees or any other person who enters upon UC premises at Supplier’s request. Such measures and precautions will include, but will not be limited to, all safeguards and warnings necessary to protect workers and others against any conditions on the premises that could be dangerous and to prevent accidents of any kind whenever the Goods and/or Services are being provided in proximity to any moving or operating machinery, equipment or facilities, whether such machinery, equipment or facilities are the property of or are being operated by, Supplier, its sub-suppliers, UC or other persons. To the extent compliance is required, Supplier will comply with all relevant UC safety rules and regulations when on UC premises. C. Tobacco-free Campus. UC is a tobacco-free institution. Use of cigarettes, cigars, oral tobacco, electronic cigarettes and all other tobacco products is prohibited on all UC owned or leased sites. ARTICLE 15 – LIABILITY FOR UC - FURNISHED PROPERTY Supplier assumes complete liability for any materials UC furnishes to Supplier in connection with the Agreement and Supplier agrees to pay for any UC materials Supplier damages or otherwise is not able to account for to UC's satisfaction. UC furnishing to Supplier any materials in connection with the Agreement will not, unless otherwise expressly provided in writing by UC, be construed to vest title thereto in Supplier. ARTICLE 16 – COOPERATION Supplier and its sub-suppliers, if any, will cooperate with UC and other suppliers and will so provide the Services that other cooperating suppliers will not be hindered, delayed or interfered with in the progress of their work, and so that all of such work will be a finished and complete job of its kind. ARTICLE 17 – ADDITIONAL TERMS APPLICABLE TO THE FURNISHING OF GOODS The terms in this Article have special application to the furnishing of Goods: A. Price Decreases. Supplier agrees immediately to notify UC of any price decreases from its suppliers, and to pass through to UC any price decreases. B. Declared Valuation of Shipments. Except as otherwise provided in the Agreement, all shipments by Supplier under the Agreement for UC's account will be made at the maximum declared value applicable to the lowest transportation rate or classification and the bill of lading will so note. C. Title. Title to the Goods purchased under the Agreement will pass directly from Supplier to UC at the f.o.b. point shown, or as otherwise specified in the Agreement, subject to UC’s right to reject upon inspection. 113 of 1132 118 UNIVERSITY OF CALIFORNIA Page 9 of 16 Revised 2/27/2020 Terms and Conditions of Purchase D. Changes. Notwithstanding the terms in Article 34, Amendments, UC may make changes within the general scope of the Agreement in drawings and specifications for specially manufactured Goods, place of delivery, method of shipment or packing of the Agreement by giving notice to Supplier and subsequently confirming such changes in writing. If such changes affect the cost of or the time required for performance of the Agreement, UC and Supplier will agree upon an equitable adjustment in the price and/or delivery terms. Supplier may not make changes without UC’s written approval. Any claim of Supplier for an adjustment under the Agreement must be made in writing within thirty (30) days from the date Supplier receives notice of such change unless UC waives this condition in writing. Nothing in the Agreement will excuse Supplier from proceeding with performance of the Agreement as changed hereunder. Supplier may not alter or misbrand, within the meaning of the applicable Federal and State laws, the Goods furnished. E. Forced, Convict and Indentured Labor. Supplier warrants that no foreign-made Goods furnished to UC pursuant to the Agreement will be produced in whole or in part by forced labor, convict labor, or indentured labor under penal sanction. If UC determines that Supplier knew or should have known that it was breaching this warranty, UC may, in addition to terminating the Agreement, remove Supplier from consideration for UC contracts for a period not to exceed one year. This warranty is in addition to any applicable warranties in Articles 6 and 11. F. Export Control. Supplier agrees to provide UC (the contact listed on the Purchase Order) with written notification that identifies the export-controlled Goods and such Goods’ export classification if any of the Goods is export-controlled under the International Traffic in Arms Regulations (ITAR) (22 CFR §§ 120-130), the Export Administration Regulations (15 CFR §§ 730-774) 500 or 600 series, or controlled on a military strategic goods list. Supplier agrees to provide UC (the contact listed on the Purchase Order) with written notification if Supplier will be providing information necessary for the operation, installation (including on-site installation), maintenance (checking), repair, overhaul, and refurbishing of the Goods that is beyond a standard user manual (i.e. ”Use” technology as defined under the EAR 15 CFR § 772.1), or “Technical Data” (as defined under the ITAR 22 CFR § 120.10). ARTICLE 18 – CONFLICT OF INTEREST Supplier affirms that, to the best of Supplier’s knowledge, no UC employee who has participated in UC’s decision-making concerning the Agreement has an “economic interest” in the Agreement or Supplier. A UC employee’s “economic interest” means: A. An investment worth $2,000 or more in Supplier or its affiliate; B. A position as director, officer, partner, trustee, employee or manager of Supplier or its affiliate; C. Receipt during the past 12 months of $500 in income or $440 in gifts from Supplier or its affiliate; or D. A personal financial benefit from the Agreement in the amount of $250 or more. In the event of a change in these economic interests, Supplier will provide written notice to UC within thirty (30) days after such change, noting such changes. Supplier will not be in a reporting relationship to a UC employee who is a near relative, nor will a near relative be in a decision making position with respect to Supplier. ARTICLE 19 – AUDIT REQUIREMENTS The Agreement, and any pertinent records involving transactions relating to this Agreement, is subject to the examination and audit of the Auditor General of the State of California or Comptroller General of the United States or designated Federal authority for a period of up to five (5) years after final payment under the Agreement. UC, and if the underlying grant, cooperative agreement or federal contract so provides, the other contracting Party or grantor (and if that be the United States or an instrumentality thereof, then the Comptroller General of the United States) will have access to and the right to examine Supplier’s pertinent books, documents, papers, and records involving transactions and work related to the Agreement until the expiration of five (5) years after final payment under the Agreement. The examination and audit will be confined to those matters connected with the performance of the Agreement, including the costs of administering the Agreement. ARTICLE 20 – PROHIBITION ON UNAUTHORIZED USE OR DISCLOSURE OF INSTITUTIONAL INFORMATION A. Prohibition on Access, Use and Disclosure of Institutional Information. Supplier will not access, use or disclose Institutional Information, other than to carry out the purposes for which UC disclosed the Institutional Information to Supplier, except as required by applicable law, or as otherwise authorized in writing by UC prior to Supplier’s disclosure. Supplier shall have the limited right to disclose Institutional Information to Supplier’s employees provided that: (i) Supplier shall disclose only such Institutional Information as is necessary for the Supplier to perform its obligations under this Agreement, and (ii) Supplier informs such employees of the obligations governing the access, use and disclosure of Institutional Information prior to Supplier’s disclosure. Supplier shall be liable 114 of 1132 119 UNIVERSITY OF CALIFORNIA Page 10 of 16 Revised 2/27/2020 Terms and Conditions of Purchase for any breach of this Agreement by its employees. For avoidance of doubt, this provision prohibits Supplier from using for its own benefit Institutional Information and any information derived therefrom. For the avoidance of doubt, the sale of Institutional Information is expressly prohibited. B. Compliance with Applicable Laws and Industry Best Practices. Supplier agrees to comply with all applicable state, federal, and foreign laws, as well as industry best practices, governing the collection, access, use, disclosure, safeguarding and destruction of Institutional Information. Supplier agrees to protect the privacy and security of Institutional Information according to all applicable laws and industry best practices, and no less rigorously than it protects its own information, but in no case less than reasonable care. C. Confidential Institutional Information. Supplier agrees to hold UC’s Confidential Institutional Information, and any information derived therefrom, in strict confidence. Confidential Institutional Information shall be defined as any Institutional Information which is (i) marked as “Confidential” at the time of disclosure; (ii) if disclosed orally, identified at the time of such oral disclosure as confidential, and reduced to writing as “Confidential” within thirty (30) days of such oral disclosure; and (iii) if not marked as “Confidential,” information that would be considered by a reasonable person in the relevant field to be confidential given its content and the circumstances of its disclosure. Confidential Information will not be considered confidential to the extent that: (i) Supplier can demonstrate by written records was known to Supplier prior to the effective date of the Agreement; (ii) is currently in, or in the future enters, the public domain other than through a breach of the Agreement or through other acts or omissions of Supplier; (iii) is obtained lawfully from a third party; or (iv) is disclosed under the California Public Records Act or legal process. For the avoidance of doubt, as applicable to Supplier’s Services, Confidential Institutional Information may include any information that identifies or is capable of identifying a specific individual, including but not limited to: 1. Personally identifiable information, 2. Protected Health Information as defined by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the HIPAA regulations (including, but not limited to 45 C.F.R. § 160.103), 3. Medical information as defined by California Civil Code § 56.05, 4. Cardholder data, 5. Student records, or 6. Individual financial information that is subject to laws restricting the use and disclosure of such information, including but not limited to: a. Article 1, Section 1 of the California Constitution; the California Information Practices Act (Civil Code § 1798 et seq.); b. The federal Gramm-Leach-Bliley Act (15 U.S.C. §§ 6801(b) and 6805(b)(2)); c. The federal Family Educational Rights and Privacy Act (20 U.S.C. § 1232g); d. The federal Fair and Accurate Credit Transactions Act (15 U.S.C. § 1601 et seq.); e. The Fair Credit Reporting Act (15 U.S.C. § 1681 et seq), and f. Applicable international privacy laws, including, but not limited to the General Data Protection Regulation. D. Required Disclosures of Institutional Information. If Supplier is required by a court of competent jurisdiction or an administrative body to disclose Institutional Information, Supplier will notify UC in writing immediately upon receiving notice of such requirement and prior to any such disclosure (unless Supplier is prohibited by law from doing so), to give UC an opportunity to oppose or otherwise respond to such disclosure. To the extent Supplier still required to disclose Institutional Information, Supplier will furnish only that portion that is legally required and will exercise all reasonable efforts to obtain reliable assurance that confidential treatment will be afforded to any Confidential Institutional Information. E. No Offshoring. Supplier’s transmission, transportation or storage of Institutional Information outside the United States, or access of Institutional Information from outside the United States, is prohibited except with prior written authorization by UC. F. Conflict in Terms. UC’s Appendix – Data Security, Appendix – BAA, and/or Appendix GDPR will control in the event that one or more appendices is incorporated into the Agreement and conflicts with the provisions of this Article. G. Acknowledgement. Supplier acknowledges that remedies at law would be inadequate to protect UC against any actual or threatened breach of this Section by Supplier, and, without prejudice to any other rights and remedies otherwise available to UC, Supplier agrees to the granting of injunctive relief in UC’s favor without proof of actual damages. ARTICLE 21 – UC WHISTLEBLOWER POLICY UC is committed to conducting its affairs in compliance with the law, and has established a process for reporting and investigating suspected improper governmental activities. Please visit http://www.ucop.edu/uc-whistleblower/ for more information. 115 of 1132 120 UNIVERSITY OF CALIFORNIA Page 11 of 16 Revised 2/27/2020 Terms and Conditions of Purchase ARTICLE 22 – SUSTAINABLE PROCUREMENT GUIDELINES Supplier will conduct business using environmentally, socially, and economically sustainable products and services (defined as products and services with a lesser or reduced effect on human health and the environment, and which generate benefits to the University as well as to society and the economy, while remaining within the carrying capacity of the environment), to the maximum possible extent consistent with the Agreement, and with the University of California Sustainable Practices Policy (https://policy.ucop.edu/doc/3100155) and the University of California Sustainable Procurement Guidelines: (https://www.ucop.edu/procurement-services/_files/sustainableprocurementguidelines.pdf). In accordance with the University of California Sustainable Practices Policy, Supplier will adhere to the following requirements and standards, as applicable. Supplier acknowledges that failure to comply with any of the sustainability standards and requirements in the Agreement will constitute a material breach of the Agreement and UC will have the right to terminate the Agreement without damage, penalty, cost or further obligation. A. Sustainability Marketing Standards. Supplier sustainability related claims, where applicable, must meet UC recognized certifications and standards set forth in the UC Sustainable Procurement Guidelines and/or meet the standards of Federal Trade Commission’s (FTC) Green Guides. B. Electronic Transfer of Supplier Information. Suppliers, when interacting with the UC, shall be prohibited from providing hard copies of presentations, marketing material, or other informational materials. Suppliers will be required to present all information in electronic format that is easily transferable to UC staff. Materials may be provided in hard copy or physical format if specifically required or requested by a UC representative. C. Packaging Requirements. All packaging must be compliant with the Toxics in Packaging Prevention Act (AB 455) and must meet all additional standards and requirements set forth in the UC Sustainable Practices Policy. In addition, UC requires that all packa ging meet at least one of the criteria listed below: 1. Uses bulk packaging; 2. Uses reusable packaging (e.g. totes reused by delivery service for next delivery); 3. Uses innovative packaging that reduces the weight of packaging, reduces packaging waste, or utilizes packaging that is a component of the product; 4. Maximizes recycled content and/or meets or exceeds the minimum post-consumer content level for packaging in the U.S. Environmental Protection Agency Comprehensive Procurement Guidelines; 5. Uses locally recyclable or certified compostable material. D. Foodservice Foam Ban. As of 2018, the University no longer allows packaging foam or expanded polystyrene (EPS) for takeaway containers or other food service items, in any University-owned or -operated food service facility. E. Product Packaging Foam Ban. Beginning January 1st, 2020, the University will prohibit all contracted and non-contracted suppliers from selling or distributing packaging foam (other than that utilized for laboratory supply or medical packaging) to UC campuses. Packaging foam is defined as any open or closed cell, solidified, polymeric foam used for cushioning or packaging, including but not limited to: low-density polyethylene foam, polypropylene foam, polystyrene foam (i.e. expanded polystyrene (EPS)), polyurethane foam, polyethylene foam, polyvinyl chloride (PVC) foam, and microcellular foam. Not included in this ban are easily biodegradable, plant-based foams such as those derived from corn or mushrooms. F. E-Waste Recycling Requirements. All recyclers of UC electronic equipment must be e-Steward certified by the Basel Action Network (BAN). G. Hosted and Punch-out Catalog Requirements. Suppliers enabled with eProcurement hosted catalog functionality must clearly identify products with UC-recognized certifications, as defined by the UC Sustainable Procurement Guidelines, in both hosted and punch-o ut catalog e-procurement environments. ARTICLE 23 – PATIENT PROTECTION AND AFFORDABLE CARE ACT (PPACA) EMPLOYER SHARED RESPONSIBILITY If the Services involve Supplier furnishing UC with temporary or supplementary staffing, Supplier warrants that: A. If Supplier is an Applicable Large Employer (as defined under Treasury Regulation Section 54.4980H-1(a)(4)): 1. Supplier offers health coverage to its full-time employees who are performing Services for UC; 2. Supplier’s cost of enrolling such employees in Supplier’s health plan is factored into the fees for the Services; and 3. The fees for the Services are higher than what the Services would cost if Supplier did not offer health coverage to such full-time employees. 116 of 1132 121 UNIVERSITY OF CALIFORNIA Page 12 of 16 Revised 2/27/2020 Terms and Conditions of Purchase B. If Supplier is not an Applicable Large Employer (as defined above): 1. Supplier offers group health coverage to its full-time employees who are performing Services for UC and such coverage is considered Minimum Essential Coverage (as defined under Treasury Regulation Section 1-5000A-2) and is Affordable (as defined under Treasury Regulation Section 54.4980H-5(e)); or 2. Supplier’s full-time employees who are performing services for UC have individual coverage and such coverage satisfies the PPACA requirements for mandated individual coverage. Supplier acknowledges that UC is relying on these warranties to ensure UC’s compliance with the PPACA Employer Shared Responsibility provision. ARTICLE 24 - PREVAILING WAGES Unless UC notifies Supplier that the Services are not subject to prevailing wage requirements, Supplier will comply, and will ensure that all sub-suppliers comply, with California prevailing wage provisions, including but not limited to those set forth in Labor Code sections 1770, 1771, 1771.1, 1772, 1773, 1773.1, 1774, 1775, 1776, 1777.5, and 1777.6. For purposes of the Agreement, the term “sub-supplier” means a person or firm, of all tiers, that has a contract with Supplier or with a sub-supplier to provide a portion of the Services. The term sub- supplier will not include suppliers, manufacturers, or distributors. Specifically, and not by way of limitation, if apprenticable occupations are involved in providing the Services, Supplier will be responsible for ensuring that Supplier and any sub-suppliers comply with Labor Code Section 1777.5. Supplier and sub-supplier may not provide the Services unless currently registered and qualified to perform public work pursuant to Labor Code Section 1725.5 and 1771.1. Notwithstanding the foregoing provisions, Supplier will be solely responsible for tracking and ensuring proper payment of prevailing wages regardless if Services are partially or wholly subject to prevailing wage requirements. In every instance, Supplier will pay not less than the UC Fair Wage (defined as $13 per hour as of 10/1/15, $14 per hour as of 10/1/16, and $15 per hour as of 10/1/17) for Services being performed at a UC Location (defined as any location owned or leased by UC). The California Department of Industrial Relations (DIR) has ascertained the general prevailing per diem wage rates in the locality in which the Services are to be provided for each craft, classification, or type of worker required to provide the Services. A copy of the general prevailing per diem wage rates will be on file at each UC Location’s procurement office, and will be made available to any interested party upon request. Supplier will post at any job site: A. Notice of the general prevailing per diem wage rates, and B. Any other notices required by DIR rule or regulation. By this reference, such notices are made part of the Agreement. Supplier will pay not less than the prevailing wage rates, as specified in the schedule and any amendments thereto, to all workers employed by Supplier in providing the Services. Supplier will cause all subcontracts to include the provision that all sub-suppliers will pay not less than the prevailing rates to all workers employed by such sub- suppliers in providing the Services. The Services are subject to compliance monitoring and enforcement by the DIR. Supplier will forfeit, as a penalty, not more than $200 for each calendar day or portion thereof for each worker that is paid less than the prevailing rates as determined by the DIR for the work or craft in which the worker is employed for any portion of the Services provided by Supplier or any sub-supplier. The amount of this penalty will be determined pursuant to applicable law. Such forfeiture amounts may be deducted from the amounts due under the Agreement. If there are insufficient funds remaining in the amounts due under the Agreement, Supplier will be liable for any outstanding amount remaining due. Supplier will also pay to any worker who was paid less than the prevailing wage rate for the work or craft for which the worker was employed for any portion of the Services, for each day, or portion thereof, for which the worker was paid less than the specified prevailing per diem wage rate, an amount equal to the difference between the specified prevailing per diem wage rate and the amount which was paid to the worker. Review of any civil wage and penalty assessment will be made pursuant to California Labor Code section 1742. ARTICLE 25 – FAIR WAGE/FAIR WORK If the Agreement is for Services that will be performed at one or more UC Locations, does not solely involve furnishing Goods, and are not subject to extramural awards containing sponsor-mandated terms and conditions, Supplier warrants that it is in compliance with applicable federal, state and local working conditions requirements, including but not limited to those set forth in Articles 11, 12 and 14 herein, and that Supplier pays its employees performing the Services no less than the UC Fair Wage. Supplier agrees UC may conduct such UC Fair Wage/Fair Work interim compliance audits as UC reasonably requests, as determined in UC’s sole discretion. Supplier agrees to post UC 117 of 1132 122 UNIVERSITY OF CALIFORNIA Page 13 of 16 Revised 2/27/2020 Terms and Conditions of Purchase Fair Wage/Fair Work notices, in the form supplied by UC, in public areas (such as break rooms and lunch rooms) frequented by Supplier employees who perform Services. For Services rendered (actual spend) not subject to prevailing wage requirements in excess of $100,000 in a year (under the Agreement or any combination of agreements for the same service), Supplier will (i) at Supplier’s expense, provide an annual independent verification (https://www.ucop.edu/procurement-services/for-suppliers/fwfw-resources-suppliers.html) performed by a licensed public accounting firm (independent accountant) or the Supplier’s independent internal audit department (http://na.theiia.org/standards- guidance/topics/Pages/Independence-and-Objectivity.aspx) in compliance with UC’s required verification standards and procedures (https://www.ucop.edu/procurement-services/for-suppliers/fwfw-resources-suppliers.html), concerning Supplier’s compliance with this provision, and (ii) ensure that in the case of a UC interim audit, its independent accountant/independent internal auditor makes available to UC its UC Fair Wage/Fair Work work papers for the most recent verification period. Supplier agrees to provide UC with a UC Fair Wage/Fair Work verification annually, in a form acceptable to UC, no later than ninety days after the end of the 12-month period in which $100,000 in spend is reached. The Fair Wage Fair Work annual independent verification requirement does not extend to contracts for professional services or consulting for which pre-certification has been provided to UC (https://www.ucop.edu/procurement-services/for-suppliers/fwfw-resources- suppliers.html). Please see the UC Procurement/Supply Chain Management Policy BUS-43 (https://www.ucop.edu/procurement- services/policies-forms/business-and-finance/index.html) for the definition of professional services and consulting. ARTICLE 26 – MEDICAL DEVICES This Article applies when the Goods and/or Services involve UC purchasing or leasing one or more medical devices from Supplier, or when Supplier uses one or more medical devices in providing Goods and/or Services to UC. Medical Device as used herein will have the meaning provided by the U.S. Food and Drug Administration (“FDA”) and means an instrument, apparatus, implement, machine, contrivance, implant, in vitro reagent, or other similar or related article, including a component part, or accessory which is: (i) recognized in the official National Formulary, or the United States Pharmacopoeia, or any supplement to them; (ii) intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment, or prevention of disease, in humans or other animals, or (iii) intended to affect the structure or any function of the body of humans or other animals, and which does not achieve any of its primary intended purposes through chemical action within or on the body of humans or other animals and which is not dependent upon being metabolized for the achievement of any of its primary intended purposes. Supplier warrants that prior to UC’s purchase or lease of any Medical Device or Supplier’s use of any Medical Device in providing Goods and/or Services hereunder, Supplier will: (i) perform security testing and validation for each such Goods and/or Services or Medical Device, as applicable; (ii) perform security scans to detect malware on any software embedded within any Goods and/or Services or Medical Device, as applicable, in order to verify that the software does not contain any known malware; (iii) conduct a vulnerability scan encompassing all ports and fuzz testing; and (iv) provide UC with reports for (i) – (iii). Supplier warrants that any Good or Medical Device is compliant with FDA’s most current guidance or regulation for the quality system related to the cybersecurity and the Management of Cybersecurity in Medical Devices, and that Supplier will maintain compliance with any updates to such guidance or regulations. Throughout Supplier’s performance of this Agreement, Supplier will provide UC with reasonably up-to-date patches, firmware and security updates for any Medical Device provided to UC, and any other Medical Device used in the course of providing Services, as applicable. All such patches and other security updates will be made available to UC within thirty (30) days of its commercial release or as otherwise recommended by Supplier or Supplier’s sub-supplier, whichever is earlier. Supplier warrants that all software and installation media not specifically required for any Medical Device used by Supplier or Goods and/or Services delivered to UC under this Agreement as well as files, scripts, messaging services and data will be removed from all such Goods and/or Services or Medical Device following installation, and that all hardware ports and drivers not required for use or operation of such Goods and/or Services or Medical Device will be disabled at time of installation. In addition, Medical Devices must be configured so that only Supplier-approved applications will run on such Medical Devices. 118 of 1132 123 UNIVERSITY OF CALIFORNIA Page 14 of 16 Revised 2/27/2020 Terms and Conditions of Purchase Supplier agrees that UC may take any and all actions that it, in its sole discretion, deems necessary to address, mitigate and/or rectify any real or potential security threat, and that no such action, to the extent such action does not compromise device certification, will impact, limit, reduce or negate Supplier’s warranties or any of Supplier’s other obligations hereunder. Supplier warrants that any Medical Device provided to UC, and any other Medical Device used in the course of providing such Goods and/or Services, meet and comply with all cyber-security guidance and similar standards promulgated by the FDA and any other applicable regulatory body. If the Goods and/or Services entail provision or use of a Medical Device, Supplier will provide UC with a completed Manufacturer Disclosure Statement for Medical Device Security (MDS2) form for each such Medical Device before UC is obligated to purchase or lease such Medical Device or prior to Supplier’s use of such device in its performance of Services. If Supplier provides an MDS2 form to UC concurrently with its provision of Goods and/or Services, UC will have a reasonable period of time to review such MDS2 form, and if the MDS2 form is unacceptable to UC, then UC in its sole discretion may return the Goods or terminate the Agreement with no further obligation to Supplier. ARTICLE 27 – FORCE MAJEURE Neither Party will be liable for delays due to causes beyond the Party’s control (including, but not restricted to, war, civil disturbances, earthquakes, fires, floods, epidemics, quarantine restrictions, freight embargoes, and unusually severe weather). ARTICLE 28 – ASSIGNMENT AND SUBCONTRACTING Except as to any payment due hereunder, Supplier may not assign or subcontract the Agreement without UC’s written consent. In case such consent is given, the assignee or subcontractor will be subject to all of the terms of the Agreement. ARTICLE 29 – NO THIRD-PARTY RIGHTS Nothing in the Agreement, express or implied, is intended to make any person or entity that is not a signer to the Agreement a third-party beneficiary of any right created by this Agreement or by operation of law. ARTICLE 30 – OTHER APPLICABLE LAWS Any provision required to be included in a contract of this type by any applicable and valid federal, state or local law, ordinance, rule or regulations will be deemed to be incorporated herein. ARTICLE 31 – NOTICES A Party must send any notice required to be given under the Agreement by overnight delivery or by certified mail with return receipt requested, to the other Party’s representative at the address specified by such Party. ARTICLE 32 – SEVERABILITY If a provision of the Agreement becomes, or is determined to be, illegal, invalid, or unenforceable, that will not affect the legality, validity or enforceability of any other provision of the Agreement or of any portion of the invalidated provision that remains legal, valid, or enforceable. ARTICLE 33 – WAIVER Waiver or non-enforcement by either Party of a provision of the Agreement will not constitute a waiver or non-enforcement of any other provision or of any subsequent breach of the same or similar provision. ARTICLE 34 – AMENDMENTS The Parties may make changes in the Goods and/or Services or otherwise amend the Agreement, but only by a writing signed by both Parties’ authorized representatives. In the event there is a Material Change to the Agreement, the parties agree to meet and confer in good faith in order to modify the terms of the Agreement. A Material Change as used herein refers to: 119 of 1132 124 UNIVERSITY OF CALIFORNIA Page 15 of 16 Revised 2/27/2020 Terms and Conditions of Purchase A. A change to the scope of Goods and/or Services to be provided by Supplier, as agreed to by UC; B. A change in the Institutional Information Supplier is required to create, receive, maintain or transmit in performance of the Agreement, such that the Protection Level Classification of such Institutional Information changes; C. Changes in the status of the parties; D. Changes in flow down terms from external parties; and E. Changes in law or regulation applicable to this Agreement. Each party shall notify the other party upon the occurrence of a Material Change. ARTICLE 35 – GOVERNING LAW AND VENUE California law will control the Agreement and any document to which it is appended. The exclusive jurisdiction and venue for any and all actions arising out of or brought under the Agreement is in a state court of competent jurisdiction, situated in the county in the State of California in which the UC Location is located or, where the procurement covers more than one UC Location, the exclusive venue is Alameda County, California. ARTICLE 36 – ASSISTANCE IN LITIGATION OR ADMINISTRATIVE PROCEEDINGS Supplier will make itself and its employees, subcontractors, or agents assisting Supplier in the performance of its obligations reasonably available to UC at no cost to UC to testify as witnesses, or otherwise, in the event of investigations, or proceedings against UC, its directors, officers, agents, or employees relating to the Goods or Services. ARTICLE 37 – SUPPLIER TERMS Any additional terms that Supplier includes in an order form or similar document will be of no force and effect, unless UC expressly agrees in writing to such terms. ARTICLE 38 – SURVIVAL CLAUSE Upon expiration or termination of the Agreement, the following provisions will survive: WARRANTIES; INTELLECTUAL PROPERTY, COPYRIGHT, PATENTS, AND DATA RIGHTS; INDEMNITY AND LIABILITY; USE OF UC NAMES AND TRADEMARKS; LIABILITY FOR UC-FURNISHED PROPERTY; COOPERATION; TERMS APPLICABLE TO THE FURNISHING OF GOODS; AUDIT REQUIREMENTS; PROHIBITION ON UNAUTHORIZED USE OR DISCLOSURE OF INSTITUTIONAL INFORMATION; GOVERNING LAW AND VENUE, and, to the extent incorporated into the Agreement, the terms of the APPENDIX–DATA SECURITY, APPENDIX–BAA, and/or APPENDIX-GDPR. ARTICLE 39 – CONTRACTING FOR COVERED SERVICES Covered Services, for the purpose of this Agreement, are defined as work customarily performed by bargaining unit employees at the University in the categories of services described in Regents Policy 5402, and American Federation of State, County, and Municipal Employees (AFSCME) Collective Bargaining Agreement Article 5. Covered Services include, but are not necessarily limited to, the following services: cleaning, custodial, janitorial, or housekeeping services; food services; laundry services; grounds keeping; building maintenance (excluding skilled crafts); transportation and parking services; and security services. Unless UC notifies Supplier that the Services are not Covered Services, Supplier warrants that it is in compliance with applicable federal, state and local working conditions requirements, including but not limited to those set forth in in other Articles of the Agreement. In accordance with Regents Policy 5402 and AFSCME Collective Bargaining Agreement Article 5, Supplier also warrants that it pays its employees performing the Covered Services at UC locations the equivalent value of the wages and benefits – as determined in the Wage and Benefit Parity Appendix – received by UC employees providing similar services at the same, or nearest UC location. Supplier agrees UC may conduct such compliance audits as UC reasonably requests, and determined at UC’s sole discretion. Supplier agrees to post UC Contracting for Covered Services notices, in the template supplied by UC, in a prominent and accessible place (such as break rooms and lunch rooms) where it may be easily seen by workers who perform Covered Services. The term "Supplier" includes Supplier and its Sub-Suppliers at any tier. Supplier also agrees to: 120 of 1132 125 UNIVERSITY OF CALIFORNIA Page 16 of 16 Revised 2/27/2020 Terms and Conditions of Purchase (a) upon UC’s request, provide verification of an independent audit performed by Supplier’s independent auditor or independent internal audit department (http://na.theiia.org/standards-guidance/topics/Pages/Independence-and-Objectivity.aspx) and at Supplier’s expense; and (b) ensure that, in the case of a UC interim audit, Supplier’s auditor makes available to UC its Contracting for Covered Services work papers for the most recently audited time period. Supplier agrees to provide UC requested verification, in a form acceptable to UC, no later than ninety days after receiving UC’s request. 121 of 1132 126 UNIVERSITY OF CALIFORNIA Questionnaire Name : Goods and Services Questionnaire Description : Requirements Evaluation Type : Technical Section 1. Technological Capability Description Proposer's devices must have the technological capability to fulfill specific reaquirements of the University. Please answer below and attach any additional supporting documentation. Q1. Do you support the following device technologies? (Response Type : Matrix Of Check Boxes) Weight 7% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: Attachments : Responses Options : Row Options 1. 100baseT or greater Ethernet connectivity 2. Connectivity to Proposer's MFDs and/or Laser Printers by devices using the following operating systems, including universal and device-specific PPDs. Include the expected timeframe for release of PPDs after operating system upgrades: a. Windows (requirement is from Windows 10.0 and higher; Proposers to specify versions) b. Macintosh (Proposers to specify versions; requirement is from OSX 10.13 and higher) c. IOS (Proposers to specify versions; requirement is from iOS 11.0 and higher) d. Android (Proposers to specify versions; requirement is from Android OS 8.0 and higher) 3. Connectivity to Proposer's MFDs and/or Laser Printers by following communications protocols: a. POP, IMAP b. IPv4/IPv6/IPsec c. LDAPv3 or higher d. Kerberos – must include Kerberos for Windows and Macintosh Operating Systems listed in 2a-2b above e. LPR/LPD/IPP f. Bonjour g. SMTP h. SNMP v1 – v3 including authentication protocols i. TCP port 9100 direct printing (bidirectional) j. SSL/TLS 1.3 4. Printing to Proposer's MFDs and/or Laser Printers using the following printing protocols/output types: a. PostScript Level 3 b. PCL 6e c. PDF 5. Effective and successful installation and set-up of Proposer's MFDs and/or Laser Printers on University networks 6. Effective and successful installation and set-up of connectivity software (including, but not limited to, PPDs) to Proposer's MFDs/Laser Printers on customer computers as requested by the UC Location. Column Options Yes Score : 5 No Score : 1 122 of 1132 127 Section 2. Equipment Technical Service and Support Description Proposers must provide Technical support to UC Locations Q2. Describe your customer service support infrastructure, including phone, email, etc. and provide hours of operation. Please describe how you use your customer services support infrastructure to meet or exceed the following: Suppliers must coordinate all service calls through a centralized dispatch desk. All calls must be logged into a service system with a minimum of the following information: • All relevant customer information, location, phone number(s), contact name , caller name. • A unique repair ticket number • Time of call placement from the customer • The customer’s reported equipment malfunction or issue • The equipment id number, model and serial number • The equipment status operational status: operational, substandard, or inoperative • Dispatched agente name or id number, dispatched time, location, caller, make, model, serial # and problem. Suppliers must further log the following information upon call completion: • Service technician’s report of actual problem and troubleshooting & repair actions conducted including parts replaced or additional parts required on follow-up calls. • Arrival time, End time, Total Repair time, service copies made, final call status ie: completed.- closed, open, pending , escalated. • Meter readings upon service completion (ie print, scan, color, b/w) • Locations with MFD/Printer Fleet Management programs may require the call completion information be supplied from the vendor’s repair technician to designated UC Location customer at the conclusion of the service call. (Response Type : Single Line Text) Weight 9.045% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: Attachments : Q3. Supplier must offer manufacturer's current models to UC Locations on a trial basis for thirty- days. UC Locations may opt to purchase or leas the trial model, request a different model for trial, or return the trial model(s) with no obligation to supplier. Describe your process for offering trial models. (Response Type : Multi Line Text) Weight 6.868% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: Attachments : Q4. All Proposers' devices must be able to interface with existing third-party access control and management systems at UC locations (Equitrac, ITC, Pharos, PaperCut, PCounter, or comparable), 123 of 1132 128 with the following requirements to achieve reliable and accurate transactions and transactional reporting: Embedded software and/or external hardware to enable use of the third-party system; device specific interface cables for external hardware must be provided and installed by Supplier at no cost to UC; Network connectivity across a hard-wired and/or a wireless network; ability to use USB proximity and/or magnetic stripe card readers for user authication and acess to the third-party system. (Response Type : Multi Line Text) Weight 8.709% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: Attachments : Q5. Describe your company’s capability to offer trade-ins for the purchased equipment and upgrades for leased equipment, placed at UC by your company and/or your competitors. Please include your company’s terms and conditions for offering trade-ins and upgrades. (Response Type : Single Line Text) Weight 3.685% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: Attachments : Q6. Describe how your Company will meet or exceed UC’s service guarantee commitments and credits for MFDs attached. (Response Type : Multi Line Text) Weight 6.03% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: Attachments : MFD Service Guarantee.docx Q7. Describe how your Company will meet or exceed UC’s service guarantee commitment requirements for Laser Printers attached. (Response Type : Single Line Text) Weight 4.355% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: 124 of 1132 129 Attachments : Service Guarantee commitment for Laser Printers.docx Q8. Describe how your company will track the service performance, and what type of documentation will be provided to verify your performance for the service categories listed in the above questions 12 and 13. (Response Type : Multi Line Text) Weight 1.173% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: Attachments : Q9. Proposer must provide appropriate resources to ensure efficient and effective management, administration, and implementation of the MFD and/or Laser Printer contract Monday – Friday, 8:00am-5:00pm (Pacific), including, but not limited to: • Coordinate contract implementation, including designating associated Project Manager • Account management for on-going contract monitoring, maintenance and communication • Account Representative(s) dedicated to UC Locations • To insure customer service satisfaction, Supplier is required to call customer 3 days after equipment installation and training. Customer shall be defined as a designated user for that location. For UC Locations with MFD/Printer Fleet Management Programs, Customer shall be defined as the designated contacts for those Programs. • On-site sales representation on a regular basis to increase sales activity, assist in resolving problems, demonstrate new products, provide unlimited training and other customer services as required for the efficient operation of the program. • Coordinate all the order/installation process, inquiries regarding order status, and pricing concerns. • Regular contact and/or meetings (frequency to be determined by each location, though no less than quarterly) between Supplier’s account manager and UC Purchasing and/or MFD/Printer Fleet Management Program at each location to discuss issue resolution, performance activities and all related issues. • Maintain a customer service satisfaction level of 98% or better as evidenced by the results of regular customer survey’s conducted by supplier. • A designated contact for billing/invoicing questions and issues. Describe how your company will provide each of the above. If Proposer has an existing higher education major account program, please describe. (Response Type : Multi Line Text) Weight 9.045% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: Attachments : Q10. Proposers must provide the following technical support to UC Locations. Describe how your company will provide each: • Initial installation and configuration of MFD hardware and software for network connectivity and full functionality of the MFD to UC Locations and their IT resources, as needed and/or requested. • Onsite equipment electrical and mechanical troubleshooting and repairs. • Dedicated technical support staff with a working knowledge of all aspects of network 125 of 1132 130 functionality across all platforms, including: Hardware installation (network cards, cabling, etc) LDAP Network administration (equipment, software installation/configuration, printer driver installation/configuration/characteristics and security settings as needed and requested.) Advice and assistance with user-settable options in display menus and submenus Support for MFDs or Laser Printer issues with respect to 3rd party vendor software and hardware Full maintenance services for Laser Printers, including repair parts, software and firmware updates and labor (Response Type : Multi Line Text) Weight 9.38% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: Attachments : Q11. After the 90-day warranty period and until 36 months from the date of installation, or coterminous in the case of a longer lease, except due to operator error, for any device that fails to operate in accordance with the manufacturer's published performance specifications three times in any four week period and/or is subject to recurring related problems, Supplier shall replace that device with a new MFD or Laser Printer that meets the requirements of the same lot as the original equipment model, at no cost to the user. This will take precedence over any other warranty or service maintenance clauses associated with this contract. For purchased devices, customers must maintain an uninterrupted maintenance agreement, cost per copy, or lease agreement including parts and supplies with the contract vendor for the Lemon Clause to apply past the initial 90-day warranty period. The UC Location Purchasing and/or MFD/Printer Fleet Management Program will review user requests for the application of this clause and will make a determination regarding its use. If 25% or less of the device’s useful life has been used up, the device must be replaced with a “new device”. A “like for like” device may be used if 25% or more of the useful life of the device has been used up and the Customer agrees to the “like for like” exchange. Note: Prior to the lease or purchase of a device, awarded vendors must provide UC with the device’s “Useful Life”. Describe your company policy and how your company will fulfill this requirement. (Response Type : Multi Line Text) Weight 8.71% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: Attachments : Section 3. Repair Parts and Supplies availability Description Availability for MFD and Laser Printers 126 of 1132 131 Q12. UC Locations require the same discount for repair parts and supplies for the MFD and Laser Printer models on the awarded contract throughout the agreement and its extensions, or as long as parts and supplies are available for those models, whichever is longer. Define the length of time your company produces or makes available repair parts and supplies available beyond the final year of installation of a device, and acknowledge maintaining the same discount. You will be asked to provide discounted parts pricing in the Price sheets. (Response Type : Single Line Text) Weight 9% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: Attachments : Q13. MFD Service and Parts: Describe in detail your company’s capabilities to provide full maintenance services for MFDs, including repair parts, software and firmware updates and labor based on the following options: Note: On all options, 11” x 17” (or larger) pages must count as one original (one click) per side. Option 1: Cost Per Impression Charge – Zero Volume Base Provide full service maintenance with supplies, excluding paper. Proposer will invoice respective UC Location on a monthly basis using a cost per impression charge applied to the actual monthly impression volume in the covered period without any minimum and/or maximum volume restrictions. You will be asked to provide a cost per impression rate by MFD category, and a composite rate across all categories in the price sheets. These rates apply to purchased and leased MFDs. Option 2: Monthly Minimum Charge: Provide full service maintenance with supplies, excluding paper. Proposer will charge UC a fixed monthly minimum charge, which will include a monthly impression volume allowance, with a separate cost per impression charge applied to the overage. You will be asked to provide a cost per copy rate by MFD category, and a composite rate across all categories, for the overage in the price sheets. These rates apply to purchased and leased MFDs. Option 3 T&M: Fixed Charge per Occurrence Provide service repairs and maintenance using a Time and Material option. Awarded Proposer would charge UC a fixed amount per occurrence and/or a fixed hourly fee, after expiration of standard or extended equipment warranties. You will be asked to provide a price list of common parts and customer replaceable units. (Response Type : Single Line Text) Weight 6% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: Attachments : Section 4. Training Description Training for all devices, software, etc 127 of 1132 132 Q14. Please describe your company’s capability to provide on-site customer training at no additional cost to UC. Include the following: Initial training at the installed device location on all walkup and network features (following installation) Follow-up training On-going training (existing and new users) In addition, please list your other training capabilities. (Response Type : Multi Line Text) Weight 9% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: Attachments : Section 5. Reporting Description Proposers must regularly provide electronic reports (in Microsoft Excel) to designated UC contacts. Reports shall provide a wide range of information related to the resulting agreement including, but not limited to agreement usage and Supplier performance of the requirements detailed in this RFP. Reports must be provided both at the system-wide level and for each individual locations. Q15. Quarterly report of population of MFDs and Laser Printers reports including, but not limited to the following data:  UC Location  UC department UC purchase order number Name, phone and email for department placing the purchase order Equipment serial number Name and Model of product(s) and/or service(s) Purchased Quantity purchased Price paid, per unit and total Method of acquisition (lease, purchase, etc.) Sustainable product purchases Monthly reports:  Response time Repair time 128 of 1132 133 Uptime Total service calls Delivery time Installation time Open leases, remaining terms, etc. Please indicate you acceptance and describe your qualtity control procedure you have in place to ensure reports are accurate. If you dNo you do not comply with explanation and descri (Response Type : Multi Line Text) Weight 1% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: Attachments : Q16. Other reports: Equipment inventory report that will provide a detail listing of all products and their locations at the particular UC Location. Individual equipment service reports that may be requested by UC for monitoring contract compliance and exceptions. Annual reports comparing UC contract pricing with Supplier’s other pricing available from in the higher education market. Other reports as reasonably requested by UC. Supplier must provide reports within five (5) business days. Please indicate your acceptance. (Response Type : Multi Line Text) Weight 1% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: Attachments : 129 of 1132 134 Service Guarantee Commitments The successful Bidder will credit individual UC Locations for availability of individual MFDs (uptime) of less than 100% as follows: Uptime Percentage Credit (Off monthly maintenance charge) 100% - 96.0% 0 95.9% - 95.0% 1% 94.9% - 94.0% 2% 93.9% - 93.0% 4% 92.9% - 92.0% 6% 91.9% - 91.0% 8% 90.9% - 90.0% 10% 89.9% - 89.0% 12% 88.9% - 88.0% 14% 87.9% - 87.0% 16% 86.9% - 86.0% 18% 85.9% - 85.0% 20% Description Commitment 1. Service/Guarantee a) Total uptime (MFDs) b) MFD warranty (parts & labor) a) 96% (not more than 8 hours of downtime per month based on the total number of working hours per month) b) 90 days - Total customer satisfaction guarantee 2. Response/Repair Time –MFDs a) Response time b) Response times to areas beyond 20 miles from major UC Locations a) 4 business hours with 1 business hour acknowledging call back from technician or dispatch – starting from time of call placement b) Maximum 8 hours or upon mutually agreed time with field office or location administrators. 3.Delivery/Installation a) Delivery (new equipment) b) Delivery (replacement parts) c) Delivery (supplies) d) Installation a) 10 business days from vendor receipt of order; delivery between 8am and 12noon (Pacific), with one hour pre- delivery call, unless otherwise arranged b) Within 8 business hours from vendor receipt of order c) Within 2 business days from vendor receipt of order d) Installation upon delivery, unless otherwise arranged 4. Setup Within 4 business hours of delivery, unless otherwise arranged. 5. Training Initial Customer training and IT support Unlimited user training on features and functionality at no charge. Initial IT - support no charge. 6. Customer Service a) 800 Number b) Return customer calls a) At no cost b) Within 1 business hour 130 of 1132 135 84.9% - 84.0% 22% 83.9% - 82.0% 24% 82.9% - 82.0% 26% 81.9% - 81.0% 28% 81.9% - 80.0% 30% Less than 80.0% 100% For purposes of computing the effective performance level, accumulated hours of failure downtime for any month will be adjusted to the nearest whole or half-hour. Credits to be calculated based on prorated share of maintenance charge to be calculated and prorated on a per equipment/unit basis. If maintenance charges are not part of the charge per impression (based on agreement with individual location), the discount shall be applied against the per-impression rate (black and white, and color impressions). Uptime is defined as the number of hours that each MFD is available and in good working order during Principle Period of Maintenance coverage as follows: Uptime Percentage = PPM - FT x 100 PPM PPM - Principle Period of Maintenance (8:00am - 5:00pm, Monday through Friday, except holidays) FT - Failure Time For purpose of calculation, Failure Time is defined as any time during the Principle Period of Maintenance when a MFD is incapable of using any its features and functions, due to a failure of the machine mechanically or electronically. This Failure Time will be tracked and reported by Supplier. The successful Bidder will credit individual UC Locations for late delivery of MFDs as follows: Delivery Schedule (Business Days) Credit 10 days 0% 11 days 1.0% 12 days 2.0% 13 days 3.0% 14 days 4.0% 15 days 5.0% 16 days 6.0% 17 days 7.0% 18 days 8.0% 19 days 9.0% 20 days 10.0% More than 20 days 15.0% Credits to be calculated based on the UC Net purchase price and/or monthly lease charge to be calculated on a per equipment unit basis. 131 of 1132 136 Service Guarantee commitment for Laser Printers Description Commitment 1. Service/Guarantee a) Total uptime - Laser Printers b) Printer warranty (parts & labor) a) 96% (not more than 8 hour of downtime per month based on total number of working hours per month) b) Standard 1 year or more 2. Response/Repair Time – Laser Printers Response time Within 2 business days 4. Delivery/Installation a) Delivery (new equipment) b) Delivery (replacement parts) c) Delivery (supplies) d) Installation (optional) a) 10 business days b) Within 2 business days c) Within 2 business days d) If requested, within 2 business days of delivery, unless otherwise arranged. 5. Customer Service a) 800 Number b) Return customer calls a) At no cost b) Within 1 business hour 132 of 1132 137 Service Guarantee commitment for Laser Printers Description Commitment 1. Service/Guarantee a) Total uptime - Laser Printers b) Printer warranty (parts & labor) a) 96% (not more than 8 hour of downtime per month based on total number of working hours per month) b) Standard 1 year or more 2. Response/Repair Time – Laser Printers Response time Within 2 business days 4. Delivery/Installation a) Delivery (new equipment) b) Delivery (replacement parts) c) Delivery (supplies) d) Installation (optional) a) 10 business days b) Within 2 business days c) Within 2 business days d) If requested, within 2 business days of delivery, unless otherwise arranged. 5. Customer Service a) 800 Number b) Return customer calls a) At no cost b) Within 1 business hour 133 of 1132 138 Questionnaire Name : OMNIA Partners Questionnaire Description : National Cooperative Contract Questionnaire - PLEASE NOTE: YOU MUST ANSWER ALL QUESTIONS IN THIS QUESTIONNAIRE. IF YOU ANSWER YES TO QUESTION 1: RESPOND TO QUESTIONS 2 THROUGH 5 FULLY AND ANSWER QUESTION 6 "N/A". IF YOU ANSWER NO TO QUESTION 1, RESPOND TO QUESTIONS 2 THROUGH 5 WITH "N/A" AND FULLY RESPOND TO QUESTION 6. Evaluation Type : Technical Q1. Are you a National Supplier? Yes/No PLEASE NOTE: YOU MUST ANSWER ALL QUESTIONS IN THIS QUESTIONNAIRE. IF YOU ANSWER YES TO QUESTION 1: RESPOND TO QUESTIONS 2 THROUGH 5 FULLY AND ANSWER QUESTION 6 "N/A". IF YOU ANSWER NO TO QUESTION 1, RESPOND TO QUESTIONS 2 THROUGH 5 WITH "N/A" AND FULLY RESPOND TO QUESTION 6. (Response Type : Drop Down) Weight 30% Mandatory Yes Supplier Attachments Not Allowed Evaluation Type Score Current Stage Reference: Attachments : Responses Options : Yes, I am a National Supplier Score : 5 No, I am not a National Supplier Score : 1 Q2. IF YOU RESPONDED TO QUESTION 1 WITH NO, ANSWER "N/A". Instructions for OMNIA Partners – Exhibit A – Response for National Cooperative Contract Exhibit A – This Exhibit A defines the expectations for qualifying Suppliers based on OMNIA Partners’ requirements to market the resulting Master Agreement nationally to Public Agencies. Each section in this Exhibit A refers to the capabilities, requirements, obligations, and prohibitions of competing Suppliers on a national level to serve Participating Public Agencies through OMNIA Partners. Please respond to all questions in this document attach your response to this section. (Response Type : Single Line Text) Weight 40% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: Attachments : OMNIA Partners - Exhibit A Response to National Contract.pdf Q3. IF YOU RESPONDED TO QUESTION 1 WITH NO, ANSWER "N/A". Instructions for OMNIA Partners Exhibit B – This document is an example of a standard Administration Agreement between the awarded Supplier(s) and OMNIA Partners. Submission of a proposal affirms proposer’s understanding and acceptance of the Administration Agreement, unless specific exceptions are 134 of 1132 139 proposed, and alternative language or provisions are offered. Proposer should have any reviews required to sign the document prior to submitting a response. If a proposer has an exception to any portion of the OMNIA Partners Administrative Agreement, then proposer must attach to their proposal a document labeled “Proposer’s Name - Exceptions to OMNIA Partners Admin Agreement” that states which specific sections of the Agreement they take exception and propose specific alternative language. The exceptions document must be attached under Supplier Response in the CalUSource portal. (Response Type : Single Line Text) Weight 20% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: Attachments : OMNIA Partners - Exhibit B Administration Agreement.pdf Q4. IF YOU RESPONDED TO QUESTION 1 WITH NO, ANSWER "N/A". Questionnaire – Instructions for Exhibit F&G – Federal Funds Certifications and New Jersey Business Exhibit F – The Federal Funds Certifications form benefits participating agencies seeking to use federal funds to purchase under the resulting Master Agreement. Proposers must fill this form out and submit with their proposal as an attachment labeled “Proposer’s Name - Response to OMNIA Partners – Exhibit F” under the Supplier Response in the CalUSource Portal. Please fill out this document and reattach in CalUsource. Exhibit G – Proposers intending to do business in the state of New Jersey must comply with the policies and procedures required under New Jersey Statues. Proposers must fill this out this form and attach it to their proposal labeled as “Proposer Name – Response to OMNIA Partners Exhibit G” under the Supplier Response in the CalUSource portal. Please fill out this document and reattach in CalUsource. (Response Type : Single Line Text) Weight 10% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: Attachments : OMNIA Partners - Exhibit G New Jersey Compliance Form.pdf OMNIA Partners - Exhibit F Federal Funds Certifications Form.pdf Q5. IF YOU RESPONDED TO QUESTION 1 WITH NO, ANSWER "N/A". Omnia Partners Exhibit C – For information only. The Master Intergovernmental Cooperative Purchasing Agreement is the agreement Participating Agencies, wanting to use the cooperative contract, will execute to register with OMNIA Partners to participate in the program. Participating Agencies agree to the document one time for access to allthe contracts available in the portfolio. Proposer does not need to complete this form. This agreement is not between the supplier and OMNIA Partners. Omnia Partners Exhibit D – For information only. The Principal Procurement Agency Certificate is the document executed by the lead agency and OMNIA Partners to partner to create a Master Agreement which can be used as a national cooperative contract. Proposer does not need to complete this form. Please acknowledge you have read this section. 135 of 1132 140 Omnia Partners Exhibit E – For information only. The Contract Sales Reporting Template is the template the awarded supplier would use to report monthly sales to OMNIA Partners. Proposer does not need to fill this form out. Omnia Partners Exhibit H – For information only. Due to advertising requirements within certain states for public solicitations, the OMNIA Partners Advertising Compliance Requirement lists agencies within certain states that require all agencies be listed in a solicitation in order to consider use of the Master Agreement. These agencies may or may not be registered with OMNIA Partners; these agencies may or may not use the Master Agreement; this is not a comprehensive list of agencies registered with OMNIA Partners. Proposer does not need complete this form. Please acknowledge you reviewed all of the above. (Response Type : Single Line Text) Weight 0% Mandatory No Supplier Attachments Not Allowed Evaluation Type Informative Current Stage Reference: Attachments : OMNIA Partners - Exhibit C Master Intergovernmental Cooperative Purchasing Agreement.pdf OMNIA Partners - Exhibit H Advertising Compliance Requirement.pdf OMNIA Partners - Exhibit E Contract Sales Reporting Template.pdf OMNIA Partners - Exhibit D Principal Procurement Agency Certificate.pdf Q6. IF YOU RESPONDED TO QUESTION 1 WITH YES, ANSWER "N/A". All Proposers that are not interested or can't participate in a National contract with OMNIA Partners must agree to the following: Patronage Incentives: During the Initial Term of this Agreement and any subsequent Renewal Terms, Supplier agrees to provide UC a quarterly Patronage Incentive in the amount equal to three percent (3%) of the total sales of Goods and Services. The amount of quarterly Patronage Incentive provided to each UC Location will be calculated based on the total quarterly sales to each UC Location. Each UC Location will have the right to modify proposal pricing for the individual UC Location up to three percent (3%) in the event UC Location decides not to implement an incentive program. The Patronage Incentive will be issued to The Regents of the University of California and mailed to each UC Location participating in the incentive program. Please confirm your acceptance. (Response Type : Multi Line Text) Weight 0% Mandatory Yes Supplier Attachments Allowed Evaluation Type Informative Current Stage Reference: Attachments : 136 of 1132 141 OMNIA PARTNERS EXHIBITS EXHIBIT A- RESPONSE FOR NATIONAL COOPERATIVE CONTRACT Version January 22, 2020 1.0 Scope of National Cooperative Contract Capitalized terms not otherwise defined herein shall have the meanings given to them in the Master Agreement or in the Administration Agreement between Supplier and OMNIA Partners. 1.1 Requirement The University of California (hereinafter defined and referred to as “Principal Procurement Agency”), on behalf of itself and the National Intergovernmental Purchasing Alliance Company, a Delaware corporation d/b/a OMNIA Partners, Public Sector (“OMNIA Partners”), is requesting proposals for Print Goods and Services. The intent of this Request for Proposal is any contract between Principal Procurement Agency and Supplier resulting from this Request for Proposal (“Master Agreement”) be made available to other public agencies nationally, including state and local governmental entities, public and private primary, secondary and higher education entities, non-profit entities, and agencies for the public benefit (“Public Agencies”), through OMNIA Partners’ cooperative purchasing program. The Principal Procurement Agency has executed a Principal Procurement Agency Certificate with OMNIA Partners, an example of which is included as Exhibit D, and has agreed to pursue the Master Agreement. Use of the Master Agreement by any Public Agency is preceded by their registration with OMNIA Partners as a Participating Public Agency in OMNIA Partners’ cooperative purchasing program. Registration with OMNIA Partners as a Participating Public Agency is accomplished by Public Agencies entering into a Master Intergovernmental Cooperative Purchasing Agreement, an example of which is attached as Exhibit C, and by using the Master Agreement, any such Participating Public Agency agrees that it is registered with OMNIA Partners, whether pursuant to the terms of the Master Intergovernmental Purchasing Cooperative Agreement or as otherwise agreed to. The terms and pricing established in the resulting Master Agreement between the Supplier and the Principal Procurement Agency will be the same as that available to Participating Public Agencies through OMNIA Partners. All transactions, purchase orders, invoices, payments etc., will occur directly between the Supplier and each Participating Public Agency individually, and neither OMNIA Partners, any Principal Procurement Agency nor any Participating Public Agency, including their respective agents, directors, employees or representatives, shall be liable to Supplier for any acts, liabilities, damages, etc., incurred by any other Participating Public Agency. Supplier is responsible for knowing the tax laws in each state. This Exhibit A defines the expectations for qualifying Suppliers based on OMNIA Partners’ requirements to market the resulting Master Agreement nationally to Public Agencies. Each section in this Exhibit A refers to the capabilities, requirements, obligations, and prohibitions of competing Suppliers on a national level in order to serve Participating Public Agencies through OMNIA Partners. These requirements are incorporated into and are considered an integral part of this RFP. OMNIA Partners reserves the right to determine whether or not to make the Master Agreement awarded by the Principal Procurement Agency available to Participating Public Agencies, in its sole and absolute discretion, and any party submitting a response to this RFP acknowledges that any award 137 of 1132 142 OMNIA PARTNERS EXHIBITS EXHIBIT A- RESPONSE FOR NATIONAL COOPERATIVE CONTRACT Version January 22, 2020 by the Principal Procurement Agency does not obligate OMNIA Partners to make the Master Agreement available to Participating Procurement Agencies. 1.2 Marketing, Sales and Administrative Support During the term of the Master Agreement OMNIA Partners intends to provide marketing, sales , partnership development and administrative support for Supplier pursuant to this section that directly promotes the Supplier’s products and services to Participating Public Agencies through multiple channels, each designed to promote specific products and services to Public Agencies on a national basis. OMNIA Partners will assign the Supplier a Director of Partner Development who will serve as the main point of contact for the Supplier and will be responsible for managing the overall relationship between the Supplier and OMNIA Partners. The Director of Partner Development will work with the Supplier to develop a comprehensive strategy to promote the Master Agreement and will connect the Supplier with appropriate stakeholders within OMNIA Partners including, Sales, Marketing, Contracting, Training, Operations & Support. The OMNIA Partners marketing team will work in conjunction with Supplier to promote the Master Agreement to both existing Participating Public Agencies and prospective Public Agencies through channels that may include: A. Marketing collateral (print, electronic, email, presentations) B. Website C. Trade shows/conferences/meetings D. Advertising E. Social Media The OMNIA Partners sales teams will work in conjunction with Supplier to promote the Master Agreement to both existing Participating Public Agencies and prospective Public Agencies through initiatives that may include: A. Individual sales calls B. Joint sales calls C. Communications/customer service D. Training sessions for Public Agency teams E. Training sessions for Supplier teams The OMNIA Partners contracting teams will work in conjunction with Supplier to promote the Master Agreement to both existing Participating Public Agencies and prospective Public Agencies through: 138 of 1132 143 OMNIA PARTNERS EXHIBITS EXHIBIT A- RESPONSE FOR NATIONAL COOPERATIVE CONTRACT Version January 22, 2020 A.Serving as the subject matter expert for questions regarding joint powers authority and state statutes and regulations for cooperative purchasing B.Training sessions for Public Agency teams C.Training sessions for Supplier teams D.Regular business reviews to monitor program success E.General contract administration Suppliers are required to pay an administrative fee of three percent (3%) of the greater of the Contract Sales under the Master Agreement and Guaranteed Contract Sales under this Request for Proposal. Supplier will be required to execute the OMNIA Partners Administration Agreement (Exhibit B). 1.3 Estimated Volume The dollar volume purchased under the Master Agreement is estimated to be approximately $50 million annually. While no minimum volume is guaranteed to Supplier, the estimated annual volume is projected based on the current annual volumes among the Principal Procurement Agency, other Participating Public Agencies that are anticipated to utilize the resulting Master Agreement to be made available to them through OMNIA Partners, and volume growth into other Public Agencies through a coordinated marketing approach between Supplier and OMNIA Partners. 1.4 Award Basis The basis of any contract award resulting from this RFP made by Principal Procurement Agency will, at OMNIA Partners option, be the basis of award on a national level through OMNIA Partners. If multiple Suppliers are awarded by Principal Procurement Agency under the Master Agreement, those same Suppliers will be required to extend the Master Agreement to Participating Public Agencies through OMNIA Partners. Utilization of the Master Agreement by Participating Public Agencies will be at the discretion of the individual Participating Public Agency. Certain terms of the Master Agreement specifically applicable to the Principal Procurement Agency (e.g. governing law) are subject to modification for each Participating Public Agency as Supplier, such Participating Public Agency and OMNIA Partners shall agree without being in conflict with the Master Agreement. Participating Agencies may request to enter into a separate supplemental agreement to further define the level of service requirements over and above the minimum defined in the Master Agreement (i.e. invoice requirements, order requirements, specialized delivery, diversity requirements such as minority and woman owned businesses, historically underutilized business, governing law, etc.). It shall be the responsibility of the Supplier to comply, when applicable, with the prevailing wage legislation in effect in the jurisdiction of the Participating Agency. It shall further be the responsibility of the Supplier to monitor the prevailing wage rates as established by the appropriate department of labor for any increase in rates during the term of the Master Agreement and adjust wage rates accordingly. Any supplemental agreement developed as a result of the Master Agreement is exclusively between the Participating Agency and the Supplier (Contract Sales are reported to OMNIA Partners). 139 of 1132 144 OMNIA PARTNERS EXHIBITS EXHIBIT A- RESPONSE FOR NATIONAL COOPERATIVE CONTRACT Version January 22, 2020 All purchase orders issued and accepted by the Supplier may survive expiration or termination of the Master Agreement. Participating Agencies’ purchase orders may exceed the term of the Master Agreement if the purchase order is issued prior to the expiration of the Master Agreement. Supplier is responsible for reporting all sales and paying the applicable administrative fee for sales that use the Master Agreement as the basis for the purchase order, even though Master Agreement may have expired. 1.5 Objectives of Cooperative Program This RFP is intended to achieve the following objectives regarding availability through OMNIA Partners’ cooperative program: A. Provide a comprehensive competitively solicited and awarded national agreement offering the Products covered by this solicitation to Participating Public Agencies; B. Establish the Master Agreement as the Supplier’s primary go to market strategy to Public Agencies nationwide; C. Achieve cost savings for Supplier and Public Agencies through a single solicitation process that will reduce the Supplier’s need to respond to multiple solicitations and Public Agencies need to conduct their own solicitation process; D. Combine the aggregate purchasing volumes of Participating Public Agencies to achieve cost effective pricing. 2.0 REPRESENTATIONS AND COVENANTS As a condition to Supplier entering into the Master Agreement, which would be available to all Public Agencies, Supplier must make certain representations, warranties and covenants to both the Principal Procurement Agency and OMNIA Partners designed to ensure the success of the Master Agreement for all Participating Public Agencies as well as the Supplier. 2.1 Corporate Commitment Supplier commits that (1) the Master Agreement has received all necessary corporate authorizations and support of the Supplier’s executive management, (2) the Master Agreement is Supplier's primary “go to market” strategy for Public Agencies, (3) the Master Agreement will be promoted to all Public Agencies, including any existing customers, and Supplier will transition existing customers, upon their request, to the Master Agreement, and (4) that the Supplier has read and agrees to the terms and conditions of the Administration Agreement with OMNIA Partners and will execute such agreement concurrent with and as a condition of its execution of the Master Agreement with the Principal Procurement Agency. Supplier will identify an executive corporate sponsor and a separate national account manager within the RFP response that will be responsible for the overall management of the Master Agreement. 2.2 Pricing Commitment 140 of 1132 145 OMNIA PARTNERS EXHIBITS EXHIBIT A- RESPONSE FOR NATIONAL COOPERATIVE CONTRACT Version January 22, 2020 Supplier commits the not-to-exceed pricing provided under the Master Agreement pricing is its lowest available (net to buyer) to Public Agencies nationwide and further commits that if a Participating Public Agency is eligible for lower pricing through a national, state, regional or local or cooperative contract, the Supplier will match such lower pricing to that Participating Public Agency under the Master Agreement. 2.3 Sales Commitment Supplier commits to aggressively market the Master Agreement as its go to market strategy in this defined sector and that its sales force will be trained, engaged and committed to offering the Master Agreement to Public Agencies through OMNIA Partners nationwide. Supplier commits that all Master Agreement sales will be accurately and timely reported to OMNIA Partners in accordance with the OMNIA Partners Administration Agreement. Supplier also commits its sales force will be compensated, including sales incentives, for sales to Public Agencies under the Master Agreement in a consistent or better manner compared to sales to Public Agencies if the Supplier were not awarded the Master Agreement. 3.0 SUPPLIER RESPONSE Supplier must supply the following information in order for the Principal Procurement Agency to determine Supplier’s qualifications to extend the resulting Master Agreement to Participating Public Agencies through OMNIA Partners. 3.1 Company A. Brief history and description of Supplier. B. Total number and location of sales persons employed by Supplier. C. Number and location of support centers (if applicable) and location of corporate office. D. Annual sales for the three previous fiscal years. E. Submit FEIN and Dunn & Bradstreet report. F. Describe any green or environmental initiatives or policies. G. Describe any diversity programs or partners supplier does business with and how Participating Agencies may use diverse partners through the Master Agreement. Indicate how, if at all, pricing changes when using the diversity program. H. Describe any historically underutilized business certifications supplier holds and the certifying agency. This may include business enterprises such as minority and women owned, small or disadvantaged, disable veterans, etc. I. Describe how supplier differentiates itself from its competitors. J. Describe any present or past litigation, bankruptcy or reorganization involving supplier. K. Felony Conviction Notice: Indicate if the supplier 141 of 1132 146 OMNIA PARTNERS EXHIBITS EXHIBIT A- RESPONSE FOR NATIONAL COOPERATIVE CONTRACT Version January 22, 2020 a. is a publicly held corporation and this reporting requirement is not applicable; b. is not owned or operated by anyone who has been convicted of a felony; or c. is owned or operated by and individual(s) who has been convicted of a felony and provide the names and convictions. L. Describe any debarment or suspension actions taken against supplier 3.2 Distribution, Logistics A. Describe the full line of products and services offered by supplier. B. Describe how supplier proposes to distribute the products/service nationwide. Include any states where products and services will not be offered under the Master Agreement, including U.S. Territories and Outlying Areas. C. Describe how Participating Agencies are ensure they will receive the Master Agreement pricing; include all distribution channels such as direct ordering, retail or in-store locations, through distributors, etc. Describe how Participating Agencies verify and audit pricing to ensure its compliance with the Master Agreement. D. Identify all other companies that will be involved in processing, handling or shipping the products/service to the end user. E. Provide the number, size and location of Supplier’s distribution facilities, warehouses and retail network as applicable. 3.3 Marketing and Sales A. Provide a detailed ninety-day plan beginning from award date of the Master Agreement describing the strategy to immediately implement the Master Agreement as supplier’s primary go to market strategy for Public Agencies to supplier’s teams nationwide, to include, but not limited to: i. Executive leadership endorsement and sponsorship of the award as the public sector go-to- market strategy within first 10 days ii. Training and education of Supplier’s national sales force with participation from the Supplier’s executive leadership, along with the OMNIA Partners team within first 90 days B. Provide a detailed ninety-day plan beginning from award date of the Master Agreement describing the strategy to market the Master Agreement to current Participating Public Agencies, existing Public Agency customers of Supplier, as well as to prospective Public Agencies nationwide immediately upon award, to include, but not limited to: i. Creation and distribution of a co-branded press release to trade publications ii. Announcement, Master Agreement details and contact information published on the Supplier’s website within first 90 days 142 of 1132 147 OMNIA PARTNERS EXHIBITS EXHIBIT A- RESPONSE FOR NATIONAL COOPERATIVE CONTRACT Version January 22, 2020 iii. Design, publication and distribution of co-branded marketing materials within first 90 days iv. Commitment to attendance and participation with OMNIA Partners at national (i.e. NIGP Annual Forum, NPI Conference, etc.), regional (i.e. Regional NIGP Chapter Meetings, Regional Cooperative Summits, etc.) and supplier-specific trade shows, conferences and meetings throughout the term of the Master Agreement v. Commitment to attend, exhibit and participate at the NIGP Annual Forum in an area reserved by OMNIA Partners for partner suppliers. Booth space will be purchased and staffed by Supplier. In addition, Supplier commits to provide reasonable assistance to the overall promotion and marketing efforts for the NIGP Annual Forum, as directed by OMNIA Partners. vi. Design and publication of national and regional advertising in trade publications throughout the term of the Master Agreement vii. Ongoing marketing and promotion of the Master Agreement throughout its term (case studies, collateral pieces, presentations, promotions, etc.) viii. Dedicated OMNIA Partners internet web-based homepage on Supplier’s website with: • OMNIA Partners standard logo; • Copy of original Request for Proposal; • Copy of Master Agreement and amendments between Principal Procurement Agency and Supplier; • Summary of Products and pricing; • Marketing Materials • Electronic link to OMNIA Partners’ website including the online registration page; • A dedicated toll-free number and email address for OMNIA Partners C. Describe how Supplier will transition any existing Public Agency customers’ accounts to the Master Agreement available nationally through OMNIA Partners. Include a list of current cooperative contracts (regional and national) Supplier holds and describe how the Master Agreement will be positioned among the other cooperative agreements. D. Acknowledge Supplier agrees to provide its logo(s) to OMNIA Partners and agrees to provide permission for reproduction of such logo in marketing communications and promotions. Acknowledge that use of OMNIA Partners logo will require permission for reproduction, as well. E. Confirm Supplier will be proactive in direct sales of Supplier’s goods and services to Public Agencies nationwide and the timely follow up to leads established by OMNIA Partners. All sales materials are to use the OMNIA Partners logo. At a minimum, the Supplier’s sales initiatives should communicate: i. Master Agreement was competitively solicited and publicly awarded by a Principal Procurement Agency 143 of 1132 148 OMNIA PARTNERS EXHIBITS EXHIBIT A- RESPONSE FOR NATIONAL COOPERATIVE CONTRACT Version January 22, 2020 ii. Best government pricing iii. No cost to participate iv. Non-exclusive F. Confirm Supplier will train its national sales force on the Master Agreement. At a minimum, sales training should include: i. Key features of Master Agreement ii. Working knowledge of the solicitation process iii. Awareness of the range of Public Agencies that can utilize the Master Agreement through OMNIA Partners iv. Knowledge of benefits of the use of cooperative contracts G. Provide the name, title, email and phone number for the person(s), who will be responsible for: i. Executive Support ii. Marketing iii. Sales iv. Sales Support v. Financial Reporting vi. Accounts Payable vii. Contracts H. Describe in detail how Supplier’s national sales force is structured, including contact information for the highest-level executive in charge of the sales team. I. Explain in detail how the sales teams will work with the OMNIA Partners team to implement, grow and service the national program. J. Explain in detail how Supplier will manage the overall national program throughout the term of the Master Agreement, including ongoing coordination of marketing and sales efforts, timely new Participating Public Agency account set-up, timely contract administration, etc. K. State the amount of Supplier’s Public Agency sales for the previous fiscal year. Provide a list of Supplier’s top 10 Public Agency customers, the total purchases for each for the previous fiscal year along with a key contact for each. L. Describe Supplier’s information systems capabilities and limitations regarding order management through receipt of payment, including description of multiple platforms that may be used for any of these functions. 144 of 1132 149 OMNIA PARTNERS EXHIBITS EXHIBIT A- RESPONSE FOR NATIONAL COOPERATIVE CONTRACT Version January 22, 2020 M. If the Supplier wants to guarantee sales, provide the Contract Sales (as defined in Section 10 of the National Intergovernmental Purchasing Alliance Company Administration Agreement) that Supplier will guarantee each year under the Master Agreement for the initial three years of the Master Agreement (“Guaranteed Contract Sales”). $_______.00 in year one $_______.00 in year two $_______.00 in year three To the extent Supplier guarantees minimum Contract Sales, the administration fee shall be calculated based on the greater of the actual Contract Sales and the Guaranteed Contract Sales. N. Even though it is anticipated many Public Agencies will be able to utilize the Master Agreement without further formal solicitation, there may be circumstances where Public Agencies will issue their own solicitations. The following options are available when responding to a solicitation for Products covered under the Master Agreement. i. Respond with Master Agreement pricing (Contract Sales reported to OMNIA Partners). ii. If competitive conditions require pricing lower than the standard Master Agreement not-to- exceed pricing, Supplier may respond with lower pricing through the Master Agreement. If Supplier is awarded the contract, the sales are reported as Contract Sales to OMNIA Partners under the Master Agreement. iii. Respond with pricing higher than Master Agreement only in the unlikely event that the Public Agency refuses to utilize Master Agreement (Contract Sales are not reported to OMNIA Partners). iv. If alternative or multiple proposals are permitted, respond with pricing higher than Master Agreement, and include Master Agreement as the alternate or additional proposal. Detail Supplier’s strategies under these options when responding to a solicitation. 145 of 1132 150 Version January 24, 2020 ADMINISTRATION AGREEMENT THIS ADMINISTRATION AGREEMENT (this “Agreement”) is made this ___ day of ______ 20__, between National Intergovernmental Purchasing Alliance Company, a Delaware corporation d/b/a OMNIA Partners, Public Sector (“OMNIA Partners”), and ________________ (“Supplier”). RECITALS WHEREAS, the ___________________ (the “Principal Procurement Agency”) has entered into a Master Agreement effective _________________, Agreement No_______, by and between the Principal Procurement Agency and Supplier, (as may be amended from time to time in accordance with the terms thereof, the “Master Agreement”), as attached hereto as Exhibit A and incorporated herein by reference as though fully set forth herein, for the purchase of ____________________________ (the “Product”); WHEREAS, said Master Agreement provides that any or all public agencies, including state and local governmental entities, public and private primary, secondary and higher education entities, non-profit entities, and agencies for the public benefit (collectively, “Public Agencies”), that register (either via registration on the OMNIA Partners website or execution of a Master Intergovernmental Cooperative Purchasing Agreement, attached hereto as Exhibit B) (each, hereinafter referred to as a “Participating Public Agency”) may purchase Product at prices stated in the Master Agreement; WHEREAS, Participating Public Agencies may access the Master Agreement which is offered through OMNIA Partners to Public Agencies; WHEREAS, OMNIA Partners serves as the contract administrator of the Master Agreement on behalf of Principal Procurement Agency; WHEREAS, Principal Procurement Agency desires OMNIA Partners to proceed with administration of the Master Agreement; and WHEREAS, OMNIA Partners and Supplier desire to enter into this Agreement to make available the Master Agreement to Participating Public Agencies and to set forth certain terms and conditions governing the relationship between OMNIA Partners and Supplier. NOW, THEREFORE, in consideration of the payments to be made hereunder and the mutual covenants contained in this Agreement, OMNIA Partners and Supplier hereby agree as follows: 146 of 1132 151 OMNIA® P A R T N E R S * <°NA TIONAL IPA - - ---- [ltP[Jll!NClD ,ocusro HIUSllD Version January 24, 2020 DEFINITIONS 1.Capitalized terms used in this Agreement and not otherwise defined herein shall have the meanings given to them in the Master Agreement. TERMS AND CONDITIONS 2.The Master Agreement and the terms and conditions contained therein shall apply to this Agreement except as expressly changed or modified by this Agreement. Supplier acknowledges and agrees that the covenants and agreements of Supplier set forth in the solicitation and Supplier’s response thereto resulting in the Master Agreement are incorporated herein and are an integral part hereof. 3.OMNIA Partners shall be afforded all of the rights, privileges and indemnifications afforded to Principal Procurement Agency by or from Supplier under the Master Agreement, and such rights, privileges and indemnifications shall accrue and apply with equal effect to OMNIA Partners, its agents, employees, directors, and representatives under this Agreement including, but not limited to, Supplier’s obligation to obtain appropriate insurance. 4.OMNIA Partners shall perform all of its duties, responsibilities and obligations as contract administrator of the Master Agreement on behalf of Principal Procurement Agency as set forth herein, and Supplier hereby acknowledges and agrees that all duties, responsibilities and obligations will be undertaken by OMNIA Partners solely in its capacity as the contract administrator under the Master Agreement. 5.With respect to any purchases by Principal Procurement Agency or any Participating Public Agency pursuant to the Master Agreement, OMNIA Partners shall not be: (i) construed as a dealer, re-marketer, representative, partner or agent of any type of the Supplier, Principal Procurement Agency or any Participating Public Agency; (ii) obligated, liable or responsible for any order for Product made by Principal Procurement Agency or any Participating Public Agency or any employee thereof under the Master Agreement or for any payment required to be made with respect to such order for Product; and (iii) obligated, liable or responsible for any failure by Principal Procurement Agency or any Participating Public Agency to comply with procedures or requirements of applicable law or the Master Agreement or to obtain the due authorization and approval necessary to purchase under the Master Agreement. OMNIA Partners makes no representation or guaranty with respect to any minimum purchases by Principal Procurement Agency or any Participating Public Agency or any employee thereof under this Agreement or the Master Agreement. 6.OMNIA Partners shall not be responsible for Supplier’s performance under the Master Agreement, and Supplier shall hold OMNIA Partners harmless from any liability that may arise from the acts or omissions of Supplier in connection with the Master Agreement. 7.WITHOUT LIMITING THE GENERALITY OF THE FOREGOING, OMNIA PARTNERS EXPRESSLY DISCLAIMS ALL EXPRESS OR IMPLIED REPRESENTATIONS AND WARRANTIES REGARDING OMNIA PARTNERS’ PERFORMANCE AS A CONTRACT ADMINISTRATOR OF THE MASTER AGREEMENT. OMNIA PARTNERS SHALL NOT BE LIABLE IN ANY WAY FOR ANY SPECIAL, INCIDENTAL, INDIRECT, CONSEQUENTIAL, EXEMPLARY, PUNITIVE, OR RELIANCE DAMAGES, EVEN IF OMNIA PARTNERS IS ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. 147 of 1132 152 Version January 24, 2020 TERM OF AGREEMENT; TERMINATION 8.This Agreement shall be in effect so long as the Master Agreement remains in effect, provided, however, that the provisions of Sections 3 – 8 and 12 – 23, hereof and the indemnifications afforded by the Supplier to OMNIA Partners in the Master Agreement, to the extent such provisions survive any expiration or termination of the Master Agreement, shall survive the expiration or termination of this Agreement. NATIONAL PROMOTION 9.OMNIA Partners and Supplier shall publicize and promote the availability of the Master Agreement’s products and services to Public Agencies and such agencies’ employees. Supplier shall require each Public Agency to register its participation in the OMNIA Partners program by either registering on the OMNIA Partners website (www.omniapartners.com/publicsector), or executing a Master Intergovernmental Cooperative Purchasing Agreement prior to processing the Participating Public Agency’s first sales order. Upon request, Supplier shall make available to interested Public Agencies a copy of the Master Agreement and such price lists or quotes as may be necessary for such Public Agencies to evaluate potential purchases. 10.Supplier shall provide such marketing and administrative support as set forth in the solicitation resulting in the Master Agreement, including assisting in development of marketing materials as reasonably requested by Principal Procurement Agency and OMNIA Partners. Supplier shall be responsible for obtaining permission or license of use and payment of any license fees for all content and images Supplier provides to OMNIA Partners or posts on the OMNIA Partners website. Supplier shall indemnify, defend and hold harmless OMNIA Partners for use of all such content and images including copyright infringement claims. Supplier and OMNIA Partners each hereby grant to the other party a limited, revocable, non-transferable, non-sublicensable right to use such party’s logo (each, the “Logo”) solely for use in marketing the Master Agreement. Each party shall provide the other party with the standard terms of use of such party’s Logo, and such party shall comply with such terms in all material respects. Both parties shall obtain approval from the other party prior to use of such party’s Logo. Notwithstanding the foregoing, the parties understand and agree that except as provided herein neither party shall have any right, title or interest in the other party’s Logo. Upon termination of this Agreement, each party shall immediately cease use of the other party’s Logo. ADMINISTRATIVE FEE, REPORTING & PAYMENT 11.An “Administrative Fee” shall be defined and due to OMNIA Partners from Supplier in the amount of __ percent (__%) (“Administrative Fee Percentage”) multiplied by the total purchase amount paid to Supplier, less refunds, credits on returns, rebates and discounts, for the sale of products and/or services to Principal Procurement Agency and Participating Public Agencies pursuant to the Master Agreement (as amended from time to time and including any renewal thereof) (“Contract Sales”). From time to time the parties may mutually agree in writing to a lower Administrative Fee Percentage for a specifically identified Participating Public Agency’s Contract Sales. 12.Supplier shall provide OMNIA Partners with an electronic accounting report monthly, in the format prescribed by OMNIA Partners, summarizing all Contract Sales for each calendar month. The Contract Sales reporting format is provided as Exhibit C (“Contract Sales Report”), attached hereto and incorporated herein by reference. Contract Sales Reports for each calendar month shall be provided by Supplier to OMNIA Partners by the 10th day of the following month. Failure to 148 of 1132 153 Version January 24, 2020 provide a Contract Sales Report within the time and manner specified herein shall constitute a material breach of this Agreement and if not cured within thirty (30) days of written notice to Supplier shall be deemed a cause for termination of the Master Agreement, at Principal Procurement Agency’s sole discretion, and/or this Agreement, at OMNIA Partners’ sole discretion. 13. Administrative Fee payments are to be paid by Supplier to OMNIA Partners at the frequency and on the due date stated in Section 13, above, for Supplier’s submission of corresponding Contract Sales Reports. Administrative Fee payments are to be made via Automated Clearing House (ACH) to the OMNIA Partners designated financial institution identified in Exhibit D. Failure to provide a payment of the Administrative Fee within the time and manner specified herein shall constitute a material breach of this Agreement and if not cured within thirty (30) days of written notice to Supplier shall be deemed a cause for termination of the Master Agreement, at Principal Procurement Agency’s sole discretion, and/or this Agreement, at OMNIA Partners’ sole discretion. All Administrative Fees not paid when due shall bear interest at a rate equal to the lesser of one and one-half percent (1 1/2%) per month or the maximum rate permitted by law until paid in full. 14. Supplier shall maintain an accounting of all purchases made by Participating Public Agencies under the Master Agreement. OMNIA Partners, or its designee, in OMNIA Partners’ sole discretion, reserves the right to compare Participating Public Agency records with Contract Sales Reports submitted by Supplier for a period of four (4) years from the date OMNIA Partners receives such report. In addition, OMNIA Partners may engage a third party to conduct an independent audit of Supplier’s monthly reports. In the event of such an audit, Supplier shall provide all materials reasonably requested relating to such audit by OMNIA Partners at the location designated by OMNIA Partners. In the event an underreporting of Contract Sales and a resulting underpayment of Administrative Fees is revealed, OMNIA Partners will notify the Supplier in writing. Supplier will have thirty (30) days from the date of such notice to resolve the discrepancy to OMNIA Partners’ reasonable satisfaction, including payment of any Administrative Fees due and owing, together with interest thereon in accordance with Section 13, and reimbursement of OMNIA Partners’ costs and expenses related to such audit. GENERAL PROVISIONS 15. This Agreement, the Master Agreement and the exhibits referenced herein supersede any and all other agreements, either oral or in writing, between the parties hereto with respect to the subject matter hereto and no other agreement, statement, or promise relating to the subject matter of this Agreement which is not contained or incorporated herein shall be valid or binding. In the event of any conflict between the provisions of this Agreement and the Master Agreement, as between OMNIA Partners and Supplier, the provisions of this Agreement shall prevail. 16. If any action at law or in equity is brought to enforce or interpret the provisions of this Agreement or to recover any Administrative Fee and accrued interest, the prevailing party shall be entitled to reasonable attorney’s fees and costs in addition to any other relief to which it may be entitled. 17. This Agreement and OMNIA Partners’ rights and obligations hereunder may be assigned at OMNIA Partners’ sole discretion to an affiliate of OMNIA Partners, any purchaser of any or all or substantially all of the assets of OMNIA Partners, or the successor entity as a result of a merger, reorganization, consolidation, conversion or change of control, whether by operation of law or otherwise. Supplier may not assign its obligations hereunder without the prior written consent of OMNIA Partners. 149 of 1132 154 Version January 24, 2020 18. All written communications given hereunder shall be delivered by first-class mail, postage prepaid, or overnight delivery on receipt to the addresses as set forth below. A. OMNIA Partners: OMNIA Partners Attn: President 840 Crescent Centre Drive Suite 600 Franklin, TN 37067 B. Supplier: ____________________ ____________________ ____________________ ____________________ 19. If any provision of this Agreement shall be deemed to be, or shall in fact be, illegal, inoperative or unenforceable, the same shall not affect any other provision or provisions herein contained or render the same invalid, inoperative or unenforceable to any extent whatever, and this Agreement will be construed by limiting or invalidating such provision to the minimum extent necessary to make such provision valid, legal and enforceable. 20. This Agreement may not be amended, changed, modified, or altered without the prior written consent of the parties hereto, and no provision of this Agreement may be discharged or waived, except by a writing signed by the parties. A waiver of any particular provision will not be deemed a waiver of any other provision, nor will a waiver given on one occasion be deemed to apply to any other occasion. 21. This Agreement shall inure to the benefit of and shall be binding upon OMNIA Partners, the Supplier and any respective successor and assign thereto; subject, however, to the limitations contained herein. 22. This Agreement will be construed under and governed by the laws of the State of Delaware, excluding its conflicts of law provisions and any action arising out of or related to this Agreement shall be commenced solely and exclusively in the state or federal courts in Williamson County Tennessee. 23. This Agreement may be executed in counterparts, each of which is an original but all of which, together, shall constitute but one and the same instrument. The exchange of copies of this Agreement and of signature pages by facsimile, or by .pdf or similar electronic transmission, will constitute effective execution and delivery of this Agreement as to the parties and may be used in lieu of the original Agreement for all purposes. Signatures of the parties transmitted by facsimile, or by .pdf or similar electronic transmission, will be deemed to be their original signatures for any purpose whatsoever. 150 of 1132 155 Version January 24, 2020 [INSERT SUPPLIER ENTITY NAME] NATIONAL INTERGOVERNMENTAL PURCHASING ALLIANCE COMPANY, A DELAWARE CORPORATION D/B/A OMNIA PARTNERS, PUBLIC SECTOR Signature Signature Sarah Vavra Name Name Sr. Vice President, Public Sector Contracting Title Title Date Date 151 of 1132 156 ADMINISTRATION AGREEMENT Exhibit A Master Agreement The Master Agreement, by and between the Principal Procurement Agency and the Supplier, is incorporated herein by reference as though fully set forth herein. 152 of 1132 157 Exhibit C MASTER INTERGOVERNMENTAL COOPERATIVE PURCHASING AGREEMENT This Master Intergovernmental Cooperative Purchasing Agreement (this “Agreement”) is entered into by and between those certain government agencies that execute a Principal Procurement Agency Certificate (“Principal Procurement Agencies”) with National Intergovernmental Purchasing Alliance Company, a Delaware corporation d/b/a OMNIA Partners, Public Sector and/or Communities Program Management, LLC, a California limited liability company d/b/a U.S. Communities (collectively, “OMNIA Partners”) to be appended and made a part hereof and such other public agencies (“Participating Public Agencies”) who register to participate in the cooperative purchasing programs administered by OMNIA Partners and its affiliates and subsidiaries (collectively, the “OMNIA Partners Parties”) by either registering on the OMNIA Partners website (www.omniapartners.com/publicsector or any successor website), or by executing a copy of this Agreement. RECITALS WHEREAS, after a competitive solicitation and selection process by Principal Procurement Agencies, in compliance with their own policies, procedures, rules and regulations, a number of suppliers have entered into “Master Agreements” (herein so called) to provide a variety of goods, products and services (“Products”) to the applicable Principal Procurement Agency and the Participating Public Agencies; WHEREAS, Master Agreements are made available by Principal Procurement Agencies through the OMNIA Partners Parties and provide that Participating Public Agencies may purchase Products on the same terms, conditions and pricing as the Principal Procurement Agency, subject to any applicable federal and/or local purchasing ordinances and the laws of the State of purchase; and WHEREAS, in addition to Master Agreements, the OMNIA Partners Parties may from time to time offer Participating Public Agencies the opportunity to acquire Products through other group purchasing agreements. NOW, THEREFORE, in consideration of the mutual promises contained in this Agreement, and of the mutual benefits to result, the parties hereby agree as follows: 1.Each party will facilitate the cooperative procurement of Products. 2.The Participating Public Agencies shall procure Products in accordance with and subject to the relevant federal, state and local statutes, ordinances, rules and regulations that govern Participating Public Agency’s procurement practices. The Participating Public Agencies hereby acknowledge and agree that it is the intent of the parties that all provisions of this Agreement and that Principal Procurement Agencies’ participation in the program described herein comply with all applicable laws, including but not limited to the requirements of 42 C.F.R. § 1001.952(j), as may be amended from time to time. The Participating Public Agencies further acknowledge and agree that they are solely responsible for their compliance with all applicable “safe harbor” regulations, including but not limited to any and all obligations to fully and accurately report discounts and incentives. 3.The Participating Public Agency represents and warrants that the Participating Public Agency is not a hospital or other healthcare provider and is not purchasing Products on behalf of a hospital or healthcare provider. 4.The cooperative use of Master Agreements shall be in accordance with the terms and conditions 153 of 1132 158 Exhibit C, continued of the Master Agreements, except as modification of those terms and conditions is otherwise required by applicable federal, state or local law, policies or procedures. 5. The Principal Procurement Agencies will make available, upon reasonable request, Master Agreement information which may assist in improving the procurement of Products by the Participating Public Agencies. 6. The Participating Public Agency agrees the OMNIA Partners Parties may provide access to group purchasing organization (“GPO”) agreements directly or indirectly by enrolling the Participating Public Agency in another GPO’s purchasing program provided the purchase of Products through the OMNIA Partners Parties or any other GPO shall be at the Participating Public Agency’s sole discretion. 7. The Participating Public Agencies (each a “Procuring Party”) that procure Products through any Master Agreement or GPO Product supply agreement (each a “GPO Contract”) will make timely payments to the distributor, manufacturer or other vendor (collectively, “Supplier”) for Products received in accordance with the terms and conditions of the Master Agreement or GPO Contract, as applicable. Payment for Products and inspections and acceptance of Products ordered by the Procuring Party shall be the exclusive obligation of such Procuring Party. Disputes between Procuring Party and any Supplier shall be resolved in accordance with the law and venue rules of the State of purchase unless otherwise agreed to by the Procuring Party and Supplier. 8. The Procuring Party shall not use this Agreement as a method for obtaining additional concessions or reduced prices for purchase of similar products or services outside of the Master Agreement. Master Agreements may be structured with not-to-exceed pricing, in which cases the Supplier may offer the Procuring Party and the Procuring Party may accept lower pricing or additional concessions for purchase of Products through a Master Agreement. 9. The Procuring Party shall be responsible for the ordering of Products under this Agreement. A non-procuring party shall not be liable in any fashion for any violation by a Procuring Party, and, to the extent permitted by applicable law, the Procuring Party shall hold non-procuring party harmless from any liability that may arise from the acts or omissions of the Procuring Party. 10. WITHOUT LIMITING THE GENERALITY OF THE FOREGOING, THE OMNIA PARTNERS PARTIES EXPRESSLY DISCLAIM ALL EXPRESS OR IMPLIED REPRESENTATIONS AND WARRANTIES REGARDING ANY PRODUCT, MASTER AGREEMENT AND GPO CONTRACT. THE OMNIA PARTNERS PARTIES SHALL NOT BE LIABLE IN ANY WAY FOR ANY SPECIAL, INCIDENTAL, INDIRECT, CONSEQUENTIAL, EXEMPLARY, PUNITIVE, OR RELIANCE DAMAGES, EVEN IF THE OMNIA PARTNERS PARTIES ARE ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. FURTHER, THE PROCURING PARTY ACKNOWLEDGES AND AGREES THAT THE OMNIA PARTNERS PARTIES SHALL HAVE NO LIABILITY FOR ANY ACT OR OMISSION BY A SUPPLIER OR OTHER PARTY UNDER A MASTER AGREEMENT OR GPO CONTRACT. 11. This Agreement shall remain in effect until termination by either party giving thirty (30) days’ written notice to the other party. The provisions of Paragraphs 6 - 10 hereof shall survive any such termination. 12. This Agreement shall take effect upon (i) execution of the Principal Procurement Agency Certificate, or (ii) registration on the OMNIA Partners website or the execution of this Agreement by a Participating Public Agency, as applicable. Version January 24, 2020 154 of 1132 159 Exhibit C, continued Version January 24, 2020 NATIONAL INTERGOVERNMENTAL PURCHASING ALLIANCE COMPANY, A DELAWARE CORPORATION D/B/A OMNIA PARTNERS, PUBLIC SECTOR AND/OR COMMUNITIES PROGRAM MANAGEMENT, LLC, A CALIFORNIA LIMITED LIABILITY COMPANY D/B/A U.S. COMMUNITIES Authorized Signature Signature Sarah E. Vavra Name Name Sr. Vice President, Public Sector Contracting Title and Agency Name Title Date Date 155 of 1132 160 Version January 22, 2020 Requirements for National Cooperative Contract PRINCIPAL PROCUREMENT AGENCY CERTIFICATE In its capacity as a Principal Procurement Agency (as defined below) for National Intergovernmental Purchasing Alliance Company, a Delaware corporation d/b/a OMNIA Partners, Public Sector (“OMNIA Partners”), [NAME OF PPA] agrees to pursue Master Agreements for Products as specified in the attached Exhibits to this Principal Procurement Agency Certificate. I hereby acknowledge, in my capacity as _____________ of and on behalf of [NAME OF PPA] (“Principal Procurement Agency”), that I have read and hereby agree to the general terms and conditions set forth in the attached Master Intergovernmental Cooperative Purchasing Agreement regulating the use of the Master Agreements and purchase of Products that from time to time are made available by Principal Procurement Agencies to Participating Public Agencies nationwide through OMNIA Partners. I understand that the purchase of one or more Products under the provisions of the Master Intergovernmental Cooperative Purchasing Agreement is at the sole and complete discretion of the Participating Public Agency. Authorized Signature, [PRINCIPAL PROCUREMENT AGENCY] Signature Name Title Date Example 156 of 1132 161 Requirements for National Cooperative Contract OMNIA PARTNERS EXHIBITS EXHIBIT E – OMNIA PARTNERS CONTRACT SALES REPORTING TEMPLATE 157 of 1132 162 OMNIA. ~IIHN•IN'; Tatt1S.rH $000 Gontt"actNu~ .Adm l11 Ftt !f. p A R T N E R s ~1111Pr,1ott Ti:ol AdMltl Ftt $0CI> FOR OMNIA USE ONL V ~lnt~ID ., -SlrtttAli!ireM S.1JitttiliddrHS1: div ..... PDsl al eadof. THMldlonO.t~ ~Amount A;d rnln,Ftt K Admln f ff N'ollH --lldtr.lt~Clw: ~~NWM - -- - -- Requirements for National Cooperative Contract Page 21 of 44 OMNIA PARTNERS EXHIBITS EXHIBIT F - FEDERAL FUNDS CERTIFICATIONS FEDERAL CERTIFICATIONS ADDENDUM FOR AGREEMENT FUNDED BY U.S. FEDERAL GRANT TO WHOM IT MAY CONCERN: Participating Agencies may elect to use federal funds to purchase under the Master Agreement. This form should be completed and returned. DEFINITIONS Contract means a legal instrument by which a non–Federal entity purchases property or services needed to carry out the project or program under a Federal award. The term as used in this part does not include a legal instrument, even if the non–Federal entity considers it a contract, when the substance of the transaction meets the definition of a Federal award or subaward Contractor means an entity that receives a contract as defined in Contract. Cooperative agreement means a legal instrument of financial assistance between a Federal awarding agency or pass-through entity and a non–Federal entity that, consistent with 31 U.S.C. 6302–6305: (a) Is used to enter into a relationship the principal purpose of which is to transfer anything of value from the Federal awarding agency or pass-through entity to the non–Federal entity to carry out a public purpose authorized by a law of the United States (see 31 U.S.C. 6101(3)); and not to acquire property or services for the Federal government or pass-through entity's direct benefit or use; (b) Is distinguished from a grant in that it provides for substantial involvement between the Federal awarding agency or pass-through entity and the non–Federal entity in carrying out the activity contemplated by the Federal award. (c) The term does not include: (1) A cooperative research and development agreement as defined in 15 U.S.C. 3710a; or (2) An agreement that provides only: (i) Direct United States Government cash assistance to an individual; (ii)A subsidy; (iii)A loan; (iv) A loan guarantee; or (v) Insurance. Federal awarding agency means the Federal agency that provides a Federal award directly to a non–Federal entity Federal award has the meaning, depending on the context, in either paragraph (a) or (b) of this section: (a)(1) The Federal financial assistance that a non–Federal entity receives directly from a Federal awarding agency or indirectly from a pass-through entity, as described in § 200.101 Applicability; or (2) The cost-reimbursement contract under the Federal Acquisition Regulations that a non–Federal entity receives directly from a Federal awarding agency or indirectly from a pass-through entity, as described in § 200.101 Applicability. (b) The instrument setting forth the terms and conditions. The instrument is the grant agreement, cooperative agreement, other agreement for assistance covered in paragraph (b) of § 200.40 Federal financial assistance, or the cost-reimbursement contract awarded under the Federal Acquisition Regulations. (c) Federal award does not include other contracts that a Federal agency uses to buy goods or services from a contractor or a contract to operate Federal government owned, contractor operated facilities (GOCOs). (d) See also definitions of Federal financial assistance, grant agreement, and cooperative agreement. Non–Federal entity means a state, local government, Indian tribe, institution of higher education (IHE), or nonprofit organization that carries out a Federal award as a recipient or subrecipient. Nonprofit organization means any corporation, trust, association, cooperative, or other organization, not including IHEs, that: (a) Is operated primarily for scientific, educational, service, charitable, or similar purposes in the public interest; (b) Is not organized primarily for profit; and 158 of 1132 163 Requirements for National Cooperative Contract OMNIA PARTNERS EXHIBITS EXHIBIT F - FEDERAL FUNDS CERTIFICATIONS (c) Uses net proceeds to maintain, improve, or expand the operations of the organization. Obligations means, when used in connection with a non–Federal entity's utilization of funds under a Federal award, orders placed for property and services, contracts and subawards made, and similar transactions during a given period that require payment by the non–Federal entity during the same or a future period. Pass-through entity means a non–Federal entity that provides a subaward to a subrecipient to carry out part of a Federal program. Recipient means a non–Federal entity that receives a Federal award directly from a Federal awarding agency to carry out an activity under a Federal program. The term recipient does not include subrecipients. Simplified acquisition threshold means the dollar amount below which a non–Federal entity may purchase property or services using small purchase methods. Non–Federal entities adopt small purchase procedures in order to expedite the purchase of items costing less than the simplified acquisition threshold. The simplified acquisition threshold is set by the Federal Acquisition Regulation at 48 CFR Subpart 2.1 (Definitions) and in accordance with 41 U.S.C. 1908. As of the publication of this part, the simplified acquisition threshold is $150,000, but this threshold is periodically adjusted for inflation. (Also see definition of § 200.67 Micro-purchase.) Subaward means an award provided by a pass-through entity to a subrecipient for the subrecipient to carry out part of a Federal award received by the pass-through entity. It does not include payments to a contractor or payments to an individual that is a beneficiary of a Federal program. A subaward may be provided through any form of legal agreement, including an agreement that the pass-through entity considers a contract. Subrecipient means a non–Federal entity that receives a subaward from a pass-through entity to carry out part of a Federal program; but does not include an individual that is a beneficiary of such program. A subrecipient may also be a recipient of other Federal awards directly from a Federal awarding agency. Termination means the ending of a Federal award, in whole or in part at any time prior to the planned end of period of performance. The following certifications and provisions may be required and apply when Participating Agency expends federal funds for any purchase resulting from this procurement process. Pursuant to 2 C.F.R. § 200.326, all contracts, including small purchases, awarded by the Participating Agency and the Participating Agency’s subcontractors shall contain the procurement provisions of Appendix II to Part 200, as applicable. APPENDIX II TO 2 CFR PART 200 (A) Contracts for more than the simplified acquisition threshold currently set at $150,000, which is the inflation adjusted amount determined by the Civilian Agency Acquisition Council and the Defense Acquisition Regulations Council (Councils) as authorized by 41 U.S.C. 1908, must address administrative, contractual, or legal remedies in instances where contractors violate or breach contract terms, and provide for such sanctions and penalties as appropriate. Pursuant to Federal Rule (A) above, when a Participating Agency expends federal funds, the Participating Agency reserves all rights and privileges under the applicable laws and regulations with respect to this procurement in the event of breach of contract by either party. Does offeror agree? YES Initials of Authorized Representative of offeror (B) Termination for cause and for convenience by the grantee or subgrantee including the manner by which it will be effected and the basis for settlement. (All contracts in excess of $10,000) Pursuant to Federal Rule (B) above, when a Participating Agency expends federal funds, the Participating Agency reserves the right to immediately terminate any agreement in excess of $10,000 resulting from this procurement process in the event of a breach or default of the agreement by Offeror as detailed in the terms of the contract. Does offeror agree? YES Initials of Authorized Representative of Page 22 of 44 159 of 1132 164 OMNIA PARTNERS EXHIBITS EXHIBIT F - FEDERAL FUNDS CERTIFICATIONS Requirements for National Cooperative Contract offeror (C) Equal Employment Opportunity. Except as otherwise provided under 41 CFR Part 60, all contracts that meet the definition of “federally assisted construction contract” in 41 CFR Part 60-1.3 must include the equal opportunity clause provided under 41 CFR 60-1.4(b), in accordance with Executive Order 11246, “Equal Employment Opportunity” (30 CFR 12319, 12935, 3 CFR Part, 1964-1965 Comp., p. 339), as amended by Executive Order 11375, “Amending Executive Order 11246 Relating to Equal Employment Opportunity,” and implementing regulations at 41 CFR part 60, “Office of Federal Contract Compliance Programs, Equal Employment Opportunity, Department of Labor.” Pursuant to Federal Rule (C) above, when a Participating Agency expends federal funds on any federally assisted construction contract, the equal opportunity clause is incorporated by reference herein. Does offeror agree to abide by the above? YES Initials of Authorized Representative of offeror (D) Davis-Bacon Act, as amended (40 U.S.C. 3141-3148). When required by Federal program legislation, all prime construction contracts in excess of $2,000 awarded by non-Federal entities must include a provision for compliance with the Davis-Bacon Act (40 U.S.C. 3141-3144, and 3146-3148) as supplemented by Department of Labor regulations (29 CFR Part 5, “Labor Standards Provisions Applicable to Contracts Covering Federally Financed and Assisted Construction”). In accordance with the statute, contractors must be required to pay wages to laborers and mechanics at a rate not less than the prevailing wages specified in a wage determination made by the Secretary of Labor. In addition, contractors must be required to pay wages not less than once a week. The non-Federal entity must place a copy of the current prevailing wage determination issued by the Department of Labor in each solicitation. The decision to award a contract or subcontract must be conditioned upon the acceptance of the wage determination. The non -Federal entity must report all suspected or reported violations to the Federal awarding agency. The contracts must also include a provision for compliance with the Copeland “Anti-Kickback” Act (40 U.S.C. 3145), as supplemented by Department of Labor regulations (29 CFR Part 3, “Contractors and Subcontractors on Public Building or Public Work Financed in Whole or in Part by Loans or Grants from the United States”). The Act provides that each contractor or subrecipient must be prohibited from inducing, by any means, any person employed in the construction, completion, or repair of public work, to give up any part of the compensation to which he or she is otherwise entitled. The non -Federal entity must report all suspected or reported violations to the Federal awarding agency. Pursuant to Federal Rule (D) above, when a Participating Agency expends federal funds during the term of an award for all contracts and subgrants for construction or repair, offeror will be in compliance with all applicable Davis-Bacon Act provisions. Does offeror agree? YES Initials of Authorized Representative of offeror (E) Contract Work Hours and Safety Standards Act (40 U.S.C. 3701-3708). Where applicable, all contracts awarded by the non-Federal entity in excess of $100,000 that involve the employment of mechanics or laborers must include a provision for compliance with 40 U.S.C. 3702 and 3704, as supplemented by Department of Labor regulations (29 CFR Part 5). Under 40 U.S.C. 3702 of the Act, each contractor must be required to compute the wages of every mechanic and laborer on the basis of a standard work week of 40 hours. Work in excess of the standard work week is permissible provided that the worker is compensated at a rate of not less than one and a half times the basic rate of pay for all hours worked in excess of 40 hours in the work week. The requirements of 40 U.S.C. 3704 are applicable to construction work and provide that no laborer or mechanic must be required to work in surroundings or under working conditions which are unsanitary, hazardous or dangerous. These requirements do not apply to the purchases of supplies or materials or articles ordinarily available on the open market, or contracts for transportation or transmission of intelligence. Pursuant to Federal Rule (E) above, when a Participating Agency expends federal funds, offeror certifies that offeror will be in compliance with all applicable provisions of the Contract Work Hours and Safety Standards Act during the term of an award for all contracts by Participating Agency resulting from this procurement process. Does offeror agree? YES Initials of Authorized Representative of offeror (F) Rights to Inventions Made Under a Contract or Agreement. If the Federal award meets the definition of “funding agreement” under 37 CFR §401.2 (a) and the recipient or subrecipient wishes to enter into a contract with a small business firm or nonprofit organization regarding the substitution of parties, assignment or performance of experimental, developmental, or research work under that “funding agreement,” the recipient or subrecipient must comply with the requirements of 37 CFR Part 401, “Rights to Inventions Made by Nonprofit Organizations and Small Page 23 of 44 160 of 1132 165 OMNIA PARTNERS EXHIBITS EXHIBIT F - FEDERAL FUNDS CERTIFICATIONS Requirements for National Cooperative Contract Page 24 of 44 Business Firms Under Government Grants, Contracts and Cooperative Agreements,” and any implementing regulations issued by the awarding agency. Pursuant to Federal Rule (F) above, when federal funds are expended by Participating Agency, the offeror certifies that during the term of an award for all contracts by Participating Agency resulting from this procurement process, the offeror agrees to comply with all applicable requirements as referenced in Federal Rule (F) above. Does offeror agree? YES Initials of Authorized Representative of offeror (G) Clean Air Act (42 U.S.C. 7401-7671q.) and the Federal Water Pollution Control Act (33 U.S.C. 1251-1387), as amended—Contracts and subgrants of amounts in excess of $150,000 must contain a provision that requires the non - Federal award to agree to comply with all applicable standards, orders or regulations issued pursuant to the Clean Air Act (42 U.S.C. 7401-7671q) and the Federal Water Pollution Control Act as amended (33 U.S.C. 1251- 1387). Violations must be reported to the Federal awarding agency and the Regional Office of the Environmental Protection Agency (EPA) Pursuant to Federal Rule (G) above, when federal funds are expended by Participating Agency, the offeror certifies that during the term of an award for all contracts by Participating Agency member resulting from this procurement process, the offeror agrees to comply with all applicable requirements as referenced in Federal Rule (G) above. Does offeror agree? YES Initials of Authorized Representative of offeror (H) Debarment and Suspension (Executive Orders 12549 and 12689)—A contract award (see 2 CFR 180.220) must not be made to parties listed on the government wide exclusions in the System for Award Management (SAM), in accordance with the Executive Office of the President Office of Management and Budget (OMB) guidelines at 2 CFR 180 that implement Executive Orders 12549 (3 CFR part 1986 Comp., p. 189) and 12689 (3 CFR part 1989 Comp., p. 235), “Debarment and Suspension.” SAM Exclusions contains the names of parties debarred, suspended, or otherwise excluded by agencies, as well as parties declared ineligible under statutory or regulatory authority other than Executive Order 12549. Pursuant to Federal Rule (H) above, when federal funds are expended by Participating Agency, the offeror certifies that during the term of an award for all contracts by Participating Agency resulting from this procurement process, the offeror certifies that neither it nor its principals is presently debarred, suspended, proposed for debarment, declared ineligible, or voluntarily excluded from participation by any federal department or agency. If at any time during the term of an award the offeror or its principals becomes debarred, suspended, proposed for debarment, declared ineligible, or voluntarily excluded from participation by any federal department or agency, the offeror will notify the Participating Agency. Does offeror agree? YES Initials of Authorized Representative of offeror (I) Byrd Anti-Lobbying Amendment (31 U.S.C. 1352)—Contractors that apply or bid for an award exceeding $100,000 must file the required certification. Each tier certifies to the tier above that it will not and has not used Federal appropriated funds to pay any person or organization for influencing or attempting to influence an officer or employee of any agency, a member of Congress, officer or employee of Congress, or an employee of a member of Congress in connection with obtaining any Federal contract, grant or any other award covered by 31 U.S.C. 1352. Each tier must also disclose any lobbying with non-Federal funds that takes place in connection with obtaining any Federal award. Such disclosures are forwarded from tier to tier up to the non-Federal award. Pursuant to Federal Rule (I) above, when federal funds are expended by Participating Agency, the offeror certifies that during the term and after the awarded term of an award for all contracts by Participating Agency resulting from this procurement process, the offeror certifies that it is in compliance with all applicable provisions of the Byrd Anti-Lobbying Amendment (31 U.S.C. 1352). The undersigned further certifies that: (1)No Federal appropriated funds have been paid or will be paid for on behalf of the undersigned, to any person for influencing or attempting to influence an officer or employee of any agency, a Member of Congress, an officer or employee of congress, or an employee of a Member of Congress in connection with the awarding of a Federal contract, the making of a Federal grant, the making of a Federal loan, the entering into a cooperative agreement, and the extension, continuation, renewal, amendment, or modification of a Federal contract, grant, loan, or cooperative agreement. (2)If any funds other than Federal appropriated funds have been paid or will be paid to any person for influencing or attempting to influence an officer or employee of any agency, a Member of Congress, an officer or employee of congress, or an employee of a Member of Congress in connection with this Federal grant or cooperative agreement, the undersigned shall 161 of 1132 166 OMNIA PARTNERS EXHIBITS EXHIBIT F - FEDERAL FUNDS CERTIFICATIONS Requirements for National Cooperative Contract Page 25 of 44 complete and submit Standard Form-LLL, “Disclosure Form to Report Lobbying”, in accordance with its instructions. (3)The undersigned shall require that the language of this certification be included in the award documents for all covered sub-awards exceeding $100,000 in Federal funds at all appropriate tiers and that all subrecipients shall certify and disclose accordingly. Does offeror agree? YES Initials of Authorized Representative of offeror RECORD RETENTION REQUIREMENTS FOR CONTRACTS INVOLVING FEDERAL FUNDS When federal funds are expended by Participating Agency for any contract resulting from this procurement process, offeror certifies that it will comply with the record retention requirements detailed in 2 CFR § 200.333. The offeror further certifies that offeror will retain all records as required by 2 CFR § 200.333 for a period of three years after grantees or subgrantees submit final expenditure reports or quarterly or annual financial reports, as applicable, and all other pending matters are closed. Does offeror agree? YES Initials of Authorized Representative of offeror CERTIFICATION OF COMPLIANCE WITH THE ENERGY POLICY AND CONSERVATION ACT When Participating Agency expends federal funds for any contract resulting from this procurement process, offeror certifies that it will comply with the mandatory standards and policies relating to energy efficiency which are contained in the state energy conservation plan issued in compliance with the Energy Policy and Conservation Act (42 U.S.C. 6321 et seq.; 49 C.F.R. Part 18). Does offeror agree? YES Initials of Authorized Representative of offeror CERTIFICATION OF COMPLIANCE WITH BUY AMERICA PROVISIONS To the extent purchases are made with Federal Highway Administration, Federal Railroad Administration, or Federal Transit Administration funds, offeror certifies that its products comply with all applicable provisions of the Buy America Act and agrees to provide such certification or applicable waiver with respect to specific products to any Participating Agency upon request. Purchases made in accordance with the Buy America Act must still follow the applicable procurement rules calling for free and open competition. Does offeror agree? YES Initials of Authorized Representative of offeror CERTIFICATION OF ACCESS TO RECORDS – 2 C.F.R. § 200.336 Offeror agrees that the Inspector General of the Agency or any of their duly authorized representatives shall have access to any documents, papers, or other records of offeror that are pertinent to offeror’s discharge of its obligations under the Contract for the purpose of making audits, examinations, excerpts, and transcriptions. The right also includes timely and reasonable access to offeror’s personnel for the purpose of interview and discussion relating to such documents. Does offeror agree? YES Initials of Authorized Representative of offeror CERTIFICATION OF APPLICABILITY TO SUBCONTRACTORS Offeror agrees that all contracts it awards pursuant to the Contract shall be bound by the foregoing terms and conditions. Does offeror agree? YES Initials of Authorized Representative of offeror Offeror agrees to comply with all federal, state, and local laws, rules, regulations and ordinances, as applicable. It is further acknowledged that offeror certifies compliance with all provisions, laws, acts, regulations, etc. as specifically noted above. Offeror’s Name: ____________________________________________________________________________________________ Address, City, State, and Zip Code: _____________________________________________________________________________ 162 of 1132 167 OMNIA PARTNERS EXHIBITS EXHIBIT F - FEDERAL FUNDS CERTIFICATIONS Requirements for National Cooperative Contract Page 26 of 44 Phone Number:___________________________________ Fax Number: ______________________________________ Printed Name and Title of Authorized Representative:______________________________________________________________________ Email Address: ____________________________________________________________________________________________ Signature of Authorized Representative: ____________________________________Date: _____________________________ 163 of 1132 168 Requirements for National Cooperative Contract OMNIA PARTNERS EXHIBITS EXHIBIT G- NEW JERSEY BUSINESS COMPLIANCE NEW JERSEY BUSINESS COMPLIANCE Suppliers intending to do business in the State of New Jersey must comply with policies and procedures required under New Jersey statues. All offerors submitting proposals must complete the following forms specific to the State of New Jersey. Completed forms should be submitted with the offeror’s response to the RFP. Failure to complete the New Jersey packet will impact OMNIA Partners’s ability to promote the Master Agreement in the State of New Jersey. DOC #1 Ownership Disclosure Form DOC #2 Non-Collusion Affidavit DOC #3 Affirmative Action Affidavit DOC #4 Political Contribution Disclosure Form DOC #5 Stockholder Disclosure Certification DOC #6 Certification of Non-Involvement in Prohibited Activities in Iran DOC #7 New Jersey Business Registration Certificate New Jersey suppliers are required to comply with the following New Jersey statutes when applicable: •all anti-discrimination laws, including those contained in N.J.S.A. 10:2-1 through N.J.S.A. 10:2-14, N.J.S.A. 10:5-1, and N.J.S.A. 10:5-31 through 10:5-38; •Prevailing Wage Act, N.J.S.A. 34:11-56.26, for all contracts within the contemplation of the Act; •Public Works Contractor Registration Act, N.J.S.A. 34:11-56.26; and •Bid and Performance Security, as required by the applicable municipal or state statutes. 164 of 1132 169 Requirements for National Cooperative Contract OMNIA PARTNERS EXHIBITS EXHIBIT G- NEW JERSEY BUSINESS COMPLIANCE DOC #1 OWNERSHIP DISCLOSURE FORM (N.J.S. 52:25-24.2) Pursuant to the requirements of P.L. 1999, Chapter 440 effective April 17, 2000 (Local Public Contracts Law), the offeror shall complete the form attached to these specifications listing the persons owning 10 percent (10%) or more of the firm presenting the proposal. Company Name: Street: City, State, Zip Code: Complete as appropriate: I _______________________________________, certify that I am the sole owner of ____________________________________, that there are no partners and the business is not incorporated, and the provisions of N.J.S. 52:25-24.2 do not apply. OR: I _______________________________________, a partner in___________________________, do hereby certify that the following is a list of all individual partners who own a 10% or greater interest therein. I further certify that if one (1) or more of the partners is itself a corporation or partnership, there is also set forth the names and addresses of the stockholders holding 10% or more of that corporation’s stock or the individual partners owning 10% or greater interest in that partnership. OR: I _______________________________________, an authorized representative of ______________________, a corporation, do hereby certify that the following is a list of the names and addresses of all stockholders in the corporation who own 10% or more of its stock of any class. I further certify that if one (1) or more of such stockholders is itself a corporation or partnership, that there is also set forth the names and addresses of the stockholders holding 10% or more of the corporation’s stock or the individual partners owning a 10% or greater interest in that partnership. (Note: If there are no partners or stockholders owning 10% or more interest, indicate none.) Name Address Interest I further certify that the statements and information contained herein, are complete and correct to the best of my knowledge and belief. Date Authorized Signature and Title 165 of 1132 170 Requirements for National Cooperative Contract OMNIA PARTNERS EXHIBITS EXHIBIT G- NEW JERSEY BUSINESS COMPLIANCE DOC #2 NON-COLLUSION AFFIDAVIT Company Name: ________________________________________ Street: ________________________________________________ City, State, Zip Code:____________________________________ State of ________________________________________________ County of ______________________________________________ I, of the_______________________________________________ Name City in the County of ____________________________, State of _______________________________ of full age, being duly sworn according to law on my oath depose and say that: I am the _________________________of the firm of _____________________________________ Title Company Name the Offeror making the Proposal for the goods, services or public work specified under the attached proposal, and that I executed the said proposal with full authority to do so; that said Offeror has not directly or indirectly entered into any agreement, participated in any collusion, or otherwise taken any action in restraint of free, competitive bidding in connection with the above proposal, and that all statements contained in said proposal and in this affidavit are true and correct, and made with full knowledge that relies upon the truth of the statements contained in said proposal and in the statements contained in this affidavit in awarding the contract for the said goods, services or public work. I further warrant that no person or selling agency has been employed or retained to solicit or secure such contract upon an agreement or understanding for a commission, percentage, brokerage or contingent fee, except bona fide employees or bona fide established commercial or selling agencies maintained by Company Name Authorized Signature & Title Subscribed and sworn before me this ______ day of ______________, 20____ __________________________________________ Notary Public of ______________________ My commission expires _________________ , 20____ 166 of 1132 171 Requirements for National Cooperative Contract SEAL OMNIA PARTNERS EXHIBITS EXHIBIT G- NEW JERSEY BUSINESS COMPLIANCE DOC #3 AFFIRMATIVE ACTION AFFIDAVIT (P.L. 1975, C.127) Company Name: Street: City, State, Zip Code: Proposal Certification: Indicate below company’s compliance with New Jersey Affirmative Action regulations. Company’s proposal will be accepted even if company is not in compliance at this time. No contract and/or purchase order may be issued, however, until all Affirmative Action requirements are met. Required Affirmative Action Evidence: Procurement, Professional & Service Contracts (Exhibit A) Vendors must submit with proposal: 1. A photo copy of their Federal Letter of Affirmative Action Plan Approval OR 2. A photo copy of their Certificate of Employee Information Report OR 3.A complete Affirmative Action Employee Information Report (AA302) ________ Public Work – Over $50,000 Total Project Cost: A.No approved Federal or New Jersey Affirmative Action Plan. We will complete Report Form AA201-A upon receipt from the B.Approved Federal or New Jersey Plan – certificate enclosed I further certify that the statements and information contained herein, are complete and correct to the best of my knowledge and belief. _______________________ _________________________________ Date Authorized Signature and Title 167 of 1132 172 Requirements for National Cooperative Contract OMNIA PARTNERS EXHIBITS EXHIBIT G- NEW JERSEY BUSINESS COMPLIANCE DOC #3, continued P.L. 1995, c. 127 (N.J.A.C. 17:27) MANDATORY AFFIRMATIVE ACTION LANGUAGE PROCUREMENT, PROFESSIONAL AND SERVICE CONTRACTS During the performance of this contract, the contractor agrees as follows: The contractor or subcontractor, where applicable, will not discriminate against any employee or applicant for employment because of age, race, creed, color, national origin, ancestry, marital status, sex, affectional or sexual orientation. The contractor will take affirmative action to ensure that such applicants are recruited and employed, and that employees are treated during employment, without regard to their age, race, creed, color, national origin, ancestry, marital status, sex, affectional or sexual orientation. Such action shall include, but not be limited to the following: employment, upgrading, demotion, or transfer; recruitment or recruitment advertising; layoff or termination; rates of pay or other forms of compensation; and selection for training, including apprenticeship. The contractor agrees to post in conspicuous places, available to employees and applicants for employment, notices to be provided by the Public Agency Compliance Officer setting forth provisions of this non-discrimination clause. The contractor or subcontractor, where applicable will, in all solicitations or advertisement for employees placed by or on behalf of the contractor, state that all qualified applicants will receive consideration for employment without regard to age, race, creed, color, national origin, ancestry, marital status, sex, affectional or sexual orientation. The contractor or subcontractor, where applicable, will send to each labor union or representative of workers with which it has a collective bargaining agreement or other contract or understanding, a notice, to be provided by the agency contracting officer advising the labor union or workers' representative of the contractor's commitments under this act and shall post copies of the notice in conspicuous places available to employees and applicants for employment. The contractor or subcontractor, where applicable, agrees to comply with any regulations promulgated by the Treasurer pursuant to P.L. 1975, c. 127, as amended and supplemented from time to time and the Americans with Disabilities Act. The contractor or subcontractor agrees to attempt in good faith to employ minority and female workers trade consistent with the applicable county employment goal prescribed by N.J.A.C. 17:27-5.2 promulgated by the Treasurer pursuant to P.L. 1975, C.127, as amended and supplemented from time to time or in accordance with a binding determination of the applicable county employment goals determined by the Affirmative Action Office pursuant to N.J.A.C. 17:27-5.2 promulgated by the Treasurer pursuant to P.L. 1975, C.127, as amended and supplemented from time to time. The contractor or subcontractor agrees to inform in writing appropriate recruitment agencies in the area, including employment agencies, placement bureaus, colleges, universities, labor unions, that it does not discriminate on the basis of age, creed, color, national origin, ancestry, marital status, sex, affectional or sexual orientation, and that it will discontinue the use of any recruitment agency which engages in direct or indirect discriminatory practices. The contractor or subcontractor agrees to revise any of it testing procedures, if necessary, to assure that all personnel testing conforms with the principles of job-related testing, as established by the statutes and court decisions of the state of New Jersey and as established by applicable Federal law and applicable Federal court decisions. The contractor or subcontractor agrees to review all procedures relating to transfer, upgrading, downgrading and lay-off to ensure that all such actions are taken without regard to age, creed, color, national origin, ancestry, marital status, sex, affectional or sexual orientation, and conform with the applicable employment goals, consistent with the statutes and court decisions of the State of New Jersey, and applicable Federal law and applicable Federal court decisions. The contractor and its subcontractors shall furnish such reports or other documents to the Affirmative Action Office as may be requested by the office from time to time in order to carry out the purposes of these regulations, and public agencies shall furnish such information as may be requested by the Affirmative Action Office for conducting a compliance investigation pursuant to Subchapter 10 of the Administrative Code (NJAC 17:27). ________________________________________________ Signature of Procurement Agent 168 of 1132 173 Requirements for National Cooperative Contract OMNIA PARTNERS EXHIBITS EXHIBIT G- NEW JERSEY BUSINESS COMPLIANCE C. 271 POLITICAL CONTRIBUTION DISCLOSURE FORM Public Agency Instructions This page provides guidance to public agencies entering into contracts with business entities that are required to file Political Contribution Disclosure forms with the agency. It is not intended to be provided to contractors. What follows are instructions on the use of form local units can provide to contractors that are required to disclose political contributions pursuant to N.J.S.A. 19:44A-20.26 (P.L. 2005, c. 271, s.2). Additional information on the process is available in Local Finance Notice 2006-1 (http://www.nj.gov/dca/divisions/dlgs/resources/lfns_2006.html). Please refer back to these instructions for the appropriate links, as the Local Finance Notices include links that are no longer operational. 1.The disclosure is required for all contracts in excess of $17,500 that are not awarded pursuant to a “fair and open” process (N.J.S.A. 19:44A-20.7). 2.Due to the potential length of some contractor submissions, the public agency should consider allowing data to be submitted in electronic form (i.e., spreadsheet, pdf file, etc.). Submissions must be kept with the contract documents or in an appropriate computer file and be available for public access. The form is worded to accept this alternate submission. The text should be amended if electronic submission will not be allowed. 3.The submission must be received from the contractor and on file at least 10 days prior to award of the contract. Resolutions of award should reflect that the disclosure has been received and is on file. 4.The contractor must disclose contributions made to candidate and party committees covering a wide range of public agencies, including all public agencies that have elected officials in the county of the public agency, state legislative positions, and various state entities. The Division of Local Government Services recommends that contractors be provided a list of the affected agencies. This will assist contractors in determining the campaign and political committees of the officials and candidates affected by the disclosure. a.The Division has prepared model disclosure forms for each county. They can be downloaded from the “County PCD Forms” link on the Pay-to-Play web site at http://www.nj.gov/dca/divisions/dlgs/programs/lpcl.html#12. They will be updated from time-to-time as necessary. b.A public agency using these forms should edit them to properly reflect the correct legislative district(s). As the forms are county-based, they list all legislative districts in each county. Districts that do not represent the public agency should be removed from the lists. c.Some contractors may find it easier to provide a single list that covers all contributions, regardless of the county. These submissions are appropriate and should be accepted. d.The form may be used “as-is”, subject to edits as described herein. e.The “Contractor Instructions” sheet is intended to be provided with the form. It is recommended that the Instructions and the form be printed on the same piece of paper. The form notes that the Instructions are printed on the back of the form; where that is not the case, the text should be edited accordingly. f.The form is a Word document and can be edited to meet local needs, and posted for download on web sites, used as an e-mail attachment, or provided as a printed document. 5.It is recommended that the contractor also complete a “Stockholder Disclosure Certification.” This will assist the local unit in its obligation to ensure that contractor did not make any prohibited contributions to the committees listed on the Business Entity Disclosure Certification in the 12 months prior to the contract (See Local Finance Notice 2006-7 for additional information on this obligation at http://www.nj.gov/dca/divisions/dlgs/resources/lfns_2006.html). A sample Certification form is part of this package and the instruction to complete it is included in the Contractor Instructions. NOTE: This section is not applicable to Boards of Education. DOC #4 169 of 1132 174 OMNIA PARTNERS EXHIBITS EXHIBIT G- NEW JERSEY BUSINESS COMPLIANCE C. 271 POLITICAL CONTRIBUTION DISCLOSURE FORM Contractor Instructions Business entities (contractors) receiving contracts from a public agency that are NOT awarded pursuant to a “fair and open” process (defined at N.J.S.A. 19:44A-20.7) are subject to the provisions of P.L. 2005, c. 271, s.2 (N.J.S.A. 19:44A- 20.26). This law provides that 10 days prior to the award of such a contract, the contractor shall disclose contributions to: •any State, county, or municipal committee of a political party •any legislative leadership committee* •any continuing political committee (a.k.a., political action committee) •any candidate committee of a candidate for, or holder of, an elective office: o of the public entity awarding the contract o of that county in which that public entity is located o of another public entity within that county o or of a legislative district in which that public entity is located or, when the public entity is a county, of any legislative district which includes all or part of the county The disclosure must list reportable contributions to any of the committees that exceed $300 per election cycle that were made during the 12 months prior to award of the contract. See N.J.S.A. 19:44A-8 and 19:44A-16 for more details on reportable contributions. N.J.S.A. 19:44A-20.26 itemizes the parties from whom contributions must be disclosed when a business entity is not a natural person. This includes the following: •individuals with an “interest” ownership or control of more than 10% of the profits or assets of a business entity or 10% of the stock in the case of a business entity that is a corporation for profit •all principals, partners, officers, or directors of the business entity or their spouses •any subsidiaries directly or indirectly controlled by the business entity •IRS Code Section 527 New Jersey based organizations, directly or indirectly controlled by the business entity and filing as continuing political committees, (PACs). When the business entity is a natural person, “a contribution by that person’s spouse or child, residing therewith, shall be deemed to be a contribution by the business entity.” [N.J.S.A. 19:44A-20.26(b)] The contributor must be listed on the disclosure. Any business entity that fails to comply with the disclosure provisions shall be subject to a fine imposed by ELEC in an amount to be determined by the Commission which may be based upon the amount that the business entity failed to report. The enclosed list of agencies is provided to assist the contractor in identifying those public agencies whose elected official and/or candidate campaign committees are affected by the disclosure requirement. It is the contractor’s responsibility to identify the specific committees to which contributions may have been made and need to be disclosed. The disclosed information may exceed the minimum requirement. The enclosed form, a content-consistent facsimile, or an electronic data file containing the required details (along with a signed cover sheet) may be used as the contractor’s submission and is disclosable to the public under the Open Public Records Act. The contractor must also complete the attached Stockholder Disclosure Certification. This will assist the agency in meeting its obligations under the law. NOTE: This section does not apply to Board of Education contracts. *N.J.S.A. 19:44A-3(s): “The term "legislative leadership committee" means a committee established, authorized to be established, or designated by the President of the Senate, the Minority Leader of the Senate, the Speaker of the General Assembly or the Minority Leader of the General Assembly pursuant to section 16 of P.L.1993, c.65 (C.19:44A-10.1) for the purpose of receiving contributions and making expenditures.” Requirements for National Cooperative Contract Doc #4, continued 170 of 1132 175 Requirements for National Cooperative Contract OMNIA PARTNERS EXHIBITS EXHIBIT G- NEW JERSEY BUSINESS COMPLIANCE C. 271 POLITICAL CONTRIBUTION DISCLOSURE FORM Required Pursuant to N.J.S.A. 19:44A-20.26 This form or its permitted facsimile must be submitted to the local unit no later than 10 days prior to the award of the contract. Part I – Vendor Information Vendor Name: Address: City: State: Zip: The undersigned being authorized to certify, hereby certifies that the submission provided herein represents compliance with the provisions of N.J.S.A. 19:44A-20.26 and as represented by the Instructions accompanying this form. _______________________ _______________________ ________________________ Signature Printed Name Title Part II – Contribution Disclosure Disclosure requirement: Pursuant to N.J.S.A. 19:44A-20.26 this disclosure must include all reportable political contributions (more than $300 per election cycle) over the 12 months prior to submission to the committees of the government entities listed on the form provided by the local unit.  Check here if disclosure is provided in electronic form Contributor Name Recipient Name Date Dollar Amount $  Check here if the information is continued on subsequent page(s) Doc #4, continued 171 of 1132 176 I I I I I Requirements for National Cooperative Contract OMNIA PARTNERS EXHIBITS EXHIBIT G- NEW JERSEY BUSINESS COMPLIANCE List of Agencies with Elected Officials Required for Political Contribution Disclosure N.J.S.A. 19:44A-20.26 County Name: State: Governor, and Legislative Leadership Committees Legislative District #s: State Senator and two members of the General Assembly per district. County: Freeholders County Clerk Sheriff {County Executive} Surrogate Municipalities (Mayor and members of governing body, regardless of title): USERS SHOULD CREATE THEIR OWN FORM, OR DOWNLOAD FROM THE PAY TO PLAY SECTION OF THE DLGS WEBSITE A COUNTY-BASED, CUSTOMIZABLE FORM. Doc #4, continued 172 of 1132 177 Requirements for National Cooperative Contract OMNIA PARTNERS EXHIBITS EXHIBIT G- NEW JERSEY BUSINESS COMPLIANCE DOC #5 STOCKHOLDER DISCLOSURE CERTIFICATION Name of Business:  I certify that the list below contains the names and home addresses of all stockholders holding 10% or more of the issued and outstanding stock of the undersigned. OR  I certify that no one stockholder owns 10% or more of the issued and outstanding stock of the undersigned. Check the box that represents the type of business organization: Partnership Corporation Sole Proprietorship Limited Partnership Limited Liability Corporation Limited Liability Partnership Subchapter S Corporation Sign and notarize the form below, and, if necessary, complete the stockholder list below. Stockholders: Name: Name: Home Address: Home Address: Name: Name: Home Address: Home Address: Name: Name: Home Address: Home Address: Subscribed and sworn before me this ___ day of ___________, 2__. (Notary Public) My Commission expires: _________________________________ (Affiant) ________________________________ (Print name & title of affiant) (Corporate Seal) 173 of 1132 178 Requirements for National Cooperative Contract OMNIA PARTNERS EXHIBITS EXHIBIT G- NEW JERSEY BUSINESS COMPLIANCE DOC #6 Certification of Non-Involvement in Prohibited Activities in Iran Pursuant to N.J.S.A. 52:32-58, Offerors must certify that neither the Offeror, nor any of its parents, subsidiaries, and/or affiliates (as defined in N.J.S.A. 52:32 – 56(e) (3)), is listed on the Department of the Treasury’s List of Persons or Entities Engaging in Prohibited Investment Activities in Iran and that neither is involved in any of the investment activities set forth in N.J.S.A. 52:32 – 56(f). Offerors wishing to do business in New Jersey through this contract must fill out the Certification of Non-Involvement in Prohibited Activities in Iran here: http://www.state.nj.us/humanservices/dfd/info/standard/fdc/disclosure_investmentact.pdf. Offerors should submit the above form completed with their proposal. 174 of 1132 179 Requirements for National Cooperative Contract OMNIA PARTNERS EXHIBITS EXHIBIT G- NEW JERSEY BUSINESS COMPLIANCE DOC #7 NEW JERSEY BUSINESS REGISTRATION CERTIFICATE (N.J.S.A. 52:32-44) Offerors wishing to do business in New Jersey must submit their State Division of Revenue issued Business Registration Certificate with their proposal here. Failure to do so will disqualify the Offeror from offering products or services in New Jersey through any resulting contract. http://www.state.nj.us/treasury/revenue/forms/njreg.pdf 175 of 1132 180 Requirements for National Cooperative Contract OMNIA PARTNERS EXHIBITS EXHIBIT H – OMNIA PARTNERS ADVERTISING COMPLIANCE REQUIREMENT Pursuant to certain state notice provisions, including but not limited to Oregon Revised Statutes Chapter 279A.220, the following public agencies and political subdivisions of the referenced public agencies are eligible to register with OMNIA Partners and access the Master Agreement contract award made pursuant to this solicitation, and are hereby given notice of the foregoing request for proposals for purposes of complying with the procedural requirements of said statutes: Nationwide: State of Alabama State of Hawaii State of Massachusetts State of New Mexico State of South Dakota State of Alaska State of Idaho State of Michigan State of New York State of Tennessee State of Arizona State of Illinois State of Minnesota State of North Carolina State of Texas State of Arkansas State of Indiana State of Mississippi State of North Dakota State of Utah State of California State of Iowa State of Missouri State of Ohio State of Vermont State of Colorado State of Kansas State of Montana State of Oklahoma State of Virginia State of Connecticut State of Kentucky State of Nebraska State of Oregon State of Washington State of Delaware State of Louisiana State of Nevada State of Pennsylvania State of West Virginia State of Florida State of Maine State of New Hampshire State of Rhode Island State of Wisconsin State of Georgia State of Maryland State of New Jersey State of South Carolina State of Wyoming District of Columbia Lists of political subdivisions and local governments in the above referenced states / districts may be found at http://www.usa.gov/Agencies/State_and_Territories.shtml and https://www.usa.gov/local-governments. Certain Public Agencies and Political Subdivisions: CITIES, TOWNS, VILLAGES AND BOROUGHS INCLUDING BUT NOT LIMITED TO: BAKER CITY GOLF COURSE, OR CITY OF ADAIR VILLAGE, OR CITY OF ASHLAND, OR CITY OF AUMSVILLE, OR CITY OF AURORA, OR CITY OF BAKER, OR CITY OF BATON ROUGE, LA CITY OF BEAVERTON, OR CITY OF BEND, OR CITY OF BOARDMAN, OR CITY OF BONANAZA, OR CITY OF BOSSIER CITY, LA CITY OF BROOKINGS, OR CITY OF BURNS, OR CITY OF CANBY, OR CITY OF CANYONVILLE, OR CITY OF CLATSKANIE, OR CITY OF COBURG, OR CITY OF CONDON, OR CITY OF COQUILLE, OR CITY OF CORVALLI, OR CITY OF CORVALLIS PARKS AND RECREATION DEPARTMENT, OR CITY OF COTTAGE GROVE, OR CITY OF DONALD, OR CITY OF EUGENE, OR CITY OF FOREST GROVE, OR CITY OF GOLD HILL, OR CITY OF GRANTS PASS, OR CITY OF GRESHAM, OR CITY OF HILLSBORO, OR CITY OF INDEPENDENCE, OR CITY AND COUNTY OF HONOLULU, HI CITY OF KENNER, LA CITY OF LA GRANDE, OR CITY OF LAFAYETTE, LA CITY OF LAKE CHARLES, OR CITY OF LEBANON, OR CITY OF MCMINNVILLE, OR CITY OF MEDFORD, OR CITY OF METAIRIE, LA CITY OF MILL CITY, OR CITY OF MILWAUKIE, OR CITY OF MONROE, LA CITY OF MOSIER, OR CITY OF NEW ORLEANS, LA CITY OF NORTH PLAINS, OR CITY OF OREGON CITY, OR CITY OF PILOT ROCK, OR CITY OF PORTLAND, OR CITY OF POWERS, OR CITY OF PRINEVILLE, OR CITY OF REDMOND, OR CITY OF REEDSPORT, OR CITY OF RIDDLE, OR CITY OF ROGUE RIVER, OR CITY OF ROSEBURG, OR CITY OF SALEM, OR CITY OF SANDY, OR CITY OF SCAPPOOSE, OR CITY OF SHADY COVE, OR CITY OF SHERWOOD, OR CITY OF SHREVEPORT, LA CITY OF SILVERTON, OR CITY OF SPRINGFIELD, OR CITY OF ST. HELENS, OR CITY OF ST. PAUL, OR CITY OF SULPHUR, LA CITY OF TIGARD, OR CITY OF TROUTDALE, OR 176 of 1132 181 [Type here] CITY OF TUALATIN, OR CITY OF WALKER, LA CITY OF WARRENTON, OR CITY OF WEST LINN, OR CITY OF WILSONVILLE, OR CITY OF WINSTON, OR CITY OF WOODBURN, OR LEAGUE OF OREGON CITES THE CITY OF HAPPY VALLEY OREGON ALPINE, UT ALTA, UT ALTAMONT, UT ALTON, UT AMALGA, UT AMERICAN FORK CITY, UT ANNABELLA, UT ANTIMONY, UT APPLE VALLEY, UT AURORA, UT BALLARD, UT BEAR RIVER CITY, UT BEAVER, UT BICKNELL, UT BIG WATER, UT BLANDING, UT BLUFFDALE, UT BOULDER, UT CITY OF BOUNTIFUL, UT BRIAN HEAD, UT BRIGHAM CITY CORPORATION, UT BRYCE CANYON CITY, UT CANNONVILLE, UT CASTLE DALE, UT CASTLE VALLEY, UT CITY OF CEDAR CITY, UT CEDAR FORT, UT CITY OF CEDAR HILLS, UT CENTERFIELD, UT CENTERVILLE CITY CORPORATION, UT CENTRAL VALLEY, UT CHARLESTON, UT CIRCLEVILLE, UT CLARKSTON, UT CLAWSON, UT CLEARFIELD, UT CLEVELAND, UT CLINTON CITY CORPORATION, UT COALVILLE, UT CORINNE, UT CORNISH, UT COTTONWOOD HEIGHTS, UT DANIEL, UT DELTA, UT DEWEYVILLE, UT DRAPER CITY, UT DUCHESNE, UT EAGLE MOUNTAIN, UT EAST CARBON, UT ELK RIDGE, UT ELMO, UT ELSINORE, UT ELWOOD, UT EMERY, UT ENOCH, UT ENTERPRISE, UT EPHRAIM, UT ESCALANTE, UT EUREKA, UT FAIRFIELD, UT FAIRVIEW, UT FARMINGTON, UT FARR WEST, UT FAYETTE, UT FERRON, UT FIELDING, UT FILLMORE, UT FOUNTAIN GREEN, UT FRANCIS, UT FRUIT HEIGHTS, UT GARDEN CITY, UT GARLAND, UT GENOLA, UT GLENDALE, UT GLENWOOD, UT GOSHEN, UT GRANTSVILLE, UT GREEN RIVER, UT GUNNISON, UT HANKSVILLE, UT HARRISVILLE, UT HATCH, UT HEBER CITY CORPORATION, UT HELPER, UT HENEFER, UT HENRIEVILLE, UT HERRIMAN, UT HIDEOUT, UT HIGHLAND, UT HILDALE, UT HINCKLEY, UT HOLDEN, UT HOLLADAY, UT HONEYVILLE, UT HOOPER, UT HOWELL, UT HUNTINGTON, UT HUNTSVILLE, UT CITY OF HURRICANE, UT HYDE PARK, UT HYRUM, UT INDEPENDENCE, UT IVINS, UT JOSEPH, UT JUNCTION, UT KAMAS, UT KANAB, UT KANARRAVILLE, UT KANOSH, UT KAYSVILLE, UT KINGSTON, UT KOOSHAREM, UT LAKETOWN, UT LA VERKIN, UT LAYTON, UT LEAMINGTON, UT LEEDS, UT LEHI CITY CORPORATION, UT LEVAN, UT LEWISTON, UT LINDON, UT LOA, UT LOGAN CITY, UT 177 of 1132 182 [Type here] LYMAN, UT LYNNDYL, UT MANILA, UT MANTI, UT MANTUA, UT MAPLETON, UT MARRIOTT-SLATERVILLE, UT MARYSVALE, UT MAYFIELD, UT MEADOW, UT MENDON, UT MIDVALE CITY INC., UT MIDWAY, UT MILFORD, UT MILLVILLE, UT MINERSVILLE, UT MOAB, UT MONA, UT MONROE, UT CITY OF MONTICELLO, UT MORGAN, UT MORONI, UT MOUNT PLEASANT, UT MURRAY CITY CORPORATION, UT MYTON, UT NAPLES, UT NEPHI, UT NEW HARMONY, UT NEWTON, UT NIBLEY, UT NORTH LOGAN, UT NORTH OGDEN, UT NORTH SALT LAKE CITY, UT OAK CITY, UT OAKLEY, UT OGDEN CITY CORPORATION, UT OPHIR, UT ORANGEVILLE, UT ORDERVILLE, UT OREM, UT PANGUITCH, UT PARADISE, UT PARAGONAH, UT PARK CITY, UT PAROWAN, UT PAYSON, UT PERRY, UT PLAIN CITY, UT PLEASANT GROVE CITY, UT PLEASANT VIEW, UT PLYMOUTH, UT PORTAGE, UT PRICE, UT PROVIDENCE, UT PROVO, UT RANDOLPH, UT REDMOND, UT RICHFIELD, UT RICHMOND, UT RIVERDALE, UT RIVER HEIGHTS, UT RIVERTON CITY, UT ROCKVILLE, UT ROCKY RIDGE, UT ROOSEVELT CITY CORPORATION, UT ROY, UT RUSH VALLEY, UT CITY OF ST. GEORGE, UT SALEM, UT SALINA, UT SALT LAKE CITY CORPORATION, UT SANDY, UT SANTA CLARA, UT SANTAQUIN, UT SARATOGA SPRINGS, UT SCIPIO, UT SCOFIELD, UT SIGURD, UT SMITHFIELD, UT SNOWVILLE, UT CITY OF SOUTH JORDAN, UT SOUTH OGDEN, UT CITY OF SOUTH SALT LAKE, UT SOUTH WEBER, UT SPANISH FORK, UT SPRING CITY, UT SPRINGDALE, UT SPRINGVILLE, UT STERLING, UT STOCKTON, UT SUNNYSIDE, UT SUNSET CITY CORP, UT SYRACUSE, UT TABIONA, UT CITY OF TAYLORSVILLE, UT TOOELE CITY CORPORATION, UT TOQUERVILLE, UT TORREY, UT TREMONTON CITY, UT TRENTON, UT TROPIC, UT UINTAH, UT VERNAL CITY, UT VERNON, UT VINEYARD, UT VIRGIN, UT WALES, UT WALLSBURG, UT WASHINGTON CITY, UT WASHINGTON TERRACE, UT WELLINGTON, UT WELLSVILLE, UT WENDOVER, UT WEST BOUNTIFUL, UT WEST HAVEN, UT WEST JORDAN, UT WEST POINT, UT WEST VALLEY CITY, UT WILLARD, UT WOODLAND HILLS, UT WOODRUFF, UT WOODS CROSS, UT COUNTIES AND PARISHES INCLUDING BUT NOT LIMITED TO: ASCENSION PARISH, LA ASCENSION PARISH, LA, CLEAR OF COURT CADDO PARISH, LA CALCASIEU PARISH, LA CALCASIEU PARISH SHERIFF’S OFFICE, LA CITY AND COUNTY OF HONOLULU, HI CLACKAMAS COUNTY, OR 178 of 1132 183 [Type here] CLACKAMAS COUNTY DEPT OF TRANSPORTATION, OR CLATSOP COUNTY, OR COLUMBIA COUNTY, OR COOS COUNTY, OR COOS COUNTY HIGHWAY DEPARTMENT, OR COUNTY OF HAWAII, OR CROOK COUNTY, OR CROOK COUNTY ROAD DEPARTMENT, OR CURRY COUNTY, OR DESCHUTES COUNTY, OR DOUGLAS COUNTY, OR EAST BATON ROUGE PARISH, LA GILLIAM COUNTY, OR GRANT COUNTY, OR HARNEY COUNTY, OR HARNEY COUNTY SHERIFFS OFFICE, OR HAWAII COUNTY, HI HOOD RIVER COUNTY, OR JACKSON COUNTY, OR JEFFERSON COUNTY, OR JEFFERSON PARISH, LA JOSEPHINE COUNTY GOVERNMENT, OR LAFAYETTE CONSOLIDATED GOVERNMENT, LA LAFAYETTE PARISH, LA LAFAYETTE PARISH CONVENTION & VISITORS COMMISSION LAFOURCHE PARISH, LA KAUAI COUNTY, HI KLAMATH COUNTY, OR LAKE COUNTY, OR LANE COUNTY, OR LINCOLN COUNTY, OR LINN COUNTY, OR LIVINGSTON PARISH, LA MALHEUR COUNTY, OR MAUI COUNTY, HI MARION COUNTY, SALEM, OR MORROW COUNTY, OR MULTNOMAH COUNTY, OR MULTNOMAH COUNTY BUSINESS AND COMMUNITY SERVICES, OR MULTNOMAH COUNTY SHERIFFS OFFICE, OR MULTNOMAH LAW LIBRARY, OR ORLEANS PARISH, LA PLAQUEMINES PARISH, LA POLK COUNTY, OR RAPIDES PARISH, LA SAINT CHARLES PARISH, LA SAINT CHARLES PARISH PUBLIC SCHOOLS, LA SAINT LANDRY PARISH, LA SAINT TAMMANY PARISH, LA SHERMAN COUNTY, OR TERREBONNE PARISH, LA TILLAMOOK COUNTY, OR TILLAMOOK COUNTY SHERIFF'S OFFICE, OR TILLAMOOK COUNTY GENERAL HOSPITAL, OR UMATILLA COUNTY, OR UNION COUNTY, OR WALLOWA COUNTY, OR WASCO COUNTY, OR WASHINGTON COUNTY, OR WEST BATON ROUGE PARISH, LA WHEELER COUNTY, OR YAMHILL COUNTY, OR COUNTY OF BOX ELDER, UT COUNTY OF CACHE, UT COUNTY OF RICH, UT COUNTY OF WEBER, UT COUNTY OF MORGAN, UT COUNTY OF DAVIS, UT COUNTY OF SUMMIT, UT COUNTY OF DAGGETT, UT COUNTY OF SALT LAKE, UT COUNTY OF TOOELE, UT COUNTY OF UTAH, UT COUNTY OF WASATCH, UT COUNTY OF DUCHESNE, UT COUNTY OF UINTAH, UT COUNTY OF CARBON, UT COUNTY OF SANPETE, UT COUNTY OF JUAB, UT COUNTY OF MILLARD, UT COUNTY OF SEVIER, UT COUNTY OF EMERY, UT COUNTY OF GRAND, UT COUNTY OF BEVER, UT COUNTY OF PIUTE, UT COUNTY OF WAYNE, UT COUNTY OF SAN JUAN, UT COUNTY OF GARFIELD, UT COUNTY OF KANE, UT COUNTY OF IRON, UT COUNTY OF WASHINGTON, UT OTHER AGENCIES INCLUDING ASSOCIATIONS, BOARDS, DISTRICTS, COMMISSIONS, COUNCILS, PUBLIC CORPORATIONS, PUBLIC DEVELOPMENT AUTHORITIES, RESERVATIONS AND UTILITIES INCLUDING BUT NOT LIMITED TO: ADAIR R.F.P.D., OR ADEL WATER IMPROVEMENT DISTRICT, OR ADRIAN R.F.P.D., OR AGNESS COMMUNITY LIBRARY, OR AGNESS-ILLAHE R.F.P.D., OR AGRICULTURE EDUCATION SERVICE EXTENSION DISTRICT, OR ALDER CREEK-BARLOW WATER DISTRICT NO. 29, OR ALFALFA FIRE DISTRICT, OR ALSEA R.F.P.D., OR ALSEA RIVIERA WATER IMPROVEMENT DISTRICT, OR AMITY FIRE DISTRICT, OR ANTELOPE MEADOWS SPECIAL ROAD DISTRICT, OR APPLE ROGUE DISTRICT IMPROVEMENT COMPANY, OR APPLEGATE VALLEY R.F.P.D. #9, OR ARCH CAPE DOMESTIC WATER SUPPLY DISTRICT, OR ARCH CAPE SANITARY DISTRICT, OR ARNOLD IRRIGATION DISTRICT, OR ASH CREEK WATER CONTROL DISTRICT, OR ATHENA CEMETERY MAINTENANCE DISTRICT, OR AUMSVILLE R.F.P.D., OR AURORA R.F.P.D., OR AZALEA R.F.P.D., OR BADGER IMPROVEMENT DISTRICT, OR BAILEY-SPENCER R.F.P.D., OR BAKER COUNTY LIBRARY DISTRICT, OR BAKER R.F.P.D., OR BAKER RIVERTON ROAD DISTRICT, OR 179 of 1132 184 [Type here] BAKER VALLEY IRRIGATION DISTRICT, OR BAKER VALLEY S.W.C.D., OR BAKER VALLEY VECTOR CONTROL DISTRICT, OR BANDON CRANBERRY WATER CONTROL DISTRICT, OR BANDON R.F.P.D., OR BANKS FIRE DISTRICT, OR BANKS FIRE DISTRICT #13, OR BAR L RANCH ROAD DISTRICT, OR BARLOW WATER IMPROVEMENT DISTRICT, OR BASIN AMBULANCE SERVICE DISTRICT, OR BASIN TRANSIT SERVICE TRANSPORTATION DISTRICT, OR BATON ROUGE WATER COMPANY BAY AREA HEALTH DISTRICT, OR BAYSHORE SPECIAL ROAD DISTRICT, OR BEAR VALLEY SPECIAL ROAD DISTRICT, OR BEAVER CREEK WATER CONTROL DISTRICT, OR BEAVER DRAINAGE IMPROVEMENT COMPANY, INC., OR BEAVER SLOUGH DRAINAGE DISTRICT, OR BEAVER SPECIAL ROAD DISTRICT, OR BEAVER WATER DISTRICT, OR BELLE MER S.I.G.L. TRACTS SPECIAL ROAD DISTRICT, OR BEND METRO PARK AND RECREATION DISTRICT BENTON S.W.C.D., OR BERNDT SUBDIVISION WATER IMPROVEMENT DISTRICT, OR BEVERLY BEACH WATER DISTRICT, OR BIENVILLE PARISH FIRE PROTECTION DISTRICT 6, LA BIG BEND IRRIGATION DISTRICT, OR BIGGS SERVICE DISTRICT, OR BLACK BUTTE RANCH DEPARTMENT OF POLICE SERVICES, OR BLACK BUTTE RANCH R.F.P.D., OR BLACK MOUNTAIN WATER DISTRICT, OR BLODGETT-SUMMIT R.F.P.D., OR BLUE MOUNTAIN HOSPITAL DISTRICT, OR BLUE MOUNTAIN TRANSLATOR DISTRICT, OR BLUE RIVER PARK & RECREATION DISTRICT, OR BLUE RIVER WATER DISTRICT, OR BLY R.F.P.D., OR BLY VECTOR CONTROL DISTRICT, OR BLY WATER AND SANITARY DISTRICT, OR BOARDMAN CEMETERY MAINTENANCE DISTRICT, OR BOARDMAN PARK AND RECREATION DISTRICT BOARDMAN R.F.P.D., OR BONANZA BIG SPRINGS PARK & RECREATION DISTRICT, OR BONANZA MEMORIAL PARK CEMETERY DISTRICT, OR BONANZA R.F.P.D., OR BONANZA-LANGELL VALLEY VECTOR CONTROL DISTRICT, OR BORING WATER DISTRICT #24, OR BOULDER CREEK RETREAT SPECIAL ROAD DISTRICT, OR BRIDGE R.F.P.D., OR BROOKS COMMUNITY SERVICE DISTRICT, OR BROWNSVILLE R.F.P.D., OR BUELL-RED PRAIRIE WATER DISTRICT, OR BUNKER HILL R.F.P.D. #1, OR BUNKER HILL SANITARY DISTRICT, OR BURLINGTON WATER DISTRICT, OR BURNT RIVER IRRIGATION DISTRICT, OR BURNT RIVER S.W.C.D., OR CALAPOOIA R.F.P.D., OR CAMAS VALLEY R.F.P.D., OR CAMELLIA PARK SANITARY DISTRICT, OR CAMMANN ROAD DISTRICT, OR CAMP SHERMAN ROAD DISTRICT, OR CANBY AREA TRANSIT, OR CANBY R.F.P.D. #62, OR CANBY UTILITY BOARD, OR CANNON BEACH R.F.P.D., OR CANYONVILLE SOUTH UMPQUA FIRE DISTRICT, OR CAPE FERRELO R.F.P.D., OR CAPE FOULWEATHER SANITARY DISTRICT, OR CARLSON PRIMROSE SPECIAL ROAD DISTRICT, OR CARMEL BEACH WATER DISTRICT, OR CASCADE VIEW ESTATES TRACT 2, OR CEDAR CREST SPECIAL ROAD DISTRICT, OR CEDAR TRAILS SPECIAL ROAD DISTRICT, OR CEDAR VALLEY - NORTH BANK R.F.P.D., OR CENTRAL CASCADES FIRE AND EMS, OR CENTRAL CITY ECONOMIC OPPORTUNITY CORP, LA CENTRAL LINCOLN P.U.D., OR CENTRAL OREGON COAST FIRE & RESCUE DISTRICT, OR CENTRAL OREGON INTERGOVERNMENTAL COUNCIL CENTRAL OREGON IRRIGATION DISTRICT, OR CHAPARRAL WATER CONTROL DISTRICT, OR CHARLESTON FIRE DISTRICT, OR CHARLESTON SANITARY DISTRICT, OR CHARLOTTE ANN WATER DISTRICT, OR CHEHALEM PARK & RECREATION DISTRICT, OR CHEHALEM PARK AND RECREATION DISTRICT CHEMULT R.F.P.D., OR CHENOWITH WATER P.U.D., OR CHERRIOTS, OR CHETCO COMMUNITY PUBLIC LIBRARY DISTRICT, OR CHILOQUIN VECTOR CONTROL DISTRICT, OR CHILOQUIN-AGENCY LAKE R.F.P.D., OR CHINOOK DRIVE SPECIAL ROAD DISTRICT, OR CHR DISTRICT IMPROVEMENT COMPANY, OR CHRISTMAS VALLEY DOMESTIC WATER DISTRICT, OR CHRISTMAS VALLEY PARK & RECREATION DISTRICT, OR CHRISTMAS VALLEY R.F.P.D., OR CITY OF BOGALUSA SCHOOL BOARD, LA CLACKAMAS COUNTY FIRE DISTRICT #1, OR CLACKAMAS COUNTY SERVICE DISTRICT #1, OR CLACKAMAS COUNTY VECTOR CONTROL DISTRICT, OR CLACKAMAS RIVER WATER CLACKAMAS RIVER WATER, OR CLACKAMAS S.W.C.D., OR CLATSKANIE DRAINAGE IMPROVEMENT COMPANY, OR CLATSKANIE LIBRARY DISTRICT, OR CLATSKANIE P.U.D., OR CLATSKANIE PARK & RECREATION DISTRICT, OR CLATSKANIE PEOPLE'S UTILITY DISTRICT CLATSKANIE R.F.P.D., OR CLATSOP CARE CENTER HEALTH DISTRICT, OR CLATSOP COUNTY S.W.C.D., OR 180 of 1132 185 [Type here] CLATSOP DRAINAGE IMPROVEMENT COMPANY #15, INC., OR CLEAN WATER SERVICES CLEAN WATER SERVICES, OR CLOVERDALE R.F.P.D., OR CLOVERDALE SANITARY DISTRICT, OR CLOVERDALE WATER DISTRICT, OR COALEDO DRAINAGE DISTRICT, OR COBURG FIRE DISTRICT, OR COLESTIN RURAL FIRE DISTRICT, OR COLTON R.F.P.D., OR COLTON WATER DISTRICT #11, OR COLUMBIA 911 COMMUNICATIONS DISTRICT, OR COLUMBIA COUNTY 4-H & EXTENSION SERVICE DISTRICT, OR COLUMBIA DRAINAGE VECTOR CONTROL, OR COLUMBIA IMPROVEMENT DISTRICT, OR COLUMBIA R.F.P.D., OR COLUMBIA RIVER FIRE & RESCUE, OR COLUMBIA RIVER PUD, OR COLUMBIA S.W.C.D., OR COLUMBIA S.W.C.D., OR CONFEDERATED TRIBES OF THE UMATILLA INDIAN RESERVATION COOS COUNTY AIRPORT DISTRICT, OR COOS COUNTY AIRPORT DISTRICT, OR COOS COUNTY AREA TRANSIT SERVICE DISTRICT, OR COOS COUNTY AREA TRANSIT SERVICE DISTRICT, OR COOS FOREST PROTECTIVE ASSOCIATION COOS S.W.C.D., OR COQUILLE R.F.P.D., OR COQUILLE VALLEY HOSPITAL DISTRICT, OR CORBETT WATER DISTRICT, OR CORNELIUS R.F.P.D., OR CORP RANCH ROAD WATER IMPROVEMENT, OR CORVALLIS R.F.P.D., OR COUNTRY CLUB ESTATES SPECIAL WATER DISTRICT, OR COUNTRY CLUB WATER DISTRICT, OR COUNTRY ESTATES ROAD DISTRICT, OR COVE CEMETERY MAINTENANCE DISTRICT, OR COVE ORCHARD SEWER SERVICE DISTRICT, OR COVE R.F.P.D., OR CRESCENT R.F.P.D., OR CRESCENT SANITARY DISTRICT, OR CRESCENT WATER SUPPLY AND IMPROVEMENT DISTRICT, OR CROOK COUNTY AGRICULTURE EXTENSION SERVICE DISTRICT, OR CROOK COUNTY CEMETERY DISTRICT, OR CROOK COUNTY FIRE AND RESCUE, OR CROOK COUNTY PARKS & RECREATION DISTRICT, OR CROOK COUNTY S.W.C.D., OR CROOK COUNTY VECTOR CONTROL DISTRICT, OR CROOKED RIVER RANCH R.F.P.D., OR CROOKED RIVER RANCH SPECIAL ROAD DISTRICT, OR CRYSTAL SPRINGS WATER DISTRICT, OR CURRY COUNTY 4-H & EXTENSION SERVICE DISTRICT, OR CURRY COUNTY PUBLIC TRANSIT SERVICE DISTRICT, OR CURRY COUNTY S.W.C.D., OR CURRY HEALTH DISTRICT, OR CURRY PUBLIC LIBRARY DISTRICT, OR DALLAS CEMETERY DISTRICT #4, OR DARLEY DRIVE SPECIAL ROAD DISTRICT, OR DAVID CROCKETT STEAM FIRE COMPANY #1, LA DAYS CREEK R.F.P.D., OR DAYTON FIRE DISTRICT, OR DEAN MINARD WATER DISTRICT, OR DEE IRRIGATION DISTRICT, OR DEER ISLAND DRAINAGE IMPROVEMENT COMPANY, OR DELL BROGAN CEMETERY MAINTENANCE DISTRICT, OR DEPOE BAY R.F.P.D., OR DESCHUTES COUNTY 911 SERVICE DISTRICT, OR DESCHUTES COUNTY R.F.P.D. #2, OR DESCHUTES PUBLIC LIBRARY DISTRICT, OR DESCHUTES S.W.C.D., OR DESCHUTES VALLEY WATER DISTRICT, OR DEVILS LAKE WATER IMPROVEMENT DISTRICT, OR DEXTER R.F.P.D., OR DEXTER SANITARY DISTRICT, OR DORA-SITKUM R.F.P.D., OR DOUGLAS COUNTY FIRE DISTRICT #2, OR DOUGLAS S.W.C.D., OR DRAKES CROSSING R.F.P.D., OR DRRH SPECIAL ROAD DISTRICT #6, OR DRY GULCH DITCH DISTRICT IMPROVEMENT COMPANY, OR DUFUR RECREATION DISTRICT, OR DUMBECK LANE DOMESTIC WATER SUPPLY, OR DUNDEE R.F.P.D., OR DURKEE COMMUNITY BUILDING PRESERVATION DISTRICT, OR EAGLE POINT IRRIGATION DISTRICT, OR EAGLE VALLEY CEMETERY MAINTENANCE DISTRICT, OR EAGLE VALLEY R.F.P.D., OR EAGLE VALLEY S.W.C.D., OR EAST FORK IRRIGATION DISTRICT, OR EAST MULTNOMAH S.W.C.D., OR EAST SALEM SERVICE DISTRICT, OR EAST UMATILLA CHEMICAL CONTROL DISTRICT, OR EAST UMATILLA COUNTY AMBULANCE AREA HEALTH DISTRICT, OR EAST UMATILLA COUNTY R.F.P.D., OR EAST VALLEY WATER DISTRICT, OR ELGIN COMMUNITY PARKS & RECREATION DISTRICT, OR ELGIN HEALTH DISTRICT, OR ELGIN R.F.P.D., OR ELKTON ESTATES PHASE II SPECIAL ROAD DISTRICT, OR ELKTON R.F.P.D., OR EMERALD P.U.D., OR ENTERPRISE IRRIGATION DISTRICT, OR ESTACADA CEMETERY MAINTENANCE DISTRICT, OR ESTACADA R.F.P.D. #69, OR EUGENE R.F.P.D. # 1, OR EUGENE WATER AND ELECTRIC BOARD EVANS VALLEY FIRE DISTRICT #6, OR FAIR OAKS R.F.P.D., OR FAIRVIEW R.F.P.D., OR FAIRVIEW WATER DISTRICT, OR 181 of 1132 186 [Type here] FALCON HEIGHTS WATER AND SEWER, OR FALCON-COVE BEACH WATER DISTRICT, OR FALL RIVER ESTATES SPECIAL ROAD DISTRICT, OR FARGO INTERCHANGE SERVICE DISTRICT, OR FARMERS IRRIGATION DISTRICT, OR FAT ELK DRAINAGE DISTRICT, OR FERN RIDGE PUBLIC LIBRARY DISTRICT, OR FERN VALLEY ESTATES IMPROVEMENT DISTRICT, OR FOR FAR ROAD DISTRICT, OR FOREST GROVE R.F.P.D., OR FOREST VIEW SPECIAL ROAD DISTRICT, OR FORT ROCK-SILVER LAKE S.W.C.D., OR FOUR RIVERS VECTOR CONTROL DISTRICT, OR FOX CEMETERY MAINTENANCE DISTRICT, OR GARDINER R.F.P.D., OR GARDINER SANITARY DISTRICT, OR GARIBALDI R.F.P.D., OR GASTON R.F.P.D., OR GATES R.F.P.D., OR GEARHART R.F.P.D., OR GILLIAM S.W.C.D., OR GLENDALE AMBULANCE DISTRICT, OR GLENDALE R.F.P.D., OR GLENEDEN BEACH SPECIAL ROAD DISTRICT, OR GLENEDEN SANITARY DISTRICT, OR GLENWOOD WATER DISTRICT, OR GLIDE - IDLEYLD SANITARY DISTRICT, OR GLIDE R.F.P.D., OR GOLD BEACH - WEDDERBURN R.F.P.D., OR GOLD HILL IRRIGATION DISTRICT, OR GOLDFINCH ROAD DISTRICT, OR GOSHEN R.F.P.D., OR GOVERNMENT CAMP ROAD DISTRICT, OR GOVERNMENT CAMP SANITARY DISTRICT, OR GRAND PRAIRIE WATER CONTROL DISTRICT, OR GRAND RONDE SANITARY DISTRICT, OR GRANT COUNTY TRANSPORTATION DISTRICT, OR GRANT S.W.C.D., OR GRANTS PASS IRRIGATION DISTRICT, OR GREATER BOWEN VALLEY R.F.P.D., OR GREATER ST. HELENS PARK & RECREATION DISTRICT, OR GREATER TOLEDO POOL RECREATION DISTRICT, OR GREEN KNOLLS SPECIAL ROAD DISTRICT, OR GREEN SANITARY DISTRICT, OR GREENACRES R.F.P.D., OR GREENBERRY IRRIGATION DISTRICT, OR GREENSPRINGS RURAL FIRE DISTRICT, OR HAHLEN ROAD SPECIAL DISTRICT, OR HAINES CEMETERY MAINTENANCE DISTRICT, OR HAINES FIRE PROTECTION DISTRICT, OR HALSEY-SHEDD R.F.P.D., OR HAMLET R.F.P.D., OR HARBOR R.F.P.D., OR HARBOR SANITARY DISTRICT, OR HARBOR WATER P.U.D., OR HARNEY COUNTY HEALTH DISTRICT, OR HARNEY S.W.C.D., OR HARPER SOUTH SIDE IRRIGATION DISTRICT, OR HARRISBURG FIRE AND RESCUE, OR HAUSER R.F.P.D., OR HAZELDELL RURAL FIRE DISTRICT, OR HEBO JOINT WATER-SANITARY AUTHORITY, OR HECETA WATER P.U.D., OR HELIX CEMETERY MAINTENANCE DISTRICT #4, OR HELIX PARK & RECREATION DISTRICT, OR HELIX R.F.P.D. #7-411, OR HEPPNER CEMETERY MAINTENANCE DISTRICT, OR HEPPNER R.F.P.D., OR HEPPNER WATER CONTROL DISTRICT, OR HEREFORD COMMUNITY HALL RECREATION DISTRICT, OR HERMISTON CEMETERY DISTRICT, OR HERMISTON IRRIGATION DISTRICT, OR HIDDEN VALLEY MOBILE ESTATES IMPROVEMENT DISTRICT, OR HIGH DESERT PARK & RECREATION DISTRICT, OR HIGHLAND SUBDIVISION WATER DISTRICT, OR HONOLULU INTERNATIONAL AIRPORT HOOD RIVER COUNTY LIBRARY DISTRICT, OR HOOD RIVER COUNTY TRANSPORTATION DISTRICT, OR HOOD RIVER S.W.C.D., OR HOOD RIVER VALLEY PARKS & RECREATION DISTRICT, OR HOODLAND FIRE DISTRICT #74 HOODLAND FIRE DISTRICT #74, OR HORSEFLY IRRIGATION DISTRICT, OR HOSKINS-KINGS VALLEY R.F.P.D., OR HOUSING AUTHORITY OF PORTLAND HUBBARD R.F.P.D., OR HUDSON BAY DISTRICT IMPROVEMENT COMPANY, OR I N (KAY) YOUNG DITCH DISTRICT IMPROVEMENT COMPANY, OR ICE FOUNTAIN WATER DISTRICT, OR IDAHO POINT SPECIAL ROAD DISTRICT, OR IDANHA-DETROIT RURAL FIRE PROTECTION DISTRICT, OR ILLINOIS VALLEY FIRE DISTRICT ILLINOIS VALLEY R.F.P.D., OR ILLINOIS VALLEY S.W.C.D., OR IMBLER R.F.P.D., OR INTERLACHEN WATER P.U.D., OR IONE LIBRARY DISTRICT, OR IONE R.F.P.D. #6-604, OR IRONSIDE CEMETERY MAINTENANCE DISTRICT, OR IRONSIDE RURAL ROAD DISTRICT #5, OR IRRIGON PARK & RECREATION DISTRICT, OR IRRIGON R.F.P.D., OR ISLAND CITY AREA SANITATION DISTRICT, OR ISLAND CITY CEMETERY MAINTENANCE DISTRICT, OR JACK PINE VILLAGE SPECIAL ROAD DISTRICT, OR JACKSON COUNTY FIRE DISTRICT #3, OR JACKSON COUNTY FIRE DISTRICT #4, OR JACKSON COUNTY FIRE DISTRICT #5, OR JACKSON COUNTY LIBRARY DISTRICT, OR JACKSON COUNTY VECTOR CONTROL DISTRICT, OR JACKSON S.W.C.D., OR JASPER KNOLLS WATER DISTRICT, OR JEFFERSON COUNTY EMERGENCY MEDICAL SERVICE DISTRICT, OR JEFFERSON COUNTY FIRE DISTRICT #1, OR JEFFERSON COUNTY LIBRARY DISTRICT, OR JEFFERSON COUNTY S.W.C.D., OR JEFFERSON PARK & RECREATION DISTRICT, OR JEFFERSON R.F.P.D., OR JOB'S DRAINAGE DISTRICT, OR JOHN DAY WATER DISTRICT, OR 182 of 1132 187 [Type here] JOHN DAY-CANYON CITY PARKS & RECREATION DISTRICT, OR JOHN DAY-FERNHILL R.F.P.D. #5-108, OR JORDAN VALLEY CEMETERY DISTRICT, OR JORDAN VALLEY IRRIGATION DISTRICT, OR JOSEPHINE COMMUNITY LIBRARY DISTRICT, OR JOSEPHINE COUNTY 4-H & EXTENSION SERVICE DISTRICT, OR JOSEPHINE COUNTY 911 AGENCY, OR JUNCTION CITY R.F.P.D., OR JUNCTION CITY WATER CONTROL DISTRICT, OR JUNIPER BUTTE ROAD DISTRICT, OR JUNIPER CANYON WATER CONTROL DISTRICT, OR JUNIPER FLAT DISTRICT IMPROVEMENT COMPANY, OR JUNIPER FLAT R.F.P.D., OR JUNO NONPROFIT WATER IMPROVEMENT DISTRICT, OR KEATING R.F.P.D., OR KEATING S.W.C.D., OR KEIZER R.F.P.D., OR KELLOGG RURAL FIRE DISTRICT, OR KENO IRRIGATION DISTRICT, OR KENO PINES ROAD DISTRICT, OR KENO R.F.P.D., OR KENT WATER DISTRICT, OR KERBY WATER DISTRICT, OR K-GB-LB WATER DISTRICT, OR KILCHIS WATER DISTRICT, OR KLAMATH 9-1-1 COMMUNICATIONS DISTRICT, OR KLAMATH BASIN IMPROVEMENT DISTRICT, OR KLAMATH COUNTY DRAINAGE SERVICE DISTRICT, OR KLAMATH COUNTY EXTENSION SERVICE DISTRICT, OR KLAMATH COUNTY FIRE DISTRICT #1, OR KLAMATH COUNTY FIRE DISTRICT #3, OR KLAMATH COUNTY FIRE DISTRICT #4, OR KLAMATH COUNTY FIRE DISTRICT #5, OR KLAMATH COUNTY LIBRARY SERVICE DISTRICT, OR KLAMATH COUNTY PREDATORY ANIMAL CONTROL DISTRICT, OR KLAMATH DRAINAGE DISTRICT, OR KLAMATH FALLS FOREST ESTATES SPECIAL ROAD DISTRICT UNIT #2, OR KLAMATH INTEROPERABILITY RADIO GROUP, OR KLAMATH IRRIGATION DISTRICT, OR KLAMATH RIVER ACRES SPECIAL ROAD DISTRICT, OR KLAMATH S.W.C.D., OR KLAMATH VECTOR CONTROL DISTRICT, OR KNAPPA-SVENSEN-BURNSIDE R.F.P.D., OR LA GRANDE CEMETERY MAINTENANCE DISTRICT, OR LA GRANDE R.F.P.D., OR LA PINE PARK & RECREATION DISTRICT, OR LA PINE R.F.P.D., OR LABISH VILLAGE SEWAGE & DRAINAGE, OR LACOMB IRRIGATION DISTRICT, OR LAFAYETTE AIRPORT COMMISSION, LA LAFOURCHE PARISH HEALTH UNIT – DHH-OPH REGION 3 LAIDLAW WATER DISTRICT, OR LAKE CHINOOK FIRE & RESCUE, OR LAKE COUNTY 4-H & EXTENSION SERVICE DISTRICT, OR LAKE COUNTY LIBRARY DISTRICT, OR LAKE CREEK R.F.P.D. - JACKSON, OR LAKE CREEK R.F.P.D. - LANE COUNTY, OR LAKE DISTRICT HOSPITAL, OR LAKE GROVE R.F.P.D. NO. 57, OR LAKE GROVE WATER DISTRICT, OR LAKE LABISH WATER CONTROL DISTRICT, OR LAKE POINT SPECIAL ROAD DISTRICT, OR LAKESIDE R.F.P.D. #4, OR LAKESIDE WATER DISTRICT, OR LAKEVIEW R.F.P.D., OR LAKEVIEW S.W.C.D., OR LAMONTAI IMPROVEMENT DISTRICT, OR LANE FIRE AUTHORITY, OR LANE LIBRARY DISTRICT, OR LANE TRANSIT DISTRICT, OR LANGELL VALLEY IRRIGATION DISTRICT, OR LANGLOIS PUBLIC LIBRARY, OR LANGLOIS R.F.P.D., OR LANGLOIS WATER DISTRICT, OR LAZY RIVER SPECIAL ROAD DISTRICT, OR LEBANON AQUATIC DISTRICT, OR LEBANON R.F.P.D., OR LEWIS & CLARK R.F.P.D., OR LINCOLN COUNTY LIBRARY DISTRICT, OR LINCOLN S.W.C.D., OR LINN COUNTY EMERGENCY TELEPHONE AGENCY, OR LINN S.W.C.D., OR LITTLE MUDDY CREEK WATER CONTROL, OR LITTLE NESTUCCA DRAINAGE DISTRICT, OR LITTLE SWITZERLAND SPECIAL ROAD DISTRICT, OR LONE PINE IRRIGATION DISTRICT, OR LONG PRAIRIE WATER DISTRICT, OR LOOKINGGLASS OLALLA WATER CONTROL DISTRICT, OR LOOKINGGLASS RURAL FIRE DISTRICT, OR LORANE R.F.P.D., OR LOST & BOULDER DITCH IMPROVEMENT DISTRICT, OR LOST CREEK PARK SPECIAL ROAD DISTRICT, OR LOUISIANA PUBLIC SERVICE COMMISSION, LA LOUISIANA WATER WORKS LOWELL R.F.P.D., OR LOWER MCKAY CREEK R.F.P.D., OR LOWER MCKAY CREEK WATER CONTROL DISTRICT, OR LOWER POWDER RIVER IRRIGATION DISTRICT, OR LOWER SILETZ WATER DISTRICT, OR LOWER UMPQUA HOSPITAL DISTRICT, OR LOWER UMPQUA PARK & RECREATION DISTRICT, OR LOWER VALLEY WATER IMPROVEMENT DISTRICT, OR LUCE LONG DITCH DISTRICT IMPROVEMENT CO., OR LUSTED WATER DISTRICT, OR LYONS R.F.P.D., OR LYONS-MEHAMA WATER DISTRICT, OR MADRAS AQUATIC CENTER DISTRICT, OR MAKAI SPECIAL ROAD DISTRICT, OR MALHEUR COUNTY S.W.C.D., OR MALHEUR COUNTY VECTOR CONTROL DISTRICT, OR 183 of 1132 188 [Type here] MALHEUR DISTRICT IMPROVEMENT COMPANY, OR MALHEUR DRAINAGE DISTRICT, OR MALHEUR MEMORIAL HEALTH DISTRICT, OR MALIN COMMUNITY CEMETERY MAINTENANCE DISTRICT, OR MALIN COMMUNITY PARK & RECREATION DISTRICT, OR MALIN IRRIGATION DISTRICT, OR MALIN R.F.P.D., OR MAPLETON FIRE DEPARTMENT, OR MAPLETON WATER DISTRICT, OR MARCOLA WATER DISTRICT, OR MARION COUNTY EXTENSION & 4H SERVICE DISTRICT, OR MARION COUNTY FIRE DISTRICT #1, OR MARION JACK IMPROVEMENT DISTRICT, OR MARION S.W.C.D., OR MARY'S RIVER ESTATES ROAD DISTRICT, OR MCDONALD FOREST ESTATES SPECIAL ROAD DISTRICT, OR MCKAY ACRES IMPROVEMENT DISTRICT, OR MCKAY DAM R.F.P.D. # 7-410, OR MCKENZIE FIRE & RESCUE, OR MCKENZIE PALISADES WATER SUPPLY CORPORATION, OR MCMINNVILLE R.F.P.D., OR MCNULTY WATER P.U.D., OR MEADOWS DRAINAGE DISTRICT, OR MEDFORD IRRIGATION DISTRICT, OR MEDFORD R.F.P.D. #2, OR MEDFORD WATER COMMISSION MEDICAL SPRINGS R.F.P.D., OR MELHEUR COUNTY JAIL, OR MERLIN COMMUNITY PARK DISTRICT, OR MERRILL CEMETERY MAINTENANCE DISTRICT, OR MERRILL PARK DISTRICT, OR MERRILL R.F.P.D., OR METRO REGIONAL GOVERNMENT METRO REGIONAL PARKS METROPOLITAN EXPOSITION RECREATION COMMISSION METROPOLITAN SERVICE DISTRICT (METRO) MID COUNTY CEMETERY MAINTENANCE DISTRICT, OR MID-COLUMBIA FIRE AND RESCUE, OR MIDDLE FORK IRRIGATION DISTRICT, OR MIDLAND COMMUNITY PARK, OR MIDLAND DRAINAGE IMPROVEMENT DISTRICT, OR MILES CROSSING SANITARY SEWER DISTRICT, OR MILL CITY R.F.P.D. #2-303, OR MILL FOUR DRAINAGE DISTRICT, OR MILLICOMA RIVER PARK & RECREATION DISTRICT, OR MILLINGTON R.F.P.D. #5, OR MILO VOLUNTEER FIRE DEPARTMENT, OR MILTON-FREEWATER AMBULANCE SERVICE AREA HEALTH DISTRICT, OR MILTON-FREEWATER WATER CONTROL DISTRICT, OR MIROCO SPECIAL ROAD DISTRICT, OR MIST-BIRKENFELD R.F.P.D., OR MODOC POINT IRRIGATION DISTRICT, OR MODOC POINT SANITARY DISTRICT, OR MOHAWK VALLEY R.F.P.D., OR MOLALLA AQUATIC DISTRICT, OR MOLALLA R.F.P.D. #73, OR MONITOR R.F.P.D., OR MONROE R.F.P.D., OR MONUMENT CEMETERY MAINTENANCE DISTRICT, OR MONUMENT S.W.C.D., OR MOOREA DRIVE SPECIAL ROAD DISTRICT, OR MORO R.F.P.D., OR MORROW COUNTY HEALTH DISTRICT, OR MORROW COUNTY UNIFIED RECREATION DISTRICT, OR MORROW S.W.C.D., OR MOSIER FIRE DISTRICT, OR MOUNTAIN DRIVE SPECIAL ROAD DISTRICT, OR MT. ANGEL R.F.P.D., OR MT. HOOD IRRIGATION DISTRICT, OR MT. LAKI CEMETERY DISTRICT, OR MT. VERNON R.F.P.D., OR MULINO WATER DISTRICT #1, OR MULTNOMAH COUNTY DRAINAGE DISTRICT #1, OR MULTNOMAH COUNTY R.F.P.D. #10, OR MULTNOMAH COUNTY R.F.P.D. #14, OR MULTNOMAH EDUCATION SERVICE DISTRICT MYRTLE CREEK R.F.P.D., OR NEAH-KAH-NIE WATER DISTRICT, OR NEDONNA R.F.P.D., OR NEHALEM BAY FIRE AND RESCUE, OR NEHALEM BAY HEALTH DISTRICT, OR NEHALEM BAY WASTEWATER AGENCY, OR NESIKA BEACH-OPHIR WATER DISTRICT, OR NESKOWIN REGIONAL SANITARY AUTHORITY, OR NESKOWIN REGIONAL WATER DISTRICT, OR NESTUCCA R.F.P.D., OR NETARTS WATER DISTRICT, OR NETARTS-OCEANSIDE R.F.P.D., OR NETARTS-OCEANSIDE SANITARY DISTRICT, OR NEW BRIDGE WATER SUPPLY DISTRICT, OR NEW CARLTON FIRE DISTRICT, OR NEW ORLEANS REDEVELOPMENT AUTHORITY, LA NEW PINE CREEK R.F.P.D., OR NEWBERG R.F.P.D., OR NEWBERRY ESTATES SPECIAL ROAD DISTRICT, OR NEWPORT R.F.P.D., OR NEWT YOUNG DITCH DISTRICT IMPROVEMENT COMPANY, OR NORTH ALBANY R.F.P.D., OR NORTH BAY R.F.P.D. #9, OR NORTH CLACKAMAS PARKS & RECREATION DISTRICT, OR NORTH COUNTY RECREATION DISTRICT, OR NORTH DOUGLAS COUNTY FIRE & EMS, OR NORTH DOUGLAS PARK & RECREATION DISTRICT, OR NORTH GILLIAM COUNTY HEALTH DISTRICT, OR NORTH GILLIAM COUNTY R.F.P.D., OR NORTH LAKE HEALTH DISTRICT, OR NORTH LEBANON WATER CONTROL DISTRICT, OR NORTH LINCOLN FIRE & RESCUE DISTRICT #1, OR NORTH LINCOLN HEALTH DISTRICT, OR NORTH MORROW VECTOR CONTROL DISTRICT, OR NORTH SHERMAN COUNTY R.F.P.D, OR NORTH UNIT IRRIGATION DISTRICT, OR NORTHEAST OREGON HOUSING AUTHORITY, OR NORTHEAST WHEELER COUNTY HEALTH DISTRICT, OR NORTHERN WASCO COUNTY P.U.D., OR 184 of 1132 189 [Type here] NORTHERN WASCO COUNTY PARK & RECREATION DISTRICT, OR NYE DITCH USERS DISTRICT IMPROVEMENT, OR NYSSA ROAD ASSESSMENT DISTRICT #2, OR NYSSA RURAL FIRE DISTRICT, OR NYSSA-ARCADIA DRAINAGE DISTRICT, OR OAK LODGE WATER SERVICES, OR OAKLAND R.F.P.D., OR OAKVILLE COMMUNITY CENTER, OR OCEANSIDE WATER DISTRICT, OR OCHOCO IRRIGATION DISTRICT, OR OCHOCO WEST WATER AND SANITARY AUTHORITY, OR ODELL SANITARY DISTRICT, OR OLD OWYHEE DITCH IMPROVEMENT DISTRICT, OR OLNEY-WALLUSKI FIRE & RESCUE DISTRICT, OR ONTARIO LIBRARY DISTRICT, OR ONTARIO R.F.P.D., OR OPHIR R.F.P.D., OR OREGON COAST COMMUNITY ACTION OREGON HOUSING AND COMMUNITY SERVICES OREGON INTERNATIONAL PORT OF COOS BAY, OR OREGON LEGISLATIVE ADMINISTRATION OREGON OUTBACK R.F.P.D., OR OREGON POINT, OR OREGON TRAIL LIBRARY DISTRICT, OR OTTER ROCK WATER DISTRICT, OR OWW UNIT #2 SANITARY DISTRICT, OR OWYHEE CEMETERY MAINTENANCE DISTRICT, OR OWYHEE IRRIGATION DISTRICT, OR PACIFIC CITY JOINT WATER-SANITARY AUTHORITY, OR PACIFIC COMMUNITIES HEALTH DISTRICT, OR PACIFIC RIVIERA #3 SPECIAL ROAD DISTRICT, OR PALATINE HILL WATER DISTRICT, OR PALMER CREEK WATER DISTRICT IMPROVEMENT COMPANY, OR PANORAMIC ACCESS SPECIAL ROAD DISTRICT, OR PANTHER CREEK ROAD DISTRICT, OR PANTHER CREEK WATER DISTRICT, OR PARKDALE R.F.P.D., OR PARKDALE SANITARY DISTRICT, OR PENINSULA DRAINAGE DISTRICT #1, OR PENINSULA DRAINAGE DISTRICT #2, OR PHILOMATH FIRE AND RESCUE, OR PILOT ROCK CEMETERY MAINTENANCE DISTRICT #5, OR PILOT ROCK PARK & RECREATION DISTRICT, OR PILOT ROCK R.F.P.D., OR PINE EAGLE HEALTH DISTRICT, OR PINE FLAT DISTRICT IMPROVEMENT COMPANY, OR PINE GROVE IRRIGATION DISTRICT, OR PINE GROVE WATER DISTRICT-KLAMATH FALLS, OR PINE GROVE WATER DISTRICT-MAUPIN, OR PINE VALLEY CEMETERY DISTRICT, OR PINE VALLEY R.F.P.D., OR PINEWOOD COUNTRY ESTATES SPECIAL ROAD DISTRICT, OR PIONEER DISTRICT IMPROVEMENT COMPANY, OR PISTOL RIVER CEMETERY MAINTENANCE DISTRICT, OR PISTOL RIVER FIRE DISTRICT, OR PLEASANT HILL R.F.P.D., OR PLEASANT HOME WATER DISTRICT, OR POCAHONTAS MINING AND IRRIGATION DISTRICT, OR POE VALLEY IMPROVEMENT DISTRICT, OR POE VALLEY PARK & RECREATION DISTRICT, OR POE VALLEY VECTOR CONTROL DISTRICT, OR POLK COUNTY FIRE DISTRICT #1, OR POLK S.W.C.D., OR POMPADOUR WATER IMPROVEMENT DISTRICT, OR PONDEROSA PINES EAST SPECIAL ROAD DISTRICT, OR PORT OF ALSEA, OR PORT OF ARLINGTON, OR PORT OF ASTORIA, OR PORT OF BANDON, OR PORT OF BRANDON, OR PORT OF BROOKINGS HARBOR, OR PORT OF CASCADE LOCKS, OR PORT OF COQUILLE RIVER, OR PORT OF GARIBALDI, OR PORT OF GOLD BEACH, OR PORT OF HOOD RIVER, OR PORT OF MORGAN CITY, LA PORT OF MORROW, OR PORT OF NEHALEM, OR PORT OF NEWPORT, OR PORT OF PORT ORFORD, OR PORT OF PORTLAND, OR PORT OF SIUSLAW, OR PORT OF ST. HELENS, OR PORT OF THE DALLES, OR PORT OF TILLAMOOK BAY, OR PORT OF TOLEDO, OR PORT OF UMATILLA, OR PORT OF UMPQUA, OR PORT ORFORD CEMETERY MAINTENANCE DISTRICT, OR PORT ORFORD PUBLIC LIBRARY DISTRICT, OR PORT ORFORD R.F.P.D., OR PORTLAND DEVELOPMENT COMMISSION, OR PORTLAND FIRE AND RESCUE PORTLAND HOUSING CENTER, OR POWDER R.F.P.D., OR POWDER RIVER R.F.P.D., OR POWDER VALLEY WATER CONTROL DISTRICT, OR POWERS HEALTH DISTRICT, OR PRAIRIE CEMETERY MAINTENANCE DISTRICT, OR PRINEVILLE LAKE ACRES SPECIAL ROAD DISTRICT #1, OR PROSPECT R.F.P.D., OR QUAIL VALLEY PARK IMPROVEMENT DISTRICT, OR QUEENER IRRIGATION IMPROVEMENT DISTRICT, OR RAINBOW WATER DISTRICT, OR RAINIER CEMETERY DISTRICT, OR RAINIER DRAINAGE IMPROVEMENT COMPANY, OR RALEIGH WATER DISTRICT, OR REDMOND AREA PARK & RECREATION DISTRICT, OR REDMOND FIRE AND RESCUE, OR RIDDLE FIRE PROTECTION DISTRICT, OR RIDGEWOOD DISTRICT IMPROVEMENT COMPANY, OR RIDGEWOOD ROAD DISTRICT, OR RIETH SANITARY DISTRICT, OR RIETH WATER DISTRICT, OR RIMROCK WEST IMPROVEMENT DISTRICT, OR 185 of 1132 190 [Type here] RINK CREEK WATER DISTRICT, OR RIVER BEND ESTATES SPECIAL ROAD DISTRICT, OR RIVER FOREST ACRES SPECIAL ROAD DISTRICT, OR RIVER MEADOWS IMPROVEMENT DISTRICT, OR RIVER PINES ESTATES SPECIAL ROAD DISTRICT, OR RIVER ROAD PARK & RECREATION DISTRICT, OR RIVER ROAD WATER DISTRICT, OR RIVERBEND RIVERBANK WATER IMPROVEMENT DISTRICT, OR RIVERDALE R.F.P.D. 11-JT, OR RIVERGROVE WATER DISTRICT, OR RIVERSIDE MISSION WATER CONTROL DISTRICT, OR RIVERSIDE R.F.P.D. #7-406, OR RIVERSIDE WATER DISTRICT, OR ROBERTS CREEK WATER DISTRICT, OR ROCK CREEK DISTRICT IMPROVEMENT, OR ROCK CREEK WATER DISTRICT, OR ROCKWOOD WATER P.U.D., OR ROCKY POINT FIRE & EMS, OR ROGUE RIVER R.F.P.D., OR ROGUE RIVER VALLEY IRRIGATION DISTRICT, OR ROGUE VALLEY SEWER SERVICES, OR ROGUE VALLEY SEWER, OR ROGUE VALLEY TRANSPORTATION DISTRICT, OR ROSEBURG URBAN SANITARY AUTHORITY, OR ROSEWOOD ESTATES ROAD DISTRICT, OR ROW RIVER VALLEY WATER DISTRICT, OR RURAL ROAD ASSESSMENT DISTRICT #3, OR RURAL ROAD ASSESSMENT DISTRICT #4, OR SAINT LANDRY PARISH TOURIST COMMISSION SAINT MARY PARISH REC DISTRICT 2 SAINT MARY PARISH REC DISTRICT 3 SAINT TAMMANY FIRE DISTRICT 4, LA SALEM AREA MASS TRANSIT DISTRICT, OR SALEM MASS TRANSIT DISTRICT SALEM SUBURBAN R.F.P.D., OR SALISHAN SANITARY DISTRICT, OR SALMON RIVER PARK SPECIAL ROAD DISTRICT, OR SALMON RIVER PARK WATER IMPROVEMENT DISTRICT, OR SALMONBERRY TRAIL INTERGOVERNMENTAL AGENCY, OR SANDPIPER VILLAGE SPECIAL ROAD DISTRICT, OR SANDY DRAINAGE IMPROVEMENT COMPANY, OR SANDY R.F.P.D. #72, OR SANTA CLARA R.F.P.D., OR SANTA CLARA WATER DISTRICT, OR SANTIAM WATER CONTROL DISTRICT, OR SAUVIE ISLAND DRAINAGE IMPROVEMENT COMPANY, OR SAUVIE ISLAND VOLUNTEER FIRE DISTRICT #30J, OR SCAPPOOSE DRAINAGE IMPROVEMENT COMPANY, OR SCAPPOOSE PUBLIC LIBRARY DISTRICT, OR SCAPPOOSE R.F.P.D., OR SCIO R.F.P.D., OR SCOTTSBURG R.F.P.D., OR SEAL ROCK R.F.P.D., OR SEAL ROCK WATER DISTRICT, OR SEWERAGE AND WATER BOARD OF NEW ORLEANS, LA SHANGRI-LA WATER DISTRICT, OR SHASTA VIEW IRRIGATION DISTRICT, OR SHELLEY ROAD CREST ACRES WATER DISTRICT, OR SHERIDAN FIRE DISTRICT, OR SHERMAN COUNTY HEALTH DISTRICT, OR SHERMAN COUNTY S.W.C.D., OR SHORELINE SANITARY DISTRICT, OR SILETZ KEYS SANITARY DISTRICT, OR SILETZ R.F.P.D., OR SILVER FALLS LIBRARY DISTRICT, OR SILVER LAKE IRRIGATION DISTRICT, OR SILVER LAKE R.F.P.D., OR SILVER SANDS SPECIAL ROAD DISTRICT, OR SILVERTON R.F.P.D. NO. 2, OR SISTERS PARKS & RECREATION DISTRICT, OR SISTERS-CAMP SHERMAN R.F.P.D., OR SIUSLAW PUBLIC LIBRARY DISTRICT, OR SIUSLAW S.W.C.D., OR SIUSLAW VALLEY FIRE AND RESCUE, OR SIXES R.F.P.D., OR SKIPANON WATER CONTROL DISTRICT, OR SKYLINE VIEW DISTRICT IMPROVEMENT COMPANY, OR SLEEPY HOLLOW WATER DISTRICT, OR SMITH DITCH DISTRICT IMPROVEMENT COMPANY, OR SOUTH CLACKAMAS TRANSPORTATION DISTRICT, OR SOUTH COUNTY HEALTH DISTRICT, OR SOUTH FORK WATER BOARD, OR SOUTH GILLIAM COUNTY CEMETERY DISTRICT, OR SOUTH GILLIAM COUNTY HEALTH DISTRICT, OR SOUTH GILLIAM COUNTY R.F.P.D. VI-301, OR SOUTH LAFOURCHE LEVEE DISTRICT, LA SOUTH LANE COUNTY FIRE & RESCUE, OR SOUTH SANTIAM RIVER WATER CONTROL DISTRICT, OR SOUTH SHERMAN FIRE DISTRICT, OR SOUTH SUBURBAN SANITARY DISTRICT, OR SOUTH WASCO PARK & RECREATION DISTRICT, OR SOUTHERN COOS HEALTH DISTRICT, OR SOUTHERN CURRY CEMETERY MAINTENANCE DISTRICT, OR SOUTHVIEW IMPROVEMENT DISTRICT, OR SOUTHWEST LINCOLN COUNTY WATER DISTRICT, OR SOUTHWESTERN POLK COUNTY R.F.P.D., OR SOUTHWOOD PARK WATER DISTRICT, OR SPECIAL ROAD DISTRICT #1, OR SPECIAL ROAD DISTRICT #8, OR SPRING RIVER SPECIAL ROAD DISTRICT, OR SPRINGFIELD UTILITY BOARD, OR ST. PAUL R.F.P.D., OR STANFIELD CEMETERY DISTRICT #6, OR STANFIELD IRRIGATION DISTRICT, OR STARR CREEK ROAD DISTRICT, OR STARWOOD SANITARY DISTRICT, OR STAYTON FIRE DISTRICT, OR SUBLIMITY FIRE DISTRICT, OR SUBURBAN EAST SALEM WATER DISTRICT, OR SUBURBAN LIGHTING DISTRICT, OR SUCCOR CREEK DISTRICT IMPROVEMENT COMPANY, OR SUMMER LAKE IRRIGATION DISTRICT, OR SUMMERVILLE CEMETERY MAINTENANCE DISTRICT, OR SUMNER R.F.P.D., OR 186 of 1132 191 [Type here] SUN MOUNTAIN SPECIAL ROAD DISTRICT, OR SUNDOWN SANITATION DISTRICT, OR SUNFOREST ESTATES SPECIAL ROAD DISTRICT, OR SUNNYSIDE IRRIGATION DISTRICT, OR SUNRISE WATER AUTHORITY, OR SUNRIVER SERVICE DISTRICT, OR SUNSET EMPIRE PARK & RECREATION DISTRICT, OR SUNSET EMPIRE TRANSPORTATION DISTRICT, OR SURFLAND ROAD DISTRICT, OR SUTHERLIN VALLEY RECREATION DISTRICT, OR SUTHERLIN WATER CONTROL DISTRICT, OR SWALLEY IRRIGATION DISTRICT, OR SWEET HOME CEMETERY MAINTENANCE DISTRICT, OR SWEET HOME FIRE & AMBULANCE DISTRICT, OR SWISSHOME-DEADWOOD R.F.P.D., OR TABLE ROCK DISTRICT IMPROVEMENT COMPANY, OR TALENT IRRIGATION DISTRICT, OR TANGENT R.F.P.D., OR TENMILE R.F.P.D., OR TERREBONNE DOMESTIC WATER DISTRICT, OR THE DALLES IRRIGATION DISTRICT, OR THOMAS CREEK-WESTSIDE R.F.P.D., OR THREE RIVERS RANCH ROAD DISTRICT, OR THREE SISTERS IRRIGATION DISTRICT, OR TIGARD TUALATIN AQUATIC DISTRICT, OR TIGARD WATER DISTRICT, OR TILLAMOOK BAY FLOOD IMPROVEMENT DISTRICT, OR TILLAMOOK COUNTY EMERGENCY COMMUNICATIONS DISTRICT, OR TILLAMOOK COUNTY S.W.C.D., OR TILLAMOOK COUNTY TRANSPORTATION DISTRICT, OR TILLAMOOK FIRE DISTRICT, OR TILLAMOOK P.U.D., OR TILLER R.F.P.D., OR TOBIN DITCH DISTRICT IMPROVEMENT COMPANY, OR TOLEDO R.F.P.D., OR TONE WATER DISTRICT, OR TOOLEY WATER DISTRICT, OR TRASK DRAINAGE DISTRICT, OR TRI CITY R.F.P.D. #4, OR TRI-CITY WATER & SANITARY AUTHORITY, OR TRI-COUNTY METROPOLITAN TRANSPORTATION DISTRICT OF OREGON TRIMET, OR TUALATIN HILLS PARK & RECREATION DISTRICT TUALATIN HILLS PARK & RECREATION DISTRICT, OR TUALATIN S.W.C.D., OR TUALATIN VALLEY FIRE & RESCUE TUALATIN VALLEY FIRE & RESCUE, OR TUALATIN VALLEY IRRIGATION DISTRICT, OR TUALATIN VALLEY WATER DISTRICT TUALATIN VALLEY WATER DISTRICT, OR TUMALO IRRIGATION DISTRICT, OR TURNER FIRE DISTRICT, OR TWIN ROCKS SANITARY DISTRICT, OR TWO RIVERS NORTH SPECIAL ROAD DISTRICT, OR TWO RIVERS S.W.C.D., OR TWO RIVERS SPECIAL ROAD DISTRICT, OR TYGH VALLEY R.F.P.D., OR TYGH VALLEY WATER DISTRICT, OR UMATILLA COUNTY FIRE DISTRICT #1, OR UMATILLA COUNTY S.W.C.D., OR UMATILLA COUNTY SPECIAL LIBRARY DISTRICT, OR UMATILLA HOSPITAL DISTRICT, OR UMATILLA R.F.P.D. #7-405, OR UMATILLA-MORROW RADIO AND DATA DISTRICT, OR UMPQUA S.W.C.D., OR UNION CEMETERY MAINTENANCE DISTRICT, OR UNION COUNTY SOLID WASTE DISPOSAL DISTRICT, OR UNION COUNTY VECTOR CONTROL DISTRICT, OR UNION GAP SANITARY DISTRICT, OR UNION GAP WATER DISTRICT, OR UNION HEALTH DISTRICT, OR UNION R.F.P.D., OR UNION S.W.C.D., OR UNITY COMMUNITY PARK & RECREATION DISTRICT, OR UPPER CLEVELAND RAPIDS ROAD DISTRICT, OR UPPER MCKENZIE R.F.P.D., OR UPPER WILLAMETTE S.W.C.D., OR VALE OREGON IRRIGATION DISTRICT, OR VALE RURAL FIRE PROTECTION DISTRICT, OR VALLEY ACRES SPECIAL ROAD DISTRICT, OR VALLEY VIEW CEMETERY MAINTENANCE DISTRICT, OR VALLEY VIEW WATER DISTRICT, OR VANDEVERT ACRES SPECIAL ROAD DISTRICT, OR VERNONIA R.F.P.D., OR VINEYARD MOUNTAIN PARK & RECREATION DISTRICT, OR VINEYARD MOUNTAIN SPECIAL ROAD DISTRICT, OR WALLA WALLA RIVER IRRIGATION DISTRICT, OR WALLOWA COUNTY HEALTH CARE DISTRICT, OR WALLOWA LAKE COUNTY SERVICE DISTRICT, OR WALLOWA LAKE IRRIGATION DISTRICT, OR WALLOWA LAKE R.F.P.D., OR WALLOWA S.W.C.D., OR WALLOWA VALLEY IMPROVEMENT DISTRICT #1, OR WAMIC R.F.P.D., OR WAMIC WATER & SANITARY AUTHORITY, OR WARMSPRINGS IRRIGATION DISTRICT, OR WASCO COUNTY S.W.C.D., OR WATER ENVIRONMENT SERVICES, OR WATER WONDERLAND IMPROVEMENT DISTRICT, OR WATERBURY & ALLEN DITCH IMPROVEMENT DISTRICT, OR WATSECO-BARVIEW WATER DISTRICT, OR WAUNA WATER DISTRICT, OR WEDDERBURN SANITARY DISTRICT, OR WEST EAGLE VALLEY WATER CONTROL DISTRICT, OR WEST EXTENSION IRRIGATION DISTRICT, OR WEST LABISH DRAINAGE & WATER CONTROL IMPROVEMENT DISTRICT, OR WEST MULTNOMAH S.W.C.D., OR WEST SIDE R.F.P.D., OR WEST SLOPE WATER DISTRICT, OR WEST UMATILLA MOSQUITO CONTROL DISTRICT, OR 187 of 1132 192 [Type here] WEST VALLEY FIRE DISTRICT, OR WESTERN HEIGHTS SPECIAL ROAD DISTRICT, OR WESTERN LANE AMBULANCE DISTRICT, OR WESTLAND IRRIGATION DISTRICT, OR WESTON ATHENA MEMORIAL HALL PARK & RECREATION DISTRICT, OR WESTON CEMETERY DISTRICT #2, OR WESTPORT FIRE AND RESCUE, OR WESTRIDGE WATER SUPPLY CORPORATION, OR WESTWOOD HILLS ROAD DISTRICT, OR WESTWOOD VILLAGE ROAD DISTRICT, OR WHEELER S.W.C.D., OR WHITE RIVER HEALTH DISTRICT, OR WIARD MEMORIAL PARK DISTRICT, OR WICKIUP WATER DISTRICT, OR WILLAKENZIE R.F.P.D., OR WILLAMALANE PARK & RECREATION DISTRICT, OR WILLAMALANE PARK AND RECREATION DISTRICT WILLAMETTE HUMANE SOCIETY WILLAMETTE RIVER WATER COALITION, OR WILLIAMS R.F.P.D., OR WILLOW CREEK PARK DISTRICT, OR WILLOW DALE WATER DISTRICT, OR WILSON RIVER WATER DISTRICT, OR WINCHESTER BAY R.F.P.D., OR WINCHESTER BAY SANITARY DISTRICT, OR WINCHUCK R.F.P.D., OR WINSTON-DILLARD R.F.P.D., OR WINSTON-DILLARD WATER DISTRICT, OR WOLF CREEK R.F.P.D., OR WOOD RIVER DISTRICT IMPROVEMENT COMPANY, OR WOODBURN R.F.P.D. NO. 6, OR WOODLAND PARK SPECIAL ROAD DISTRICT, OR WOODS ROAD DISTRICT, OR WRIGHT CREEK ROAD WATER IMPROVEMENT DISTRICT, OR WY'EAST FIRE DISTRICT, OR YACHATS R.F.P.D., OR YAMHILL COUNTY TRANSIT AREA, OR YAMHILL FIRE PROTECTION DISTRICT, OR YAMHILL SWCD, OR YONCALLA PARK & RECREATION DISTRICT, OR YOUNGS RIVER-LEWIS & CLARK WATER DISTRICT, OR ZUMWALT R.F.P.D., OR K-12 INCLUDING BUT NOT LIMITED TO: ACADIA PARISH SCHOOL BOARD BEAVERTON SCHOOL DISTRICT BEND-LA PINE SCHOOL DISTRICT BOGALUSA HIGH SCHOOL, LA BOSSIER PARISH SCHOOL BOARD BROOKING HARBOR SCHOOL DISTRICT CADDO PARISH SCHOOL DISTRICT CALCASIEU PARISH SCHOOL DISTRICT CANBY SCHOOL DISTRICT CANYONVILLE CHRISTIAN ACADEMY CASCADE SCHOOL DISTRICT CASCADES ACADEMY OF CENTRAL OREGON CENTENNIAL SCHOOL DISTRICT CENTRAL CATHOLIC HIGH SCHOOL CENTRAL POINT SCHOOL DISTRICT NO.6 CENTRAL SCHOOL DISTRICT 13J COOS BAY SCHOOL DISTRICT NO.9 CORVALLIS SCHOOL DISTRICT 509J COUNTY OF YAMHILL SCHOOL DISTRICT 29 CULVER SCHOOL DISTRICT DALLAS SCHOOL DISTRICT NO.2 DAVID DOUGLAS SCHOOL DISTRICT DAYTON SCHOOL DISTRICT NO.8 DE LA SALLE N CATHOLIC HS DESCHUTES COUNTY SCHOOL DISTRICT NO.6 DOUGLAS EDUCATIONAL DISTRICT SERVICE DUFUR SCHOOL DISTRICT NO.29 EAST BATON ROUGE PARISH SCHOOL DISTRICT ESTACADA SCHOOL DISTRICT NO.10B FOREST GROVE SCHOOL DISTRICT GEORGE MIDDLE SCHOOL GLADSTONE SCHOOL DISTRICT GRANTS PASS SCHOOL DISTRICT 7 GREATER ALBANY PUBLIC SCHOOL DISTRICT GRESHAM BARLOW JOINT SCHOOL DISTRICT HEAD START OF LANE COUNTY HIGH DESERT EDUCATION SERVICE DISTRICT HILLSBORO SCHOOL DISTRICT HOOD RIVER COUNTY SCHOOL DISTRICT JACKSON CO SCHOOL DIST NO.9 JEFFERSON COUNTY SCHOOL DISTRICT 509-J JEFFERSON PARISH SCHOOL DISTRICT JEFFERSON SCHOOL DISTRICT JUNCTION CITY SCHOOLS, OR KLAMATH COUNTY SCHOOL DISTRICT KLAMATH FALLS CITY SCHOOLS LAFAYETTE PARISH SCHOOL DISTRICT LAKE OSWEGO SCHOOL DISTRICT 7J LANE COUNTY SCHOOL DISTRICT 4J LINCOLN COUNTY SCHOOL DISTRICT LINN CO. SCHOOL DIST. 95C LIVINGSTON PARISH SCHOOL DISTRICT LOST RIVER JR/SR HIGH SCHOOL LOWELL SCHOOL DISTRICT NO.71 MARION COUNTY SCHOOL DISTRICT MARION COUNTY SCHOOL DISTRICT 103 MARIST HIGH SCHOOL, OR MCMINNVILLE SCHOOL DISTRICT NOAO MEDFORD SCHOOL DISTRICT 549C MITCH CHARTER SCHOOL MONROE SCHOOL DISTRICT NO.1J MORROW COUNTY SCHOOL DIST, OR MULTNOMAH EDUCATION SERVICE DISTRICT MULTISENSORY LEARNING ACADEMY MYRTLE PINT SCHOOL DISTRICT 41 NEAH-KAH-NIE DISTRICT NO.56 NEWBERG PUBLIC SCHOOLS NESTUCCA VALLEY SCHOOL DISTRICT NO.101 NOBEL LEARNING COMMUNITIES NORTH BEND SCHOOL DISTRICT 13 NORTH CLACKAMAS SCHOOL DISTRICT NORTH DOUGLAS SCHOOL DISTRICT NORTH WASCO CITY SCHOOL DISTRICT 21 NORTHWEST REGIONAL EDUCATION SERVICE DISTRICT ONTARIO MIDDLE SCHOOL OREGON TRAIL SCHOOL DISTRICT NOA6 ORLEANS PARISH SCHOOL DISTRICT PHOENIX-TALENT SCHOOL DISTRICT NOA PLEASANT HILL SCHOOL DISTRICT PORTLAND JEWISH ACADEMY PORTLAND PUBLIC SCHOOLS RAPIDES PARISH SCHOOL DISTRICT 188 of 1132 193 [Type here] REDMOND SCHOOL DISTRICT REYNOLDS SCHOOL DISTRICT ROGUE RIVER SCHOOL DISTRICT ROSEBURG PUBLIC SCHOOLS SCAPPOOSE SCHOOL DISTRICT 1J SAINT TAMMANY PARISH SCHOOL BOARD, LA SEASIDE SCHOOL DISTRICT 10 SHERWOOD SCHOOL DISTRICT 88J SILVER FALLS SCHOOL DISTRICT 4J SOUTH LANE SCHOOL DISTRICT 45J3 SOUTHERN OREGON EDUCATION SERVICE DISTRICT SPRINGFIELD PUBLIC SCHOOLS SUTHERLIN SCHOOL DISTRICT SWEET HOME SCHOOL DISTRICT NO.55 TERREBONNE PARISH SCHOOL DISTRICT THE CATLIN GABEL SCHOOL TIGARD-TUALATIN SCHOOL DISTRICT UMATILLA MORROW ESD WEST LINN WILSONVILLE SCHOOL DISTRICT WILLAMETTE EDUCATION SERVICE DISTRICT WOODBURN SCHOOL DISTRICT YONCALLA SCHOOL DISTRICT ACADEMY FOR MATH ENGINEERING & SCIENCE (AMES), UT ALIANZA ACADEMY, UT ALPINE DISTRICT, UT AMERICAN LEADERSHIP ACADEMY, UT AMERICAN PREPARATORY ACADEMY, UT BAER CANYON HIGH SCHOOL FOR SPORTS & MEDICAL SCIENCES, UT BEAR RIVER CHARTER SCHOOL, UT BEAVER SCHOOL DISTRICT, UT BEEHIVE SCIENCE & TECHNOLOGY ACADEMY (BSTA) , UT BOX ELDER SCHOOL DISTRICT, UT CBA CENTER, UT CACHE SCHOOL DISTRICT, UT CANYON RIM ACADEMY, UT CANYONS DISTRICT, UT CARBON SCHOOL DISTRICT, UT CHANNING HALL, UT CHARTER SCHOOL LEWIS ACADEMY, UT CITY ACADEMY, UT DAGGETT SCHOOL DISTRICT, UT DAVINCI ACADEMY, UT DAVIS DISTRICT, UT DUAL IMMERSION ACADEMY, UT DUCHESNE SCHOOL DISTRICT, UT EARLY LIGHT ACADEMY AT DAYBREAK, UT EAST HOLLYWOOD HIGH, UT EDITH BOWEN LABORATORY SCHOOL, UT EMERSON ALCOTT ACADEMY, UT EMERY SCHOOL DISTRICT, UT ENTHEOS ACADEMY, UT EXCELSIOR ACADEMY, UT FAST FORWARD HIGH, UT FREEDOM ACADEMY, UT GARFIELD SCHOOL DISTRICT, UT GATEWAY PREPARATORY ACADEMY, UT GEORGE WASHINGTON ACADEMY, UT GOOD FOUNDATION ACADEMY, UT GRAND SCHOOL DISTRICT, UT GRANITE DISTRICT, UT GUADALUPE SCHOOL, UT HAWTHORN ACADEMY, UT INTECH COLLEGIATE HIGH SCHOOL, UT IRON SCHOOL DISTRICT, UT ITINERIS EARLY COLLEGE HIGH, UT JOHN HANCOCK CHARTER SCHOOL, UT JORDAN DISTRICT, UT JUAB SCHOOL DISTRICT, UT KANE SCHOOL DISTRICT, UT KARL G MAESER PREPARATORY ACADEMY, UT LAKEVIEW ACADEMY, UT LEGACY PREPARATORY ACADEMY, UT LIBERTY ACADEMY, UT LINCOLN ACADEMY, UT LOGAN SCHOOL DISTRICT, UT MARIA MONTESSORI ACADEMY, UT MERIT COLLEGE PREPARATORY ACADEMY, UT MILLARD SCHOOL DISTRICT, UT MOAB CHARTER SCHOOL, UT MONTICELLO ACADEMY, UT MORGAN SCHOOL DISTRICT, UT MOUNTAINVILLE ACADEMY, UT MURRAY SCHOOL DISTRICT, UT NAVIGATOR POINTE ACADEMY, UT NEBO SCHOOL DISTRICT, UT NO UT ACAD FOR MATH ENGINEERING & SCIENCE (NUAMES), UT NOAH WEBSTER ACADEMY, UT NORTH DAVIS PREPARATORY ACADEMY, UT NORTH SANPETE SCHOOL DISTRICT, UT NORTH STAR ACADEMY, UT NORTH SUMMIT SCHOOL DISTRICT, UT ODYSSEY CHARTER SCHOOL, UT OGDEN PREPARATORY ACADEMY, UT OGDEN SCHOOL DISTRICT, UT OPEN CLASSROOM, UT OPEN HIGH SCHOOL OF UTAH, UT OQUIRRH MOUNTAIN CHARTER SCHOOL, UT PARADIGM HIGH SCHOOL, UT PARK CITY SCHOOL DISTRICT, UT PINNACLE CANYON ACADEMY, UT PIUTE SCHOOL DISTRICT, UT PROVIDENCE HALL, UT PROVO SCHOOL DISTRICT, UT QUAIL RUN PRIMARY SCHOOL, UT QUEST ACADEMY, UT RANCHES ACADEMY, UT REAGAN ACADEMY, UT RENAISSANCE ACADEMY, UT RICH SCHOOL DISTRICT, UT ROCKWELL CHARTER HIGH SCHOOL, UT SALT LAKE ARTS ACADEMY, UT SALT LAKE CENTER FOR SCIENCE EDUCATION, UT SALT LAKE SCHOOL DISTRICT, UT SALT LAKE SCHOOL FOR THE PERFORMING ARTS, UT SAN JUAN SCHOOL DISTRICT, UT SEVIER SCHOOL DISTRICT, UT SOLDIER HOLLOW CHARTER SCHOOL, UT SOUTH SANPETE SCHOOL DISTRICT, UT SOUTH SUMMIT SCHOOL DISTRICT, UT SPECTRUM ACADEMY, UT SUCCESS ACADEMY, UT SUCCESS SCHOOL, UT SUMMIT ACADEMY, UT SUMMIT ACADEMY HIGH SCHOOL, UT SYRACUSE ARTS ACADEMY, UT THOMAS EDISON - NORTH, UT 189 of 1132 194 [Type here] TIMPANOGOS ACADEMY, UT TINTIC SCHOOL DISTRICT, UT TOOELE SCHOOL DISTRICT, UT TUACAHN HIGH SCHOOL FOR THE PERFORMING ARTS, UT UINTAH RIVER HIGH, UT UINTAH SCHOOL DISTRICT, UT UTAH CONNECTIONS ACADEMY, UT UTAH COUNTY ACADEMY OF SCIENCE, UT UTAH ELECTRONIC HIGH SCHOOL, UT UTAH SCHOOLS FOR DEAF & BLIND, UT UTAH STATE OFFICE OF EDUCATION, UT UTAH VIRTUAL ACADEMY, UT VENTURE ACADEMY, UT VISTA AT ENTRADA SCHOOL OF PERFORMING ARTS AND TECHNOLOGY, UT WALDEN SCHOOL OF LIBERAL ARTS, UT WASATCH PEAK ACADEMY, UT WASATCH SCHOOL DISTRICT, UT WASHINGTON SCHOOL DISTRICT, UT WAYNE SCHOOL DISTRICT, UT WEBER SCHOOL DISTRICT, UT WEILENMANN SCHOOL OF DISCOVERY, UT HIGHER EDUCATION ARGOSY UNIVERSITY BATON ROUGE COMMUNITY COLLEGE, LA BIRTHINGWAY COLLEGE OF MIDWIFERY BLUE MOUNTAIN COMMUNITY COLLEGE BRIGHAM YOUNG UNIVERSITY - HAWAII CENTRAL OREGON COMMUNITY COLLEGE CENTENARY COLLEGE OF LOUISIANA CHEMEKETA COMMUNITY COLLEGE CLACKAMAS COMMUNITY COLLEGE COLLEGE OF THE MARSHALL ISLANDS COLUMBIA GORGE COMMUNITY COLLEGE CONCORDIA UNIVERSITY GEORGE FOX UNIVERSITY KLAMATH COMMUNITY COLLEGE DISTRICT LANE COMMUNITY COLLEGE LEWIS AND CLARK COLLEGE LINFIELD COLLEGE LINN-BENTON COMMUNITY COLLEGE LOUISIANA COLLEGE, LA LOUISIANA STATE UNIVERSITY LOUISIANA STATE UNIVERSITY HEALTH SERVICES MARYLHURST UNIVERSITY MT. HOOD COMMUNITY COLLEGE MULTNOMAH BIBLE COLLEGE NATIONAL COLLEGE OF NATURAL MEDICINE NORTHWEST CHRISTIAN COLLEGE OREGON HEALTH AND SCIENCE UNIVERSITY OREGON INSTITUTE OF TECHNOLOGY OREGON STATE UNIVERSITY OREGON UNIVERSITY SYSTEM PACIFIC UNIVERSITY PIONEER PACIFIC COLLEGE PORTLAND COMMUNITY COLLEGE PORTLAND STATE UNIVERSITY REED COLLEGE RESEARCH CORPORATION OF THE UNIVERSITY OF HAWAII ROGUE COMMUNITY COLLEGE SOUTHEASTERN LOUISIANA UNIVERSITY SOUTHERN OREGON UNIVERSITY (OREGON UNIVERSITY SYSTEM) SOUTHWESTERN OREGON COMMUNITY COLLEGE TULANE UNIVERSITY TILLAMOOK BAY COMMUNITY COLLEGE UMPQUA COMMUNITY COLLEGE UNIVERSITY OF HAWAII BOARD OF REGENTS UNIVERSITY OF HAWAII-HONOLULU COMMUNITY COLLEGE UNIVERSITY OF OREGON-GRADUATE SCHOOL UNIVERSITY OF PORTLAND UNIVERSITY OF NEW ORLEANS WESTERN OREGON UNIVERSITY WESTERN STATES CHIROPRACTIC COLLEGE WILLAMETTE UNIVERSITY XAVIER UNIVERSITY UTAH SYSTEM OF HIGHER EDUCATION, UT UNIVERSITY OF UTAH, UT UTAH STATE UNIVERSITY, UT WEBER STATE UNIVERSITY, UT SOUTHERN UTAH UNIVERSITY, UT SNOW COLLEGE, UT DIXIE STATE COLLEGE, UT COLLEGE OF EASTERN UTAH, UT UTAH VALLEY UNIVERSITY, UT SALT LAKE COMMUNITY COLLEGE, UT UTAH COLLEGE OF APPLIED TECHNOLOGY, UT STATE AGENCIES ADMIN. SERVICES OFFICE BOARD OF MEDICAL EXAMINERS HAWAII CHILD SUPPORT ENFORCEMENT AGENCY HAWAII DEPARTMENT OF TRANSPORTATION HAWAII HEALTH SYSTEMS CORPORATION OFFICE OF MEDICAL ASSISTANCE PROGRAMS OFFICE OF THE STATE TREASURER OREGON BOARD OF ARCHITECTS OREGON CHILD DEVELOPMENT COALITION OREGON DEPARTMENT OF EDUCATION OREGON DEPARTMENT OF FORESTRY OREGON DEPT OF TRANSPORTATION OREGON DEPT. OF EDUCATION OREGON LOTTERY OREGON OFFICE OF ENERGY OREGON STATE BOARD OF NURSING OREGON STATE DEPT OF CORRECTIONS OREGON STATE POLICE OREGON TOURISM COMMISSION OREGON TRAVEL INFORMATION COUNCIL SANTIAM CANYON COMMUNICATION CENTER SEIU LOCAL 503, OPEU SOH- JUDICIARY CONTRACTS AND PURCH STATE DEPARTMENT OF DEFENSE, STATE OF HAWAII STATE OF HAWAII STATE OF HAWAII, DEPT. OF EDUCATION STATE OF LOUISIANA STATE OF LOUISIANA DEPT. OF EDUCATION STATE OF LOUISIANA, 26TH JUDICIAL DISTRICT ATTORNEY STATE OF UTAH 190 of 1132 195 Questionnaire Name : Supplier Capability Questionnaire Description : General Questions Evaluation Type : Technical Q1. Only qualified Printer Manufacturers (as defined in the RFP Event and Process Summary) are eligible to bid in this RFP. Provide the name, location, and contact information of any partners or subcontractors outside of your company that you are partnering with to perform any aspects within the scope of this RFP, and the role they play in performing the services. (Response Type : Multi Line Text) Weight 10% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: Attachments : Q2. Please describe your company's capability of providing full service to all UC Locations. Describe your distribution model, including the size and location of your company's distribution facilities, warehouses and retail network, including any partner/VARs as listed in question 1. Include the number of MFD-certififed technicians within a 30 mile radius of each location, ratio of service technicians for MFDs and Laser printers, certification process and training, and average field technician tenure? (Response Type : Multi Line Text) Weight 10% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: Attachments : Q3. Will your company’s employees who are responsible for providing Goods and Services to your customers conform to the following: Wear proper Uniform, Carry Badges with Picture ID, have passed background security checks, are bonded and insured? Please describe. (Response Type : Multi Line Text) Weight 1.25% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: Attachments : Q4. Describe the account management team, and all roles thereunder, that you would assign to the UC system if awarded under this RFP, including senior account manager responsible for the entire agreement and UC relationship and local account representatives responsible for each specific UC location. For every role/representative, provide: a description of the role’s responsibilities, the name of who will fill this role, their title, and a summary of their qualifications including years of 191 of 1132 196 pertinent experience and ALL cerfications. Include attachment if necessary. (Response Type : Multi Line Text) Weight 5% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: Attachments : Q5. What is the average response time for an account manager(s) to respond to initial requests? Please explain. (Response Type : Multi Line Text) Weight 5% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: Attachments : Q6. Please specify your company’s normal business hours in Pacific Time zone format for receiving orders and providing customer service including maintenance support? Please explain. (Response Type : Multi Line Text) Weight 1.25% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: Attachments : Q7. Describe your quoting process and how you will meet our requirement of providing assistance with product sales questions, technical inquiries and customer service inquiries? (Response Type : Multi Line Text) Weight 1.25% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: Attachments : Q8. Explain how your company proposes to resolve any complaints, issues or challenges. Please detail your company's problem resolution and escalation process for customer complaints and concerns. (Response Type : Multi Line Text) Weight 10% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: 192 of 1132 197 Attachments : Q9. Describe your order placement process. Provide all your ordering methods, order tracking, search options, order history, etc. (Response Type : Multi Line Text) Weight 10% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: Attachments : Q10. Describe your billing process? (Response Type : Multi Line Text) Weight 10% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: Attachments : Q11. Please describe any service contracts you offer past the initial warranty term. (2-year, 3 year, etc.) (Response Type : Multi Line Text) Weight 1.25% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: Attachments : Q12. Please describe your return policy and process including: unopened equipment within 30 days; RMAs for defective equipment; DOA equipment; shipping fees; and restocking fees? What is the maximum period of time for unconditional (no questions asked) return of new equipment leases and purchases? Please explain your company's policy in detail. (Response Type : Multi Line Text) Weight 5% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: Attachments : Q13. Can your company offer warehousing of large orders at no charge, whereby the equipment is 193 of 1132 198 delivered as it is installed? Please detail the parameters of your offering. Please describe this process. (Response Type : Multi Line Text) Weight 5% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: Attachments : Q14. Please specify your company’s performance standards in the following service categories and provide your company’s definitions of the service categories, and the methods used for measuring your performance. Response Time, Quotes, product inquiries, technical inquiries billing and invoicing; Back orders and how customers are notified; inventory accuracy; returns. (Response Type : Multi Line Text) Weight 1.25% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: Attachments : Q15. How do you track and what type of documentation will be provided to verify your performance for the service categories listed above in Question 14? (Response Type : Multi Line Text) Weight 1.25% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: Attachments : Q16. When you don’t meet the above performance measures as stated in Question 14, what remedies do you provide? (Response Type : Multi Line Text) Weight 1.25% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: Attachments : Q17. Describe your plan for quality management and process for continuous improvement of the program for the specified Goods and Services. (Response Type : Single Line Text) Weight Mandatory Supplier Attachments Evaluation Type 194 of 1132 199 1.25%Yes Allowed Score Current Stage Reference: Attachments : Q18. Describe the Company’s ability to provide the following general systems and administrative capabilities at no additional cost to the University: 1. Multimedia catalog functionality via internet, with search capabilities 2. Customer specific pricing and contract terms 3. Order restrictions for blocking items for ordering based upon SKU number, product code and product class. 4. Itemized cost center/group/organization usage reports available on-line to all the UC Location departments 5. Various authorization levels for order placement 6. Ordering system security features 7. Text and picture electronic catalogs 8. Electronic purchasing capabilities, including e-commerce, through the use of electronic product catalog-based order management system, with real-time access to product and pricing information, web-based with no local or network based software requirement 9. Accommodation for 32 digit account numbers 10. Secured access for UC users 11. Accommodation of invoice transactions on specified time table 12. E-mail notification within security hierarchy 13. Functionality for the UC Location departments to enter receiving information to system. (Response Type : Multi Line Text) Weight 1.25% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: Attachments : Q19. Describe how your company will support the utilization of Procurement cards: 1. Integration within your order entry system. 2. Authorization process (manual/automated). 3. Security. 4. Timeliness and accuracy of systems authorization ability in the order entry process. 5. Please provide a description of your level 2/3 reporting capabilities. (Response Type : Multi Line Text) Weight 1.25% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: Attachments : Q20. What is your company’s business strategy regarding the following: 1. How often do you introduce new MFDs and Laser Printers? 2. Length of time of Parts and supplies availability for the discontinued models of MFDs and Laser Printers? 3. If your company does not manufacture equipment, how often do you replace your manufacturers and why? 4. Does your company carry in stock all common parts for quick access by your service personnel? 5. Where are your parts depot locations? How quickly do you get parts to your field technicians? (Response Type : Multi Line Text) Weight 5% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score 195 of 1132 200 Current Stage Reference: Attachments : Q21. Please describe in detail your company’s delivery and installation capabilities, including fulfillment process from UC purchase order submission to delivery. (Response Type : Single Line Text) Weight 10% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: Attachments : Q22. Describe your company's capabilities to provide system updates/revisions, including software platform. (Response Type : Multi Line Text) Weight 1.25% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: Attachments : Q23. Describe any other software packages and technolgies your company has available to simplify order processing and reduce costs. (Response Type : Multi Line Text) Weight 1.25% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: Attachments : 196 of 1132 201 Questionnaire Name : Supplier Information Questionnaire Description : Evaluation Type : Technical Section 1. Proposal Content Description Section 2. Executive Summary Description High Level Summary Q1. This section (maximum 4000 Characters) will present a high-level synopsis of the Proposer’s responses to the RFP. The Executive Summary shall be a brief overview and shall identify the main features and benefits of the proposed Services. If you have to add an attachment, maximum is 2 pages. (Response Type : Multi Line Text) Weight 0% Mandatory Yes Supplier Attachments Allowed Evaluation Type Informative Current Stage Reference: Attachments : Section 3. Supplier Financial Information Description Financial Records Q2. Upload a separate document that you create, labeled “Financials”, providing information to convey your financial capability and viability to supply the Services under an awarded Agreement. Specific financial information must include, but is not limited to: Proposer’s recently audited (or best available) financial statements for the past two (2) fiscal years, or equivalent information, in order to establish Proposer’s financial viability, integrity and position, net income, market capitalization and other relevant financial factors; Proposer’s fiscal year, and D-U-N-S number. The University is the sole judge for making this determination which will be made prior to issuing awards. (Response Type : Multi Line Text) Weight 0% Mandatory Yes Supplier Attachments Allowed Evaluation Type Informative Current Stage Reference: Attachments : 197 of 1132 202 Section 4. General Company Information Description Financial Records Q3. Provide the address of your company's headquarters. (Response Type : Multi Line Text) Weight 0% Mandatory Yes Supplier Attachments Not Allowed Evaluation Type Informative Current Stage Reference: Attachments : Q4. Include information regarding any affiliates and/or subsidiaries. (Response Type : Multi Line Text) Weight 0% Mandatory Yes Supplier Attachments Allowed Evaluation Type Informative Current Stage Reference: Attachments : Q5. Describe your company’s Support/Sales Network within the University territory. Specify Geographic Locations, company owned or independent contracted value added resellers, number of Field Support/Sales Representatives. (Response Type : Multi Line Text) Weight 0% Mandatory Yes Supplier Attachments Allowed Evaluation Type Informative Current Stage Reference: Attachments : Q6. Provide any information regarding any mergers with another company (buy/sell) within the last twelve (12) months or anticipated within the next twelve (12) months (Response Type : Multi Line Text) Weight 0% Mandatory Yes Supplier Attachments Allowed Evaluation Type Informative Current Stage Reference: Attachments : 198 of 1132 203 Q7. Has your company been subject to litigation related to the proposed Services? If yes, please explain. (Response Type : Multi Line Text) Weight 0% Mandatory Yes Supplier Attachments Allowed Evaluation Type Informative Current Stage Reference: Attachments : Q8. Within the previous five years has your firm been the debtor of a bankruptcy? If yes, please explain (Response Type : Multi Line Text) Weight 0% Mandatory Yes Supplier Attachments Allowed Evaluation Type Informative Current Stage Reference: Attachments : Q9. Is your firm in the process of or in negotiations toward being sold? If yes, please explain. (Response Type : Multi Line Text) Weight 0% Mandatory Yes Supplier Attachments Allowed Evaluation Type Informative Current Stage Reference: Attachments : Q10. Within the previous five years has your firm been debarred from contracting with any local, state, or federal governmental agency? If yes, please explain. (Response Type : Multi Line Text) Weight 0% Mandatory Yes Supplier Attachments Allowed Evaluation Type Informative Current Stage Reference: Attachments : Q11. Within the previous five years has a governmental or private entity terminated your firm's contract prior to contract completion? If yes, please explain. (Response Type : Multi Line Text) Weight Mandatory Supplier Attachments Evaluation Type 199 of 1132 204 0%Yes Not Allowed Informative Current Stage Reference: Attachments : Q12. List all recalls or claims of technical failures that your company has had in the last five years, including details regarding the reasons for the recalls or claims. (Response Type : Multi Line Text) Weight 0% Mandatory Yes Supplier Attachments Allowed Evaluation Type Informative Current Stage Reference: Attachments : Q13. Provide details on any contracts that have been terminated due to failure to meet contractual or technical obligations. (Response Type : Multi Line Text) Weight 0% Mandatory Yes Supplier Attachments Not Allowed Evaluation Type Informative Current Stage Reference: Attachments : Q14. Within the previous five years has your firm used any subcontractor to perform work on a government contract when that subcontractor had been debarred by a governmental agency? If yes, please explain. (Response Type : Multi Line Text) Weight 0% Mandatory Yes Supplier Attachments Allowed Evaluation Type Informative Current Stage Reference: Attachments : Q15. Within the previous five years has your firm been the defendant in court on a matter related to Payment to subcontractors or Work Performance on a job? If yes, please explain. (Response Type : Multi Line Text) Weight 0% Mandatory Yes Supplier Attachments Allowed Evaluation Type Informative Current Stage Reference: Attachments : 200 of 1132 205 Q16. Does your firm have any outstanding judgements pending against it? If yes, please explain. (Response Type : Multi Line Text) Weight 0% Mandatory Yes Supplier Attachments Allowed Evaluation Type Informative Current Stage Reference: Attachments : Q17. Within the previous five years, was your firm assessed liquidated damages on a contract? If yes, please explain. (Response Type : Multi Line Text) Weight 0% Mandatory Yes Supplier Attachments Not Allowed Evaluation Type Informative Current Stage Reference: Attachments : Q18. Has your firm received notice of and/or been involved in litigation regarding any intellectual property or patent infringement for the Goods and/or Services that your firm is offering to the University? If yes, please explain. (Response Type : Multi Line Text) Weight 0% Mandatory Yes Supplier Attachments Not Allowed Evaluation Type Informative Current Stage Reference: Attachments : Q19. Any Joint Venture (JV) Proposers responding to this RFP must clearly identify the partners which make up the Joint Venture and identify themselves as a Joint Venture in their submitted proposal. To be considered, the Prime Proposer (e.g. individual, sole proprietorship, firm, partnership, corporation, joint venture or other legal entity), must demonstrate relevant expertise to successfully perform their role and responsibilities. (Response Type : Multi Line Text) Weight 0% Mandatory Yes Supplier Attachments Allowed Evaluation Type Informative Current Stage Reference: Attachments : 201 of 1132 206 Q20. Upload a separate document that you create labeled “References” and provide references from three (3) public higher education institutions of comparable scope and scale as the UC (other than UC) currently using your service. For each reference, state contact name(s), email and telephone numbers together with a brief description of the nature of services provided.(Upon successful qualification, UC may contact some or all of these references to better understand your services and performance levels) (Response Type : Multi Line Text) Weight 0% Mandatory Yes Supplier Attachments Allowed Evaluation Type Informative Current Stage Reference: Attachments : Q21. Describe your company's tested Disaster Recovery and Business Continuity Plan. (Response Type : Multi Line Text) Weight 0% Mandatory Yes Supplier Attachments Allowed Evaluation Type Informative Current Stage Reference: Attachments : Q22. Provide an organization chart, including functions and responsibilities of the Company’s recommended account management team for UC. Include the chain-of-command and escalation points for problem resolution. (Response Type : Multi Line Text) Weight 0% Mandatory Yes Supplier Attachments Allowed Evaluation Type Informative Current Stage Reference: Attachments : 202 of 1132 207 203 of 1132 208 ~ - - ~ I I 7 - I ~ 204 of 1132 209 205 of 1132 210 206 of 1132 211 207 of 1132 212 208 of 1132 213 209 of 1132 214 210 of 1132 215 211 of 1132 216 212 of 1132 217 213 of 1132 218 214 of 1132 219 215 of 1132 220 216 of 1132 221 217 of 1132 222 218 of 1132 223 219 of 1132 224 220 of 1132 225 221 of 1132 226 222 of 1132 227 223 of 1132 228 224 of 1132 229 225 of 1132 230 226 of 1132 231 227 of 1132 232 228 of 1132 233 229 of 1132 234 230 of 1132 235 231 of 1132 236 232 of 1132 237 233 of 1132 238 234 of 1132 239 235 of 1132 240 236 of 1132 241 237 of 1132 242 238 of 1132 243 Page 1 of 27 Sustainable Procurement Guidelines 239 of 1132 244 UNIVERSITY OF CALIFORNIA Page 2 of 27 Table of Contents Table of Contents 2 Glossary 3 1. Introduction and Document Purpose 6 2. Document Guide 6 3. Reporting 7 4. Green Spend 7 A. Green Spend General Criteria 7 B. Category Specific Criteria 8 5. Economically and Socially Responsible Spend 12 6. Sustainable Spend 14 7. Category Specific Specifications 15 A. Electronics 15 B. Cleaning Supplies 16 C. Office Supplies 17 E. Indoor Furniture 17 F. Compostable Food Service Ware 18 G. Water Appliances/Fixtures 20 8. Best Practices for Procurement Services 20 9. Certification and Standards Definitions 21 Appendix I - The “Dollar not Spent” and Green Spend 24 Method 1: Reuse (for example, goods reused from surplus operations)24 Method 2: Normalized Reduction in Purchase of Commodity Goods 25 Method 3: Replacement of disposables with reusables 26 240 of 1132 245 Page 3 of 27 Glossary The below definitions are copied directly from the UC Sustainable Practices Policy for reference, unless noted otherwise. Addressable Spend: Spend that can be impacted through sourcing activities. For the purposes of this policy, addressable spend relates to the spend within a specific product or service category. Catalog: A catalog is representative of a supplier’s product information. A catalog is implemented in one of two formats: 1) through a hosted catalog or 2) through a punch-out catalog. See definitions for Hosted Catalog and Punch Out Catalog for more information. This definition is provided for clarification within the Guidelines and is not defined within the UC Sustainable Practices Policy. Economically and Socially Responsible (EaSR) Spend: Spend on products or services supplied by a business holding one of the UC-recognized certifications listed the UC Sustainable Procurement Guidelines. Environmentally preferable products: Designation for those products whose manufacture, use, and disposal results in relatively less environmental harm than comparable products. Expanded Polystyrene (EPS): As defined by the City of San Francisco, blown polystyrene and expanded and extruded foams which are thermoplastic petrochemical materials utilizing a styrene monomer and processed by any number of techniques including but not limited to, fusion of polymer spheres (expanded bead polystyrene), injection molding, foam molding, and extrusion-blown molding (extruded foam polystyrene). Full Time Equivalent (FTE): A full-time equivalent employee is the hours worked by one employee on a full-time basis and can be used to convert the hours worked by several part-time employees into the hours worked by full-time employees. A full-time employee is assumed to work 40 hours in a standard week. Green Spend: Spend on products meeting the UC “Preferred Level” of environmental sustainability criteria as laid out in the UC Sustainable Procurement Guidelines. Hosted Catalog: As defined in the JAGGAER technical manual, in simplest terms, a hosted catalog is an online version of a supplier’s printed catalog. Hosted catalogs contain product data and details, along with pricing information for each item. When a product search is performed, the products in all of the hosted catalogs are searched. Hosted catalog search results contain product information from all suppliers depending on the search criteria entered by the user. This definition is provided for clarification within the Guidelines and is not defined within the UC Sustainable Practices Policy. 241 of 1132 246 Page 4 of 27 LEEDTM: Leadership in Energy and Environmental Design. LEED is a registered trademark of the U.S. Green Building Council (USGBC). This trademark applies to all occurrences of LEED in this document. LEED is a green building rating system developed and administered by the non-profit U.S. Green Building Council. The four levels of LEED certification, from lowest to highest, are Certified, Silver, Gold, and Platinum. LEED has several rating systems. This Policy refers to the following rating systems: LEED for Interior Design and Construction (LEED-ID+C) for renovation projects; LEED for Building Operations and Maintenance (LEED-O+M) for the ongoing operational and maintenance practices in buildings; and, LEED for Building Design and Construction (LEED-BD+C) for new buildings and major renovations of existing buildings. Location: As used in this Guidelines document, means any or all campuses. At this time, it does not include UC Health locations or the Lawrence Berkeley National Laboratory. This definition is provided for clarification within the Guidelines and defined differently within the UC Sustainable Practices Policy. Punch Out Catalog: Modified from the JAGGAER technical manual, punch-out catalogs are integrated external links to a supplier’s web-based catalog. The user exits the UC’s eprocurement site to search and select products from a supplier’s web catalog, then returns the items to the UC’s eprocurement shopping cart. The selected items are then submitted through the standard requisition/order process. This definition is provided for clarification within the Guidelines and is not defined within the UC Sustainable Practices Policy. Required Level Green Spend criteria: The minimum certification standard required for a product or service category. Required Level Green Spend criteria is laid out in the UC Sustainable Procurement Guidelines. Solicitation: The process of seeking information, bid proposals, and quotations from suppliers. Sustainable Practices Policy: Refers to the University of California Sustainable Practices Policy, Governed by the UC Sustainability Steering Committee. Sustainable Procurement: [Modified from the UK Government’s Sustainable Procurement Task Force (2012)] Purchasing that takes into account the economic, environmental and socially responsible requirements of an entity’s spending. Sustainable Procurement allows organizations to procure their goods and services in a way that achieves value for money on a whole-life basis in terms of generating benefits not only to the organization, but also to society and the economy, while remaining within the carrying capacity of the environment. Sustainable Procurement Working Group (SPWG): Is the working group charged with improving the integration of sustainable principles and practices into the UC’s procurement practices. The SPWG recommends changes to this document to the UC Procurement Leadership Council, and changes to the 242 of 1132 247 Page 5 of 27 UC Sustainable Practices Policy to both the UC Procurement Leadership Council and UC Sustainability Steering Committee. See definitions for UC Procurement Leadership Council and UC Sustainability Steering Committee for more information. This definition is provided for clarification within the Guidelines and is not defined within the UC Sustainable Practices Policy. Sustainable Spend: The intersection of Green and Economically and Socially Responsible (EaSR) Spend. UC Sustainable Spend is defined as spend that meets the criteria and requirements for Green Spend as well as EaSR Spend as laid out in the UC Sustainable Procurement Guidelines. Total Cost of Ownership (TCO): An analysis of cost that considers not only purchase price, but also any costs associated with the acquisition, use, and disposal of the product. These costs may include some or all of the following: freight, taxes and fees, installation, operation/energy use, maintenance, warranty, collection, end-of-life disposal or recycling, as well as social or environmental costs, such as the cost of purchasing pollution offsets or monitoring labor practices. UC Procurement Leadership Council (PLC): Is the system wide leadership council, composed of the Chief Procurement Officer (or equivalent) at each UC campus, charged with developing the overall strategic direction for the UC Procurement Services program that enables the organization to align objectives, initiatives, and projects to deliver on system wide procurement and supply chain initiatives. The PLC is ultimately responsible for the approval of changes and updates to this document. This definition is provided for clarification within the Guidelines and is not defined within the UC Sustainable Practices Policy. This definition is provided for clarification within the Guidelines and is not defined within the UC Sustainable Practices Policy. UC Sustainability Steering Committee: Is the UC system wide committee charged with overseeing updates to and progress against the UC Sustainable Practices Policy. This definition is provided for clarification within the Guidelines and is not defined within the UC Sustainable Practices Policy. 243 of 1132 248 Page 6 of 27 1. Introduction and Document Purpose The University of California’s Sustainable Procurement Guidelines (“Guidelines”) lay out the minimum sustainability requirements for products and services purchased by the University of California and identify those product attributes that are strongly preferred, if not mandatory. The University of California’s Sustainable Procurement Guidelines act as a companion to the Sustainable Procurement Policy and Procedure Sections of the UC Sustainable Practices Policy. In general terms, the UC Sustainable Practices Policy outlines the University’s targets for sustainable procurement as well as requirements for UC sustainable procurement practices, that is the activities of University of California buyers as they relate to sustainable procurement. This Guidelines document breaks down what the University considers to be sustainable at the product, product category, service or industry level. The UC Sustainable Practices Policy prioritizes waste reduction in the following order: reduce, reuse, and then recycle. Accordingly, sustainable procurement should look to reduce unnecessary purchasing first, then prioritize purchase of surplus or multiple use products, before looking at recyclable, compostable, or otherwise sustainable products. 2. Document Guide These Guidelines are intended to be used by the following parties, for the following purposes: 1. University of California, Office of the President, Strategic Sourcing Centers of Excellence and University Campus Procurement Services Departments (not including UC Health locations or the Lawrence Berkeley National Laboratory) a. To educate personnel purchasing on behalf of the University on Required and Preferred Green (environmentally) and Economically and Socially Responsible (EaSR) sustainability criteria to be included in solicitation specifications and reporting. b. To negotiate better pricing for products and services meeting the criteria described throughout these Guidelines and the Sustainable Practices Policy over traditional products and services, where opportunities exist. c. To develop language and specifications for solicitations stating that product and service offerings meeting the criteria described in these Guidelines will be required where they exist. 2. Department Level Buyers a. To educate personnel purchasing on behalf of the University on Required and Preferred environmental (Green) and Economically and Socially Responsible (EaSR) sustainability criteria when making purchasing decisions. 244 of 1132 249 Page 7 of 27 3. Reporting Reporting will be required in line with the University of California sustainable purchasing targets and reporting requirements as outlined in the Sustainable Practices Policy (see III. Policy Text, G. Sustainable Procurement; V. Procedures, G. Sustainable Procurement). Reporting will be based on the percent spend in each of the following categories out of the total addressable spend. Reporting will commence by product or service category based on instruction in the sections below. 1. Green (environmentally preferable) Spend 2. Economically and Socially Responsible (EaSR) Spend 3. Sustainable Spend (the intersection of Green and EaSR Spend) Clarification on each of these spend categories can be found in the sections below. 4. Green Spend Green Spend is defined as spend on products meeting the UC Preferred Level of environmental sustainability criteria (see Table 1 below). The percentage of Green Spend is calculated using the following methodology, for a given product category over a particular period of time: Total spend on items meeting Preferred Level criteria in a given product category x 100 Total Addressable Spend in a given category For example, the percent Green Spend calculation for computer electronics for Fiscal Year 16/17 is: Total Spend on EPEAT Gold registered computers during FY 16/17 x 100 Total Addressable Spend on computers during FY 16/17 In addition to the above calculations, campuses may also calculate the “Dollar not Spent” to add to their overall Green Spend percentage. Please note that calculating the “Dollar not Spent” for an individual campus is optional and not required as part of a sites annual Green Spend reporting. Please see Appendix I – The “Dollar not Spent” and Green Spend to find more information on the various allowable methodologies to calculate the “Dollar not Spent.” A. Green Spend General Criteria Some Green (environmental) sustainability criteria are applicable across all, or a large number of different product or service categories. The following criteria must be applied to all applicable categories, and included in the specifications for all relevant solicitations and contracts. 245 of 1132 250 Page 8 of 27 1. ENERGY STAR® and WaterSense® certified products are required across all applicable product categories where price comparable (based on a total cost of ownership assessment) and consistent with the needs of University researchers, faculty, and staff. 2. Products and packaging shall be free of hazardous additives, including those mixed into the product and those used as surface treatments, unless no feasible alternative exists, and it is determined that the benefit outweighs the risk. Products and packaging must meet all eleven of the Kaiser Permanente Chemicals of Concern Criteria, including, but not limited to. a. Cadmium, mercury, lead, hexavalent chromium, polybrominated biphenyls, and polybrominated diphenyl ethers - All homogenous electronic parts are compliant with all European Union Restriction of the Use of Certain Hazardous Substances (EU RoHS) Directive’s restricted limits (excluding exemptions). b. Polyvinyl chloride (PVC) c. Prop 65 Chemicals - Does not contain intentionally added chemicals listed by the State of California to cause cancer, birth defects, or reproductive harm that require warning or are prohibited from release to the environment under the California Safe Drinking Water and Toxic Enforcement Act of 1986 (Proposition 65). If contains Prop 65 chemicals, supplier must disclose Chemical Abstracts Service (CAS) #'s. d. Persistent, bioaccumulative and toxic chemicals (PBTs) - All homogeneous materials must contain less than 1000 ppm of PBTs. e. Organohalogen-based chemicals (bromine, chlorine, fluorine, and iodine) f. Antimicrobial/antibacterial agents 1 - Does not contain intentionally added antimicrobial/antibacterial agents to reduce surface pathogens. B. Category Specific Criteria Table 1 outlines the environmental sustainability criteria the University uses to define a given product category as “Green,” for purposes of identifying products in hosted and punchout catalogs, and for calculating and reporting on Green and Sustainable Spend. Recognized Certifications - These are reputable third party certifications the UC recognizes for identifying products that may have a reduced impact on humans and/or the environment. At a location’s discretion, products with these certifications can be flagged as “light green” in hosted and punchout catalogs. Required Level - These are the minimum mandatory requirements for each product category, which should be included in all relevant bid solicitations. Products and 1 This includes hand and dish soaps labelled as antibacterial, except where required for use in hospitals and food service settings. Antimicrobials added to raw materials for the sole purpose of preserving the product are exempt, with the exception of triclosan and triclocarban which are explicitly prohibited. 246 of 1132 251 Page 9 of 27 services that fall into these categories but do not meet these minimum requirements will not be listed in UC product catalogs except with the express request of campuses. Products in a given category must meet all required level criteria listed, unless otherwise noted (e.g. if Energy Star and EPEAT Silver are listed, product must have both certifications). Preferred Level - The Preferred Level of criteria is used for calculating Green and Sustainable Spend (see Section 6 below). At a location’s discretion products meeting these criteria may be labelled as “dark green” in hosted and punchout catalogs, and shall be given preference during evaluation in all relevant bid opportunities, where price comparable (based on a total cost of ownership assessment) and consistent with the needs of University researchers, faculty, and staff. Products must meet all applicable Required Level criteria to qualify for Preferred Level criteria. 247 of 1132 252 Page 10 of 27 Table 1 - Category Specific Green Spend Criteria Product or Service Category Recognized Certifications and Standards Required Level (minimum mandatory requirements) Preferred Level Electronics ENERGY STAR ® ENERGY STAR ® ENERGY STAR ® EPEAT EPEAT Bronze EPEAT Gold Cleaning Supplies Green Seal A minimum of 25% of purchases are certified by one of the recognized certifications At least 75% of purchases are certified by of the recognized certifications UL Ecologo EPA Safer Choice FSC (for janitorial paper products) Office Supplies Copy Paper FSC Recycled A minimum of 30% PCRC or agricultural residue content (or GS-07 certified) 100% PCRC or agricultural residue content, or FSC Recycled labelled, with additional preference for paper that is PCF Post-consumer recycled content (PCRC) Processed Chlorine Free (PCF)2 Green Seal (GS-07) Agricultural residue 3 content Paper Office Supplies (other than copy paper) FSC - Chain of Custody A minimum of 30% PCRC 4 100% recycled content with minimum 50% PCRC; 90% PCRC wire components; water-Sustainable Forestry Initiative (SFI) 2 http://www.calrecycle.ca.gov/paper/chlorinefree/default.htm 3 Must come from sustainably grown and harvested, non-GMO sources that do not replace forest stands or food crops 4 Aligns with CA Department of General Services (DGS) Purchasing Standard DGS-441200-A for Paper Product Office Supplies and Northeast Recycling Council (NERC) Model EPP Specifications and Purchasing Guidelines for Office Supplies 248 of 1132 253 Page 11 of 27 Post consumer recycled content (PCRC) based or plant-based adhesives; and additional preference for PCF, FSC, and/or SFI labelled products 5 Total recycled content Processed Chlorine Free (PCF) Green Seal (GS-07) Non-paper Office Supplies Post-consumer recycled content (PCRC) Meets the minimum CPG recycled-content levels for Non-Paper Office Products, and a minimum 30% recycled content for all writing utensils (dry- erase markers, highlighters, markers, pens, and pencils) or other plastic-based accessories Meets the recycled content specifications in the Preferred EPP Specifications as listed by the Northeast Recycling Council (NERC), and free of antimicrobial coatings Total recycled content Non-antimicrobial EPA Comprehensive Procurement Guidelines (CPG) Northeast Recycling Council (NERC) Model EPP Specifications and Purchasing Guidelines for Office Supplies Toner Remanufactured6 Meets one of the recognized standards Meets both of the recognized standards High yield Indoor Furniture GREENGUARD Gold Must meet all of the following: භ GREENGUARD Gold or SCS Indoor Advantage Gold භ Free of the 6 classes of chemicals of Must have at least one of the following additional certifications: භ BIFMA Level certified (preference for 2 or 3) භ C2C Certified SCS Indoor Advantage Gold Cradle to Cradle (C2C) BIFMA Level 5 Modelled from Northeast Recycling Council’s Preferred EPP Specifications for Paper Office Supplies 6 Shall meet the State of California’s Specifications for Remanufactured Toner and Ink Cartridges: https://www.documents.dgs.ca.gov/pd/epp/goods/officesupplies/inktonercartridges/20140902_Ink_Toner_Engin eering_Spec.pdf 249 of 1132 254 Page 12 of 27 Meets the Healthier Hospitals Initiative (HHI) Safer Chemicals Challenge and is listed on the Healthier Hospitals Healthy Interiors Goal website concern as described in Section 7.E. (preference for Silver or Gold) භ HHI compliant with published product list on their website භ FSC Certified wood භ Textiles certified by one of the recognized certifications භ Complete HPD භ Complete Declare label FSC (for products containing wood) Textile certifications: භ GOTS භ Standard 100 by Oeko-Tex භ STeP by Oeko-Tex භ Cradle to Cradle භ Facts Health Product Declaration (HPD) Declare Label Compostable Food Service Ware Biodegradable Products Institute (BPI) Certified Compostable by BPI or GS-35, or made 100% from uncoated, unlined, obviously plant- based material, and appears on the Cedar Grove Accepted Items List Meets additional criteria as described in the Compostable Food Service Ware section below Green Seal GS-35 Cedar Grove Accepted Items List for Commercial Compostability Water Appliances/Fixtures WaterSense® WaterSense® Certified WaterSense® Certified 5. Economically and Socially Responsible Spend Economically and Socially Responsible (“EaSR”) Spend is defined as spend on products or services supplied by a business holding at least one of the UC-recognized classifications or certifications listed below. Recognized Certifications and Standards, listed in Table 2 below, outline the certifications and 250 of 1132 255 Page 13 of 27 criteria that the University uses to define “EaSR” spend. Table 2 also includes a category for Preferred Certifications, which are certifications offered by California government agencies and/or of CA-based businesses. Currently there is no goal set for spend with suppliers meeting Preferred Certification standards. The percentage of EaSR Spend is calculated using the following methodology, for a particular time horizon: Spend on products or services from a business that holds a UC-recognized EaSR certification x 100 Total Addressable Spend A. EaSR Spend Criteria Expenditures on products supplied by businesses holding at least one of the UC-recognized certifications and standards outlined under Recognized Certifications and Standards, see Table 2 below, will be considered EaSR Spend for the purposes of calculating the percent EaSR and Sustainable Spend. Recognized Certifications and Standards - These are reputable government or nationally recognized certifications and criteria the UC recognizes for identifying suppliers that may have a positive impact on society and/or the economy. Suppliers with these certifications should be flagged as a color or symbol differentiated like ‘green spend’ such as yellow in hosted and punchout catalogs. Preferred Certifications - These are reputable government or nationally recognized certifications and criteria the UC recognizes for identifying suppliers that may have a positive impact on society and/or the economy within California specifically. Suppliers with these certifications should be flagged as a color or symbol differentiated like ‘green spend’ such as yellow in hosted and punchout catalogs. Table 2 - EaSR Spend Criteria Business Classification Recognized Certifications and Standards Preferred Certifications Small Business Enterprise All government agency certifications and accepted third party certifiers such as: භ SBA-approved Third Party Certifiers Note that self-certification in SAM is accepted as well as any other small business certifications that also certify a businesses status as socially and economically disadvantaged such as (WOSB, SDVOSB, DBE, etc.) CA DGS certification or California state or local agency certification HUBZone certified SBA 8(a) 251 of 1132 256 Page 14 of 27 Disadvantaged Business Enterprise All government agency certifications All government agency certifications accepted, but principal office of business must be located in California and owners (officers, if a corporation) domiciled in CA. Women-owned Business Enterprise All government agency certifications All government agency certifications accepted, but principal office of business must be located in California and owners (officers, if a corporation) domiciled in CA. Minority Business Enterprise All federal, state and local government agency certifications භ State and Local Government Certifying Agencies භ Federal includes (SBA 8(a), EPA, etc.) All government agency certifications accepted, but principal office of business must be located in California and owners (officers, if a corporation) domiciled in CA. Veteran-owned Business Enterprise All government agency certifications All government agency certifications accepted, but principal office of business must be located in California and owners (officers, if a corporation) domiciled in CA. Service Disabled Veteran-owned Business Enterprise All government agency certifications DGS DVBE 6. Sustainable Spend Sustainable Spend is the intersection of Green and EaSR Spend. UC Sustainable Spend is defined as spend that meets the criteria and requirements in Section 4 for Green Spend and Section 5 for EaSR Spend (simultaneously). Thus, Sustainable Spend is defined as the expenditures on products in a particular product category that are supplied by a business holding one of the UC-recognized EaSR certifications, in addition to meeting the Preferred Level Green Spend criteria from Table 1. 252 of 1132 257 Page 15 of 27 An example of the percentage of Sustainable Spend calculated for computers (Figure 1) over a particular time horizon would be: Expenditures on EPEAT Gold certified computers from SBE businesses x 100 Total Addressable Spend on computers Figure 1. Sustainable Spend for Computers 7. Category Specific Specifications These additional guidelines and specifications should be used during solicitations, contracting and as a reference when making department purchases.Minimum requirements for each product category are outlined in column three of table one. The below items are recommended for inclusion in RFPs. Other than those items referred to in Policy as mandatory, project teams need to determine which of the below items will be mandatory and preferred during the RFP development phase. A. Electronics Electronics includes any product for which an EPEAT certification is available. EPEAT currently includes product ratings for PCs and Displays (including tablets), Imaging Equipment (which includes printers, 253 of 1132 258 Expenditures on computers from socially/economically certified businesses Total Expenditures on computers Expenditures on computers that are EPEAT Gold certified Page 16 of 27 copiers, scanners and multifunction devices) and Televisions. Environmental leadership standards are currently under development with the intent to form the basis of future EPEAT categories for Mobile Phones, Servers and other electronic products (https://www.epeat.net/about-epeat/). Registration criteria and a list of all registered equipment are provided on the EPEAT registry. In addition to the criteria established in Table 1, the University will ensure the following: 1. In accordance with Policy, all recyclers of the University’s electronic equipment must be e- Steward certified by the Basel Action Network (BAN) (www.ban.org). In cases where the University has established take-back programs with a manufacturer, the University will require the manufacturer to become a BAN-certified e-Steward Enterprise (e-Stewards for Enterprises). 2. Printers and copiers must have duplex printing capabilities and hold their warranty while using 100% recycled content paper. 3. Suppliers shall be required to deliver items to the University with energy efficiency and duplex printing functions enabled. a. Departments will work with their IT departments to ensure that features remain enabled for the duration of the product’s use. B. Cleaning Supplies Cleaning supplies include general purpose bathroom, glass and carpet cleaners; degreasing agents; biologically-active cleaning products (enzymatic and microbial products); floor-care products (e.g. floor finish and floor finish strippers); hand soaps and hand sanitizers; disinfectants; and metal polish and other specialty cleaning products. Also included are janitorial paper products such as toilet tissue, tissue paper, paper towels, hand towels, and napkins. Other janitorial products and materials (e.g. cleaning devices that use only ionized water or electrolyzed water) are excluded from this category.7 Disinfectants All disinfectants must be EPA-registered, and contain only the following active ingredients: hydrogen peroxide, citric acid, lactic acid, thymol, or caprylic acid. As there is no sustainability certification for disinfectants, in order to increase your % Green Spend for Cleaning Supplies and follow green cleaning practices, it is recommended that each site assess its current usage and application of disinfectants. Disinfectant use should be limited to high-risk surfaces [locations where there is a higher risk for blood borne incidents, skin contact (MRSA risk), or contact with feces and body fluids] and where required by regulation. Microbes can be effectively removed from high-touch surfaces touched by multiple people throughout the day (door handles, faucet handles, handrails, drinking fountains etc.) by frequent and proper cleaning with a regular cleaning product.8 7 Based on STARS Technical Manual Version 2.1, Administrative Update Three, July 2017 8 UMass Lowell Toxics Use Reduction Institute’s Guide to Safe and Effective Cleaning and Disinfecting: https://www.turi.org/Our_Work/Cleaning_Laboratory/Resources_and_Information/Disinfection/Guide_to_Safe_a nd_Effective_Cleaning_and_Disinfecting 254 of 1132 259 Page 17 of 27 C. Office Supplies Copy paper - refers to standard office printing and copy paper. Paper Office Supplies - includes Writing Paper (pads), Packing Paper, Folders, Letter folders, Expandable Filing Folders, Hanging folders or accessories, binders and indexes, Hanging Folders, Dividers, File Pockets, Standard Envelopes, Packaging Carton, Mailers, Easel Pads, Sticky Note, Storage Boxes, Desk Pad Calendar. Non-paper Office Supplies - includes binders, clipboards, file folders, clip portfolios, presentation folders, plastic desktop accessories (desk organizers, desk sorters, desk and letter trays, and memo, note and pencil holders etc.), plastic envelopes, and writing utensils (dry-erase markers, highlighters, markers, pens, and pencils). Toner - Additional recommendations can be found from the State of New York’s Approved Specifications for Monochrome Toner Cartridges: https://www.ogs.ny.gov/greenny/specs/green-specs- MonochromeTonerCartridge.asp E. Indoor Furniture Furniture includes individual (e.g. task chair) and group seating; open-plan and private-office workstations; desks of all types, tables of all types; storage units, credenzas, bookshelves, filing cabinets and other case goods; integrated visual display products (e.g. markerboards and tackboards, excluding electronic display products); hospitality furniture; and miscellaneous items such as mobile carts, freestanding screens, and movable partitions. Movable partitions include office furniture system cubicle panels that are typically integrated with work surfaces, desks, and storage furniture. Furniture does not include office accessories, such as desktop blotters, trays, tape dispensers, waste baskets, all electrical items such as lighting and small appliances, and accessories such as aftermarket keyboard trays, monitor stands and monitor arms. The University shall prefer furniture meeting specifications for the following hazardous chemical classes: 1. Flame Retardants: All furniture shall be free of flame retardant chemicals at levels above 1,000 parts per million in both standard and optional components, excluding electrical components. a. All upholstered seating subject to TB 117-2013 shall be labeled as not containing flame retardant chemicals consistent with the manner described in Section 19094 of the California Business and Professions Code. b. A product may contain flame retardants if required to meet code or regulation (e.g., TB 133 or ASTM E 1537), in accordance with the following criteria: i. No halogenated flame retardant chemical may be used at levels above 1,000 parts per million by weight of the homogeneous material, excluding electrical components. 255 of 1132 260 Page 18 of 27 ii. Products that contain flame retardant chemicals that have been fully assessed using GreenScreen v1.2 (or newer) and meet the criteria for benchmark 2, 3, or 4 will be preferred. 2. Formaldehyde and Volatile Organic Compounds (VOCs): All furniture shall comply with ANSI/BIFMA e3-2014 Furniture Sustainability Standard, Sections 7.6.1 and 7.6.2, using either the concentration modeling approach or the emissions factor approach. a. Test results shall be modeled using the open plan, private office, or seating scenario in ANSI/BIFMA M7.1, as appropriate. b. Furniture products that additionally meet ANSI/BIFMA e3-2014 Section 7.6.3 and/or California Department of Public Health Standard Method v1.1 (emission testing method for California Section 01350) are preferred. c. Salvaged and refurbished furniture more than one-year old at the time of re-use is considered compliant, provided it meets the requirements for any site-applied paints, coatings, adhesives, and sealants. d. All composite wood materials, including hardwood plywood, particleboard, or medium density fiberboard, used in office, classroom, or healthcare furniture shall comply with Phase 2 of California’s Code of Regulations, Title 17 §93120.2 – Airborne Toxic Control Measure to Reduce Formaldehyde Emissions from Composite Wood Products. 3. Per and Poly-Fluoroalkyl Substances (PFASs) used as stain/water/oil resistant treatments: All furniture shall be free of any long- and/or short-chain per- and poly-fluorinated alkyl compounds and fluorinated polymers used as stain, water, or oil resistant treatments above 100 ppm by weight of the homogenous material. 4. Antimicrobials: All furniture shall be free of any added or built-in chemical antimicrobials. Antimicrobials added to raw materials for the sole purpose of preserving the product are exempt, with the exception of triclosan and triclocarban which are explicitly prohibited. 5. Polyvinyl Chloride (PVC): All furniture shall be free of polyvinyl chloride (PVC) greater than 1% of product by weight, excluding electrical components. Electrical components that are free of PVC are preferred. 6. Heavy Metals: All furniture shall be free of any heavy metals, including hexavalent and trivalent chromium, in concentrations greater than 100 ppm. F. Compostable Food Service Ware Compostable food service containers and packages that have recycled and/or sustainably harvested content are preferred wherever possible. 1.All products must be certified compostable by the Biodegradable Products Institute (BPI) or Green Seal GS-35, proving that the finished product meets ASTM standards D6400 or D6868 for compostability. BPI-certified products can be accessed at: http://products.bpiworld.org/. Documentation may be required. 256 of 1132 261 Page 19 of 27 2.Products made 100% from paper, wood, bamboo or other obviously plant-based material, that are uncoated, unlined, or clay-coated (such as wooden stir sticks or uncoated paper plates) automatically meet this commercial compostability requirement without certification, so long as they appear on the Cedar Grove Accepted Items list for commercial compostability (https://cedar-grove.com/compostable/accepted-items), and the material type is disclosed. 3.Products with polyethylene liners are not compostable, and therefore do not meet the intent of these specifications. 4.Products shall not contain highly hazardous additives, including but not limited to persistent, bioaccumulative, or toxic chemicals (PBTs); carcinogens; mutagens; reproductive toxins, organohalogen-based chemicals (bromine, chlorine, fluorine or iodine); and endocrine disruptors. 5.Products shall not contain polyvinyl chloride (PVC), acrylonitrile butadiene styrene (ABS), polycarbonate (PC), polyurethane (PU), or any fluorinated chemicals. If product is fiber-based (including paper), ask for identification of the type of grease barrier or coating used. 6.Product is manufactured entirely with chlorine-free processing, meaning that no chlorine or chlorine compounds were used during manufacturing. Products may be unbleached or whitened in a chlorine-free process (if certified process chlorine-free). 7.Paper products are made from 40% post-consumer recycled content or 100% total recycled content (pre- or post- consumer), unless intended for hot beverages, in which case they are made from a minimum of 10% post-consumer recycled content. Bidder should disclose the amount and type of recycled content. 8.Non-cutlery products contain at least 90% biobased carbon content; cutlery products contain at least 70% biobased carbon content. Bidder can provide documentation demonstrating that its biobased carbon content meets the above specifications through one of the following: a.ASTM Standard D6866 laboratory test data b.USDA’s BioPreferred Label c.Products made of 100% uncoated wood, bamboo, paper or other obviously fiber-based material will automatically meet these biobased content requirements. Samples may be requested. 9.Product shall not contain added engineered nanomaterials. 10.Product materials were sustainably produced and are certified as one of the following: a.Forest Stewardship Council (FSC) b.Protected Harvest c.Rainforest Alliance d.Fair Trade USA 11.Feedstock and final product are produced in North America. 12.Product material grown without genetically modified organisms and certified to be GMO-free by one of the following: a.Non-GMO Project Verified (www.nongmoproject.org) b.CERT ID NonGMO c.ProTerra Certifications (www.geneticid.com/services/certification) 257 of 1132 262 Page 20 of 27 13.Product is made from sustainably grown, non-food agricultural resources such as perennial biomass crops and sustainably harvested residues (for more information, see the Sustainable Bioplastic Guidelines: https://healthybuilding.net/uploads/files/sustainable-bioplastic-guidelines.pdf 14.Product is EcoLogo or Green Seal-certified by one of the following: a.EcoLogo CCD-084 (Table Napkins), b.EcoLogo CCD-085 (Kitchen Towels), c.EcoLogo CCD-086 (Hand Towels), d.Green Seal GS-1 (Sanitary Paper Products), e.Green Seal GS-9 (Paper Towels and Napkins), f.Product meets the standard for biodegradability in the marine environment (ASTM D7081-05). 15.Inks for printing and graphics are vegetable-based and approved for use by U.S. Food and Drug Administration, where required. G. Water Appliances/Fixtures This category includes all products covered by WaterSense including residential toilets, showerheads, bathroom faucets, commercial toilets, urinals, pre-rinse spray valves, irrigation controllers, and spray sprinkler bodies. 8. Best Practices for Procurement Services 9 1. Market basket lists can be used as a tool for increasing the purchase of sustainable products at competitive and affordable prices. By only including products meeting the Required and Preferred Level of sustainability criteria in a market basket list, the University may be able to achieve reduced rates that will in turn direct spend towards sustainable products over conventional products. Allowing for revisions to the market basket beyond traditional changes in volume/spend patterns may allow for more competitive pricing on newly added sustainable items. 2. Through solicitation specifications and contract provisions, suppliers are required to: a. Clearly identify UC-recognized “light green” and “dark green” sustainable items in product catalogs. b. Ensure that any additional sustainability symbols/icons/certifications are displayed along with attribute details per product (e.g. a product with a recycled content symbol must also have in its product description details about the % total recycled content and % post consumer recycled content). c. Offer capabilities to: 9Modified from: https://nerc.org/documents/EPP/Office%20Supplies/EPP%20Specs%20- %20Office%20Supplies.pdf 258 of 1132 263 Page 21 of 27 i. Block and/or restrict pre-identified conventional items from being purchased online so University employees are compelled to purchase products that are in compliance with UC’s Sustainable Procurement Policies and Guidelines. ii. Auto-substitute pre-identified conventional products with sustainable products on the market basket list when end-user places conventional item in online cart. d. Make sustainable items display first in online catalog search results, or make them easily found within online product catalogs through effective search tools, search filters, and related navigational tools. e. Incentivize consolidated deliveries whenever feasible (e.g. deliveries only on certain days of the week or reduced pricing for consolidated shipping). i. Document or illustrate how the delivery consolidation method reduces the UC and supplier’s carbon footprint (e.g. reduction in fossil fuel use, carbon emissions, packaging materials, or on-site vehicle traffic). f. Use only delivery service companies that are participants in EPA’s Smartway Program. 3. LEED credits should be incorporated into all materials procurement associated with new facility constructions and major renovations.10 9. Certification and Standards Definitions a.BIFMA Level® - BIFMA Level is a multi-attribute furniture certification based on the ANSI/BIFMA e3 standard, addressing material use, energy, atmosphere, human and ecosystem health, and social responsibility at the product, facility, and organizational level. Certification is based on a points system with three levels of achievement, from Level 1 through Level 3. b.Biodegradable Products Institute (BPI) - BPI is a non-profit organization with the largest certification program for compostable products and packaging in North America. Their single-attribute certification indicates compliance with the ASTM D6400 and/or D6868 standards for commercial compostability. c.Cradle to Cradle TM - Cradle to Cradle is a multi-attribute standard that evaluates a wide range of products across five categories of human and environmental health, including Material Health, Material Reutilization, Renewable Energy and Carbon Management, Water Stewardship, and Social Fairness. Product certification is awarded at five levels, from Basic to Platinum, with an emphasis on continuous improvement. d.ENERGY STAR ® - Energy Star is a standard for energy efficient consumer products administered by the U.S. Environmental Protection Agency and the U.S. Department of Energy. e.EPA Safer Choice - Formerly known as Design for the Environment (DfE), the Safer Choice label is the U.S. Environmental Protection Agency’s program to identify products with safer chemical ingredients.11 10 https://www.phoenix.gov/oepsite/Documents/070520.pdf 11 Definition taken from STARS Technical Manual Version 2.1, Administrative Update Three, July 2017 259 of 1132 264 Page 22 of 27 f.EPEAT ® - The Electronic Product Environmental Assessment Tool is a method for consumers to evaluate the effect of a product on the environment. It ranks products as gold, silver or bronze based on a set of environmental performance criteria. It is managed by the Green Electronics Council. g.FACTS - Facts is a sustainability certification program for commercial textiles, recognizing textiles conforming to the NSF/ANSI 336 multi-attribute standard, evaluating a textile for environmental, economic and social aspects across its life cycle. Facts utilizes four conformance levels from Compliant to Platinum. h.Forest Stewardship Certification - The Forest Stewardship Council (FSC) is an independent, non-profit organization that protects forests for future generations. FSC Chain-of-Custody certification traces the path of products from forests through the supply chain, verifying that FSC-certified material is identified or kept separated from non-certified material throughout the chain. FSC Forest Management certification confirms that a specific area of forest is being managed in line with the FSC Principles and Criteria.12 i. FSC Recycled - The FSC Recycled on-product label means all the wood or paper in the product comes from reclaimed (re-used) material.13 i.Global Organic Textile Standard (GOTS) - GOTS is a textile processing standard for organic fibres, which includes both ecological and social criteria, from harvesting of raw materials through manufacturing and labelling. j.GREENGUARD ® - The GREENGUARD Environmental Institute certifies products and materials for low chemical emissions. Greenguard Gold ensures that a product is safe for use in schools and healthcare facilities, and is referenced by LEED. k.Green Seal ® - Green Seal is an independent nonprofit organization “dedicated to safeguarding the environment and transforming the marketplace by promoting the manufacture, purchase, and use of environmentally responsible products and services.” The Green Seal certification is based on multi-attribute environmental standards that meet the ISO 14024 standards for eco-labeling.14 l.Healthier Hospitals Healthy Interiors Goal (HHI) - The Healthy Interiors Goal aims to promote public and environmental health, and urge the furnishings market to develop safer products, while reducing disposal costs and liability. Furniture and textiles that meet the Healthy Interiors Goal claim contain no formaldehyde, perfluorinated compounds, polyvinyl chloride, antimicrobials, or flame retardants above the specified minimum levels. Products meeting the Goal must be listed on the website, and are not verified. m.Process Chlorine Free (PCF) - PCF means that no chlorine or chlorine derivatives were used in the recycling process. Paper that was originally bleached with chlorine or chlorine derivatives may be used as feedstock, however. Only paper that is “totally 12 Ibid 13 https://ic.fsc.org/en/choosing-fsc/fsc-labels 14 Definition taken from STARS Technical Manual Version 2.1, Administrative Update Three, July 2017 260 of 1132 265 Page 23 of 27 chlorine-free” (TCF) is produced with pulp that has been bleached without any type of chlorine or chlorine derivative, or has not been bleached.15 n.STANDARD 100 by OEKO-TEX® - Certification for raw, semi-finished, and finished textile products at all processing levels, as well as accessory materials used. Criteria focuses on product safety based on test criteria for numerous harmful chemicals. o.STeP by OEKO-TEX® - STeP assesses against criteria for sustainable, environmentally and socially responsible textile and apparel production and logistic sites, addressing the reduction of hazards and risks throughout the production chain, with the goal of improving factory resource efficiency. p.UL Ecologo - The UL Environment ECOLOGO program certifies products, services and packaging for reduced environmental impact. ECOLOGO Certifications are voluntary, multi-attribute, lifecycle based environmental certifications that meet the ISO 14024 standards for eco-labeling.16 q.WaterSense® - WaterSense is a U.S. Environmental Protection Agency program designed to encourage water efficiency in the United States through the use of a special label on consumer products. 10. Approval procedure updates and changes Changes to this document must be approved by the UC Procurement Leadership Council (PLC) on the recommendation of the Sustainable Procurement Working Group. 11. Change Log Approval Date Summary of Changes Approved by Product Categories Impacted Start Date for Reporting on New or Updated Categories 8/10/18 Implementation of UC Sustainable Procurement Guidelines UC Procurement Leadership Council Electronics, Cleaning Supplies, Copy Paper, Paper Office Supplies (other than copy paper), Non-paper Office Supplies, Toner, Indoor Furniture, Compostable Food Service Ware, Water Appliances/Fixtures 7/1/2018 15 http://www.calrecycle.ca.gov/paper/chlorinefree/default.htm 16 Definition taken from STARS Technical Manual Version 2.1, Administrative Update Three, July 2017 261 of 1132 266 Page 24 of 27 Appendix I - The “Dollar not Spent” and Green Spend As with waste, the hierarchy of environmentally sustainable spend starts with reduce and reuse. As such, in the assessment of Green Spend, the “dollar not spent” can be included in Green spend calculations. This concept is addressed in the following section. Please note that calculating the “Dollar not Spent” for an individual campus is optional and not required as part of a sites annual Green Spend reporting (outlined in section 4. Green Spend above). How to calculate the dollar not spent: Items that are not purchased due to education and reduction activities and/or items that are reused on campus may be added to the Green Spend calculation at a location’s discretion. The process for adding these to the Green Spend calculation is as follows: Green Spend purchase per category + approximate market value of goods not purchased x 100 Addressable spend per category + approximate market value of goods not purchased To determine the approximate value of goods not purchased, locations should use an appropriate combination of the below methodologies: Method 1: Reuse (for example, goods reused from surplus operations) STEP 1. Determine the current market value of the goods were they to be purchased new. STEP 2. Sum the product cost (quantity of goods x current market value of goods). STEP 3. Include the current market value of goods in the numerator and denominator of the Green Spend calculation. Where: Current market value of goods is to be determined as the average purchase price of the equivalent good available on system wide contracts (or an average market value of equivalents if no system wide contract exists). Method 1 Example: 4 desks and 3 desk chairs re-used on campus in surplus operations. STEP 1: Determine the average cost for the 4 desks and 3 desk chairs from relevant system wide contracts (e.g. average cost of desk is $2000 each, average cost of chair is $1,500 each). STEP 2. Sum the product cost of the items (4 x $2,000) + (3 x $1,500) = $12,500 STEP 3. Include the market value of the goods in the numerator and denominator for the calculation for green spend; Green Spend purchase per category + $12,500 x 100 Addressable spend per category + $12,500 262 of 1132 267 Page 25 of 27 Method 2: Normalized Reduction in Purchase of Commodity Goods Where: Product use (goods purchased) is a function of the number of staff/users. STEP 1. Determine the quantity of goods purchased per driver in a baseline year: Equation: Baseline quantity of goods consumed Baseline quantity of driver For example: Baseline # reams of copy paper purchased Baseline # Full Time Equivalent staff Baseline # gallons of cleaning products purchased Baseline # square feet of cleaned space STEP 2. Determine the quantity of goods purchased per driver in the current year using equations as above: Equation: Current quantity of goods purchased Current quantity of driver For example: Current # reams of copy paper purchased Current # Full Time Equivalent staff Current # gallons of cleaning products purchased Current # square feet of cleaned space STEP 3. Determine the total difference in the quantities of goods purchased between the baseline and current years (savings) using the following equation: Equation: Current quantity of driver x (Baseline quantity of goods per driver - Current quantity of goods per driver) Example: Paper: Current number of FTEs x (Baseline number of reams of copy paper purchased per FTE - Current number of reams of copy paper purchased per FTE) Cleaning: Current number of sq. ft. cleaned x (Baseline number of gallons of cleaning product purchased per sq. ft. cleaned - Current number of gallons of cleaning product purchased per sq. ft. cleaned) STEP 4. Determine the value of savings based on the current market value of goods. STEP 5. Include the current market value of goods in the numerator and denominator of the Green Spend calculation. Where: 263 of 1132 268 Page 26 of 27 Current market value of goods: is to be determined as the average price of the equivalent good available on system wide contracts (or an average market value of equivalents if no system wide contracts product available). Note that if the purchase of one commodity is replaced with purchase of a different (but similar) commodity, this should not be considered a reduction. Method 2 Example (Using copy paper as example good): STEP 1: Determine the quantity of goods purchased per driver in baseline year Baseline year: 2005/06 FY Quantity of goods purchased: 500 reams of copy paper/year Driver: 800 Full Time Equivalent staff Number of reams of copy paper purchased per FTE: 500/800 = .625 reams per FTE STEP 2: Determine the quantity of goods purchased per driver in current year Current year: 2017/18 FY Quantity of goods purchased: 500 reams of copy paper/year Driver: 1500 Full Time Equivalent staff Number of reams of copy paper purchased per FTE: 500/1500 = .33 reams per FTE STEP 3: Determine savings per driver between baseline and current year Current # FTEs x (reduction in reams per FTE) = 1500 FTEs x (.625 reams per FTE - .33 reams per FTE) = 421.5 reams of paper STEP 4: Determine the average value of the savings/reduction Average value of a ream of paper in UC contract:$5 $5 x 421.5 reams of paper = $2,107.5 STEP 5: Add the value of the reduction to both the numerator and the denominator of the Green Spend equation for the product category Green Spend purchase per category + $2,107.5 x 100 Addressable spend per category + $2,107.5 Method 3: Replacement of disposables with reusables If successful methods have been found to identify reuse numbers where disposables were the standard business as usual, the market value of these disposables may be used in Green Spend calculations. An example of this might be the use of reusable to-go containers at dining locations where reusables are “checked out,” so specific numbers of reusables are available. 264 of 1132 269 Page 27 of 27 In these cases, the value of the disposables displaced may be considered Green Spend and added to the numerator and the denominator for the Green Spend calculation. The process for calculating this is as follows: STEP 1. Determine number of goods displaced. STEP 2. Determine value of goods displaced per unit. STEP 3. Calculate total value of goods displaced (number of goods displaced) x (value of goods displaced per unit) STEP 4. Include the current market value of goods in the numerator and denominator of the Green Spend Calculation. Method 3 Example: For this example, a dining operation uses reusable to-go containers and tracks their usage. 500 reusable to-go containers are used in a year. STEP 1. Determine number of goods displaced From the example above, 500 to-go containers are displaced STEP 2. Determine value of goods displaced per unit Alternative compostable to-go containers cost $0.20 each (on system wide or local contract). STEP 3. Calculate total value of goods displaced 500 compostable to-go containers x $0.20/container = $100 STEP 4: Add the value of the savings/reduction to both the numerator and the denominator of the Green Spend equation for the product category: Green Spend purchase per category + $100 x 100 Addressable spend per category + $100 265 of 1132 270 Questionnaire Name : Sustainability (Accessibility Questionnaire) Description : ADA Compliance - Evaluation Type : Technical Section 1. Devices Description Accessibility Q1. Products should be accessible to people with disabilities and comply with California Building Code 2016 for "forward reach” (11B-308.2) and for “side reach” (11B-308.3); do you convey information about accessibility clearly to buyers, please explain? If not, how do buyers get this information to make an informed purchase decision? (Response Type : Multi Line Text) Weight 5% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: Attachments : Q2. Do the devices have speech recognition modules? Please describe. (Response Type : Multi Line Text) Weight 10% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: Attachments : Q3. Do the devices have braille keypad templates? Please describe. (Response Type : Multi Line Text) Weight 10% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: Attachments : Q4. Do the devices have tactilely discernable buttons? Please describe. (Response Type : Multi Line Text) Weight 10% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: 266 of 1132 271 Attachments : Q5. Will the accessibility features referenced in questions 2, 3 and 4 be available at no additional cost to UC? (Response Type : Multi Line Text) Weight 5% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: Attachments : Q6. Will OCR be available on all scanners at no additional cost to UC? Please describe. (Response Type : Multi Line Text) Weight 10% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: Attachments : Q7. If a device has scanning functionality, does the device have OCR capabilities? Can the OCR capability be turned on/off by the user? Please describe. (Response Type : Multi Line Text) Weight 10% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: Attachments : Q8. Can the OCR capability be set as a default by the installer? Please decribe. (Response Type : Multi Line Text) Weight 5% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: Attachments : Q9. On the devices proposed on this RFP, provide information about the impact of the OCR process on file size or other document properties, emailing, uploading, and other functionality. (Response Type : Multi Line Text) Weight Mandatory Supplier Attachments Evaluation Type 267 of 1132 272 5%Yes Allowed Score Current Stage Reference: Attachments : Section 2. Services Description Accessibility Q10. On devices with scanning functionality, will the installer or repair person ensure that a one- page instructional flyer is posted at the device that explains why OCR is critical to make PDFs accessible to people with disabilities and instructs the user how to easily turn the OCR capability on/off? Please explain (Response Type : Single Line Text) Weight 12% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: Attachments : Q11. Will the OCR software be updated on a regular basis? How often is it updated today? (Response Type : Single Line Text) Weight 3% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: Attachments : Q12. Do installers inform customers that all floor-standing devices should have sufficient clearance for wheelchair access? (Response Type : Single Line Text) Weight 3% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: Attachments : Q13. Are accessibility features for each product identified in the online form/ecatalog? Please describe. (Response Type : Single Line Text) 268 of 1132 273 Weight 9% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: Attachments : Q14. Are the billing and usage software and reports (e.g., ability to check copy balances, add funds) accessible to people with disabilities per WCAG 2.0 AA? (Response Type : Single Line Text) Weight 3% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: Attachments : 269 of 1132 274 Questionnaire Name : Sustainability (Security Questionnaire) Description : UC Data Security Evaluation Type : Technical Q1. Provide a description of MFD products and MFD services offered. (Response Type : Multi Line Text) Weight 4.75% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: Attachments : Q2. Provide the types of UC data collected by the MFD Supplier via MFD products and services offered (examples: via customer support portals, UC data sent from MFD to SaaS for troubleshooting). (Response Type : Multi Line Text) Weight 4.75% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: Attachments : Q3. Provide a current network topology diagram of any Supplier on-premise IT or SaaS offerings supporting products and services offered (if applicable). (Response Type : Multi Line Text) Weight 4.75% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: Attachments : Q4. Were 3rd party assessments or certifications completed regarding the products or services offered (examples: IEEE 2600; UL 2900 series, SOC2 Type 2 for SaaS)? If so, please provide. (Response Type : Multi Line Text) Weight 4.75% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: Attachments : Q5. Provide the latest Supplier Information Security Plan or security documentation related to the 270 of 1132 275 products or services offered. (Response Type : Multi Line Text) Weight 5% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: Attachments : Q6. Provide the latest Supplier Incident Response Plan as related to products or services offered. (Response Type : Multi Line Text) Weight 4.75% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: Attachments : Q7. Did your company experience any security incidents in the last five years? If so, please describe. (Response Type : Multi Line Text) Weight 4.75% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: Attachments : Q8. If Supplier has on-premise IT or SaaS that supports products and services offered to UC, provide the last 2 consecutive, credentialed vulnerability scan summaries. (Response Type : Multi Line Text) Weight 4.75% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: Attachments : Q9. If Supplier has on-premise IT or SaaS that supports products and services offered to UC, provide the latest penetration testing report summary. (Response Type : Multi Line Text) Weight 4.75% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: Attachments : 271 of 1132 276 Q10. Regarding the supplier’s MFD, describe the ability to update the firmware. (Response Type : Multi Line Text) Weight 4.75% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: Attachments : Q11. Regarding the supplier’s MFD, describe the ability to disable unneeded services, ports, protocols, and features. (Response Type : Multi Line Text) Weight 4.75% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: Attachments : Q12. Regarding the supplier’s MFD, describe the ability to restrict access to the device based on IP and MAC address. (Response Type : Multi Line Text) Weight 4.75% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: Attachments : Q13. Regarding the supplier’s MFD, describe the ability to allow setting and changing of the authentication information (e.g., passwords and community strings) for all management services. (Response Type : Multi Line Text) Weight 4.75% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: Attachments : Q14. Regarding the supplier’s MFD, describe the ability to prevent unauthorized physical access to the hard drive using either a locking mechanism or other physical access control measure. (Response Type : Multi Line Text) Weight Mandatory Supplier Attachments Evaluation Type 272 of 1132 277 4.75%Yes Allowed Score Current Stage Reference: Attachments : Q15. Regarding the supplier’s MFD, describe the ability to implement authenticated access to management controls, allowing access to authorized administrators based on privilege assignments. (Response Type : Multi Line Text) Weight 4.75% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: Attachments : Q16. Regarding the supplier’s MFD, describe the ability to enable and configure audit logging (Syslog capability preferred). (Response Type : Multi Line Text) Weight 4.75% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: Attachments : Q17. Regarding the supplier’s MFD, describe the ability to use of industry standard encryption algorithms for at rest and in motion services. (Response Type : Multi Line Text) Weight 4.75% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: Attachments : Q18. Regarding the supplier’s MFD, describe how cache is cleared. (Response Type : Multi Line Text) Weight 4.75% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: Attachments : 273 of 1132 278 Q19. Regarding the supplier’s MFD, describe how UC information will be protected during maintenance/servicing or when components such as storage devices are replaced. (Response Type : Multi Line Text) Weight 4.75% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: Attachments : Q20. Regarding the supplier’s MFD, describe Supplier accounts for maintenance/servicing. (Response Type : Multi Line Text) Weight 4.75% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: Attachments : Q21. All MFD/Laser printers equipped with hard drives must: isolate any incoming FAX line from all hardware that has network access. MFDs must have no physical or data connection between the Page Memory (or Temporary Data Storage) and the FAX controller. Provide on/off (switchable) control of read/write access to the device from portable media (e.g., SD cards, USB drives, etc.) Be able to have their hard drives removed by a vendor technician and surrendered to UC at the end of a lease, cost-per-copy agreement, or at trade-in (or at any time, for any reason, an MFD and/or Laser Printer is removed from UC) at no additional cost to UC. Please describe each and confirm that the devices meet or exceed these requirements. (Response Type : Single Line Text) Weight 4.75% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: Attachments : 274 of 1132 279 Questionnaire Name : Sustainability Questionnaire Description : Social, Economic, Environmental Evaluation Type : Technical Q1. Please confirm your commitment to comply with Article 25 - Fair Wage/Fair Work of the UC Terms and Conditions which states: If the Services will be performed at one or more UC Locations, do not solely involve furnishing Goods, and are not subject to extramural awards containing sponsor-mandated terms and conditions, Supplier warrants that it is in compliance with applicable federal, state and local working conditions requirements, including but not limited to those set forth in Articles 11, 12 and 14 herein, and that Supplier pays its employees performing the Services no less than the UC Fair Wage. Supplier agrees UC may conduct such UC Fair Wage/Fair Work interim compliance audits as UC reasonably requests, as determined in UC’s sole discretion. Supplier agrees to post UC Fair Wage/FairWork notices, in the form supplied by UC, in public areas (such as break rooms and lunch rooms) frequented by Supplier employees who perform Services. For Services that exceed $100,000 annually and are not subject to prevailing wage requirements, Supplier will, a) at Supplier’s expense, provide an annual independent audit performed by Supplier’s independent auditor or independent internal audit department (http://na.theiia.org/standards- guidance/topics/Pages/Independence-and-Objectivity.aspx) in compliance with UC’s required audit standards and procedures (http://www.ucop.edu/procurement-services/_files/fw-fw-annual-audit- standards-procedures.pdf), concerning Supplier’s compliance with this provision, and b) ensure that in the case of a UC interim audit, its auditor makes available to UC its UC Fair Wage/Fair Work work papers for the most recently audited time period. Supplier agrees to provide UC with a UC Fair Wage/Fair Work certification annually, in a form acceptable to UC, no later than ninety days after each one year anniversary of the agreement’s effective date, for the twelve months immediately preceding the anniversary date. (Response Type : Drop Down) Weight 10% Mandatory Yes Supplier Attachments Not Allowed Evaluation Type Score Current Stage Reference: Attachments : Responses Options : Yes Score : 5 No Score : 1 Q2. Please confirm your company's commitment to comply Article 17. E. Forced Conflict and Indentured Labor of the UC Terms and Conditions which states: Forced, Convict and Indentured Labor. Supplier warrants that no foreign-made Goods furnished to UC pursuant to the Agreement will be produced in whole or in part by forced labor, convict labor, or indentured labor under penal sanction. If UC determines that Supplier knew or should have known that it was breaching this warranty, UC may, in addition to terminating the Agreement, remove Supplier from consideration for UC contracts for a period not to exceed one year. This warranty is in addition to any applicablewarranties in Articles 6 and 11 of the UC Terms and Conditions. (Response Type : Drop Down) Weight 5% Mandatory Yes Supplier Attachments Not Allowed Evaluation Type Score 275 of 1132 280 Current Stage Reference: Attachments : Responses Options : Yes Score : 5 No Score : 1 Q3. Please confirm your company's commitment to comply with Article 22 - Sustainable Procurement Guidelines of the UC Terms and Conditions which states in part: Supplier will conduct business using environmentally, socially, and economically sustainable products and services (defined as products and services with a lesser or reduced effect on human health and the environment, and which generate benefits to the University as well as to society and the economy, while remaining within the carrying capacity of the environment), to the maximum possible extent consistent with the Agreement, and with the University of California Sustainable Practices Policy (https://policy.ucop.edu/doc/3100155) and the University of California Sustainable Procurement Guidelines: https://www.ucop.edu/procurement- services/_files/sustainableprocurementguidelines.pdf. A copy of both are attached. (Response Type : Single Answer) Weight 25% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: Attachments : sustainableprocurementguidelines.pdf Sustainable Practices Policy.pdf Responses Options : Yes Score : 5 No Score : 1 Q4. For each proposed device, Proposer must provide that the device's EPEAT rating (Gold, Siler, Bronze) along with the epeat recorded options score on the specifications Tabs of the Pricing Attachments 1 and 2. Each proposed devide must have achieved a minimum EPEAT Rating of Bronze. Please confirm if all of your proposed products are at minimum EPEAT rating of Bronze. (Response Type : Single Answer) Weight 0% Mandatory Yes Supplier Attachments Allowed Evaluation Type Acceptable or Unacceptable Current Stage Reference: Attachments : Responses Options : Yes No 276 of 1132 281 Q5. Describe the takeback process for toner cartridges and other consumables, including any specifics about disposition and any associated additional costs. If you have no program in place, advise when your company intends to implement and end of life product take back program and the timeline for doing so? (Response Type : Multi Line Text) Weight 13.75% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: Attachments : Q6. Describe the process by which the company uses minimal packaging materials and processes by which your company arranges for packaging taken back for resuse? (Response Type : Multi Line Text) Weight 13.75% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: Attachments : Q7. Describe the process by which devices can be taken back by your company at the end of their useful life for remanufacturing, refurbishing, or recycling of parts. For MFDs and Laser Printers, Supplier must take back devices at the end of their useful life and comply with UC Policy on Institutional information destruction as described in Appendix DS, at no cost, and at UC discretion. (Response Type : Multi Line Text) Weight 13.75% Mandatory Yes Supplier Attachments Allowed Evaluation Type Score Current Stage Reference: Attachments : Q8. All proposed devices shall able to use recycled content papers up to and including 100% Post Consumer Waste (PCW) paper with high reliability, as long as the paper in use meets standard paper categories (e.g. copy, laser, or multi-purpose paper). Full duplexing using up to and including 100% PCW paper shall be guaranteed by the manufacturer to reliably accomplish 100% duplexing. Recycled paper PCW content cannot be faulted by the vendor’s service personnel for equipment malfunctions. Should a condition arise in which paper is suspect in underperformance in a significant number of devices using the same paper or same paper batch numbers, further testing may be coordinated by a UC designated official with the awarded vendor to test and determine the appropriate resolution. Please confirm your company's committment to comply. (Response Type : Single Line Text) Weight Mandatory Supplier Attachments Evaluation Type 277 of 1132 282 13.75%Yes Allowed Score Current Stage Reference: Attachments : Q9. Please confirm your company's commitment to comply with Article 12 - Equal Opportunity Affimative Action of the UC Terms and Conditions which states:Supplier will abide by the requirements set forth in Executive Orders 11246 and 11375. Where applicable, Supplier will abide by 41 CFR §§ 60-1.4(a), 60-300.5(a) and 60-741.5(a), incorporated by reference with this statement: “This contractor and subcontractor shall abide by the requirements of 41 CFR §§ 60-1.4(a), 60- 300.5(a) and 60-741.5(a). These regulations prohibit discrimination against qualifiedindividuals based on their status as protected veterans or individuals with disabilities, and prohibit discrimination against allindividuals based on their race, color, religion, sex, sexual orientation, gender identity, or national origin. Moreover, these regulationsrequire that covered prime contractors and subcontractors take affirmative action to employ and advance in employment individualswithout regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status or disability.”With respect to activities occurring in the State of California, Supplier agrees to adhere to the California Fair Employment and HousingAct. Supplier will provide UC on request a breakdown of its labor force by groups as specified by UC, and will discuss with UC its policiesand practices relating to its affirmative action programs. Supplier will not maintain or provide facilities for employees at any establishment under its control that are segregated on a basis prohibited by federal law. Separate or single-user restrooms and necessary dressing or sleeping areas must be provided, however, to ensure privacy. (Response Type : Drop Down) Weight 5% Mandatory Yes Supplier Attachments Not Allowed Evaluation Type Score Current Stage Reference: Attachments : Responses Options : Yes Score : 5 No Score : 1 278 of 1132 283 PRICING 1). All quotes include shipping and delivery (All products) and installation (All equipment). (1) Equipment Specifications Note: lease rates are based on fully configured models, tabs (3) B&W and (4) color, row 99. (2) Accessories Pricing (3) B&W Pricing (4) Color Pricing C). Please note there are dropdown lists available for input in (1) Equipment Specifications for EPEAT Certification. The MSRP columns of (3) B&W and (4) Color provide an actual price or an included option of Required Features. PREREQUISITES & DEFINITIONS INSTRUCTIONS A). The Excel pricing matrix workbook auto-fills several values across multiple sheets to reduce data input errors and redundancy. Proposers should populate the worksheets sequentially begining with: B) Model numbers, speeds, capacities that are being requested in Column A must be provided in the column(s) preceding MSRP for each model being offered (Tabs 2,3, and 4). 2). Pricing must utilize the same pricing structure as was used for other devices falling into the same product category. The pricing structure will be dictated by the purchase price determined from the discount from Manufacturer Suggested Retail Price (MSRP) and other specified discounts listed in this RFP. Lease pricing will be dictated by the quoted leasing rates applied to the purchase price. Such additions and deletions must be approved by the UC contract administrator or their designee. MSRP - Is defined as the product sales price list published in some form by the manufacturer or publisher of a product and available to and recognized by the trade. 279 of 1132 284 Bidders Multifunctional Specs and information; list by device proposed Enter company name in yellow cell (below) B/W Required Optional Optional B/W Required Optional B/W Required Optional B/W Required Optional B/W Required Model # Manufacture Date (example 4/08/2014) Max Monthly Duty Cycle Recommended Monthly Volume FCT Multicopy LTR/LGL/LGR Standard Paper sources Standard Paper Capacities Paper Weights Max Paper sources Max Paper Capacity Max Original Size Output size Min/Max Copy Resolution Sys Memory Std /Max RADF or DSPF ( specify) OPTIONAL FINISHER A # trays tray capacities # staple sheets # staple positions OPTIONAL FINISHER B # trays tray capacities # staple sheets # staple positons FEATURES Book copy Booklet mode Covers Energy Save DESKTOP (20 + ppm)CATEGORY 2 (20 -30 ppm)CATEGORY 3 (31 -40 ppm)CATEGORY 4A (41 - 50 ppm) CATEGORY 4 MONOCHROME Green cells are Required.Fill in your product specifications in these cells.Blue cells are optional . Fill in your product specifications in these cells. For absolute answer items, indicate with a Y (Yes) or N (No). (ex. Mac OS? = Y) All others please describe. 280 of 1132 285 Erase Image insert Image overlay Image repeat Image Rotate Interrupt Job Build Job programs Language Photo mode ADDITIONAL INFORMATION Dimensions HxWxD Max Power consumption Dedicated outlet required Energy Star Compliant MULTIFUNCTIONAL MODES Copier Network Printer Printer Fax Network Fax PC Fax Scanner USB - files supported OP SYSTEM SUPPORT Server 2008 Server 2012 Server 2016 Windows 10.0 and higher Macintosh OSX 10.13 and higher iOS 11.0 and higher Android OS 8.0 and higher Linix, Unix, Citrix , (Other describe) FAX Scanner technology Compression method(s) Modem Speed Max TX Resoluton Grayscale /Halftones STD/Max Fax memory Min/Max Original size (W x L ) Max paper print size Effective scanning gwidth 281 of 1132 286 Correct order output Batch files Battery Back up Confidential RX/TX Dual lines option Polling Relay request Smoothing Broadcast groups Redail One touch Speed dial PRINTER SPECS PC/Mac compatiblity Speed in ppm (B&W/Color) Enhanced resolution Unenhanced Resolution Std/Max Printer memory Processor MHZ PCL 5e/6; Adobe Postscript 3 SCANNER AND IMAGE MANAGEMENT Sensor technology type /speed in imp Max resolution Twain compatible Email Internet fax FTP LDAP Support Supported file formats Network Accounting JPEG PDF, PDF/A, TIFF , others (list) SCAN -IMAGE SOFTWARE OCR software File management software Image overwrite software Other features EPEAT RATINGS (Select from List level achieved Bronze, Silver or Gold in this row ) Bronze Registration date (example 04/8/2013) Total Optional Points , example 2/7 4.1 Reduction/elimination of environmentally sensitive materials 4.2 Materials selection 4.3 Design for end of life 4.4 Product longevity cycle extension 4.5 Energy conservation 4.6 End of life management 4.7 Corporate performance 4.8 Packaging 4.9 Consumables 4.10 Indoor air quality 282 of 1132 287 Optional B/W Required Optional Color Required Optional Color Required Optional Color Required Optional Color Required Optional Color Required COLOR MULTIFUNCTIONAL DEVICES B (51 -60 ppm) CATEGORY 5 (61 - 90 ppm)DESKTOP (20 + ppm)CATEGORY 2 (20 -30 ppm)CATEGORY 3 (31 -40 ppm)CATEGORY 4A (41 - 50 ppm) CATEGORY 4 Green cells are Required.Fill in your product specifications in these cells. Blue cells are opt product specifica 283 of 1132 288 Optional Color Required Optional B (51 -60 ppm) CATEGORY 5 (61 - 90 ppm) tional.Fill in your ations in these cells. 284 of 1132 289 0 Model # UC %UC %UC %UC %UC %UC Net Price Discount Net Price Discount Net Price Discount Net Price Discount Net Price Discount Net Price PRICING: BASE MFD Engine -$ -$ -$ -$ -$ -$ OPTIONAL FEATURES PRICING Paper Handling/Feeding Base/Cabinet -$ -$ -$ -$ -$ -$ Additional Paper drawer (A) ( list capacity) -$ -$ -$ -$ -$ -$ Additional Paper drawer (B) (list capacity)-$ -$ -$ -$ -$ -$ Large Capacity Paper Feed Tray/Cab (A) (list capacity here)-$ -$ -$ -$ -$ -$ Large Capacity Paper Feed Tray/Cab (B) (list capacity here)-$ -$ -$ -$ -$ -$ other ( describe here) -$ -$ -$ -$ -$ -$ other ( describe here) -$ -$ -$ -$ -$ -$ other ( describe here) -$ -$ -$ -$ -$ -$ Print/Scan/Fax Network Connectivity kit -$ -$ -$ -$ -$ -$ Print Controller -$ -$ -$ -$ -$ -$ Postscript Print Kit -$ -$ -$ -$ -$ -$ Hard Drive -$ -$ -$ -$ -$ -$ Facsimile Walkup -$ -$ -$ -$ -$ -$ Facsimile LAN -$ -$ -$ -$ -$ -$ Scan to Email -$ -$ -$ -$ -$ -$ Scan to Device Folder -$ -$ -$ -$ -$ -$ Scan to Network -$ -$ -$ -$ -$ -$ Color Scanning -$ -$ -$ -$ -$ -$ Scan to USB -$ -$ -$ -$ -$ -$ Print from USB -$ -$ -$ -$ -$ -$ Mobile Printing access -$ -$ -$ -$ -$ -$ other ( describe here) -$ -$ -$ -$ -$ -$ other ( describe here) -$ -$ -$ -$ -$ -$ ADA ACCESSABILITY Audible interface/voice guidance -$ -$ -$ -$ -$ -$ Extendable, tilt keyboard -$ -$ -$ -$ -$ -$ Braille enablement /labelling -$ -$ -$ -$ -$ -$ Remote operation software kit -$ -$ -$ -$ -$ -$ Remote footswitch -$ -$ -$ -$ -$ -$ Voice Control -$ -$ -$ -$ -$ -$ other ( describe here) -$ -$ -$ -$ -$ -$ other ( describe here) -$ -$ -$ -$ -$ -$ CONNECTIVITY /SECURITY Hard drive security -$ -$ -$ -$ -$ -$ Network security -$ -$ -$ -$ -$ -$ Secure print -$ -$ -$ -$ -$ -$ Image overwriting (scheduled) Image overwriting (on demand)-$ -$ -$ -$ -$ -$ Foreign Interface Kit -$ -$ -$ -$ -$ -$ SOFTWARE/WORKFLOW OPTIONS Advanced Scanning Software 10 licenses -$ -$ -$ -$ -$ -$ MFG's Integrated Print/Copy Accounting -$ -$ -$ -$ -$ -$ MS Sharepoint Connector Server editon -$ -$ -$ -$ -$ -$ Other ECM system connectors Server Edition -$ -$ -$ -$ -$ -$ OCR -$ -$ -$ -$ -$ -$ Integration license to Kofax, OnBase, or other imaging/scanning software -$ -$ -$ -$ -$ -$ others (list on separate sheet in same format) -$ -$ -$ -$ -$ -$ others (list on separate sheet in same format) -$ -$ -$ -$ -$ -$ Description 0 RFP Attachment / Pricing Schedule MSRP MSRP MSRP MSRP B/W Required Optional Optional 0 0 0 0 B/W Required 0 B/W Required Optional MSRP MSRP DESKTOP (20 + ppm)CATEGORY 2 (20 -30 ppm) Green cells are Required . Fill in your accessories pricing in these cells. Blue cells are optional . Fill in your accessories p 285 of 1132 290 FINISHING Basic Office Finisher or Offset Finisher/Stapler w/o stapling -$ -$ -$ -$ -$ -$ Basic Office Finisher or Offset Finisher/Stapler w/ stapling -$ -$ -$ -$ -$ -$ Three Hole Punch Kit -$ -$ -$ -$ -$ -$ Advanced Finisher(A)- multi-posItion staple, hole punch, fold -$ -$ -$ -$ -$ -$ Advanced Finisher(B)- multi-posItion staple, hole punch, fold, or other -$ -$ -$ -$ -$ -$ Tandem Finisher and Connector Kit -$ -$ -$ -$ -$ -$ Decurl kit -$ -$ -$ -$ -$ -$ other ( describe here) -$ -$ -$ -$ -$ -$ other ( describe here) -$ -$ -$ -$ -$ -$ Service and Supplies (PURCHASES & LEASES) Option 1: CPC - NO VOLUME ALLOWANCE OR RESTRICTIONS Cost Per Copy - Monochrome (No volume restrictions)-$ -$ -$ -$ -$ -$ Cost Per Copy - Color (No volume restrictions)-$ -$ -$ -$ -$ -$ Option 2: CPC WITH VOLUME ALLOWANCE Monthly Minimum Charge -$ -$ -$ -$ -$ -$ Monthly volume Allowance - Monochrome (List vol) Cost Per Copy - Monochrome overage -$ -$ -$ -$ -$ -$ Monthly volume Allowance - Color (List vol) Cost Per Copy - Color overage -$ -$ -$ -$ -$ -$ LEASING RATES LEASE TYPE FMV $1 Buyout FMV $1 Buyout FMV $1 Buyout FMV $1 Buyout FMV $1 Buyout FMV $1 Buyout 60 months 48 months 36 months PMT/Mo.PMT/Mo.PMT/Mo.PMT/Mo.PMT/Mo.PMT/Mo. Enter lease rates based on fully configured models (B&W and Color pricing tabs, row 99). Enter CPC rates based on fully configured models in B&W and Color pricing tabs (ex. config has staple finisher, inc in CPC price). 286 of 1132 291 "'' " u - ■ ■ ■ ■ -\ \ \ \ %UC %UC %UC Discount Net Price Discount Net Price Discount Net Price -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ MSRP CATEGORY 4A (41 - 50 ppm) MONOCHROME Optional 0 B/W Required Optional 0 CATEGORY 3 (31 -40 ppm) MSRP 0 MSRP pricing in these cells. 287 of 1132 292 -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ FMV $1 Buyout FMV $1 Buyout FMV $1 Buyout PMT/Mo.PMT/Mo.PMT/Mo. 288 of 1132 293 %UC %UC %UC %UC %UC %UC % Discount Net Price Discount Net Price Discount Net Price Discount Net Price Discount Net Price Discount Net Price Discount -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ MULTIFUNCTION DEVICES MSRP MSRP MSRP 0 0 DESKTOP (20 + ppm) Color Required Optional B/W Required 0 MSRP CATEGORY 4B (51 -60 ppm) CATEGORY 5 (61 - 90 ppm) 0 0 MSRP Optional MSRP Optional B/W Required 0 MSRP 289 of 1132 294 -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ FMV $1 Buyout FMV $1 Buyout FMV $1 Buyout FMV $1 Buyout FMV $1 Buyout FMV $1 Buyout FMV PMT/Mo.PMT/Mo.PMT/Mo.PMT/Mo.PMT/Mo.PMT/Mo.PMT 290 of 1132 295 UC %UC %UC %UC % Net Price Discount Net Price Discount Net Price Discount Net Price Discount -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ MSRP MSRPMSRP 0 0 0 0 COL CATEGORY 2 (20 -30 ppm)CATEGORY 3 (31 -40 ppm) Color Required Optional Color Required Optional 291 of 1132 296 -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ $1 Buyout FMV $1 Buyout FMV $1 Buyout FMV $1 Buyout PMT/Mo.T/Mo.PMT/Mo.PMT/Mo. 292 of 1132 297 UC %UC %UC %UC %UC %UC % Net Price Discount Net Price Discount Net Price Discount Net Price Discount Net Price Discount Net Price Discount -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ MSRP MSRP MSRP MSRP Color Required Optional 0 0 0 MSRP MSRP LOR CATEGORY 4A (41 - 50 ppm) CATEGORY 4B (51 -60 ppm) CATEGORY 5 (61 - 90 ppm) 0 Color Required Optional Color Required Optional 0 0 Green cells are Required . Fill in your accessories pricing in these cells. Blue cells are optional. Fill in your accessories pricing in these cells. 293 of 1132 298 -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ FMV $1 Buyout FMV $1 Buyout FMV $1 Buyout FMV $1 Buyout FMV $1 Buyout FMV $1 Buyout PMT/Mo.PMT/Mo.PMT/Mo.PMT/Mo.PMT/Mo.PMT/Mo. 294 of 1132 299 I I J I J ± •f------+---• ± .f------+-----------j•-I -f------+---• 0 Coordinate the left category header with the top category header and populate the cells for each PPM grouping. Model number, speed, capacities, details Model number, speed, capacities, details Model number, speed, capacities, details Model #0 0 0 PPM Speed 0 MSRP UC Net Price % Discount 0 MSRP UC Net Price % Discount 0 MSRP UC Net Price % Discount BASE MFD Engine -$ -$ 0.00%-$ -$ 0.00%-$ -$ 0.00% REQUIRED FEATURES PRICING ( if included, note in MSRP column) DESKTOP (20 + ppm) Control panel -$ -$ -$ ADF or RADF -$ -$ -$ Auto Duplex -$ -$ -$ Minimum ( 1) 250 sheet paper drawer (list capacity)-$ -$ -$ 2nd drawer if included (list capacity) -$ -$ -$ Bypass tray -$ -$ -$ Network Connectiivty -$ -$ -$ Print -$ -$ -$ Scan inc.-$ -$ Max original and output page size 8.5 " x 14" -$ -$ -$ System memory minimum 512 MB (list included memory size) -$ -$ -$ CATEGORY 2 (20 -30 ppm)-$ -$ -$ Control panel -$ -$ -$ ADF, RADF or DSPF 50 sheet minimum (list capacity) -$ -$ -$ Auto Duplex -$ -$ -$ Minimum ( 1) 250 sheet paper drawer (list capacity)-$ -$ -$ 2nd drawer min 250 sheets (list capacity) -$ -$ -$ Bypass tray (list capacity)-$ -$ -$ AES, AMS, APS, ATS,AS , Margin Shift -$ -$ -$ Network Connectiivty -$ -$ -$ Print -$ -$ -$ Scan -$ -$ -$ System memory Min 1 GB (list included memory size) -$ -$ -$ Max original and output size 8.5" x 14 "-$ -$ -$ Standard Offset stacker/finisher -$ -$ -$ CATEGORY 3 (31 -40 ppm)-$ -$ -$ Control panel -$ -$ -$ RADF or DSPF 50 sheet minimum (list capacity )-$ -$ -$ Auto Duplex (1:2/2:2/2:1)-$ -$ -$ Minimum 1,150 sheet paper capacity -$ -$ -$ Minimum ( 2) paper drawers, min 1 adjustable (list cap for each included ) -$ -$ -$ 3rd drawer if included (list capacity) -$ -$ -$ Bypass tray min 50 sheets (list capacity) -$ -$ -$ Max original size and output size 11" x 17" -$ -$ -$ AES, AMS, APS, ATS,AS , Margin Shift -$ -$ -$ Network connectivity -$ -$ -$ Print -$ -$ -$ Scan to email, folder, PC, network -$ -$ -$ System memory Min 1 GB (list included memory size) -$ -$ -$ Hard Drive ( list standard included size ) -$ -$ -$ Internal or external min 30 page staple/finisher, 500 sheet cap ( list capacity) -$ -$ -$ CATEGORY 4A (41 - 50 ppm)-$ -$ -$ Control panel -$ -$ -$ RADF or DSPF 100 sheet minimum. At least 40 ppm (list capacity/speed )-$ -$ -$ Auto Duplex (1:2/2:2/2:1)-$ -$ -$ Miniimum 1,500 sheet capacity , including minimum three drawers (list cap) -$ -$ -$ DESKTOP (20 + ppm) Purchase Purchase Purchase B&W - Configured System Price Sheet B/W Required Optional Optional Green cells are Required configurations. Fill in Blue cells are optional configurations. Fill in your product pricing in these cells.Required features vary by PPM category. 295 of 1132 300 Minimum ( 2) drawers adjustable for legal, ledger -$ -$ -$ 4th paper drawer , if included (list capacity) -$ -$ -$ Stackable Bypass tray min 50 sheets (list capacity) -$ -$ -$ Original and output size to at least 11" x 17" -$ -$ -$ AES, AMS, APS, ATS,AS , Margin Shift -$ -$ -$ Network connectivity -$ -$ -$ Print and Secure Print -$ -$ -$ Scan to email. PC, Folder -$ -$ -$ System memory Minimum 1 GB (list memory size included) -$ -$ -$ Hard Drive Minimum 150 GB (list hard drive size included)-$ -$ -$ Standard staple stacker/finisher, 50 page min, (list capacity) -$ -$ -$ CATEGORY 4B (51 -60 ppm)-$ -$ -$ Control panel -$ -$ -$ RADF or DSPF 100 sheet minimum (list capacity )-$ -$ -$ Auto Duplex (1:2/2:2/2:1)-$ -$ -$ Miniimum 1,750 sheet capacity , including minimum three drawers (list cap) -$ -$ -$ Minimum ( 2) drawers adjustable for legal, ledger -$ -$ -$ 4th paper drawer , if included (list capacity) -$ -$ -$ Stackable Bypass tray min 50 sheets (list capacity) -$ -$ -$ Original and output size to at least 11" x 17" -$ -$ -$ AES, AMS, APS, ATS,AS , Auto Color, Margin Shift -$ -$ -$ Network connectivity -$ -$ -$ Print and Secure Print -$ -$ -$ Scan to email. PC, Folder -$ -$ -$ System memory Minimum 1 GB (List included memory size) -$ -$ -$ Hard Drive Minimum 150 GB ( list included Hard drive size) -$ -$ -$ Min 50 Sheet stapling finisher (list capacity) -$ -$ -$ CATEGORY 5 (61 - 90 ppm)-$ -$ -$ Control panel -$ -$ -$ RADF or DSPF at least 60 ppm, 150 sheet minimum (list capacity )-$ -$ -$ Auto Duplex -$ -$ -$ Miniimum 3,500 sheet capacity , including minimum three drawers (list cap) -$ -$ -$ Minimum ( 2) drawers adjustable for legal, ledger -$ -$ -$ Large Capacity drawer , if included (list capacity) -$ -$ -$ Stackable bypass tray (list capacity) -$ -$ -$ Original and output size to at least 11" x 17" -$ -$ -$ AES, AMS, APS, ATS,AS , Margin Shift -$ -$ -$ Network Connectivity -$ -$ -$ Print and Secure Print -$ -$ -$ Scan to email. PC, Folder -$ -$ -$ System memory Minimum 1 GB -$ -$ -$ Hard Drive Minimum 150 GB -$ -$ -$ Min 50 Sheet stapling finisher, capacity 500 sheets (list capacity) -$ -$ -$ Configured Price -$ -$ #DIV/0!-$ -$ #DIV/0!-$ -$ #DIV/0! LEASING RATES LEASE TYPE FMV $1 Buyout Purchase FMV $1 Buyout Purchase FMV $1 Buyout Purchase 60 months -$ -$ -$ -$ -$ -$ 48 months -$ -$ -$ -$ -$ -$ 36 months -$ -$ -$ -$ -$ -$ RESIDUAL VALUES Purchase (5-Yr. Trade-In) 60 months 48 months 36 months Service and Supplies (PURCHASES & LEASES) CPC - NO VOLUME ALLOWANCE OR RESTRICTIONS Cost Per Copy - Monochrome (No volume restrictions)-$ -$ 0.00%-$ -$ 0.00%-$ -$ 0.00% Cost Per Copy - Color (No volume restrictions)-$ -$ 0.00%-$ -$ 0.00%-$ -$ 0.00% CPC - WITH VOLUME ALLOWANCE Monthly Minimum Charge -$ -$ 0.00%-$ -$ 0.00%-$ -$ 0.00% Monthly volume Allowance - Monochrome (List vol) - - - Cost Per Copy - Monochrome overage -$ -$ 0.00%-$ -$ 0.00%-$ -$ 0.00% Monthly volume Allowance - Color (List vol)- - - Cost Per Copy - Color overage -$ -$ 0.00%-$ -$ 0.00%-$ -$ 0.00% Sample monthly Monochrome volume (for UC TCO's calculations only) 600 600 600 Sample monthly Color volume (for UC TCO's calculations only) NA NA NA PMT/Mo.PMT/Mo.PMT/Mo. 296 of 1132 301 Model number, speed, capacities, details Model number, speed, capacities, details Model number, speed, capacities, details Model number, speed, capacities, details 0 0 0 0 0 MSRP UC Net Price % Discount 0 MSRP UC Net Price % Discount 0 MSRP UC Net Price % Discount 0 MSRP UC Net Price -$ -$ 0.00%-$ -$ 0.00%-$ -$ 0.00%-$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ 0 $ - -$ -$ 0 $ - -$ -$ 0 $ - -$ -$ 0 $ - -$ -$ 0 $ - -$ -$ 0 $ - -$ -$ 0 $ - -$ -$ 0 $ - -$ -$ 0 $ - -$ -$ 0 $ - -$ -$ 0 $ - -$ -$ 0 $ - -$ -$ 0 $ - -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ MONOCHROME MULTIFUNCTION DEVICES CATEGORY 2 (20 -30 ppm)CATEGORY 3 (31 -40 ppm) Purchase Purchase Purchase Purchase Optional B/W Required B/W Required Optional 297 of 1132 302 -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ #DIV/0!-$ -$ #DIV/0!-$ -$ #DIV/0!-$ -$ FMV $1 Buyout Purchase FMV $1 Buyout Purchase FMV $1 Buyout Purchase FMV $1 Buyout -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ 0.00%-$ -$ 0.00%-$ -$ 0.00%-$ -$ -$ -$ 0.00%-$ -$ 0.00%-$ -$ 0.00%-$ -$ -$ -$ 0.00%-$ -$ 0.00%-$ -$ 0.00%-$ -$ - - - - -$ -$ 0.00%-$ -$ 0.00%-$ -$ 0.00%-$ -$ - - - - -$ -$ 0.00%-$ -$ 0.00%-$ -$ 0.00%-$ -$ 700 700 1,900 1,900 NA NA NA NA PMT/Mo.PMT/Mo.PMT/Mo.PMT/Mo. 298 of 1132 303 Model number, speed, capacities, details Model number, speed, capacities, details Model number, speed, capacities, details Model number, speed, capacities, details 0 0 0 0 % Discount 0 MSRP UC Net Price % Discount 0 MSRP UC Net Price % Discount 0 MSRP UC Net Price % Discount 0 MSRP 0.00%-$ -$ 0.00%-$ -$ 0.00%-$ -$ 0.00%-$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - -$ -$ -$ $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ CATEGORY 4A (41 - 50 ppm) CATEGORY 4B (51 -60 ppm) PurchasePurchasePurchase B/W Required Optional B/W Required Green cells are Required configurations. Fill in your product pricing in these cells.Blue cells are optional configurations. Fill in your product pricing in these cells. 299 of 1132 304 -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ #DIV/0!-$ -$ #DIV/0!-$ -$ #DIV/0!-$ -$ #DIV/0!-$ Purchase FMV $1 Buyout Purchase FMV $1 Buyout Purchase FMV $1 Buyout Purchase FMV -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ 0.00%-$ -$ 0.00%-$ -$ 0.00%-$ -$ 0.00%-$ 0.00%-$ -$ 0.00%-$ -$ 0.00%-$ -$ 0.00%-$ 0.00%-$ -$ 0.00%-$ -$ 0.00%-$ -$ 0.00%-$ - - - - 0.00%-$ -$ 0.00%-$ -$ 0.00%-$ -$ 0.00%-$ - - - - 0.00%-$ -$ 0.00%-$ -$ 0.00%-$ -$ 0.00%-$ 2,400 2,400 9,400 NA NA NA PMT/Mo.PMT/Mo.PMT/Mo.PMT 300 of 1132 305 -= ----= -= -= ----- Model number, speed, capacities, details Model number, speed, capacities, details 0 0 UC Net Price % Discount 0 MSRP UC Net Price % Discount 0 MSRP UC Net Price % Discount -$ 0.00%-$ -$ 0.00%-$ -$ 0.00% -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ $ - $ - -$ $ - $ - -$ $ - $ - -$ $ - $ - -$ $ - $ - -$ $ - $ - -$ $ - $ - -$ $ - $ - -$ $ - $ - -$ $ - $ - -$ $ - $ - -$ $ - $ - -$ $ - $ - -$ -$ -$ $ - $ - -$ $ - $ - -$ $ - $ - -$ $ - $ - -$ $ - $ - -$ $ - $ - -$ $ - $ - -$ $ - $ - -$ $ - $ - -$ $ - $ - -$ $ - $ - -$ $ - $ - -$ $ - $ - -$ $ - $ - -$ $ - $ - -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ CATEGORY 5 (61 - 90 ppm) PurchasePurchase Purchase Optional Optional B/W Required 301 of 1132 306 -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ #DIV/0!-$ -$ #DIV/0!-$ -$ #DIV/0! $1 Buyout Purchase FMV $1 Buyout Purchase FMV $1 Buyout Purchase -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ 0.00%-$ -$ 0.00%-$ -$ 0.00% -$ 0.00%-$ -$ 0.00%-$ -$ 0.00% -$ 0.00%-$ -$ 0.00%-$ -$ 0.00% - - -$ 0.00%-$ -$ 0.00%-$ -$ 0.00% - - -$ 0.00%-$ -$ 0.00%-$ -$ 0.00% 9,400 10,000 10,000 NA NA NA PMT/Mo.T/Mo.PMT/Mo. 302 of 1132 307 -= -= 0 Coordinate the left category header with the top category header and populate the cells for each PPM grouping. Model number, speed, capacities, details Model number, speed, capacities, details Model number, speed, capacities, details Model #0 0 0 PPM Speed 0 MSRP UC Net Price % Discount 0 MSRP UC Net Price % Discount 0 BASE MFD Engine -$ -$ 0.00%-$ -$ -$ REQUIRED FEATURES PRICING ( if included, select dropdown in MSRP column) DESKTOP (20 + ppm) Control panel -$ -$ ADF or RADF -$ -$ Auto Duplex -$ -$ Minimum ( 1) 250 sheet paper drawer (list capacity)-$ -$ 2nd drawer if included (list capacity) -$ -$ Bypass tray -$ -$ Network Connectiivty -$ -$ Print -$ -$ Scan -$ -$ Max original and output page size 8.5 " x 14" -$ -$ System memory minimum 512 MB (list included memory size) -$ -$ CATEGORY 2 (20 -30 ppm) Control panel -$ -$ ADF, RADF or DSPF 50 sheet minimum (list capacity) -$ -$ Auto Duplex -$ -$ Minimum ( 1) 250 sheet paper drawer (list capacity)-$ -$ 2nd drawer min 250 sheets (list capacity) -$ -$ Bypass tray (list capacity)-$ -$ Network Connectiivty -$ -$ Print -$ -$ Scan -$ -$ Max original and output size 8.5" x 14 "-$ -$ System memory Min 1 GB (list included memory size) -$ -$ AES, AMS, APS, ATS,AS , Margin Shift -$ -$ Standard Offset stacker/finisher -$ -$ CATEGORY 3 (31 -40 ppm) Control panel -$ -$ RADF or DSPF 50 sheet minimum (list capacity )-$ -$ Auto Duplex (1:2/2:2/2:1)-$ -$ Minimum 1,150 sheet paper capacity -$ -$ Minimum ( 2) paper drawers, min 1 adjustable (list cap for each included ) -$ -$ Bypass tray min 50 sheets (list capacity) -$ -$ 3rd drawer if included (list capacity) -$ -$ Network connectivity -$ -$ Print -$ -$ Scan to email, folder, PC, network -$ -$ Original and output size to at least 11" x 17" -$ -$ System memory Min 1 GB (list included memory size) -$ -$ AES, AMS, APS, ATS,AS , Margin Shift , Auto Color Detection -$ -$ Hard Drive ( list size if included) -$ -$ Standard staple stacker/finisher, 30 page min, (list capacity) -$ -$ CATEGORY 4A (41 - 50 ppm) Control panel -$ -$ RADF or DSPF 100 sheet minimum (list capacity )-$ -$ Auto Duplex (1:2/2:2/2:1)-$ -$ COLOR - Configured System Price Sheet Color Required Optional Purchase Purchase DESKTOP (20 + ppm) Green cells are Required configurations. Fill in your product pricing in these cells.Blue cells are optional configurations. Fill in yo Required features vary by PPM category. 303 of 1132 308 Minimum 1,750 sheet capacity , including minimum three drawers (list cap) -$ -$ Minimum ( 2) drawers adjustable for legal, ledger -$ -$ Stackable Bypass tray min 50 sheets (list capacity) -$ -$ 4th paper drawer , if included (list capacity) -$ -$ Network connectivity -$ -$ Print and Secure Print -$ -$ Scan to email. PC, Folder -$ -$ Original and output size to at least 11" x 17" -$ -$ System memory Minimum 1 GB (List included memory size) -$ -$ AES, AMS, APS, ATS,AS , Margin Shift , Auto Color detection -$ -$ Hard Drive Minimum 150 GB ( list included Hard drive size) -$ -$ Standard staple stacker/finisher, 50 page min, (list capacity) -$ -$ CATEGORY 4B (51 -60 ppm) Control panel -$ -$ RADF or DSPF 100 sheet minimum (list capacity )-$ -$ Auto Duplex (1:2/2:2/2:1)-$ -$ Miniimum 1,500 sheet capacity , including minimum three drawers (list cap) -$ -$ Minimum ( 2) drawers adjustable for legal, ledger -$ -$ Stackable Bypass tray min 50 sheets (list capacity) -$ -$ 4th paper drawer , if included (list capacity) -$ -$ Network connectivity -$ -$ Print and Secure Print -$ -$ Scan to email. PC, Folder -$ -$ Original and output size to at least 11" x 17" -$ -$ System memory Minimum 1 GB (List included memory size) -$ -$ AES, AMS, APS, ATS,AS , Auto Color, Margin Shift -$ -$ Hard Drive Minimum 150 GB ( list included Hard drive size) -$ -$ Min 50 Sheet stapling finisher (list capacity) -$ -$ CATEGORY 5 (61 - 90 ppm) Control panel -$ -$ RADF or DSPF at least 60 ppm, 150 sheet minimum (list capacity )-$ -$ Auto Duplex -$ -$ Miniimum 3,500 sheet capacity , including minimum three drawers (list cap) -$ -$ Minimum ( 2) drawers adjustable for legal, ledger -$ -$ Stackable bypass tray (list capacity) -$ -$ Large Capacity drawer , if included (list capacity) -$ -$ Network Connectivity -$ -$ Print and Secure Print -$ -$ Scan to email. PC, Folder -$ -$ Original and output size to at least 11" x 17" -$ -$ System memory Minimum 1 GB -$ -$ AES, AMS, APS, ATS,AS , Margin Shift -$ -$ Hard Drive Minimum 150 GB -$ -$ Min 50 Sheet stapling finisher, capacity 500 sheets (list capacity) -$ -$ Configured Price -$ -$ #DIV/0!-$ -$ #DIV/0! LEASING RATES LEASE TYPE FMV $1 Buyout Purchase FMV $1 Buyout Purchase 60 months -$ -$ -$ -$ 48 months -$ -$ -$ -$ 36 months -$ -$ -$ -$ RESIDUAL VALUES Purchase (5-Yr. Trade-In) 60 months 48 months 36 months Service and Supplies (PURCHASES & LEASES) PMT/Mo.PMT/Mo. 304 of 1132 309 CPC - NO VOLUME ALLOWANCE OR RESTRICTIONS Cost Per Copy - Monochrome (No volume restrictions)-$ -$ 0.00%-$ -$ 0.00% Cost Per Copy - Color (No volume restrictions)-$ -$ 0.00%-$ -$ 0.00% CPC - WITH VOLUME ALLOWANCE Monthly Minimum Charge -$ -$ 0.00%-$ -$ 0.00% Monthly volume Allowance - Monochrome (List vol) - - Cost Per Copy - Monochrome overage -$ -$ 0.00%-$ -$ 0.00% Monthly volume Allowance - Color (List vol)- - Cost Per Copy - Color overage -$ -$ 0.00%-$ -$ 0.00% Sample monthly Monochrome volume (for UC TCO's calculations only) 700 700 Sample monthly Color volume (for UC TCO's calculations only) 300 300 305 of 1132 310 Model number, speed, capacities, details Model number, speed, capacities, details Model number, speed, capacities, details 0 0 0 MSRP UC Net Price % Discount 0 MSRP UC Net Price % Discount 0 MSRP UC Net Price % Discount 0 -$ -$ 0.00%-$ -$ 0.00%-$ -$ 0.00% -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ CATEGORY 2 (20 -30 ppm)CATEGORY 3 (31 -40 ppm) Color Required Optional Color Required Purchase Purchase Purchase our product pricing in these cells. 306 of 1132 311 -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ #DIV/0!-$ -$ #DIV/0!-$ -$ #DIV/0! FMV $1 Buyout Purchase FMV $1 Buyout Purchase FMV $1 Buyout Purchase -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ PMT/Mo.PMT/Mo.PMT/Mo. 307 of 1132 312 -$ -$ 0.00%-$ -$ 0.00%-$ -$ 0.00% -$ -$ 0.00%-$ -$ 0.00%-$ -$ 0.00% -$ -$ 0.00%-$ -$ 0.00%-$ -$ 0.00% - - - -$ -$ 0.00%-$ -$ 0.00%-$ -$ 0.00% - - - -$ -$ 0.00%-$ -$ 0.00%-$ -$ 0.00% 3,600 3,600 4,000 2,000 2,000 2,600 308 of 1132 313 Model number, speed, capacities, details Model number, speed, capacities, details Model number, speed, capacities, details 0 0 0 MSRP UC Net Price % Discount 0 MSRP UC Net Price % Discount 0 MSRP UC Net Price % Discount 0 -$ -$ 0.00%-$ -$ 0.00%-$ -$ 0.00% -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ MULTIFUNCTION DEVICES COLOR CATEGORY 4A (41 - 50 ppm) Purchase Purchase Purchase Optional Color Required Optional 309 of 1132 314 -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ #DIV/0!-$ -$ #DIV/0!-$ -$ #DIV/0! FMV $1 Buyout Purchase FMV $1 Buyout Purchase FMV $1 Buyout Purchase -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ PMT/Mo.PMT/Mo.PMT/Mo. 310 of 1132 315 -$ -$ 0.00%-$ -$ 0.00%-$ -$ 0.00% -$ -$ 0.00%-$ -$ 0.00%-$ -$ 0.00% -$ -$ 0.00%-$ -$ 0.00%-$ -$ 0.00% - - - -$ -$ 0.00%-$ -$ 0.00%-$ -$ 0.00% - - - -$ -$ 0.00%-$ -$ 0.00%-$ -$ 0.00% 4,000 7,800 7,800 2,600 5,600 5,600 311 of 1132 316 Model number, speed, capacities, details Model number, speed, capacities, details Model number, speed, capacities, details 0 0 0 MSRP UC Net Price % Discount 0 MSRP UC Net Price % Discount 0 MSRP UC Net Price % Discount 0 -$ -$ 0.00%-$ -$ 0.00%-$ -$ 0.00% -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ CATEGORY 5 (61 - 90 ppm) Color RequiredColor Required Optional CATEGORY 4B (51 -60 ppm) Purchase Purchase Purchase 312 of 1132 317 -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ #DIV/0!-$ -$ #DIV/0!-$ -$ #DIV/0! FMV $1 Buyout Purchase FMV $1 Buyout Purchase FMV $1 Buyout Purchase -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ PMT/Mo.PMT/Mo.PMT/Mo. 313 of 1132 318 -$ -$ 0.00%-$ -$ 0.00%-$ -$ 0.00% -$ -$ 0.00%-$ -$ 0.00%-$ -$ 0.00% -$ -$ 0.00%-$ -$ 0.00%-$ -$ 0.00% - - - -$ -$ 0.00%-$ -$ 0.00%-$ -$ 0.00% - - - -$ -$ 0.00%-$ -$ 0.00%-$ -$ 0.00% 11,000 11,000 12,000 10,000 10,000 11,000 314 of 1132 319 MSRP UC Net Price % Discount -$ -$ 0.00% -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ Optional Purchase 315 of 1132 320 -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ #DIV/0! FMV $1 Buyout Purchase -$ -$ -$ -$ -$ -$ PMT/Mo. 316 of 1132 321 -$ -$ 0.00% -$ -$ 0.00% -$ -$ 0.00% - -$ -$ 0.00% - -$ -$ 0.00% 12,000 11,000 317 of 1132 322 PRICING 1). All quotes include shipping and delivery (All products) and installation (All equipment). (1) Equipment Specifications (2) Accessories Pricing (3) B&W Pricing (4) Color Pricing C). Please note there are dropdown lists available for input in (1) Equipment Specifications for EPEAT Certification. The MSRP columns of (3) B&W and (4) Color provide an actual price or an included option of Required Features. PREREQUISITES & DEFINITIONS INSTRUCTIONS A). The Excel pricing matrix workbook auto-fills several values across multiple sheets to reduce data input errors and redundancy. Proposers should populate the worksheets sequentially begining with: B). Model numbers, speeds, capacities that are being requested in Column A must be provided in the column(s) preceding MSRP for each model being offered (Tabs 2,3, and 4). 2). Pricing must utilize the same pricing structure as was used for other devices falling into the same product category. The pricing structure will be dictated by the purchase price determined from the discount from Manufacturer Suggested Retail Price (MSRP) and other specified discounts listed in this RFP. Such additions and deletions must be approved by the UC contract administrator or their designee. MSRP - Is defined as the product sales price list published in some form by the manufacturer or publisher of a product and available to and recognized by the trade. 318 of 1132 323 Bidders Laser Printer Specs and information, list by device proposed Enter company name in yellow cell (below) Required - B/W option 1 B/W option 2 Required - B/W option 1 B/W option 2 Required - B/W option 1 Model # Domestic Intro Date Rated Engine Life Monthly Duty Cycle Recommended Monthly Volume GENERAL SPECIFICATIONS Controller (Mfr/Model) Processor/Bits/MHz Memory Installed Memory Maximum Hard-Disk Drive PDLs/Emulations First-Page-Out Time (Mono/Color) INTERFACE/CONNECTIVITY Windows OS Supported Mac OS Supported Other OS Supported Standard Interfaces Optional Interfaces Network Support Printer Mgmt Software SPEED AND RESOLUTION Speed Mono/Color (Pages/Min) Unenhanced Resolution (HxV) Enhanced Resolution (HxV) PAPER HANDLING Std/Max Paper Source(s) Std/Max Paper Capacity MONOCHROME LOW (25 -40 ppm) MEDIUM (41 -55 ppm) HIGH (56- Green cells are Required. Fill in your product specifications in these cells. For absolute answer items, indicate with a Y (Yes) or N (No). (ex. Mac OS Supported? = Y) All others please describe. 319 of 1132 324 Min Paper Size (WxL) Min Print Area (WxL) Max Paper Size (WxL) Max Print Area (WxL) Paper Weights Std Output Tray Capacity Automatic Duplexing FEATURES Resident Fonts IPP (Web) Support Collation ADDITIONAL INFORMATION Energy Star Compliance Power Req's (V/Hz/Amps) Warranty Weight (Base Unit) Dimensions (HxWxD) CONSUMABLES INCLUDED OTHER FEATURES EPEAT RATINGS (Select from List level achieved Bronze, Silver or Gold in this row ) Registration date , example 04/08/2019 Total Optional Points , example 2/7 4.1 Reduction/elimination of environmentally sensitive materials 4.2 Materials selection 4.3 Design for end of life 4.4 Product longevity cycle extension 4.5 Energy conservation 4.6 End of life management 4.7 Corporate performance 4.8 Packaging 4.9 Consumables 4.10 Indoor air quality 320 of 1132 325 B/W option 2 Required - Color option 1 Color option 2 Required - Color option 1 Color option 2 Required - Color option 1 Color option 2 LASER PRINTERS COLOR LOW (10 -20 ppm) MEDIUM (21 -35 ppm) HIGH (36-50 ppm) -70 ppm) Blue cells are optional. Fill in your product specifications in these cells. 321 of 1132 326 0 Model # UC %UC %UC %UC %UC %UC % Net Price Discount Net Price Discount Net Price Discount Net Price Discount Net Price Discount Net Price Discount PRICING: BASE PRINTER Engine -$ -$ -$ -$ -$ -$ OPTIONAL FEATURES PRICING ( if included, note in UC Net column) Paper Handling /Feeding -$ -$ -$ -$ -$ -$ Base/Cabinet -$ -$ -$ -$ -$ -$ Additional Paper drawer (A) ( list capacity) -$ -$ -$ -$ -$ -$ Additional Paper drawer (B) (list capacity)-$ -$ -$ -$ -$ -$ Large Capacity Paper Feed Tray/Cab (A) (list capacity here)-$ -$ -$ -$ -$ -$ Large Capacity Paper Feed Tray/Cab (B) (list capacity here)-$ -$ -$ -$ -$ -$ other ( describe here) -$ -$ -$ -$ -$ -$ other ( describe here) -$ -$ -$ -$ -$ -$ other ( describe here) -$ -$ -$ -$ -$ -$ other ( describe here) -$ -$ -$ -$ -$ -$ OTHER ACCESSORIES & SOFTWARE Print from USB -$ -$ -$ -$ -$ -$ Mobile Printing access -$ -$ -$ -$ -$ -$ other ( describe here) -$ -$ -$ -$ -$ -$ other ( describe here) -$ -$ -$ -$ -$ -$ other ( describe here) -$ -$ -$ -$ -$ -$ other ( describe here) -$ -$ -$ -$ -$ -$ other ( describe here) -$ -$ -$ -$ -$ -$ other ( describe here) -$ -$ -$ -$ -$ -$ other ( describe here) -$ -$ -$ -$ -$ -$ ADA ACCESSABILITY Audible interface/voice guidance -$ -$ -$ -$ -$ -$ Extendable, and /or tilt keyboard -$ -$ -$ -$ -$ -$ Braille enablement /labelling -$ -$ -$ -$ -$ -$ Remote operation software kit -$ -$ -$ -$ -$ -$ Remote footswitch -$ -$ -$ -$ -$ -$ Voice Control -$ -$ -$ -$ -$ other ( describe here) -$ -$ -$ -$ -$ -$ other ( describe here) -$ -$ -$ -$ -$ -$ CONNECTIVITY/SECURITY Hard drive security -$ -$ -$ -$ -$ -$ Network security -$ -$ -$ -$ -$ -$ Secure print -$ -$ -$ -$ -$ -$ Image overwriting -$ -$ -$ -$ -$ -$ Foreign Interface Kit -$ -$ -$ -$ -$ -$ EXTENDED WARRANTY (Following Included Year 1) Year 2 -$ -$ -$ -$ -$ -$ Year 3 -$ -$ -$ -$ -$ -$ MSRP MSRP MSRP MSRP MSRP MSRP RFP Attachment / Pricing Schedule - PURCHASE OPTION MONOCHROME CATEGORY 1 LOW VOLUME (25 - 40 PPM) Required - B/W option 1 B/W option 2 Required - B/W option 1 B/W option 2 Required - B/W option 1 0 0 0 CATEGORY 2 MID VOLUME (41 -55 PPM) CATEGORY 3 HIGH VOLUME (56 - 70 ppm) B/W option 2 000 Description Green cells are Required.Fill in your accessoripricing in these cells.Blue cells are optional.Fill in your accessories pricing these cells. 322 of 1132 327 Year 4 -$ -$ -$ -$ -$ -$ CONSUMABLES Black toner standard cartridge ( Qty 1 - STD. must be included with printer)-$ -$ -$ -$ -$ -$ Black toner large capacity cartridge -$ -$ -$ -$ -$ -$ Drum/imaging unit -$ -$ -$ -$ -$ -$ Fuser Unit -$ -$ -$ -$ -$ -$ Other consumables (describe here)-$ -$ -$ -$ -$ -$ Other consumables (describe here)-$ -$ -$ -$ -$ -$ Other consumables (describe here)-$ -$ -$ -$ -$ -$ Other consumables (describe here)-$ -$ -$ -$ -$ -$ SERVICE/MAINTENANCE Full service maintenance agreement FSMA ( annual) -$ -$ -$ -$ -$ -$ Time and material hourly rate -$ -$ -$ -$ -$ -$ Time and material occurrence rate -$ -$ -$ -$ -$ -$ List yields according to ISO/IEC 19752 monochrome standard Black toner standard cartridge Black toner large capacity cartridge Drum/imaging unit Fuser Unit Other consumables (describe here) Other consumables (describe here) Other consumables (describe here) Other consumables (describe here) Yield @ 5%Yield @ 5%Yield @ 5%Yield @ 5%Yield @ 5%Yield @ 5% 323 of 1132 328 0 Model # UC %UC %UC %UC % Net Price Discount Net Price Discount Net Price Discount Net Price Discount PRICING: BASE PRINTER Engine -$ -$ -$ -$ OPTIONAL FEATURES PRICING ( if included, note in UC Net column) Paper Handling /Feeding -$ -$ -$ -$ Base/Cabinet -$ -$ -$ -$ Additional Paper drawer (A) ( list capacity) -$ -$ -$ -$ Additional Paper drawer (B) (list capacity)-$ -$ -$ -$ Large Capacity Paper Feed Tray/Cab (A) (list capacity here)-$ -$ -$ -$ Large Capacity Paper Feed Tray/Cab (B) (list capacity here)-$ -$ -$ -$ other ( describe here) -$ -$ -$ -$ other ( describe here) -$ -$ -$ -$ other ( describe here) -$ -$ -$ -$ other ( describe here) -$ -$ -$ -$ OTHER ACCESSORIES & SOFTWARE Print from USB -$ -$ -$ -$ Mobile Printing access -$ -$ -$ -$ other ( describe here) -$ -$ -$ -$ other ( describe here) -$ -$ -$ -$ other ( describe here) -$ -$ -$ -$ other ( describe here) -$ -$ -$ -$ other ( describe here) -$ -$ -$ -$ other ( describe here) -$ -$ -$ -$ other ( describe here) -$ -$ -$ -$ ADA ACCESSABILITY Audible interface/voice guidance -$ -$ -$ -$ Extendable, and /or tilt keyboard -$ -$ -$ -$ Braille enablement /labelling -$ -$ -$ -$ Remote operation software kit -$ -$ -$ -$ Remote footswitch -$ -$ -$ -$ Voice Control -$ -$ -$ -$ other ( describe here) -$ -$ -$ -$ other ( describe here) -$ -$ -$ -$ CONNECTIVITY/SECURITY Hard drive security -$ -$ -$ -$ Network security -$ -$ -$ -$ Secure print -$ -$ -$ -$ Image overwriting -$ -$ -$ -$ Foreign Interface Kit -$ -$ -$ -$ EXTENDED WARRANTY (After Included Year 1) Year 2 -$ -$ -$ -$ Year 3 -$ -$ -$ -$ Description MSRP MSRPMSRPMSRP LASER PRINTERS CATEGORY 2 MID VOLUME (21 -35 PPM) Color Option 2 Required - Color Option 1 Color Option 2 COLOR CATEGORY 1 LOW VOLUME (10 - 20 PPM) Required - Color Option 1 0 0 0 0 324 of 1132 329 Year 4 -$ -$ -$ -$ CONSUMABLES Black toner standard cartridge ( Qty 1 - must be included with printer)-$ -$ -$ -$ Black toner large capacity cartridge -$ -$ -$ -$ Cyan standard cartridge -$ -$ -$ -$ Magenta standard cartridge -$ -$ -$ -$ Yellow standard cartridge -$ -$ -$ -$ Drum/imaging unit -$ -$ -$ -$ Fuser Unit -$ -$ -$ -$ Other consumables (describe here)-$ -$ -$ -$ Other consumables (describe here)-$ -$ -$ -$ Other consumables (describe here)-$ -$ -$ -$ Other consumables (describe here)-$ -$ -$ -$ SERVICE/MAINTENANCE Full service maintenance agreement FSMA ( annual) -$ -$ -$ -$ Black toner -$ -$ -$ -$ Time and material hourly rate -$ -$ -$ -$ Time and material occurrence rate -$ -$ -$ -$ List yields according to ISO/IEC 19798 color toner standard Black toner standard cartridge @ 5% Black toner large capacity cartridge @ 5% Cyan cartridge @ 5% Magenta cartridge @ 5% Yellow cartridge @ 5% Drum/imaging unit Fuser Unit Other consumables (describe here) Other consumables (describe here) Other consumables (describe here) Other consumables (describe here) Yield @ 5%Yield @ 5%Yield @ 5%Yield @ 5% 325 of 1132 330 UC %UC % Net Price Discount Net Price Discount -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ MSRP MSRP CATEGORY 3 HIGH VOLUME (36 - 50 ppm) Required - Color Option 1 Color Option 2 0 0 326 of 1132 331 -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ -$ Yield @ 5%Yield @ 5% 327 of 1132 332 0 Model number, speed, capacities, details Model number, speed, capacities, details Model number, speed, capacities, details Model number, speed, capacities, details Model #0 0 0 0 PPM Speed 0 MSRP UC Net Price % Discount 0 MSRP UC Net Price % Discount 0 MSRP UC Net Price % Discount 0 MSRP UC Net Price % Discount BASE PRINTER Engine $ - $ - 0.00% $ - $ - 0.00% $ - $ - 0.00% $ - $ - 0.00% Required Accessories/Features ( if included, note in MSRP column) Auto Duplex: Standard $ - $ - $ - $ - Connectivity: USB 2.0 and Ethernet 10/100/1000 $ - $ - $ - $ - System memory minimum: 128 MB $ - $ - $ - $ - Input tray minimum: 250 sheets $ - $ - $ - $ - Black toner minimum: 2500 pgs $ - $ - $ - $ - Warranty: 1 year $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - CONFIGURED PRICE $ - $ - #DIV/0! $ - $ - #DIV/0! $ - $ - #DIV/0! $ - $ - #DIV/0! B&W - Configured System Price Sheet PURCHASE PURCHASE B/W OPTION 2 CATEGORY 1 LOW VOLUME (25 - 40 PPM) B/W OPTION 2 PURCHASE LASER PRINTERS MONOCHROME Required - B/W OPTION 1 PURCHASE CATEGORY 2 MID VOLUME (41 -55 PPM) Required - B/W OPTION 1 List yields according to ISO/IEC 19752 monochrome standard Yield @ 5%UC Net Price Yield @ 5%UC Net Price Yield @ 5%UC Net Price Yield @ 5%UC Net Price Black toner standard cartridge - $ - - $ - - $ - - $ - Black toner large capacity cartridge - $ - - $ - - $ - - $ - Drum/imaging unit - $ - - $ - - $ - - $ - Fuser Unit - $ - - $ - - $ - - $ - Other consumables (describe here) - $ - - $ - - $ - - $ - Other consumables (describe here) - $ - - $ - - $ - - $ - Other consumables (describe here) - $ - - $ - - $ - - $ - Other consumables (describe here) - $ - - $ - - $ - - $ - Sample monthly B/W volume (for UC TCO's calculations only) 1,500 1,500 4,000 4,000 % trade in value on Purchased unit ( after 5 years) $ trade in value on Purchased unit ( after 5 years) $ - $ - $ - $ - Green cells are Required configurations. Fill in Blue cells ar 328 of 1132 333n 111111111 n 111111111 n 111111111 11 11 11 Model number, speed, capacities, details Model number, speed, capacities, details 0 0 0 MSRP UC Net Price % Discount 0 MSRP UC Net Price % Discount $ - $ - 0.00% $ - $ - 0.00% $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - #DIV/0! $ - $ - #DIV/0! CATEGORY 3 HIGH VOLUME (56 - 70 ppm) Required - B/W OPTION 1 B/W OPTION 2 PURCHASE PURCHASE Yield @ 5%UC Net Price Yield @ 5%UC Net Price - $ - - $ - - $ - - $ - - $ - - $ - - $ - - $ - - $ - - $ - - $ - - $ - - $ - - $ - - $ - - $ - 7,000 7,000 $ - $ - re optional configurations. Fill in your product pricing in these cells. 329 of 1132 334n • • • • • • • • • n • • • • • • • • • 0 Model number, speed, capacities, details Model number, speed, capacities, details Model number, speed, capacities, details Model number, speed, capacities, details Model #0 0 0 0 PPM Speed 0 MSRP UC Net Price % Discount 0 MSRP UC Net Price % Discount 0 MSRP UC Net Price % Discount 0 MSRP UC Net Price % Discount BASE PRINTER Engine $ - $ - 0.00% $ - $ - 0.00% $ - $ - 0.00% $ - $ - 0.00% Required Accessories/Features ( if included, note in MSRP column) Auto Duplex: Standard $ - $ - $ - $ - Connectivity: USB 2.0 and Ethernet 10/100/1000 $ - $ - $ - $ - System memory minimum: 64 MB $ - $ - $ - $ - Input tray minimum: 100 sheets $ - $ - $ - $ - Black toner minimum: 700 pgs $ - $ - $ - $ - Cyan toner minimum: 700 pgs $ - $ - $ - $ - Yellow toner minimum: 700 pgs $ - $ - $ - $ - Magenta toner minimum: 700 pgs $ - $ - $ - $ - Warranty: 1 year $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - CONFIGURED PRICE $ - $ - #DIV/0! $ - $ - #DIV/0! $ - $ - #DIV/0! $ - $ - #DIV/0! Required - Color Option 1 Color Option 2 Required - Color Option 1 Color Option 2 PURCHASE PURCHASE PURCHASE PURCHASE COLOR - Configured System Price Sheet LASER PRINTERS COLOR CATEGORY 1 LOW VOLUME (10 - 20 PPM)CATEGORY 2 MID VOLUME (21 -35 PPM) List yields according to ISO/IEC 19752 monochrome standard Yield @ 5%UC Net Price Yield @ 5%UC Net Price Yield @ 5%UC Net Price Yield @ 5%UC Net Price Black toner standard cartridge - $ - - $ - - $ - - $ - Black toner large capacity cartridge - $ - - $ - - $ - - $ - Cyan toner cartridge - $ - - $ - - $ - - $ - Magneta toner cartridge - $ - - $ - - $ - - $ - Yellow toner cartridge - $ - - $ - - $ - - $ - Drum/imaging unit - $ - - $ - - $ - - $ - Fuser Unit - $ - - $ - - $ - - $ - Other consumables (describe here) - $ - - $ - - $ - - $ - Other consumables (describe here) - $ - - $ - - $ - - $ - Other consumables (describe here) - $ - - $ - - $ - - $ - Other consumables (describe here) - $ - - $ - - $ - - $ - Sample monthly B/W volume (for UC TCO's calculations only) 1,000 1,000 2,000 2,000 Sample monthly Color volume (for UC TCO's calculations only) 500 500 1,000 1,000 % trade in value on Purchased unit ( after 5 years) $ trade in value on Purchased unit ( after 5 years) $ - $ - $ - $ - Green cells are Required configurations. Fill Blue cells are optio 330 of 1132 335 Model number, speed, capacities, details Model number, speed, capacities, details 0 0 0 MSRP UC Net Price % Discount 0 MSRP UC Net Price % Discount $ - $ - 0.00% $ - $ - 0.00% $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - $ - #DIV/0! $ - $ - #DIV/0! PURCHASE Required - Color Option 1 Color Option 2 PURCHASE CATEGORY 3 HIGH VOLUME (36 - 50 ppm) Yield @ 5%UC Net Price Yield @ 5%UC Net Price - $ - - $ - - $ - - $ - - $ - - $ - - $ - - $ - - $ - - $ - - $ - - $ - - $ - - $ - - $ - - $ - - $ - - $ - - $ - - $ - - $ - - $ - 4,000 4,000 2,500 2,500 $ - $ - onal configurations. Fill in 331 of 1132 336 Supplier name here: Additional Discounts tab C). Add rows as needed. PREREQUISITES & DEFINITIONS A). List other goods and services available to the University of California (column A) B). Add a brief description and your corresponding discount offered (Item listed in column A) along with the foundation of your discount. MSRP - Is defined as the product sales price list published in some form by the manufacturer or publisher of a product and available to and recognized by the trade. PRICING - All quotes include shipping and delivery (All products) and installation (All equipment). 332 of 1132 337 Other Goods and/or Services (List Below)Description UC Discount Offered (%) Basis for Discount Offered (i.e. MSRP, Base Rate, etc.)Comments 333 of 1132 338 Supplier name here: Repair Parts tab C). Add rows as needed. PREREQUISITES & DEFINITIONS MSRP - Is defined as the product sales price list published in some form by the manufacturer or publisher of a product and available to and recognized by the trade. PRICING - All quotes include shipping and delivery (All products) and installation (All equipment). A). List common repair parts easily replacable by the customer that are used in the ongoing operation of your MFD and Laser Printer products. B). Provide the MFG part number, a brief description and your UC discount-off MSRP. 334 of 1132 339 Common Repair Parts (Customer Replaceable)MFG Part #Description UC Discount Percent-off MSRP (%) Comments 335 of 1132 340 END OF SECTION 336 of 1132 341 RFP 001181Feb 2020 Print Goods and Services UC Systemwide University of California Prepared by Scott Reiber Xerox Technology Advisor June 5, 2020 337 of 1132 342 xerox ·· 2 June 5, 2020 UC Systems Michael Wegmann IT Commodity Manager Office of the President Dear Michael and Committee: On behalf of the Xerox Team, thank you for the opportunity to present our proposal in response to your RFP 001811 Feb2020 Print Good and Services UC Systemwide. We have thoroughly reviewed your requirements and are proposing a compliant solution that looks to expand our partnership and will help you achieve your print goods and services goals. Xerox is a technology leader that innovates the way the world communicates, connects and works. We understand what’s at the heart of sharing information - and all the forms it can take. We embrace the integration of paper and digital, the increasing requirement for mobility, and the need for seamless integration between the employee’s work and personal worlds. We also recognize the need for security compliance, sustainability and how to work in the new world of today. Innovation and continuous improvement are key pillars of our Execution Methodology. Our philosophy is “Customers for Life”, which embodies the importance we place in our partnerships and delivering ongoing excellence to customers like University of California. Thank you for your consideration and confidence in Xerox. We look forward to the next steps you’re your procurement process and continuing as your trusted partner for print goods and services. Regards, Scott A Reiber Scott Reiber Technology Advisor Scott Reiber Xerox Technology Advisor Public Sector/Higher Education Xerox Corporation 5050 Hopyard Rd. Ste. 100 Pleasanton, CA 94599 scott.reiber2@xerox.com tel. 925.701.1657 338 of 1132 343 3 Table of Contents Table of Contents 3 Xerox Clarifications/Exceptions to the Regents of the University of California RFP Print, Goods and Service 4 Xerox’s Clarifications to the University’s RFP 4 Attachments 14 339 of 1132 344 4 Xerox Clarifications/Exceptions to the Regents of the University of California RFP Print, Goods and Service We have reviewed the University’s Request for Proposal (“RFP”) and have prepared the enclosed Purchase and Maintenance and 36, 48 and 60-months Lease Proposal (Fair Market Value, $1 Buyout Option) subject to the University’s contract standards or performance for your consideration. In addition, Xerox has also included a separate pricing and Terms & Conditions response for Non-University members subject to Omnia Partners contract standards of performance and terms and conditions. All operational requirements for the University in the contract, such as customized reporting and separately billed maintenance are applicable for University only. All operational requirements, performance standards and terms and conditions of the master agreement Xerox/Omnia contract are applicable for non-University customers. Although the Proposal is based on the requirements included in your RFP, our Proposal does include some responses that are slightly different. This document and our Proposal explain those differences. In addition, we have included some Additional Terms that were not addressed in the University’s RFP. Please note that Xerox's Proposal is contingent upon the accuracy of the information included in the University’s RFP and Xerox’s review of the University’s credit. Any material change to the information provided by the University, or the University’s credit, may result in a change to Xerox’s offer. Please note that Xerox agrees to negotiate a solution that is acceptable to both parties if any of the below clarifications or Additional Terms are inconsistent with California law, or are otherwise unacceptable to the University. Our team is also prepared to discuss our Proposal in detail, and adjust our proposed equipment, support services, terms, and/or price offering based on the University’s final requirements. Upon award of this RFP, Xerox agrees to negotiate a Contract that incorporates the mutually agreed terms contained in the University’s RFP, our Proposal, Xerox’s Purchase and Maintenance and Lease Agreement (applicable to the University and its affiliates), and OMNIA Partner’s terms and conditions (applicable for Non-University members), and any additional negotiated item(s). Xerox’s Clarifications to the University’s RFP Xerox provides the following clarifications and comments to the below listed University RFP requirements. RFP EVENT AND PROCESS SUMMARY SECTION 3. MFD/PRINTER FLEET MANAGEMENT PROGRAMS; 3.1.1.1 MFD 36//48/60-months terms. The Xerox Lease offering is based on a firm 36-month, 48-month and 60-month, FMV and $1 Buy-out Option, of equipment installation commitment, and consists of a Monthly Base Charge that covers the cost of the equipment; the cost per copy and overage rates, any trade-in equipment refinanced / buyout amounts; an equipment trade-in credit value; the equipment’s FOB shipment, freight, and inside delivery and removal (excluding any unique rigging expenses); the equipment’s physical installation and connection to the University’s network; and end user initial training, and the labor services detailed in our Proposal. Remote installations are also available where applicable. Please note Xerox does not offer any trade bonuses for sale to lease equipment transactions under this Agreement. For competitive sale to sale trades Xerox will remove the competitive/owned equipment at Xerox expense. 340 of 1132 345 5 SECTION 3. MFD/PRINTER FLEET MANAGEMENT PROGRAMS; 3.1.1.2 and 3.1.1.3 Discounts. Outright Purchase Equipment. Please note Xerox will provide an additional 5% discount on the published University equipment mainframe price (excluding accessories) list for Outright Sale/FMV & FPO Lease (equipment price only, excluding maintenance) for orders for Managed Programs. Any/all discounts will be taken at the time of order. Lease Equipment. Please note Xerox cannot guarantee any additional discounts beyond the published lease price however, Xerox will review/consider these opportunities for additional discounts for “Managed Programs” upon request. SECTION 4. PRODUCT CERTIFICATION Equipment provided under the Contract is currently manufactured by Xerox, though the equipment may contain recycled components that have been reprocessed to meet Xerox’ new parts performance standards. The County will be the first user of the equipment. SECTION 5. PROGRAM FOR TRADE-INS/UPGRADES Trade-In Equipment. Xerox warrants that University has the right to transfer title to the Equipment University is trading in as part of an Order ("Trade-In Equipment"), and that the Trade-In Equipment is in good working order and has not been modified from its original configuration (other than by Xerox). Title and risk of loss to the Trade-In Equipment will pass to Xerox when Xerox removes the Trade-In Equipment from University premises. University will maintain the Trade-In Equipment at its present site and in substantially the Trade-In Equipment’s present condition until removed by Xerox. University will pay all accrued charges for the Trade-In Equipment, up to and including payment of the final principal payment number and all applicable maintenance, administrative, supply and finance charges until Xerox removes the Trade-In Equipment from the University’s premises. Upgrades. Xerox’s Purchase and Maintenance as well as Xerox Lease offer allows the University to place additional equipment mainframe orders at the same quoted contract price throughout the 60-month master agreement term, provided each additional equipment placement remains installed for a minimum 36/48/60-month term. Xerox will also provide a separate price quote if the University desires to acquire additional equipment having an installation term less than 60-months. The equipment’s features and performance can also be upgraded through the addition of a number of optional accessories. Accessory options included with the mainframe can be obtained at the contract quoted price. Any accessory ordered following the mainframe’s installation will have the price readjusted based on the mainframe’s remaining agreement term. Please remember that the Xerox Purchase and Maintenance as well as Xerox Lease offering is based on a firm 36/48/60-month equipment installation term that can only be terminated due to fiscal year funds non-appropriation or an uncured performance failure. If the equipment is cancelled for the University’s convenience and not replaced, or traded to a different unit, the University will be assessed a liquidated damages charge. In order to avoid this charge, Xerox recommends that the equipment either be: (a) exchanged with another University unit, or (b) moved to another University location and replaced with a unit that fits the end users current work requirements. D. Organizational Context. University of California Pricing Terms - For University of California and affiliates Xerox agrees to extend the specific University product pricing and terms of this Agreement. 341 of 1132 346 6 OMNIA Partners’ National Master Agreement– Xerox agrees to make resulting OMNIA Partners’ pricing/terms from this solicitation available to other public agencies nationally, including state and local governmental entities, public and private primary, secondary and higher education entities, non-profit entities, and agencies for the public benefit (“Public Agencies”) through OMNIA Partners’ Cooperative purchasing program so long as such Public Agency is a registered member at OMNIA. Non-University OMNIA members will procure equipment and services subject to the terms and conditions of the OMNIA Master Agreement which terms are hereby incorporated by their reference https://www.sourcewell- mn.gov/cooperative-purchasing/083116-xox?domain=870%20%20%20%20%20%20%20%20%D0%B5H#tab- contract-documents 3 MFD/Printer Fleet Management Programs - Delivery and Installation. Delivery. Please note the following will apply to any Purchase and Lease transaction: Unless otherwise agreed upon by the parties, Xerox equipment deliveries can normally be expected within ten business days following the receipt of the University’s equipment approved and accepted purchase order, except during times of product constraint. Xerox will inform the University if a constraint condition exists and will provide a revised delivery date. If the revised target delivery date is unacceptable, the University can cancel the order without penalty to either party. Installation. Unless the Purchase and Maintenance and Lease Agreement is preceded by a Trial order, the equipment will be deemed accepted on the equipment’s installation date, which is the date Xerox determines the equipment to be operating satisfactorily, as demonstrated by the successful completion of diagnostic routines, and is available for the University’s use. The Installation Date for equipment and software designated as “Customer Installable” will be the equipment delivery date. Any equipment that does not perform to its published specification will be repaired or replaced by Xerox at its expense, provided the equipment is covered by a Xerox warranty or maintenance plan. Any equipment that needs to be replaced will be replaced with an identical model, or at Xerox’s option a unit with similar capabilities and comparable usage. 2.2 Equipment Service and Support Uptime. Total Uptime Xerox’s Uptime objective is to maintain an average 96% equipment uptime performance based on a three-month rolling average for the University’s entire Xerox-branded equipment population that is operated with the equipment’s operating guideline for the specified product. Uptime is calculated as follows: 1. UPTIME TARGET. Provided Customer has at least twenty-five (25) units of Equipment installed under this Agreement, Xerox agrees to maintain an Uptime Target for the total Equipment population installed under this Agreement, which shall be measured as provided below over a three (3) calendar month rolling period, of at least ninety-six percent (96%) in the aggregate for the Equipment subject to this Agreement that is operated within the specified Maximum Monthly Volume Range, (to be included upon University’s request in an Appendix to this Contract) and installed within twenty-five (25) miles of a Xerox service location. This Uptime Target commences on the first day of the calendar month that begins at least one hundred twenty (120) days after the Agreement commences. 2. CONTRACTED PERIOD OF COVERAGE. Xerox will provide Maintenance Services, as the same is set forth in this Agreement, during Customer’s normal business hours Contracted Period of Coverage (“CPOC”), which shall be defined as 9:00 a.m. to 5:00 p.m., Local Time, Mondays through Fridays (excluding Xerox-recognized holidays), for the purposes of this Agreement. 3. UPTIME HOURS DEFINITION. "Uptime Hours" equals the number of hours per calendar month that the Equipment is available for use. For this Agreement, Uptime Hours equals 567 hours per three (3) calendar months and has been calculated by multiplying the number of hours per day in the CPOC times the average number of days per three (3) calendar month period such coverage is provided, which, for the purposes of this Agreement, is sixty-three (63) days per three (3) calendar month period.. 342 of 1132 347 7 4. DOWNTIME HOURS DEFINITION. “Downtime Hours” shall mean the number of hours in any three (3) calendar month period during which Equipment maintained hereunder is inoperative (i.e., cannot make any copies or prints, as applicable) during the CPOC, including machine-repair time and response time when the Equipment is inoperative. Downtime Hours do not include time when the Equipment's inoperability is due to user misuse or abuse of the Equipment, Customer's negligence or intentional acts, fire, environmental failure at the installation site or use of the Equipment in a manner other than was intended; preventative maintenance, Equipment relocation or inspections are being performed; and, time taken in producing usable copies or prints. 5. CALCULATION. The Uptime Percentage Rate for a given calendar month is calculated as follows: Uptime Percentage Rate = CPOC (567) – Downtime Hours (x) CPOC Hours (567) Laser Printers. Lease: For FMV/FPO leases the Maintenance is included and begins upon install. Response/Repair Time. Xerox’s response time objective is to return all service calls within one business hour, and to arrive on-site on average within 3.5 to 4 business hours for multifunction color devices, if the problem cannot be resolved over the phone. Response Time for other devices will be provided upon request. Response time is calculated based on the quarterly response time average for the University’s entire Xerox-branded equipment population. Calls can be placed toll free 24-business hours per day, 7 days per week, and 365 days a year. During standard business hours (8 A.M. to 5 P.M., Monday thru Friday), all service calls will be directed to our Service Welcome Center where our service personnel will attempt to resolve the issue over the phone through on-line diagnostics. If the problem cannot be resolved over the phone the representative will provide the caller with the technicians estimated time of arrival. The Service Technician will contact the caller prior to arriving on-site to discuss the problem and determine if they have the appropriate parts, or if there will be a change to the arrival time. Evening, weekend, and holiday phone service is also available. On-site evening, weekend, and holiday service support can also be prearranged or may be available based on evening resource availability. The 24x7-call center and business hour technical support is included in our contract offering. After hour, weekend, and holiday on- site technical support is available at Xerox’s then current overtime rate. Please refer to the XPS Description of Services for response time objectives relating to the XPS / Managed Print Services offering. Delivery/Installation. Delivery. Please note the following will apply to any Purchase and Lease transaction: Unless otherwise agreed upon by the parties, Xerox equipment deliveries can normally be expected within ten business days following the receipt of the University’s equipment approved purchase order, except during times of product constraint. Xerox will inform the University if a constraint condition exists and will provide a revised delivery date. If the revised target delivery date is unacceptable, the University can cancel the order without penalty to either party. Installation. Unless the Purchase and Maintenance and Lease Agreement is preceded by a Trial order, the equipment will be deemed accepted on the equipment’s installation date, which is the date Xerox determines the equipment to be operating satisfactorily, as demonstrated by the successful completion of diagnostic routines, and is available for the University’s use. The Installation Date for equipment and software designated as “Customer Installable” will be the equipment delivery date. Any equipment that does not perform to its published specification will be repaired or replaced by Xerox at its expense, provided the equipment is covered by a Xerox warranty or maintenance plan. Any equipment that needs to be replaced will be replaced with an identical model, or at Xerox’s option a unit with similar capabilities and comparable usage. 343 of 1132 348 8 Attachment – University Terms and Conditions of Purchase Article 2. Term and Termination. Xerox recognizes the University’s right to terminate the Agreement for its convenience due to a change in its business needs. However, the Xerox offer is based on a firm 36, 48, or 60-month equipment installation commitment, and cannot be terminated except for fiscal year funds non-appropriation or uncured Xerox default. In order to terminate the Agreement due to non-appropriation, University must provide Supplier with written notice, within 31-days of its governing body’s decision not to appropriate funds, stating that the University’s governing body failed to appropriate funds. The notice must certify that the canceled equipment is not being replaced by equipment performing similar functions during the ensuing fiscal year. In addition, the University will be required to return the equipment to Supplier with transportation costs borne by Supplier. The University will then be released from its obligation to make any further payments beyond those through the end of the last fiscal year for which funds have been appropriated. University may terminate this Agreement for convenience at any time, in whole or in part, in accordance with the terms of Article 2 of University of California Terms and Conditions of Purchase. In the event of such termination, University agrees to provide Xerox at least thirty (30) days prior written notice of the effective date of termination and the extent thereof, such termination shall not affect any leased unit that has not fulfilled the appropriate term. If any termination of this Agreement takes place, Xerox shall extend to University, upon University request, an additional ninety (90) day period to properly implement a smooth transition. Fees for the services performed during the additional ninety (90) days will be in good faith negotiated between University and Xerox. Termination under this provision, shall not apply to orders received by Xerox prior to the effective date of termination. In the event Xerox cannot or does not perform its obligations, University reserves the right to terminate the Agreement. If within thirty (30) days of receipt of written notice from University of Xerox’s breach of any term or condition of the Agreement, Xerox shall fail to remedy such breach, then University may terminate the Agreement. However, this cancellation provision does not pertain to any leased equipment installed prior to University’s termination notice. In the event the Agreement is terminated, individual lease placements will continue until their scheduled expiration date, and continue to be governed by, and be subject to, the terms and conditions of the individual lease and the Agreement. Article 3. Pricing, Invoicing Method, and Settlement Method and Terms. Xerox will not issue an invoice until Services have been rendered and accepted. University will pay Xerox, within thirty-one (31) days of receipt of an undisputed and accurate invoice. The agreed upon minimum lease payment will not be subject to dispute at any time. Xerox will not issue an invoice until Services have been rendered and accepted. Article 4. Inspection. Xerox can support the University’s inspection and acceptance requirement by initially installing the equipment under a Trial arrangement. Unless an order is preceded by a Trial order, the Services will be deemed accepted on the equipment’s installation date, which is the date Xerox determines the equipment to be operating satisfactorily, as demonstrated by the successful completion of diagnostic routines, and is available for the University’s use. The Installation Date for equipment and software designated as “Customer Installable” will be the equipment delivery date. Any equipment that does not perform to its published specification will be repaired or replaced by Xerox at its expense, provided the equipment is covered by a Xerox warranty or maintenance plan. Any equipment that needs to be replaced will be replaced with an identical model, or at Xerox’s option a unit with similar capabilities and comparable usage. 344 of 1132 349 9 Article 6.j Outsourcing (Public Contract Code Section 12147 Compliance). All services included in the Xerox bid to be specifically contracted for by the University will be provided within the U.S. However, certain back-office contract administration and customer support services are performed by Xerox and/or its affiliates from locations outside the U.S. Article 7. Intellectual Property. Xerox does not anticipate the development of any customized products or programming in connection with the services provided under the Contract. Xerox agrees that all University authored documents printed/copied on Xerox supplied equipment is the University’s sole and exclusive property, and that Xerox shall have no rights to these documents. Also, all Xerox generated reports and the output of Services is Customer’s sole and exclusive property and Xerox will have no rights to these documents or data, except as may be required for Xerox to perform Services. All other work prepared by or processes developed by Xerox for the University’s use will remain the sole property of Xerox and is not deemed a “work for hire”. However, Xerox grants the University a non-exclusive, perpetual, fully paid-up, world wide right to use, display, reproduce, and modify any report, form, design, computer programs, code, or other work of authorship provided by Xerox to the University in the course of performing the Services under the Contract strictly for the University’s internal business use and not for resale or distribution outside of the University’s organization. Article 8. Indemnity and Liability. Indemnification is contingent upon University giving Xerox written notice, by registered mail, promptly after it becomes aware of any claim to be indemnified hereunder and permits Xerox to control the defense of any such claim or action and Xerox’s own expense. Notice shall be sent to “Corporate Risk, Xerox Corporation, Long Ridge Road, Stamford, Connecticut, 06940.” University agrees that Xerox may employ attorneys of its own choice to appear and defend the claim or action and that University shall do nothing to compromise the defense of such claim or action or any settlement thereof and shall provide Xerox with all reasonable assistance which Xerox may require. Xerox shall not be obligated to indemnify the University against the University’s own acts or omissions. Except for indemnified matters and to the extent permitted by applicable law, all other liability of Xerox to University for damages of any kind of type, including but not limited to indirect, consequential, incidental, or special damages, arising from Xerox performance or failure to perform under this Contract or by virtue of Xerox’s tortuous conduct (including negligence whether passive or active) shall be limited to the amounts paid by University under this Agreement. Provided, however, that the foregoing limitation of liability shall not apply to claims by University for personal injury or damage to real or tangible property caused by Xerox’s negligence. Article 9. Insurance. Xerox agrees to include the University as an additional insured under the comprehensive general liability and automobile liability insurance policies only for claims arising out of the willful or negligent acts, or omissions of Xerox in the performance of the services under the contract. Xerox and University will agree on the final coverage required under this Proposal. Article 17. Additional Terms Applicable to the Furnishing of Goods A. Price Decreases. Xerox agrees immediately to notify the University of any price decreases from its suppliers, and to pass through to UC any price decreases. Any price reduction resulting from this provision shall only apply to orders received after the effective date of the price reduction. B. Title. Title to the Goods purchased under the Agreement, along with the risk of equipment’s loss or damage, will pass directly from Xerox to University upon delivery, subject to University’s right to reject upon inspection. 345 of 1132 350 10 Article 20. Prohibition on Unauthorized Use or Disclosure of Institutional Information; (e) No Offshoring. All services included in the Xerox bid to be specifically contracted for by the University will be provided within the U.S. However, certain back-office contract administration and customer support services are performed by Xerox and/or its affiliates from locations outside the U.S. Article 27. Force Majeure. This provision does not relieve either party of its obligation to make payments due under the Contract. Any University purchases to procure the services from other sources without Xerox’s prior approval will be at the University’s expense. Attachment – University Terms and Conditions of Equipment Lease Article 2. Inspection. Xerox can support the University’s inspection and acceptance requirement by initially installing the equipment under a Trial arrangement. Unless an order is preceded by a Trial order, the Services will be deemed accepted on the equipment’s installation date, which is the date Xerox determines the equipment to be operating satisfactorily, as demonstrated by the successful completion of diagnostic routines, and is available for the University’s use. The Installation Date for equipment and software designated as “Customer Installable” will be the equipment delivery date. Any equipment that does not perform to its published specification will be repaired or replaced by Xerox at its expense, provided the equipment is covered by a Xerox warranty or maintenance plan. Any equipment that needs to be replaced will be replaced with an identical model, or at Xerox’s option a unit with similar capabilities and comparable usage. Article 5. Termination. Xerox recognizes the University’s right to terminate the Agreement for its convenience due to a change in its business needs. However, the Xerox offer is based on a firm 36, 48, or 60-month equipment installation commitment, and cannot be terminated except for fiscal year funds non-appropriation or uncured Xerox default. The initial term for any individual lease order will be the number of full calendar months stated in the order. The minimum lease payment for any partial month following the equipment installation date will be billed on a pro rata basis, based on a 31-day month. The term for each unit of equipment will commence upon the delivery of customer-installable equipment; or the installation of Xerox-installable equipment and will expire on the last day of the final full calendar month of the contracted term indicated in the order. University may at its option, by written notice stating the extent and effective date, terminate this order at the anniversary date of the lease or at the end of any fiscal year in whole or in part in the event the funding agency does not appropriate sufficient funds to continue the lease payments. In order to terminate the Agreement due to funding non-appropriation, the University must provide Xerox with written notice, within 30-days of its governing body’s decision not to appropriate funds, stating that the University’s governing body failed to appropriate funds. In addition, the University will be required to return the equipment to Xerox with transportation costs borne by Xerox. The University will then be released from its obligation to make any further payments beyond those through the end of the last fiscal year for which funds have been appropriated. Other than as stated above, leases may not be cancelled prior to expiration. Early cancellation of individual leases without cause or cancellation of individual leases by Xerox due to the University’s material breach will result in an early termination charge that is equal to the sum of the remaining payments less any unearned maintenance and supply charges discounted at 4% per annum. In no event shall the amount paid exceed the total contracted price, minus payments already made. Xerox will provide University with no less than thirty-one (31) days advance notice of the expiration of each lease term. Upon lease expiration, University shall have the option to: • Purchase the equipment AS IS, WHERE IS, by giving Xerox at least thirty (30) days prior notice of University intent to purchase at the termination of the term specified in any order or any renewal thereof. The purchase 346 of 1132 351 11 option price for FMV leases shall be the equipment’s then fair market value plus all applicable sales taxes. The purchase option for FPO will be $1 plus all applicable sales taxes. • Lease the current equipment at the same monthly price on a month-to-month basis. This type of lease extension may be cancelled without penalty upon 30 days written notice. • Have Xerox provide a quote on a new 12- or 24-month lease on the current equipment. This will yield a lower monthly price; however, the University would not be able to cancel the lease without termination charges until expiration of the new extended lease. Upon expiration of a lease without extension, University will make the equipment available for removal by Xerox at Xerox’s cost. At the time of removal, the equipment will be in the same condition as when delivered, reasonable wear and tear accepted. A lease order under the contract is a “finance lease” under Article 2A of the Uniform Commercial Code and, except to the extent expressly provided under the Contract, and to the extent permitted by California law, Customer waives all rights and remedies conferred upon a lessee by Article 2A. Article 6. Title. Title to the Goods purchased under the Agreement, along with the risk of equipment’s loss or damage, will pass directly from Xerox to University upon delivery, subject to University’s right to reject upon inspection. Article 11. Proprietary Rights Indemnity. Xerox will agree to this indemnity provision providing Xerox is given written notice of the claim or action and allowed to select attorneys of its own choice to appear and defend the claim or action. In addition, the University agrees to provide Xerox with all reasonable assistance that Xerox may require, and that the University will do nothing to compromise Xerox’s defense or settlement of the claim or action. Xerox agrees that it will be responsible for its equitable share of any claims, liabilities, judgments, costs, and expenses based on Xerox’s relative culpability. Xerox will not indemnify the University due to any negligent or willful act on the part of the University, its officers, employees, volunteers, or agents, or the negligent or willful acts of any party other than a Xerox officer, employee, or agent. Article 15 (2). Service and Maintenance. Please note that the vast majority of on-site equipment repairs will be completed within 12 business hours. However, in the unlikely event that the repair time exceeds 12 business hours, Xerox agrees, as University’s exclusive remedy, to issue an appropriate service credit for Xerox’s failure to repair the equipment within the specified timeframe. The credit can be used to offset any invoice charge, excluding the Monthly Minimum Charge which is not subject to dispute. Article 17. Risk of Loss. Please note that title to the Xerox supplied equipment will remain with Xerox until the University elects to purchase the equipment, and that the risk of the equipment’s loss or damage will pass to the University upon delivery. The University is required to insure the equipment while installed. Title to the Lessor supplied equipment will remain with Lessor until University elects to purchase the equipment. Risk of the equipment’s loss or damage will pass to the University upon delivery. University agrees that: (a) the equipment will remain personal property; (b) it will not attach the equipment as a fixture to any real estate; (c) it will not pledge, sub-lease, or part with possession of the equipment or file, or permit to be filed, any lien against the equipment; and, (d) it will not make any permanent alterations to the Equipment 347 of 1132 352 12 Article 19.B Lessors Liability and Insurance Requirements. Xerox agrees to name the University as an additional insured under the comprehensive general liability and automobile liability insurance policies only for claims arising out of the willful or negligent acts, or omissions of Xerox in the performance of the services under the contract. 1. Comprehensive or Commercial Form General Liability Insurance Minimum Limits: Each occurrence $2,000,000; 2. Products/Completed Operations $2,000,000. 2. Business Auto Liability: Combined single limit of no less than $3,000,000 per occurrence. Certificates of insurance shall obligate Lessor’s insurers to endeavor to notify University at least prior to cancellation of or material change in any of said insurance. Attachment – University Appendix – Federal Government Contracts Xerox provides ‘commercial items,’ as that term is defined in FAR Part 2. As such, Xerox is not subject to the cost principles of FAR Part 31, the Cost Accounting Standards, and the majority of the clauses listed in this attachment. We would be happy to comply with those clauses which the University and Xerox mutually agree apply to the acquisition of a commercial item Appendix – Business Associate Agreement Section 2(I) - Please note Xerox agrees to this section so long as the University grants Xerox 30 days’ prior written notice to make its internal practices, books, and records, relating to the Use and Disclosure of PHI available to UC, and to the Secretary for purposes of determining University's compliance with HIPAA, HITECH and their implementing regulations. Appendix – Data Security Please note Xerox will not gain access to the University’s Institutional Information or IT Resources in the course of providing the Goods/Services. Therefore, this Appendix is not applicable. Appendix – General Data Protection Regulation Please note Xerox offer does not include the processing of any personal data under the contract. Thus, the terms of this Appendix “General Data Protection Regulation” will not apply. In the event any of the provisions of this Appendix would apply, Xerox requests the following modifications: C4. Xerox agreements with our subcontractors are confidential and its terms are subject to confidentiality provisions. D3(i). Xerox requests the deletion of the word "pseudonymisation" D5. In the event of any suspected or actual personal data breach, Xerox agrees to comply with security incident notification requirements within a reasonable time. Xerox respectfully requests the deletion of the sentence “but in no event more than two calendar days”. D7. Xerox requests University to replace "any data breach" language with "material data breach that cannot be remediated by Processor". D12. Please note Xerox does not anticipate having access to any University’s Data or have any data stored by Xerox during the course of its services. Xerox proposes to delete this provision as it is not applicable. Addendum A, Scope of Processing Data as well as Addendum B, Standard Contractual Clause will be reviewed by Xerox on an engagement basis to determine its applicability. 348 of 1132 353 13 Exhibit B – Administration Agreement Example (OMNIA) Section 7. Xerox proposes to delete this section and modify it as follows: “7. NEITHER PARTY SHALLL BE LIABLE IN ANY WAY TO THE OTHER FOR ANY SPECIAL, INCIDENTAL, INDIRECT, CONSEQUENTIAL, EXEMPLARY, PUNITIVE OR RELIANCE DAMAGES, EVEN IF THE OTHER PARTY IS ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.” Section 12, Administrative Fee, Reporting and Payment. Xerox agrees An “Administrative Fee” shall be defined and due to OMNIA Partners, Public Sector from Supplier in the amount of 3 percent (3%) (“Administrative Fee Percentage”) multiplied by the total monthly revenue billed by the Supplier for the sale of products and/or services to Principal Procurement Agency and Participating Public Agencies pursuant to the Master Agreement (as amended from time to time and including any renewal thereof) (“Contract Sales”). From time to time the parties may mutually agree in writing to a lower Administrative Fee Percentage for a specifically identified Participating Public Agency’s Contract Sales. To the extent the Supplier offers leasing or financing programs under the Master Agreement Contract to Participating Public Agencies itself or through a financing entity, Contract Sales under leasing or other financing programs shall be calculated using the net purchase price (the purchase price equivalent after trade-in allowances, etc.). To the extent the Supplier offers trade-in allowance programs to Participating Public Agencies for transactions done under the Master Agreement Contract, Contract Sales shall be calculated using the net purchase price after the trade-in allowance. Section 13. Please note Xerox agrees Contract Sales Reports for each calendar month shall be provided by Supplier to OMNIA Partners, Public Sector by the 45th day of the following month. Section 15. Xerox agrees with this provision as stated with the exception of the last sentence and proposes this section be modified as follows: “15. Supplier will have thirty (30) days from the date of such notice to resolve the discrepancy to OMNIA Partners, Public Sector’s reasonable satisfaction, including payment of any Administrative Fees due and owing, together with interest thereon in accordance with Section 13,” Section 18. General Provisions. Xerox requests this section be deleted in its entirety and replaced as follows: “18. Neither party may assign this Agreement without the prior written consent of the other party; provided, however, either party may assign the Agreement without prior written consent of the party in connection with the sale or transfer of substantially all of the assigning party’s assets.” END OF CLARIFICATIONS Please refer to Xerox’s clarifications to the University of California RFP on the embedded document. 2020 CA Regentsofthe UnivofC 2020 CA Regentsofthe UnivofCa 349 of 1132 354• • 14 Attachments This section provides a list of the required supplier response documents to be returned with the RFP proposal and additional documentation, which supplements our response to University of California. Descriptions 001881Feb 2020 Questionnaire.xlsx Xerox UC Executive Summary.docx Financials.pdf References.pdf Organization Chart.pdf Account Management Team.docx Delivery and Installation Capabilities.docx VPAT AltaLink B8000 Series.pdf VPAT AltaLink C8000 Series.pdf VPAT VersaLink B405 Series.pdf VPAT VersaLink B7000 Series.pdf VPAT VersaLink C7020 / C7025 C7030.pdf AltaLink B8045 / B8055 / B8065 / B8075 / B8090 RML.pdf Environment Safety Facts.pdf XOGFS-14U Xerox EPEAT and Certifications.pdf Gabi Brochure 2020.pdf Gabi Customer Expectation Doc.pdf Xerox USB Keyboard.pdf Gabi Voice Brochure.pdf Scan Compression Brochure.pdf 350 of 1132 355 15 Touchless Workplace Technologies.pdf ConnectKey Brochure.pdf XDM Diagram.pdf ISO 27001 Certificate (Effective 2019 Expiry 2022) IS 514590.pdf AltaLink C81XX B81XX Security Guide.pdf. VersaLink Security Guide IAD-4.pdf Xerox Workplace Suite Security Guide IAD.pdf Xerox Device Manager Certification Guide 6.3.pdf Security Incident Management Process.pdf Xerox Security.pdf. Pen Testing Attestation Letter.pdf Service Guarantee Commitment and Credits.docx Service Guarantee Commitment Requirements for Laser Printer.docx TM Pricing.pdf Xerox MFD UC Pricing Attachment.xlsx Xerox MFD National Princing.xlsx Xerox Laser-Printer UC Pricing Attachment.xlsx Xerox Laser-Printer National Pricing.xlsx Xerox UC Additional Discounts Pricing Attachment.xlxs Xerox Additional Discounts National Pricing.xlsx Xerox UC Repair Parts Pricing Attachment.xlsx Xerox Repair Parts National Pricing.xlsx Xerox UC Accessory Sale Price List – All Accessories Available.xlsx Xerox Price All Available Accessories National Pricing.xlsx 351 of 1132 356 16 Xerox UC Equipment Lease Optional Accessories Pricing.xlsx Xerox Optional Accessories National Pricing.xlsx Xerox FMV UC Laser Printer Lease Pricing.xlsx Xerox FMV Laser-Printer Lease National Pricing.xlsx Xerox FPO UC Laser-Printer Lease Pricing Attachment.xlsx Xerox UC OMNIA FPO Printer Lease Pricing.xlsx Exhibit A Response for National Cooperative Contracts.docx. Attachment A – List of all US Locations.zip Attachment B – Xerox Dun & Bradstreet Report.pdf Exhibit B – Administration Agreement.pdf Exhibit F - Federal Funds Certifications.pdf Exhibit G - New Jersey Business Compliance.pdf Exhibit C – Master Intergovernmental Cooperative Purchasing Agreement.pdf Exhibit D – Principal Procurement Agency Certificate.pdf Exhibit E – Contract Sales Reporting Template.pdf Exhibit H – Advertising Compliance Requirement.pdf 2020 CA Regents of the University of California Additional Terms Non UC OMNIA.docx. 2020 CA Regents of the University of California Additional Terms UC.docx. 352 of 1132 357 Xerox Clarification/Exceptions to The Regents of the University of California Request for Proposal # Print, Goods and Services University of California Page 1 of 8 RT (6/2020) We have reviewed the University’s Request for Proposal (“RFP”) and have prepared the enclosed Purchase and Maintenance and 36, 48 and 60-months Lease Proposal (Fair Market Value, $1 Buyout Option) subject to the University’s contract standards or performance for your consideration. In addition, Xerox has also included a separate pricing and Terms & Conditions response for Non-University members subject to Omnia Partners contract standards of performance and terms and conditions. All operational requirements for the University in the contract, such as customized reporting and separately billed maintenance are applicable for University only. All operational requirements, performance standards and terms and conditions of the master agreement Xerox/Omnia contract are applicable for non-University customers. Although the Proposal is based on the requirements included in your RFP, our Proposal does include some responses that are slightly different. This document and our Proposal explain those differences. In addition, we have included some Additional Terms that were not addressed in the University’s RFP. Please note that Xerox's Proposal is contingent upon the accuracy of the information included in the University’s RFP and Xerox’s review of the University’s credit. Any material change to the information provided by the University, or the University’s credit, may result in a change to Xerox’s offer. Please note that Xerox agrees to negotiate a solution that is acceptable to both parties if any of the below clarifications or Additional Terms are inconsistent with California law, or are otherwise unacceptable to the University. Our team is also prepared to discuss our Proposal in detail, and adjust our proposed equipment, support services, terms, and/or price offering based on the University’s final requirements. Upon award of this RFP, Xerox agrees to negotiate a Contract that incorporates the mutually agreed terms contained in the University’s RFP, our Proposal, Xerox’s Purchase and Maintenance and Lease Agreement (applicable to the University and its affiliates), and OMNIA Partner’s terms and conditions (applicable for Non-University members), and any additional negotiated item(s). Xerox’s Clarifications to the University’s RFP Xerox provides the following clarifications and comments to the below listed University RFP requirements. RFP EVENT AND PROCESS SUMMARY SECTION 3. MFD/PRINTER FLEET MANAGEMENT PROGRAMS; 3.1.1.1 MFD 36//48/60-months terms. The Xerox Lease offering is based on a firm 36-month, 48-month and 60-month, FMV and $1 Buy-out Option, of equipment installation commitment, and consists of a Monthly Base Charge that covers the cost of the equipment; the cost per copy and overage rates, any trade-in equipment refinanced / buyout amounts; an equipment trade-in credit value; the equipment’s FOB shipment, freight, and inside delivery and removal (excluding any unique rigging expenses); the equipment’s physical installation and connection to the University’s network; and end user initial training, and the labor services detailed in our Proposal. Remote installations are also available where applicable. Please note Xerox does not offer any trade bonuses for sale to lease equipment transactions under this Agreement. For competitive sale to sale trades Xerox will remove the competitive/owned equipment at Xerox expense. SECTION 3. MFD/PRINTER FLEET MANAGEMENT PROGRAMS; 3.1.1.2 and 3.1.1.3 Discounts. Outright Purchase Equipment. Please note Xerox will provide an additional 5% discount on the published University equipment mainframe price (excluding accessories) list for Outright Sale/FMV & FPO Lease (equipment price only, excluding maintenance) for orders for Managed Programs. Any/all discounts will be taken at the time of order. Lease Equipment. Please note Xerox cannot guarantee any additional discounts beyond the published lease price however, Xerox will review/consider these opportunities for additional discounts for “Managed Programs” upon request. SECTION 4. PRODUCT CERTIFICATION Equipment provided under the Contract is currently manufactured by Xerox, though the equipment may contain recycled components that have been reprocessed to meet Xerox’ new parts performance standards. The County will be the first user of the equipment. SECTION 5. PROGRAM FOR TRADE-INS/UPGRADES Trade-In Equipment. Xerox warrants that University has the right to transfer title to the Equipment University is trading in as part of an Order ("Trade-In Equipment"), and that the Trade-In Equipment is in good working order and has not been modified from its original configuration (other than by Xerox). Title and risk of loss to the Trade-In Equipment will pass to Xerox when Xerox removes the Trade-In Equipment from University premises. University will maintain the Trade-In Equipment at its present site and in substantially the Trade-In Equipment’s present condition until removed by Xerox. University will pay all 353 of 1132 358 Xerox Clarification/Exceptions to The Regents of the University of California Request for Proposal # Print, Goods and Services University of California Page 2 of 8 RT (6/2020) accrued charges for the Trade-In Equipment, up to and including payment of the final principal payment number and all applicable maintenance, administrative, supply and finance charges until Xerox removes the Trade-In Equipment from the University’s premises. Upgrades. Xerox’s Purchase and Maintenance as well as Xerox Lease offer allows the University to place additional equipment mainframe orders at the same quoted contract price throughout the 60-month master agreement term, provided each additional equipment placement remains installed for a minimum 36/48/60-month term. Xerox will also provide a separate price quote if the University desires to acquire additional equipment having an installation term less than 60-months. The equipment’s features and performance can also be upgraded through the addition of a number of optional accessories. Accessory options included with the mainframe can be obtained at the contract quoted price. Any accessory ordered following the mainframe’s installation will have the price readjusted based on the mainframe’s remaining agreement term. Please remember that the Xerox Purchase and Maintenance as well as Xerox Lease offering is based on a firm 36/48/60- month equipment installation term that can only be terminated due to fiscal year funds non-appropriation or an uncured performance failure. If the equipment is cancelled for the University’s convenience and not replaced, or traded to a different unit, the University will be assessed a liquidated damages charge. In order to avoid this charge, Xerox recommends that the equipment either be: (a) exchanged with another University unit, or (b) moved to another University location and replaced with a unit that fits the end users current work requirements. D. Organizational Context. University of California Pricing Terms - For University of California and affiliates Xerox agrees to extend the specific University product pricing and terms of this Agreement. OMNIA Partners’ National Master Agreement– Xerox agrees to make resulting OMNIA Partners’ pricing/terms from this solicitation available to other public agencies nationally, including state and local governmental entities, public and private primary, secondary and higher education entities, non-profit entities, and agencies for the public benefit (“Public Agencies”) through OMNIA Partners’ Cooperative purchasing program so long as such Public Agency is a registered member at OMNIA. Non-University OMNIA members will procure equipment and services subject to the terms and conditions of the OMNIA Master Agreement which terms are hereby incorporated by their reference https://www.sourcewell-mn.gov/cooperative- purchasing/083116-xox?domain=870%20%20%20%20%20%20%20%20%D0%B5H#tab-contract-documents 3 MFD/Printer Fleet Management Programs - Delivery and Installation. Delivery. Please note the following will apply to any Purchase and Lease transaction: Unless otherwise agreed upon by the parties, Xerox equipment deliveries can normally be expected within ten business days following the receipt of the University’s equipment approved and accepted purchase order, except during times of product constraint. Xerox will inform the University if a constraint condition exists and will provide a revised delivery date. If the revised target delivery date is unacceptable, the University can cancel the order without penalty to either party. Installation. Unless the Purchase and Maintenance and Lease Agreement is preceded by a Trial order, the equipment will be deemed accepted on the equipment’s installation date, which is the date Xerox determines the equipment to be operating satisfactorily, as demonstrated by the successful completion of diagnostic routines, and is available for the University’s use. The Installation Date for equipment and software designated as “Customer Installable” will be the equipment delivery date. Any equipment that does not perform to its published specification will be repaired or replaced by Xerox at its expense, provided the equipment is covered by a Xerox warranty or maintenance plan. Any equipment that needs to be replaced will be replaced with an identical model, or at Xerox’s option a unit with similar capabilities and comparable usage. 2.2 Equipment Service and Support Uptime. Total Uptime Xerox’s Uptime objective is to maintain an average 96% equipment uptime performance based on a three-month rolling average for the University’s entire Xerox-branded equipment population that is operated with the equipment’s operating guideline for the specified product. Uptime is calculated as follows: 1. UPTIME TARGET. Provided Customer has at least twenty-five (25) units of Equipment installed under this Agreement, Xerox agrees to maintain an Uptime Target for the total Equipment population installed under this Agreement, which shall be measured as provided below over a three (3) calendar month rolling period, of at least ninety-six percent (96%) in the aggregate for the Equipment subject to this Agreement that is operated within the specified Maximum Monthly Volume Range, (to be included upon University’s request in an Appendix to this Contract) and installed within twenty-five (25) miles of a Xerox service location. This Uptime Target commences on the first day of the calendar month that begins at least one hundred twenty (120) days after the Agreement commences. 354 of 1132 359 Xerox Clarification/Exceptions to The Regents of the University of California Request for Proposal # Print, Goods and Services University of California Page 3 of 8 RT (6/2020) 2. CONTRACTED PERIOD OF COVERAGE. Xerox will provide Maintenance Services, as the same is set forth in this Agreement, during Customer’s normal business hours Contracted Period of Coverage (“CPOC”), which shall be defined as 9:00 a.m. to 5:00 p.m., Local Time, Mondays through Fridays (excluding Xerox-recognized holidays), for the purposes of this Agreement. 3. UPTIME HOURS DEFINITION. "Uptime Hours" equals the number of hours per calendar month that the Equipment is available for use. For this Agreement, Uptime Hours equals 567 hours per three (3) calendar months and has been calculated by multiplying the number of hours per day in the CPOC times the average number of days per three (3) calendar month period such coverage is provided, which, for the purposes of this Agreement, is sixty-three (63) days per three (3) calendar month period.. 4. DOWNTIME HOURS DEFINITION. “Downtime Hours” shall mean the number of hours in any three (3) calendar month period during which Equipment maintained hereunder is inoperative (i.e., cannot make any copies or prints, as applicable) during the CPOC, including machine-repair time and response time when the Equipment is inoperative. Downtime Hours do not include time when the Equipment's inoperability is due to user misuse or abuse of the Equipment, Customer's negligence or intentional acts, fire, environmental failure at the installation site or use of the Equipment in a manner other than was intended; preventative maintenance, Equipment relocation or inspections are being performed; and, time taken in producing usable copies or prints. 5. CALCULATION. The Uptime Percentage Rate for a given calendar month is calculated as follows: Uptime Percentage Rate = CPOC (567) – Downtime Hours (x) CPOC Hours (567) Laser Printers. Lease: For FMV/FPO leases the Maintenance is included and begins upon install. Response/Repair Time. Xerox’s response time objective is to return all service calls within one business hour, and to arrive on- site on average within 3.5 to 4 business hours for multifunction color devices, if the problem cannot be resolved over the phone. Response Time for other devices will be provided upon request. Response time is calculated based on the quarterly response time average for the University’s entire Xerox-branded equipment population. Calls can be placed toll free 24-business hours per day, 7 days per week, and 365 days a year. During standard business hours (8 A.M. to 5 P.M., Monday thru Friday), all service calls will be directed to our Service Welcome Center where our service personnel will attempt to resolve the issue over the phone through on-line diagnostics. If the problem cannot be resolved over the phone the representative will provide the caller with the technicians estimated time of arrival. The Service Technician will contact the caller prior to arriving on-site to discuss the problem and determine if they have the appropriate parts, or if there will be a change to the arrival time. Evening, weekend, and holiday phone service is also available. On-site evening, weekend, and holiday service support can also be prearranged or may be available based on evening resource availability. The 24x7-call center and business hour technical support is included in our contract offering. After hour, weekend, and holiday on-site technical support is available at Xerox’s then current overtime rate. Please refer to the XPS Description of Services for response time objectives relating to the XPS / Managed Print Services offering. Delivery/Installation. Delivery. Please note the following will apply to any Purchase and Lease transaction: Unless otherwise agreed upon by the parties, Xerox equipment deliveries can normally be expected within ten business days following the receipt of the University’s equipment approved purchase order, except during times of product constraint. Xerox will inform the University if a constraint condition exists and will provide a revised delivery date. If the revised target delivery date is unacceptable, the University can cancel the order without penalty to either party. Installation. Unless the Purchase and Maintenance and Lease Agreement is preceded by a Trial order, the equipment will be deemed accepted on the equipment’s installation date, which is the date Xerox determines the equipment to be operating satisfactorily, as demonstrated by the successful completion of diagnostic routines, and is available for the University’s use. The Installation Date for equipment and software designated as “Customer Installable” will be the equipment delivery date. Any equipment that does not perform to its published specification will be repaired or replaced by Xerox at its expense, provided the equipment is covered by a Xerox warranty or maintenance plan. Any equipment that needs to be replaced will be replaced with an identical model, or at Xerox’s option a unit with similar capabilities and comparable usage. 355 of 1132 360 Xerox Clarification/Exceptions to The Regents of the University of California Request for Proposal # Print, Goods and Services University of California Page 4 of 8 RT (6/2020) Attachment – University Terms and Conditions of Purchase Article 2. Term and Termination. Xerox recognizes the University’s right to terminate the Agreement for its convenience due to a change in its business needs. However, the Xerox offer is based on a firm 36, 48, or 60-month equipment installation commitment, and cannot be terminated except for fiscal year funds non-appropriation or uncured Xerox default. In order to terminate the Agreement due to non-appropriation, University must provide Supplier with written notice, within 31- days of its governing body’s decision not to appropriate funds, stating that the University’s governing body failed to appropriate funds. The notice must certify that the canceled equipment is not being replaced by equipment performing similar functions during the ensuing fiscal year. In addition, the University will be required to return the equipment to Supplier with transportation costs borne by Supplier. The University will then be released from its obligation to make any further payments beyond those through the end of the last fiscal year for which funds have been appropriated. University may terminate this Agreement for convenience at any time, in whole or in part, in accordance with the terms of Article 2 of University of California Terms and Conditions of Purchase. In the event of such termination, University agrees to provide Xerox at least thirty (30) days prior written notice of the effective date of termination and the extent thereof, such termination shall not affect any leased unit that has not fulfilled the appropriate term. If any termination of this Agreement takes place, Xerox shall extend to University, upon University request, an additional ninety (90) day period to properly implement a smooth transition. Fees for the services performed during the additional ninety (90) days will be in good faith negotiated between University and Xerox. Termination under this provision, shall not apply to orders received by Xerox prior to the effective date of termination. In the event Xerox cannot or does not perform its obligations, University reserves the right to terminate the Agreement. If within thirty (30) days of receipt of written notice from University of Xerox’s breach of any term or condition of the Agreement, Xerox shall fail to remedy such breach, then University may terminate the Agreement. However, this cancellation provision does not pertain to any leased equipment installed prior to University’s termination notice. In the event the Agreement is terminated, individual lease placements will continue until their scheduled expiration date, and continue to be governed by, and be subject to, the terms and conditions of the individual lease and the Agreement. Article 3. Pricing, Invoicing Method, and Settlement Method and Terms. Xerox will not issue an invoice until Services have been rendered and accepted. University will pay Xerox, within thirty-one (31) days of receipt of an undisputed and accurate invoice. The agreed upon minimum lease payment will not be subject to dispute at any time. Xerox will not issue an invoice until Services have been rendered and accepted. Article 4. Inspection. Xerox can support the University’s inspection and acceptance requirement by initially installing the equipment under a Trial arrangement. Unless an order is preceded by a Trial order, the Services will be deemed accepted on the equipment’s installation date, which is the date Xerox determines the equipment to be operating satisfactorily, as demonstrated by the successful completion of diagnostic routines, and is available for the University’s use. The Installation Date for equipment and software designated as “Customer Installable” will be the equipment delivery date. Any equipment that does not perform to its published specification will be repaired or replaced by Xerox at its expense, provided the equipment is covered by a Xerox warranty or maintenance plan. Any equipment that needs to be replaced will be replaced with an identical model, or at Xerox’s option a unit with similar capabilities and comparable usage. Article 6.j Outsourcing (Public Contract Code Section 12147 Compliance). All services included in the Xerox bid to be specifically contracted for by the University will be provided within the U.S. However, certain back-office contract administration and customer support services are performed by Xerox and/or its affiliates from locations outside the U.S. 356 of 1132 361 Xerox Clarification/Exceptions to The Regents of the University of California Request for Proposal # Print, Goods and Services University of California Page 5 of 8 RT (6/2020) Article 7. Intellectual Property. Xerox does not anticipate the development of any customized products or programming in connection with the services provided under the Contract. Xerox agrees that all University authored documents printed/copied on Xerox supplied equipment is the University’s sole and exclusive property, and that Xerox shall have no rights to these documents. Also, all Xerox generated reports and the output of Services is Customer’s sole and exclusive property and Xerox will have no rights to these documents or data, except as may be required for Xerox to perform Services. All other work prepared by or processes developed by Xerox for the University’s use will remain the sole property of Xerox and is not deemed a “work for hire”. However, Xerox grants the University a non-exclusive, perpetual, fully paid-up, world wide right to use, display, reproduce, and modify any report, form, design, computer programs, code, or other work of authorship provided by Xerox to the University in the course of performing the Services under the Contract strictly for the University’s internal business use and not for resale or distribution outside of the University’s organization. Article 8. Indemnity and Liability. Indemnification is contingent upon University giving Xerox written notice, by registered mail, promptly after it becomes aware of any claim to be indemnified hereunder and permits Xerox to control the defense of any such claim or action and Xerox’s own expense. Notice shall be sent to “Corporate Risk, Xerox Corporation, Long Ridge Road, Stamford, Connecticut, 06940.” University agrees that Xerox may employ attorneys of its own choice to appear and defend the claim or action and that University shall do nothing to compromise the defense of such claim or action or any settlement thereof and shall provide Xerox with all reasonable assistance which Xerox may require. Xerox shall not be obligated to indemnify the University against the University’s own acts or omissions. Except for indemnified matters and to the extent permitted by applicable law, all other liability of Xerox to University for damages of any kind of type, including but not limited to indirect, consequential, incidental, or special damages, arising from Xerox performance or failure to perform under this Contract or by virtue of Xerox’s tortuous conduct (including negligence whether passive or active) shall be limited to the amounts paid by University under this Agreement. Provided, however, that the foregoing limitation of liability shall not apply to claims by University for personal injury or damage to real or tangible property caused by Xerox’s negligence. Article 9. Insurance. Xerox agrees to include the University as an additional insured under the comprehensive general liability and automobile liability insurance policies only for claims arising out of the willful or negligent acts, or omissions of Xerox in the performance of the services under the contract. Xerox and University will agree on the final coverage required under this Proposal. Article 17. Additional Terms Applicable to the Furnishing of Goods A. Price Decreases. Xerox agrees immediately to notify the University of any price decreases from its suppliers, and to pass through to UC any price decreases. Any price reduction resulting from this provision shall only apply to orders received after the effective date of the price reduction. B. Title. Title to the Goods purchased under the Agreement, along with the risk of equipment’s loss or damage, will pass directly from Xerox to University upon delivery, subject to University’s right to reject upon inspection. Article 20. Prohibition on Unauthorized Use or Disclosure of Institutional Information; (e) No Offshoring. All services included in the Xerox bid to be specifically contracted for by the University will be provided within the U.S. However, certain back-office contract administration and customer support services are performed by Xerox and/or its affiliates from locations outside the U.S. Article 27. Force Majeure. This provision does not relieve either party of its obligation to make payments due under the Contract. Any University purchases to procure the services from other sources without Xerox’s prior approval will be at the University’s expense. 357 of 1132 362 Xerox Clarification/Exceptions to The Regents of the University of California Request for Proposal # Print, Goods and Services University of California Page 6 of 8 RT (6/2020) Attachment – University Terms and Conditions of Equipment Lease Article 2. Inspection. Xerox can support the University’s inspection and acceptance requirement by initially installing the equipment under a Trial arrangement. Unless an order is preceded by a Trial order, the Services will be deemed accepted on the equipment’s installation date, which is the date Xerox determines the equipment to be operating satisfactorily, as demonstrated by the successful completion of diagnostic routines, and is available for the University’s use. The Installation Date for equipment and software designated as “Customer Installable” will be the equipment delivery date. Any equipment that does not perform to its published specification will be repaired or replaced by Xerox at its expense, provided the equipment is covered by a Xerox warranty or maintenance plan. Any equipment that needs to be replaced will be replaced with an identical model, or at Xerox’s option a unit with similar capabilities and comparable usage. Article 5. Termination. Xerox recognizes the University’s right to terminate the Agreement for its convenience due to a change in its business needs. However, the Xerox offer is based on a firm 36, 48, or 60-month equipment installation commitment, and cannot be terminated except for fiscal year funds non-appropriation or uncured Xerox default. The initial term for any individual lease order will be the number of full calendar months stated in the order. The minimum lease payment for any partial month following the equipment installation date will be billed on a pro rata basis, based on a 31-day month. The term for each unit of equipment will commence upon the delivery of customer-installable equipment; or the installation of Xerox-installable equipment and will expire on the last day of the final full calendar month of the contracted term indicated in the order. University may at its option, by written notice stating the extent and effective date, terminate this order at the anniversary date of the lease or at the end of any fiscal year in whole or in part in the event the funding agency does not appropriate sufficient funds to continue the lease payments. In order to terminate the Agreement due to funding non-appropriation, the University must provide Xerox with written notice, within 30-days of its governing body’s decision not to appropriate funds, stating that the University’s governing body failed to appropriate funds. In addition, the University will be required to return the equipment to Xerox with transportation costs borne by Xerox. The University will then be released from its obligation to make any further payments beyond those through the end of the last fiscal year for which funds have been appropriated. Other than as stated above, leases may not be cancelled prior to expiration. Early cancellation of individual leases without cause or cancellation of individual leases by Xerox due to the University’s material breach will result in an early termination charge that is equal to the sum of the remaining payments less any unearned maintenance and supply charges discounted at 4% per annum. In no event shall the amount paid exceed the total contracted price, minus payments already made. Xerox will provide University with no less than thirty-one (31) days advance notice of the expiration of each lease term. Upon lease expiration, University shall have the option to: • Purchase the equipment AS IS, WHERE IS, by giving Xerox at least thirty (30) days prior notice of University intent to purchase at the termination of the term specified in any order or any renewal thereof. The purchase option price for FMV leases shall be the equipment’s then fair market value plus all applicable sales taxes. The purchase option for FPO will be $1 plus all applicable sales taxes. • Lease the current equipment at the same monthly price on a month-to-month basis. This type of lease extension may be cancelled without penalty upon 30 days written notice. • Have Xerox provide a quote on a new 12- or 24-month lease on the current equipment. This will yield a lower monthly price; however, the University would not be able to cancel the lease without termination charges until expiration of the new extended lease. Upon expiration of a lease without extension, University will make the equipment available for removal by Xerox at Xerox’s cost. At the time of removal, the equipment will be in the same condition as when delivered, reasonable wear and tear accepted. A lease order under the contract is a “finance lease” under Article 2A of the Uniform Commercial Code and, except to the extent expressly provided under the Contract, and to the extent permitted by California law, Customer waives all rights and remedies conferred upon a lessee by Article 2A. Article 6. Title. Title to the Goods purchased under the Agreement, along with the risk of equipment’s loss or damage, will pass directly from Xerox to University upon delivery, subject to University’s right to reject upon inspection. Article 11. Proprietary Rights Indemnity. Xerox will agree to this indemnity provision providing Xerox is given written notice of the claim or action and allowed to select attorneys of its own choice to appear and defend the claim or action. In addition, the University agrees to provide Xerox with all reasonable assistance that Xerox may require, and that the University will do nothing 358 of 1132 363 Xerox Clarification/Exceptions to The Regents of the University of California Request for Proposal # Print, Goods and Services University of California Page 7 of 8 RT (6/2020) to compromise Xerox’s defense or settlement of the claim or action. Xerox agrees that it will be responsible for its equitable share of any claims, liabilities, judgments, costs, and expenses based on Xerox’s relative culpability. Xerox will not indemnify the University due to any negligent or willful act on the part of the University, its officers, employees, volunteers, or agents, or the negligent or willful acts of any party other than a Xerox officer, employee, or agent. Article 15 (2). Service and Maintenance. Please note that the vast majority of on-site equipment repairs will be completed within 12 business hours. However, in the unlikely event that the repair time exceeds 12 business hours, Xerox agrees, as University’s exclusive remedy, to issue an appropriate service credit for Xerox’s failure to repair the equipment within the specified timeframe. The credit can be used to offset any invoice charge, excluding the Monthly Minimum Charge which is not subject to dispute. Article 17. Risk of Loss. Please note that title to the Xerox supplied equipment will remain with Xerox until the University elects to purchase the equipment, and that the risk of the equipment’s loss or damage will pass to the University upon delivery. The University is required to insure the equipment while installed. Title to the Lessor supplied equipment will remain with Lessor until University elects to purchase the equipment. Risk of the equipment’s loss or damage will pass to the University upon delivery. University agrees that: (a) the equipment will remain personal property; (b) it will not attach the equipment as a fixture to any real estate; (c) it will not pledge, sub-lease, or part with possession of the equipment or file, or permit to be filed, any lien against the equipment; and, (d) it will not make any permanent alterations to the Equipment Article 19.B Lessors Liability and Insurance Requirements. Xerox agrees to name the University as an additional insured under the comprehensive general liability and automobile liability insurance policies only for claims arising out of the willful or negligent acts, or omissions of Xerox in the performance of the services under the contract. 1. Comprehensive or Commercial Form General Liability Insurance Minimum Limits: Each occurrence $2,000,000; 2. Products/Completed Operations $2,000,000. 2. Business Auto Liability: Combined single limit of no less than $3,000,000 per occurrence. Certificates of insurance shall obligate Lessor’s insurers to endeavor to notify University at least prior to cancellation of or material change in any of said insurance. Attachment – University Appendix – Federal Government Contracts Xerox provides ‘commercial items,’ as that term is defined in FAR Part 2. As such, Xerox is not subject to the cost principles of FAR Part 31, the Cost Accounting Standards, and the majority of the clauses listed in this attachment. We would be happy to comply with those clauses which the University and Xerox mutually agree apply to the acquisition of a commercial item Appendix – Business Associate Agreement Section 2(I) - Please note Xerox agrees to this section so long as the University grants Xerox 30 days’ prior written notice to make its internal practices, books, and records, relating to the Use and Disclosure of PHI available to UC, and to the Secretary for purposes of determining University's compliance with HIPAA, HITECH and their implementing regulations. Appendix – Data Security Please note Xerox will not gain access to the University’s Institutional Information or IT Resources in the course of providing the Goods/Services. Therefore, this Appendix is not applicable. Appendix – General Data Protection Regulation Please note Xerox offer does not include the processing of any personal data under the contract. Thus, the terms of this Appendix “General Data Protection Regulation” will not apply. In the event any of the provisions of this Appendix would apply, Xerox requests the following modifications: C4. Xerox agreements with our subcontractors are confidential and its terms are subject to confidentiality provisions. D3(i). Xerox requests the deletion of the word "pseudonymisation" D5. In the event of any suspected or actual personal data breach, Xerox agrees to comply with security incident notification requirements within a reasonable time. Xerox respectfully requests the deletion of the sentence “but in no event more than two calendar days”. 359 of 1132 364 Xerox Clarification/Exceptions to The Regents of the University of California Request for Proposal # Print, Goods and Services University of California Page 8 of 8 RT (6/2020) D7. Xerox requests University to replace "any data breach" language with "material data breach that cannot be remediated by Processor". D12. Please note Xerox does not anticipate having access to any University’s Data or have any data stored by Xerox during the course of its services. Xerox proposes to delete this provision as it is not applicable. Addendum A, Scope of Processing Data as well as Addendum B, Standard Contractual Clause will be reviewed by Xerox on an engagement basis to determine its applicability. Exhibit B – Administration Agreement Example (OMNIA) Section 7. Xerox proposes to delete this section and modify it as follows: “7. NEITHER PARTY SHALLL BE LIABLE IN ANY WAY TO THE OTHER FOR ANY SPECIAL, INCIDENTAL, INDIRECT, CONSEQUENTIAL, EXEMPLARY, PUNITIVE OR RELIANCE DAMAGES, EVEN IF THE OTHER PARTY IS ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.” Section 12, Administrative Fee, Reporting and Payment. Xerox agrees An “Administrative Fee” shall be defined and due to OMNIA Partners, Public Sector from Supplier in the amount of 3 percent (3%) (“Administrative Fee Percentage”) multiplied by the total monthly revenue billed by the Supplier for the sale of products and/or services to Principal Procurement Agency and Participating Public Agencies pursuant to the Master Agreement (as amended from time to time and including any renewal thereof) (“Contract Sales”). From time to time the parties may mutually agree in writing to a lower Administrative Fee Percentage for a specifically identified Participating Public Agency’s Contract Sales. To the extent the Supplier offers leasing or financing programs under the Master Agreement Contract to Participating Public Agencies itself or through a financing entity, Contract Sales under leasing or other financing programs shall be calculated using the net purchase price (the purchase price equivalent after trade-in allowances, etc.). To the extent the Supplier offers trade-in allowance programs to Participating Public Agencies for transactions done under the Master Agreement Contract, Contract Sales shall be calculated using the net purchase price after the trade-in allowance. Section 13. Please note Xerox agrees Contract Sales Reports for each calendar month shall be provided by Supplier to OMNIA Partners, Public Sector by the 45th day of the following month. Section 15. Xerox agrees with this provision as stated with the exception of the last sentence and proposes this section be modified as follows: “15. Supplier will have thirty (30) days from the date of such notice to resolve the discrepancy to OMNIA Partners, Public Sector’s reasonable satisfaction, including payment of any Administrative Fees due and owing, together with interest thereon in accordance with Section 13,” Section 18. General Provisions. Xerox requests this section be deleted in its entirety and replaced as follows: “18. Neither party may assign this Agreement without the prior written consent of the other party; provided, however, either party may assign the Agreement without prior written consent of the party in connection with the sale or transfer of substantially all of the assigning party’s assets.” END OF CLARIFICATIONS 360 of 1132 365 Xerox Clarification/Exceptions to The Regents of the University of California Request for Proposal # Print, Goods and Services University of California Page 1 of 7 RT (5/2020) ADDITIONAL TERMS These additional terms are incorporated into the Xerox Proposal and are in addition to the terms included in the University’s RFP. Should there be a conflict between the various provisions the order of precedence shall be these Additional Terms followed by the University’s RFP. TERMS APPLIABLE TO THE UNIVERSITY OF CALIFORNIA AND ITS AFFILIATES The following additional terms will apply to the University of California and its affiliates: GENERAL TERMS 1. CONSUMABLE SUPPLIES. If "Consumable Supplies" is identified in Maintenance Plan features, Maintenance Services will include black toner and/or solid ink and color toner and/or solid ink, if applicable ("Consumable Supplies"). Highlight color toner, clear toner, and custom color toner are excluded. Depending on the Equipment model, Consumable Supplies may also include developer, fuser agent, imaging units, waste cartridges, transfer rolls, transfer belts, transfer units, belt cleaner, staples, maintenance kits, print Cartridges, drum Cartridges, waste trays and cleaning kits. Consumable Supplies are Xerox’s property until used by you, and you will use them only with the Equipment for which "Consumable Supplies" is identified in Maintenance Plan Features. If Consumables Supplies are furnished with recycling information, Customer will return the used item to Xerox for remanufacturing. Shipping information is available at Xerox.com/GWA. Upon expiration of this Agreement, Customer will include any unused Consumable Supplies with the Equipment for return to Xerox at the time of removal. If your use of Consumable Supplies exceeds Xerox’s published yield by more than 10%, Xerox will notify you of such excess usage. If such excess usage does not cease within 30 days after such notice, Xerox may charge you for such excess usage. Upon request, you will provide current meter reads and/or an inventory of Consumable Supplies in your possession. 2. CARTRIDGES. If Xerox is providing Maintenance Services for Equipment utilizing cartridges designated by Xerox as customer replaceable units, including copy/print cartridges and xerographic modules or fuser modules ("Cartridges"), you agree to use only unmodified Cartridges purchased directly from Xerox or its authorized resellers in the U.S. Cartridges packed with Equipment and replacement Cartridges may be new, remanufactured or reprocessed. Remanufactured and reprocessed Cartridges meet Xerox's new Cartridge performance standards and contain new or reprocessed components. To enhance print quality, Cartridge(s) for many models of Equipment have been designed to cease functioning at a predetermined point. In addition, many Equipment models are designed to function only with Cartridges that are newly manufactured original Xerox Cartridges or with Cartridges intended for use in the U.S. 3. “Guarantee Period” means the period commencing 90 days after installation of the Equipment to 18 months after installation of the Equipment. For the Guarantee Period, if the Equipment is not performing substantially consistent with the performance expectations outlined in the Customer Expectations Document (“CED”) or such other documentation provided with the Equipment if a CED does not accompany the Equipment (the “Documentation”), Xerox will, after attempting to repair the device per the Maintenance Services provision hereto and upon University’s request but in Xerox’s sole discretion, replace such Equipment without charge with identical Equipment or with other Equipment with comparable features and capabilities (the “Equipment Guarantee”). This Equipment Guarantee applies only to Equipment that has been (a) continuously maintained by Xerox per a contract with Xerox, and (b) operated at all times in accordance with the CED or Documentation. The Equipment Guarantee does not apply to certain Equipment, which models shall be identified in your applicable order-related documents. Except as otherwise stated in an order-related document, this Equipment Guarantee replaces and supersedes any other guarantee from Xerox, whether made orally or in writing, styled a “Total Satisfaction Guarantee”, “Satisfaction Guarantee” or otherwise covering the subject matter set forth above. 4. NON-APPROPRIATION OF FUNDS. The continuation of any lease, rental purchase or maintenance agreement will be subject to, and contingent upon, sufficient funds being made available by the Purchasing Entity local source, State Legislature and/or federal sources. The Purchasing Entity may terminate any such lease or rental agreement, and Awarded Vendor waives any and all claim(s) for damages, effective immediately upon receipt of written notice (or any date specified therein) if for any reason the Purchasing Entity’s funding sources are not available. 5. LIMITATION OF LIABILITY. For claims arising out of or relating to this Agreement, whether the claim alleges tortious conduct (including negligence) or any other legal theory, but excepting liability under the indemnification obligations set forth 361 of 1132 366 Xerox Clarification/Exceptions to The Regents of the University of California Request for Proposal # Print, Goods and Services University of California Page 2 of 7 RT (5/2020) in this Agreement, Xerox will not be liable to you for any direct damages in excess of $10,000 or the amounts paid hereunder, whichever is greater, and neither party will be liable to the other for any special, indirect, incidental, consequential or punitive damages. Any action you take against Xerox must be commenced within 2 years after the event that caused it. 6. WARRANTY DISCLAIMER. XEROX DISCLAIMS THE IMPLIED WARRANTIES OF NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE AND, FOR THIRD PARTY PRODUCTS, THE IMPLIED WARRANTY OF MERCHANTABILITY. 7. REMOTE SERVICES. Certain models of Equipment are supported and serviced using data that is automatically collected by Xerox or transmitted to or from Xerox by the Equipment connected to Customer's network ("Remote Data") via electronic transmission to a secure off-site location ("Remote Data Access"). Remote Data Access also enables Xerox to transmit to Customer Releases for Software and to remotely diagnose and modify Equipment to repair and correct malfunctions. Examples of Remote Data include product registration, meter read, supply level, Equipment configuration and settings, software version, and problem/fault code data. Remote Data may be used by Xerox for billing, report generation, supplies replenishment, support services, recommending additional products and services, and product improvement/development purposes. Remote Data will be transmitted to and from Customer in a secure manner specified by Xerox. Remote Data Access will not allow Xerox to read, view or download the content of any Customer documents or other information residing on or passing through the Equipment or Customer's information management systems. Customer grants the right to Xerox, without charge, to conduct Remote Data Access for the purposes described above. Upon Xerox’s request, Customer will provide contact information for Equipment such as name and address of Customer contact and IP and physical addresses/locations of Equipment. Customer will enable Remote Data Access via a method prescribed by Xerox, and Customer will provide reasonable assistance to allow Xerox to provide Remote Data Access. Unless Xerox deems Equipment incapable of Remote Data Access, Customer will ensure that Remote Data Access is maintained at all times Maintenance Services are being performed. SOFTWARE 8. Software License Xerox may provide Software to Customer pursuant to an Order hereunder. The following license applies to Software provided hereunder, unless such Software is accompanied by a click-wrap or shrink-wrap license agreement or otherwise provided subject to a separate license agreement. a. Xerox grants Customer a non-exclusive, non-transferable, non-assignable (by operation of law or otherwise) license to use in the U.S.: (i) Base Software only on or with the Equipment with which (or within which) it was delivered; and (ii) Application Software only on any single unit of Equipment, subject to Customer remaining current in the payment of any indicated applicable Software license fees (including any annual renewal fees). For Services Software, Xerox grants Customer a non-exclusive, non-transferable, non-assignable (by operation of law or otherwise) license in the U.S. to install the Services Software on a host computer(s) or server(s) or, if applicable, on Equipment or Third Party Hardware, and, further, if applicable, on the number of workstations, laptops and mobile devices specified in the Order, and to use the Services Software only for the purpose of receiving the applicable Services. Customer has no other rights to the Software. Customer will not and will not allow its employees, agents, contractors or vendors to: (i) distribute, copy, modify, create derivatives of, decompile, or reverse engineer Software except as permitted by applicable law; (ii) activate Software delivered with or within the Equipment in an un-activated state; or, (iii) access or disclose Diagnostic Software for any purpose. Title to Software and all copyrights and other intellectual property rights in Software will reside solely with Xerox and its licensors (who, if required by the terms of the third party license agreement with Xerox, will be considered third party beneficiaries of this Agreement’s software and limitation of liability provisions). b. The Base Software license will terminate, as applicable: (i) if Customer no longer uses or possesses the Equipment with which the Base Software was provided; or (ii) upon the expiration or termination of any Order under which Customer has acquired the Equipment with which the Base Software was provided (unless Customer has exercised an option to purchase the Equipment, where available, in which case the license to Base Software is perpetual and transferrable with purchase of the Equipment by Customer). c. Software may contain code to prevent its unlicensed use and/or transfer. If Customer does not permit Xerox periodic access to such Software, this code may impair the Equipment’s and/or Software’s functionality. d. Xerox does not warrant that the Software will be free from errors or that its operation will be uninterrupted. 362 of 1132 367 Xerox Clarification/Exceptions to The Regents of the University of California Request for Proposal # Print, Goods and Services University of California Page 3 of 7 RT (5/2020) 9. SOFTWARE SUPPORT a. Software support will be provided by Xerox or a designated service provider as follows. For Base Software, Software support will be provided during the initial term of the applicable Order and any renewal period, but not longer than 5 years after Xerox stops taking orders for the subject model of Equipment. For Application Software, Software support will be provided as long as Customer is current in the payment of all applicable software license, annual renewal and “support only” fees. For Services Software, support will be provided in accordance with the terms of the applicable Statement of Work or Order. b. Xerox will maintain a web-based or toll-free hotline during Xerox’s standard working hours to report Software problems and answer Software-related questions. Xerox, either directly or with its vendors, will make reasonable efforts to: (i) assure that Software performs in material conformity with its Documentation; (ii) provide available workarounds or patches to resolve Software performance problems; and (iii) resolve coding errors for (1) the current release and (2) the previous release for a period of 6 months after the current release is made available to Customer. Xerox will not be required to provide Software support if Customer has modified the Software. c. Xerox may make available new releases of the Software that are designated as “Maintenance Releases” or “Updates.” Maintenance Releases or Updates are provided at no charge and must be implemented within 6 months after being made available to Customer. Each Maintenance Release or Update shall be considered Software governed by these terms. Feature Releases will be subject to additional license fees at Xerox’s then-current pricing and shall be considered Software governed by these terms and conditions (unless otherwise noted in an Order). Implementation of a Maintenance Release, Update or Feature Release may require Customer to procure, at its expense, additional hardware and/or software from Xerox or another entity. Upon installation of a Maintenance Release, Update or Feature Release, Customer will return or destroy all prior Maintenance Releases, Updates or Feature Releases. d. Xerox may increase Software license fees and support fees for Application Software annually by an amount no greater than the CPI Adjustment Percentage. 10. DIAGNOSTIC SOFTWARE Diagnostic Software and method of entry or access to it constitute valuable trade secrets of Xerox. Title to the Diagnostic Software shall at all times remain solely with Xerox and Xerox’s licensors. Xerox does not grant Customer a license or right to use the Diagnostic Software. Customer will not use, reproduce, distribute, or disclose the Diagnostic Software for any purpose (or allow third parties to do so). Customer will allow Xerox reasonable access to the Equipment during Customer’s normal business hours to remove or disable Diagnostic Software if Customer is no longer receiving Maintenance Services from Xerox. 11. THIRD PARTY SOFTWARE Third Party Software is subject to license and support terms provided by the applicable Third Party Software vendor. 12. DATA SECURITY. Certain models of Equipment can be configured to include a variety of data security features. There may be an additional cost associated with certain data security features. The selection, suitability and use of data security features are solely Customer’s responsibility. Upon request, Xerox will provide additional information to Customer regarding the security features available for particular Equipment models. LEASE TERMS AND CONDITIONS 13. PRODUCTS. "Products" means the equipment ("Equipment"), Software and supplies identified in this Agreement. the University agrees the Products are for the University’s business use (not resale) in the United States and its territories and possessions ("U.S.") and will not be used for personal, household or family purposes. 14. MAINTENANCE SERVICES. Except for Equipment and/or Third Party Hardware identified as "No Svc.", Xerox (or a designated servicer) will keep the Equipment and/or Third Party Hardware in good working order ("Maintenance Services"). The provision of Maintenance Services is contingent upon Customer facilitating timely and efficient resolution of Equipment and/or Third Party Hardware issues by: (a) utilizing Customer-implemented remedies provided by Xerox; (b) replacing Cartridges; and (c) providing information to and implementing recommendations provided by Xerox telephone support personnel. If an Equipment and/or Third Party Hardware issue is not resolved after completion of (a) through (c) above, Xerox will provide on-site support as provided herein. Maintenance Services will be provided during Xerox's standard working hours in areas open for repair service for the Equipment and/or Third Party Hardware. Maintenance Services excludes repairs due to: (i) misuse, neglect or abuse; (ii) failure of the installation site or the PC or workstation used with the Equipment and/or Third Party Hardware to comply with Xerox's published specifications or Third Party Hardware vendor’s published specifications, as applicable; (iii) use of options, accessories or products not serviced by 363 of 1132 368 Xerox Clarification/Exceptions to The Regents of the University of California Request for Proposal # Print, Goods and Services University of California Page 4 of 7 RT (5/2020) Xerox; (iv) non-Xerox alterations, relocation, service or supplies; or (v) failure to perform operator maintenance procedures identified in operator manuals. Replacement parts may be new, reprocessed or recovered and all replaced parts become Xerox's property. Xerox will, as your exclusive remedy for Xerox's failure to provide Maintenance Services, replace the Equipment with an identical model or, at Xerox's option, another model with comparable features and capabilities. There will be no additional charge for the replacement Equipment during the remainder of the initial Term. If meter reads are a component of your Equipment’s Maintenance Plan, you will provide them using the method and frequency identified by Xerox. If you do not provide a meter reading for Equipment not capable of Remote Data Access, or if Remote Data Access is interrupted, Xerox may estimate the reading and bill you accordingly. For Third Party Hardware identified as” No Svc.”, you shall enter into a maintenance agreement with the Third Party Hardware vendor or its maintenance service provider, who shall be solely responsible for the quality, timeliness and other terms and conditions of such maintenance services. Xerox shall have no liability for the acts or omissions of such third party service provider. 15. COMMENCEMENT & TERM. This Agreement is valid when accepted by Xerox. The term for a lease Order shall commence upon acceptance of the Equipment; provided, however, for “Customer-installable” Equipment, the term for a lease Order shall commence upon delivery of the Equipment. Unless a lease order is preceded by a trial order, the equipment will be considered accepted upon installation of the equipment by Lessor, after the equipment successfully runs all required diagnostic routines, and the equipment is turned over to the University for use. 16. PAYMENT. Payment must be received by Xerox within 30 days after the invoice date. All invoice payments under this Agreement shall be made via check, Automated Clearing House debit, Electronic Funds Transfer, or direct debit from University’s bank account. Restrictive covenants on payment instruments will not reduce your obligations. 17. SEPARATELY BILLED MAINTENANCE. If a Minimum Payment is included in Maintenance Plan Features for an item of Equipment, the Minimum Payment for Maintenance Services will be billed separately. 18. PRICE INCREASES. Once a University enters into a lease agreement, the rate must remain fixed throughout the Initial Lease Term. 19. DELIVERY, REMOVAL & RELOCATION. Equipment prices include standard delivery charges and, for Xerox-owned Equipment, standard removal charges. Charges for non-standard delivery, excessive installation requirements, including rigging, access alterations, and access to non-ground floors via stairs. Any such excessive installation charges must be quoted to the University prior to the signature of any Order, and shall be based on the actual expenditures of Vendor or Authorized Dealer and for any Equipment relocation are the University’s responsibility. Relocation of Xerox-owned Equipment must be arranged (or approved in advance) by Xerox and may not be to a location outside of the U.S. 20. DEFAULT & REMEDIES. The University will be in default under this Agreement if (1) Xerox does not receive any payment within 15 days after the date it is due (45 days after date of invoice), or (2) you breach any other obligation in this or any other agreement with Xerox. If you default, Xerox may, in addition to its other remedies (including cessation of Maintenance Services), remove the Equipment and Third Party Hardware at your expense and require immediate payment, as liquidated damages for loss of bargain and not as a penalty of: (a) all amounts then due, plus interest from the due date until paid as allowed under California law; (b) the Minimum Lease Payments (less the Maintenance Services and Consumable Supplies components thereof, as reflected on Xerox's books and records) remaining in the Equipment Order Term, discounted at 4% per annum; and (c) the applicable fair market value 21. TRADE-IN EQUIPMENT. The University warrants that it has the right to transfer title to the equipment you are trading in as part of this Agreement ("Trade-In Equipment") and that the Trade-In Equipment is in good working order and has not been modified from its original configuration (other than by Xerox). Title and risk of loss to the Trade-In Equipment will pass to Xerox when Xerox removes it from your premises. The University will maintain the Trade-In Equipment at its present site and in substantially its present condition until removed by Xerox. The University will pay all accrued charges for the Trade-In Equipment (up to and including payment of the final principal payment number) and all applicable maintenance, administrative, supply and finance charges until Xerox removes the Trade-In Equipment from your premises. 22. NON-CANCELABLE AGREEMENT. THIS AGREEMENT CANNOT BE CANCELED OR TERMINATED EXCEPT AS EXPRESSLY PROVIDED HEREIN. YOUR OBLIGATION TO MAKE ALL PAYMENTS, AND TO PAY ANY OTHER AMOUNTS DUE OR TO BECOME DUE, IS ABSOLUTE AND UNCONDITIONAL AND NOT SUBJECT TO DELAY, REDUCTION, SET-OFF, DEFENSE, COUNTERCLAIM OR RECOUPMENT FOR ANY REASON WHATSOEVER, IRRESPECTIVE OF XEROX'S PERFORMANCE OF ITS OBLIGATIONS HEREUNDER. ANY CLAIM AGAINST XEROX MAY BE ASSERTED IN A SEPARATE ACTION AND SOLELY AGAINST XEROX. 23. WARRANTY DISCLAIMER. XEROX DISCLAIMS THE IMPLIED WARRANTIES OF NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE AND, FOR THIRD PARTY PRODUCTS, THE IMPLIED WARRANTY OF MERCHANTABILITY. This Agreement is a "finance lease" under Article 2A of the Uniform Commercial Code and, except to the extent expressly provided herein, and as permitted by applicable law, you waive all of your rights and remedies as a lessee under Article 2A. 24. TITLE & RISK OF LOSS AND INSURANCE. Until you exercise your Purchase Option: (a) title to Equipment and Third Party Hardware will remain with Xerox; (b) Equipment and Third Party Hardware will remain personal property; (c) you will 364 of 1132 369 Xerox Clarification/Exceptions to The Regents of the University of California Request for Proposal # Print, Goods and Services University of California Page 5 of 7 RT (5/2020) not attach the Equipment or Third Party Hardware as a fixture to any real estate; (d) you will not pledge, sub-lease or part with possession of the Equipment or Third Party Hardware, or file or permit to be filed any lien against the Equipment or Third Party Hardware; and, (e) you will not make any permanent alterations to the Equipment or Third Party Hardware. For equipment installed by Lessor Risk of loss will pass to the University upon acceptance and for equipment designated as “Customer Installable,” the equipment delivery date the University will keep the Products and Third Party Products insured against loss or damage and the policy will name Xerox as a loss payee. ADDITIONAL SOFTWARE TERMS (SOME EQUIPMENT AND ACCESSORIES) 25. FREEFLOW LICENSE. The following terms apply to Xerox FreeFlow Print Server /DocuSP software included in Base Software ("FreeFlow Base Software") and/or Application Software identified as Xerox FreeFlow software (including, but not limited to, FreeFlow Makeready and FreeFlow Process Manager ) (collectively, "FreeFlow Application Software"), and are additive to and supplement those found elsewhere in the Agreement. FreeFlow Base Software and FreeFlow Application Software are collectively referred to as "FreeFlow Software." 1. FreeFlow Software may include and/or incorporate font programs ("Font Programs") and other software provided by Adobe Systems Incorporated ("Adobe Software"). You may embed copies of the Font Programs into your electronic documents for the purpose of printing and viewing the document. You are responsible for ensuring that you have the right and are authorized by any necessary third parties to embed any Font Programs in electronic documents created with the FreeFlow Application Software. If the Font Programs are identified as "licensed for editable embedding" at www.adobe.com/type/browser/legal/embeddingeula, you may also embed copies of those Font Programs for the additional purpose of editing your electronic documents. No other embedding rights are implied or permitted under this license. 2. You will not, without the prior written consent of Xerox and its licensors: (a) alter the digital configuration of the FreeFlow Software, or solicit others to cause the same, so as to change the visual appearance of any of the FreeFlow Software output; (b) use the FreeFlow Software in any way that is not authorized by the Agreement; (c) use the embedded code within the FreeFlow Software outside of the Equipment on which it was installed or in a stand-alone, time-share or service bureau model; (d) disclose the results of any performance or benchmark tests of the FreeFlow Software; (e) use the FreeFlow Software for any purpose other than to carry out the purposes of the Agreement; or (f) disclose or otherwise permit any other person or entity access to the object code of the FreeFlow Software. 3. FreeFlow Process Manager contains Oracle Database Express Edition database software and documentation licensed from Oracle America, Inc. ("Oracle"). Oracle grants you a nonexclusive, nontransferable limited license to use Database Express Edition for purposes of developing, prototyping and running your applications for your own internal data processing operations. Database Express Edition may be installed on a multiple CPU server but may only be executed on one processor in any server. Upon not less than 45 days prior written notice, Xerox and/or its licensors may, at their expense, directly or through an independent auditor, audit your use of FreeFlow Process Manager and all relevant records not more than once annually. Any such audit will be conducted at a mutually agreed location and will not unreasonably interfere with your business activities. 4. The Copyright Management feature of FreeFlow Makeready ("FFCM") contains the optional Copyright Clearance Center, Inc. ("CCC") copyright licensing services feature of FFCM ("CCC Service"). If this option is ordered, you will comply with any applicable terms and conditions contained on the CCC website, www.copyright.com, and any other rights holder terms governing use of materials, which are accessible in FFCM. If CCC terminates Xerox's right to offer access to the CCC Service through FFCM, Xerox may, upon written notice and without any liability to you, terminate your right to access the CCC Service through FFCM. THE CCC SERVICE IS PROVIDED "AS IS," WITHOUT ANY WARRANTIES, WHETHER EXPRESS OR IMPLIED. XEROX DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING WITHOUT LIMITATION THE IMPLIED WARRANTIES OF NONINFRINGEMENT, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. You will defend and indemnify Xerox from any and all losses, claims, damages, fines, penalties, interest, costs and expenses, including reasonable attorney fees, arising from or relating to your use of the CCC Service.5. If you install FreeFlow Application Software on a computer that you supply, the following terms apply: (a) Xerox will only be obligated to support FreeFlow Application Software if it is installed on hardware and software meeting Xerox's published specifications (collectively "Workstation"); (b) IF YOU USE FREEFLOW APPLICATION SOFTWARE WITH ANY HARDWARE OR SOFTWARE OTHER THAN A WORKSTATION, ALL REPRESENTATIONS AND WARRANTIES ACCOMPANYING SUCH FREEFLOW APPLICATION SOFTWARE WILL BE VOID AND ANY SUPPORT/MAINTENANCE YOU CONTRACT FOR IN CONNECTION WITH SUCH FREEFLOW APPLICATION SOFTWARE WILL BE VOIDABLE AND/OR SUBJECT TO ADDITIONAL CHARGES; and (c) you are solely responsible for: (i) the acquisition and support, including any and all associated costs, charges and other fees, of any 365 of 1132 370 Xerox Clarification/Exceptions to The Regents of the University of California Request for Proposal # Print, Goods and Services University of California Page 6 of 7 RT (5/2020) Workstation you supply; (ii) compliance with all terms governing such Workstation acquisition and support, including terms applicable to any non-Xerox software associated with such Workstation; and (iii) ensuring that such Workstation meets Xerox's published specifications. 6. The following terms apply to FreeFlow Software licensed to U.S. government customers: a. Java technology contained in FreeFlow Software is subject to: (i) FAR 52.227- 14(g)(2) and FAR 52.227-19; and (ii) if licensed to the U.S. Department of Defense ("DOD"), DFARS 252.227-7015(b) and DFARS 227.7202-3(a). b. Adobe Software is a "commercial item," as that term is defined at FAR 2.101, consisting of "commercial computer software" and "commercial computer software documentation" as such terms are used in FAR 12.212, and is licensed to civilian agencies consistent with the policy set forth in FAR 12.212, or to the DOD consistent with the policies set forth in DFARS 227.7202-1. c. Oracle Database Express Edition is "commercial computer software" and is subject to the restrictions as set forth in the Rights in Technical Data and Computer Software Clauses in DFARS 252.227-7015 and FAR 52.227-19 as applicable. 7. FreeFlow Software may include Microsoft Embedded Standard operating system software to which the following terms apply: a. You agree to and will comply with the Microsoft terms and conditions contained on the Xerox website, http://www.support.xerox.com/support/open-source-disclosures/fileredirect/ enus.html?&contentId=136023. b. Any updates, upgrades or reinstallations of Microsoft Embedded Standard operating system software are subject to the terms and conditions of this license and may be used only with the Xerox-brand Equipment with which it was delivered. Any other use of the software is strictly prohibited and may subject you to legal action. c. If the Equipment includes Remote Desktop Services that enable it to connect to and access applications running on a server, such as Remote Desktop Protocol, Remote Assistance and Independent Computer Architecture, such Desktop Functions will not run locally on the system, except for network/Internet browsing functions. d. The FreeFlow Base Software contains the Windows Update feature that allows you to access Windows Updates directly through the Microsoft Corp. Windows Update server. If you elect to activate this feature, any Windows Updates installed by you using the Windows Update feature may not function on the Equipment or may cause malfunctions or cause harm to the Equipment. Before you download a Windows Update using this feature, you should contact Xerox so that Xerox can ensure that each Windows Update is suitable for use on the Equipment and provide any necessary technical support for the installation and use of such Windows Update. e. No High Risk Use. WARNING: The Windows Embedded 7 Standard operating system is not fault-tolerant. The Windows Embedded 7 Standard operating system is not designed or intended for any use in any computing device where failure or fault of any kind of the Windows Embedded 7 Standard operating system could reasonably be seen to lead to death or serious bodily injury of any person, or to severe physical or environmental damage ("High Risk Use"). Xerox is not licensed to use, distribute, or sublicense the use of the Windows Embedded 7 Standard operating system in High Risk Use. High Risk Use is STRICTLY PROHIBITED. Versant Products Extra Long Prints Terms 26. EXTRA LONG PRINTS. The following Equipment model(s), V180P may now, or in the future, have extra-long print capability, which is the ability to produce a print that is longer than 491mm. Maximum print length may vary by model. The meters for Equipment with extra-long print capability will register the following, as applicable: (i) for impressions greater than 491mm, up to and including 661mm, the Extra Long Impressions meter will register two (2) prints for each such extra-long print, in addition to registering one (1) print on either the Color Impressions meter (in the case of a color print) or the Black Impressions meter (in the case of a B&W print); (ii) for impressions greater than 661mm, up to and including 877mm, the Extra Long Impressions meter will register three (3) prints for each such extra-long print, in addition to registering one (1) print on either the Color Impressions meter (in the case of a color print) or the Black Impression meter (in the case of a B&W print); (iii) for impressions greater than 877mm, up to and including 1,083mm, the Extra Long Impressions meter will register four (4) prints for each such extra-long print, in addition to registering one (1) print on either the Color Impressions meter (in the case of a color print) or the Black Impression meter (in the case of a B&W print); and (iv) for impressions greater than 1,083mm, up to and including 1,299mm, the Extra Long Impressions meter will register five (5) prints for each such extra- long print, in addition to registering one (1) print on either the Color Impressions meter (in the case of a color print) or the Black Impression meter (in the case of a B&W print). 366 of 1132 371 Xerox Clarification/Exceptions to The Regents of the University of California Request for Proposal # Print, Goods and Services University of California Page 7 of 7 RT (5/2020) PURCHASE AND MAINTENANCE TERMS 27. Cash Purchase. A. Title and Risk. Title and risk of loss to Equipment will pass to Customer upon delivery and installation of the Equipment. Until the products are paid for in full Customer will insure the Product against loss or damage, and the policy will name Xerox as a loss payee. B. Payment. Customer’s payment under a Cash Purchase Order shall consist of the Net Price amount for the Equipment purchased there under and all applicable Taxes. C. Customer Default & Remedies. If Customer defaults under the Contract or a Cash Purchase Order, Xerox, in addition to its other remedies (including the cessation of Maintenance Services if applicable), may require immediate payment of all amounts then due (including all applicable Taxes), plus interest on all amounts due from the due date until paid as allowed under California law. 28 MAINTENANCE SERVICES CUSTOMER OWNED EQUIPMENT. Except for Equipment and/or Third Party Hardware identified as "No Svc.", Xerox (or a designated servicer) will keep the Equipment and/or Third Party Hardware in good working order ("Maintenance Services"). The provision of Maintenance Services is contingent upon Customer facilitating timely and efficient resolution of Equipment and/or Third Party Hardware issues by: (a) utilizing Customer-implemented remedies provided by Xerox; (b) replacing Cartridges; and (c) providing information to and implementing recommendations provided by Xerox telephone support personnel. If an Equipment and/or Third Party Hardware issue is not resolved after completion of (a) through (c) above, Xerox will provide on-site support as provided herein. Maintenance Services will be provided during Xerox's standard working hours in areas open for repair service for the Equipment and/or Third Party Hardware. Maintenance Services excludes repairs due to: (i) misuse, neglect or abuse; (ii) failure of the installation site or the PC or workstation used with the Equipment and/or Third Party Hardware to comply with Xerox's published specifications or Third Party Hardware vendor’s published specifications, as applicable; (iii) use of options, accessories or products not serviced by Xerox; (iv) non- Xerox alterations, relocation, service or supplies; or (v) failure to perform operator maintenance procedures identified in operator manuals. Replacement parts may be new, reprocessed or recovered and all replaced parts become Xerox's property. Xerox will, as your exclusive remedy for Xerox's failure to provide Maintenance Services, replace the Equipment with an identical model or, at Xerox's option, another model with comparable features and capabilities. There will be no additional charge for the replacement Equipment during the remainder of the initial Term. If meter reads are a component of your Equipment’s Maintenance Plan, you will provide them using the method and frequency identified by Xerox. If you do not provide a meter reading for Equipment not capable of Remote Data Access, or if Remote Data Access is interrupted, Xerox may estimate the reading and bill you accordingly. For Third Party Hardware identified as “No Svc.”, you may enter into a maintenance agreement with the Third Party Hardware vendor or its maintenance service provider, who shall be solely responsible for the quality, timeliness and other terms and conditions of such maintenance services. Xerox shall have no liability for the acts or omissions of such Third party service provider. 29. DEFAULT & REMEDIES. You will be in default under this Agreement if (1) Xerox does not receive any payment within 15 days after the date it is due (45 days after date of invoice), or (2) you breach any other obligation in this or any other agreement with Xerox. 367 of 1132 372 Xerox Clarification/Exceptions to The Regents of the University of California Request for Proposal # Print, Goods and Services University of California Page 1 of 26 RT (5/2020) ADDITIONAL TERMS These additional terms are incorporated into the Xerox Proposal and are in addition to the terms included in the University’s RFP. Should there be a conflict between the various provisions the order of precedence shall be these Additional Terms followed by the University’s RFP. ADDITIONAL TERMS APPLICABLE TO ALL NON-UNIVERSITY ENTITIES The following additional terms are incorporated into the Xerox Proposal and are in addition to the terms included in the University’s RFP. Should there be a conflict between these Additional Terms and the terms of the University Contract, the OMNIA Partners Terms and Conditions will control followed by the University terms and conditions. Please note only relevant terms of the OMNIA Master Agreement applicable to Non-University entities are included in this section. The terms of the OMNIA Master Agreement, which are incorporated to this Contract by their reference, will apply to Non- University entities to procure equipment and services under this Agreement. Xerox agrees to make resulting OMNIA Partners’ pricing/terms from this solicitation available to other public agencies nationally, including state and local governmental entities, public and private primary, secondary and higher education entities, non-profit entities, and agencies for the public benefit (“Public Agencies”) through OMNIA Partners’ Cooperative purchasing program so long as such Public Agency is a registered member at OMNIA. OMNIA Partners Terms and Conditions - https://www.sourcewell-mn.gov/cooperative-purchasing/083116- xox?domain=870%20%20%20%20%20%20%20%20%D0%B5H#tab-contract-documents General Terms and Conditions 1. SCOPE. The acquisition of Products and Maintenance Services by Customer is subject to the terms and conditions of the Region 4 ESC Contract R and the following terms and conditions (the “Agreement”). In the event of a conflict among these documents, the Region 4 Contract will take precedence. “Products” means Xerox-brand equipment (“Equipment”), Software and Consumable Supplies ordered under this Agreement. 2. TERM. The initial term of this Agreement (“Initial Term”) will commence on the date it is accepted by Xerox, and it will expire on the last day of the 36th full calendar month thereafter, unless early terminated by either party upon not less than 90-days’ notice. Following the Initial Term, this Agreement may be renewed for two (2) additional one-year terms, under the same terms and conditions. Upon the expiration or termination of this Agreement, each IA (as defined in Section 3.a.) shall remain in full force and effect until the end of its term and shall be governed by the terms and conditions of this Agreement as if it were still in effect. 3. ORDER DOCUMENTS. a. Customer will issue documents that Customer or Xerox require for acquisitions hereunder, including purchase orders and individual standard form Xerox agreements (“Order Document(s)”) for order entry purposes only, specifying Customer’s requested shipment date, installation site, quantities, bill-to address and product description, including any Trade-In Equipment. Notwithstanding anything contained in any Order Document which is at variance with or additional to this Agreement, Order Documents will incorporate and be subject solely to the terms and conditions of this Agreement, except for standard Xerox agreement terms and conditions related to options selected by Customer at time of order. Xerox reserves the right to review and approve Customer’s credit prior to acceptance of an Order Document, and Customer authorizes Xerox or its agent to obtain credit reports from commercial credit reporting agencies. Upon acceptance by Xerox, the Order Document creates an individual agreement (“IA”) for the Products identified therein. An IA for “Standard Lease” or “Major Account Lease” may be referred to herein as a “Lease IA”. An IA for “Cash Purchase” or “Major Account Purchase” may be referred to herein as a “Purchase IA”. b. Order Documents may be submitted by hard copy or electronic means and those submitted electronically will be considered: (i) a “writing” or “in writing”; (ii) “signed” by Customer; (iii) an “original” when printed from electronic records established and maintained in the ordinary course of business; and, (iv) valid and enforceable. 4. ELIGIBLE AFFILIATES. Xerox will provide Products under this Agreement to Customer’s Members. If a Member submits an Order Document, it will be the “Customer” for purposes of the resulting IA. If Customer divests a Member, such divested entity is no longer eligible to submit Orders under this Agreement. 5. PRODUCTS. Customer represents that the Products: (i) will be used in Customer’s business in the United States, its territories and possessions (“U.S.”); (ii) are not being acquired for resale; and (iii) will not be used for personal, household 368 of 1132 373 Xerox Clarification/Exceptions to The Regents of the University of California Request for Proposal # Print, Goods and Services University of California Page 2 of 26 RT (5/2020) or family purposes. Xerox may, for purposes of future order-taking, add Products to this Agreement or withdraw Products that become no longer generally commercially available. 6. EQUIPMENT STATUS. Except for Equipment identified in an IA as “Previously Installed”, Equipment will be (a) "Newly Manufactured", which may contain some reconditioned components; (b) "Factory Produced New Model", which is manufactured and newly serialized at a Xerox factory, adds functions and features to a product previously disassembled to a Xerox predetermined standard, and contains new and reconditioned components; or (c) "Remanufactured", which has been factory produced following disassembly to a Xerox predetermined standard and contains new and reconditioned components. 7. EQUIPMENT COMMENCEMENT & INSTALLATION DATES. The initial Term of an IA that includes Equipment will commence on the “Installation Date”, which means: (a) for Equipment installed by Xerox, the date Xerox determines the Equipment to be operating satisfactorily and is available for Customer’s use, as demonstrated by successful completion of diagnostic routines; and (b) for Equipment designated as “Customer Installable”, the Equipment delivery date. 8. DATA SECURITY. Certain models of Equipment can be configured to include a variety of data security features. There may be an additional cost associated with certain data security features. The selection, suitability and use of data security features are solely Customer’s responsibility. Upon request, Xerox will provide additional information to Customer regarding the security features available for particular Equipment models. 9. MAINTENANCE SERVICES. Except for Equipment identified as "No Svc.", Xerox (or a designated servicer) will keep the Equipment in good working order (“Maintenance Services”). The provision of Maintenance Services is contingent upon Customer facilitating timely and efficient resolution of Equipment issues by: (a) utilizing Customer-implemented remedies provided by Xerox; (b) replacing Cartridges; and (c) providing information to and implementing recommendations provided by Xerox telephone support personnel. If an Equipment issue is not resolved after completion of (a) through (c) above, Xerox will provide on-site support as provided in the applicable IA. Maintenance Services are provided as a mandatory part of a Lease or Rental IA, or under a Maintenance IA. Maintenance Services will be provided during Xerox’s standard working hours in areas open for repair service for the Equipment. Maintenance Services excludes repairs due to: (a) misuse, neglect or abuse; (b) failure of the installation site or the PC or workstation used with the Equipment to comply with Xerox’s published specifications; (c) use of options, accessories or products not serviced by Xerox; (d) non-Xerox alterations, relocation, service or supplies; or (e) failure to perform operator maintenance procedures identified in operator manuals. Replacement parts may be new, reprocessed or recovered and all replaced parts become Xerox’s property. If Xerox is unable to repair the Equipment so that it performs consistently in accordance with its specifications, Xerox will replace the Equipment with an identical model or, at Xerox’s option, another model with comparable features and capabilities. There will be no additional charge for the replacement Equipment during the remainder of the initial Term. If meter reads are a component of a Maintenance Plan, Customer will provide them using the method and frequency identified by Xerox. If Customer does not provide a meter reading for Equipment not capable of Remote Data Access, or if Remote Data Access is interrupted, Xerox may reasonably estimate the reading and bill Customer accordingly. 10. CARTRIDGES. If Xerox is providing Maintenance Services for Equipment utilizing cartridges designated by Xerox as customer-replaceable units, including copy/print cartridges and xerographic modules or fuser modules (“Cartridges”), Customer agrees to use only unmodified Cartridges purchased directly from Xerox or its authorized resellers in the United States and the failure to use such Cartridges shall void any warranty applicable to such Equipment. Cartridges packed with Equipment and replacement Cartridges may be new, remanufactured, or reprocessed. Remanufactured and reprocessed Cartridges meet Xerox's new Cartridge performance standards and contain new and/or reprocessed components. To enhance print quality, Cartridge(s) for many models of Equipment have been designed to cease functioning at a predetermined point. In addition, many Equipment models are designed to function only with Cartridges that are newly manufactured original Xerox Cartridges or with Cartridges intended for use in the U.S. Equipment configuration that permits use of non-newly manufactured original Xerox Cartridges may be available from Xerox at an additional charge. 11. DELIVERY & REMOVAL. Equipment prices include standard delivery charges for all Equipment and, for Equipment for which Xerox retains ownership, standard removal charges. Non-standard delivery or removal will be at Customer’s expense. 12. PAYMENT & TAXES. a. If the invoice displays a due date, payment must be received by Xerox on or before the due date. If the invoice does not display a due date, payment must be received by Xerox in accordance with the state’s prompt payment statutes, or, if such statutes are not applicable, within 30 days after the invoice date. All invoice payments under this Agreement shall be made via check, Automated Clearing House debit, Electronic Funds Transfer, or direct debit from Customer’s bank account. Restrictive covenants on payment instruments will not reduce Customer’s obligations. b. Customer is responsible for all applicable taxes, fees or charges of any kind (including interest and penalties) assessed by any governmental entity on this Agreement or the amounts payable under this Agreement (“Taxes”), which will be 369 of 1132 374 Xerox Clarification/Exceptions to The Regents of the University of California Request for Proposal # Print, Goods and Services University of California Page 3 of 26 RT (5/2020) included in Xerox’s invoice unless Customer timely provides proof of its tax exempt status. Taxes do not include taxes on Xerox’s income and, for Lease IAs, Taxes do not include personal property taxes in jurisdictions where Xerox is required to pay personal property taxes. Except for Equipment that includes a Bargain Purchase Option, a Lease IA is a lease for all income tax purposes and Customer will not claim any credit or deduction for depreciation of the Equipment or take any other action inconsistent with its role as lessee of the Equipment. 13. LATE CHARGES & DEFAULT. If a payment is not received by Xerox within 10 days after the due date, Xerox may charge, and Customer will pay, a late charge equal to 5% of the amount due or $25, whichever is greater, or the amount allowed by applicable law, if less. Customer will be in default under an IA if Xerox does not receive any payment within 15 days after the date it is due or Customer breaches any other obligation under this Agreement, any IA hereunder, or any other agreement with Xerox. Customer will pay all reasonable costs, including attorneys’ fees, incurred by Xerox to enforce this Agreement or any IA. 14. NON-CANCELABLE AGREEMENT. LEASE AND INSTALLMENT PURCHASE IA’s CANNOT BE CANCELED OR TERMINATED EXCEPT AS EXPRESSLY PROVIDED HEREIN. CUSTOMER’S OBLIGATION TO MAKE ALL PAYMENTS, AND TO PAY ANY OTHER AMOUNTS DUE OR TO BECOME DUE, IS ABSOLUTE AND UNCONDITIONAL AND NOT SUBJECT TO DELAY, REDUCTION, SET-OFF, DEFENSE, COUNTERCLAIM OR RECOUPMENT FOR ANY REASON WHATSOEVER, IRRESPECTIVE OF XEROX'S PERFORMANCE OF ITS OBLIGATIONS HEREUNDER. ANY CLAIM AGAINST XEROX MAY BE ASSERTED IN A SEPARATE ACTION AND SOLELY AGAINST XEROX. 15. WARRANTY DISCLAIMER & WAIVERS. XEROX DISCLAIMS THE IMPLIED WARRANTIES OF NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE. 16. LEASE OPTIONS FOR PURCHASE, RENEWAL, AND TERMINATION. The following options are available for Equipment under a Lease IA: a. If not in default hereunder, Customer may purchase the Equipment, “AS IS, WHERE-IS” and WITHOUT ANY WARRANTY AS TO CONDITION OR VALUE, at the end of the initial Term of a Lease IA for the purchase option indicated in such IA, plus all applicable Taxes. b. Unless either party provides notice of termination at least 30 days before the end of the initial Term of a Lease IA, it will renew automatically on a month-to-month basis on the same terms and conditions. During this renewal period, either party may terminate the Lease IA upon at least 30 days’ notice. Upon termination, Customer will make the Equipment available for removal by Xerox. At the time of removal, the Equipment will be in the same condition as when delivered (reasonable wear and tear excepted). 17. INTELLECTUAL PROPERTY INDEMNITY. Xerox will defend, and pay any settlement agreed to by Xerox or any final judgment for, any claim that a Xerox-brand Product infringes a third party’s U.S. intellectual property rights. Customer will promptly notify Xerox of any alleged infringement and permit Xerox to direct the defense. Xerox is not responsible for any non-Xerox litigation expenses or settlements unless Xerox pre-approves them in writing. To avoid infringement, Xerox may modify or substitute an equivalent Xerox-brand Product and, if purchased, refund the price paid for the Xerox-brand Product (less the reasonable rental value for the period it was available to Customer), or obtain any necessary licenses. Xerox is not liable for any infringement based upon a Xerox-brand Product being modified to Customer’s specifications or being used or sold with products not provided by Xerox. 18. LIMITATION OF LIABILITY. For claims arising out of or relating to this Agreement or any IA written hereunder, whether the claim alleges tortious conduct (including negligence) or any other legal theory, but excepting liability under the indemnification obligations set forth in this Agreement, Xerox will not be liable to Customer for any direct damages relating to this Agreement or any IA written hereunder in excess of the sum of the amounts paid and to be paid during the initial Term of the applicable IA and neither party will be liable to the other for any special, indirect, incidental, consequential or punitive damages. 19. ASSIGNMENT. Neither party may assign without the prior written consent of the other party. 20. NOTICES. Unless provided otherwise in this Agreement, notices under this Agreement or any IA must be sent in writing to the party’s address or facsimile number set forth below. Notices will be deemed given 5 days after mailing by first class mail, 2 days after sending by nationally recognized overnight courier, or on the date of electronic confirmation of receipt of a facsimile transmission, when followed by mailing of such notice as provided herein. Invoices are not considered notices under this Agreement and are governed by provisions relating specifically thereto. All payment related notices under an IA shall be sent: (a) to Customer at the “Bill to” address in the IA, and (b) to Xerox at the inquiry address on the most recent invoice. All other notices under this Agreement or an IA shall be sent to a party at its address or facsimile number below. Either party may change its address or facsimile number for receipt of notice by notifying the other party at its address or facsimile number below. 370 of 1132 375 Xerox Clarification/Exceptions to The Regents of the University of California Request for Proposal # Print, Goods and Services University of California Page 4 of 26 RT (5/2020) To Customer: To Xerox: Office of General Counsel Xerox Corporation 45 Glover Avenue P. O. Box 4505 Norwalk, CT 06856-4505 Facsimile: Facsimile: 21. FORCE MAJEURE. Xerox will not be liable to Customer during any period in which its performance is delayed or prevented, in whole or in part, by a circumstance beyond its reasonable control. Xerox will notify Customer if such a circumstance occurs. 22. CONSUMABLE SUPPLIES. Consumable Supplies vary depending upon the Equipment model. If “Consumable Supplies” is identified in Maintenance Plan Features, Consumable Supplies include: (i) for black and white Equipment, standard black toner and/or dry ink, black developer, Copy Cartridges, and, if applicable, fuser agent required to make impressions; (ii) for full color Equipment, the items in (i) plus standard cyan, magenta, and yellow toners and dry inks (and their associated developers); and, (iii) for Equipment identified as “Phaser”, only, if applicable, black solid ink, color solid ink, imaging units, waste cartridges, transfer rolls, transfer belts, transfer units, belt cleaner, maintenance kits, print Cartridges, drum Cartridges, waste trays and cleaning kits. Xerox may charge a shipping and handling fee for Consumable Supplies. Consumable Supplies are Xerox's property until used by Customer, and Customer will use them only with the Equipment for which “Consumable Supplies” is identified in Maintenance Plan Features. If Consumables Supplies are furnished with recycling information, Customer will return the used item, at Xerox’s expense, for remanufacturing. Shipping information is available at Xerox.com/GWA. Upon expiration of this Agreement, Customer will include any unused Consumable Supplies with the Equipment for return to Xerox at the time of removal. If Customer’s use of Consumable Supplies exceeds Xerox's published yield by more than 10%, Xerox will notify Customer of such excess usage. If such excess usage does not cease within 30 days after such notice, Xerox may charge Customer for such excess usage. Upon request, Customer will provide current meter reads and/or an inventory of Consumable Supplies in its possession. 23. RELOCATION. Until Customer has paid in full under a Purchase IA or Installment Purchase IA, or while Equipment is subject to a Lease or Rental IA: (a) all Equipment relocations must be arranged (or approved in advance) by Xerox and will be at Customer’s expense; (b) while Equipment is being relocated, Customer remains responsible to make all payments under the applicable IA; and (c) Equipment cannot be relocated outside of the U.S. 24. SOFTWARE a. SOFTWARE LICENSE. Xerox grants Customer a non-exclusive, non-transferable license to use in the U.S.: (a) software and accompanying documentation provided with Xerox-brand Equipment ("Base Software”) only with the Xerox-brand Equipment with which it was delivered; and (b) software and accompanying documentation identified in an IA as "Application Software" only on any single unit of equipment for as long as Customer is current in the payment of all applicable software license fees. “Base Software” and “Application Software” are referred to collectively as “Software”. Customer has no other rights and may not: (1) distribute, copy, modify, create derivatives of, decompile, or reverse engineer Software; (2) activate Software delivered with the Equipment in an inactivated state; or (3) allow others to engage in same. Title to, and all intellectual property rights in, Software will reside solely with Xerox and/or its licensors (who will be considered third-party beneficiaries of this subsection a.). Software may contain code capable of automatically disabling the Equipment. Disabling code may be activated if: (x) Xerox is denied access to periodically reset such code; (y) Customer is notified of a default under an IA; or (z) Customer’s license is terminated or expires. The Base Software license will terminate: (i) if Customer no longer uses or possesses the Equipment; (ii) Customer is a lessor of the Equipment and its first lessee no longer uses or possesses it; or (iii) upon the expiration of any IA under which Customer has rented or leased the Equipment (unless Customer has exercised an option to purchase the Equipment). Neither Xerox nor its licensors warrant that Software will be free from errors or that its operation will be uninterrupted. The foregoing terms do not apply to Diagnostic Software or to software/documentation accompanied by a clickwrap or shrinkwrap license agreement or otherwise made subject to a separate license agreement. b. SOFTWARE SUPPORT. Xerox (or a designated servicer) will provide the software support set forth below (“Software Support”). For Base Software, Software Support will be provided during the initial Term of the applicable IA and any renewal period but in no event longer than 5 years after Xerox stops taking customer orders for the subject model of Equipment. For Application Software, Software Support will be provided as long as Customer is current in the payment of all applicable software license and support fees. Xerox will maintain a web-based or toll-free hotline during Xerox’s standard working hours to report Software problems and answer Software-related questions. Xerox, either directly or with its vendors, will make reasonable efforts to: (a) assure that Software performs in material conformity with its user 371 of 1132 376 Xerox Clarification/Exceptions to The Regents of the University of California Request for Proposal # Print, Goods and Services University of California Page 5 of 26 RT (5/2020) documentation; (b) provide available workarounds or patches to resolve Software performance problems; and (c) resolve coding errors for (i) the current Release and (ii) the previous Release for a period of 6 months after the current Release is made available to Customer. Xerox will not be required to provide Software Support if Customer has modified the Software. New releases of Software that primarily incorporate compliance updates and coding error fixes are designated as "Maintenance Releases" or “Updates”. Maintenance Releases or Updates that Xerox may make available will be provided at no charge and must be implemented within 6 months. New releases of Software that include new content or functionality (“Feature Releases”) will be subject to additional license fees at Xerox’s then- current pricing. Maintenance Releases, Updates, and Feature Releases are collectively referred to as “Releases”. Each Release will be considered Software governed by the SOFTWARE LICENSE and SOFTWARE SUPPORT provisions of this Agreement (unless otherwise noted). Implementation of a Release may require Customer to procure, at Customer’s expense, additional hardware and/or software from Xerox or another entity. Upon installation of a Release, Customer will return or destroy all prior Releases. Xerox may annually increase the Annual Renewal and Support-Only Fees for Application Software. For State and Local Government Customers, this adjustment will take place at the commencement of each of Customer’s annual contract cycles. c. DIAGNOSTIC SOFTWARE. Software used to evaluate or maintain the Equipment ("Diagnostic Software") is included with the Equipment. Diagnostic Software is a valuable trade secret of Xerox. Title to Diagnostic Software will remain with Xerox or its licensors. Xerox does not grant Customer any right to use Diagnostic Software, and Customer will not access, use, reproduce, distribute or disclose Diagnostic Software for any purpose (or allow third parties to do so). Customer will allow Xerox reasonable access to the Equipment to remove or disable Diagnostic Software if Customer is no longer receiving Maintenance Services from Xerox, provided that any on-site access to Customer’s facility will be during Customer’s normal business hours. 25. REMOTE SERVICES. a. Certain models of Equipment are supported and serviced using data that is automatically collected by Xerox or transmitted to or from Xerox by Equipment connected to Customer’s network (“Remote Data”) via electronic transmission to a secure off-site location (“Remote Data Access”). Remote Data Access also enables Xerox to transmit to Customer Releases for Software and to remotely diagnose and modify Equipment to repair and correct malfunctions. Examples of Remote Data include product registration, meter read, supply level, Equipment configuration and settings, software version, and problem/fault code data. Remote Data may be used by Xerox for billing, report generation, supplies replenishment, support services, recommending additional products and services, and product improvement/development purposes. Remote Data will be transmitted to and from Customer in a secure manner specified by Xerox. Remote Data Access will not allow Xerox to read, view or download the content of any Customer documents or other information residing on or passing through the Equipment or Customer’s information management systems. Customer grants the right to Xerox, without charge, to conduct Remote Data Access for the purposes described above. b. Upon Xerox’s request, Customer will provide contact information for Equipment such as name and address of Customer contact and IP and physical addresses/locations of Equipment. Customer will enable Remote Data Access via a method prescribed by Xerox, and Customer will provide reasonable assistance to allow Xerox to provide Remote Data Access. Unless Xerox deems Equipment incapable of Remote Data Access, Customer will ensure that Remote Data Access is maintained at all times Maintenance Services are being performed. 26. TRADE-IN EQUIPMENT. Customer warrants that Customer has the right to transfer title to the equipment Customer is trading in as part of an IA ("Trade-In Equipment"), and that the Trade-In Equipment is in good working order and has not been modified from its original configuration (other than by Xerox). Title and risk of loss to the Trade-In Equipment will pass to Xerox when Xerox removes it from Customer‘s premises. Customer will maintain the Trade-In Equipment at its present site and in substantially its present condition until removed by Xerox. Customer will pay all accrued charges for the Trade- In Equipment (up to and including payment of the final principal payment number) and all applicable maintenance, administrative, supply and finance charges until Xerox removes the Trade-In Equipment from Customer’s premises. 27. TOTAL SATISFACTION GUARANTEE. a. "SP Equipment" means any iGen3, iGen4, iGen150, iGen5 or Xerox Color 8250 Production Printer. If, during any 90 day period, the performance of SP Equipment delivered under this Agreement is not at least substantially consistent with the performance expectations outlined in the SP Equipment’s Customer Expectations Document ("Expectations Document"), Xerox will, at Customer’s request, replace the SP Equipment without charge with identical SP Equipment or, at Xerox’s option, with Equipment with comparable features and capabilities (the” SP Equipment Guarantee”). The SP Equipment Guarantee does not apply during the first 180 days after installation and will expire 3 years after the Installation Date, unless the SP Equipment is being financed under this Agreement for more than 3 years, in which event it expires at the end of the initial Term of the subject Installment Purchase, Rental or Lease IA; provided however, for SP Equipment identified as “Previously Installed”, this SP Equipment Guarantee expires 1 year after installation. 372 of 1132 377 Xerox Clarification/Exceptions to The Regents of the University of California Request for Proposal # Print, Goods and Services University of California Page 6 of 26 RT (5/2020) This SP Equipment Guarantee applies only to SP Equipment that has been (i) continuously maintained by Xerox under a Xerox maintenance agreement, and (ii) operated at all times in accordance with the Expectations Document. b. "Non-SP Equipment" means any Equipment other than SP Equipment. If Customer is not completely satisfied with any Non-SP Equipment delivered under an IA under this Agreement, Xerox will, at Customer’s request, replace it without charge with identical Non-SP Equipment or, at the option of Xerox, with Equipment with comparable features and capabilities (the” Non-SP Equipment Guarantee”). The Non-SP Equipment Guarantee applies only to Non-SP Equipment that has been continuously maintained by Xerox under a Xerox maintenance agreement. The Non-SP Equipment Guarantee is effective for 3 years after the Installation Date, unless the Non-SP Equipment is being acquired under an Installment Purchase, Rental or Lease IA with an initial Term of more than 3 years, in which event it will expire at the end of the initial Term of the subject IA; provided however, for Non-SP Equipment identified as “Previously Installed”, the Non-SP Equipment Guarantee expires 1 year after the Installation Date. The Non-SP Equipment Guarantee does not apply to a limited number of Non-SP Equipment models, which models are identified in the applicable Order Document. c. The SP Equipment Guarantee and Non-SP Equipment Guarantee replace and supersede any other guarantee from Xerox, whether made orally or in writing, styled a "Total Satisfaction Guarantee", "Satisfaction Guarantee" or otherwise covering the subject matter set forth above. 28. GOVERNMENT CUSTOMER TERMS: The following additional terms apply to Lease and Installment Purchase IA’s: a. REPRESENTATIONS & WARRANTIES, FUNDING, TAX TREATMENT & PAYMENTS: (i) REPRESENTATIONS & WARRANTIES. Customer represents and warrants, as of the date of this Agreement and of each IA hereunder, that: (1) Customer is a State or a fully constituted political subdivision or agency of the State in which Customer is located and is authorized to enter into, and carry out, Customer’s obligations under this Agreement, any IA hereunder and any other documents required to be delivered in connection with the Agreement or any IA hereunder (collectively, the “Documents”); (2) the Documents have been duly authorized, executed and delivered by Customer in accordance with all applicable laws, rules, ordinances and regulations (including all applicable laws governing open meetings, public bidding and appropriations required in connection with this Agreement or an IA hereunder and the acquisition of the Products) and are valid, legal, binding agreements, enforceable in accordance with their terms; (3) the person(s) signing the Documents have the authority to do so, are acting with the full authorization of Customer’s governing body and hold the offices indicated below their signatures, each of which are genuine; (4) the Products are essential to the immediate performance of a governmental or proprietary function by Customer within the scope of Customer’s authority and will be used only by Customer and only to perform such function; (5) Customer’s obligations to remit payments under this Agreement or any IA hereunder constitute a current expense and not a debt under applicable state law; and (6) no provision of this Agreement or any IA constitutes a pledge of Customer’s tax or general revenues and any provision that is so construed by a court of competent jurisdiction is void from the inception of this Agreement or the subject IA. (ii) FUNDING. Customer represents and warrants that all payments due and to become due during Customer’s current fiscal year are within the fiscal budget of such year and are included within an unrestricted and unencumbered appropriation currently available for the lease/purchase of the Products, and it is Customer’s intent to use the Products for the entire lease term and to make all payments required under this Agreement or an IA hereunder. If (1) through no action initiated by Customer, Customer’s legislative body does not appropriate funds for the continuation of this Agreement or an IA hereunder for any fiscal year after the first fiscal year and has no funds to do so from other sources, and (2) Customer has made a reasonable but unsuccessful effort to find a creditworthy assignee acceptable to Xerox in its sole discretion within Customer’s general organization who can continue this Agreement or an IA hereunder, this Agreement or an IA hereunder may be terminated. To effect this termination, Customer must, 30 days prior to the beginning of the fiscal year for which Customer’s legislative body does not appropriate funds for such upcoming fiscal year, notify Xerox that Customer’s legislative body failed to appropriate funds and that Customer has made the required effort to find an assignee. Customer’s notice must be accompanied by payment of all sums then owed through the current year under this Agreement or any IA hereunder and must certify that canceled Equipment is not being replaced by equipment performing similar functions during the ensuing fiscal year. Customer will return the Equipment, at Customer’s expense, to a location designated by Xerox and, when returned, the Equipment will be in good condition and free of all liens and encumbrances. Customer will then be released from any further payments obligations beyond those payments due for the current fiscal year (with Xerox retaining all sums paid to date). (iii) TAX TREATMENT. Xerox has accepted this Agreement and each IA hereunder based on Customer’s representation that Xerox may claim any interest paid by Customer as exempt from federal income tax under Section 103(c) of the Code. Customer will comply with the information reporting requirements of Section 149(e) 373 of 1132 378 Xerox Clarification/Exceptions to The Regents of the University of California Request for Proposal # Print, Goods and Services University of California Page 7 of 26 RT (5/2020) of the Code. Such compliance includes the execution of 8038-G or 8038-GC Information Returns. Customer appoints Xerox as Customer’s agent to maintain, and Xerox will maintain, or cause to be maintained, a complete and accurate record of all assignments of this Agreement or an IA hereunder in form sufficient to comply with the book entry requirements of Section 149(a) of the Code and the regulations prescribed thereunder from time to time. Should Xerox lose the benefit of this exemption as a result of Customer’s failure to comply with or be covered by Section 103(c) or its regulations, then, subject to the availability of funds and upon demand by Xerox, Customer will pay Xerox an amount equal to its loss in this regard. Customer will provide Xerox with a properly prepared and executed copy of US Treasury Form 8038 or 8038-GC. (iv) PAYMENTS. All payments are due within 30 days of the invoice date. 27. AMENDMENT. All changes to this Agreement or any IA hereunder must be made in a writing signed by both parties. The amendment of this Agreement or any IA shall not affect the obligations of either party under any other IA‘s under this Agreement. 28. REPRESENTATIONS. The individuals signing this Agreement are duly authorized to do so and all financial information Customer provides completely and accurately represents Customer’s financial condition. 29. MISCELLANEOUS. This Agreement is governed by the laws of the State of New York (without regard to conflict-of-law principles). In any action to enforce this Agreement or any IA hereunder, the parties agree (a) to the jurisdiction and venue of the federal and state courts (i) for Region 4 ESC, in Harris County, Texas, and (ii) for Members, in the specific jurisdiction and venue of the Member and (b) to waive their right to a jury trial. If a court finds any term of this Agreement or any IA unenforceable, the remaining terms will remain in effect. The failure by either party to exercise any right or remedy will not constitute a waiver of such right or remedy. Customer authorizes Xerox or its agents to communicate with Customer by any electronic means (including cellular phone, email, automatic dialing and recorded messages) using any phone number (including cellular) or electronic address Customer provides to Xerox. Each party may retain a reproduction (e.g., electronic image, photocopy, facsimile) of this Agreement and each IA hereunder which will be admissible in any action to enforce it, but only the Agreement or IA held by Xerox will be considered an original. Xerox may accept this Agreement or any IA hereunder either by signature or by commencing performance. Administrative and contract support functions hereunder may be performed, inside or outside the U.S., by one or more of Xerox’s subsidiaries or affiliates and/or third parties. The following four sentences control over every other part of this Agreement and any IA hereunder. Both parties will comply with applicable laws. Xerox will not charge or collect any amounts in excess of those allowed by applicable law. Any part of this Agreement or any IA that would, but for the last four sentences of this Section, be read under any circumstances to allow for a charge higher than that allowed under any applicable legal limit, is modified by this Section to limit the amounts chargeable under this Agreement or any IA to the maximum amount allowed under the legal limit. If, in any circumstances, any amount in excess of that allowed by law is charged or received, any such charge will be deemed limited by the amount legally allowed and any amount received by Xerox in excess of that legally allowed will be applied by Xerox to the payment of amounts legally owed under this Agreement or the subject IA, or refunded to Customer. 30. ENTIRE AGREEMENT. The following are attached hereto and made part hereof: • ARTICLE I: PURCHASE AND STANDARD LEASE TERMS AND CONDITIONS • ARTICLE II: MAJOR ACCOUNT LEASE AND PURCHASE TERMS AND CONDITIONS • ARTICLE III: RENTAL TERMS AND CONDITIONS • ARTICLE IV: MAINTENANCE TERMS AND CONDITIONS • ARTICLE V: MAJOR ACCOUNT MAINTENANCE TERMS AND CONDITIONS 374 of 1132 379 Xerox Clarification/Exceptions to The Regents of the University of California Request for Proposal # Print, Goods and Services University of California Page 8 of 26 RT (5/2020) ARTICLE II: MAJOR ACCOUNT LEASE TERMS AND CONDITIONS Customer’s acquisition of Equipment by Major Account Lease is governed by the terms and conditions of the Agreement and this Article. 1. PRICING. The Minimum Payment and Print Charges will not increase during the initial Term of a Major Account Lease IA. 2. TERM. The initial Term for any Major Account Lease IA will be the number of full calendar months stated in such IA. The Minimum Payment for any partial month following the Installation Date will be billed on a pro rata basis, based on a 30-day month. 3. TITLE AND RISK. Title to the Equipment remains with Xerox until Customer exercises its Purchase Option. Risk of loss or damage to the Products passes to Customer upon delivery. Customer will insure the Products against loss or damage and the policy will name Xerox as Loss Payee. 4. PROTECTION OF XEROX’S RIGHTS. Customer authorizes Xerox or its agent to file financing statements necessary to protect Xerox’s rights as lessor of the Equipment. Until Customer has paid in full pursuant to the Purchase Option under a Major Account Lease IA, Equipment will remain personal property and Customer will not: (a) attach it as a fixture to any real estate; (b) pledge, sub-lease or part with possession of it; (c) file or permit to be filed any lien against it; or (d) make any permanent alterations to it. Customer will promptly notify Xerox if Customer relocates its principal place of business or changes the name of its business. 5. REMEDIES. If Customer defaults under the Agreement or any Major Account Lease IA, Xerox may, in addition to its other remedies (including cessation of Maintenance Services), remove the Equipment at Customer’s expense and require immediate payment, as liquidated damages for loss of bargain and not as a penalty, of: (a) all amounts then due, plus interest from the due date until paid at the rate of 1.5% per month; (b) the Minimum Payments (less the Maintenance Services and Consumable Supplies components thereof, as reflected on Xerox's books and records) remaining in the initial Term of the Major Account Lease IA, discounted at 4% per annum; (c) the applicable Purchase Option; and (d) all applicable Taxes. You will pay all reasonable costs, including attorneys' fees, incurred by Xerox to enforce this Agreement. If Customer notifies Xerox and makes the Equipment available for removal by Xerox in the same condition as when delivered (reasonable wear and tear excepted) within 30 days after notice of default, Customer, upon recovery of the Equipment by Xerox, will receive a credit for the fair market value of the Equipment (as determined by Xerox), less any costs incurred by Xerox. 6. FINANCE LEASE. A MAJOR ACCOUNT LEASE IA IS A “FINANCE LEASE” UNDER ARTICLE 2A OF THE UNIFORM COMMERCIAL CODE AND, EXCEPT TO THE EXTENT EXPRESSLY PROVIDED HEREIN, AND TO THE EXTENT PERMITTED BY APPLICABLE LAW, CUSTOMER WAIVES ALL RIGHTS AND REMEDIES CONFERRED UPON A LESSEE BY ARTICLE 2A. END OF ARTICLE 375 of 1132 380 Xerox Clarification/Exceptions to The Regents of the University of California Request for Proposal # Print, Goods and Services University of California Page 9 of 26 RT (5/2020) ARTICLE IV : MAINTENANCE TERMS AND CONDITIONS Customer’s acquisition of Maintenance Services by a Maintenance IA or under a Lease or Rental IA is governed by the terms and conditions of the Agreement and this Article. 1. MAINTENANCE TERM. The initial Term of a Maintenance IA will commence: (a) for newly installed Equipment, on the Installation Date; (b) for all other Equipment, on the date Xerox accepts the Maintenance IA. The initial Term of a Maintenance IA will expire on the last day of the final calendar month of the initial Term, unless Customer chooses to renew the Maintenance IA for an equivalent term. 2. INDIVIDUAL AGREEMENT PRICING. Except as otherwise provided in a Maintenance IA, Xerox may annually increase the Minimum Payment and Print Charges under a Maintenance IA upon 30 days’ notice. 3. REMEDIES. If Customer defaults under this Agreement or a Maintenance IA, Xerox, in addition to its other remedies (including the cessation of Maintenance Services), may require immediate payment, as liquidated damages for loss of bargain and not as a penalty, of: (a) all amounts then due, plus interest on all amounts due from the due date until paid at the rate of one and one-half percent (1.5%) per month (b) the lesser of (i) the remaining Minimum Payments in the initial term of the Maintenance IA, or (ii) six (6) such payments for one year agreements or twelve (12) such payments for multi- year agreements; and, (c) all applicable Taxes. 4. RELOCATION. If notified by Customer, Xerox will continue to provide Maintenance Services on Equipment relocated by Customer, provided that such relocation is to an area where Xerox offers Maintenance Services for the affected Equipment. END OF ARTICLE 376 of 1132 381 Xerox Clarification/Exceptions to The Regents of the University of California Request for Proposal # Print, Goods and Services University of California Page 10 of 26 RT (5/2020) ADDITIONAL TERMS: SERVICES MASTER AGREEMENT The following Service Master Agreement will be used by Non-University Customers when procuring managed print services, including maintenance services, Products (Software, Equipment, Third Party Products and/or Consumable Supplies supplied by Xerox and provided to Customer pursuant to an Order. THIS SERVICES MASTER AGREEMENT NO. << Enter 7 Digit Contract Number >>> is between Xerox Corporation (“Xerox”), a New York corporation with offices at 45 Glover Ave. Norwalk, CT 06856 and << Enter Customer's Legal Name >>> (“Customer”). AGREEMENT STRUCTURE This Agreement serves as a master agreement to enable Xerox and Customer to contract with each other for a range of products and services to be provided to the Customer over time. This Agreement is grouped into Modules. However, it is the intent of the parties that the Products and Services acquired hereunder be acquired under the auspices of the Region 4 ESC Contract # R171406 between Region 4 ESC and Xerox (the “Region 4 ESC Contract”). Therefore, the terms and conditions of the Region 4 ESC Contract are incorporated by reference into this Agreement. Any conflict between the terms and conditions of the Region 4 ESC Contract and this Agreement will be resolved in favor of this Agreement. The “GEN” Module applies to all products and services provided hereunder, while the other Modules apply as appropriate to what Xerox is providing to Customer under the applicable Order. DEFINITIONS MODULE DEF 1. – DEFINITIONS The following definitions (and those found elsewhere in this Agreement) apply unless otherwise specified in an Order. a. Affiliate means a legal entity that directly or indirectly controls, is controlled by, or is under common control with either party. An entity is considered to control another entity if it owns, directly or indirectly, more than 50% of the total voting securities or other such similar voting rights. b. Agreement means this Services Master Agreement. This Agreement may also be referred to in ordering and contracting documents as a “Services and Solutions Agreement” or “SSA.” c. Amortized Services means certain services such as consulting and training, the Charges for which are amortized over the term of an Order. d. Application Software means Xerox-brand software that allows Equipment or Third Party Hardware to perform functions beyond those enabled by its Base Software. e. Base Software means software embedded, installed, or resident in Equipment that is necessary for operation of the Equipment in accordance with published specifications. f. Cartridges means copy/print cartridges and xerographic modules or fuser modules designated by Xerox as customer-replaceable units for the Equipment. g. Charges mean the fees payable by Customer for Services, Maintenance Services and/or Products as specified in this Agreement. h. Confidential Information means information identified as confidential and provided by the disclosing party to the receiving party. i. Consumable Supplies. Consumable Supplies vary depending upon the Equipment model, and include: (i) for black and white Equipment, standard black toner and/or dry ink, black developer, Copy Cartridges, and, if applicable, fuser agent required to make impressions; (ii) for full color Equipment, the items in (i) plus standard cyan, magenta, and yellow toners and dry inks (and their associated developers); and, (iii) for Equipment identified as “Phaser”, only, if applicable, black solid ink, color solid ink, imaging units, waste cartridges, transfer rolls, transfer belts, transfer units, belt cleaner, maintenance kits, print Cartridges, drum Cartridges, waste trays and cleaning kits. Unless otherwise set forth in an Order, Consumable Supplies excludes paper and staples. j. Customer Assets means all hardware, equipment, fixtures, software, assets, networks, work space, facilities, services and other assets owned, leased, rented, licensed or controlled by Customer (including Existing Equipment 377 of 1132 382 Xerox Clarification/Exceptions to The Regents of the University of California Request for Proposal # Print, Goods and Services University of California Page 11 of 26 RT (5/2020) and Existing Software) that Customer makes available to Xerox to enable Xerox to fulfill its obligations under an Order. k. Customer Confidential Information means Confidential Information belonging to Customer and includes, without limitation, Customer Content and Private Information. l. Customer Content means documents, materials, or information that Customer provides in hard copy or electronic format to Xerox, containing information about Customer or its clients, in order for Xerox to provide Services, Maintenance Services, or Products. m. Customer Facilities means those facilities controlled by Customer where Xerox performs Services or provides Products. n. Customer Intellectual Property means all intellectual property and associated intellectual property rights including patent, trademark, service mark, copyright, trade dress, logo and trade secret rights which exist and belong to Customer as of the Effective Date or that may be created by Customer after the Effective Date, excluding Xerox Confidential Information. o. Data means data that the Xerox Tools and Xerox Client Tools automatically collect from all Equipment and Third Party Hardware that appears on Customer’s network, or that are locally connected to another device on Customer’s network, when such Tools are installed on Customer’s network. Examples of Data include product registration, meter read, supply level, device configuration and settings, software version, and problem/fault code data. p. Date of Installation means: (a) for Equipment (or Third Party Hardware) installed by Xerox, the date Xerox determines the Equipment (or Third Party Hardware) to be operating satisfactorily as demonstrated by successful completion of diagnostic routines and is available for Customer’s use; and (b) for Equipment (or Third Party Hardware) designated as “Customer Installable,” the Equipment (or Third Party Hardware) delivery date. q. Description of Services or DOS means a document attached to an Order which references the applicable Services Contract number and specifies the Products and/or Services provided under such Order. r. Diagnostic Software means Xerox-proprietary software embedded in or loaded onto Equipment and used by Xerox to evaluate or maintain the Equipment. s. Documentation means all manuals, brochures, specifications, information and software descriptions, and related materials customarily provided by Xerox to customers for use with certain Products or Services. t. Effective Date means the date this Agreement is signed by Xerox. u. Equipment means Xerox-brand equipment. v. Excluded Taxes means (i) taxes on Xerox’s income, capital, and employment, (ii) taxes for the privilege of doing business, and (iii) personal property tax on Equipment rented or leased to Customer under this Agreement. w. Existing Equipment means devices which are leased, rented or owned by the Customer outside of this Agreement, which are used to provide Services, and which remain subject to the terms and conditions of the agreements under which they were originally acquired. x. Existing Software means software licensed by the Customer outside of this Agreement and which is used to provide the Services and which remains subject to the terms and conditions of the agreements under which it was originally acquired. y. Feature Releases means new releases of Software that include new content or functionality. z. Force Majeure Event means a circumstance beyond a party’s reasonable control, which circumstances include, but are not limited to, the following: act of God (e.g., flood, earthquake, wind); fire; war; act of a public enemy or terrorist; act of sabotage; strike or other labor dispute; riot; misadventure of the sea; inability to secure materials and/or transportation; or a restriction imposed by legislation, an order or a rule or regulation of a governmental entity. aa. Funds means collectively Amortized Services and Third Party Funds. bb. Maintenance Releases or Updates means new releases of Software that primarily incorporate coding compliance updates and error fixes and are designated as “Maintenance Releases” or “Updates.” cc. Maintenance Services means required maintenance of Equipment to keep the Equipment in good working order. dd. Module means a specific set of terms and conditions contained in this Agreement that is identified as a “Module.” The Modules under this Agreement are the DEF, GEN, SVC, EQP, EP, MS and SW Modules. ee. Monthly Minimum Charge or MMC means the regular recurring Charge that is identified in an Order and which, along with any additional print/impression charges, covers the cost for the Services, Maintenance Services, and/or Products. The MMC may also include lease buyout funds, Funds, monthly equipment component amounts, remaining Customer obligations from previous contracts, and amounts being financed or refinanced. One-time items are billed separately from the MMC. 378 of 1132 383 Xerox Clarification/Exceptions to The Regents of the University of California Request for Proposal # Print, Goods and Services University of California Page 12 of 26 RT (5/2020) ff. Order means a document that Xerox requires for processing of orders for Services, Maintenance Services and/or Products hereunder, which may specify the contracting parties and location(s) where the foregoing will be provided; Customer’s requested shipment date; the Products that Customer will purchase, lease, rent or license; the Services and/or Maintenance Services that Xerox will provide; the applicable Charges and expenses; the term during which the Services, Maintenance Services and/or Products described therein shall be provided; the Xerox-provided contract number; and any applicable SLAs. An Order must reference the applicable Services Contract number, and may also be in the form of a Services and Solutions Order (“SSO”), a Xerox Order Agreement (“XOA”) (which is used solely for an outright purchase by Customer under the EP module of this Agreement) or a Customer-issued PO. A Statement of Work may be part of an Order but cannot function as a stand-alone ordering document. gg. Output of Services means electronic images created by scanning tangible documents containing Customer Content, all full or partial copies (tangible and intangible) of Customer Content, and all reports and other documentation, photographs, images, impressions, and other materials (tangible and intangible) created by Xerox and delivered to Customer under an Order, but shall not include Third Party Software, or Xerox Intellectual Property. hh. Privacy Laws means laws relating to data privacy and data protection as applicable to Xerox’s performance of the Services. ii. Private Information means Protected Health Information (“PHI”) as defined by the Health Insurance Portability and Accountability Act (“HIPAA”), Non-Public Personal Information (“NPI”) as defined by the Gramm-Leach Bliley Act (“GLBA”) and equivalent categories of protected health and financial information under applicable state Privacy Laws. jj. Products means Software, Equipment, Third Party Products and/or Consumable Supplies supplied by Xerox and provided to Customer pursuant to an Order. kk. Purchase Order or PO means a document containing the applicable Services Contract number that is issued by Customer to Xerox for Order entry purposes only. Any terms in a PO are not binding and are of no force or effect. ll. Purchased Equipment means Equipment or Third Party Hardware that Xerox sells outright to Customer under the EP Module. mm. Remote Data means data that is automatically collected by Xerox or transmitted to or from Xerox by Equipment or Third Party Products connected to Customer’s network. Examples of Remote Data include product registration, meter read, supply level, equipment configuration and settings, software version, and problem/fault code data. nn. Remote Data Access means electronic transmission of Remote Data to or from a secure offsite location. oo. Residuals means general ideas, concepts, know-how, methods, processes, technologies, algorithms or techniques related to the Services, which are in non-tangible form and retained in the unaided memory of persons who have had access to Confidential Information. pp. Service Level Agreements or SLAs means the levels of performance for the Services, if applicable, as set out in the applicable Order. qq. Services means managed services (e.g. copy center and mailroom services), consultative services, and/or professional services, including, but not limited to, assessment, document management, and managed and centralized print services, as more fully described in the applicable Order. Standard back-office administrative and contract support functions, such as billing, contract management and order processing, are not Services, but are included in the pricing provided for the Services hereunder. rr. Services Contract means the applicable terms and conditions of this Agreement, the first Order having a particular assigned Services Contract number, and each additional Order, if any, with the same Services Contract number. ss. Software means Base Software and Application Software. tt. Statement of Work or SOW means a document which references the applicable Services Contract number and specifies the details of a particular transaction where Customer wishes to acquire Services, Maintenance Services and/or Products from Xerox under this Agreement. uu. Supplier Equipment means devices which are supplied by Xerox to the Customer during the term of an Order. Supplier Equipment may be Equipment or Third Party Hardware. vv. Taxes means any and all taxes of any kind or nature, however denominated, imposed or collected by any governmental entity, including but not limited to federal, state, provincial, or local net income, gross income, sales, use, transfer, registration, business and occupation, value added, excise, severance, stamp, premium, windfall profit, customs, duties, real property, personal property, capital stock, social security, unemployment, disability, payroll, license, employee or other withholding, or other tax, of any kind whatsoever, including any interest, penalties or additions to tax or additional amounts in respect of the foregoing. ww. Third Party Funds means funds Xerox provides to Customer to acquire Third Party Hardware or to license Third Party Software and/or to retire debt on existing Third Party Hardware. 379 of 1132 384 Xerox Clarification/Exceptions to The Regents of the University of California Request for Proposal # Print, Goods and Services University of California Page 13 of 26 RT (5/2020) xx. Third Party Hardware means non-Xerox brand equipment. yy. Third Party Products means, collectively, Third Party Hardware and Third Party Software. zz. Third Party Software means non-Xerox brand software. aaa. Transaction Taxes means any and all Taxes that are required to be paid in respect of any transaction and resulting Charges under this Agreement and any transaction documents, including but not limited to sales, use, services, rental, excise, transaction-based gross receipts, and privilege Taxes. bbb. XDM Customer Views means a limited set of features such as printer error messages, basic printer status, troubleshoot (e.g., access printer web page, submit test page, reboot printer, retrieve audit logs) and upgrade printer (e.g., add upgrade file, delete upgrade file, run upgrade, delete upgrade task, restart upgrade task) that are available through the Xerox Tool known as Xerox Device Manager. ccc. Xerox Confidential Information means Confidential Information belonging to Xerox and includes, without limitation, whether marked as such or not, any services procedures manuals, Xerox Tools, Xerox Client Tools, and Xerox Intellectual Property. ddd. Xerox Client Tools means certain proprietary software used to provide certain Services, and any modifications, enhancements, improvements thereto and derivative works thereof that are licensed to Customer in accordance with GEN 1.8(d). eee. Xerox Intellectual Property means all intellectual property and associated intellectual property rights including patent, trademark, service mark, copyright, trade dress, logo and trade secret rights which exist and belong to Xerox as of the Effective Date or that may be created by Xerox after the Effective Date, including without limitation, Software, Data, Remote Data, Xerox Tools and Xerox Client Tools, and excluding Customer Confidential Information and Output of Services. fff. Xerox Products means Equipment, Software, and Consumable Supplies acquired pursuant to this Agreement. ggg. Xerox Tools means certain proprietary tools used by Xerox to provide certain Services, and any modifications, enhancements, improvements thereto and derivative works thereof. GENERAL MODULE GEN 1. – GENERAL The terms and conditions in this General (GEN) Module apply to all Services, Maintenance Services, and Products acquired by Customer under this Agreement. GEN 1.1– AGREEMENT STRUCTURE a. General Contract Structure. The parties intend for this Agreement to serve as a master agreement stating the terms and conditions governing separate transactions between (i) Xerox and Customer, and (ii) Xerox and Customer Affiliates. Xerox will provide, and Customer will procure, Services, Maintenance Services and/or Products in accordance with the terms and conditions stated in this Agreement, any Services Contract(s), and any applicable Orders. b. Orders and Services Contracts. i. Xerox may accept Orders either by its signature or by commencing performance. Xerox reserves the right to review and approve Customer’s credit, or in the case of an Order by a Customer Affiliate, such Affiliate’s credit, prior to acceptance of an Order and the entity placing the Order hereby authorizes Xerox or its agent to obtain credit reports from commercial credit reporting agencies for this purpose. If a Customer Affiliate establishes a Services Contract by placing an Order hereunder, it will be the “Customer” for the purposes of such Services Contract. ii. Orders for Services, Maintenance Services, and/or Products are grouped into Services Contracts. Each separate Services Contract will be established when the first Order is placed that bears a new Services Contract number assigned by Xerox and Xerox accepts that Order. Each Services Contract will be assigned its own Services Contract number that will consist of this Agreement’s number followed by a three digit extension. Each Services Contract constitutes a separate contract under this Agreement. Customer may add Services, Maintenance Services, or Products to an existing Services Contract by submitting additional Orders referencing the applicable Services Contract number. Each Services Contract will consist of the terms and conditions of this Agreement, the first Order under the Services Contract number and each additional Order with the same Services Contract number. 380 of 1132 385 Xerox Clarification/Exceptions to The Regents of the University of California Request for Proposal # Print, Goods and Services University of California Page 14 of 26 RT (5/2020) iii. Unless Customer provides notice in writing at least thirty (30) days before the end of the term of an Order of its intention not to renew, the Order will renew automatically on a month-to-month basis on the same terms and at the same price. iv. Orders may be submitted by hard copy or electronic means and those submitted electronically will be considered: (a) a “writing” or “in writing;” (b) “signed” by the Customer; (c) an “original” when printed from electronic records established and maintained in the ordinary course of business; and (d) valid and enforceable. GEN 1.2 – CHARGES, PAYMENT AND DEFAULT a. Charges. Charges for the particular Services, Maintenance Services, and/or Products will be set forth in an Order and are exclusive of any and all Transaction Taxes. Xerox’s then current overtime rates will apply to Services requested and performed outside Customer’s standard working hours. b. Payment. Customer agrees to pay Xerox all undisputed amounts due under each invoice via check, Automated Clearing House debit, Electronic Funds Transfer, or direct debit from Customer’s bank account within thirty (30) days after the invoice date. Restrictive covenants submitted for or with payment to indicate that it is in full satisfaction of an invoice will not operate as an accord and satisfaction to reduce Customer’s payment obligations if it is not, in fact, full payment. For any payment not received by Xerox within ten (10) days after the due date, Xerox may charge, and Customer agrees to pay, a late charge of the greater of $25 or five percent (5.0%) of the amount overdue (not to exceed the maximum amount permitted by applicable law) as reasonable collection costs. If Customer disputes any amount included in an invoice, then (i) Customer must notify Xerox of the dispute in writing, (ii) such notice shall include a description of the items Customer is disputing and the reason such items are being disputed; and (iii) Customer shall promptly exercise its best efforts to work with Xerox to resolve such dispute. Pending resolution of such disputed amount, Customer shall pay any and all undisputed amounts within thirty (30) days of invoice date, including the MMC which Customer agrees shall not be subject to dispute at any time. c. Default. Customer will be in default if Xerox does not receive any payment within fifteen (15) days after the date it is due, or if Customer breaches any other obligation under this Agreement, any Services Contract, or any other agreement with Xerox. If Customer, defaults, Xerox, in addition to its other remedies (including cessation of Services, Maintenance Services and/ or Consumable Supplies), may require immediate payment of (1) all amounts then due, plus interest on all amounts due from the due date until paid at the rate of 1.5% per month, and (2) any early termination charges set forth in this Agreement or in the applicable Services Contract and/or Order(s). Customer will pay all reasonable costs, including attorneys’ fees, incurred by Xerox to enforce any Services Contract. GEN 1.3 – TAXES a. Customer will be responsible for all Transaction Taxes. Transaction Taxes will be included in Xerox’s invoice unless Xerox receives proof of Customer’s tax-exempt status. Customer shall not be responsible for Excluded Taxes. GEN 1.4 – RESERVED. GEN 1.5 – RESERVED. GEN 1.6 – CUSTOMER RESPONSIBILITIES Customer agrees to perform its responsibilities under this Agreement in support of the Services, Maintenance Services, or Products in a timely manner. Customer agrees: a. that Products acquired hereunder are ordered for Customer’s (or its Affiliates’) own internal business use (rather than resale, license and/or distribution outside of Customer’s organization) and will not be used for personal, household or family purposes; b. to (1) provide Xerox and its agents with timely and sufficient access, without charge, to Customer Facilities required by Xerox to perform Services and Maintenance Services and/or provide Products, and (2) ensure that Customer Facilities are suitable for the Services, Maintenance Services and/or Products, safe for Xerox personnel, and fully comply with all applicable laws and regulations, including without limitation any federal, state and local building, fire and safety codes; c. to provide Xerox and its agents with timely and sufficient use of and access, without charge, to Customer Assets required by Xerox to perform Services and Maintenance Services and/or provide Products, and to grant Xerox and its agents sufficient rights to use, access and, if agreed, modify the same; d. to acquire or continue maintenance, repair and software support services, without charge to Xerox, for all Customer Assets that Customer permits Xerox to use or access; e. to maintain the manufacturer’s maintenance agreement for any Third Party Products; 381 of 1132 386 Xerox Clarification/Exceptions to The Regents of the University of California Request for Proposal # Print, Goods and Services University of California Page 15 of 26 RT (5/2020) f. to provide Xerox with access to appropriate members of Customer personnel, as reasonably requested by Xerox, in order for Xerox to perform the Services and Maintenance Services and/or provide Products; g. to respond to and provide such documentation, data and other information as Xerox reasonably requests in order for Xerox to perform the Services and Maintenance Services and/or provide Products; h. to contract for the minimum types and quantities of Equipment and Consumable Supplies required by Xerox to perform the Services and Maintenance Services; i. that, as between Xerox and Customer, Customer alone is responsible for backing up its Customer Content and Xerox shall not be responsible for Customer’s failure to do so; j. that as between Xerox and Customer, Customer alone is responsible for determining whether Customer Content provided to Xerox (i) is libelous, defamatory or obscene, or (ii) may be duplicated, scanned or imaged without violating a third party’s intellectual property rights; and k. to provide contact information for Equipment such as name and address of Customer contact. GEN 1.7– WARRANTIES a. Mutual Warranties. Each party represents and warrants to the other, as an essential part of this Agreement, that: i. it is duly organized and validly existing and in good standing under the laws of the state or country of its incorporation or formation; ii. this Agreement and the Orders hereunder have been duly authorized by all appropriate corporate action for signature; and iii. the individual signing this Agreement, and all Orders (where applicable), is duly authorized to do so. b. Xerox Warranties. i. Services Warranty. Xerox warrants to the Customer that the Services will be performed in a professional and workmanlike manner by Xerox personnel with appropriate training, experience and skills in accordance with the applicable Order. If the Services do not comply with the SLAs or other requirements set forth in the applicable Order, Customer will notify Xerox in writing detailing its concerns and, within 10 days following Xerox’s receipt of such notice, Xerox and Customer will meet, clarify the Customer’s concern(s), and begin to develop a corrective action plan. As Customer’s exclusive remedy under this warranty for Xerox’s non-compliance with this warranty, Xerox will either modify the Services to comply with the applicable SLAs or other requirements or re-do the work at no additional charge within 60 days of finalizing the plan or another time period agreed to in writing by the parties. ii. Equipment Warranty. Any Equipment warranty to which Customer is entitled shall commence upon the Date of Installation. Use by Customer of consumables not approved by Xerox that affect the performance of the Equipment may invalidate any applicable warranty. iii. Third Party Product Warranty. Where Xerox in its sole discretion selects and supplies Third Party Products, Xerox warrants they will operate substantially in conformance with applicable SLAs or other requirements in the Order. Customer’s sole remedy for breach of this warranty is to return the Third Party Product to Xerox and then receive a refund of any fees paid for such non-conforming Third Party Product, less a reasonable usage fee. If Customer requests a specific Third Party Product, Xerox will pass-through as permitted any third party warranties. iv. Exclusions. Xerox shall not be responsible for any delay or failure to perform the Services or provide Products, including achieving any associated SLAs or other requirements in the applicable SOWs, DOSs or Orders, to the extent that such delay or failure is caused by: (a) Customer’s failure or delay in performing its responsibilities under this Agreement; (b) reasons outside Xerox’s reasonable control, including Customer Assets, Customer Content, or delays or failures by Customer’s agents, suppliers or providers of maintenance and repair services for Customer Assets; or (c) unauthorized modifications to Equipment, Third Party Hardware or the Output of Services. c. Disclaimer. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THE EXPRESS WARRANTIES SET FORTH IN THIS AGREEMENT ARE IN LIEU OF ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, AND XEROX DISCLAIMS AND CUSTOMER WAIVES ALL OTHER WARRANTIES INCLUDING ANY WARRANTY OF MERCHANTABILITY, NON-INFRINGEMENT, OR FITNESS FOR A PARTICULAR PURPOSE. EXCEPT AS EXPRESSLY PROVIDED HEREIN AND AS PERMITTED BY APPLICABLE LAW, CUSTOMER WAIVES ALL 382 of 1132 387 Xerox Clarification/Exceptions to The Regents of the University of California Request for Proposal # Print, Goods and Services University of California Page 16 of 26 RT (5/2020) RIGHTS AND REMEDIES CONFERRED UPON A LESSEE BY ARTICLE 2A OF THE UNIFORM COMMERCIAL CODE. d. The warranties set forth in this Agreement are expressly conditioned upon the use of the Services, Products and Output of Services for their intended purposes in the systems environment for which they were designed and shall not apply to any Services, Products or Output of Services which have been subject to misuse, accident or alteration or modification by Customer or any third party. GEN 1.8 – INTELLECTUAL PROPERTY OWNERSHIP a. Customer Intellectual Property. Customer grants to Xerox a non-exclusive, royalty-free, fully-paid up, worldwide license to use Customer Intellectual Property, Customer Content and Output of Services only for purposes of, and only to the extent required for, providing Services, Maintenance Services or Products under this Agreement. Xerox agrees not to decompile or reverse engineer any Customer Intellectual Property. Except as expressly set forth in this Agreement, no rights to any Customer Intellectual Property are granted to Xerox. b. Ownership of Output of Services and License to Xerox Intellectual Property. Except to the extent that the Output of Services may incorporate any Xerox Intellectual Property, the Output of Services shall be the sole and exclusive property of Customer. To the foregoing extent, Xerox hereby assigns, grants, conveys, and transfers to Customer all rights in and to the Output of Services for the applicable Order. To the extent that the Output of Services may incorporate any Xerox Intellectual Property, Xerox grants Customer a non-exclusive, perpetual, fully paid-up, worldwide right to use, display, and reproduce the Xerox Intellectual Property only as required for use of the Output of Services for Customer’s customary business purposes and not for resale, license or distribution outside of Customer’s organization. If XDM Customer Views are to be provided under a SOW, Xerox grants Customer a limited license to access and use the XDM Customer Views only for the purpose of receiving Services under the SOW. Customer agrees not to decompile or reverse engineer any Xerox Intellectual Property. Except as expressly set forth in this Agreement, no rights to any Xerox Intellectual Property are granted to Customer. c. Xerox Tools. Xerox Tools may be used by Xerox to provide certain Services. Xerox and its licensors will at all times retain all right, title and interest in and to Xerox Tools including without limitation, all intellectual property rights therein, and, except as expressly set forth herein, no rights to use, access or operate the Xerox Tools are granted to Customer. Xerox Tools will be installed and operated only by Xerox or its authorized agents. Customer will not decompile or reverse engineer any Xerox Tools, or allow others to engage in same. Customer will have access to Data and reports generated by the Xerox Tools and stored in a provided database as set forth in the applicable SOW. Xerox may remove Xerox Tools at any time in Xerox’s sole discretion, provided that the removal of Xerox Tools will not affect Xerox’s obligations to perform Services, and Customer shall reasonably facilitate such removal. d. Xerox Client Tools. Xerox grants to Customer a non-exclusive, non-transferable, non-assignable (by operation of law or otherwise) license to install, use and access the Xerox Client Tools only for the purpose of receiving the Services for which they were provided. Customer may not: (i) distribute, copy, modify, create derivatives of, decompile, or reverse engineer the Xerox Client Tools, except as permitted by applicable law; or, (ii) allow others to engage in same. Title to the Xerox Client Tools and all intellectual property rights therein shall, at all times, reside solely with Xerox and its licensors. Certain Xerox Client Tools may be subject to mandatory third party flow-down terms and conditions, which will be provided separately. e. Data Collection and Use. Data collected by the Xerox Tools is transmitted by a Xerox Tool to a remotely hosted server that hosts other Xerox Tools. The automatic data transmission capability will not allow Xerox to read, view or download any Customer documents or other information residing on or passing through the Equipment or Third Party Hardware or Customer’s information management systems. GEN 1.9 – INDEMNIFICATION a. General Indemnification. Xerox, if promptly notified and given the right to control the defense, shall indemnify, defend and hold harmless the Customer, its Affiliates, and their respective officers, directors, employees, agents, successors and assigns, from and against all claims by a third party for losses, damages, costs or liability of any kind (including expenses and reasonable legal fees) that a court finally awards such party (“Claims”) for bodily injury (including death) and damage to real or tangible property, to the extent proximately caused by Xerox’s negligent acts or omissions, or willful misconduct in connection with this Agreement. b. Xerox Indemnification. Xerox shall, if promptly notified by Customer (or its Affiliate(s)) and given the right to control the defense, indemnify, defend and hold harmless Customer, its Affiliates and their respective officers, directors, employees, agents successors and assigns, for all Claims that Xerox Products or Customer’s use of the Services provided by Xerox under this Agreement infringe a U.S. patent, copyright or other intellectual property right. Notwithstanding anything to the contrary herein, Xerox shall have no obligation under this Section GEN 1.9(b) to the extent any Claim is based on or arises out of any (i) Services performed using Customer Assets, Customer Content 383 of 1132 388 Xerox Clarification/Exceptions to The Regents of the University of California Request for Proposal # Print, Goods and Services University of California Page 17 of 26 RT (5/2020) or other materials provided to Xerox by Customer for which Customer failed to provide sufficient rights to Xerox; (ii) infringement by Services resulting from Customer’s direction, specification or design, (iii) modification or alteration to such Xerox Products or Services not approved in writing by Xerox; (iv) any combination or use of the Xerox Products or Services not approved in writing by Xerox; (v) use of the Xerox Products or Services not in accordance with the applicable Documentation; or (vi) Customer’s failure to use corrections or enhancements to the Xerox Products provided by Xerox. If a Claim is made or appears likely to be made pursuant to this Section GEN 1.9(b), Customer agrees to permit Xerox, at Xerox’s sole option and expense, to obtain the right to enable Customer to continue to use such Xerox Products, to make them non-infringing or to replace them with items that are at least functionally equivalent. If Xerox determines that none of these alternatives is reasonably available, Customer agrees to return such Xerox Products to Xerox upon Xerox’s written request. Xerox will then give Customer a refund equal to the amount Customer paid Xerox for such Xerox Products less a reasonable usage fee. c. Xerox is not responsible for any litigation expenses of the Customer or any settlements unless it pre-approves them in writing. GEN 1.10 – LIMITATION OF LIABILITY Except as prohibited by law, the following limitations apply: a. NO CONSEQUENTIAL DAMAGES. SUBJECT TO SECTION GEN 1.10(c), IN NO EVENT WILL EITHER PARTY OR ITS AFFILIATES OR THEIR RESPECTIVE OFFICERS, DIRECTORS, EMPLOYEES OR AGENTS BE LIABLE TO THE OTHER PARTY OR ITS AFFILIATES OR THEIR RESPECTIVE OFFICERS, DIRECTORS, EMPLOYEES OR AGENTS FOR ANY INDIRECT, INCIDENTAL, EXEMPLARY, PUNITIVE, SPECIAL OR CONSEQUENTIAL DAMAGES, INCLUDING WITHOUT LIMITATION, DAMAGES FOR LOST PROFITS, REGARDLESS OF THE FORM OF ACTION, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE) OR OTHERWISE, AND EVEN IF SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. b. LIMITATION ON RECOVERY. SUBJECT TO SECTION GEN 1.10(c), THE TOTAL AGGREGATE LIABILITY OF EITHER PARTY (AND ITS AFFILIATES AND THEIR RESPECTIVE OFFICERS, DIRECTORS, EMPLOYEES OR AGENTS) FOR DIRECT DAMAGES ARISING OUT OF OR IN ANY WAY CONNECTED TO THIS AGREEMENT, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), OR OTHERWISE, WILL BE LIMITED TO AN AMOUNT EQUAL TO THE AMOUNT OF ALL CHARGES PAID BY CUSTOMER TO XEROX UNDER THE ORDER UNDER WHICH THE CLAIM AROSE (LESS PASS THROUGH EXPENSES SUCH AS, WITHOUT LIMITATION, POSTAGE) IN THE TWELVE (12) MONTHS PRIOR TO THE DATE UPON WHICH THE CLAIM AROSE. THE EXISTENCE OF MULTIPLE CLAIMS OR SUITS UNDER OR RELATED TO THIS AGREEMENT AND ANY ORDERS HEREUNDER WILL NOT ENLARGE OR EXTEND THIS LIMITATION OF DAMAGES. NOTWITHSTANDING THE FOREGOING, NOTHING SET FORTH IN THIS SECTION GEN 1.10(b) SHALL LIMIT CUSTOMER’S OBLIGATION TO PAY XEROX ALL CHARGES AND EXPENSES FOR PRODUCTS AND SERVICES PROVIDED UNDER THIS AGREEMENT. c. EXCEPTIONS. THE LIMITATIONS SET FORTH IN SECTION GEN 1.10 SHALL NOT APPLY WITH RESPECT TO: i. THE SPECIFIC INDEMNITY OBLIGATIONS SET OUT IN THIS AGREEMENT; ii. EITHER PARTY’S WILLFUL MISCONDUCT, GROSS NEGLIGENCE OR FRAUD; iii. BODILY INJURY OR DEATH CAUSED BY A PARTY’S NEGLIGENCE OR WILLFUL MISCONDUCT OR THAT OF ITS EMPLOYEES, AGENTS OR SUBCONTRACTORS; OR iv. A PARTY EXCEEDING ITS RIGHTS, IF ANY, TO THE OTHER PARTY’S INTELLECTUAL PROPERTY OR MISAPPROPRIATING OR INFRINGING THE OTHER PARTY’S INTELLECTUAL PROPERTY RIGHTS AS GRANTED UNDER THIS AGREEMENT. GEN 1.11 – TERM AND TERMINATION This Agreement shall commence on the Effective Date and shall continue for a term of months, and continue on a month- to-month basis thereafter until expressly renewed by mutual written agreement or terminated by either party upon thirty (30) days’ written notice. Upon termination, Customer shall permit Xerox to enter Customer Facilities for purposes of removing the Products, Xerox Tools, and/or Xerox Client Tools. Each Order hereunder shall have its own term, which shall be stated in the Order. In the event that the Region 4 ESC Contract expires or is terminated, this Agreement and all Services Contracts and Orders thereunder that are in effect at that time shall remain in full force and effect until their expiration or termination, and continue under the same terms and conditions as if the Region 4 ESC Contract were still in effect. In the event this Agreement expires or is terminated, each Services Contract in effect at that time shall remain in full force and effect until the expiration or termination of all Orders constituting such Services Contract (including any extensions or renewals thereof) and shall at all times be governed by, and be subject to, the terms and conditions of this Agreement as if this Agreement were still in effect. Termination of any Order shall not affect this Agreement or any other Orders then in effect. Notwithstanding any other provision in the 384 of 1132 389 Xerox Clarification/Exceptions to The Regents of the University of California Request for Proposal # Print, Goods and Services University of California Page 18 of 26 RT (5/2020) Agreement to the contrary, should an Order be terminated prior to expiration for any reason or a unit of Third Party Hardware or any Third Party Software for which Third Party Funds have been provided is removed or replaced prior to expiration, Customer agrees to pay to Xerox, in addition to any other amounts owed under said Order, an amount equal to the remaining principal balance of the Funds together with a 15% disengagement fee, for loss of bargain and not as a penalty. GEN 1.12– CONFIDENTIALITY a. Obligation. Customer and Xerox acknowledge that, during the term of this Agreement and any Order hereunder, each party (or its Affiliates) may be provided with or have access to, certain Confidential Information belonging to the other party (or its Affiliates). The parties will ensure that their employees comply with their respective corporate policies and procedures regarding the disclosure of Confidential Information. The parties agree to use the Confidential Information provided under this Agreement only for purposes directly related to the performance of obligations and use of rights granted under this Agreement. The receiving party may not disclose Confidential Information to third parties unless such third party has a need to know such Confidential Information in order to perform under this Agreement and has agreed in writing to be bound by terms no less restrictive than those set forth herein. Each party shall be responsible for any breaches of the obligations in this Section by its employees and such third parties. The receiving party shall protect the disclosing party’s Confidential Information with the same degree of care that it uses to protect its own confidential information of like importance, but not less than reasonable care. Each party agrees not to disclose the terms and conditions of this Agreement, all Services Contracts and Orders, and any attachments and exhibits thereto, without the other party’s prior written consent. Xerox may use Customer as a reference with other customers, including in marketing materials. Xerox may disclose the identity and address of Customer to Xerox’s third party licensors if contractually required for royalty reporting purposes. b. Exclusions. The obligations of confidentiality will not apply to any Confidential Information that: (1) was in the public domain prior to, at the time of, or subsequent to the date of disclosure through no fault of the receiving party; (2) was rightfully in the receiving party’s possession or the possession of any third party free of any obligation of confidentiality; or (3) was developed by the receiving party’s employees independently of and without reference to any of the other party’s Confidential Information. c. Return of Information. Upon termination or expiration of this Agreement or an Order, except as otherwise set forth hereunder, each party shall cease use of the other party’s Confidential Information and other data and, upon request, shall (1) return all such Confidential Information and any copies thereof, or (2) permanently destroy such Confidential Information and certify that such Confidential Information has been so destroyed; provided, however, that any obligations regarding removal of Customer Confidential Information stored on hard drives on Equipment owned by Xerox and any costs associated with such removal will be set forth in the applicable Order. d. Disclosure under Legal Requirement. If the recipient of Confidential Information is required to disclose Confidential Information pursuant to a court order or by law or regulation, that party will (1) notify the disclosing party of the obligation to make such disclosure, and (2) reasonably cooperate with the disclosing party if the disclosing party seeks a protective order, but any costs incurred by the receiving party will be reimbursed by the disclosing party, except for costs of the receiving party’s employees. e. Duration of Confidentiality Obligation. Except for Private Information and Xerox Intellectual Property, the obligations set forth in this Section shall continue for one (1) year after termination or expiration of this Agreement or the Order under which such Confidential Information was disclosed, whichever occurs later. The duration of confidentiality obligations with respect to Private Information shall be governed by applicable Privacy Laws. Confidentiality obligations with respect to Xerox Intellectual Property shall continue so long as it continues to be Xerox trade secrets. f. Residual Rights. Each party understands that the other party shall be free to use for any purpose the Residuals resulting from access to Confidential Information as a result of the performance of its obligations under an Order, provided that such party shall maintain the confidentiality of such Confidential Information as provided herein. Neither party shall pay royalties for the use of Residuals. However, the foregoing shall not be deemed to grant either party a license under the other party’s copyrights or patents. GEN 1.13– DATA PROTECTION/PRIVACY a. To the extent that Privacy Laws are applicable to Customer and Xerox in connection with the performance of Services, each party agrees to comply with the applicable provisions of such Privacy Laws. b. Xerox has adopted reasonable physical, technical, and organizational safeguards designed to prevent accidental, unauthorized, or unlawful loss, disclosure, access, transfer or use of Private Information. Xerox will promptly notify Customer in the event of any known unauthorized or unlawful loss, disclosure, access, transfer, or use of Private Information. 385 of 1132 390 Xerox Clarification/Exceptions to The Regents of the University of California Request for Proposal # Print, Goods and Services University of California Page 19 of 26 RT (5/2020) GEN 1.14 – GOVERNING LAW AND JURISDICTION This Agreement, each respective Order, and any dispute or claim arising out of or in connection with this Agreement or such Order, shall be governed by and construed in accordance with the laws of New York without regard to its conflict of laws provisions and submitted to the exclusive jurisdiction of the federal and state courts of New York. GEN 1.15 – RESERVED. GEN 1.16– FORCE MAJEURE Except for Customer’s absolute and unconditional obligation to make all required payments of any amounts not properly disputed under this Agreement, neither Customer nor Xerox shall be liable to the other party during any period in which its performance is delayed or prevented, in whole or in part, by a Force Majeure Event. If such a circumstance occurs, the party whose performance is delayed or prevented shall undertake reasonable action to notify the other party thereof. GEN 1.17 – INSURANCE COVERAGE Xerox shall maintain the following limits of insurance coverage during the term of this Agreement: 1. Where required by law, Workers Compensation, at statutory limits; 2. Employers Liability, with $1,000,000 USD limit of liability or at statutory limits, whichever is greater; 3. Commercial General Liability, including Products - Completed Operations coverage and Broad Form Contractual, with $2,000,000 USD limit of liability per occurrence for Bodily Injury and Property Damage; and, 4. Where applicable, Automobile Liability, with a combined single limit of liability of $2,000,000 USD per accident or at statutory limits, whichever is greater. GEN 1.18 – FUNDING (this provision applies to state & local government Customers only) Customer represents and warrants that all payments due and to become due during Customer’s current fiscal year are within the fiscal budget of such year and are included within an unrestricted and unencumbered appropriation currently available for the acquisition of the Products, and it is Customer’s intent to use the Products for the entire initial term and to make all payments required under the Agreement or an Order. If (i) through no action initiated by Customer, Customer’s governing body does not appropriate funds for the continuation of the Agreement or an Order for any fiscal year after the first fiscal year and has no funds to do so from other sources, and (ii) Customer has made a reasonable but unsuccessful effort to find an assignee within Customer’s general organization who can continue the Agreement or an Order, the Agreement or the Order may be terminated. To effect this termination, Customer must, 30 days prior to the beginning of the fiscal year for which Customer’s governing body does not appropriate funds for the upcoming fiscal year, notify Xerox that Customer’s governing body failed to appropriate funds and that Customer has made the required effort to find an assignee. Customer’s notice must certify that canceled Equipment is not being replaced by equipment performing similar functions during the ensuing fiscal year. Customer agrees to release the Equipment to Xerox and, when returned, the Equipment will be in good condition and free of all liens and encumbrances. Customer will then be released from any further payments obligations beyond those payments due for the current fiscal year. GEN 1.19– COMPLIANCE WITH LAWS AND POLICIES Xerox and Customer shall comply with all applicable laws and regulations in the performance of their respective obligations under this Agreement. Xerox agrees to comply with Customer’s internal policies regarding security and safety at Customer Facilities that are reasonable and customary under the circumstances and which do not conflict with the terms of this Agreement. Customer agrees to provide Xerox with reasonable prior written notice of such policies and any changes to such policies. If a change in Customer policy results in incremental costs to Xerox, Xerox may, upon providing notice to Customer, pass such costs on to Customer. GEN 1.20 – MISCELLANEOUS a. Copies of Agreement. Except as required by law, both parties agree that any reproduction of this Agreement made by reliable means (for example, photocopy or facsimile) shall be considered an original. Xerox may retain a hardcopy, electronic image, photocopy, or facsimile of this Agreement and each Order hereunder, which shall be considered an original and shall be admissible in any action to enforce said Agreement or Order. b. Amendment. All changes to this Agreement must be made in a writing signed by Customer and Xerox. Any amendment of this Agreement shall not affect the obligations of either party under any then-existing Orders, which shall continue in effect unless the amendment expressly states that it applies to such existing Orders. An amendment to a Services Contract shall reference the number of the Services Contract that it amends. c. No Waiver; Severability; Survival. The failure by Customer or Xerox to insist upon strict performance of any of the terms and conditions in this Agreement or to exercise any rights or remedies will not be construed as a waiver of the right to assert those rights or to rely on that term or condition at any time thereafter. If any provision is held invalid by any arbitrator or any court under applicable law, such provision shall be deemed to be restated as nearly as 386 of 1132 391 Xerox Clarification/Exceptions to The Regents of the University of California Request for Proposal # Print, Goods and Services University of California Page 20 of 26 RT (5/2020) possible to reflect the original intention of the parties in accordance with applicable law. The remainder of this Agreement shall remain in full force and effect. Any terms and conditions of this Agreement or any Order which by their nature extend beyond the termination or expiration of the Agreement or Order will survive such termination or expiration. d. Independent Contractors. Xerox shall perform all Services hereunder in the capacity of independent contractor and not as Customer's employee, agent, or representative. Xerox employees shall not be entitled to privileges of employment that Customer may provide to Customer's employees, and Xerox shall be responsible for payment of all unemployment, social security, federal (state and local, as necessary) and other payroll taxes in regard to its employees involved in the performance of the Services. Neither of the parties, nor their respective employees or Affiliates, shall be authorized to conclude contracts in the name of the other party, or to act or appear as a representative of the other, whether in performing the Services or otherwise. e. No Hiring. During the term of an Order under which Xerox is providing Services and for a period of one (1) year thereafter, Customer and Xerox each agree not to hire, solicit, or employ any of the other’s personnel who have been engaged in the provision of services or the performance of this Agreement, unless prior written consent is obtained from the other party. Such prohibition shall not apply to hiring as a result of general public solicitations of employment. Should one of the parties hire the other party’s personnel in violation of this Agreement, the violating party shall immediately pay to the other, as liquidated damages and as the sole remedy for such violation, an amount equal to such personnel’s then current annual compensation (or the amount paid to such person during the previous twelve (12) months in the case of an independent contractor). f. Assignment. Except for Xerox’s assignment to an Affiliate or to a third party for the purposes of securitizing or factoring, neither party may assign this Agreement and any Order(s) hereunder without the prior written consent of the other party. In the event of a permitted assignment by Xerox, each successive assignee of Xerox will have all of the rights but none of the obligations of Xerox pursuant to this Agreement. Customer will continue to look to Xerox for performance of Xerox’s obligations hereunder and Customer hereby waives and releases any assignees of Xerox from any such claim. Customer will not assert any defense, counterclaim, or setoff that Customer may have or claim against Xerox against any assignee of Xerox. g. Communication Authorization. Customer authorizes Xerox or its agents to communicate with Customer by any electronic means (including cellular phone, email, automatic dialing, and recorded messages) using any phone number (including cellular) or electronic address that Customer provides to Xerox. h. Limitation on Charges. In no event will Xerox charge or collect any amounts in excess of those allowed by applicable law. Any part of an Order that would, but for this Section, be construed to allow for a charge higher than that allowed under any applicable law, is limited and modified by this Section to limit the amounts chargeable under such Order to the maximum amount allowed by law. If, in any circumstances, an amount in excess of that allowed by law is charged or received, such charge will be deemed limited to the amount legally allowed and the amount received by Xerox in excess of that legally allowed will be applied to the payment of amounts owed or will be refunded to Customer. i. Order of Precedence; Entire Agreement. This Agreement, including all schedules, attachments, exhibits and amendments hereto and the Services Contract(s) hereunder, and the Region 4 ESC Contract, constitutes the entire agreement between the parties as to the subject matter and supersedes all prior and contemporaneous oral and written agreements regarding the subject matter hereof and neither party has relied on or is relying on any other information, representation, discussion or understanding in entering into and completing the transactions contemplated in this Agreement. The parties agree that except as expressly set forth in this Agreement, in the event of any conflict between terms and conditions, the order of precedence shall be this Agreement, the applicable Orders under the Services Contract (excluding Customer POs), the SOW or DOS, as applicable, and the Region 4 ESC Contract. If a term in this Agreement expressly provides for a term in an Order to take precedence, such provision in the Order shall prevail to the extent of any conflict. Notwithstanding the foregoing, provisions in the General Module of this Agreement related to: (1) Section GEN 1.8 (Intellectual Property Ownership); (2) Section GEN 1.9 (Indemnification); (3) Section GEN 1.10 (Limitation of Liability); (4) Section GEN 1.12 (Confidentiality); and (5) Section GEN 1.3 (Taxes), will prevail over conflicting provisions in any other contractual document. SERVICES MODULE SVC 1 – TERMS AND CONDITIONS SPECIFIC TO SERVICES In addition to the terms and conditions in the General (GEN) Module, the following terms and conditions apply to Xerox’s performance of Services. 387 of 1132 392 Xerox Clarification/Exceptions to The Regents of the University of California Request for Proposal # Print, Goods and Services University of California Page 21 of 26 RT (5/2020) SVC 1.1 – SCOPE OF SERVICES Subject to the terms and conditions of this Agreement, Services will be performed by Xerox and/or its Affiliates in accordance with the requirements set forth in an Order. If Customer fails to perform or is delayed in performing any of its responsibilities under this Agreement, such failure or delay may prevent Xerox from being able to perform any part of the Services or Xerox- related activities. Xerox shall be entitled to an extension or revision of the applicable term of the Order (which may include setting a new expected date for commencement of Services) or to an equitable adjustment in performance metrics associated with such failure or delay. SVC 1.2 – CHARGES FOR SERVICES Charges for Services are set forth in the applicable Order. Charges are based upon information exchanged between Customer and Xerox, which is assumed to be complete and accurate, and also depend upon other factors such as the timely performance by Customer of its responsibilities. If: (a) such information should prove to be incomplete or inaccurate in any material respect; or (b) there is a failure or delay by the Customer in performing its responsibilities under this Agreement or an Order which results in Xerox incurring a loss or additional cost or expense, then the charges shall be adjusted to reflect proportionately the impact of such materially incomplete or inaccurate information or such failure or delay. Charges that are indicated in an Order as being fixed are not subject to an annual percentage escalation for the initial term of such Order. If Xerox provides Services partially or early (for example, prior to the start of the initial term of an Order), Xerox will bill Customer on a pro rata basis, based on a thirty (30) day month, and the terms and conditions of this Agreement will apply. SVC 1.3 – USE OF SUBCONTRACTORS Xerox may, when it reasonably deems it appropriate to do so, subcontract any portion of the Services. Xerox shall remain responsible for any Services performed by subcontractors retained by Xerox to the same extent as if such Services were performed by Xerox. SVC 1.4 – SERVICES SCOPE CHANGES Except as otherwise set forth in an Order, either party may propose to modify the then-existing Services that are described in an Order, or to add new Services under a Services Contract. If Xerox determines such changes are feasible, Xerox will prepare and propose to Customer an Order incorporating the requested changes and any related impact to the Charges or terms. Once Customer executes and Xerox accepts the Order, Xerox will promptly proceed with the new and/or revised Services in accordance with the terms of the Order and this Agreement. SVC 1.5 – EARLY TERMINATION OF SERVICES AND LABOR Except as otherwise set forth in a Services Contract, upon ninety (90) days prior written notice, Customer may terminate or reduce any Services or labor provided pursuant to an Order without incurring early termination charges except as set forth in the next sentence. Notwithstanding the foregoing, if any such Services or labor provided under an Order are terminated (a) by Xerox due to Customer’s default or (b) by Customer and Customer acquires similar services from another supplier within six (6) months of the termination of such Services or labor, Customer shall pay all amounts due as of the termination date, together with the early termination charges, for loss of bargain and not as a penalty, stated in the Order or, if not specifically stated therein, an amount equal to the then current MMC for said terminated or reduced Services or labor multiplied by the number of months remaining in the term of the related Order, not to exceed six (6) months. EQUIPMENT MODULE EQP 1 – TERMS AND CONDITIONS SPECIFIC TO EQUIPMENT & THIRD PARTY HARDWARE In addition to the terms and conditions in the General (GEN) Module, the following terms and conditions apply to Equipment and Third Party Hardware provided to Customer. EQP 1.1 – TERM AND DATE OF INSTALLATION The term for each unit of Equipment shall be the term stated on the applicable Order, with the commencement date based upon the actual Date of Installation. If the Date of Installation for a unit of Equipment is prior to the applicable Order start date, Xerox will bill the Customer for such Equipment on a pro rata basis, based on a thirty (30) day month, and the terms and conditions of this Agreement and the applicable Services Contract will apply as of the Date of Installation. EQP 1.2 – DELIVERY AND REMOVAL AND SUITABILITY OF CUSTOMER FACILITIES Xerox will be responsible for all standard delivery charges for Equipment and Third Party Hardware and, for Equipment or Third Party Hardware for which Xerox holds title, standard removal charges. Non-standard delivery or removal charges (including removal prior to the end of the term for any Equipment) will be at Customer’s expense. The suitability of Customer Facilities for installation of Equipment or Third Party Hardware, including compliance with state and local building, fire and safety codes and any non-standard state or local installation requirements, is Customer’s responsibility. 388 of 1132 393 Xerox Clarification/Exceptions to The Regents of the University of California Request for Proposal # Print, Goods and Services University of California Page 22 of 26 RT (5/2020) EQP 1.3 – EQUIPMENT STATUS Unless Customer is acquiring previously installed equipment, Equipment will be either: (a) “Newly Manufactured,” which may contain some recycled components that are reconditioned; (b) “Factory Produced New Model” which is manufactured and newly serialized at a Xerox factory, adds functions and features to a product previously disassembled to a Xerox predetermined standard, and contains new components and recycled components that are reconditioned; or (c) “Remanufactured,” which has been factory produced following disassembly to a Xerox predetermined standard and contains both new components and recycled components that are reconditioned. Xerox makes no representations as to the status of any Third Party Hardware that Xerox may provide under any Order. EQP 1.4 – CONSUMABLE SUPPLIES If specified in an Order, Xerox will provide Consumable Supplies for related Equipment. Consumable Supplies are Xerox’s property until used in the Equipment for which they are provided. Upon expiration or termination of the applicable Order, Customer will either return any unused Consumable Supplies to Xerox at Xerox’s expense when using Xerox-supplied shipping labels, or destroy them in a manner permitted by applicable law. Xerox reserves the right to charge Customer for any Consumable Supplies usage that exceeds Xerox’s published yields by more than ten percent (10%). In such a case, Xerox will notify Customer of the excess usage. If such excess usage does not cease within thirty (30) days after notice, Xerox may charge Customer for the excess usage. If Xerox provides paper under a Services Contract, upon thirty (30) days’ notice, Xerox may adjust paper pricing or either party may terminate the provision of paper. EQP 1.5 – USE AND RELOCATION For any Equipment or Third Party Hardware provided by Xerox, with the exception of Purchased Equipment for which Customer has paid in full, Customer agrees that: (a) the Equipment or Third Party Hardware shall remain personal property; (b) Customer will not attach any of the Equipment or Third Party Hardware as a fixture to any real estate; (c) Customer will not pledge, sub- lease or part with possession of the Equipment or Third Party Hardware or file or permit to be filed any lien against the Equipment or Third Party Hardware; and (d) Customer will not make any permanent alterations to the Equipment or Third Party Hardware. While Equipment or Third Party Hardware is subject to an Order, Customer must provide Xerox prior written notice of all Equipment or Third Party Hardware relocations and Xerox may arrange to relocate the Equipment or Third Party Hardware at Customer’s expense. While Equipment or Third Party Hardware is being relocated, Customer remains responsible for making all payments to Xerox required under the applicable Order. All parts or materials replaced, including as part of an upgrade, will become Xerox’s property. Equipment or Third Party Hardware cannot be relocated outside of the U.S. until Customer has paid in full for the Equipment or Third Party Hardware and has received title thereto. Notwithstanding anything to the contrary in the foregoing, to the extent the Equipment contains any Software, any relocation of such Equipment is subject to the terms and conditions set forth in the Software License Module of this Agreement. EQP 1.6 – SUPPLIER EQUIPMENT PROVIDED In the event Xerox provides Supplier Equipment to Customer, the following terms shall apply unless otherwise specified in an Order: a. Unless Supplier Equipment is purchased by Customer, Xerox (or the applicable third party vendor) shall at all times retain title to the Supplier Equipment. Customer hereby authorizes Xerox or its agents to file financing statements necessary to protect Xerox’s rights to Supplier Equipment. Each party will promptly notify the other, in writing, of any change in ownership, or if it relocates its principal place of business, or changes the name of its business. The risk of loss for the Supplier Equipment shall pass to Customer upon delivery to the applicable Customer Facilities. Customer will insure the Supplier Equipment against loss or damage and the policy will name Xerox as loss payee. b. Customer agrees to use the Supplier Equipment in accordance with, and to perform, all operator maintenance procedures for the Supplier Equipment described in the applicable Documentation made available or provided by Xerox. The Customer shall not (unless the Supplier Equipment is Purchased Equipment, and then only with Xerox’s prior consent): i. sell, charge, let or part with possession of the Supplier Equipment; ii. remove the Supplier Equipment from Customer Facilities in which it is installed; or iii. make any changes or additions to the Supplier Equipment. c. Early Termination. Equipment is provided for a minimum order term (as specified in the applicable Order per EQP 1.1 above). If Equipment is terminated for any reason before the end of its minimum order term, the termination charges set forth in the applicable Order or Services Contract for such Equipment shall apply. EQP 1.7 – DATA SECURITY Certain models of Equipment can be configured to include a variety of data security features. There may be an additional cost associated with certain data security features. The selection, suitability and use of data security features are solely Customer’s 389 of 1132 394 Xerox Clarification/Exceptions to The Regents of the University of California Request for Proposal # Print, Goods and Services University of California Page 23 of 26 RT (5/2020) responsibility. Upon request, Xerox will provide additional information to Customer regarding the security features available for particular Equipment models. EQP 1.8 – REMOTE SERVICES FOR EQUIPMENT Certain models of Equipment are supported and serviced using Remote Data Access. Remote Data Access also enables Xerox to transmit to the Customer Maintenance Releases or Updates for software or firmware and to remotely diagnose and modify Equipment to repair or correct malfunctions. Remote Data will be transmitted to and from Customer in a secure manner specified by Xerox. Remote Data Access will not allow Xerox to read, view or download any Customer data, documents or other information residing on or passing through the Equipment, Third Party Hardware or Customer’s information management systems. Customer grants the right to Xerox, without charge, to establish and maintain Remote Data Access for the purposes described above. Upon Xerox’s request, Customer will provide contact information for Equipment such as name and address of Customer contact and IP and physical addresses/locations of Equipment. Customer will enable Remote Data Access via a method prescribed by Xerox and Customer will provide Xerox with reasonable assistance to allow Xerox to have Remote Data Access. Unless Xerox deems Equipment incapable of Remote Data Access, Customer will ensure that Remote Data Access is maintained at all times Maintenance Services are being performed. EQP 1.9 - TOTAL SATISFACTION GUARANTEE. a. "SP Equipment" means any iGen3, iGen4, iGen150, iGen5 or Xerox Color 8250 Production Printer. If, during any 90 day period, the performance of SP Equipment delivered under this Agreement is not at least substantially consistent with the performance expectations outlined in the SP Equipment’s Customer Expectations Document ("Expectations Document"), Xerox will, at Customer’s request, replace the SP Equipment without charge with identical SP Equipment or, at Xerox’s option, with Equipment with comparable features and capabilities (the” SP Equipment Guarantee”). The SP Equipment Guarantee does not apply during the first 180 days after installation and will expire at the end of the initial term of the Order; provided however, for SP Equipment identified as “Previously Installed”, this SP Equipment Guarantee expires 1 year after installation. This SP Equipment Guarantee applies only to SP Equipment that has been (i) continuously maintained by Xerox through the provision of Xerox Maintenance Services, and (ii) operated at all times in accordance with the Expectations Document. b. "Non-SP Equipment" means any Equipment other than SP Equipment. If Customer is not completely satisfied with any Non-SP Equipment delivered under an Order under this Agreement, Xerox will, at Customer’s request, replace it without charge with identical Non-SP Equipment or, at the option of Xerox, with Equipment with comparable features and capabilities (the” Non-SP Equipment Guarantee”). The Non-SP Equipment Guarantee applies only to Non-SP Equipment that has been continuously maintained by Xerox through the provision of Xerox Maintenance Services. The Non-SP Equipment Guarantee will expire at the end of the initial term of the subject Order; provided however, for Non-SP Equipment identified as “Previously Installed”, the Non-SP Equipment Guarantee expires 1 year after the Installation Date. The Non-SP Equipment Guarantee does not apply to a limited number of Non-SP Equipment models, which models are identified in the applicable Order Document. c. The SP Equipment Guarantee and Non-SP Equipment Guarantee replace and supersede any other guarantee from Xerox, whether made orally or in writing, styled a "Total Satisfaction Guarantee", "Satisfaction Guarantee" or otherwise covering the subject matter set forth above. EQP 1.10 – REMOVAL OF HAZARDOUS WASTE Customer agrees to take responsibility for legally disposing of all hazardous wastes generated from the use of Third Party Hardware or supplies. EQUIPMENT PURCHASE MODULE EP 1 – TERMS AND CONDITIONS SPECIFIC TO EQUIPMENT PURCHASE In addition to the terms and conditions in the General (GEN) Module, the following terms and conditions apply to the acquisition of Purchased Equipment: EP 1.1 – ORDER Orders for an outright purchase of Equipment shall include the unique Xerox-provided contract number and the number of this Agreement on all applicable ordering documents. EP 1.2 – TITLE Title to Purchased Equipment will pass to Customer upon delivery to the applicable Customer Facilities. EP 1.3 – DEFAULT 390 of 1132 395 Xerox Clarification/Exceptions to The Regents of the University of California Request for Proposal # Print, Goods and Services University of California Page 24 of 26 RT (5/2020) If Customer defaults under a XOA for Purchased Equipment, Xerox, in addition to its other remedies (including the cessation of Maintenance Services if applicable), may require immediate payment of all amounts then due, plus all Transaction Taxes and applicable interest on all amounts due from the due date until paid. Customer shall also pay all reasonable costs, including attorney’s fees, incurred by Xerox to enforce this Agreement. EP 1.4 – MAINTENANCE SERVICES FOR PURCHASED EQUIPMENT If Customer elects to receive Maintenance Services for Purchased Equipment, Customer shall do so under a separate Order under the Agreement for such Maintenance Services. EP 1.5 – AGREEMENT PROVISION EXCLUSIONS The following Agreement provisions do not apply to Orders for an outright purchase of Equipment: GEN 1.1 c.ii – iii; GEN 1.6 b – j; GEN 1.7 b.1; GEN 1.11; EQP 1.4; EQP 1.6. MAINTENANCE SERVICES MODULE MS 1 – TERMS AND CONDITIONS SPECIFIC TO MAINTENANCE SERVICES In addition to the terms and conditions in the General (GEN) Module, and except as otherwise set forth in an Order, the following terms and conditions apply to provision of Maintenance Services. MS 1.1 – MAINTENANCE SERVICES As part of an Order for (a) stand-alone Maintenance Services related to Purchased Equipment, or (b) Maintenance Services related to Equipment to which Xerox does not hold title, or as a mandatory part of an Order for Equipment (other than Purchased Equipment) that includes Maintenance Services, Xerox or a designated service provider will provide the following Maintenance Services for Equipment. If Customer is acquiring Equipment for which Xerox does not offer Maintenance Services, such Equipment will be designated as “No Svc.” This Module does not apply to maintenance of Third Party Hardware. Maintenance that Xerox provides on Third Party Hardware will be provided in accordance with the terms of the applicable Order. The provision of Maintenance Services is contingent upon Customer facilitating timely and efficient resolution of Equipment issues by: (i) utilizing Customer-implemented remedies provided by Xerox; (ii) replacing Cartridges; and (iii) providing information to and implementing recommendations provided by Xerox telephone support personnel in those instances where Xerox is not providing on-site Equipment support personnel. If an Equipment issue is not resolved after completion of (i) through (iii) above, Xerox will provide on-site support as provided in the applicable Order. MS 1.2 – REPAIRS AND PARTS a. Xerox will make repairs and adjustments necessary to keep the Equipment in good working order and operating in accordance with its written specifications (including such repairs or adjustments required during initial installation). Maintenance Services shall cover repairs and adjustments required as a result of normal wear and tear or defects in materials or workmanship. Parts required for repair may be new, reconditioned, reprocessed or recovered. b. If Xerox is providing Maintenance Services for Equipment that uses Cartridges, Customer will use only unmodified Cartridges purchased directly from Xerox or its authorized resellers. Failure to use such Cartridges will void any warranty applicable to such Equipment. Cartridges packed with Equipment or furnished by Xerox as Consumable Supplies will meet Xerox’s new Cartridge performance standards and may be new, remanufactured or reprocessed and contain new and/or reprocessed components. To enhance print quality, Cartridges for many models of Equipment have been designed to cease functioning at a predetermined point. Many Equipment models are designed to function only with Cartridges that are newly manufactured original Xerox Cartridges or with Cartridges intended for use in the U.S. MS 1.3 – HOURS AND EXCLUSIONS Unless otherwise set forth in an Order, Maintenance Services will be provided in areas accessible for repair services during Xerox’s standard working hours. Maintenance Services excludes repairs due to: (a) misuse, neglect or abuse; (b) failure of the installation site or the PC or workstation used with the Equipment to comply with Xerox’s published specifications; (c) use of options, accessories, or other products not serviced by Xerox; (d) non-Xerox alterations, relocation, service or supplies; and (e) failure to perform operator maintenance procedures identified in operator manuals. Customer agrees to furnish all referenced parts, tools, and supplies needed to perform those procedures that are described in the applicable manuals and instructions. MS 1.4 – INSTALLATION SITE AND METER READINGS In order to receive Maintenance Services for Equipment requiring connection to a PC or workstation, Customer must utilize a PC or workstation that either (a) has been provided by Xerox or (b) meets Xerox’s published specifications. The Equipment installation site must conform to Xerox’s published requirements. If applicable, unless otherwise set forth in an Order, Customer agrees to provide meter readings in the manner prescribed by Xerox. If Customer does not provide Xerox with meter readings 391 of 1132 396 Xerox Clarification/Exceptions to The Regents of the University of California Request for Proposal # Print, Goods and Services University of California Page 25 of 26 RT (5/2020) as required, for Equipment not capable of Remote Data Access, or if Remote Data Access is interrupted, Xerox may estimate them and bill Customer accordingly. MS 1.5– REMEDY If Xerox is unable to maintain the Equipment as described above, Xerox will, as Customer’s exclusive remedy for Xerox’s failure to provide Maintenance Services, replace the Equipment with an identical product or, at Xerox’s option, another model with comparable features and capabilities. If replacement Equipment is provided pursuant to this Section, there shall be no additional charge for its provision by Xerox during the initial term of the Order and it shall be subject to the terms and conditions of this Agreement and the applicable Order(s). Customer’s use of non-Xerox approved consumables that affect the performance of the Equipment may invalidate this remedy. MS 1.6– END OF SERVICE Xerox has no obligation to maintain or replace Equipment beyond the “End of Service” for that particular model of Equipment. End of Service (“EOS”) means the date announced by Xerox after which Xerox will no longer offer Maintenance Services for a particular Equipment model. An EOS Equipment List is available upon request. SOFTWARE LICENSE MODULE SW 1 – TERMS AND CONDITIONS SPECIFIC TO SOFTWARE In addition to the terms and conditions in the General (GEN) Module the following terms and conditions apply to the license and use of Software and its associated Documentation. SW 1.1– SOFTWARE LICENSE Xerox may provide Software to Customer pursuant to an Order hereunder. The following license applies to Software provided hereunder, unless such Software is accompanied by a click-wrap or shrink-wrap license agreement or otherwise provided subject to a separate license agreement. a. Xerox grants Customer a non-exclusive, non-transferable, non-assignable (by operation of law or otherwise) license to use in the U.S.: (i) Base Software only on or with the Equipment with which (or within which) it was delivered; and (ii) Application Software only on any single unit of Equipment, subject to Customer remaining current in the payment of any indicated applicable Software license fees (including any annual renewal fees). Customer has no other rights to the Software. Customer will not and will not allow its employees, agents, contractors or vendors to: (i) distribute, copy, modify, create derivatives of, decompile, or reverse engineer Software except as permitted by applicable law; (ii) activate Software delivered with or within the Equipment in an un-activated state; or, (iii) access or disclose Diagnostic Software for any purpose. Title to Software and all copyrights and other intellectual property rights in Software will reside solely with Xerox and its licensors (who will be considered third party beneficiaries of this Agreement’s software and limitation of liability provisions). b. The Base Software license will terminate: (i) if Customer no longer uses or possesses the Equipment with which the Base Software was provided; or (ii) upon the expiration or termination of any Order under which Customer has acquired the Equipment with which the Base Software was provided (unless Customer has exercised an option to purchase the Equipment, where available). c. Software may contain code to prevent its unlicensed use and/or transfer. If you do not permit Xerox periodic access to such Software, this code may impair the Equipment’s and/or Software’s functionality. d. Xerox does not warrant that the Software will be free from errors or that its operation will be uninterrupted. SW 1.2– SOFTWARE SUPPORT Software support will be provided by Xerox or a designated service provider as follows. For Base Software, Software support will be provided during the initial term of the applicable Order and any renewal period, but not longer than five (5) years after Xerox stops taking orders for the subject model of Equipment. For Application Software, Software support will be provided as long as Customer is current in the payment of all applicable software license, annual renewal and “support only” fees. a. Xerox will maintain a web-based or toll-free hotline during Xerox’s standard working hours to report Software problems and answer Software-related questions. Xerox, either directly or with its vendors, will make reasonable efforts to: (i) assure that Software performs in material conformity with its Documentation; (ii) provide available workarounds or patches to resolve Software performance problems; and (iii) resolve coding errors for (1) the current release and (2) the previous release for a period of six (6) months after the current release is made available to Customer. Xerox will not be required to provide Software support if Customer has modified the Software. b. Xerox may make available new releases of the Software that are designated as “Maintenance Releases” or “Updates.” Maintenance Releases or Updates are provided at no charge and must be implemented within six (6) 392 of 1132 397 Xerox Clarification/Exceptions to The Regents of the University of California Request for Proposal # Print, Goods and Services University of California Page 26 of 26 RT (5/2020) months after being made available to Customer. Each Maintenance Release or Update shall be considered Software governed by these terms. Feature Releases will be subject to additional license fees at Xerox’s then-current pricing and shall be considered Software governed by these terms and conditions (unless otherwise noted in an Order). Implementation of a Maintenance Release, Update or Feature Release may require Customer to procure, at its expense, additional hardware and/or software from Xerox or another entity. Upon installation of a Maintenance Release, Update or Feature Release, Customer will return or destroy all prior Maintenance Releases, Updates or Feature Releases. c. Xerox may annually increase Software license fees and support fees for Application Software. SW 1.3– DIAGNOSTIC SOFTWARE Diagnostic Software and method of entry or access to it constitute valuable trade secrets of Xerox. Title to the Diagnostic Software shall at all times remain solely with Xerox and Xerox’s licensors. Xerox does not grant Customer a license or right to use the Diagnostic Software. Customer will not use, reproduce, distribute, or disclose the Diagnostic Software for any purpose (or allow third parties to do so). Customer will allow Xerox reasonable access to the Equipment during Customer’s normal business hours to remove or disable Diagnostic Software if Customer is no longer receiving Maintenance Services from Xerox. SW 1.4 – THIRD PARTY SOFTWARE Third Party Software is subject to license and support terms provided by the applicable Third Party Software vendor. IN WITNESS WHEREOF, the parties have executed this Agreement on the dates set forth below intending it to become effective on the Effective Date and thereby agreeing to its terms. ENTER CUSTOMER NAME XEROX CORPORATION Signature Signature Name (please print) Name Title Title Address Address Date Date END OF CLARIFICATIONS AND ADDITIONAL TERMS 393 of 1132 398 Executive Summary Xerox is appreciative of the opportunity to respond to this RFP and we understand that in order for UC Systems to succeed, your attention needs to be focused firmly on your core business of education, not on managing print. As evidenced by the release of your Request for Proposal (RFP), you acknowledge that outsourcing print related activities to a partner is the most effective way to accomplish your objectives. To that end, we have shown ourselves to be a trust-worthy partner of USC for the past 20+ years with a focused effort on high levels of service and support with faculty and staff requirements for print across the campus. We have partnered with Pharos to deliver top tier student print experience at your libraries. In addition, our proposal will continue to build on our excellent end user support model that has been proven to deliver excellent performance on your campuses: • We will continue to provide the full-service support model. • Maintain our tenured and experienced Account Services Engineers whose commitment has helped our technical team exceed SLA performance measurements. • Sustain high levels of end user satisfaction working closely with IT Services and users on campus. • Provide efficient billing and accounting within our customer support model • Drive fast and efficient service (SLA’s) and appropriate training and support. • Ensure all end users are satisfied and all supplies are managed as prescribed by the department. • Conduct ongoing Quarterly Business Reviews that hold Xerox accountable for all our agreed performance measurements. Gateway to New Possibilities Multifunction printers built on Xerox® ConnectKey® Technology are more than machines. They are workplace assistants and the centerpiece of a workplace transformation and productivity ecosystem combining all the technologies, capabilities and extensibility you need to let your work - and work teams - flow. ConnectKey® Technology brings an entirely new level of flexibility, efficiency and possibility to your workforce with both its native apps and those available through the Xerox® App Gallery. Native apps simplify print, scan and copy functions, as well as provide access to contact lists and frequently used locations, while apps available through the App Gallery allow users to download serverless apps like Print from DropboxTM and Scan to Microsoft® Office 365® directly from the user interface. With Xerox® App Studio and Personalized Application Builder (PAB), Xerox partners can offer even more sophisticated levels of customization to automate your unique workflow requirements. 394 of 1132 399 Benchmark Security Security is a top priority for every business. Xerox ConnectKey® Technology exceeds industry standards for security features and technologies allowing you to work with total peace of mind. A Higher Standard – Leader in Print Security (we our FedRamp Certified) Although it’s integral to our technology, there’s nothing standard about the levels of security included with every ConnectKey® enabled device. Our holistic four-point approach to security ensures comprehensive and all- encompassing protection for all system components and points of vulnerability. Intrusion Prevention ConnectKey® Technology utilizes a comprehensive set of capabilities that prevents malicious attacks, the proliferation of malware, and misuse of/unauthorized access to the printer, whether from transmitted data or direct interaction at the device. All possible access points are secure, including the user interface and input ports accessible to walkup users as well as PC, server, mobile devices or cloud connections. Device Detection Xerox® ConnectKey® Technology runs a comprehensive Firmware Verification test, either at start-up* or when activated by authorized users. This provides alerts if any harmful changes to the printer have been detected. McAfee® Whitelisting** technology constantly monitors for and automatically prevents any malicious malware from running. Document and Data Protection Our comprehensive security measures do not stop with preventing unauthorized access to your printer and securing your information from the inside. ConnectKey® Technology provides capabilities to prevent intentional or unintentional transmission of critical data to unauthorized parties. From protecting printed materials by not releasing documents until the right user is at the device, to preventing scanned information reaching beyond its intended recipient, ConnectKey® Technology offers the safeguards you need to keep your most critical data assets safe and secure. Xerox also protects all your stored information, using the highest levels of encryption. You can delete any processed or stored data that is no longer required using National Institute of Standards and Technology (NIST), and U.S. Department of Defense approved data clearing and sanitization algorithms. External Partnerships ConnectKey® Technology provides extra security standards through our partnership with McAfee®*. We measure our performance against international standards with certifications like Common Criteria and FIPS 140-2 to ensure our devices are trusted in even the most secure environments. Environmental Sustainability Many of our products meet or exceed the minimum registration requirements for product environmental performance. Along with EPEAT, Xerox offers ENERGY STAR®, ECOLOGO® and Blue Angel certified office products and with its partnership with PrintReleaf, enables managed print services customers to offset their printing by planting trees in endangered geographies. Thank you for the opportunity to share our proposal. We look forward to the next phases of the procurement process and to continuing our partnership with the University of California. 395 of 1132 400 0 0 ~ Intrusion Prevention Safeg uard access and data transmission to t he device Device Detection Verification to alert aga inst harmful changes to system firmware Document and Data Protection Loc kd own sec urity from unauthorized d isclosure of in fo rm at ion ; secure data on the device External Partnerships Highest security standa rd s with McAfe e , and indu stry certifi cations Reference 1 Organization Name UC San Diego Address 9500 Gilman Drive, La Jolla, CA 92093 Telephone Number 858-534-4834 Website Address https://www.ucsd.edu/indes.html Contact Person Name Gina Webb Title Interim Manager Start & End Date of Service Over 20 years, outright purchase of Xerox equipment --- Xerox equipment, service & supplies Services Provided Reference 2 Organization Name University of Hawaii at Manoa Address 2465 Campus Road, Honolulu, HI 96822 Telephone Number 808-956-8365 Website Address https://manoa.hawaii.edu/ Contact Person Name Jchang22@hawaii.edu Title Campus Solution Manager Start & End Date of Service April 1, 2020 to March 31, 2025 Services Provided Over 100 MFD’s, Managed Print, Onsite Labor Reference 3 Organization Name University of Pacific Address 3601 Pacific Avenue, Stockton, CA 95211 Telephone Number (916) 874-7034 Website Address Contact Person Name Kevin Lemoine Title IT Project Manager Start & End Date of Service 07/01/2010 - Present Services Provided UOP solicited a bid requesting one vendor to provide Managed Print Services for MFP and printer fleet. PaperCut software would be included to allow UOP IT staff to track and bill all Staff and Student printing. MFP devices would include card readers. ID badges would authenticate and release print jobs. USB ports were plugged to eliminate the possibility of students using USB to avoid print charges. Bid was awarded to Zoom Imaging Systems in 2010 with Toshiba MFP’s. Zoom Imaging was rolled into Inland in 2019, resulting in Inland stepping into management of this account for UOP’s 3 campuses: Stockton, Sacramento, and San Francisco. 396 of 1132 401 xerox·· Reference 4 Organization Name Napa Valley College Address 2277 Napa-Vallejo Highway, Napa, CA 94558 Telephone Number (707) 256-7175 Website Address Contact Person Name Robert Parker Title VP Administrative Services Start & End Date of Service 11/01/2016 – Present Services Provided Napa Valley College wanted to continue with Inland as equipment and service provider, but Purchaser felt it was mandated to solicit a bid. A national Co-Op contract was leveraged to avoid the cost & time of preparing a RFP. An Implementation Schedule was developed based on NVC’s timeframe. Inland provided an onsite analyst to aid NVC IT staff in network installation. A Master Lease Schedule was created to allow NVC to add Xerox units on campus, as needed. A Print Service Agreement was recently negotiated, reflecting in NVC saving $12,000 annually. PaperCut will soon be implemented for an additional 15% print savings. Reference 5 Organization Name CSU Fullerton Address 800 N. State College Blvd., Fullerton, CA Telephone Number 657-278-2413 Website Address www.fullerton.edu Contact Person Name Nelson Nagai Title Senior Director, Contracts & Procurement Start & End Date of Service 5/2017-5/2022 Services Provided Xerox Managed Services, Xerox equipment, service, supplies, on-site Xerox labor, installation of Xerox equipment onto CSUF network, Xerox Device Management (XDM) tool for proactive monitoring of devices, Quarterly Business Reviews with customized reporting. Reference 6 Organization Name UCSF Documents and Media for UCSF and Berkeley Address 1855 Folsom Street, San Francisco, CA. Telephone Number (415) 502-3072 Website Address Mike.Brower@UCSF.edu Contact Person Name Mike Brower or Mario Carmona (Please Contact Xerox Representative: Scott Reiber) mobile: 505-264-7071 Email:scott.reiber@xerox.com Title Manager of Documents and Media Start & End Date of Service Services Provided 397 of 1132 402 xerox'· Organization Chart Doug MacPhee,Vice President of Sales, will have overall responsibility for the management of the UC relationship. Additionally, we have a team of 5 regionally based Client Managers who provide localized support to the 10 UC campuses and dozens of California-based internal Xerox resources who support the account team. All of our sales resources are based in California and located within close proximity to the UC campuses they support. The UC’s first escalation point is to the client manager listed below. If an item needs to be escalated beyond the client manager, Jim Potts is the appropriate management resource for resolution/escalation. Organization Chart for Xerox UC support team: Doug MacPhee Vice President of Sales Michelle Yoshino Regional Vice President, Enterprise Jim Potts Industry Sales Manager Scott Reiber UCBerkeley UC SanFrancisco& HealthCenter UC SantaCruz Daria Lewis UCIrvine UCIMedicalCenter Bill Bennett UCDavis Marcia Quo Schmidt UC SantaBarbara Martin Soto UCLA UCLA Med Ctr Daria Lewis UC SanDiego UCSD Health Scott Reiber UCOffice ofthePresident Bill Bennett UCMerced Marcia Quo Schmidt UCRiverside 398 of 1132 403 Escalation Process and Chain of Command for Problem Resolution Area Level One Level Two Level Three Why / When to Call Who to Call Why / When to Call Who to Call Why / When to Call Who to Call Customer Issues Customer issues Xerox Customer Service Unit Customer issues beyond the control of or not resolved by Customer Service Client Manager Customer issues beyond the control of or not resolved by Client Manager Account General Manager Sales Requests for Sales related issues or support Xerox Customer Service Unit Requests for Sales related issues or support not being addressed by Customer Service Client Manager Requests for Sales related issues or support not being addressed by Client Manager Public Sector Sales Manager Technical Service Routine Service required Xerox Service Help Desk Technical Service issues not resolved in a timely fashion by Help Desk/Customer Service Engineer Area Service Manager Technical Service issues not resolved in a timely fashion by Area Service Manager VP Technical Services Technical Service Escalation/Problem Resolution Process The steps for problem escalation are as follows: If the problem is not identified:Customer Service Engineer (CSE) contacts the Xerox Hotline to notify the Work Group Leader, who must respond within one hour. If the problem remains unidentified and or unresolved:CSE re-contacts the Work Group Leader and the Xerox Field Manager for Customer Service to get further assistance and direction. This activity must transpire within 1-3 hours. If Problem is still not identified or resolved:CSE contacts Work Group Leader, Customer Service Technical Specialist, and Field Manager for Customer Service to obtain further suggestions/information. This should occur within 3-4 hours. If Problem is still not identified or resolved:CSE makes arrangements to receive site assistance from Work Group Leader/Customer Service Technical Specialist and notifies the customer’s decision maker on equipment status. This should occur within four to six hours. If Problem is still not identified or resolved:CSE, Work Group Leader and Customer Service Technical Specialist contact Field Manager Technical Service to seek assistance outside the immediate support team. This should occur within six to eight hours. If Xerox is unable to correct the issue at this point:Customer can be assured that they may invoke the “Total Satisfaction Guarantee” clause in the contract. 399 of 1132 404 UNITED STATES SECURITIES AND EXCHANGE COMMISSION Washington, D.C. 20549 ______________________________________________________________________________________________________ FORM 8-K _____________________________________________________________________________________________________ CURRENT REPORT Pursuant to Section 13 or 15(d) of the Securities Exchange Act of 1934 Date of Report (date of earliest event reported): January 28, 2020 _____________________________________________________________________________________________________ XEROX HOLDINGS CORPORATION XEROX CORPORATION (Exact Name of Registrant as specified in its charter) New York 001-39013 83-3933743 New York 001-04471 16-0468020 (State or other jurisdiction of incorporation or organization)(Commission File Number)(IRS Employer Identification No.) 201 Merritt 7 Norwalk , Connecticut 06851-1056 (Address of principal executive offices) (Zip Code) Registrant’s telephone number, including area code: (203) 968-3000 _____________________________________________________________________________________________________ Check the appropriate box below if the Form 8-K filing is intended to simultaneously satisfy the filing obligation of the registrant under any of the following provisions (see General Instruction A.2. below): Written communications pursuant to Rule 425 under the Securities Act (17 CFR 230.425) Soliciting material pursuant to Rule 14a-12 under the Exchange Act (17 CFR 240.14a-12) Pre-commencement communications pursuant to Rule 14d-2(b) under the Exchange Act (17 CFR 240.14d-2(b)) Pre-commencement communications pursuant to Rule 13e-4(c) under the Exchange Act (17 CFR 240.13e-4(c)) Securities registered pursuant to Section 12(b) of the Act: Title of each class Trading Symbol Name of each exchange on which registered Xerox Holdings Corporation Common Stock, $1 par value XRX New York Stock Exchange Securities registered pursuant to Section 12(g) of the Act: None 400 of 1132 405 xerox,- Indicate by check mark whether the Registrant is an emerging growth company as defined in Rule 405 of the Securities Act of 1933 (§ 230.405 of this chapter) or Rule 12b-2 of the Securities Exchange Act of 1934 (§240.12b-2 of this chapter). Emerging growth company ☐ If an emerging growth company, indicate by check mark if the Registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act. ☐ ______________________________________________________________________________________________________ Item 2.02. Results of Operations and Financial Condition. On January 28, 2020, Registrant released its fourth quarter 2019 earnings and is furnishing to the Securities and Exchange Commission ("SEC") a copy of the earnings press release as Exhibit 99.1 to this Report under Item 2.02 of Form 8-K. Exhibit 99.1 to this Report contains certain financial measures that are considered “non-GAAP financial measures” as defined in the SEC rules. Exhibit 99.1 to this Report also contains the reconciliation of these non-GAAP financial measures to their most directly comparable financial measures calculated and presented in accordance with generally accepted accounting principles, as well as the reasons why Registrant’s management believes that presentation of the non-GAAP financial measures provides useful information to investors regarding Registrant’s results of operations and, to the extent material, a statement disclosing any other additional purposes for which Registrant’s management uses the non- GAAP financial measures. The information contained in Item 2.02 of this Report and in Exhibit 99.1 to this Report shall not be deemed “filed” with the Commission for purposes of Section 18 of the Exchange Act of 1934, as amended, or otherwise subject to the liability of that section. Item 9.01. Financial Statements and Exhibits. (d) Exhibits. Exhibit No. Description 99.1 Registrant’s fourth quarter 2019 earnings press release dated January 28, 2020 401 of 1132 406 Forward-Looking Statements This filing, and other written or oral statements made from time to time by management contain “forward-looking statements” as defined in the Private Securities Litigation Reform Act of 1995. The words “anticipate”, “believe”, “estimate”, “expect”, “intend”, “will”, “should”, "targeting", "projecting", "driving" and similar expressions, as they relate to us, our performance and/or our technology, are intended to identify forward-looking statements. These statements reflect management’s current beliefs, assumptions and expectations and are subject to a number of factors that may cause actual results to differ materially. Such factors include but are not limited to: our ability to address our business challenges in order to reverse revenue declines, reduce costs and increase productivity so that we can invest in and grow our business; our ability to attract and retain key personnel; changes in economic and political conditions, trade protection measures, licensing requirements and tax laws in the United States and in the foreign countries in which we do business; the imposition of new or incremental trade protection measures such as tariffs and import or export restrictions; changes in foreign currency exchange rates; our ability to successfully develop new products, technologies and service offerings and to protect our intellectual property rights; the risk that multi-year contracts with governmental entities could be terminated prior to the end of the contract term and that civil or criminal penalties and administrative sanctions could be imposed on us if we fail to comply with the terms of such contracts and applicable law; the risk that partners, subcontractors and software vendors will not perform in a timely, quality manner; actions of competitors and our ability to promptly and effectively react to changing technologies and customer expectations; our ability to obtain adequate pricing for our products and services and to maintain and improve cost efficiency of operations, including savings from restructuring actions; the risk that confidential and/or individually identifiable information of ours, our customers, clients and employees could be inadvertently disclosed or disclosed as a result of a breach of our security systems due to cyber attacks or other intentional acts; reliance on third parties, including subcontractors, for manufacturing of products and provision of services; the exit of the United Kingdom from the European Union; our ability to manage changes in the printing environment and expand equipment placements; interest rates, cost of borrowing and access to credit markets; funding requirements associated with our employee pension and retiree health benefit plans; the risk that our operations and products may not comply with applicable worldwide regulatory requirements, particularly environmental regulations and directives and anti-corruption laws; the outcome of litigation and regulatory proceedings to which we may be a party; any impacts resulting from the restructuring of our relationship with Fujifilm Holdings Corporation; the shared services arrangements entered into by us as part of Project Own It; the ultimate outcome of any possible transaction between Xerox Holdings Corporation (“Xerox”) and HP Inc. (“HP”), including the possibility that the parties will not agree to pursue a business combination transaction or that the terms of any definitive agreement will be materially different from those proposed; uncertainties as to whether HP will cooperate with Xerox regarding the proposed transaction; the ultimate result should Xerox determine to commence a proxy contest for election of directors to HP’s board of directors; Xerox’s ability to consummate the proposed transaction with HP; the conditions to the completion of the proposed transaction, including the receipt of any required shareholder approvals and any required regulatory approvals; Xerox’s ability to finance the proposed transaction with HP; Xerox’s indebtedness, including the substantial indebtedness Xerox expects to incur in connection with the proposed transaction with HP and the need to generate sufficient cash flows to service and repay such debt; the possibility that Xerox may be unable to achieve expected synergies and operating efficiencies within the expected time-frames or at all and to successfully integrate HP’s operations with those of Xerox; that such integration may be more difficult, time-consuming or costly than expected; that operating costs, customer loss and business disruption (including, without limitation, difficulties in maintaining relationships with employees, customers or suppliers) may be greater than expected following the proposed transaction or the public announcement of the proposed transaction; the retention of certain key employees may be difficult; and general economic conditions that are less favorable than expected. Additional risks that may affect Xerox’s operations and other factors that are set forth in the “Risk Factors” section, the “Legal Proceedings” section, the “Management’s Discussion and Analysis of Financial Condition and Results of Operations” section and other sections of Xerox Corporation's 2018 Annual Report on Form 10-K, as well as in Xerox Corporation's and Xerox Holdings Corporation's Quarterly Reports on Form 10-Q and Current Reports on Form 8-K filed with the SEC. These forward-looking statements speak only as of the date of this filing or as of the date to which they refer, and Xerox assumes no obligation to update any forward-looking statements as a result of new information or future events or developments, except as required by law. 402 of 1132 407 SIGNATURES Pursuant to the requirements of the Securities Exchange Act of 1934, each registrant has duly caused this report to be signed on its behalf by the undersigned thereunto duly authorized. The signatures for each undersigned shall be deemed to relate only to matters having reference to such company and its subsidiaries. XEROX HOLDINGS CORPORATION (Registrant) By:/S/ JOSEPH H. M ANCINI, J R. Joseph H. Mancini, Jr. Vice President and Chief Accounting Officer (Principal Accounting Officer) Date: January 28, 2020 XEROX CORPORATION (Registrant) By:/S/ JOSEPH H. M ANCINI, J R. Joseph H. Mancini, Jr. Vice President and Chief Accounting Officer (Principal Accounting Officer) Date: January 28, 2020 403 of 1132 408 EXHIBIT INDEX Exhibit No. Description 99.1 Registrant’s fourth quarter 2019 earnings press release dated January 28, 2020 101 Cover Page Interactive Data File - the cover page XBRL tags are embedded within the Inline XBRL document. 104 The cover page from this Current Report on Form 8-K, formatted as Inline XBRL. 404 of 1132 409 News from Xerox Holdings Corporation For Immediate Release Xerox Holdings Corporation 201 Merritt 7 Norwalk, CT 06851-1056 tel+1-203-968-3000 Xerox Exceeds Q4 EPS Guidance, Delivers Strong Cash Flow and Operating Margin Announces 2020 guidance consistent with three-year plan, including further EPS expansion and revenue trend improvement 2019 Full-Year Financial Highlights: •GAAP earnings per share (EPS) from continuing operations of $2.78, up $1.62 year-over-year (YOY); adjusted EPS from continuing operations of $3.55, up $0.67 YOY. •Adjusted operating margin of 13.1 percent, up 180 basis points YOY. •$1.24 billion of operating cash flow from continuing operations, up $162 million YOY; $1.18 billion of free cash flow, up $187 million YOY. •$9.07 billion of revenue, a decrease of 6.2 percent in actual currency YOY or 4.7 percent in constant currency YOY. •Achieved gross savings of $640 million under Project Own It, Xerox’s enterprise-wide initiative to simplify operations, drive continuous improvement and free up capital to reinvest in the business. •Returned 72 percent of free cash flow to shareholders. NORWALK, Conn., Jan. 28, 2020 - Xerox Holdings Corporation (NYSE: XRX) announced its fourth-quarter and full-year 2019 financial results and 2020 guidance. “We are delivering on our three-year plan. We grew earnings per share, increased cash flow and expanded adjusted operating margin for the full year, and we improved our revenue trajectory in the second half of the year as our investments in the business gained traction,” said Xerox Vice Chairman and CEO John Visentin. “We accomplished this while returning more than 70 percent of free cash flow to shareholders, paying down approximately $950 million in debt and increasing investments in our innovation areas. We are well-positioned to carry this momentum into 2020 and lead the way for long-overdue industry consolidation.” 1 405 of 1132 410 xerox,- Fourth-Quarter Key Financial Results - Continuing Operations: (in millions, except per share data)Q4 2019 Q4 2018 B/(W) YOY % Change YOY Revenue $2,444 $2,498 $(54) (2.2)% AC (1.6)% CC1 Gross Margin 41.6%40.0%160 bps RD&E %3.8%3.8%— SAG %20.9%22.1%120 bps Pre-Tax Income $336 $124 $212 171.0% Pre-Tax Income Margin 13.7%5.0% Operating Income - Adjusted1 $411 $352 $59 16.8% Operating Margin - Adjusted 1 16.8%14.1%270 bps GAAP EPS $1.17 $0.37 $0.80 216.2% EPS - Adjusted1 $1.33 $0.94 $0.39 41.5% Full-Year Key Financial Results - Continuing Operations: (in millions, except per share data)2019 2018 B/(W) YOY % Change YOY Revenue $9,066 $9,662 $(596) (6.2)% AC (4.7)% CC1 Gross Margin 40.3%40.0%30 bps RD&E %4.1%4.1%0 SAG %23.0%24.6%160 bps Pre-Tax Income $822 $549 $273 49.7% Pre-Tax Income Margin 9.1%5.7% Operating Income - Adjusted1 $1,192 $1,093 $99 9.1% Operating Margin - Adjusted 1 13.1%11.3%180 bps GAAP EPS $2.78 $1.16 $1.62 139.7% EPS - Adjusted1 $3.55 $2.88 $0.67 23.3% (1) Refer to the “Non-GAAP Financial Measures” section of this release for a discussion of these non-GAAP measures and their reconciliation to the reported GAAP measures. Fourth-quarter and full-year 2019 results include the benefit from $77 million of revenue associated with an OEM license agreement with Fuji Xerox received as part of a series of transactions with FUJIFILM Holdings Corporation (FUJIFILM). This benefit was included in Xerox’s updated 2019 guidance measures filed with the U.S. Securities and Exchange Commission on Form 8-K on December 3, 2019 that reflected adjustments resulting from the transactions with FUJIFILM. Full-Year Key Business Highlights: •Implemented a new supply chain and supplier strategy, which included expanding Xerox’s relationship with HP and favorably structuring terms with FUJIFILM that monetized the company’s investment in Fuji Xerox at over 20 times 2019 expected aggregate cash flow. •Expanded Xerox’s services portfolio with the launch of Intelligent Workplace Services; IT Services for the small and mid-size business market in the U.S.; and vertical services targeting healthcare, retail, insurance, and the public sector. 2 406 of 1132 411 •Invested in several industry firsts within Xerox’s core technology business such as the Iridesse® Production Press, Baltoro™ HF Inkjet Press and Adaptive CMYK Plus Technology. •Made progress on our three-year innovation roadmap with products for 3D printing and AI Workflow Assistants becoming commercially available in 2020 and monetizing innovations through partners. •Added and renewed several Fortune 500 and public sector clients such as Morgan Stanley, Office Depot, Generali, BAE Systems, the Commonwealth of Massachusetts, the Texas Department of Information Resources and the California Department of State Hospitals. 2020 Guidance: The company expects continued progress on its strategic initiatives, as projected in its 2020 financial guidance: •Revenue decline of approximately 4 percent at constant currency, excluding revenue from the $77 million OEM license in 2019.2 •Adjusted operating margin of approximately 13 percent. •GAAP EPS from continuing operations in the range of $2.80 to $2.90. •Adjusted EPS in the range of $3.60 to $3.70. •Operating cash flow from continuing operations of approximately $1.3 billion and free cash flow of approximately $1.2 billion. •Company expects at least $300 million of share repurchases and return of at least 50 percent of annual free cash flow to shareholders in 2020. (2) Revenue decline of approximately 4.9 percent including the $77 million OEM License in 2019 . About Xerox Xerox Holdings Corporation (NYSE: XRX) makes every day work better. We are a workplace technology company building and integrating software and hardware for enterprises large and small. As customers seek to manage information across digital and physical platforms, Xerox delivers a seamless, secure and sustainable experience. Whether inventing the copier, the ethernet, the laser printer or more, Xerox has long defined the modern work experience. Learn how that innovation continues at xerox.com. 3 407 of 1132 412 Non-GAAP Measures This release refers to the following non-GAAP financial measures for the Fourth Quarter and Full-Year 2019 and Full-Year 2020 guidance: •Adjusted EPS, which excludes restructuring and related costs, the amortization of intangible assets, non-service retirement- related costs, transaction and related costs, net and other discrete adjustments from GAAP-EPS from continuing operations. •Adjusted operating margin and income, which exclude the EPS adjustments noted above as well as the remainder of other expenses, net from pre-tax margin and income. •Constant currency (CC) revenue change, which excludes the effects of currency translation. •Free cash flow, which is cash flow from continuing operations less capital expenditures. Refer to the “Non-GAAP Financial Measures” section of this release for a discussion of these non-GAAP measures and their reconciliation to the reported GAAP measures. Forward-Looking Statements This release, and other written or oral statements made from time to time by management contain “forward-looking statements” as defined in the Private Securities Litigation Reform Act of 1995. The words “anticipate”, “believe”, “estimate”, “expect”, “intend”, “will”, “should”, "targeting", "projecting", "driving" and similar expressions, as they relate to us, our performance and/or our technology, are intended to identify forward-looking statements. These statements reflect management’s current beliefs, assumptions and expectations and are subject to a number of factors that may cause actual results to differ materially. Such factors include but are not limited to: our ability to address our business challenges in order to reverse revenue declines, reduce costs and increase productivity so that we can invest in and grow our business; our ability to attract and retain key personnel; changes in economic and political conditions, trade protection measures, licensing requirements and tax laws in the United States and in the foreign countries in which we do business; the imposition of new or incremental trade protection measures such as tariffs and import or export restrictions; changes in foreign currency exchange rates; our ability to successfully develop new products, technologies and service offerings and to protect our intellectual property rights; the risk that multi-year contracts with governmental entities could be terminated prior to the end of the contract term and that civil or criminal penalties and administrative sanctions could be imposed on us if we fail to comply with the terms of such contracts and applicable law; the risk that partners, subcontractors and software vendors will not perform in a timely, quality manner; actions of competitors and our ability to promptly and effectively react to changing technologies and customer expectations; our ability to obtain adequate pricing for our products and services and to maintain and improve cost efficiency of operations, including savings from restructuring actions; the risk that confidential and/or individually identifiable information of ours, our customers, clients and employees could be inadvertently disclosed or disclosed as a result of a breach of our security systems due to cyber attacks or other intentional acts; reliance on third parties, including subcontractors, for manufacturing of products and provision of services; the exit of the United Kingdom from the European Union; our ability to manage changes in the printing environment and expand equipment placements; interest rates, cost of borrowing and access to credit markets; funding requirements associated with our employee pension and retiree health benefit plans; the risk that our operations and products may not comply with applicable worldwide regulatory requirements, particularly environmental regulations and directives and anti-corruption laws; the outcome of litigation and regulatory proceedings to which we may be a party; any impacts resulting from the restructuring of our relationship with Fujifilm Holdings Corporation; the shared services arrangements entered into by us as part of Project Own It; the ultimate outcome of any possible transaction between Xerox Holdings Corporation (“Xerox”) and HP Inc. (“HP”), including the possibility that the parties will not agree to pursue a business combination transaction or that the terms of any definitive agreement will be materially different from those proposed; uncertainties as to whether HP will cooperate with Xerox regarding the proposed transaction; the ultimate result should Xerox determine to commence a proxy contest for election of directors to HP’s board of directors; Xerox’s ability to consummate the proposed transaction with HP; the conditions to the completion of the proposed transaction, including the receipt of any required shareholder approvals and any required regulatory a 4 408 of 1132 413 pprovals; Xerox’s ability to finance the proposed transaction with HP; Xerox’s indebtedness, including the substantial indebtedness Xerox expects to incur in connection with the proposed transaction with HP and the need to generate sufficient cash flows to service and repay such debt; the possibility that Xerox may be unable to achieve expected synergies and operating efficiencies within the expected time-frames or at all and to successfully integrate HP’s operations with those of Xerox; that such integration may be more difficult, time-consuming or costly than expected; that operating costs, customer loss and business disruption (including, without limitation, difficulties in maintaining relationships with employees, customers or suppliers) may be greater than expected following the proposed transaction or the public announcement of the proposed transaction; the retention of certain key employees may be difficult; and general economic conditions that are less favorable than expected. Additional risks that may affect Xerox’s operations and other factors that are set forth in the “Risk Factors” section, the “Legal Proceedings” section, the “Management’s Discussion and Analysis of Financial Condition and Results of Operations” section and other sections of Xerox Corporation's 2018 Annual Report on Form 10-K, as well as in Xerox Corporation's and Xerox Holdings Corporation's Quarterly Reports on Form 10-Q and Current Reports on Form 8-K filed with the SEC. These forward- looking statements speak only as of the date of this release or as of the date to which they refer, and Xerox assumes no obligation to update any forward-looking statements as a result of new information or future events or developments, except as required by law. -XXX- Media Contact: Caroline Gransee-Linsey, Xerox, +1-203-849-2359, Caroline.Gransee-Linsey@xerox.com Investor Contact: Ann Pettrone, Xerox, +1-203-849-2590, Ann.Pettrone@xerox.com Note: To receive RSS news feeds, visit https://www.news.xerox.com. For open commentary, industry perspectives and views, visit http://twitter.com/xerox, http://www.facebook.com/XeroxCorp, https://www.instagram.com/xerox/, http://www.linkedin.com/company/xerox, http://www.youtube.com/XeroxCorp. Xerox®, Iridesse®, and Baltoro™ are trademarks of Xerox in the United States and/or other countries. 5 409 of 1132 414 XEROX HOLDINGS CORPORATION CONDENSED CONSOLIDATED STATEMENTS OF INCOME (UNAUDITED) Three Months Ended December 31, Year Ended December 31, (in millions, except per-share data) 2019 2018 2019 2018 Revenues Sales(1) $919 $958 $3,227 $3,454 Services, maintenance and rentals(1) 1,465 1,476 5,595 5,940 Financing 60 64 244 268 Total Revenues 2,444 2,498 9,066 9,662 Costs and Expenses Cost of sales(1) 605 613 2,097 2,188 Cost of services, maintenance and rentals(1) 790 855 3,188 3,473 Cost of financing 33 32 131 132 Research, development and engineering expenses 93 94 373 397 Selling, administrative and general expenses 512 552 2,085 2,379 Restructuring and related costs 53 67 229 157 Amortization of intangible assets 10 12 45 48 Transaction and related costs, net 4 5 12 68 Other expenses, net 8 144 84 271 Total Costs and Expenses 2,108 2,374 8,244 9,113 Income before Income Taxes & Equity Income(2) 336 124 822 549 Income tax expense 73 34 179 247 Equity in net income of unconsolidated affiliates 3 2 8 8 Income from Continuing Operations 266 92 651 310 Income from discontinued operations, net of tax 553 49 710 64 Net Income 819 141 1,361 374 Less: Income from continuing operations attributable to noncontrolling interests — 1 3 4 Less: Income from discontinued operations attributable to noncontrolling interests 1 3 5 9 Net Income Attributable to Xerox Holdings $818 $137 $1,353 $361 Amounts Attributable to Xerox Holdings: Income from continuing operations $266 $91 $648 $306 Income from discontinued operations 552 46 705 55 Net Income Attributable to Xerox Holdings $818 $137 $1,353 $361 Basic Earnings per Share: Continuing operations $1.22 $0.37 $2.86 $1.17 Discontinued operations 2.56 0.19 3.17 0.23 Basic Earnings per Share $3.78 $0.56 $6.03 $1.40 Diluted Earnings per Share: Continuing operations $1.17 $0.37 $2.78 $1.16 Discontinued operations 2.44 0.19 3.02 0.22 Diluted Earnings per Share $3.61 $0.56 $5.80 $1.38 ___________________________ (1) Certain prior year amounts have been conformed to the current year presentation. See Appendix III for this change in presentation. (2) Referred to as “Pre-Tax Income” throughout the remainder of this document. 6 410 of 1132 415 XEROX HOLDINGS CORPORATION CONDENSED CONSOLIDATED STATEMENTS OF COMPREHENSIVE INCOME (UNAUDITED) Three Months Ended December 31, Year Ended December 31, (in millions) 2019 2018 2019 2018 Net income $819 $141 $1,361 $374 Less: Net income attributable to noncontrolling interests(1) 1 4 8 13 Net Income Attributable to Xerox Holdings 818 137 1,353 361 Other Comprehensive Income (Loss), Net Translation adjustments, net 184 (83) 62 (242) Unrealized (losses) gains, net (9) 11 (6) 16 Changes in defined benefit plans, net 37 218 (1) 409 Other Comprehensive Income, Net 212 146 55 183 Less: Other comprehensive loss, net attributable to noncontrolling interests(1) (1) — — — Other Comprehensive Income, Net Attributable to Xerox Holdings 213 146 55 183 Comprehensive Income, Net 1,031 287 1,416 557 Less: Comprehensive income from continuing operations, net attributable to noncontrolling interests(1) — 4 8 13 Comprehensive Income, Net Attributable to Xerox Holdings $1,031 $283 $1,408 $544 ___________________________ (1) Includes continuing and discontinued operations. 7 411 of 1132 416 XEROX HOLDINGS CORPORATION CONDENSED CONSOLIDATED BALANCE SHEETS (UNAUDITED) (in millions, except share data in thousands) December 31, 2019 December 31, 2018 Assets Cash and cash equivalents $2,740 $1,081 Accounts receivable, net 1,236 1,270 Billed portion of finance receivables, net 111 105 Finance receivables, net 1,158 1,218 Inventories 694 829 Assets of discontinued operations — 19 Other current assets 201 191 Total current assets 6,140 4,713 Finance receivables due after one year, net 2,082 2,149 Equipment on operating leases, net 364 442 Land, buildings and equipment, net 426 498 Intangible assets, net 199 220 Goodwill 3,900 3,858 Deferred tax assets 596 740 Assets of discontinued operations — 1,352 Other long-term assets 1,349 902 Total Assets $15,056 $14,874 Liabilities and Equity Short-term debt and current portion of long-term debt $1,049 $961 Accounts payable 1,053 1,073 Accrued compensation and benefits costs 349 348 Liabilities of discontinued operations — 21 Accrued expenses and other current liabilities 984 848 Total current liabilities 3,435 3,251 Long-term debt 3,233 4,269 Pension and other benefit liabilities 1,707 1,482 Post-retirement medical benefits 352 350 Other long-term liabilities 512 269 Total Liabilities 9,239 9,621 Convertible Preferred Stock 214 214 Common stock 215 232 Additional paid-in capital 2,782 3,321 Treasury stock, at cost (76) (55) Retained earnings 6,312 5,072 Accumulated other comprehensive loss (3,637) (3,565) Xerox Holdings shareholders’ equity 5,596 5,005 Noncontrolling interests 7 34 Total Equity 5,603 5,039 Total Liabilities and Equity $15,056 $14,874 Shares of common stock issued 214,621 231,690 Treasury stock (2,031) (2,067) Shares of Common Stock Outstanding 212,590 229,623 8 412 of 1132 417 XEROX HOLDINGS CORPORATION CONDENSED CONSOLIDATED STATEMENTS OF CASH FLOWS (UNAUDITED) Three Months Ended December 31, Year Ended December 31, (in millions) 2019 2018 2019 2018 Cash Flows from Operating Activities Net Income $819 $141 $1,361 $374 Income from discontinued operations, net of tax (553) (49) (710) (64) Income from continuing operations 266 92 651 310 Adjustments required to reconcile Net income to Cash flows from operating activities Depreciation and amortization 98 128 430 526 Provisions 15 14 73 70 Net gain on sales of businesses and assets (1) — (21) (35) Stock-based compensation 9 13 50 57 Restructuring and asset impairment charges 47 66 127 156 Payments for restructurings (22) (39) (93) (169) Defined benefit pension cost 20 86 109 175 Contributions to defined benefit pension plans (34) (33) (141) (144) (Increase) decrease in accounts receivable and billed portion of finance receivables (50) (8) 10 31 Decrease in inventories 78 126 109 17 Increase in equipment on operating leases (40) (66) (153) (248) (Increase) decrease in finance receivables (23) (15) 101 166 (Increase) decrease in other current and long-term assets (15) 12 (14) 29 (Decrease) increase in accounts payable (23) (27) (47) 1 Increase (decrease) in accrued compensation 5 (15) (94) (111) Increase in other current and long-term liabilities 21 40 40 52 Net change in income tax assets and liabilities 60 11 90 176 Net change in derivative assets and liabilities (4) (12) 11 (14) Other operating, net (9) 11 6 37 Net cash provided by operating activities of continuing operations 398 384 1,244 1,082 Net cash provided by operating activities of discontinued operations 40 31 89 58 Net cash provided by operating activities 438 415 1,333 1,140 Cash Flows from Investing Activities Cost of additions to land, buildings, equipment and software (17)(17) (65) (90) Proceeds from sales of businesses and assets — 27 21 59 Acquisitions, net of cash acquired — — (42) — Other investing, net — 1 1 2 Net cash (used in) provided by investing activities of continuing operations (17)11 (85) (29) Net cash provided by investing activities of discontinued operations 2,233 — 2,233 — Net cash provided by (used in) investing activities 2,216 11 2,148 (29) Cash Flows from Financing Activities Net payments on debt (551) (1) (950) (307) Dividends (60) (65) (243) (269) Payments to acquire treasury stock, including fees (232) (416) (600) (700) Other financing, net (8) (3) (31) (15) Net cash used in financing activities of continuing operations (851) (485) (1,824) (1,291) Net cash used in financing activities of discontinued operations — (1) (10) (10) Net cash used in financing activities (851)(486) (1,834) (1,301) Effect of exchange rate changes on cash, cash equivalents and restricted cash 13 (10) — (30) Increase (decrease) in cash, cash equivalents and restricted cash 1,816 (70) 1,647 (220) Cash, cash equivalents and restricted cash at beginning of period 979 1,218 1,148 1,368 Cash, Cash Equivalents and Restricted Cash at End of Period(1) $2,795 $1,148 $2,795 $1,148 ____________________________ (1) Balance at December 31, 2018 includes $3 million associated with discontinued operations. 9 413 of 1132 418 Sales of Ownership Interests in Fuji Xerox Co., Ltd. and Xerox International Partners In November 2019, Xerox Holdings completed a series of transactions to restructure its relationship with FUJIFILM Holdings Corporation (“FH”), including the sale of its indirect 25% equity interest in Fuji Xerox ("FX") for approximately $2.2 billion as well as the sale of its indirect 51% partnership interest in Xerox International Partners (XIP) for approximately $23 million (collectively the “Sales”). As a result of the Sales and the related strategic shift in our business, the historical financial results of our equity method investment in FX and our XIP business, which was fully consolidated, are reflected as a discontinued operation for the periods prior to the Sales, and their impact is excluded from continuing operations for all periods presented. The transactions with FH also included an OEM license agreement by and between FX and Xerox, granting FX the right to use specific Xerox Intellectual Property (IP) in providing certain named original equipment manufacturers (OEM’s) with products (such as printer engines) in exchange for an upfront license fee of $77 million. The license fee is recorded within other revenues. In addition, arrangements with FX whereby we purchase inventory from and sell inventory to FX, will continue post the Sales and, as a result of our Technology Agreement with Fuji Xerox which remains in effect through March 2021, we will continue to receive royalty payments for FX’s use of our Xerox brand trademark, as well as rights to access our patent portfolio in exchange for access to their patent portfolio. See the “Discontinued Operations” section for additional information. The $77 million ($58 million after-tax) OEM license had the following impact on our financial results for the Fourth Quarter 2019 and Full Year 2019: (in millions, except per share amounts) Three Months Ended December 31, 2019 Year Ended December 31, 2019 Financial Results from Continuing Operations As Reported OEM License Impact As Reported Excluding OEM License Impact As Reported OEM License Impact As Reported Excluding OEM License Impact Revenue (2.2)% 3.1% (5.2)% (6.2)% 0.8% (7.0)% Revenue - CC (1) (1.6)% 3.1% (4.7)% (4.7)% 0.8% (5.5)% Gross Margin 41.6 % 1.9% 39.7 % 40.3 % 0.6% 39.7 % Adjusted Operating Margin(1) 16.8 % 2.7% 14.1 % 13.1 % 0.7% 12.4 % EPS - GAAP $1.17 $0.25 $0.92 $2.78 $0.25 $2.53 EPS - Adjusted(1) $1.33 $0.25 $1.08 $3.55 $0.25 $3.30 Operating Cash Flow (2) $398 $58 $340 $1,244 $58 $1,186 ______________________ CC - Constant Currency. (1) Adjusted measures and CC: see the “Non-GAAP Financial Measures” section for an explanation of the non-GAAP financial measures. (2) Free cash flow likewise impacted by $58 million from OEM license. 10 414 of 1132 419 Revenues Three Months Ended December 31, % of Total Revenue (in millions) 2019 2018 % Change CC % Change 2019 2018 Equipment sales $616 $629 (2.1)% (1.5)% 25% 25% Post sale revenue 1,828 1,869 (2.2)% (1.7)% 75% 75% Total Revenue $2,444 $2,498 (2.2)% (1.6)% 100% 100% Reconciliation to Condensed Consolidated Statements of Income: Sales(1) $919 $958 (4.1)% (3.5)% Less: Supplies, paper and other sales(1) (303) (329) (7.9)% (7.3)% Equipment Sales $616 $629 (2.1)% (1.5)% Services, maintenance and rentals(1) $1,465 $1,476 (0.7)% (0.2)% Add: Supplies, paper and other sales(1) 303 329 (7.9)% (7.3)% Add: Financing 60 64 (6.3)% (5.9)% Post Sale Revenue $1,828 $1,869 (2.2)% (1.7)% Americas $1,562 $1,617 (3.4)% (3.3)% 64% 65% EMEA 756 830 (8.9)% (7.4)% 31% 33% Other 126 51 nm nm 5% 2% Total Revenue(2) $2,444 $2,498 (2.2)% (1.6)% 100% 100% Memo: Xerox Services(3) $870 $917 (5.1)% (4.5)% 36% 37% ____________________________ CC - Constant Currency (see "Non-GAAP Financial Measures" section). (1) Certain prior year amounts have been conformed to the current year presentation. See Appendix III for this change in presentation. (2) Refer to Appendix II for our Geographic Sales Channels and Products and Offerings Definitions. (3) Excluding equipment revenue, Xerox Services was $751 million and $786 million in the fourth quarter 2019 and 2018, respectively, representing a decrease of 4.5% including a 0.7-percentage point unfavorable impact from currency. Fourth quarter 2019 total revenue decreased 2.2% as compared to fourth quarter 2018, including a 0.6-percentage point unfavorable impact from currency, and an approximate 3.1-percentage point favorable impact from a fee of $77 million received in exchange for an OEM license of certain intellectual property to Fuji Xerox. See the “Sales of Ownership Interests in Fuji Xerox Co., Ltd. and Xerox International Partners” section for further details. Fourth quarter 2019 total revenue reflected the following: •Post sale revenue primarily reflects contracted services, equipment maintenance, supplies and financing. These revenues are associated not only with the population of devices in the field, which is affected by installs and removals, but also by the page volumes generated from the usage of such devices, and the revenue per printed page. Post sale revenue also includes transactional IT hardware sales and implementation services from our XBS organization. Post sale revenue decreased 2.2% as compared to fourth quarter 2018, including a 0.5-percentage point unfavorable impact from currency, and an approximate 4.1-percentage point favorable impact from the OEM license fee described above. The decline in post sale revenue reflected the following: ◦Services, maintenance and rentals revenue includes rental and maintenance revenue (including bundled supplies) as well as the post sale component of the document services revenue from our Xerox Services offerings. These revenues decreased 0.7% as compared to fourth quarter 2018, including a 0.5-percentage point unfavorable impact from currency and an approximate 5.2- percentage point favorable impact from the OEM license fee described above. The decline at constant currency1 reflected the continuing trends of lower page volumes (including a higher mix of lower average-page-volume products), an ongoing competitive price environment, and a lower population of devices, which are partially associated with continued lower Enterprise signings and lower installs in prior and current periods. ◦Supplies, paper and other sales includes unbundled supplies and other sales. These revenues decreased 7.9% as compared to fourth quarter 2018, including a 0.6-percentage point unfavorable 11 415 of 1132 420 impact from currency and reflected the timing impact of prior year transactional IT sales from our XBS organization along with lower paper sales from developing markets (primarily from the Latin America region), as well as the impact of lower supplies revenues primarily associated with lower page volume trends. ◦Financing revenue is generated from financed equipment sale transactions. The 6.3% decline in these revenues reflected a continued decline in the finance receivables balance due to lower equipment sales in prior periods and included a 0.4-percentage point unfavorable impact from currency. Three Months Ended December 31, % of Equipment Sales (in millions) 2019 2018 % Change CC % Change 2019 2018 Entry $63 $66 (4.5)% (4.2)% 10% 11% Mid-range 408 418 (2.4)% (2.0)% 66% 66% High-end 139 137 1.5% 1.9% 23% 22% Other 6 8 (25.0)% (25.0)% 1% 1% Equipment Sales $616 $629 (2.1)% (1.5)% 100% 100% ____________________________ CC - Constant Currency (see "Non-GAAP Financial Measures" section). •Equipment sales revenue decreased 2.1% as compared to fourth quarter 2018, including a 0.6-percentage point unfavorable impact from currency as well as the impact of price declines of approximately 5%. The decline at constant currency1 was primarily driven by lower sales of our office-centric devices (entry and mid-range products) partially offset by higher sales of our production-centric systems (high-end) as well as the benefit of targeted price actions. The decline at constant currency1 reflected the following: ◦Entry - The decrease was primarily due to lower sales of devices from developing market regions in the Americas, as well as lower sales through our indirect channels in EMEA and the U.S. ◦Mid-range - The decrease was driven by lower sales from EMEA, reflecting in part continued weakness and delayed decisions associated with uncertainty in the economic environment, partially offset by higher sales from our Americas region, primarily related to our U.S. Enterprise organization which had higher activity from light-production devices associated with the recent launch of PrimeLink (an entry-level production printer) and the benefit of a large account refresh cycle. The decrease was also impacted by lower sales from our U.S. indirect channels and from our XBS sales organization, which continued to recover from the impact of organizational changes earlier in the year that were part of our Project Own It transformation actions (including the transitioning of accounts to implement coverage changes, consolidation of real estate locations and the reduction of management layers). ◦High-end - The increase reflected primarily global demand for our newly-launched Baltoro inkjet press, and higher sales from new business and trade-ins of our Iridesse and iGen laser color systems in the U.S., partially offset by lower sales of Versant, our lower-end production systems. The increase also benefited from higher sales of black-and-white systems in the U.S. as a result of the timing of our customers' renewal cycles. Total Installs Installs reflect new placement of devices only (i.e., measure does not take into account removal of devices which may occur as a result of contract renewals or cancellations). Revenue associated with equipment installations may be reflected up-front in Equipment sales or over time either through rental income or as part of our Xerox Services revenues (which are both reported within our post sale revenues), depending on the terms and conditions of our agreements with customers. Installs include activity from Xerox Services and Xerox-branded products shipped to our XBS sales unit. Detail by product group (see Appendix II) is shown below: Entry •2% decrease in color multifunction devices reflecting lower installs of ConnectKey devices primarily from EMEA, partially offset by higher installs from our indirect channels in the U.S. •9% decrease in black-and-white multifunction devices reflecting lower activity primarily from our indirect channels in the U.S. and from developing regions in the Americas. 12 416 of 1132 421 Mid-Range2 •8% decrease in mid-range color installs primarily reflecting lower installs of multifunction color devices partially offset by higher installs of light- production devices that sit at the higher end of the portfolio range. •19% decrease in mid-range black-and-white reflecting in part global market trends. High-End2 •12% decrease in high-end color installs reflecting lower installs of our lower-end Versant production systems, partially offset by global demand for our newly-launched Baltoro inkjet press, and higher installs of our Iridesse color systems in the U.S. •8% increase in high-end black-and-white systems as a result of higher sales in the U.S. associated with the timing of our customers' renewal cycles which offset declining market trends. ___________________________ (1) See the “Non-GAAP Financial Measures” section for an explanation of the non-GAAP financial measure. (2) Mid-range and High-end color installations exclude Fuji Xerox digital front-end sales; including Fuji Xerox digital front-end sales, Mid-range color devices decreased 9%, and High-end color systems decreased 11%. 13 417 of 1132 422 Costs, Expenses and Other Income Summary of Key Financial Ratios The following is a summary of key financial ratios used to assess our performance: Three Months Ended December 31, (in millions) 2019 2018 B/(W) Gross Profit $1,016 $998 $18 RD&E 93 94 1 SAG 512 552 40 Equipment Gross Margin 32.0% 33.2% (1.2)pts. Post sale Gross Margin 44.8% 42.2% 2.6 pts. Total Gross Margin 41.6% 40.0% 1.6 pts. RD&E as a % of Revenue 3.8% 3.8% —pts. SAG as a % of Revenue 20.9% 22.1% 1.2 pts Pre-tax Income $336 $124 $212 Pre-tax Income Margin 13.7% 5.0% 8.7 pts. Adjusted(1) Operating Profit $411 $352 $59 Adjusted(1) Operating Margin 16.8% 14.1% 2.7 pts. ____________________________ (1) See the “Non-GAAP Financial Measures” section for an explanation of the non-GAAP financial measure. Pre-tax Income Margin Fourth quarter 2019 pre-tax income margin of 13.7% increased 8.7-percentage points as compared to fourth quarter 2018. The increase reflected lower Other expenses, net, as well as an approximate 2.8-percentage point favorable impact from the $77 million OEM license fee described above, and lower operating expenses which offset the adverse impact of lower revenues. Adjusted1 Operating Margin Fourth quarter 2019 adjusted1 operating margin of 16.8% increased by 2.7-percentage points as compared to fourth quarter 2018 primarily reflecting an approximate 2.7-percentage point favorable impact from the OEM license fee described above. The increase also reflected the impact of cost and expense reductions associated with our Project Own It transformation actions, offset by the impact of lower revenues and an approximate 0.3- percentage point unfavorable impact from transaction currency. ____________________________ (1) Refer to the Operating Income and Margin reconciliation table in the “Non-GAAP Financial Measures” section. Gross Margin Fourth quarter 2019 gross margin of 41.6% increased by 1.6-percentage points compared to fourth quarter 2018, reflecting an approximate 1.9- percentage point favorable impact from the OEM license fee described above, as well as the benefits from our Project Own It transformation actions which offset the impact of lower revenues as well as an approximate 0.3-percentage point unfavorable impact from transaction currency and an approximate 0.4-percentage point unfavorable impact from incremental tariff costs. Fourth quarter 2019 equipment gross margin of 32.0% decreased by 1.2-percentage points as compared to fourth quarter 2018, reflecting an approximate 1.2-percentage point unfavorable impact from incremental tariff costs. The favorable mix of sales of high-end devices, and cost productivity offset the impact of lower revenues and selective price actions and an approximate 0.7-percentage point unfavorable impact from transaction currency. Fourth quarter 2019 post sale gross margin of 44.8% increased by 2.6-percentage points as compared to fourth quarter 2018, including an approximate 2.4-percentage point favorable impact from the OEM license fee described above, as well as productivity and restructuring savings associated with our Project Own It transformation actions, which entirely offset the impact of lower revenues, including lower pricing on contract renewals, and an approximate 0.2-percentage point unfavorable impact from transaction currency. 14 418 of 1132 423 Gross margins are expected to continue to be negatively impacted in future periods as a result of an increase in the cost of our imported products due to higher import tariffs. We are taking actions to mitigate the impact of these tariffs, such as raising prices on certain products, however, we currently estimate an approximately $35 million cost impact from these higher tariffs in 2020. Research, Development and Engineering Expenses (RD&E) Fourth quarter 2019 RD&E as a percentage of revenue of 3.8% was flat as compared to fourth quarter 2018, primarily due to lower expenses offset by the impact of revenues declines. RD&E of $93 million decreased $1 million as compared to fourth quarter 2018. Selling, Administrative and General Expenses (SAG) SAG as a percentage of revenue of 20.9% decreased by 1.2-percentage points as compared to fourth quarter 2018, primarily reflecting the benefit from productivity and restructuring associated with our Project Own It transformation actions which offset the impact from lower revenues. SAG of $512 million decreased by $40 million as compared to fourth quarter 2018, reflecting productivity and restructuring savings associated with our Project Own It transformation actions as well as the year-over-year benefit of $10 million of charges in the prior year related to the cancellation of certain IT projects, offset by higher performance incentive compensation as well as higher advertising investments primarily in indirect channel marketing. Bad debt expense of $8 million was $7 million higher compared to fourth quarter 2018 primarily due to an increased level of sales-type leases as a result of our adoption of ASC Topic 842 - Leases and associated changes in the collectibility assessment of certain leases as well as an increased mix of high-end equipment sales. On a trailing twelve-month basis (TTM), bad debt expense remained at less than one percent of total receivables. Restructuring and Related Costs During the second half of 2018, we started our Project Own It transformation initiative. The primary goal of this initiative is to improve productivity by driving end-to-end transformation of our processes and systems to create greater focus, speed, accountability and effectiveness and to reduce costs. We incurred restructuring and related costs of $53 million for the fourth quarter 2019 primarily related to costs to implement initiatives under our business transformation projects including Project Own It. The following is a breakdown of those costs: (in millions) Three Months Ended December 31, 2019 Restructuring Severance (1) $44 Asset Impairments (2) 13 Other contractual termination costs (3) 1 Net reversals (4) (11) Restructuring and asset impairment costs 47 Retention related severance/bonuses (5) 8 Contractual severance costs (6) 2 Consulting and other costs (7) (4) Total $53 ___________________ (1) Reflects headcount reductions of approximately 550 employees worldwide. (2) Primarily related to the exit and abandonment of leased and owned facilities. The charge includes the accelerated write-off of $3 million for leased right-of-use asset balances and $10 million for owned asset balances upon exit from the facilities net of any potential sublease income and other recoveries. (3) Primarily include additional costs incurred upon the exit from our facilities including decommissioning costs and associated contractual termination costs. (4) Reflects net reversals for changes in estimated reserves from prior period initiatives as well as $4 million in favorable adjustments from the early termination of prior period impaired leases. (5) Includes retention related severance and bonuses for employees expected to continue working beyond their minimum notification period before termination. (6) Reflects severance and other related costs we are contractually required to pay on employees transferred (approximately 2,200 employees) as part of the shared service arrangement entered into with HCL Technologies. (7) Represents professional support services associated with our business transformation initiatives. The credit in the fourth quarter 2019 reflects adjustments of prior period estimated accruals for services. Fourth quarter 2019 actions impacted several functional areas, with approximately 47% focused on gross margin improvements, approximately 47% focused on SAG reductions, and the remainder focused on RD&E optimization. 15 419 of 1132 424 The implementation of our Project Own It initiatives as well as other business transformation initiatives is expected to continue to deliver significant cost savings in 2020. While many initiatives are underway and have yet to yield the full transformation benefits expected upon their completion, the changes implemented thus far have improved our cost structure and are beginning to yield longer term benefits. However, expected savings associated with these initiatives may be offset to some extent by business disruption during the implementation phase as well as investments in new processes and systems until the initiatives are fully implemented and stabilized. Fourth quarter 2018 restructuring and related costs of $67 million included net restructuring and asset impairment charges of $66 million and $1 million of additional costs primarily related to professional support services associated with the business transformation initiatives. Fourth quarter 2018 net restructuring and asset impairment charges of $66 million included $72 million of severance costs related to headcount of approximately 850 employees worldwide and $1 million of lease cancellation costs. These costs were partially offset by $7 million of net reversals for changes in estimated reserves from prior period initiatives. Fourth quarter 2018 actions impacted several functional areas, with approximately 15% focused on gross margin improvements, approximately 80% focused on SAG reductions, and the remainder focused on RD&E optimization. The restructuring reserve balance as of December 31, 2019 for all programs was $70 million, which is expected to be paid over the next twelve months. Transaction and Related Costs, Net We incurred $4 million of Transaction and related costs, net during fourth quarter 2019 primarily related to legal costs associated with our announced proposal to acquire HP (see the “Proposed Transaction with HP” section for further details). These costs are expected to continue in future periods. This compares to $5 million of costs incurred during fourth quarter 2018, which were primarily associated with the terminated Fuji transaction. Amortization of Intangible Assets Fourth quarter 2019 Amortization of intangible assets of $10 million decreased by $2 million compared to fourth quarter 2018 as a result of the write- off of trade names in prior periods associated with our realignment and consolidation of certain XBS sales units as part of Project Own It transformation actions. Worldwide Employment Worldwide employment was approximately 27,000 as of December 31, 2019 and decreased by approximately 5,400 from December 31, 2018. The reduction resulted from net attrition (attrition net of gross hires), of which a large portion is not expected to be backfilled, as well as the impact of organizational changes including employees transferred as part of the shared services arrangement entered into with HCL Technologies earlier this year. Other Expenses, Net Three Months Ended December 31, (in millions) 2019 2018 Non-financing interest expense $24 $29 Non-service retirement-related costs (3) 67 Interest income (7) (3) Gains on sales of businesses and assets (1) — Contract termination costs - IT services (4) 43 Currency losses, net 1 3 Loss on sales of accounts receivable 1 1 All other expenses, net (3) 4 Other expenses, net $8 $144 16 420 of 1132 425 Non-financing interest expense Fourth quarter 2019 non-financing interest expense of $24 million was $5 million lower than fourth quarter 2018. When combined with financing interest expense (Cost of financing), total interest expense decreased by $4 million from fourth quarter 2018 primarily due to a lower debt balance. Non-service retirement-related costs Fourth quarter 2019 non-service retirement-related costs were $70 million lower than fourth quarter 2018, primarily driven by the favorable impact of a 2018 amendment to our U.S. Retiree Health Plan and lower losses from pension settlements in the U.S. Interest income Fourth quarter 2019 interest income was $4 million higher than fourth quarter 2018, primarily reflecting interest on a higher cash balance as a result of cash proceeds received from the Sales of our indirect 25% equity interest in Fuji Xerox (FX) and indirect 51% partnership interest in Xerox International Partners (XIP) completed on November 8, 2019. See the “Sales of Ownership Interests in Fuji Xerox Co., Ltd. and Xerox International Partners” section for further details. Contract termination costs - IT services Contract termination costs - IT services was a $4 million credit in fourth quarter 2019 ($12 million for the full year 2019) reflecting an adjustment to the $43 million penalty recorded in fourth quarter 2018, associated with the termination of an IT services arrangement. Income Taxes Fourth quarter 2019 effective tax rate was 21.7%. On an adjusted1 basis, fourth quarter 2019 effective tax rate was 25.0%. These rates were higher than the U.S. federal statutory tax rate of 21% primarily due to state taxes and the geographical mix of profits. The adjusted1 effective tax rate excludes the tax impacts associated with the following charges: Restructuring and related costs, Amortization of intangible assets, Transaction and related costs, net as well as non-service retirement-related costs and other discrete, unusual or infrequent items as described in our Non-GAAP Financial Measures section. Fourth quarter 2018 effective tax rate was 27.4% and included a reduction of $6 million related to a change in the provisional estimated impact from the 2017 Tax Cuts Jobs Act (the "Tax Act"). On an adjusted1 basis, fourth quarter 2018 effective tax rate was 27.7%. This rate was higher than the U.S. federal statutory tax rate of 21% primarily due to state taxes and the geographical mix of profits. The adjusted1 effective tax rate excludes the tax impacts associated with the following charges: Restructuring and related costs, Amortization of intangible assets, Transaction and related costs, net, non-service retirement-related costs as well as other discrete, unusual or infrequent items as described in our Non-GAAP Financial Measures section, which include the impact of the Tax Act. Our effective tax rate is based on nonrecurring events as well as recurring factors, including the taxation of foreign income. In addition, our effective tax rate will change based on discrete or other nonrecurring events that may not be predictable. ______________ (1)Refer to the Effective Tax Rate reconciliation table in the "Non-GAAP Financial Measures" section. Net Income from Continuing Operations Fourth quarter 2019 net income from continuing operations attributable to Xerox Holdings was $266 million, or $1.17 per diluted share. On an adjusted1 basis, net income from continuing operations attributable to Xerox Holdings was $300 million , or $1.33 per diluted share. Fourth quarter 2019 adjustments to net income from continuing operations included Restructuring and related costs, Amortization of intangible assets, Transaction and related cost, net as well as non-service retirement-related costs and other discrete, unusual or infrequent items as described in our Non-GAAP Financial Measures section. Fourth quarter 2018 net income from continuing operations attributable to Xerox Holdings was $91 million , or $0.37 per diluted share. On an adjusted1 basis, net income from continuing operations attributable to Xerox Holdings was $231 million, or $0.94 per diluted share. Fourth quarter 2018 adjustments to net income from continuing operations 17 421 of 1132 426 included Restructuring and related costs, Amortization of intangible assets, Transaction and related costs, net as well as non-service retirement- related costs and other discrete, unusual or infrequent items as described in our Non-GAAP Financial Measures section. ___________ (1)Refer to the "Non-GAAP Financial Measures" section for the calculation of adjusted EPS. The calculations of basic and diluted earnings per share are included as Appendix I. Discontinued Operations In November 2019, Xerox Holdings completed a series of transactions to restructure its relationship with FUJIFILM Holdings Corporation (“FH”), including the sale of its indirect 25% equity interest in Fuji Xerox ("FX") for approximately $2.2 billion as well as the sale of its indirect 51% partnership interest in Xerox International Partners ("XIP") for approximately $23 million (collectively the “Sales”). The Sales resulted in a pre-tax gain of $629 million ($539 million after-tax), which was net of approximately $9 million of transaction costs and $8 million of allocated goodwill associated with our XIP business. The XIP allocated goodwill was based on the relative fair value of our XIP business, as evidenced by the sales price, as compared to the total estimated fair value of Xerox. No Goodwill was allocated for our investment in FX based on consideration of the guidance in ASC 350-20-40-2 and the fact that an equity investment is not considered a business in accordance with ASC 805-10-55, as it was not controlled by Xerox. Three Months Ended December 31, (in millions) 2019 2018 Revenue $6 $35 Income from operations(1) $14 $52 Gain on disposal 629 — Income before income taxes 643 52 Income tax expense (90) (3) Income from discontinued operations, net of tax $553 $49 Income from discontinued operations attributable to noncontrolling interests, net of tax (1) (3) Income from discontinued operations, net of tax attributable to Xerox Holdings $552 $46 Year Ended December 31, (in millions) 2019 2018 Revenue $79 $168 Income from operations(1) $176 $73 Gain on disposal 629 — Income before income taxes 805 73 Income tax expense (95) (9) Income from discontinued operations, net of tax $710 $64 Income from discontinued operations attributable to noncontrolling interests, net of tax (5) (9) Income from discontinued operations, net of tax attributable to Xerox Holdings $705 $55 ____________________________ (1) Includes equity income from FX of $15 million and $37 million for the Three Months Ended December 31, 2019 and 2018, respectively, and $147 million and $25 million for the Year Ended December 31, 2019 and 2018, respectively. 18 422 of 1132 427 Capital Resources and Liquidity The following summarizes our cash, cash equivalents and restricted cash: Three Months Ended December 31, (in millions) 2019 2018 Change Net cash provided by operating activities of continuing operations $398 $384 $14 Net cash provided by operating activities of discontinued operations 40 31 9 Net cash provided by operating activities 438 415 23 Net cash (used in) provided by investing activities of continuing operations (17) 11 (28) Net cash provided by investing activities of discontinued operations 2,233 — 2,233 Net cash provided by investing activities 2,216 11 2,205 Net cash used in financing activities of continuing operations (851) (485) (366) Net cash used in financing activities of discontinued operations — (1) 1 Net cash used in financing activities (851) (486) (365) Effect of exchange rate changes on cash, cash equivalents and restricted cash 13 (10) 23 Increase (decrease) in cash, cash equivalents and restricted cash 1,816 (70) 1,886 Cash, cash equivalents and restricted cash at beginning of period 979 1,218 (239) Cash, Cash Equivalents and Restricted Cash at End of Period(1) $2,795 $1,148 $1,647 ____________________________ (1) Balance at December 31, 2018 includes $3 million associated with discontinued operations. Cash Flows from Operating Activities Net cash provided by operating activities from continuing operations was $398 million in fourth quarter 2019. The $14 million increase in operating cash from fourth quarter 2018 was primarily due to the following: •$58 million increase from after-tax impact of the OEM license agreement with FX. •$18 million net increase from finance assets reflecting $26 million increase from lower placements of equipment on operating leases partially offset by $8 million decrease from higher finance receivables. •$20 million increase from accrued compensation primarily related to lower compensation costs and year-over-year timing of payments. •$14 million increase from lower restructuring and related payments primarily due to timing of initiatives and associated payments. •$48 million decrease as a result of lower fourth quarter inventory reductions in 2019 as compared to the prior year primarily due to timing of purchases. •$42 million decrease from accounts receivable primarily due to the timing of collections. Cash Flows from Investing Activities Net cash used in investing activities of continuing operations was $17 million in fourth quarter 2019. The $28 million change from fourth quarter 2018 was primarily due to proceeds from the sale of buildings in Ireland in the prior year. Cash Flows from Financing Activities Net cash used in financing activities of continuing operations was $851 million in fourth quarter 2019. The $366 million increase in the use of cash from fourth quarter 2018 was primarily due to the following: •$550 million increase from net debt activity primarily due to payments of $554 million on maturing Senior Notes in fourth quarter 2019 compared to no payments in prior year. •$184 million decrease from lower share repurchases due to timing. 19 423 of 1132 428 Adoption of New Leasing Standard On January 1, 2019, we adopted ASU 2016-02, Leases (ASC Topic 842). This update, as well as additional amendments and targeted improvements issued in 2018 and early 2019, supersedes existing lease accounting guidance found under ASC 840, Leases (ASC 840) and requires the recognition of right-of-use (ROU) assets and lease obligations by lessees for those leases originally classified as operating leases under prior lease guidance. Upon adoption, we applied the transition option, whereby prior comparative periods are not retrospectively presented in the Condensed Consolidated Financial Statements. Lessee accounting - the adoption of this update resulted in an increase to assets and related liabilities of approximately $385 million (approximately $440 million undiscounted) primarily related to leases of facilities. Lessor accounting - the adoption of this update resulted in an increase to equipment sales of approximately $10 million in fourth quarter 2019. The adoption of the new standard did not, nor is it expected to, have a material impact on our results of operations or cash flows. Operating leases ROU assets, net and operating lease liabilities were reported in the Condensed Consolidated Balance Sheets as follows: (in millions) December 31, 2019 Other long-term assets $319 Accrued expenses and other current liabilities $87 Other long-term liabilities 260 Total Operating lease liabilities $347 Cash, Cash Equivalents and Restricted Cash Restricted cash primarily relates to escrow cash deposits made in Brazil associated with ongoing litigation. Various litigation matters in Brazil require us to make cash deposits to escrow as a condition of continuing the litigation. Restricted cash amounts are classified in our Condensed Consolidated Balance Sheets based on when the cash is expected to be contractually or judicially released. (in millions) December 31, 2019 December 31, 2018 Cash and cash equivalents $2,740 $1,081 Restricted cash Litigation deposits in Brazil 55 61 Other restricted cash — 3 Total Restricted cash 55 64 Cash, cash equivalents and restricted cash 2,795 1,145 Cash, cash equivalents and restricted cash - discontinued operations — 3 Cash, cash equivalents and restricted cash - total $2,795 $1,148 Restricted cash was reported in the Condensed Consolidated Balance Sheets as follows: (in millions) December 31, 2019 December 31, 2018 Other current assets $— $1 Other long-term assets 55 63 Total Restricted cash $55 $64 20 424 of 1132 429 Debt and Customer Financing Activities The following summarizes our debt: (in millions) December 31, 2019 December 31, 2018 Principal debt balance(1) $4,313 $5,281 Net unamortized discount (16) (25) Debt issuance costs (17) (25) Fair value adjustments(2) - terminated swaps 1 2 - current swaps 1 (3) Total Debt $4,282 $5,230 ____________________________ (1) There were no Notes Payable as of December 31, 2019 and December 31, 2018. (2) Fair value adjustments include the following: (i) fair value adjustments to debt associated with terminated interest rate swaps, which are being amortized to interest expense over the remaining term of the related notes; and (ii) changes in fair value of hedged debt obligations attributable to movements in benchmark interest rates. Hedge accounting requires hedged debt instruments to be reported inclusive of any fair value adjustment. Finance Assets and Related Debt The following represents our total finance assets, net associated with our lease and finance operations: (in millions) December 31, 2019 December 31, 2018 Total finance receivables, net(1) $3,351 $3,472 Equipment on operating leases, net 364 442 Total Finance Assets, net(2) $3,715 $3,914 ____________________________ (1) Includes (i) Billed portion of finance receivables, net, (ii) Finance receivables, net and (iii) Finance receivables due after one year, net as included in our Condensed Consolidated Balance Sheets. (2) The change from December 31, 2018 includes an increase of $3 million due to currency. Our lease contracts permit customers to pay for equipment over time rather than at the date of installation; therefore, we maintain a certain level of debt (that we refer to as financing debt) to support our investment in these lease contracts, which are reflected in total finance assets, net. For this financing aspect of our business, we maintain an assumed 7:1 leverage ratio of debt to equity as compared to our finance assets. Based on this leverage, the following represents the breakdown of total debt between financing debt and core debt: (in millions) December 31, 2019 December 31, 2018 Finance receivables debt(1) $2,932 $3,038 Equipment on operating leases debt 319 387 Financing debt 3,251 3,425 Core debt 1,031 1,805 Total Debt $4,282 $5,230 ____________________________ (1) Finance receivables debt is the basis for our calculation of "Cost of financing" expense in the Condensed Consolidated Statements of Income. Sales of Accounts Receivable Accounts receivable sales arrangements may be utilized in the normal course of business as part of our cash and liquidity management. Accounts receivable sold are generally short-term trade receivables with payment due dates of less than 60 days. 21 425 of 1132 430 Accounts receivable sales activities were as follows: Three Months Ended December 31, (in millions) 2019 2018 Accounts receivable sales(1) $128 $108 Loss on sales of accounts receivable 1 1 Estimated increase to operating cash flows(2) 67 36 ____________________________ (1) Customers may also enter into structured-payable arrangements that require us to sell our receivables from that customer to a third-party financial institution, which then makes payments to us to settle the customer's receivable. In these instances, we ensure the sale of the receivables are bankruptcy remote and the payment made to us is without recourse. The activity associated with these arrangements is not reflected in this disclosure as payments under these arrangements have not been material and these are customer directed arrangements. (2) Represents the difference between current and prior period accounts receivable sales adjusted for the effects of currency. 22 426 of 1132 431 Corporate Reorganization On March 6, 2019, the Xerox Board of Directors approved a reorganization (the “Reorganization”) of the Company's corporate structure into a holding company structure. The Reorganization was subject to the approval of shareholders, which was obtained at the annual shareholders meeting held May 21, 2019. On July 31, 2019, the Reorganization was completed, pursuant to which Xerox (the predecessor publicly held parent company) became a direct, wholly-owned subsidiary of Xerox Holdings. The business operations, directors and executive officers of the Company did not change as a result of the Reorganization. In this Reorganization, shareholders of Xerox became shareholders of Xerox Holdings on a one-for-one basis; maintaining the same number of shares and ownership percentage as held in Xerox immediately prior to the Reorganization. In addition, the individual holder of the shares of Xerox’s Series B Preferred Stock exchanged those shares for the same number of shares of Xerox Holdings Series A Preferred Stock. Each share of Xerox Holdings Series A Preferred Stock has the same designations, rights, powers and preferences, and the same qualifications, limitations and restrictions as the shares of Xerox Series B Preferred Stock, with the addition of certain voting rights. In connection with the Reorganization, Xerox Holdings assumed each of the Xerox stock plans, all unexercised and unexpired options to purchase Xerox common stock and each right to acquire or vest in a share of Xerox common stock, including restricted stock unit awards, performance share awards and deferred stock units that are outstanding under the Xerox stock plans. In addition, Xerox Holdings became a guarantor of Xerox’s existing Credit Facility. The Reorganization was accounted for as a transaction among entities under common control and is expected to be a tax-free transaction for U.S. federal income tax purposes. Shares of Xerox Holdings common stock trade on the New York Stock Exchange under the ticker symbol “XRX”, formerly used by Xerox. Shared Services Arrangement with HCL Technologies In March 2019, as part of Project Own It, Xerox entered into a shared services arrangement with HCL Technologies ("HCL") pursuant to which we are transitioning certain global administrative and support functions, including, among others, selected information technology and finance functions (excluding accounting), from Xerox to HCL. This transition is expected to take up to 18 months. HCL is expected to make certain up-front and ongoing investments in software, tools and other technology to consolidate, optimize and automate the transferred functions with the goal of providing improved service levels and significant cost savings. The shared services arrangement with HCL includes a total aggregate spending commitment by us of approximately $1.3 billion over the next 7 years (includes approximately $100 million incurred in 2019). However, we can terminate the arrangement at any time at our discretion, subject to payment of termination fees that decline over the term, or for cause. The spending commitment excludes restructuring and related costs we are expected to incur in connection with the transition of the contemplated functions. See Restructuring and Related Costs within the Costs, Expenses and Other Income section. The transfer of employees associated with the HCL arrangement in certain countries was subject to compliance with works council and other employment regulatory requirements in those countries, which delayed the transfer as well as the expected savings from the arrangement. During fourth quarter 2019, we incurred net charges of approximately $35 million associated with this arrangement, which only reflects the cost associated with the employees transferred to date. The cost has been allocated to the various functional expense lines in the Condensed Consolidated Income Statement based on an assessment of the nature and amount of the costs incurred for the various transferred functions prior to their transfer to HCL. Proposed Transaction with HP In November 2019, Xerox proposed a business combination transaction with HP Inc. (“HP”) in which HP shareholders would receive $17 per share in cash, and approximately 48% of the pro forma combined company (based on 0.137 Xerox share for each HP share). In January 2020, Xerox obtained $24 billion in financing commitments to support the proposed business combination transaction with HP. HP has rejected the proposal and refused to engage in mutual due diligence or negotiations regarding the proposal. In January 2020, Xerox nominated a slate of directors to HP’s board to be voted on at HP’s 2020 annual meeting of stockholders. Xerox intends to continue to pursue the proposed business combination transaction. 23 427 of 1132 432 Forward-Looking Statements This release, and other written or oral statements made from time to time by management contain “forward-looking statements” as defined in the Private Securities Litigation Reform Act of 1995. The words “anticipate”, “believe”, “estimate”, “expect”, “intend”, “will”, “should”, "targeting", "projecting", "driving" and similar expressions, as they relate to us, our performance and/or our technology, are intended to identify forward-looking statements. These statements reflect management’s current beliefs, assumptions and expectations and are subject to a number of factors that may cause actual results to differ materially. Such factors include but are not limited to: our ability to address our business challenges in order to reverse revenue declines, reduce costs and increase productivity so that we can invest in and grow our business; our ability to attract and retain key personnel; changes in economic and political conditions, trade protection measures, licensing requirements and tax laws in the United States and in the foreign countries in which we do business; the imposition of new or incremental trade protection measures such as tariffs and import or export restrictions; changes in foreign currency exchange rates; our ability to successfully develop new products, technologies and service offerings and to protect our intellectual property rights; the risk that multi-year contracts with governmental entities could be terminated prior to the end of the contract term and that civil or criminal penalties and administrative sanctions could be imposed on us if we fail to comply with the terms of such contracts and applicable law; the risk that partners, subcontractors and software vendors will not perform in a timely, quality manner; actions of competitors and our ability to promptly and effectively react to changing technologies and customer expectations; our ability to obtain adequate pricing for our products and services and to maintain and improve cost efficiency of operations, including savings from restructuring actions; the risk that confidential and/or individually identifiable information of ours, our customers, clients and employees could be inadvertently disclosed or disclosed as a result of a breach of our security systems due to cyber attacks or other intentional acts; reliance on third parties, including subcontractors, for manufacturing of products and provision of services; the exit of the United Kingdom from the European Union; our ability to manage changes in the printing environment and expand equipment placements; interest rates, cost of borrowing and access to credit markets; funding requirements associated with our employee pension and retiree health benefit plans; the risk that our operations and products may not comply with applicable worldwide regulatory requirements, particularly environmental regulations and directives and anti-corruption laws; the outcome of litigation and regulatory proceedings to which we may be a party; any impacts resulting from the restructuring of our relationship with Fujifilm Holdings Corporation; the shared services arrangements entered into by us as part of Project Own It; the ultimate outcome of any possible transaction between Xerox Holdings Corporation (“Xerox”) and HP Inc. (“HP”), including the possibility that the parties will not agree to pursue a business combination transaction or that the terms of any definitive agreement will be materially different from those proposed; uncertainties as to whether HP will cooperate with Xerox regarding the proposed transaction; the ultimate result should Xerox determine to commence a proxy contest for election of directors to HP’s board of directors; Xerox’s ability to consummate the proposed transaction with HP; the conditions to the completion of the proposed transaction, including the receipt of any required shareholder approvals and any required regulatory approvals; Xerox’s ability to finance the proposed transaction with HP; Xerox’s indebtedness, including the substantial indebtedness Xerox expects to incur in connection with the proposed transaction with HP and the need to generate sufficient cash flows to service and repay such debt; the possibility that Xerox may be unable to achieve expected synergies and operating efficiencies within the expected time-frames or at all and to successfully integrate HP’s operations with those of Xerox; that such integration may be more difficult, time-consuming or costly than expected; that operating costs, customer loss and business disruption (including, without limitation, difficulties in maintaining relationships with employees, customers or suppliers) may be greater than expected following the proposed transaction or the public announcement of the proposed transaction; the retention of certain key employees may be difficult; and general economic conditions that are less favorable than expected. Additional risks that may affect Xerox’s operations and other factors that are set forth in the “Risk Factors” section, the “Legal Proceedings” section, the “Management’s Discussion and Analysis of Financial Condition and Results of Operations” section and other sections of Xerox Corporation's 2018 Annual Report on Form 10-K, as well as in Xerox Corporation's and Xerox Holdings Corporation's Quarterly Reports on Form 10-Q and Current Reports on Form 8-K filed with the SEC. These forward-looking statements speak only as of the date of this release or as of the date to which they refer, and Xerox assumes no obligation to update any forward-looking statements as a result of new information or future events or developments, except as required by law. 24 428 of 1132 433 Non-GAAP Financial Measures We have reported our financial results in accordance with generally accepted accounting principles (GAAP). In addition, we have discussed our financial results using the non-GAAP measures described below. We believe these non-GAAP measures allow investors to better understand the trends in our business and to better understand and compare our results. Accordingly, we believe it is necessary to adjust several reported amounts, determined in accordance with GAAP, to exclude the effects of certain items as well as their related income tax effects. A reconciliation of these non-GAAP financial measures to the most directly comparable financial measures calculated and presented in accordance with GAAP are set forth below as well as in the fourth quarter 2019 presentation slides available at www.xerox.com/investor. These non-GAAP financial measures should be viewed in addition to, and not as a substitute for, the company’s reported results prepared in accordance with GAAP. Adjusted Earnings Measures •Net Income and Earnings per share (EPS) •Effective Tax Rate The above measures were adjusted for the following items: •Restructuring and related costs: Restructuring and related costs include restructuring and asset impairment charges as well as costs associated with our transformation programs beyond those normally included in restructuring and asset impairment charges. Restructuring consists of costs primarily related to severance and benefits paid to employees pursuant to formal restructuring and workforce reduction plans. Asset impairment includes costs incurred for those assets sold, abandoned or made obsolete as a result of our restructuring actions, exiting from a business or other strategic business changes. Additional costs for our transformation programs are primarily related to the implementation of strategic actions and initiatives and include third-party professional service costs as well as one-time incremental costs. All of these costs can vary significantly in terms of amount and frequency based on the nature of the actions as well as the changing needs of the business. Accordingly, due to that significant variability, we will exclude these charges since we do not believe they provide meaningful insight into our current or past operating performance nor do we believe they are reflective of our expected future operating expenses as such charges are expected to yield future benefits and savings with respect to our operational performance. •Amortization of intangible assets : The amortization of intangible assets is driven by our acquisition activity which can vary in size, nature and timing as compared to other companies within our industry and from period to period. The use of intangible assets contributed to our revenues earned during the periods presented and will contribute to our future period revenues as well. Amortization of intangible assets will recur in future periods. •Transaction and related costs, net: Transaction and related costs, net are expenses incurred in connection with i) our announced proposal to acquire HP Inc. and ii) our planned transaction with Fuji, which was terminated in May 2018, inclusive of costs related to litigation resulting from the terminated transaction and other shareholder actions. The costs are primarily for third-party legal, accounting, consulting and other similar type professional services as well as potential legal settlements. These costs are considered incremental to our normal operating charges and were incurred or are expected to be incurred solely as a result of the planned transactions. Accordingly, we are excluding these expenses from our Adjusted Earnings Measures in order to evaluate our performance on a comparable basis. •Non-service retirement-related costs: Our defined benefit pension and retiree health costs include several elements impacted by changes in plan assets and obligations that are primarily driven by changes in the debt and equity markets as well as those that are predominantly legacy in nature and related to employees who are no longer providing current service to the company (e.g. retirees and ex-employees). These elements include (i) interest cost, (ii) expected return on plan assets, (iii) amortization of prior plan amendments, (iv) amortized actuarial gains/losses and (v) the impacts of any plan settlements/curtailments. Accordingly, we consider these elements of our periodic retirement plan costs to be outside the operational performance of the business or legacy costs and not necessarily indicative of current or future cash flow requirements. This approach is consistent with the classification of these costs as non-operating in other expenses, net. Adjusted earnings will continue to include the service cost elements of our retirement costs, which is related to current employee service as well as the cost of our defined contribution plans. 25 429 of 1132 434 •Other discrete, unusual or infrequent items: We excluded the following items given their discrete, unusual or infrequent nature and their impact on our results for the period. ◦Contract termination costs - IT services. ◦Impacts associated with the Tax Cuts and Jobs Act (the "Tax Act") enacted in December 2017. We believe the exclusion of these items allows investors to better understand and analyze the results for the period as compared to prior periods and expected future trends in our business. Adjusted Operating Income/Margin We calculate and utilize adjusted operating income and margin measures by adjusting our reported pre-tax income and margin amounts. In addition to the costs and expenses noted as adjustments for our Adjusted Earnings measures, adjusted operating income and margin also exclude the remaining amounts included in Other expenses, net, which are primarily non-financing interest expense and certain other non-operating costs and expenses. We exclude these amounts in order to evaluate our current and past operating performance and to better understand the expected future trends in our business. Constant Currency To better understand trends in our business, we believe that it is helpful to adjust revenue to exclude the impact of changes in the translation of foreign currencies into U.S. dollars. We refer to this adjusted revenue as “constant currency.” This impact is calculated by translating current period activity in local currency using the comparable prior year period's currency translation rate. This impact is calculated for all countries where the functional currency is not the U.S. dollar. Management believes the constant currency measure provides investors an additional perspective on revenue trends. Currency impact can be determined as the difference between actual growth rates and constant currency growth rates. Free Cash Flow To better understand trends in our business, we believe that it is helpful to adjust operating cash flows by subtracting amounts related to capital expenditures. Management believes this measure gives investors an additional perspective on cash flow from operating activities in excess of amounts required for reinvestment. It provides a measure of our ability to fund acquisitions, dividends and share repurchase. Summary: Management believes that all of these non-GAAP financial measures provide an additional means of analyzing the current period’s results against the corresponding prior period’s results. However, these non-GAAP financial measures should be viewed in addition to, and not as a substitute for, the company’s reported results prepared in accordance with GAAP. Our non-GAAP financial measures are not meant to be considered in isolation or as a substitute for comparable GAAP measures and should be read only in conjunction with our consolidated financial statements prepared in accordance with GAAP. Our management regularly uses our supplemental non-GAAP financial measures internally to understand, manage and evaluate our business and make operating decisions. These non-GAAP measures are among the primary factors management uses in planning for and forecasting future periods. Compensation of our executives is based in part on the performance of our business based on these non-GAAP measures. A reconciliation of these non-GAAP financial measures and the most directly comparable measures calculated and presented in accordance with GAAP are set forth on the following tables: 26 430 of 1132 435 Net Income and EPS reconciliation Three Months Ended December 31, Year Ended December 31, 2019 2018 2019 2018 (in millions, except per share amounts) Net Income EPS Net Income EPS Net Income EPS Net Income EPS Reported(1) $266 $1.17 $91 $0.37 $648 $2.78 $306 $1.16 Adjustments: Restructuring and related costs 53 67 229 157 Amortization of intangible assets 10 12 45 48 Transaction and related costs, net 4 5 12 68 Non-service retirement-related costs (3) 67 18 150 Contract termination costs - IT services (4) 43 (12) 43 Income tax on adjustments(2) (22) (48) (77) (116) Tax Act (4) (6) (35) 89 Adjusted $300 $1.33 $231 $0.94 $828 $3.55 $745 $2.88 Dividends on preferred stock used in adjusted EPS calculation(3) — — — — Weighted average shares for adjusted EPS(3) 227 246 233 258 Fully diluted shares at end of period(4) 224 ____________________________ (1) Net income and EPS from continuing operations attributable to Xerox Holdings. (2) Refer to Effective Tax Rate reconciliation. (3) For those periods that exclude the preferred stock dividend, the average shares for the calculations of diluted EPS include 7 million shares associated with our Series A convertible preferred stock, as applicable. (4) Represents common shares outstanding at December 31, 2019 as well as shares associated with our Series A convertible preferred stock plus potential dilutive common shares as used for the calculation of diluted earnings per share for the fourth quarter 2019. Effective Tax Rate reconciliation Three Months Ended December 31, 2019 Three Months Ended December 31, 2018 (in millions) Pre-Tax Income Income Tax Expense Effective Tax Rate Pre-Tax Income Income Tax Expense Effective Tax Rate Reported(1) $336 $73 21.7% $124 $34 27.4% Non-GAAP Adjustments(2) 60 22 194 48 Tax Act — 4 — 6 Adjusted(3) $396 $99 25.0% $318 $88 27.7% Year Ended December 31, 2019 Year Ended December 31, 2018 (in millions) Pre-Tax Income Income Tax Expense Effective Tax Rate Pre-Tax Income Income Tax Expense Effective Tax Rate Reported(1) $822 $179 21.8% $549 $247 45.0% Non-GAAP Adjustments(2) 292 77 466 116 Tax Act — 35 — (89) Adjusted(3) $1,114 $291 26.1% $1,015 $274 27.0% ____________________________ (1) Pre-tax income and income tax expense from continuing operations. (2) Refer to Net Income and EPS reconciliation for details. (3) The tax impact on Adjusted Pre-Tax Income from continuing operations is calculated under the same accounting principles applied to the Reported Pre-Tax Income under ASC 740, which employs an annual effective tax rate method to the results. 27 431 of 1132 436 Operating Income / Margin reconciliation Three Months Ended December 31, 2019 Three Months Ended December 31, 2018 (in millions) Profit Revenue Margin Profit Revenue Margin Reported(1) $336 $2,444 13.7% $124 $2,498 5.0% Adjustments: Restructuring and related costs 53 67 Amortization of intangible assets 10 12 Transaction and related costs, net 4 5 Other expenses, net 8 144 Adjusted $411 $2,444 16.8% $352 $2,498 14.1% Year Ended December 31, 2019 Year Ended December 31, 2018 (in millions) Profit Revenue Margin Profit Revenue Margin Reported(1) $822 $9,066 9.1% $549 $9,662 5.7% Adjustments: Restructuring and related costs 229 157 Amortization of intangible assets 45 48 Transaction and related costs, net 12 68 Other expenses, net 84 271 Adjusted $1,192 $9,066 13.1% $1,093 $9,662 11.3% ____________________________ (1) Pre-Tax Income and revenue from continuing operations. Free Cash Flow reconciliation Three Months Ended December 31, Year Ended December 31, (in millions) 2019 2018 2019 2018 Reported(1) $398 $384 $1,244 $1,082 Capital Expenditures (17) (17) (65) (90) Free Cash Flow $381 $367 $1,179 $992 ____________________________ (1) Net cash provided by operating activities from continuing operations. Guidance Earnings per Share FY 2020 (in millions, except per share amounts) Net Income EPS Estimated(1) $625 ~ $2.80 - $2.90 Adjustments: Restructuring and related costs 175 Amortization of intangible assets 35 Non-service retirement-related costs 35 Income tax on adjustments (70) Adjusted $800 ~ $3.60 - $3.70 Estimated Full Year 2020 weighted average shares for GAAP and adjusted EPS 220 ____________________________ (1) Net Income and EPS from continuing operations attributable to Xerox Holdings. 28 432 of 1132 437 Operating Income / Margin FY 2020 (in millions) Profit Revenue(2) Margin Estimated(1) $845 $8,625 ~ 10% Adjustments: Restructuring and related costs 175 Amortization of intangible assets 35 Non-service retirement-related costs 35 Other expenses, net 40 Adjusted $1,130 $8,625 ~ 13% ____________________________ (1) Pre-Tax Income and revenue from continuing operations. (2) Full year 2020 revenue reflects an estimated revenue decline at actual currency of approximately 4.9% from FY 2019, or a decline of approximately 4% excluding the impact of the upfront OEM license fee of $77M in 2019. Impact from translation currency is de minimis. Free Cash Flow (in millions) FY 2020 Operating Cash Flow(1) ~ $1,300 Less: capital expenditures (100) Free Cash Flow ~ $1,200 ____________________________ (1) Net cash provided by operating activities from continuing operations. 29 433 of 1132 438 APPENDIX I Xerox Holdings Corporation Earnings per Common Share (in millions, except per-share data, shares in thousands) Three Months Ended December 31, Year Ended December 31, 2019 2018 2019 2018 Basic Earnings per Share: Net Income from continuing operations attributable to Xerox Holdings $266 $91 $648 $306 Accrued dividends on preferred stock (3) (3) (14) (14) Adjusted net income from continuing operations available to common shareholders $263 $88 $634 $292 Net income from discontinued operations attributable to Xerox Holdings, net of tax 552 46 705 55 Adjusted net income available to common shareholders $815 $134 $1,339 $347 Weighted average common shares outstanding 215,499 236,190 221,969 248,707 Basic Earnings per Share: Continuing operations $1.22 $0.37 $2.86 $1.17 Discontinued operations 2.56 0.19 3.17 0.23 Basic Earnings per Share $3.78 $0.56 $6.03 $1.40 Diluted Earnings per Share: Net Income from continuing operations attributable to Xerox Holdings $266 $91 $648 $306 Accrued dividends on preferred stock — (3) — (14) Adjusted net income from continuing operations available to common shareholders $266 $88 $648 $292 Net income from discontinued operations attributable to Xerox Holdings, net of tax 552 46 705 55 Adjusted net income available to common shareholders $818 $134 $1,353 $347 Weighted average common shares outstanding 215,499 236,190 221,969 248,707 Common shares issuable with respect to: Stock Options 111 — 55 — Restricted stock and performance shares 4,326 3,188 4,403 2,953 Convertible preferred stock 6,742 — 6,742 — Adjusted weighted average common shares outstanding 226,678 239,378 233,169 251,660 — Diluted Earnings per Share: Continuing operations $1.17 $0.37 $2.78 $1.16 Discontinued operations 2.44 0.19 3.02 0.22 Diluted Earnings per Share $3.61 $0.56 $5.80 $1.38 The following securities were not included in the computation of diluted earnings per share as they were either contingently issuable shares or shares that if included would have been anti-dilutive: Stock options 750 1,022 805 1,022 Restricted stock and performance shares 1,350 2,833 1,272 3,068 Convertible preferred stock — 6,742 — 6,742 Total Anti-Dilutive Securities 2,100 10,597 2,077 10,832 Dividends per Common Share $0.25 $0.25 $1.00 $1.00 30 434 of 1132 439 APPENDIX II Xerox Holdings Corporation Geographic Sales Channels and Product/Offering Definitions Our business is aligned to a geographic focus and is primarily organized on the basis of go-to-market sales channels, which are structured to serve a range of customers for our products and services. In 2019 we changed our geographic structure to create a more streamlined, flatter and more effective organization, as follows: •Americas, which includes our sales channels in the U.S. and Canada, as well as Mexico, and Central and South America. •EMEA, which includes our sales channels in Europe, the Middle East, Africa and India. •Other, primarily includes sales to and royalties from Fuji Xerox, and our licensing revenue. Our products and offerings include: •“Entry”, which includes A4 devices and desktop printers. Prices in this product group can range from approximately $150 to $3,000. •“Mid-Range”, which includes A3 Office and Light Production devices that generally serve workgroup environments in mid to large enterprises. Prices in this product group can range from approximately $2,000 to $75,000+. •“High-End”, which includes production printing and publishing systems that generally serve the graphic communications marketplace and large enterprises. Prices for these systems can range from approximately $30,000 to $1,000,000+. •Xerox Services, formerly known as Managed Document Services (MDS), which includes solutions and services that span from managing print to automating processes to managing content. Our primary offerings are Intelligent Workplace Services (IWS), which is our rebranded Managed Print Services, as well as Digital and Cloud Print Services (including centralized print services). Xerox Services also includes Communication and Marketing Solutions that were previously excluded from our former MDS definition. 31 435 of 1132 440 APPENDIX III Change in Presentation During first quarter 2019, we realigned portions of our business to support our new revenue strategy. This realignment included the combination and consolidation of certain sales units to better service customers consistently across the company. In connection with that realignment, we changed the classification of revenues and those related costs from certain service arrangements to consistently conform the presentation of those amounts among our various business units. Prior year amounts were also revised as follows to conform with the 2019 presentation. The revised presentation does not impact total revenues, total expenses or net income. Three Months Ended December 31, 2018 As Reported(1) Change As Revised Sales $1,044 $(86) $958 Services, maintenance and rentals 1,390 86 1,476 Cost of sales $639 $(26) $613 Cost of services, maintenance and rentals 829 26 855 ________________________ (1) Sales and Cost of sales from continuing operations. 32 436 of 1132 441 Describe your plan for quality management and process for continuous improvement of the program for the specified Goods and Services. Our strategy for University of California will come full circle through our robust customer-oriented tools that drive satisfaction levels and continuous service improvement. Because we understand how crucial prompt and effective service is to your success, Xerox will utilize our SentinelTM Customer Satisfaction Assurance System to proactively identify and solve any issues at their source. This global, just-in-time tool will allow Xerox to keep a strong pulse on the satisfaction of your end users through a web-based connection between your employees who use our products and services and the Xerox problem solvers dedicated to your account. Sentinel’s survey tool communicates with your entire company through e- mail to gather ongoing data and record uncensored feedback from your end users, then automatically creates an electronic problem ticket so that Xerox can make adjustments in real time instead of following up on escalated complaints reactively. Xerox will use the results of our SentinelTM program to drive continuous service improvement across University of California’s print enterprise. The tool can be used quarterly, annually or on an ad hoc basis—and the results will be brought to life in our in our Quarterly Business Review (QBR) process, through which we will utilize SentinelTM survey data to gauge your appetite for improvements and further innovation. This ongoing review process will not only strengthen the relationship between University of California end users and Xerox, but also allow us to equip University of California with the printer support tools and services you need to attract and retain the Next Generation of your global workforce. Additionally, Xerox senior leadership team has committed the entire company to implementing a formal quality assurance program called Xerox Lean Six Sigma (LSS). This strategy provides a fundamental approach to our business and yours. It is a disciplined, data-driven method of reducing waste and variation in processes so they consistently deliver products and services at the quality levels, speeds and prices that our clients value. Our Xerox LSS deployment includes leadership training of senior executives and managers, as well as the specialized training of Master Black Belts, Black Belts and Green Belts. This training ensures the pervasive use of LSS, its tools, and its processes throughout our organization. LSS gives Xerox’s management teams a common culture, language, and tool set. Using LSS delivers immediate and continuous improvement results using fact-based decision-making and well-defined metrics. LSS promotes collaboration across traditional functional and work process boundaries inside the company and with our customers In addition to supporting quality management systems, Xerox solutions also incorporate components that allow our customers to meet many common legal and regulatory requirements. Xerox will work with UC to gain an understanding of specific quality, legal and regulatory requirements to ensure these requirements are met. As part of our continuing engagement process, UC representatives and the Xerox account team will hold account review meetings on a regular basis, or as requested, focusing on quality management and reviewing the process for continuous improvement. The main objective of these account reviews is to discuss operational and technical issues and performance against standards. Topics discussed may include open issues and progress toward resolution, proposed /impending changes, status of special projects, optimization/future state review, any UC support requirements, UC management support and UC communication needs. Xerox bases its technical service delivery system on using data to evaluate performance. From this method, we can create and build a mutually beneficial business relationship. Our approach will be to report baseline service metrics on a monthly or quarterly basis, as required. Our standard reports will include data on current-month performance as well as trends that accurately show 437 of 1132 442 our extended performance. Our ability to capture and display data in this format allows us to quickly identify and capitalize on any existing performance improvement opportunities. 438 of 1132 443 Please describe in detail your company’s delivery and installation capabilities, including fulfillment process from UC purchase order submission to delivery. Xerox personnel will work with UC to develop a mutually-agreeable implementation plan for delivery, installation, and training. Implementation planning involves three key steps: (1) Pre-Installation, (2) Installation, and (3) Post-Installation. Xerox understands it is responsible for the installation of all equipment and necessary training. As part of the installation process, we conduct standard diagnostic testing, including validating that equipment is producing acceptable copies and printed documents, and that the scanning capabilities are functional. Xerox is not responsible for the cabling of networked devices. When our local delivery carrier receives the equipment order from Xerox, they contact UC to schedule an acceptable delivery date. Upon delivery, the delivery carrier unpacks the system and, based on the products ordered, either a Xerox Customer Service Engineer (CSE) or the delivery carrier handles the installation. Carrier Installation: After the delivery carrier delivers and unpacks the system, the Analyst "meets the truck” and installs the system hardware. The Analyst also connects all system components prior to powering up the system. Implementation and installation activities are completed to fully enable all features and functions purchased. Then, Xerox provides an overview of basic functionality, including a review of the equipment’s software applications. Within 24 hours of installation, your local POC/Sales Executives follows up to ensure customer satisfaction and answer any outstanding questions. Certain activities require support from UC to ensure a smooth transition and implementation. They include: • Provide Xerox with sufficient, timely, free and safe access to UC premises for Xerox to fulfil its obligations. • Name an IT contact as a resource that will ensure all necessary network security, authorization, and authentication credentials are in place. The IT contact should be readily available and able to particip ate in installation activities. • Identify network topology and domains and provide a document that maps these to geographical locations served. • Identify network domains and trust relationships between the domains. • Identify operating system, including versions and revision levels, associated with the primary domain server. • Identify what print server operating systems (versions and revision levels) are in use in locatio ns to be serviced. • Identify network mechanisms for device identification and management on each domain to be serviced, including network address or host name resolution (DNS, Net Bios, etc.). • Notify Xerox of network, SMTP gateway and Internet proxy server problems. • Provide (or contract for provision of) all necessary wiring and active network connections. • Supply IP addresses/subnet masks. 439 of 1132 444 Implementation Xerox personnel will work with UC to develop a mutually-agreeable implementation plan for delivery, installation, and training. As shown in the following diagram, implementation planning involves three key steps: (1) Pre-Installation, (2) Installation, and (3) Post -Installation. Xerox understands it is responsible for the installation of all equipment and necessary training. As part of the installation process, we conduct standard diagnostic testing, including validating that equipment is producing acceptable copies and printed documents, and that the scanning capabilities are functional. Xerox is not responsible for the cabling of networked devices. When our local delivery carrier receives the equipment order from Xerox, they contact UC to schedule an acceptable delivery date. Upon delivery, the delivery carrier unpacks the system and, based on the products ordered, either a Xerox Customer Service Engineer (CSE) or the delivery carrier handles the installation. CSE Installation (WorkCentre Models): After the delivery carrier delivers and unpacks the system, the CSE “meets the truck” and installs the system hardware. The CSE also connects all system components prior to powering up the system. This is followed up with Analyst Services, at which time all implementation and installation activities are completed to fully en able all features and functions purchased. Then, Xerox provides an overview of basic functionality, including a review of the equipment’s software applications. Within 24 hours of installation, your local POC/Sales Executives follows up to ensure customer satisfaction and answer any outstanding questions. UC Participation 440 of 1132 445 Discuss requ irements and so lution , inc lud ing : • Space requ irements • Software requ irements • Startup dates Fo ll ow agreed upo} task and schedu le deta il ed in the plan . • Determ ine need for any} additiona l actions • Eva luate success • Re inforce and ensure customer satisfaction Pre-Installation Post-Installation The Implementation Plan establ ishes the scope and the activit ies to be inc luded in the insta ll at ion . It describes the tasks that need to be completed and identifies who is responsib le (Xerox or Cli ent) and g ives the duration or t ime li ne for completing the task . Implementation Plan Meeting nal ize key e lements of the implementation , inc lud ing : • Obj ectives • Measure of Success • Scope of Project • Resources & Respons ibili ties • Target Dates • Schedu le of Activities Certain activities require support from UC to ensure a smooth transition and implementation. They include: • Provide Xerox with sufficient, timely, free and safe access to UC premises for Xerox to fulfil its obligations. • Name an IT contact as a resource that will ensure all necessary network security, authorization, and authentication credentials are in place. The IT contact should be readily available and able to participate in installation activities. • Identify network topology and domains and provide a document that maps these to geographical locations served. • Identify network domains and trust relationships between the domains. • Identify operating system, including versions and revision levels, associated with the primary domain server. • Identify what print server operating systems (versions and revision levels) are in use in locations to be serviced. • Identify network mechanisms for device identification and management on each domain to be serviced, including network address or host name resolution (DNS, Net Bios, etc.). • Notify Xerox of network, SMTP gateway and Internet proxy server problems. • Provide (or contract for provision of) all necessary wiring and active network connection s. • Supply IP addresses/subnet masks. Change Management As new floor maps and processes are put into effect, an effective change management plan is designed to ensure a smooth implementation process. We work with UC to create a joint change management plan that minimizes end-user dissatisfaction and accelerates adoption rates. The change management plan includes the following: • Communications - Communication strategy tailored to UC’s unique environment • Training - Training strategy and tools tailored to meet user needs • Configuration - Understanding user needs and configuring environment appropriately • Transition (“go-live”) Support - Support to assure the best possible transition and implementation To help understand all the activities that must occur for delivery, installation, and training, we have included a sample Implementation Plan template below. This sample Implementation Plan identifies the implementation task, owner responsible for the completion of the task, and target completion da te for each task within the plan. 441 of 1132 446 Implementation Project Plan Project Tasks Owner(s) Owner(s) Target Date Project Start-Up (After Contract Award) Contract Award UC TBD Finalize the implementation requirements Conduct beta testing – gain compliance approvals UC and Xerox TBD Develop communications plan for customer and Xerox employees UC and Xerox TBD Communicate Xerox Project Team responsibilities Xerox TBD Define and communicate Xerox services to team Xerox TBD Locations Confirm individual locations UC and Xerox TBD Identify Principals and Key Contacts UC TBD Identify key users UC and Xerox TBD Identify MFD requirements and configurations Xerox TBD Introduce Local Project Team Members Xerox TBD Define and document unique requirements UC TBD Project Start Up Phase Complete Installation Plan and Design Xerox TBD Validate fleet equipment recommendations and location UC and Xerox TBD Allocate space for equipment removal (if required) UC TBD Confirm delivery requirements Xerox TBD Provide access to loading dock required for Installation Team UC TBD Validate network drop and power requirements Xerox TBD Provide a communication plan during implementation of ‘who to call’ Xerox TBD Check electric, power, install network drops, fax lines as required Xerox TBD Conduct final Inspection and check to ensure compliance Xerox TBD Order Xerox equipment and software Xerox TBD Deliver Xerox equipment and software Xerox TBD Deploy Xerox equipment and software Xerox TBD Deliver Customer Welcome Kit (if applicable) Xerox TBD Remove existing equipment (if traded) Xerox TBD Install Xerox equipment (delivery carrier or CSE) Xerox TBD Connect Xerox equipment to LAN UC and Xerox TBD Test equipment and confirm install UC and Xerox TBD Test network devices UC and Xerox TBD 442 of 1132 447 Project Tasks Owner(s) Owner(s) Target Date Create Print Queues on customer’s server UC and Xerox TBD Install Xerox Print Drivers on customer’s PCs UC and Xerox TBD Change Print Default to closest Xerox device UC and Xerox TBD Training Identify and clarify training requirements for each Location UC TBD Schedule and arrange training – by location Xerox TBD Communicate training schedule to customer staff UC TBD Engage training staff, coordinate training Xerox TBD Provide end-user product CD-ROM Xerox TBD Schedule on-site, “walk-up” training to work groups Xerox TBD Schedule print driver training Xerox TBD Identify additional special training requirements UC TBD Provide links to Brainshark on-demand training Xerox TBD Supplies Place Initial Xerox supply order Xerox TBD Order back-up Smart Kits for new devices Xerox TBD Provide supplies reorder list to customer employees Xerox TBD Return old equipment supplies (if required) obtain vendor credit UC TBD Xerox supplies received and validated Xerox TBD Business Processes Finalize and communicate billing and reporting process Xerox TBD Develop Invoice Template Xerox TBD Account Management Strategy Developed Xerox TBD Schedule follow-up installation meeting Xerox TBD Develop account review schedule Xerox TBD Develop, test, and train Reporting Processes UC and Xerox TBD 443 of 1132 448 Describe the account management team, and all roles thereunder, that you would assign to the UC system if awarded under this RFP, including senior account manager responsible for the entire agreement and UC relationship and local account representatives responsible for each specific UC location. For every role/representative, provide: a description of the role’s responsibilities, the name of who will fill this role, their title, and a summary of their qualifications including years of pertinent experience and ALL certifications. Include attachment if necessary. Xerox is well staffed to support UC’s requirement for frequent on-site visitation to support each of your locations. We have a team of 8 regionally based Client Managers, a statewide sales channel model, a team of product and solutions specialist and Higher Ed management leadership who provide localized support to the UC System and the 10 campuses. All of our sales resources are based in California and located within close proximity to the UC campuses they support. This team is supported by two additional California-based Vice President resources that provide contract management, escalation support and strategic value to the team and the UC System. Xerox offers clients a broad base of skills and professional consulting expertise. Below is a cross section of the background and skills of Xerox project specialists. For those individuals not already part of the account team, we assign specific resources to the University project following contract signature, depending on personnel availability and project requirements. Account Management Due to the size and importance of the University of California System, we have aligned two Vice Presidents to support you to provide oversight and involvement in both Northern and Southern California. Doug MacPhee, Vice President of Sales (16 years with Xerox): Doug’s 14 years of experience have focused on all areas of sales and operations management. Covering public sector and higher education, the responsibilities have included managing effective and quality sales objectives as well as the day-to-day operational aspects of some of the largest state and local clients in the the State of California. The Vice President is the University System single point of contact responsible for all aspects of your account, throughout the life of the contract. The VP is accountable for leading initiatives where Xerox can assist you in improving your current situation to increase value to your students, staff, and faculty. The VP is responsible for negotiating and administering client contracts, managing the customer relationships at the System level through delivery and ongoing support, and maintaining a long-term relationship with not only the Office of the President but UC campuses and locations throughout California. Michelle Yoshino, Regional Vice President (31 years with Xerox): Michelle Yoshino provides this same oversight for all locations in California and is a Co-VP with Doug MacPhee to ensure all aspects of the UC Office of the President and the entire system are managed effectively to ensure the highest levels of customer satisfaction. Her experience includes oversight and management of the largest public sector accounts in the Southwest which include some of our largest Xerox customers. Jim Potts, Industry Sales Manager (31 years with Xerox): Jim has held a variety of leadership positions in Sales, Sales Management and Marketing Management and is responsible for Sales teams in Northern and Southern California handling major government and higher education customers. Jim prides himself in customer satisfaction and is dedicated to supporting the UC System which encompasses the 10 campuses across the State of California. 444 of 1132 449 Xerox Dedicated UC front line Sales Support Resources in California: CONSOLIDATED ACCOUNT REP NAME REP LOCATION University of California, Berkeley Lawrence Berkeley National Lab UC Hastings College of Law Scott Reiber Bay Area University of California, Davis University of California, Davis Medical Center Bill Bennett Sacramento Area University of California, Irvine University of California, Irvine Medical Center Daria Lewis Orange County Area University of California, Los Angeles University of California, Los Angeles Medical Center Martin Soto Los Angeles Area University of California, Merced Bill Bennett Merced Area University of California, Office of President Scott Reiber Bay Area University of California, Riverside Marcia Quo Schmidt Orange County Area University of California, San Diego University of California, San Diego Medical Center Daria Lewis San Diego Area University of California, San Francisco University of California, San Francisco Medical Center Scott Reiber Bay Area University of California, Santa Barbara Marcia Quo Schmidt Los Angeles Area University of California, Santa Cruz Scott Reiber Bay Area Scott Reiber, Senior Client Manager (31 years with Xerox): Scott Reiber has been the Account Manager and primary sales and solution executive with 30 years of tenure with Xerox Corporation. His entire Xerox career has been focused on servicing UCSF and Berkeley campus and other higher education institutions in the Bay area. Scott also has the responsibility of supporting the UC Office of the President. He has primary accountability to engage sales specialist team members who can include centralized print, manage print, and other offerings. He provides support and related data for industry trends, security related to our products and day to day support of UCSF initiatives with print. His primary role is to identify, articulate and implement product solutions and services to best suit customer requirements for UCSF. 445 of 1132 450 Scott Reiber, Senior Client Manager (31 years with Xerox): Client Manager for UC Office of the President and UC Davis Health Systems. 31 years of industry experience which include sales and operational positions. Substantial background successfully supporting Managed Print Services and Xerox Services accounts. Bill Bennett, Client Manager (30 year with Xerox): Manages the entire sales cycle with assistance from numerous available resources-Manager, Specialists. Account General Manager. Provide support and related data industry trends, security related to our products and services and provide support of all of UC Davis’ and UC Davis Health Systems. Day to day role is to identify, articulate and support products, software, services and solutions to best meet and customer’s requirements while adhering to customer satisfaction goals. Daria Lewis, Senior Client Manager (36 years with Xerox): Manages the entire sales cycle with accountability to engage specialist team members. Provide support and related data for industry trends, security related to our products and provide support of UC Irvine initiatives. Day to day role will identify, articulate, and implement products, solutions, and services to best suit customer requirements while adhering to increased customer satisfaction plans. Marcia Quo-Schmidt, Senior Client Manager (36 years with Xerox)- Manages the entire sales cycle with accountability to engage specialist team members. Provides support and related data, industry trends, security related to our products and services. Identify and understand client’s strategies and goals; then develop and implement solutions that align with their goals. Martin Soto, Client Manager (15 years with Xerox): Manages the Xerox Relationship with UCLA. Works with Account General Manager, Sales Manager and Product Specialists. Provides support and related data, industry trends, security related to our products and services. Provides support of all of UCLA day to day role is to identify, articulate and support products, software, services and solutions to best meet and customer’s requirements and expectations. Bill Bennett, Client Manager (30 years with Xerox): Client Manger for UC Merced. 30 years supporting government and education with Xerox including UC Merced. Day to day role will identify, articulate, and implement products, solutions, and services to best suit customer requirements while adhering to increased customer satisfaction plans. Marcia Quo-Schmidt, Senior Client Manager (36 years with Xerox): Account management and sales support for State/Local Government, and Higher Education to include UC Riverside. Her role is to educate and provide insight and knowledge of managed print services and products to help streamline their business processes. Identify and understand client’s strategies and goals; then develop and implement solutions that align with their goals. Provide and maintain positive customer service with clients for continual partnership and growth. Daria Lewis, Senior Client Manager (36 years with Xerox): Manages the Xerox relationship with UC San Diego's prints and document resource department, Imprints. Imprints has a staff of onsite technicians that provide service for roughly 400 Xerox MPD devices. My responsibilities include providing support and related data for industry trends, security related to our products and general support for UC San Diego initiatives. 446 of 1132 451 Print Driver / Server Environment Certifications Application Certifications BLACK-AND-WHITE DEVICES WHQL CITRIX®1 IPV6 READY BON- JOUR GOOGLE CLOUD PRINT™ MOPRIA®WI-FI DIRECT APPLE® AIR- PRINT® CERNER MEDITECH (SEE PG. 3)SAP PRINTERS Xerox® B210 P P P 2 P P P P P P P Xerox® Phaser® 3330 P P P P P 2 P P P P P Xerox® VersaLink® B400 P P P P P P P 6 P P P P Xerox® VersaLink® B600/B610 P P P P P P P 6 P P P P MULTIFUNCTION PRINTERS Xerox® B205/215 P P P 2 P P P P P P P Xerox® WorkCentre® 3335/3345 P P P P P 3 P P P P P P Xerox® VersaLink® B405 P P P P P P P 6 P P P P Xerox® VersaLink® B605/B615 P P P P P P P 6 P P P P Xerox® VersaLink® B7025/B7030/B7035 P P P P P P P 6 P P P P Xerox® WorkCentre® 5755 Factory Produced New Model P P P P P P Xerox® AltaLink® B8045/B8055/ B8065/B8075/B8090 P P P P P P P P P P P Xerox® PrimeLink B9100/B9110/B9125/B913612 P P P P P P P P13 P13 P Xerox® D95A/D110/D125 Copier/Printer P P P P P Xerox® D110/D125 Printer P P P P Xerox® D136 Copier/Printer P P P P COLOR DEVICES PRINTERS Xerox® Phaser® 6510 P P P P P P P P P P P Xerox® VersaLink® C400 P P P P P P P 6 P P P P Xerox® VersaLink® C500 P P P P P P P 6 P P P P Xerox® VersaLink® C600 P P P P P P P 6 P P P P Xerox® VersaLink® C7000 P P P P P P P 6 P P P P Xerox® VersaLink® C8000 P P P P P P P P P P P Xerox® VersaLink® C9000 P P P P P P P P P P P MULTIFUNCTION PRINTERS Xerox® WorkCentre® 6515 P P P P P P P P P P P Xerox® VersaLink® C405 P P P P P P P 6 P P P P Xerox® VersaLink® C505 P P P P P P P 6 P P P P Xerox® VersaLink® C605 P P P P P P P 6 P P P P Xerox® VersaLink® C7020/C7025/C7030 P P P P P P P 6 P P P P Xerox® WorkCentre® 7535/7556 Factory Produced New Model P P P P P P Xerox® AltaLink® C8030/C8035/ C8045/C8055/C8070 P P P P P P P P P P P Xerox® Color C60/C70 Printer P P P 2 P P Xerox® PrimeLink® C9065/C9070 Printer12 P P P P P P P P P Xerox® WorkCentre® EC7836/EC7856 P P P P P P P P P P Xerox® Office and Light Production Products Industry Certifications 447 of 1132 452 I I I I I I I I I I I I I I I I I I I I I 11 I I I Security Certifications Environmental Certifications BLACK-AND-WHITE DEVICES COMMON CRITERIA FIPS 140-2 MCAFEE® SECURITY ENERGY STAR®BLUE ANGEL ECOLOGO ® EPEAT® (MULTIPLE COUN- TRIES)7 PRINTERS Xerox® B210 P P P P Xerox® Phaser® 3330 P P P P Xerox® VersaLink® B400 P P5 P P P5 Xerox® VersaLink® B600/B610 P P P P P MULTIFUNCTION PRINTERS Xerox® B205/215 P3 P3 P3 P3 Xerox® WorkCentre® 3335/3345 P8 P P P8 Xerox® VersaLink® B405 P P P P P P Xerox® VersaLink® B605/B615 P P P P P P Xerox® VersaLink® B7025/B7030/B7035 P P P P P P Xerox® WorkCentre® 5755 Factory Produced New Model P P P Xerox® AltaLink® B8045/B8055/ B8065/B8075/B8090 P P P P9 P P9 Xerox® PrimeLink B9100/B9110/B9125/B913612 P13 P P P Xerox® D95A/D110/D125 Copier/Printer P P P Xerox® D110/D125 Printer P P P Xerox® D136 Copier/Printer P P P P COLOR DEVICES PRINTERS Xerox® Phaser® 6510 P P P P Xerox® VersaLink® C400 P P5 P P P5 Xerox® VersaLink® C500 P P5 P P P5 Xerox® VersaLink® C600 P P5 P P P5 Xerox® VersaLink® C7000 P P P P P Xerox® VersaLink® C8000 P P P P P Xerox® VersaLink® C9000 P P P P P MULTIFUNCTION PRINTERS Xerox® WorkCentre® 6515 P P P P Xerox® VersaLink® C405 P P P5 P P P5 Xerox® VersaLink® C505 P P P P P P Xerox® VersaLink® C605 P P P P P P Xerox® VersaLink® C7020/C7025/C7030 P P P P P P Xerox® WorkCentre® 7535/7556 Factory Produced New Model P P P Xerox® AltaLink® C8030/C8035/ C8045/C8055/C8070 P P P P10 P P P10 Xerox® Color C60/C70 Printer P P P P P Xerox® PrimeLink C9065/C9070 Printer12 P13 P P P11 P P Xerox® WorkCentre® EC7836/EC7856 P P P INDUSTRY CERTIFICATIONS 1 These products are Citrix Ready when using either the Xerox® Global Print Driver®, the product native print driver or the Citrix universal driver; 2 Device is compliant / tested, but has not been formerly certified. 3 Xerox B215 Multifunction Printer only; 4 XenApp 5.0 and up; 5 DN configuration only; 6 Requires optional wireless network adapter; 7 All products certified in the U.S. EPEAT-certified products vary by country in Belgium, Canada, Denmark, Finland, France, Germany, Holland, Luxembourg, Norway, Sweden, Switzerland and the U.K. Visit www.epeat.net for information regarding country-specific EPEAT certifications; 8 Xerox® WorkCentre® 3345 only; 9 Xerox® AltaLink® B8065/B8075/B8090 only; 10 Xerox® AltaLink® C8030 220V not Energy Star® or EPEAT® certified; 11 Certification in progress; 12 Xerox Integrated Server; 13 Undergoing evaluation.448 of 1132 453 INDUSTRY CERTIFICATIONS PRINT DRIVER / SERVER ENVIRONMENT CERTIFICATIONS Microsoft® WHQL Certification Windows Hardware Quality Labs testing involves running a series of tests on third- party hardware or software, and then submitting the log files from these tests to Microsoft for review. Xerox® products that are Windows Hardware Quality Labs (WHQL) certified comply with Microsoft standards and ensure seamless compatibility with Microsoft Windows environments. Citrix® Certification Citrix Systems is an American multinational software and services company that specializes in virtualization and remote access software for delivering applications over a network and the Internet. Xerox is part of the Citrix ready program, which allows vendors to perform a self evaluation of its product against a set of metrics outlined by Citrix. Once the product passes certification, Xerox pays an annual fee for having its certified products listed on the Citrix website as well as the right to use its logo. This certification ensures that a product using Citrix software will function as expected in a remote environment. IPv6 Ready Internet Protocol version 6 (IPv6) is a relatively new protocol for routing network traffic and identifying network-connected devices. IPv6 will be phased in over many years as the next- generation replacement for the global IPv4 standard. Because printers and multifunction printers comprise a sizable percentage of the world’s networked devices, Xerox is transitioning its products’ capabilities to be IPv6-compatible. Bonjour® Bonjour is Apple Inc.’s trade name for its implementation of zero-configuration networking, a service discovery protocol. Bonjour enables automatic discovery of devices such as printers, other computers, and the services that those devices offer on IP networks using industry standard IP protocols. Google Cloud Print™ Google Cloud Print is a simple mobile printing solution for mobile workers that can’t count on having access to the same printer or MFP all the time; or do not have the appropriate print driver software for the printer or MFP that is available. Google Cloud Print enabled printers and MFPs allow mobile workers to securely and directly connect and register with the Google Cloud Print service, so it’s always available. No need to install and maintain print drivers or additional software. Mopria® Mopria is an acronym derived from the Mobile Print Alliance. The charter of this alliance of printer manufacturers is to create simple wireless printing from smartphones, tablets, and other mobile devices. Mopria printing does not require any driver installation or software download on these devices. Mopria Print functionality will be embedded in phones, tablets or other mobile devices and there is no set-up required. When mobile device users have access to a Mopria-certified printer, they will be able to effortlessly discover and print to this printer. Mopria will be initially supported for users of Android™ Kit Kat (4.4)-based devices using a free plug-in available in the Google Play™ store. Wi-Fi Direct Certification This certification lets you print from your mobile device without having to connect to a network. Adding the optional wireless USB adapter enables this connection, and allows for both an Ethernet connection and Wi-Fi Direct connection to be enabled at the same time. Apple® AirPrint Apple AirPrint is a driverless printing technology and was introduced with iOS® version 4.2 in November 2010. It enables Apple iOS devices including the iPhone®, iPad®, iPod touch®, and even Mac OS® X computers to print with no need to install drivers or download software. AirPrint uses well-established, familiar technologies already in use today, such as Bonjour, IPP, PDF and JPEG. AirPrint will likely continue to evolve to add new features and functionality, however, the basic operation of AirPrint will remain constant, in that it requires only a few steps to ensure it works as it was designed to do. APPLICATION CERTIFICATIONS Cerner Certification Cerner is the leading U.S. supplier of healthcare information technology solutions that optimize clinical and financial outcomes. Around the world, health organizations ranging from single-doctor practices to entire countries turn to Cerner for their powerful yet intuitive solutions. Cerner offers clients a dedicated focus on healthcare, an end- to-end solution and service portfolio, and proven market leadership. Xerox pays Cerner for product certification, which is a 6-8 week process after the product is received in Kansas City. Once certified, Cerner lists the product on its internal customer website and sends Xerox a certificate. This certification allows Xerox to participate in customer bids where Cerner Certification is a requirement. Xerox also provides a product, including all supplies and service, to Cerner until that product is at end of life. Cerner Certification is important to a customer’s IT staff as this allows them the comfort of having 24/7 support 365 days a year, through the Cerner help desk. Cerner provides this support as part of their HIS package. For example, a hospital can call and report a downed printer in the Emergency Room at 3 a.m. and receive remote support for that printer. On June 20, 2012, Medical Information Technology, Inc. (MEDITECH) published a statement concerning changes to its printer testing program. This statement read in part “Going forward, MEDITECH will no longer be testing laser printers. If a laser printer uses the PCL-5, 5c or 5e language, it will work with MEDITECH and will therefore be supported. All other types of printers (dot matrix, barcode) will still be tested by MEDITECH.” As a courtesy to our customers, Xerox has printed and tested the consistency of MEDITECH-provide files from laser printers using PCL 6 with equivalent output from previously certified laser printers using PCL 5. Xerox has substantiated output consistency for printers using PCL 6.449 of 1132 454 MEDITECH Certification Medical Information Technology, Inc. (MEDITECH) is a leading provider of integrated software solutions for healthcare organizations worldwide. This certification validates that Xerox® devices are fully compatible with MEDITECH’s MAGIC operating system: a health information system that provides a structured and easy-to-use programming language to more than 1,500 healthcare organizations worldwide. With this certification Xerox continues to achieve noteworthy healthcare industry praise for its award-winning line of devices and it allows Xerox to participate in customer bids where MEDITECH Certification is a requirement. These certified devices are then fully supported by MEDITECH help desk technicians 24/7, 365 days a year, giving their clients and ours the assurance that support will be available at all times. SAP Certification Xerox, together with SAP through our Gold-level membership in the SAP Printer Vendor Program, provides seamless connectivity between SAP systems and your Xerox® printers and MFPs. And as an SAP customer you benefit from having SAP- certified Xerox® device types available right from SAP’s online delivery model. Whether you are using an existing Xerox® product or plan to upgrade, you can be assured that you will have printing continuity within your SAP environment. You also have the peace of mind knowing that you can contact SAP for support regarding any device type issues. And Xerox has a direct link to SAP that allows us to keep our device types current and in line with SAP release updates. SAP-certified device types are available for the legacy R/3 system and newer ERP releases all the way up to current SAP offerings. SECURITY CERTIFICATIONS Common Criteria Certification Common Criteria Certification provides independent, objective validation of the reliability, quality, and trustworthiness of IT products. It is a standard that customers can rely on to help them make informed decisions about their IT purchases. Common Criteria (aka ISO 15408) sets specific information assurance goals, including strict levels of integrity, confidentiality, and availability for systems and data, accountability at the individual level, and assurance that all goals are met. Common Criteria Certification is a requirement for hardware and software devices used by the federal government on national security systems. FIPS 140-2 All hardware and software components that are used by government and other key industries for the purpose of collecting, storing, transferring, sharing and disseminating sensitive but unclassified information are required to be FIPS 140-2 certified. FIPS 140 is a series of coordinated requirements issued by the National Institute of Standards and Technology (NIST) to validate the product’s level of security depending on its intended use. McAfee® Security Built-in McAfee security provides protection against intrusion from within Xerox® MFPs built on Xerox® ConnectKey® Technology. Two levels of protection are offered. McAfee Enhanced Security is standard and allows only an approved, predefined list of applications, code and software files to run on the device. This McAfee agent is Xerox factory installed and it monitors in the background for any changes to Xerox factory default system applications used to operate the device. McAfee Integrity Control is an optional, commercial application that supports a higher level of whitelisting and change control or dynamic whitelisting. This protects the device’s executable files from tampering and identifies trusted sources, controls what can change, who can change and when it can change. ENVIRONMENTAL COMPLIANCE ENERGY STAR® With the goals of reducing energy consumption and greenhouse gas emission, ENERGY STAR is a voluntary program sponsored by the United States Environment Protection Agency. Products carrying the label are certified for matching or beating federal energy conservation standards. Blue Angel Based in Germany, Blue Angel was the world’s first certification for environmental friendliness. Its purposes are to promote ecological awareness and to guide environmentally conscious consumers to the most ecologically sound products. ECOLOGO® Canada’s ECOLOGO certification is especially stringent. This program mandates strict environmentally conscious requirements must be met throughout the life-cycle of the product, and it must also meet performance requirements when compared to its closest alternatives. EPEAT® EPEAT (multiple countries) is a global registry for environmentally friendly electronics for purchasers, manufacturers, resellers and others wanting to find and promote environmentally preferable products. EPEAT uses a self-declaration and rigorous verification system to ensure the products conform to the established criteria. Once products are added to the registry, EPEAT may use independent experts to verify that the products meet the selected criteria as claimed. All Xerox® products listed in this document are EPEAT-certified in the U.S. Various products are also certified in additional countries. For more information, go to www.epeat.net. INDUSTRY CERTIFICATIONS ©2020 Xerox Corporation. All rights reserved. Xerox®, AltaLink®, Global Print Driver®, Phaser®, PrimeLink® VersaLink® and WorkCentre® are trademarks of Xerox Corporation in the United States and/or other countries. Mopria® is a trademark of the Mopria Alliance. The information in this document is subject to change without notice. 10/19 PN03751 BR27024 XOGFS-14UT450 of 1132 455 Xerox App Gallery Business Cloud Storage Communication 451 of 1132 456 I I Connect for Concur Xerox Corporation • I Connect for Ne1Suite Xerox Corporation m Connect for XMPie Xerox Corporation Free .. ET-Badge EtiQube Scanning App for DocuShare Xerox Corporation Free ,L"\.. Connect 2.0 for Box c.:.......J J Xerox Corporation -------~ Connect 2.0 for J Microsoft OneDrive . Xerox Corporation -------~ CloudFax Connector Cl•ud Fax JustTech \ j B Email Connect JustTech Free • Connect for DocuSign Xerox Corporation Connect for Sage sage Accounting ' Accounting j Xerox Corporation • Ecobox DE DK Fl UK SE TBC Solutions j MC Counter MC System srl 1"2,-, Yooz Connect Free ® e-Cervo YQf)~~ j Free I f I ,nnectforExchange Online Xerox Corporation • Connect For Salesforce App , J Xerox Corporation ' - Ecobox France TBC Solutions QuickBooks Online Xerox Corporation Yooz Connect "' e-Cervo Connect 2.0 for Google Drive Connect 2.0 for Microsoft Office 365 Xerox Corporation II ~ ~ Xerox Corporation Connect For Evernote Xerox Corporation Connect for RMail Xerox Corporation ET-Survey EtiQube @Gold Fax by GoldFax eGoldFax Connector JustTech Mywork Digital Communication MyWorkPlatform Education Legal Medical Mobile Solutions 452 of 1132 457 • Book2Go e-dox AG [I Remark Test Grad ing Xerox Corporation I General Ask fAsk Xerox Emirates L.L.C. M J Free ------- OVH Fax Pro • J '""''""""' VJ · Xerox Note Converter T V Xerox Corporation ) • Connect for Clio Xerox Corporation I • Connect for Blackboard Xerox Corporation . m Xerox Proofreader Xerox Corporation ✓ J • Billboa rd Lite Vision-e Scan to Zoho TBC Solutions Xerox Translate and Print Xerox Corporation J Connect for iManage Xerox Corporation :11!,vv,,,u,,. I Connect for Moodie ~ Xerox Corporation Billboard Pro Vision -e .... I Xerox Audio Documents ~ Xerox Corporation Ce pB HCHa~ op ram13au= Xerox Russia Free Ii I arox ® Auto-Redaction Xerox Corporation Slhaf"1e P ·ati ent I nf,o irm a t i o ,n Xerox Corporation Free @PrintByXerox Xerox Corporation Free QR Code Xerox Corporation Free Productivity Utilities 453 of 1132 458 ■ ■■ ■ J ■ J J AIDA m Amazon WorkDocs Technolog~ & Cognition LAB MyWorkPlatform Forms Manager IEI Helpdesk Connector Xerox Corporation Xerox Russia Free Mywork E-Sign E:I Quicklink MyWorkPlatform Xerox Corporation Free Support Assistant 3.0 Xerox Corporation Free • • CapturePoint XAG (! J Process Fusion Inc. • TBC Knowledge Management ~MDRL MyWorkPlatform ~ Wetransfer Xerox® App Gallery Xerox Corporation Free Xerox Accessibility Section 508 Conformance Report Voluntary Product Accessibility Template® (VPAT®) V2.0 Xerox® VersaLink® C7020/C7025/C7030 MFP Learn more about Xerox and Section 508 at our website: www.xerox.com/Section508 Summary Table – Voluntary Product Accessibility Template® (VPAT®) Criteria Conformance Level Remarks and explanations Chapter 3: Functional Performance Criteria Supports The product is compliant with Chapter 3 Chapter 4: Hardware Supports with exceptions Compliant with minor exceptions concerning volume and input controls Chapter 5: Software Not applicable The product does not support the software criteria set forth Chapter 6: Support Documentation and Services Supports The centralization of documentation, training, and support services for most Xerox products allows us to achieve compliance across the corporation. Software Version Evaluated: 1.11.12 Driver SW.version:5.528.5.0 Accessories Included in Evaluation: external keyboard, narrator (inbuilt in windows), and headset Evaluation Methods Used: testing based on general product knowledge, similar to another evaluated product, and testing with assistive technologies 454 of 1132 459 01/31/18 2 of 6 Chapter 3: Functional Performance Criteria (FPC) Criteria Conformance Level Remarks and explanations 302.1 Without Vision Supports Person without vision can make use of the rocker switch behind the door to power on/off the machine. Also, supported with XCA as the speech output can be directed to the individuals 302.2 With Limited Vision Supports Person with limited vision is able to perform all the operations available based on limited vision of 20/70 302.3 Without Perception of Color Supports At least one mode of operation that does not require 302.4 Without Hearing Supports One mode of operation that does not require user hearing is available 302.5 With Limited Hearing Supports One mode of operation that does not require user limited hearing is available 302.6 Without Speech Not applicable Speech is not required for this product 302.7 With Limited Manipulation Supports Fine motor control is for where adjustment is associated with things like dials and sliders. Where sliders are used to adjust things like copy darkness/lightness the slider will work as a single touch as well as touch and slide, therefore can be considered to support, as it does not require fine motor control. Input of destination can be via preconfigured selection from address book – no need to type in destination. 302.8 With Limited Reach and Strength Supports At least one mode of operation that does not require limited reach and limited strength is available 302.9 With limited Language, Cognitive, and Learning Abilities Supports Features are provided for individuals with limited cognitive, language, and learning abilities for simpler and easier use Chapter 4: Hardware Criteria Conformance Level Remarks and explanations 402 Closed Functionality 402.1 General 402.2 Speech-Output Enabled 402.2.1 Information Displayed On- Screen Not applicable This product does not have a display screen 402.2.2 Transactional Outputs Not applicable There is no speech output 402.2.3 Speech Delivery Type and Coordination Not applicable There is no speech output 402.2.4 User Control Not applicable There is no voice output. 402.2.5 Braille Instructions Not applicable There is no speech output 402.3 Volume 402.3.1 Private Listening Not applicable There is no voice output. 402.3.2 Non-private Listening Not applicable There is no voice output. 402.4 Characters on Display Screens Supports with exceptions All text is sans serif but text is 4mm 455 of 1132 460 01/31/18 3 of 6 Criteria Conformance Level Remarks and explanations 402.5 Characters on Variable Message Signs Not applicable Device does not employ variable message signs as defined in section 7, which relates to signage such as exit signs. 403 Biometrics 403.1 General Not applicable Biometric forms are not used. 404 Preservation of Information Provided for Accessibility 404.1 General Not applicable The device does not transmit or conduct information or communication. 405 Privacy 405.1 General Supports The product provides same degree of privacy of input and output for all users 406 Standard Connections 406.1 General Supports The data connections are such as fax line. Internet cable are industry standard formats 407 Operable Parts 407.2 Contrast Supports Characters and symbols is contrast visually from background surfaces with either light characters on a dark background. 407.3 Input Controls 407.3.1 Tactilely Discernible Supports Touch screen is not tactilely discernable. Power control is discernable based on using the rocker switch behind door. UI controls are discernable for power (home button can by differentiated compared to power button) 407.3.2 Alphabetic Keys Not applicable The product does not include any mechanically operated controls or keys 407.3.3 Numeric Keys Not applicable A 12-key ascending or descending keypad layout is not provided. 407.4 Key Repeat Not applicable Key repeat is not supported. 407.5 Timed Response Supports with exceptions Alert message appears visually in the LUI to provide the timed response but not by sound. 407.6 Operation Supports Operations which are available with the printer are easy to operate without any difficulties. 407.7 Tickets, Fare Cards, and Keycards Not applicable Tickets, Fare card or keycard is not used in product 407.8 Reach Height and Depth 407.8.1 Vertical Reference Plane Supports At least one of each type of operable part of stationary ICT at a height conforming to 407.8.2 or 407.8.3 is available 407.8.1.1 Vertical Plane for Side Reach Supports Where a side reach is provided, the vertical reference plane is 48 inches (1220 mm) long minimum. 456 of 1132 461 01/31/18 4 of 6 Criteria Conformance Level Remarks and explanations 407.8.1.2 Vertical Plane for Forward Reach. Supports Where a forward reach is provided, the vertical reference plane is 30 inches (760 mm) long minimum 407.8.2 Side Reach Supports Where a side reach requires a reach over a portion of the ICT, the height of that portion of the ICT is 34 inches (865 mm) maximum. 407.8.2.1 Unobstructed Side Reach Supports Where the operable part is located 10 inches (255 mm) or less beyond the vertical reference plane, the operable part is 48 inches (1220 mm) high maximum and 15 inches (380 mm) high minimum above the floor. 407.8.2.2 Obstructed Side Reach Supports All operable controls are within specification. 407.8.3 Forward Reach Supports Where a forward reach allows a reach over a portion of the ICT, the height of that portion of the ICT shall be 34 inches (865 mm) maximum 407.8.3.1 Unobstructed Forward Reach Supports The operable part is 48 inches (1220 mm) high maximum and 15 inches (380 mm) high minimum above the floor 407.8.3.2 Obstructed Forward Reach Supports Supports maximum allowable forward reach to an operable part is 25inches 407.8.3.2.1 Operable Part Height for ICT with Obstructed Forward Reach Supports All operable parts are within specification 407.8.3.2.2 Knee and Toe Space under ICT with Obstructed Forward Reach Not applicable No obstructed forward reach. 408 Display Screens 408.2 Visibility Supports The printers LUI is adjustable up and down so user is able to view the screen even if it is 40 inches above the floor. 408.3 Flashing Supports The power key LED conforms 409 Status Indicators 409.1 General Supports Status indicators are provided visually and by sound 410 Color Coding 410.1 General Supports Jam zones are identified by number as well as color 411 Audible Signals 411.1 General Supports Audible signal ex. Job completion gives an audio signal and also gives in text message in LUI 412 ICT with Two-Way Voice Communication 412.2 Volume Gain 412.2.1 Volume Gain for Wireline Telephones Not applicable This product does not use analog or digital wireline telephones. 457 of 1132 462 01/31/18 5 of 6 Criteria Conformance Level Remarks and explanations 412.2.2 Volume Gain for Non- Wireline ICT Not applicable The device does not support bi-directional voice communication over a telephone line. 412.3 Interference Reductions and Magnetic Coupling 412.3.1 Wireless Handsets Not applicable The product does not produce electromagnetic fields. 412.3.2 Wireline Handsets Not applicable The product does not produce electromagnetic fields. 412.4 Digital Encoding of Speech Not applicable This product does not support digital encoding of speech 412.5 Real-time Text Functionality Not applicable Real-time text functionality is not present. 412.6 Called ID Not applicable Caller ID and/or similar telecommunications are not present. 412.7 Video Communication Not applicable The product is not a video or multi-media product. 413 Closed Caption Processing Technologies 413.1.1 Decoding and Display of Closed Captions Not applicable The product is not a video or multi-media product. 413.1.2 Pass-Through of Closed Caption Data Not applicable The device does not transmit or conduct information or communication. 414 Audio Description Processing Technologies 414.1.1 Digital Television Tuners Not applicable The product is not a video or multi-media product. 414.1.2 Other ICT Not applicable The product is not a video or multi-media product. 415 User Controls for Captions and Audio Descriptions 415.1.1 Caption Controls Not applicable The product is not a video or multi-media product. 415.1.2 Audio Description Controls Not applicable The product is not a video or multi-media product. Chapter 6 Support Documentation and Services Criteria Conformance Level Remarks and explanations 601.1 Scope 602 Support Documentation 602.2 Accessibility and Compatibility Features Supports XCA is provided to the customer with the user guide 602.3 Electronic Support Documentation Supports W ebsite provides guide to use the device 602.4 Alternate Formats for Non-Electronic Support Documentation Supports User guide is provided as an E-book to the customer 603 Support Services 603.2 Information on Accessibility and Compatibility Features Supports XCA is provided to the customer with the user guide 458 of 1132 463 01/31/18 6 of 6 Criteria Conformance Level Remarks and explanations 603.3 Accommodation of Communication Needs Not applicable Customer support service contact details are available in the user guide and also on the website. Specific support for persons with disabilities not provided What is the Voluntary Product Accessibility Template (VPAT)? The purpose of the Voluntary Product Accessibility Template is to assist Federal contracting officials in making preliminary assessments regarding the availability of commercial Electronic and Information Technology products and services with features that support accessibility. The first table of the Template provides a summary view of the Section 508 Standards. The subsequent tables provide more detailed views of each subsection. There are three columns in each table. In the subsequent tables, the first column contains the numbered paragraphs of the subsections. The second column describes the supporting features of the product with regard to that paragraph. The third column contains any additional remarks and explanations regarding the product. For additional information on these and other accessories, contact your Xerox sales representative or call 1-800-ASK- XEROX (1-800-275-9376). © 2017 Xerox Corporation. All rights reserved. Xerox®, Xerox and Design®, and VersaLink® are trademarks of Xerox Corporation in the United States and/or other countries. BR22162 Other company trademarks are also acknowledged. Document Version: 1.0 (January 2017). Voluntary Product Accessibility Template® and VPAT® are registered service marks of the Information Technology Industry Council (ITI). 459 of 1132 464 Xerox Accessibility Section 508 Conformance Report Voluntary Product Accessibility Template® (VPAT®) V2.0 Xerox® VersaLink® B7025/B7030/B7035 MFP Learn more about Xerox and Section 508 at our website: www.xerox.com/Section508 Summary Table – Voluntary Product Accessibility Template® (VPAT®) Criteria Conformance Level Remarks and explanations Chapter 3: Functional Performance Criteria Supports The product is compliant with Chapter 3 Chapter 4: Hardware Supports with exceptions Compliant with a minor exception concerning input controls, status indicators, and volume Chapter 5: Software Not applicable The product does not support the software criteria set forth Chapter 6: Support Documentation and Services Supports The centralization of documentation, training, and support services for most Xerox products allows us to achieve compliance across the corporation Software Version Evaluated: Firmware version:1.10.9 Accessories Included in Evaluation: none Evaluation Methods Used: Testing based on general product knowledge and similar to another evaluated product 460 of 1132 465 01/26/18 2 of 6 Chapter 3: Functional Performance Criteria (FPC) Criteria Conformance Level Remarks and explanations 302.1 Without Vision Supports At least one mode of operation that does not require user vision is available 302.2 With Limited Vision Supports At least one mode of operation that enables users to make use of limited vision is available 302.3 Without Perception of Color Supports At least one mode of operation that does not require user perception of color is available 302.4 Without Hearing Supports One mode of operation that does not require user hearing is available 302.5 With Limited Hearing Supports One mode of operation that does not require user limited hearing is available 302.6 Without Speech Not applicable Speech is not required for this product 302.7 With Limited Manipulation Supports At least one mode of operation that does not require fine motor control or simultaneous manual operations is available 302.8 With Limited Reach and Strength Supports At least one mode of operation that does not require limited reach and limited strength is available 302.9 With limited Language, Cognitive, and Learning Abilities Supports Features are provided for individuals with limited cognitive, language, and learning abilities for simpler and easier use Chapter 4: Hardware Criteria Conformance Level Remarks and explanations 402 Closed Functionality 402.1 General 402.2 Speech-Output Enabled 402.2.1 Information Displayed On- Screen Not applicable This product does not have a display screen 402.2.2 Transactional Outputs Not applicable There is no transactional output 402.2.3 Speech Delivery Type and Coordination Not applicable There is no speech output 402.2.4 User Control Not applicable There is no voice output 402.2.5 Braille Instructions Not applicable There is no speech output 402.3 Volume 402.3.1 Private Listening Not applicable There is no voice output 402.3.2 Non-private Listening Not applicable There is no voice output 402.4 Characters on Display Screens Supports with exceptions At least one mode of characters displayed on the screen is in sans serif font is available but text is 4mm 402.5 Characters on Variable Message Signs Not applicable This product does not have variable message signs 403 Biometrics 461 of 1132 466 01/26/18 3 of 6 Criteria Conformance Level Remarks and explanations 403.1 General Not applicable Biometric forms are not used 404 Preservation of Information Provided for Accessibility 404.1 General Not applicable The device does not transmit or conduct information or communication 405 Privacy 405.1 General Supports The same degree of privacy of input and output is provided to all individuals 406 Standard Connections 406.1 General Supports At least one type of connection (fax line and internet cable) conform to industry standard non-priority format 407 Operable Parts 407.2 Contrast Supports The product provides keys and controls with contrast visually from background surfaces 407.3 Input Controls 407.3.1 Tactilely Discernible Supports Input controls are operable by touch and tactilely discernible without activation 407.3.2 Alphabetic Keys Not applicable The product does not include any mechanically operated controls or keys 407.3.3 Numeric Keys Not applicable A 12-key ascending or descending keypad layout is not provided 407.4 Key Repeat Not applicable Key repeat is not supported 407.5 Timed Response Supports with exceptions Alert provided only visually but not by sound 407.6 Operation Supports Controls do not require simultaneous use of two hands, and the force to activate hand-operated controls is less than 5 lbs 407.7 Tickets, Fare Cards, and Keycards Not applicable Tickets, Fare card or keycard is not used in product 407.8 Reach Height and Depth 407.8.1 Vertical Reference Plane Supports At least one of each type of operable part of stationary ICT at a height conforming to 407.8.2 or 407.8.3 is available 407.8.1.1 Vertical Plane for Side Reach Supports Where a side reach is provided, the vertical reference plane is 48 inches (1220 mm) long minimum 407.8.1.2 Vertical Plane for Forward Reach. Supports Where a forward reach is provided, the vertical reference plane is 30 inches (760 mm) long minimum 407.8.2 Side Reach Supports Where a side reach requires a reach over a portion of the ICT, the height of that portion of the ICT is 34 inches (865 mm) maximum 407.8.2.1 Unobstructed Side Reach Supports Where the operable part is located 10 inches (255 mm) or less beyond the vertical reference plane, the operable part is 48 inches (1220 mm) high maximum 462 of 1132 467 01/26/18 4 of 6 Criteria Conformance Level Remarks and explanations and 15 inches (380 mm) high minimum above the floor 407.8.2.2 Obstructed Side Reach Supports All operable controls are within specification 407.8.3 Forward Reach Supports Where a forward reach allows a reach over a portion of the ICT, the height of that portion of the ICT shall be 34 inches (865 mm) maximum 407.8.3.1 Unobstructed Forward Reach Supports The operable part is 48 inches (1220 mm) high maximum and 15 inches (380 mm) high minimum above the floor 407.8.3.2 Obstructed Forward Reach Supports Supports maximum allowable forward reach to an operable part is 25inches 407.8.3.2.1 Operable Part Height for ICT with Obstructed Forward Reach Supports All operable parts are within specification 407.8.3.2.2 Knee and Toe Space under ICT with Obstructed Forward Reach Not applicable There are no operable controls 408 Display Screens 408.2 Visibility Supports At least one display screen is visible from a point located 40inces above floor space 408.3 Flashing Supports This product supports no more than three flashes in any one-second period 409 Status Indicators 409.1 General Supports Status indicators are discernible visually and by touch or sound 410 Color Coding 410.1 General Supports Color coding and additional means of unique identification (e.g., text and symbols) are used 411 Audible Signals 411.1 General Supports Audible signals and additional means of unique identification (e.g., cues) are used 412 ICT with Two-Way Voice Communication 412.2 Volume Gain 412.2.1 Volume Gain for Wireline Telephones Not applicable This product does not use analog or digital wireline telephones 412.2.2 Volume Gain for Non- Wireline ICT Not applicable The device does not support bi-directional voice communication over a telephone line 412.3 Interference Reductions and Magnetic Coupling 412.3.1 Wireless Handsets Not applicable The product does not produce electromagnetic fields 412.3.2 Wireline Handsets Not applicable The product does not produce electromagnetic fields 412.4 Digital Encoding of Speech Not applicable This product does not support digital encoding of speech 412.5 Real-time Text Functionality Not applicable This product does not support real-time functionality 412.6 Called ID Not applicable Caller ID and/or similar telecommunications are not present 463 of 1132 468 01/26/18 5 of 6 Criteria Conformance Level Remarks and explanations 412.7 Video Communication Not applicable The product is not a video or multi-media product 413 Closed Caption Processing Technologies 413.1.1 Decoding and Display of Closed Captions Not applicable The product is not a video or multi-media product 413.1.2 Pass-Through of Closed Caption Data Not applicable The device does not transmit or conduct information or communication 414 Audio Description Processing Technologies 414.1.1 Digital Television Tuners Not applicable The product is not a video or multi-media product 414.1.2 Other ICT Not applicable The product is not a video or multi-media product 415 User Controls for Captions and Audio Descriptions 415.1.1 Caption Controls Not applicable The product is not a video or multi-media product 415.1.2 Audio Description Controls Not applicable The product is not a video or multi-media product Chapter 6 Support Documentation and Services Criteria Conformance Level Remarks and explanations 601.1 Scope 602 Support Documentation 602.2 Accessibility and Compatibility Features Supports XCA is provided to the customer with the user guide 602.3 Electronic Support Documentation Supports W ebsite provides user guide 602.4 Alternate Formats for Non-Electronic Support Documentation Supports User guide is provided as an E-book to the customer 603 Support Services 603.2 Information on Accessibility and Compatibility Features Supports XCA is provided to the customer with the user guide 603.3 Accommodation of Communication Needs Not applicable Customer support service contact details are available in the user guide and also on website. Specific support for persons with disability is not provided 464 of 1132 469 01/26/18 6 of 6 What is the Voluntary Product Accessibility Template (VPAT)? The purpose of the Voluntary Product Accessibility Template is to assist Federal contracting officials in making preliminary assessments regarding the availability of commercial Electronic and Information Technology products and services with features that support accessibility. The first table of the Template provides a summary view of the Section 508 Standards. The subsequent tables provide more detailed views of each subsection. There are three columns in each table. In the subsequent tables, the first column contains the numbered paragraphs of the subsections. The second column describes the supporting features of the product with regard to that paragraph. The third column contains any additional remarks and explanations regarding the product. For additional information on these and other accessories, contact your Xerox sales representative or call 1-800-ASK- XEROX (1-800-275-9376). © 2017 Xerox Corporation. All rights reserved. Xerox® and Xerox and Design® are trademarks of Xerox Corporation in the United States and/or other countries. BR22162 Other company trademarks are also acknowledged. Document Version: 1.0 (January 2017). Voluntary Product Accessibility Template® and VPAT® are registered service marks of the Information Technology Industry Council (ITI). 465 of 1132 470 Xerox Accessibility Section 508 Conformance Report Voluntary Product Accessibility Template® (VPAT®) V2.0 Xerox® VersaLink® B405 MFP Learn more about Xerox and Section 508 at our website: www.xerox.com/Section508 Summary Table – Voluntary Product Accessibility Template® (VPAT®) Criteria Conformance Level Remarks and explanations Chapter 3: Functional Performance Criteria Supports The product is compliant with Chapter 3. Chapter 4: Hardware Supports with exceptions Compliant with minor exceptions concerning volume, input controls, and status indicators Chapter 5: Software Not applicable The product does not support the software criteria set forth Chapter 6: Support Documentation and Services Supports The centralization of documentation, training, and support services for most Xerox products allows us to achieve compliance across the corporation. Software Version Evaluated: Firmware version: 1.0.15 Evaluation Methods Used: Testing based on general product knowledge, similar to another evaluated product 466 of 1132 471 02/02/18 2 of 6 Chapter 3: Functional Performance Criteria (FPC) Criteria Conformance Level Remarks and explanations 302.1 Without Vision Supports At least one mode of operation that does not require user vision is available 302.2 With Limited Vision Supports At least one mode of operation that enables users to make use of limited vision is available 302.3 Without Perception of Color Supports At least one mode of operation that does not require user perception of color is available 302.4 Without Hearing Supports One mode of operation that does not require user hearing is available 302.5 With Limited Hearing Supports One mode of operation that does not require user limited hearing is available 302.6 Without Speech Not applicable Speech is not required for this product 302.7 With Limited Manipulation Supports At least one mode of operation that does not require fine motor control or simultaneous manual operations is available 302.8 With Limited Reach and Strength Supports At least one mode of operation that does not require limited reach and limited strength is available 302.9 With limited Language, Cognitive, and Learning Abilities Supports Features are provided for individuals with limited cognitive, language, and learning abilities for simpler and easier use Chapter 4: Hardware Criteria Conformance Level Remarks and explanations 402 Closed Functionality 402.1 General 402.2 Speech-Output Enabled 402.2.1 Information Displayed On- Screen Not applicable This product does not have a display screen 402.2.2 Transactional Outputs Not applicable There is no transactional output 402.2.3 Speech Delivery Type and Coordination Not applicable There is no speech output 402.2.4 User Control Not applicable There is no voice output. 402.2.5 Braille Instructions Not applicable There is no speech output 402.3 Volume 402.3.1 Private Listening Not applicable There is no voice output. 402.3.2 Non-private Listening Not applicable There is no voice output. 402.4 Characters on Display Screens Supports with exceptions All text is Sans Serif but text is 4mm 402.5 Characters on Variable Message Signs Not applicable This product does not have variable message signs 403 Biometrics 467 of 1132 472 02/02/18 3 of 6 Criteria Conformance Level Remarks and explanations 403.1 General Not applicable Biometric forms are not used. 404 Preservation of Information Provided for Accessibility 404.1 General Not applicable The device does not transmit or conduct information or communication. 405 Privacy 405.1 General Supports The same degree of privacy of input and output is provided to all individuals 406 Standard Connections 406.1 General Supports At least one type of connection conform to industry standard non-priority format. 407 Operable Parts 407.2 Contrast Supports The product provides keys and controls with contrast visually from background surfaces 407.3 Input Controls 407.3.1 Tactilely Discernible Supports Input controls are operable by touch and tactilely discernible without activation. 407.3.2 Alphabetic Keys Not applicable The product does not include any mechanically operated controls or keys 407.3.3 Numeric Keys Not applicable A 12-key ascending or descending keypad layout is not provided. 407.4 Key Repeat Not applicable Key repeat is not supported. 407.5 Timed Response Supports with exceptions Alert message appears visually in the LUI to provide the timed response but not by sound 407.6 Operation Supports Controls do not require simultaneous use of two hands, and the force to activate hand-operated controls is less than 5 lbs. 407.7 Tickets, Fare Cards, and Keycards Not applicable Tickets, Fare card or keycard is not used in product 407.8 Reach Height and Depth 407.8.1 Vertical Reference Plane Supports At least one of each type of operable part of stationary ICT at a height conforming to 407.8.2 or 407.8.3 is available 407.8.1.1 Vertical Plane for Side Reach Supports Where a side reach is provided, the vertical reference plane is 48 inches (1220 mm) long minimum. 407.8.1.2 Vertical Plane for Forward Reach. Supports Where a forward reach is provided, the vertical reference plane is 30 inches (760 mm) long minimum 407.8.2 Side Reach Supports Where a side reach requires a reach over a portion of the ICT, the height of that portion of the ICT is 34 inches (865 mm) maximum. 407.8.2.1 Unobstructed Side Reach Supports Where the operable part is located 10 inches (255 mm) or less beyond the vertical reference plane, the operable part is 48 inches (1220 mm) high maximum and 15 inches (380 mm) high minimum above the floor. 468 of 1132 473 02/02/18 4 of 6 Criteria Conformance Level Remarks and explanations 407.8.2.2 Obstructed Side Reach Supports All operable controls are within specification. 407.8.3 Forward Reach Supports Where a forward reach allows a reach over a portion of the ICT, the height of that portion of the ICT shall be 34 inches (865 mm) maximum 407.8.3.1 Unobstructed Forward Reach Supports The operable part is 48 inches (1220 mm) high maximum and 15 inches (380 mm) high minimum above the floor 407.8.3.2 Obstructed Forward Reach Supports Supports maximum allowable forward reach to an operable part is 25inches 407.8.3.2.1 Operable Part Height for ICT with Obstructed Forward Reach Supports All operable parts are within specification 407.8.3.2.2 Knee and Toe Space under ICT with Obstructed Forward Reach Not applicable There are no operable controls 408 Display Screens 408.2 Visibility Supports At least one display screen is visible from a point located 40inces above floor space 408.3 Flashing Supports This product supports no more than three flashes in any one-second period. 409 Status Indicators 409.1 General Supports with exceptions Status indicators provide visual only 410 Color Coding 410.1 General Supports Color coding and additional means of unique identification (e.g., text and symbols) are used. 411 Audible Signals 411.1 General Supports Audible signals and additional means of unique identification (e.g., cues) are used. 412 ICT with Two-Way Voice Communication 412.2 Volume Gain 412.2.1 Volume Gain for Wireline Telephones Not applicable This product does not use analog or digital wireline telephones. 412.2.2 Volume Gain for Non- Wireline ICT Not applicable The device does not support bi-directional voice communication over a telephone line. 412.3 Interference Reductions and Magnetic Coupling 412.3.1 Wireless Handsets Not applicable The product does not produce electromagnetic fields. 412.3.2 Wireline Handsets Not applicable The product does not produce electromagnetic fields. 412.4 Digital Encoding of Speech Not applicable This product does not support digital encoding of speech 412.5 Real-time Text Functionality Not applicable This product does not support real-time functionality 412.6 Called ID Not applicable Caller ID and/or similar telecommunications are not present. 412.7 Video Communication Not applicable The product is not a video or multi-media product. 413 Closed Caption Processing Technologies 469 of 1132 474 02/02/18 5 of 6 Criteria Conformance Level Remarks and explanations 413.1.1 Decoding and Display of Closed Captions Not applicable The product is not a video or multi-media product. 413.1.2 Pass-Through of Closed Caption Data Not applicable The device does not transmit or conduct information or communication. 414 Audio Description Processing Technologies 414.1.1 Digital Television Tuners Not applicable The product is not a video or multi-media product. 414.1.2 Other ICT Not applicable The product is not a video or multi-media product. 415 User Controls for Captions and Audio Descriptions 415.1.1 Caption Controls Not applicable The product is not a video or multi-media product. 415.1.2 Audio Description Controls Not applicable The product is not a video or multi-media product. Chapter 6 Support Documentation and Services Criteria Conformance Level Remarks and explanations 601.1 Scope 602 Support Documentation 602.2 Accessibility and Compatibility Features Supports XCA is provided to the customer with the user guide 602.3 Electronic Support Documentation Supports W ebsite provides user guide 602.4 Alternate Formats for Non-Electronic Support Documentation Supports User guide is provided as an E-book to the customer 603 Support Services 603.2 Information on Accessibility and Compatibility Features Supports XCA is provided to the customer with the user guide 603.3 Accommodation of Communication Needs Not applicable Customer support service contact details are available in the user guide and on website. Specific support for persons with disability is not provided 470 of 1132 475 02/02/18 6 of 6 What is the Voluntary Product Accessibility Template (VPAT)? The purpose of the Voluntary Product Accessibility Template is to assist Federal contracting officials in making preliminary assessments regarding the availability of commercial Electronic and Information Technology products and services with features that support accessibility. The first table of the Template provides a summary view of the Section 508 Standards. The subsequent tables provide more detailed views of each subsection. There are three columns in each table. In the subsequent tables, the first column contains the numbered paragraphs of the subsections. The second column describes the supporting features of the product with regard to that paragraph. The third column contains any additional remarks and explanations regarding the product. For additional information on these and other accessories, contact your Xerox sales representative or call 1-800-ASK- XEROX (1-800-275-9376). © 2017 Xerox Corporation. All rights reserved. Xerox® and Xerox and Design® are trademarks of Xerox Corporation in the United States and/or other countries. BR22162 Other company trademarks are also acknowledged. Document Version: 1.0 (January 2017). Voluntary Product Accessibility Template® and VPAT® are registered service marks of the Information Technology Industry Council (ITI). 471 of 1132 476 Xerox Accessibility Section 508 Conformance Report Voluntary Product Accessibility Template® (VPAT®) V2.0 Xerox® AltaLink® C8030/35/45/55/70 MFP Learn more about Xerox and Section 508 at our website: www.xerox.com/Section508 Summary Table – Voluntary Product Accessibility Template® (VPAT®) Criteria Conformance Level Remarks and explanations Chapter 3: Functional Performance Criteria Supports The product is compliant with Chapter 3 Chapter 4: Hardware Supports with exceptions Compliant with minor exceptions concerning speech, braille, and input controls Chapter 5: Software Not applicable The product does not support the software criteria set forth Chapter 6: Support Documentation and Services Supports The centralization of documentation, training, and support services for most Xerox products allows us to achieve compliance across the corporation. Software Version Evaluated: 101.001.008 Accessories Included in Evaluation: external keyboard, narrator (inbuilt in windows), headset, and XCA Evaluation Methods Used: testing based on general product knowledge, similar to another evaluated product, and testing with assistive technologies 472 of 1132 477 01/24/18 2 of 6 Chapter 3: Functional Performance Criteria (FPC) Criteria Conformance Level Remarks and explanations 302.1 Without Vision Supports Person without vision can make use of the rocker switch behind the door to power on/off the machine. Also, supported with XCA as the speech output can be directed to the individuals 302.2 With Limited Vision Supports Person with limited vision is able to perform all the operations available based on limited vision of 20/70 302.3 Without Perception of Color Supports At least one mode of operation that does not require user perception of color is available 302.4 Without Hearing Supports One mode of operation that does not require user hearing is available 302.5 With Limited Hearing Supports One mode of operation that does not require user limited hearing is available 302.6 Without Speech Not applicable Speech is not required for this product 302.7 With Limited Manipulation Supports At least one mode of operation that does not require fine motor control or simultaneous manual operations is available 302.8 With Limited Reach and Strength Supports At least one mode of operation that does not require limited reach and limited strength is available 302.9 With limited Language, Cognitive, and Learning Abilities Supports Features are provided for individuals with limited cognitive, language, and learning abilities for simpler and easier use Chapter 4: Hardware Criteria Conformance Level Remarks and explanations 402 Closed Functionality 402.1 General 402.2 Speech-Output Enabled 402.2.1 Information Displayed On- Screen Supports Speech is enabled via XCA. However machine cannot be powered on/off via XCA. 402.2.2 Transactional Outputs Not applicable There is no transactional output 402.2.3 Speech Delivery Type and Coordination Supports Speech is enabled via XCA and can be directed to individuals via headsets. However, machine cannot be powered on/off via XCA 402.2.4 User Control Supports with exceptions Speech is enabled via XCA. However, there is no repeat and pause option 402.2.5 Braille Instructions Supports with exceptions Speech output is not supported in the machine but is via XCA. XCA is specifically set up to enable speech. Using XCA it is assumed the user is aware of the accessibility features 402.3 Volume 402.3.1 Private Listening Supports This product provides a mode of operation for controlling the volume when in private listening mode 402.3.2 Non-private Listening Supports with exceptions On / Off is not a feature of XCA. On/Off operations are 473 of 1132 478 01/24/18 3 of 6 Criteria Conformance Level Remarks and explanations done in hardware but the device does not provide speech output Speech is enabled via XCA. However, there are no volume controls in XCA." 402.4 Characters on Display Screens Supports At least one mode of characters displayed on the screen is in sans serif font is available 402.5 Characters on Variable Message Signs Not applicable This product does not have variable message signs 403 Biometrics 403.1 General Not applicable Biometric forms are not used. 404 Preservation of Information Provided for Accessibility 404.1 General Not applicable The device does not transmit or conduct information or communication. 405 Privacy 405.1 General Supports The same degree of privacy of input and output is provided to all individuals 406 Standard Connections 406.1 General Supports The data connections are fax line and internet cable and they are industry standard formats 407 Operable Parts 407.2 Contrast Supports The product provides keys and controls with contrast visually from background surfaces 407.3 Input Controls 407.3.1 Tactilely Discernible Supports Input controls are operable by touch and tactilely discernible without activation. 407.3.2 Alphabetic Keys Supports with exceptions Through external keyboard, user can enter the text for providing the email destination of the job but user will not be able to go to that ‘editable text’ field in LUI via keyboard 407.3.3 Numeric Keys Supports with exceptions Through external keyboard, user can enter the numeric values for providing the quantity of the job but user will not be able to go to that ‘quantity’ field in LUI via keyboard 407.4 Key Repeat Not applicable Key repeat is not supported. 407.5 Timed Response Supports with exceptions Alert provided only visually but not by sound 407.6 Operation Supports Controls do not require simultaneous use of two hands, and the force to activate hand-operated controls is less than 5 lbs. 407.7 Tickets, Fare Cards, and Keycards Not applicable Tickets, Fare card or keycard is not used in product 407.8 Reach Height and Depth 474 of 1132 479 01/24/18 4 of 6 Criteria Conformance Level Remarks and explanations 407.8.1 Vertical Reference Plane Supports At least one of each type of operable part of stationary ICT at a height conforming to 407.8.2 or 407.8.3 is available 407.8.1.1 Vertical Plane for Side Reach Supports Where a side reach is provided, the vertical reference plane is 48 inches (1220 mm) long minimum. 407.8.1.2 Vertical Plane for Forward Reach. Supports Where a forward reach is provided, the vertical reference plane is 30 inches (760 mm) long minimum 407.8.2 Side Reach Supports Where a side reach requires a reach over a portion of the ICT, the height of that portion of the ICT is 34 inches (865 mm) maximum. 407.8.2.1 Unobstructed Side Reach Supports Where the operable part is located 10 inches (255 mm) or less beyond the vertical reference plane, the operable part is 48 inches (1220 mm) high maximum and 15 inches (380 mm) high minimum above the floor. 407.8.2.2 Obstructed Side Reach Supports All operable controls are within specification. 407.8.3 Forward Reach Supports Where a forward reach allows a reach over a portion of the ICT, the height of that portion of the ICT shall be 34 inches (865 mm) maximum 407.8.3.1 Unobstructed Forward Reach Supports The operable part is 48 inches (1220 mm) high maximum and 15 inches (380 mm) high minimum above the floor 407.8.3.2 Obstructed Forward Reach Supports Supports maximum allowable forward reach to an operable part is 25inches 407.8.3.2.1 Operable Part Height for ICT with Obstructed Forward Reach Supports All operable parts are within specification 407.8.3.2.2 Knee and Toe Space under ICT with Obstructed Forward Reach Not applicable There are no operable controls. 408 Display Screens 408.2 Visibility Supports At least one display screen is visible from a point located 40inces above floor space 408.3 Flashing Supports The power key LED conforms 409 Status Indicators 409.1 General Supports Rocker switch provides visual and tactile feedback 410 Color Coding 410.1 General Supports Color coding and additional means of unique identification (e.g., text and symbols) are used. 411 Audible Signals 411.1 General Supports Audible signals and additional means of unique identification (e.g., cues) are used. 412 ICT with Two-Way Voice Communication 412.2 Volume Gain 412.2.1 Volume Gain for Wireline Telephones Not applicable This product does not use analog or digital wireline telephones. 412.2.2 Volume Gain for Non-Not applicable The device does not support bi-directional voice 475 of 1132 480 01/24/18 5 of 6 Criteria Conformance Level Remarks and explanations Wireline ICT communication over a telephone line. 412.3 Interference Reductions and Magnetic Coupling 412.3.1 Wireless Handsets Not applicable The product does not produce electromagnetic fields. 412.3.2 Wireline Handsets Not applicable The product does not produce electromagnetic fields. 412.4 Digital Encoding of Speech Not applicable This product does not support digital encoding of speech 412.5 Real-time Text Functionality Not applicable This product does not support real-time text functionality 412.6 Called ID Not applicable Caller ID and/or similar telecommunications are not present. 412.7 Video Communication Not applicable The product is not a video or multi-media product. 413 Closed Caption Processing Technologies 413.1.1 Decoding and Display of Closed Captions Not applicable The product is not a video or multi-media product. 413.1.2 Pass-Through of Closed Caption Data Not applicable The device does not transmit or conduct information or communication. 414 Audio Description Processing Technologies 414.1.1 Digital Television Tuners Not applicable The product is not a video or multi-media product. 414.1.2 Other ICT Not applicable The product is not a video or multi-media product. 415 User Controls for Captions and Audio Descriptions 415.1.1 Caption Controls Not applicable The product is not a video or multi-media product. 415.1.2 Audio Description Controls Not applicable The product is not a video or multi-media product. Chapter 6 Support Documentation and Services Criteria Conformance Level Remarks and explanations 601.1 Scope 602 Support Documentation 602.2 Accessibility and Compatibility Features Supports Accessibility and compatibility information is available on www.xerox.com/section508/. 602.3 Electronic Support Documentation Supports Website provides guide to the device 602.4 Alternate Formats for Non-Electronic Support Documentation Supports User guide is provided as an E-book to the customer 603 Support Services 603.2 Information on Accessibility and Compatibility Features Supports XCA is provided to the customer with the user guide 476 of 1132 481 01/24/18 6 of 6 Criteria Conformance Level Remarks and explanations 603.3 Accommodation of Communication Needs Not applicable Customer support service contact details available in the user guide and also available on website. Specific support for persons with disability not provided. What is the Voluntary Product Accessibility Template (VPAT)? The purpose of the Voluntary Product Accessibility Template is to assist Federal contracting officials in making preliminary assessments regarding the availability of commercial Electronic and Information Technology products and services with features that support accessibility. The first table of the Template provides a summary view of the Section 508 Standards. The subsequent tables provide more detailed views of each subsection. There are three columns in each table. In the subsequent tables, the first column contains the numbered paragraphs of the subsections. The second column describes the supporting features of the product with regard to that paragraph. The third column contains any additional remarks and explanations regarding the product. For additional information on these and other accessories, contact your Xerox sales representative or call 1-800-ASK- XEROX (1-800-275-9376). © 2017 Xerox Corporation. All rights reserved. Xerox® and Xerox and Design® are trademarks of Xerox Corporation in the United States and/or other countries. BR22162 Other company trademarks are also acknowledged. Document Version: 1.0 (January 2017). Voluntary Product Accessibility Template® and VPAT® are registered service marks of the Information Technology Industry Council (ITI). 477 of 1132 482 Xerox Accessibility Section 508 Conformance Report Voluntary Product Accessibility Template® (VPAT®) V2.0 Xerox® AltaLink® B8045/55/65/75/90 MFP Learn more about Xerox and Section 508 at our website: www.xerox.com/Section508 Summary Table – Voluntary Product Accessibility Template® (VPAT®) Criteria Conformance Level Remarks and explanations Chapter 3: Functional Performance Criteria Supports The product is compliant with Chapter 3. Chapter 4: Hardware Supports with exceptions Compliant with minor exceptions concerning speech, volume, status indicators, and input controls Chapter 5: Software Not applicable The product does not support the software criteria set forth Chapter 6: Support Documentation and Services Supports The centralization of documentation, training, and support services for most Xerox products allows us to achieve compliance across the corporation. Software Version Evaluated: device SW version 101.008.008.12230 Accessories Included in Evaluation: external keyboard, narrator (inbuilt in Windows), headset, and XCA Evaluation Methods Used: testing based on general product knowledge, similar to another evaluated product, and testing with assistive technologies 478 of 1132 483 05/07/18 2 of 6 Chapter 3: Functional Performance Criteria (FPC) Criteria Conformance Level Remarks and explanations 302.1 Without Vision Supports At least one mode of operation that does not require user vision is available 302.2 With Limited Vision Supports At least one mode of operation that enables users to make use of limited vision is available 302.3 Without Perception of Color Supports At least one mode of operation that does not require user perception of color is available 302.4 Without Hearing Supports One mode of operation that does not require user hearing is available 302.5 With Limited Hearing Supports One mode of operation that does not require user limited hearing is available 302.6 Without Speech Not applicable Speech is not required for this product 302.7 With Limited Manipulation Supports At least one mode of operation that does not require fine motor control or simultaneous manual operations is available 302.8 With Limited Reach and Strength Supports At least one mode of operation that does not require limited reach and limited strength is available 302.9 With limited Language, Cognitive, and Learning Abilities Supports Features are provided for individuals with limited cognitive, language, and learning abilities for simpler and easier use Chapter 4: Hardware Criteria Conformance Level Remarks and explanations 402 Closed Functionality 402.1 General 402.2 Speech-Output Enabled 402.2.1 Information Displayed On- Screen Supports Speech is enabled via XCA. However, machine cannot be powered on/off via XCA. 402.2.2 Transactional Outputs Not applicable There is no transactional output 402.2.3 Speech Delivery Type and Coordination Supports Speech output is delivered through an industry standard connector or a telephone headset. Output is coordinated with information displayed on the screen. 402.2.4 User Control Supports with exceptions Speech is enabled via XCA. However, there is no repeat and pause option. 402.2.5 Braille Instructions Supports with exceptions Speech output is not supported in the machine but is via XCA and XCA is specifically set up to enable speech, i.e. in using XCA it is assumed the user is aware of the accessibility features 402.3 Volume 402.3.1 Private Listening Supports Speech is enabled via XCA and can be directed to 479 of 1132 484 05/07/18 3 of 6 Criteria Conformance Level Remarks and explanations individuals via headsets. On/off is not a feature of XCA. On/off functionality supported via rocker switch behind door 402.3.2 Non-private Listening Supports with exceptions Speech is enabled via XCA. However machine cannot be powered on/off via XCA and there are no volume controls in XCA 402.4 Characters on Display Screens Supports with exceptions All text is sans serif but text is 4mm 402.5 Characters on Variable Message Signs Not applicable This product does not have variable message signs 403 Biometrics 403.1 General Not applicable Biometric forms are not used. 404 Preservation of Information Provided for Accessibility 404.1 General Not applicable The device does not transmit or conduct information or communication. 405 Privacy 405.1 General Supports The same degree of privacy of input and output is provided to all individuals 406 Standard Connections 406.1 General Supports At least one type of connection conform to industry standard non-priority format. 407 Operable Parts 407.2 Contrast Supports The product provides keys and controls with contrast visually from background surfaces 407.3 Input Controls 407.3.1 Tactilely Discernible Supports Input controls are operable by touch and tactilely discernible without activation. 407.3.2 Alphabetic Keys Supports with exceptions Through external keyboard, user can enter the text for providing the email destination of the job. User will not be able to go to that ‘editable text’ field in LUI via keyboard 407.3.3 Numeric Keys Supports with exceptions Through external keyboard, user can enter the numeric values for providing the quantity of the job. User will not be able to go to that ‘quantity’ field in LUI via keyboard 407.4 Key Repeat Not applicable Key repeat is not supported. 407.5 Timed Response Supports with exceptions Alert provided only visually but not by sound 407.6 Operation Supports Controls do not require simultaneous use of two hands, and the force to activate hand-operated controls is less than 5 lbs. 407.7 Tickets, Fare Cards, and Keycards Not applicable Tickets, Fare card or keycard is not used in product 407.8 Reach Height and Depth 480 of 1132 485 05/07/18 4 of 6 Criteria Conformance Level Remarks and explanations 407.8.1 Vertical Reference Plane Supports At least one of each type of operable part of stationary ICT at a height conforming to 407.8.2 or 407.8.3 is available 407.8.1.1 Vertical Plane for Side Reach Supports Where a side reach is provided, the vertical reference plane is 48 inches (1220 mm) long minimum. 407.8.1.2 Vertical Plane for Forward Reach. Supports (1) Where a forward reach is provided, the vertical reference plane is 30 inches (760 mm) long minimum 407.8.2 Side Reach Supports Where a side reach requires a reach over a portion of the ICT, the height of that portion of the ICT is 34 inches (865 mm) maximum. 407.8.2.1 Unobstructed Side Reach Supports Where the operable part is located 10 inches (255 mm) or less beyond the vertical reference plane, the operable part is 48 inches (1220 mm) high maximum and 15 inches (380 mm) high minimum above the floor. 407.8.2.2 Obstructed Side Reach Supports All operable controls are within specification. 407.8.3 Forward Reach Supports Where a forward reach allows a reach over a portion of the ICT, the height of that portion of the ICT shall be 34 inches (865 mm) maximum 407.8.3.1 Unobstructed Forward Reach Supports The operable part is 48 inches (1220 mm) high maximum and 15 inches (380 mm) high minimum above the floor 407.8.3.2 Obstructed Forward Reach Supports Supports maximum allowable forward reach to an operable part is 25inches 407.8.3.2.1 Operable Part Height for ICT with Obstructed Forward Reach Supports All operable parts are within specification 407.8.3.2.2 Knee and Toe Space under ICT with Obstructed Forward Reach Not applicable There are no operable controls. 408 Display Screens 408.2 Visibility Supports At least one display screen is visible from a point located 40inces above floor space 408.3 Flashing Supports The power key LED conforms 409 Status Indicators 409.1 General Supports with exceptions After inserting the document in DADH, the Status is indicated visually by LED light. However it doesn’t provide any sound to indicate the status. 410 Color Coding 410.1 General Supports Color coding and additional means of unique identification (e.g., text and symbols) are used. 411 Audible Signals 411.1 General Supports Audible signals and additional means of unique identification (e.g., cues) are used. 412 ICT with Two-Way Voice Communication 412.2 Volume Gain 412.2.1 Volume Gain for Wireline Not applicable This product does not use analog or digital wireline 481 of 1132 486 05/07/18 5 of 6 Criteria Conformance Level Remarks and explanations Telephones telephones. 412.2.2 Volume Gain for Non- Wireline ICT Not applicable The device does not support bi-directional voice communication over a telephone line. 412.3 Interference Reductions and Magnetic Coupling 412.3.1 Wireless Handsets Not applicable The product does not produce electromagnetic fields. 412.3.2 Wireline Handsets Not applicable The product does not produce electromagnetic fields. 412.4 Digital Encoding of Speech Not applicable This product does not support digital encoding of speech 412.5 Real-time Text Functionality Not applicable This product does not support real-time functionality 412.6 Called ID Not applicable Caller ID and/or similar telecommunications are not present. 412.7 Video Communication Not applicable The product is not a video or multi-media product. 413 Closed Caption Processing Technologies 413.1.1 Decoding and Display of Closed Captions Not applicable The product is not a video or multi-media product. 413.1.2 Pass-Through of Closed Caption Data Not applicable The device does not transmit or conduct information or communication. 414 Audio Description Processing Technologies 414.1.1 Digital Television Tuners Not applicable The product is not a video or multi-media product. 414.1.2 Other ICT Not applicable The product is not a video or multi-media product. 415 User Controls for Captions and Audio Descriptions 415.1.1 Caption Controls Not applicable The product is not a video or multi-media product. 415.1.2 Audio Description Controls Not applicable The product is not a video or multi-media product. Chapter 6 Support Documentation and Services Criteria Conformance Level Remarks and explanations 601.1 Scope 602 Support Documentation 602.2 Accessibility and Compatibility Features Supports XCA is provided to the customer with the user guide 602.3 Electronic Support Documentation Supports W ebsite provides user guide 602.4 Alternate Formats for Non-Electronic Support Documentation Supports User guide is provided as an E-book to the customer 603 Support Services 603.2 Information on Supports XCA is provided to the customer with the user guide 482 of 1132 487 05/07/18 6 of 6 Criteria Conformance Level Remarks and explanations Accessibility and Compatibility Features 603.3 Accommodation of Communication Needs Not applicable Customer support service contact details are available in the user guide and also on website. Specific support for persons with disability is not provided What is the Voluntary Product Accessibility Template (VPAT)? The purpose of the Voluntary Product Accessibility Template is to assist Federal contracting officials in making preliminary assessments regarding the availability of commercial Electronic and Information Technology products and services with features that support accessibility. The first table of the Template provides a summary view of the Section 508 Standards. The subsequent tables provide more detailed views of each subsection. There are three columns in each table. In the subsequent tables, the first column contains the numbered paragraphs of the subsections. The second column describes the supporting features of the product with regard to that paragraph. The third column contains any additional remarks and explanations regarding the product. For additional information on these and other accessories, contact your Xerox sales representative or call 1-800-ASK- XEROX (1-800-275-9376). © 2017 Xerox Corporation. All rights reserved. Xerox®, AltaLink®, and Xerox and Design® are trademarks of Xerox Corporation in the United States and/or other countries. BR22162 Other company trademarks are also acknowledged. Document Version: 1.0 (January 2017). Voluntary Product Accessibility Template® and VPAT® are registered service marks of the Information Technology Industry Council (ITI). 483 of 1132 488 The Safety of Xerox® Products Facts about the safety of Xerox® products. Additional information, if needed, on one or more lines Month 00, 0000 <Part Number> 484 of 1132 489 © 2019 Xerox Corporation. All rights reserved. Xerox® is a trademark of Xerox Corporation in the United States and/or other countries. BR22041 Other company trademarks are also acknowledged. Document Version: 1.3 (August 2019). 485 of 1132 490 Facts about the Safety of Xerox® Products i Contents 1. General Information .......................................................................................................................... 1 Environment, Health, Safety and Sustainability Policy at Xerox ......................................................... 1 Safety Data Sheets ......................................................................................................................... 2 General Safety Practices .................................................................................................................... 2 Equipment Design ........................................................................................................................... 2 Consumables ...................................................................................................................................... 3 2. Xerox® Products ................................................................................................................................ 4 Electromagnetic Compatibility ......................................................................................................... 4 Ergonomics/Human Factors ............................................................................................................ 4 Document Illumination ..................................................................................................................... 4 Lasers .............................................................................................................................................. 4 3. Xerox® Supplies ................................................................................................................................ 5 Materials Safety Evaluation ................................................................................................................ 5 Toners and Developers ....................................................................................................................... 5 Liquid Inks ........................................................................................................................................... 6 Solid Inks ............................................................................................................................................. 6 Fuser Lubricants ................................................................................................................................. 6 Photoreceptors .................................................................................................................................... 6 4. Indoor Air Quality and Emissions ................................................................................................... 7 Ozone .................................................................................................................................................. 7 Volatile Organic Compounds (VOCs) ................................................................................................. 7 Particulates and Dust .......................................................................................................................... 8 Odors................................................................................................................................................... 8 5. Additional Topics .............................................................................................................................. 9 Audible Noise ...................................................................................................................................... 9 Product Service and Maintenance ...................................................................................................... 9 Disposal of Spent Supplies and Equipment ........................................................................................ 9 Service Materials ........................................................................................................................... 10 Equipment ..................................................................................................................................... 10 6. Additional Information .................................................................................................................... 11 486 of 1132 491 Facts about the Safety of Xerox® Products 1 1. General Information Environment, Health, Safety and Sustainability Policy at Xerox The Environment, Health, Safety, and Sustainability (EHS&S) organization at Xerox ensures company-wide adherence to Xerox’s environment, health, safety, and sustainability policy. The governance model we use to accomplish this includes clearly defined goals, a single set of worldwide standards, and an audit process that ensures conformance to these requirements. Our EHS&S governance and policy, adopted in 1991, forms the foundation of our environmental leadership program. It is the policy of Xerox Corporation to: • Comply with applicable environment, health and safety laws, rules, regulations and Xerox Standards; • Take appropriate measures to protect the environment and health and safety of our employees, customers, suppliers and neighbors from unacceptable risk; • Take appropriate measures to prevent workplace injuries and illnesses; provide employees with a safe and healthy work environment; • Assess environment, health, and safety impacts before starting a new activity or project; • Comprehend environment, health, and safety impacts in the design and acquisition of products and services; • Eliminate unacceptable risks from facilities, products, services and processes; • Strive for continual improvement of its environmental management system and to conserve natural resources, eliminate the use of toxic and hazardous materials; prevent pollution; recover, reuse, recycle; • Address climate change by reducing the carbon footprint of our operations, products and services; and • Require suppliers to adhere to applicable environment, health, and safety laws, rules, regulations and Xerox Standards. Overview To ensure full compliance with the above policy, health, safety and environmental considerations are an essential element of the product and materials design and review process, involving internal and external world-class experts. Extensive system testing is conducted under a variety of simulated field and stress conditions to verify that all the health and safety requirements have been met. Our internal test groups conduct some of these tests while external testing organizations perform others. Xerox has a long history of proactively assessing the health and safety of the materials used in its products using a wide variety of methods. These measures drive elimination of the use of persistent, bio-accumulative and toxic materials throughout the supply chain and the safety of our equipment and consumable products. Whenever new information raises a concern about the safety of a product, we investigate and, when warranted, take prompt action with health and safety consideration being our highest priority. 487 of 1132 492 Facts about the Safety of Xerox® Products 2 Safety Data Sheets Xerox prepares two types of data sheets that summarize safety and health information for our equipment and consumables products: • Product Safety Data Sheets (PSDS) contain information about the mechanical, electrical and environmental attributes of our equipment as well as product emission data. • Safety Data Sheets (SDS) provide information on the globally recognized classification and the safe use of products that may be chemical substances or mixtures. They also contain storage, shipping and disposal information. General Safety Practices To ensure the safety of those who use and care for our equipment, it is important to observe these fundamental rules: • Site the equipment according to published Xerox® installation requirements. When moving equipment to a new location, review installation requirements. • Connect the equipment to a properly grounded electrical service outlet. • Comply with all caution and warning labels in order to avoid potentially hazardous conditions. • Do not bypass or defeat interlocked covers. These covers prevent creation of hazardous conditions, which could occur if they were opened. • Only trained service personnel may remove covers or guards held in place by fasteners that cannot be detached without using tools. • Only use Xerox approved maintenance procedures and materials. • Stop the equipment immediately, disconnect it from its power supply and have it serviced before the next use in the event of unusual noises, odors or smoke. • Dispose of spent materials and products according to information provided on Safety Data Sheets, which can be found on www.xerox.com/environment • Do not stare at equipment light sources, which can produce temporary nuisance effects or discomfort. Equipment Design Xerox policy requires that products meet safety standards that are at least as strict as the generally accepted standards of approval agencies and government regulations. For each product brought to market, Xerox has a comprehensive Product Safety Requirement List that details the specific safety requirements. All possible hazards are assessed: electrical, mechanical, chemical, biological, radiation, heat, emissions and noise. Results of assessments must be satisfactory in all areas before shipping equipment to the customer. In addition to these assessments, service procedures, service materials, special tools and the operator’s manual must all be approved prior to customer shipments. Installation instructions define minimum product space requirements to ensure proper equipment performance and to provide adequate access for service. Xerox® products are typically submitted to a nationally recognized testing laboratory such as Underwriters Laboratories® (UL), Canadian Standards Association (CSA) or TUV Rheinland®, resulting in product certification to the latest country-specific version of internationally accepted product safety standards, such as IEC 60950 (Safety of Information Technology Equipment). 488 of 1132 493 Facts about the Safety of Xerox® Products 3 Products are also CB Scheme Certified, and CE marked for sales in European Union markets and the equivalent schemes of other countries where they may be marketed. Consumables Xerox takes a conservative position on potential health risks to our employees and customers. Accordingly, Xerox has established strict interna l standards limiting the use of potentially hazardous materials in consumable products. In some cases, this includes setting internal company exposure limits, known as Xerox Exposure Limits (XEL), for specific chemical or physical agents. Xerox Exposure Limits are more stringent than external consensus or regulatory limits. 489 of 1132 494 Facts about the Safety of Xerox® Products 4 2. Xerox® Products Electromagnetic Compatibility Xerox® products are designed to function properly in the intended electromagnetic environment without causing harmful interference to nearby equipment or radio communication services. In this regard, Xerox® products comply with all governmental regulations covering Electromagnetic Compatibility (EMC). Appropriate product testing verifies compliance. Ergonomics/Human Factors Human factors are an integral part of our design process. Our multidisciplinary team of professionals evaluates Xerox® products to ensure usability by our customers, serviceability by our technicians and ease of assembly by our manufacturing personnel. Document Illumination Staring at lamps can sometimes produce an afterimage, but this is of short duration and has no permanent effects. Due to the intensity of some light sources, some lamp systems are interlocked with the platen cover to prevent this. We recommend that all platens be covered while making copies, to minimize exposure and facilitate good copy quality. Lasers Xerox® products containing lasers present no hazard to equipment operators or bystanders and are designed and built to comply with the strict safety requirements of governmental and international standards. Product designs ensure that potentially harmful laser beams are contained within the equipment. Covers and shields need not, and should not, be removed for customer maintenance. Covers that may be removed by Xerox service personnel are labeled to indicate potential laser hazards. No service mode requires direct viewing of the laser beam or permits the beam to exit the confines of the equipment. Service personnel following established adjustment procedures are not exposed to potentially harmful laser beams. 490 of 1132 495 Facts about the Safety of Xerox® Products 5 3. Xerox® Supplies Materials Safety Evaluation Materials used in our consumable products are classified and labeled in compliance with the Globally Harmonized System of Classification and Labeling of Chemicals (GHS) and meet our own stringent internal safety requirements. During the assessment of any material o r product, both its inherent properties (potential hazards) and the potential exposures to customers and service personnel are considered. The various materials used in imaging processes undergo a full toxicological evaluation, which reviews published technical data and information obtained from responsible testing. The safety evaluation process considers possible acute and chronic effects as well as the potential for eye and skin irritation. Various bacterial and mammalian cell type tests are used as predictors of potential genotoxic effects. When published data is lacking, additional testing may be required. If that is the case, all tests are performed to the Organization for Economic Cooperation and Development (OECD) methods by independent laboratories that operate in accordance with the rules of good laboratory practice, and the results are documented and placed into the health and safety archives. Further, all laboratories used in safety testing are accredited by, or meet the standards of, the American Association for Accreditation of Laboratory Animal Care. Responsible use and humane treatment of animals are basic requirements of sound scientific research and the generation of valid test data. Whenever feasible, we utilize alternatives to animal testing; however, viable alternatives do not always exist. In all instances, we ensure that our safety testing activities are in full compliance with worldwide regulatory standards and requirements. Results of the toxicological evaluation are in Safety Data Sheets and the details of the review and any applicable test reports are available to appropriate health and safety regulatory agencies when needed. Toners and Developers Some Xerox® toners are fine powders composed of plastics, colorants and small quantities of functional additives. They are not considered to be hazardous preparations according to any regulatory classification criteria. Toner constituents must not only produce images having high xerographic quality but also pass our health and safety reviews. The toners are typically designed using styrene-acrylic, styrene-butadiene or polyester polymers. In black toners, several different specialty grade carbon blacks or iron oxide are used as colorant, while various dyes or pigments are employed for color im ages. During the toner manufacturing process, the carbon black (or other colorant) and polymer are combined in such a way that the colorant becomes encapsulated by the polymer. Under normal operating conditions and other foreseeable conditions, the toners are entirely stable, and no significant decomposition occurs. When exposed to the proper combination of heat and pressure, the toner simply flows and adheres to the paper. Developers are composed of a carrier material and toner. Xerox® carriers are based on special grades of sand, glass, steel or ferrite types of materials. They are generally coated with a small amount of special polymer to achieve the desired functional behavior in the xerographic equipment. 491 of 1132 496 Facts about the Safety of Xerox® Products 6 A comprehensive assessment of new materials in our toners is conducted to ensure conformance with applicable global registration, hazard communication and waste handling and disposal requirements. Because of our stringent requirements, Xerox ® toners and printing products are non- carcinogenic and non-mutagenic. In addition, these products do not cause adverse developmental or reproductive effects; pose a toxicity hazard to humans or aquatic species; cause a permanent adverse impact to the skin, eyes or respiratory system; or have the potential to generate federally regulated hazardous waste. Xerox was the first in our industry to evaluate the health effects of toner and did so for over 30 years. Liquid Inks Most Xerox® liquid inks are aqueous (water based) inks containing dispersing agents and dyes or pigments. Before being placed on the market, each of the inks undergoes a rigorous safety evaluation to ensure all regulatory requirements are met and that the inks meet the strict requirements of Xerox internal standards. For some specific applications, such as Direct-to-Object printing, UV curable liquid inks are used. These inks, like all other materials, undergo extensive safety evaluation. They are classified according to GHS and labeled appropriately with all potential hazards outlined in the Safety Data Sheets, along with guidelines for safe handling, storage and disposal. Solid Inks Xerox uses solid inks in some imaging applications such as plotters and printers. The various solid inks contain polyethylene, waxes, resins, dyes and pigments. The resultant material is a waxy solid block that is transferred to the printed surface under specific heat and pressure specifications. All the materials used in the manufacture of solid inks are subject to the same rigorous safety evaluation as other imaging materials. Fuser Lubricants Some xerographic processes use lubricants as release agents during the fusing process. These lubricants are inert, non-hazardous silicone oils and greases, which have high thermal stability. The lubricants are not mineral oils and are not subject to regulatory controls for such materials. Photoreceptors A xerographic photoreceptor is a multilayer device in which photo-conducting layers are very tightly bonded to a substrate. The substrate may be a rigid aluminum drum or a flexibl e metal belt or polyester film. Most current photoreceptors use a proprietary organic photoconductor. Like all imaging materials, photoreceptor constituents are subject to rigorous safety evaluation. 492 of 1132 497 Facts about the Safety of Xerox® Products 7 4. Indoor Air Quality and Emissions We design our products to ensure that they can be safely located in typical office areas near employee workspaces. Under normal operating conditions and with proper maintenance, machines meet or exceed legal requirements and current standards for emissions and are in co nformance with select internationally recognized voluntary guidelines. Additional information about the emission characteristics of Xerox® equipment is in the Product Safety Data Sheets. Xerox supports our customers’ responsibility for maintaining excellent indoor air quality in the workplace. Many factors affect the quality of indoor air including ventilation, office furnishings and building materials, in addition to the type of office equipment and use patterns. Xerox® equipment is tested in conformance with rigorous emission testing protocols to ensure that we meet or exceed current standards and acceptable best practices. For example, we set and adhere to strict internal limits on the amount of ozone, volatile organic compounds, and particulate substances emitted from xerographic products. Ozone In xerographic devices, small quantities of ozone are produced as a byproduct of the printing process. Ozone is generated only when the machine is copying or printing. Xerox Ozone Management Guidelines require that equipment situated in locations that do not meet either space or temperature and humidity requirements be equipped with a filter to reduce ozone to an acceptable level. Some equipment is equipped with ozone filters at the factory while others may be retrofitted at the placement site. With production printing equipment, the exposure to ozone is controlled by ducting which routes the emissions away from the area. Xerox emission levels of ozone are substantially below internationally recognized exposure limits. The Facts about Ozone publication is available upon request or at www.xerox.com/environment Volatile Organic Compounds (VOCs) In some conditions, volatile organic compounds may be emitted during and immediately after copying or printing. The concentrations are low, typically less than 1/100 th of the occupational exposure limits for such compounds. Volatile compounds are measured in special inert chambers because their levels are less than the levels found in typical room interiors due to building materials, floor covering and furniture. Measured levels, as included on the Product Safety Data Sheets, also meet many global ecolabel requirements. 493 of 1132 498 Facts about the Safety of Xerox® Products 8 Particulates and Dust During a product’s operation, very small amounts of paper dust and toner may become airborne. Most dust created inside the machine is drawn through the heat exhausts and trapped by filters. Dust associated with copying and printing consists primarily of paper particles and fibers. When paper is handled outside the equipment, paper fragments are also generated. Ultimately, levels of paper dust depend on the composition and quality of the paper used. Less than 10 percent of the dust generated is toner particles. The levels are significantl y below the standard exposure limits for respirable dust. Odors Xerox makes every effort to ensure that our equipment does not emit objectionable odors into the workplace. However, since some chemicals have very low odor thresholds, some people with a sensitive sense of smell may sometimes detect faint odors, even though the concentration of the chemical is significantly below any that would present a potential health concern. 494 of 1132 499 Facts about the Safety of Xerox® Products 9 5. Additional Topics Audible Noise Xerox uses state-of-the art instrumentation and noise test facilities to optimize product designs for low noise and enhanced comfort. Xerox® products do not produce noise levels expected to damage human hearing. Noise emission levels meet various ecolabel and ergonomic guidelines and are well below legally mandated exposure limits established around the world. Product Service and Maintenance Environmental health and safety personnel at Xerox review and approve all service procedures and materials prior to field usage. They assess and control any potential mechanical, electrical, chemical or physical hazards such as lasers, noise, etc. to minimize exposures of our employees and customers. Field usage of these procedures and materials is monitored, and product retrofits, warning labels or special bulletins are made when appropriate. Xerox has created ways for customers to service their own equipment using web-based service procedures or described to the customer over the telephone. These service procedures have been reviewed and approved by qualified health and safety personnel to ensure that customers are not significantly exposed to physical hazards, chemical or physical agents, ergonomic stressors, or hazardous electrical energy. Disposal of Spent Supplies and Equipment Proper disposal of waste materials minimizes environmental impacts. The environmental management program at Xerox identifies hazardous waste materials for proper disposal and encourages recycling or reclaiming of waste products. All materials used in the various imaging processes are evaluated against the following criteria: environmental toxicity and biodegradability, ignitability, corrosivity and reactivity. Sections 6 and 13 of the Safety Data Sheets provide guidance for managing spills and disposal. For any questions concerning disposal of Xerox® materials, review Safety Data Sheets and observe all applicable governmental regulations. The Xerox Green World Alliance (www.xerox.com/GWA) collection and reuse/recycling program, in partnership with our customers, results in millions of cartridges and toner containers returned for reuse or recycling each year. Exceptions or special considerations may apply in the following circumstances: • Photoreceptors The photoreceptors used in our modern equipment have met all the criteria to be classified nonhazardous. Return used or damaged Xerox® photoreceptors containing arsenic and selenium to Xerox Corporation or the supplier for disposition. If not returned to Xerox, follow state and local laws regarding disposal of this material. We recommend disposal in a chemical waste landfill. 495 of 1132 500 Facts about the Safety of Xerox® Products 10 • Toner or toner cartridges Toner or toner cartridges can be recycled locally or returned to Xerox through our Green World Alliance program. Incineration is discouraged, as dust clouds from residual toner may be explosive. • Developer Developer also meets all criteria for classification as nonhazardous and therefore may be disposed of with normal office refuse. However, state and local requirements may be more restrictive so consult the appropriate state and local authorities. Service Materials Safety Data Sheets are available for each of the service materials sold by Xerox. These materials have also been evaluated against hazardous waste criteria to determine proper disposal. If the waste materials are classified hazardous and small q uantity generator exemptions do not apply, applicable governmental regulations must be observed for proper disposition. For additional questions concerning disposal of Xerox ® service materials, please review the Safety Data Sheets and observe all applicable governmental regulations. Equipment Xerox operates a worldwide equipment takeback and reuse/recycle program as described at www.xerox.com/environment 496 of 1132 501 Facts about the Safety of Xerox® Products 11 6. Additional Information It is a fundamental principle of Xerox Corporation to ensure that our products are safe and do not in any way represent a concern to our customers or employees. More information is available on the Xerox Environment, Health, Safety and Sustainability website at www.xerox.com/environment or contact: North America Askxerox@xerox.com 1.800.ASK.XEROX (1.800.275.9376) Europe EHS-Europe@xerox.com 497 of 1132 502 This Recommended Media List contains Xerox® Paper and Specialty Media that has been extensively tested on the Xerox® AltaLink® B8045/B8055/B8065/B8075/B8090 Multifunction Printer for image quality and performance by Xerox® at the Xerox® Media Technology Center. The paper and specialty media on this list are approved by Xerox and recommended for use in all configurations of the Xerox® AltaLink® B8045/ B8055/B8065/B8075/B8090 Multifunction Printer. All Xerox® Paper and Specialty Media on this list are digitally optimized, designed and manufactured for optimal performance in Xerox digital printing equipment and carry the Domtar 100% Performance Guarantee. Domtar offers a 100% Performance Guarantee for any Xerox® Paper or Specialty Media that is featured on the Recommended Media List for a specific Xerox printer or digital press. This is your assurance that if you are unhappy with the performance of recommended Xerox® Paper or Specialty Media, Domtar will either take back the unused product and replace it or refund your money – guaranteed. Domtar Paper Company, LLC. and Domtar Inc., (collectively referred to as “Domtar”), are the exclusive U.S. and Canadian trademark licensees of Xerox® Paper and Specialty Media. Domtar’s and Xerox’s extensive collaborative testing and stringent specifications ensure that we are able to guarantee the performance and consistency of Xerox® Paper and Specialty Media. Recommended Media List Xerox® AltaLink® B8045/B8055/B8065/B8075/B8090 Multifunction Printer 498 of 1132 503 xerox™ Recommended Media List General Information Customers should validate that the Best Practices for Operation for the selected Xerox® Paper or Specialty Media are acceptable for their application. When purchasing a particular media product for the first time, customers are advised to purchase small quantities to ensure that expectations are met. Media observations made in this publication are based on tests conducted using standard images with moderate to heavy image area coverage. Test machines are maintained within specifications defined by user documentation. Where applicable, suggested adjustments and best practices are included to optimize media performance. Note that “size” designation is for sheet dimensions only, and is not used to indicate grain direction. The Stock Library Montage application can be updated with the most current Recommended Media List by downloading the “Recommended Media List.rml” file from Xerox.com. This file can be found on Xerox.com under the Support and Drivers tab, searching on Altalink. Instructions on how to update the Stock Library Manager media list are included with the file. To view the most current Recommended Media List, please visit www.xeroxpaperusa.com/resources/ recommended-media-list. Warranty Disclaimer Domtar and Xerox make no guarantees or warranties, either expressed or implied, concerning the performance, use or replacement of non-Xerox branded media or throughput products. Customers should inquire directly of their paper distributor or manufacturer for any guarantees they may offer. When purchasing a particular media product for the first time, customers are advised to purchase small quantities to insure their expectations are met. The quality of Xerox supplies is consistent from ream to ream and is backed by a 100% guarantee such that if you are unhappy with the performance of recommended Xerox® Paper or Specialty Media, Domtar will either take back the unused product and replace it or refund your money. The quality of non-Xerox branded paper may vary from ream to ream or carton to carton, so for optimum performance on Xerox color equipment, use only the best: Xerox supplies. To learn more about Xerox® Paper and Specialty Media, please call 1-866-814-2401. To learn more about the benefits of using Xerox Supplies (toner and ink), please contact your Xerox Supplies Representative at 1.800.822.2200 (U.S.) or 1.800.668.0199 (Canada). 499 of 1132 504 Xerox® AltaLink® B8045/B8055/B8065/B8075/B8090 Multifunction PrinterXerox® AltaLink® B8045/B8055/B8065/B8075/B8090 Multifunction Printer Recommended Media ListPFPItem NumberPaper & Specialty Media DescriptionSizePaper Type SettingWeight (gsm)123456StackStapleStackStapleBooks (SEF)Bi-fold (SEF)'Z'Letter 'Z'Letter 'C'Additional Information3R0204720 lb.8.5 x 11Bond75AAAAAA♦♦♦♦♦♦n♦♦3R1141520 lb., Xpress Pack8.5 x 11Bond75AAAAAA♦♦♦♦♦♦n♦♦3R0264120 lb.8.5 x 11 3HPHolePunched75AAAAAA♦♦♦♦♦♦n♦♦3R0205120 lb.8.5 x 14Bond75AAAAAn♦♦♦♦♦♦♦nn3R0376120 lb.11 x 17Bond75AAAAAn♦♦♦♦♦♦♦nn3R0253124 lb.8.5 x 11Bond90AAAAAA♦♦♦♦♦♦n♦♦3R1141424 lb.8.5 x 11Bond90AAAAAA♦♦♦♦♦♦n♦♦3R0331724 lb.8.5 x 11HolePunched90AAAAAA♦♦♦♦♦♦n♦♦3R0387124 lb.11 x 17Bond90AAAAAn♦♦♦♦♦♦♦nn3R0629620 lb.8.5 x 11Recycled75AAAAAA♦♦♦♦♦♦n♦♦3R0629720 lb.8.5 x 11 3HPRecycled75AAAAAA♦♦♦♦♦♦n♦♦3R0629820 lb.8.5 x 14Recycled75AAAAAn♦♦♦♦♦♦♦nn3R0629920 lb.11 x 17Recycled75AAAAAn♦♦♦♦♦♦♦nn3R1174790 lb. Index8.5 x 11163AAAAAA♦♦♦♦♦♦n♦♦3R1174890 lb. Index17 x 11163AAAAAA♦♦♦♦♦♦nnn3R11749110 lb. Index8.5 x 11Cardstock199AAAAAA♦♦♦♦♦♦n♦♦3R1105020 lb. Blue8.5 x 11Colored75AAAAAA♦♦♦♦♦♦n♦♦3R1105120 lb. Green8.5 x 11Colored75AAAAAA♦♦♦♦♦♦n♦♦3R1105220 lb. Pink8.5 x 11Colored75AAAAAA♦♦♦♦♦♦n♦♦3R1105320 lb. Yellow8.5 x 11Colored75AAAAAA♦♦♦♦♦♦n♦♦3R1105520 lb. Goldenrod8.5 x 11Colored75AAAAAA♦♦♦♦♦♦n♦♦3R1105620 lb. Ivory8.5 x 11Colored75AAAAAA♦♦♦♦♦♦n♦♦Notes:TraysTraysA = Auto Duplex S = Simplex OnlyM = Manual Duplex n = not supportedMSI (Bypass)The Recommended Media List contains Xerox® Paper and Specialty Media, digitally optimized, designed from stringent specifications and manufactured for optimal and constant image quality performance. Xerox® Paper and Specialty Media have undergone rigorous testing by Xerox®. Any paper and print media that is featured on the Recommended Media List for a specific Xerox® printer or digital press will give optimum performance. Relative humidity greater than 40% could cause multifeeds. The Office Finisher (2K LCSS) is capable of stapling at maximum; (maximum number will decrease if paper weight is greater than 20lb / 75 gsm):• 50 Sheets of Letter (8.5 x 11") in Long Edge Feed (LEF) or Short Edge Feed (SEF)• 50 Sheets of Tabloid/Ledger (11 x 17"), Legal (8.5 x 14)The Office Finisher with Booklet Maker (LVF) is capable of stapling at maximum; (maximum number will decrease if paper weight is greater than 20lb / 75 gsm):• 50 Sheets of Letter (8.5 x 11") in Long Edge Feed (LEF) or Short Edge Feed (SEF)• 50 Sheets of Tabloid/Ledger (11 x 17") or Legal (8.5 x 14)• 15 Sheets, maximum 24lb / 90 gsm, Short Edge Feed (SEF) of Letter (8.5 x 11"), Tabloid/Ledger (11 x 17"), or Legal (8.5 x 14) for the Booklet MakerLetter 'Z' and 'C' folding available only when sheets are fed SEF. Max Tray capacity for 'Z' fold is 30 sheets and for Letter 'Z' and 'C' is 40 sheets.Lightweight CardstockXerox® Vitality® Index PaperFinisher Capabilities♦ = Capable of Stacking, Stapling or Folding Paper Type/Sizen = not supportedXerox® Vitality® Pastel Multipurpose Printer PaperPFMHCFXerox® Vitality® Multipurpose Printer PaperXerox® Vitality® Multipurpose Printer Paper, 30% RecycledOffice Finisher (2KLCSS)HVF/HVF/LVF Booklet Maker FinisherCZ Folder500 of 1132 505 Domtar is the exclusive trademark licensee of the Xerox® Paper and Specialty Media Line within the United States and Canada. Working collaboratively with the Xerox Corporation and our Media Partners, Domtar designs and manufactures the Xerox® Paper and Specialty Media Line to bring you the most extensive line of digitally optimized products in the United States and Canada. With the Domtar Performance Guarantee, you can be assured that if you are unhappy with the performance of the product, you may return the unused portion and Domtar will either replace it, or refund your money. Xerox ® Paper and Specialty Media products are distributed by Domtar and are widely available for purchase through office supply dealers, paper merchants, office supply stores, online as well as in selected retail stores. www.domtar.com www.xeroxpaperUSA.com | www.xeroxpaper.ca © 2019 Domtar Inc. All rights reserved. Xerox® and AltaLink® are trademarks of Xerox Corporation in the United States and/or other countries. Domtar is the trademark licensee of Xerox® Paper and Specialty Media in the United States and Canada. 09/19 BR27349 501 of 1132 506 'Y '-=-' Domtar PAPER Xerox HR Outsourcing Brochure Xerox® Adaptable Accessibility Solution Product Brochure Xerox ® Adaptable Accessibility Solution Empowering the blind, visually impaired and people of all abilities. To keep your business strong, your employees need to feel empowered to perform their best. The Xerox® Adaptable Accessibility Solution makes that happen. It operates on a standard tablet to leverage users’ existing working knowledge of technology tools. Plus, audio talk-back provides work independence for key features like Copy, Scan to Email and Faxing—helping minimize the barriers technology can have for people with disabilities. 502 of 1132 507 Technology created for users of all abilities. To learn more about the Xerox® Adaptable Accessibility Solution, call your local Xerox sales representative. Of the 15 million visually impaired residents of the United States, nearly 38 percent* are employed. Do you have the resources and tools in place to help them succeed? *Online Resource for U.S. Disability Statistics. Cornell University. 2013. ©2015 Xerox Corporation. All rights reserved. Xerox®, Xerox and Design®, ConnectKey® and WorkCentre® are trademarks of Xerox Corporation in the United States and/or other countries. BR13804 Ensures Legislation Compliance and Security This solution is compliant with the U.S. legislation of the federal Workforce Investment Act of 1998 and amended Section 508 of the Rehabilitation Act. It’s integrated with secure solutions like Xerox® Common Access Card authentication for advanced levels of security for sensitive government information. Plus, with Xerox® Secure Print, a unique Pin ID is required for print submission—further enhancing security. Enhances Workplace Independence The touch screen of the standard tablet features oversized, easy-to-view application icons for the multifunction features. Combine that with the adjustable mounting bracket that allows them to modify the tablet to their own proper viewing angle—a great flexibility for the visually impaired as well as for those who use wheelchairs. Plus, the USB keyboard provides an easier alternative for data entry for users who prefer this method to navigate through menus and populate fields. Strengthens Employee Confidence There are two user modes. User mode one enables audible and talk-back features. That way, blind and visually impaired employees can copy, scan to email and scan with ease. Stress-free accurate task selections can be heard as they are touched on the screen. User mode two displays all features of the multifunction printer user interface. This viewing mode accommodates others using all the solutions and capabilities of the device. These key multifunction printer features are available with talk-back audio: • Copy • Scan to Email • Fax • Secure Print Release Industry-standard tablet Tutorial available in audio format Large application icons and touch screen Robust workflows • Scan to Email is simple with a local address book on the tablet and USB keyboard. • Users can scan documents to be turned into searchable PDFs which can be emailed and used with existing technologies providing audible playback. Scan this QR code to see how this solution empowers employees at the Association for the Blind and Visually Impaired. 503 of 1132 508 E= ~, ® xerox •~ Touchless Workplace Technologies 504 of 1132 509 Xerox Scan Compression Technology Smaller scan fi les mean greater offi ce productivity The power of scanning gives your offi ce more workfl ow options, making it easy to turn hard copy documents into electronic fi les for fast distributing, organizing and archiving. But many popular multifunction devices lack the ability to adequately compress a scanned image, resulting in greater strain on network bandwidth or fi les with degraded image quality. Xerox MFPs, however, feature advanced scan-fi le compression technology that greatly reduces a scanned image’s fi le size — without affecting image quality. Xerox WorkCentre products* produce scan fi les that are up to 9 times smaller than those produced by the competition as tested by Industry Analysts, Inc. The fi le-size advantage delivered by Xerox means you can create and distribute high-resolution scanned images that contain both text and graphical elements without consuming excessive network bandwidth. Our products employ the latest image-compression technologies, including the Mixed Raster Content (MRC) method, which splits scanned-fi le data into separate text and graphic elements. JPEG compression technology is used to compress graphical elements, while JBIG2 is used to compress text elements. In settings that swing from pine-oak-forest ecologic regions to turquoise seas rich in ocean life, follow the Compass Tours star on a hiking trek through the Baja, California, desert, followed by a snorkeling and kayaking expedition to the neighboring Sea of Cortez. We promise gorgeous, challenging topography, excellent local fare to satisfy your ravenous appetites, and memorable adventures. Our multiactivity Baja, California, odyssey begins in the pine-oak forests of the Sierra Juarez and San Pedro Martir mountain ranges of northern Baja. We’ll hike into these small ecoregions, which sit like temperate islands of coniferous forest in an enormous desert of arid terrain, for two full days of exploration. Many picnics, beach bonfires, and fish cookouts with plenty of Dos Equis beer will give you the chance to get to know your tour mates and exchange “fish tales” about your best fauna sightings in the Sea of Cortez! We’ll spend two evenings next to roaring fires, listening to the babble of small mountain brooks and naming constellations while the campfire coffee percolates. After we disembark from the mountaintops, we’ll reverse gears and drive toward the seaThis narrow sea is home to a unique and rich ecosystem: In addition to its wide range of native species, it also hosts a wide range of migratory animals, including humpback and gray whales, leatherback sea turtles, and manta rays (brave swimmers can abandon their paddling duties and try to hitch a ride on these gentle giants!). Baha desert and sea trek outfitting you for fun since 1971! Compass Tours 357 Marble Ct., San Francisco, CA 415-337-4545 www.compass_tours.net In settings that swing from pine-oak-forest ecologic regions to turquoise seas rich in ocean life, follow the Compass Tours star on a hiking trek through the Baja, California, desert, followed by a snorkeling and kayaking expedition to the neighboring Sea of Cortez. We promise gorgeous, challenging topography, excellent local fare to satisfy your ravenous appetites, and memorable adventures. Our multiactivity Baja, California, odyssey begins in the pine-oak forests of the Sierra Juarez and San Pedro Martir mountain ranges of northern Baja. We’ll hike into these small ecoregions, which sit like temperate islands of coniferous forest in an enormous desert of arid terrain, for two full days of exploration. Many picnics, beach bonfires, and fish cookouts with plenty of Dos Equis beer will give you the chance to get to know your tour mates and exchange “fish tales” about your best fauna sightings in the Sea of Cortez! We’ll spend two evenings next to roaring fires, listening to the babble of small mountain brooks and naming constellations while the campfire coffee percolates. After we disembark from the mountaintops, we’ll reverse gears and drive toward the seaThis narrow sea is home to a unique and rich ecosystem: In addition to its wide range of native species, it also hosts a wide range of migratory animals, including humpback and gray whales, leatherback sea turtles, and manta rays (brave swimmers can abandon their paddling duties and try to hitch a ride on these gentle giants!). Baha desert and sea trek outfitting you for fun since 1971! Compass Tours 357 Marble Ct., San Francisco, CA 415-337-4545 www.compass_tours.net Baha desert and sea trek The Xerox MRC image compression method splits a single scan into separate text and graphics components for optimized compression of each element. Copyright © 2008 Xerox Corporation. All rights reserved. Contents of this publication may not be reproduced in any form without permission of Xerox Corporation. XEROX® and the sphere of connectivity design are trademarks of Xerox Corporation in the U.S. and/or other countries. 5/08 610P729740 SCNBR-02UA JPEG compression JBIG2 compression * Xerox MFPs tested by Industry Analysts, Inc., include the WorkCentre 7242, WorkCentre 7345, WorkCentre 7675, WorkCentre 5632 and WorkCentre 5675. “As a group, the Xerox color MFPs produced signifi cantly smaller fi le sizes when scanned to fi le than any of the MFPs from the other vendors tested. Xerox black-and-white MFPs, as a group, produced the smallest fi le sizes of all of the MFPs tested.” 505 of 1132 510 Jobs for Color and Mono Average Scanned File Size o~:~ller File Size Is Better Ps from All Vundon;: xerox On devices with scanning functionality, will the installer or repair person ensure that a one-page instructional flyer is posted at the device that explains why OCR is critical to make PDFs accessible to people with disabilities and instructs the user how to easily turn the OCR capability on/off? Please explain Yes, we can print and mount a sign at the devices were requested to include the below information. For Searchable PDF in Scan To: 1. Login to the Embedded Web Server. 2. Select Apps. 3. Select Scan To. 4. Scroll Down to Searchable Text and set to On. The Searchable Text selection will apply Optical Character Recognition (OCR) to file formats that support OCR such as PDF. When enabled the output file will include text based information derived from the scanned image of text characters. Scroll Down to Searchable Text Compression and set to On. Searchable Text Compression is only applicable when Searchable Text is enabled. When Searchable Text and Searchable Text Compression are both turned on along with a compatible file format (PDF, XPS) then the text based information included in the output file will be compressed creating a smaller sized output file. 5. Logout of Embedded Web Server. How To Enable Optical Character Recognition When Scanning Documents Product support for: AltaLink B80XX, AltaLink C80XX, AltaLink B80XX Family, AltaLink C80XX Family Note: Internet Explorer for Windows and Safari for Macintosh are the recommended Internet browsers when accessing the Configuration Site. 1. Open a web browser and enter the IP address of the printer in the address field, then press Enter. Note: You can find the IP address of the machine by pressing the Deviceapp and then the Aboutapp on the printers' user interface. 2. Log-in as an Administrator by pressing the Log-In button. 3. Click on the Properties tab. 4. On the left side of the page click on Apps. 5. Click on Email > Setup. 6. On the right side of the page, under Email Setup, click on Defaults. 7. Under Email Options, click on Edit. This will bring up a set of formats for your files. 8. Under File Options, select the Searchable option to enable it. Note: With this option enabled, scanned documents can now be edited. 9. Click Save. 10. Test by sending a scanned document to yourself. Note: Enabling this option will make the sizes of your scanned files bigger and this could prevent the ability to scan successfully. 506 of 1132 511 An innovative voice solution supporting workers of all abilities.Language is an effective means of communication.“Gabi, make 10 color copies, double-sided, and stapled.”Gabi Voice allows workers of all abilities to access their multifunction printer’s copying, scanning, faxing, and secure printing functions using their voice. The device is controlled using natural language and simple commands including a request for service. Ensure legislative requirements: Gabi Voice is 508c compliant for use by employees with disabilities. Enable workplace independence: No commands to memorize. Basic commands are spoken in any order for the desired outcome. Increase productivity: Voice commands save time. No need for manuals, icons, or menus. Stay secure: Powered by IBM Watson, Gabi voice commands are interpreted securely and accurately. No personal information is exchanged or stored with this solution. Gabi Voice is convenient: Place a service call while at the device. Gabi gathers the pertinent service information along with your serial number and emails your service provider. Currently utilizing English-only commands, Gabi can help with conveying toner and paper levels before performing large jobs. Why Gabi Voice? These key multifunction printer features are supported with Gabi Voice: - Copy - Scan to Email - Fax - Secure Print - Device - to submit a service request Current Xerox® Devices Supported: - Xerox® AltaLink© C8030/C8035/C8045/C8055/C8070 - Xerox® AltaLink© B8045/B8055/B8065/B8075/B8090 Engage our voice recognition solution by using the wake-up word, “gabi.” Gabi Voice is not just a name, but a Global Artificial Business Intelligence platform for the printing industry complying with 508c standards. Powered by the cognitive brain of IBM Watson, Gabi enables hands-free access to your multifunction printer. Components 1-to-1 Gabi Smartbox: Ethernet/USB/Bluetoothequipped micro-controller device designedto communicate directly with the MFP. Speaker: An on-premises dedicated and integrated microphone/speaker that aids the user in communication via voice. Connected directly to the Gabi Smartbox via USB. Power: 5.1V micro USB power adapter UL approved. 12 Gloria Lane, Suite 5, Fairfield, NJ 07004 Text: (864) 416-1355Call: (888) 414-GABI (4224)support@gabisolutions.com To learn more about Gabi Voice and Gabi Solutions, visit www.gabisolutions.com ©2018 Vision-e. All rights reserved. Vision-e® and Gabi® are trademarks of InFieldSalesPro in the United States and/or other countries. 507 of 1132 512 • voice An innovative voice solution supporting workers of all abilities.Language is an effective means of communication.“Gabi, make 10 color copies, double-sided, and stapled.”Gabi Voice allows workers of all abilities to access their multifunction printer’s copying, scanning, faxing, and secure printing functions using their voice. The device is controlled using natural language and simple commands including a request for service. Ensure legislative requirements: Gabi Voice is 508c compliant for use by employees with disabilities. Enable workplace independence: No commands to memorize. Basic commands are spoken in any order for the desired outcome. Increase productivity: Voice commands save time. No need for manuals, icons, or menus. Stay secure: Powered by IBM Watson, Gabi voice commands are interpreted securely and accurately. No personal information is exchanged or stored with this solution. Gabi Voice is convenient: Place a service call while at the device. Gabi gathers the pertinent service information along with your serial number and emails your service provider. Currently utilizing English-only commands, Gabi can help with conveying toner and paper levels before performing large jobs. Why Gabi Voice? These key multifunction printer features are supported with Gabi Voice: - Copy - Scan to Email - Fax - Secure Print - Device - to submit a service request Current Xerox® Devices Supported: - Xerox® AltaLink© C8030/C8035/C8045/C8055/C8070 - Xerox® AltaLink© B8045/B8055/B8065/B8075/B8090 Engage our voice recognition solution by using the wake-up word, “gabi.” Gabi Voice is not just a name, but a Global Artificial Business Intelligence platform for the printing industry complying with 508c standards. Powered by the cognitive brain of IBM Watson, Gabi enables hands-free access to your multifunction printer. Components 1-to-1 Gabi Smartbox: Ethernet/USB/Bluetoothequipped micro-controller device designedto communicate directly with the MFP. Speaker: An on-premises dedicated and integrated microphone/speaker that aids the user in communication via voice. Connected directly to the Gabi Smartbox via USB. Power: 5.1V micro USB power adapter UL approved. 12 Gloria Lane, Suite 5, Fairfield, NJ 07004 Text: (864) 416-1355Call: (888) 414-GABI (4224)support@gabisolutions.com To learn more about Gabi Voice and Gabi Solutions, visit www.gabisolutions.com ©2018 Vision-e. All rights reserved. Vision-e® and Gabi® are trademarks of InFieldSalesPro in the United States and/or other countries. 508 of 1132 513 Q) 300 John St., Suite 1B, Greer, SC 29651 888-414-GABI (4224) www.GabiSolutions.com 1 Global Artificial Business Intelligence Gabi Voice Customer Expectations Document For Xerox® AltaLink family Document version: 27April 2020 509 of 1132 514 gab i. 300 John St., Suite 1B, Greer, SC 29651 888-414-GABI (4224) www.GabiSolutions.com 2 Global Artificial Business Intelligence Gabi Gov Customer Expectation Document Table of Contents ABOUT THIS DOCUMENT 3 PRODUCT DESCRIPTION 3 CAPABILITIES OF GABI VOICE 3 PRODUCT HARDWARE 3 PRE-REQUISITES 4 TERMINOLOGY 4 INSTALLATION 4 USER INTERACTION 4 PROCESS FLOW 4 AVAILABLE INTENTS 5 COPY 5 SCAN TO EMAIL 5 SERVER FAX 6 SECURE PRINT 7 MACHINE STATUS 7 SUPPLY LEVELS 7 INQUIRIES 8 TECHNOLOGY PARTNERS 8 INSTALLATION SUPPORT 8 MAINTENANCE SUPPORT 8 ERROR HANDLING 8 SUPPORT 9 APPENDIX A 10 510 of 1132 515 gab i. 300 John St., Suite 1B, Greer, SC 29651 888-414-GABI (4224) www.GabiSolutions.com 3 Global Artificial Business Intelligence ABOUT THIS DOCUMENT The purpose of this document is to set customer expectations of the Gabi Voice workflows and any associated caveats related to the Xerox AltaLink family. In addition, this document includes reference to the Service Subscription Agreement required to understand Gabi Voice Solution (APPENDIX A). Please read this document in its entirety. It contains important information that will help ensure a smooth operating experience with Gabi Voice. Please note: Completing the Configuration Worksheet is the single most important step for ensuring successful enablement of the Gabi Voice solution. The Configuration Worksheet available on TXC is required before placing orders for Gabi Voice Solution with your Xerox authorized sales rep. The configuration information needs to be sent to support@gabisolutions.com as soon as your purchase of the Gabi Voice system is processed with Xerox via TXC. PRODUCT DESCRIPTION English only Gabi Voice provides a touchless voice user interface for interfacing with a Xerox AltaLink Multifunction printer (MFP). The voice user interface is structured via natural language input and adapts to variances based on user speech patterns. As the input is detected from the conversation, a corresponding set of machine executable commands are derived from a database whitelist of known functions. Gabi Voice will only perform actions that have been pre- programmed, which will be covered later in this document. The Gabi Voice solution is designed to be an on-premises device that securely interfaces with IBM Watson ® once the wake-word has been invoked and language commands have been supplied.. CAPABILITIES OF GABI VOICE The following multifunction printer functions are enabled with Gabi Voice. • Copy • Email • Server Fax • Secure Print Release1 • Machine Status • Inquiries2 1 Secure Print Release requires external keyboard for pin entering 2 Please check with your Sales Represtative to determine if Service Ticket Assistance is supported. GabiVoice is not supported with any Xerox Service Contract, all support is provided via GabiSolutions. Gabi Voice is not supported on Xerox FSMA Service contracts. Gabi Voice does not support any 3rd Party Authenication Solutions, XWS, XDM, XDA. PRODUCT HARDWARE Contents provided with Gabi Voice include: • Smartbox appliance • Power supply • Talk to Me Speaker/Microphone 511 of 1132 516 gab i. 300 John St., Suite 1B, Greer, SC 29651 888-414-GABI (4224) www.GabiSolutions.com 4 Global Artificial Business Intelligence Note: An ethernet cable is not included. Gabi Voice supports IPV4 and IPV6 environments. PRE-REQUISITES 1. Gabi Voice Solution requires a separate physical dedicated Ethernet port and power outlet from the MFP. 2. Customer required to supply an Ethernet Cable that will enable connection between the Smartbox and Network drop.. 3. The Xerox AltaLink device firmware must be at level 100.XXX.028.05200 or higher. This firmware can be found on the AltaLink configuration sheet or on the Local User Interface device icon. 4. Scan to fax feature requires Gabi Voice to be in a Server Fax enabled environment. 5. Secure Print Release may require the optional USB keyboard. Contact Xerox Customized Application Solutions or your Xerox Sales Represtative for more information. TERMINOLOGY Intent: Expected goal to be achieved. Entity: An item, term, or object that provides context to the intent. Wake-word: A word said aloud to start the microphone recording service. Throughout the document when mentioning the wake-word, it is assumed the user is saying “gabi.” VUI: Voice User Interface. INSTALLATION Setup for Gabi Solutions requires AltaLink Administration Log-in access. A customer Administrator should reference the Gabi Voice Technology Overview and Installation Guide prior to connecting Gabi to the MFP. USER INTERACTION To initiate Gabi Voice the user can invoke the wake-word “Hey Gabi” along with the intended command. The Wake word systematically triggers release of the microphone from a non-recording state and places into an active recording stream. The recording stream remains active until it detects a natural pause in the conversation. After the command is detected, Gabi invokes a sub process to determine if the minimum parameters have been supplied. If additional options are required, a conversation dialog will be initiated to gather more input from the user. At any time, a user can simply say “Cancel” to break out of the dialog and return to the default home/idle state. Any errors encountered on the device during user interaction will be reported back verbally if the requested intent could not be completed successfully. PROCESS FLOW Along with the Gabi conversation the Speaker/Microphone is equiped with LED lights to provide a visual feedback. • Device thinking state, led bars will flash • Microphone is activated and listening, led bars are solid green • Error occurrence (Gabi Voice or Device), led bars are solid red 512 of 1132 517 gab i. 300 John St., Suite 1B, Greer, SC 29651 888-414-GABI (4224) www.GabiSolutions.com 5 Global Artificial Business Intelligence AVAILABLE INTENTS COPY Entities: Quantity (1-50), Sides (Double-sided or Single-sided), Color (Full Color, Black and White or Auto Detect Color) Caveats: Leveraging copy functionality by an external application such as Gabi Voice is only made possible in Xerox proprietary EIP 4.0. Settings for EIP 4.0 are described in the install guide. Copy function does not support the following: • Booklet making, C/Z-folding and hole punching are not supported • Layout adjustments and Job Assembly functions are not supported Example Flow: User - “Hey Gabi [pause for beep] Make a Copy.” Gabi - “Your Job will now begin.” To access your MFP’s additional options for making a copy, you’ll need to add these values at the end of your command as shown in the below example interaction. User - “Hey Gabi [pause for beep] Make a Single Sided Copy.” Gabi - “Your Job will now begin.” SCAN TO EMAIL The email is sent to the recipient directly from the device using the SMTP settings as defined locally. Entities: Gabi will decipher from the user input first name, last name, email address. If a name is supplied with multiple entries in the device address book, the user will be prompted to confirm the correct entry. For example: Gabi will say: Say 1 for Mark Jacobs … Say 2 for Marc Simpson Caveats: • If the device address book is unavailable due to permission restrictions, then it will not be queryable for user selection. • If MFP has an active session logged-in at the local user interface then an error “The device is busy” will be reported by Gabi Voice. This is a known limitation of EIP and will be addressed with a future patch provided by Xerox ® . • The Email application does not support the following: o Not all scan file formats – PDF is the default o Build Job is not supported o Layout adjustments and job assembly functions are not supported Note: Changes to the address book - additions and deletions - will require an export of the address book. Consult the Gabi Voice Installation Guide for more Example Flow: User - “Hey Gabi [pause for beep] Scan to Email.” Gabi - “Now checking for logged in users to email. I could not find a logged in user’s email. Who would you like to email?” User - “Bruno Silva” Gabi - “Now searching the address book. Do you want to email Bruno Silva?” User - “Yes” 513 of 1132 518 gab i. 300 John St., Suite 1B, Greer, SC 29651 888-414-GABI (4224) www.GabiSolutions.com 6 Global Artificial Business Intelligence Gabi - “Okay, would you like to set any additional options?” User - “Yes” Gabi - “Which option would you like to set? Say ‘ I need help’ for a list of options or help me with setting and [ Option Name] ” User - “I need help.” Gabi - “Options are sides, color, resolution, original type, paper size, orientation, lighten, darken, searchable text, background suppression, subject line and file attachment name. To set, say Set [ Option Name] to [ Value] .” SERVER FAX Server fax is only supported at this time. Using the Gabi VUI, a user can construct a scan job ticket with the purpose of setting the destination to be a fax recipient. If the user is currently logged-in at the time, then the session will be associated with the process. The fax is sent to the recipient directly from the device using the fax communication settings as defined locally. Example Invocations: • Hey Gabi [pause for beep ] Send a Fax • Hey Gabi [pause for beep ] Send a Fax to Jane Doe • Hey Gabi [pause for beep ] Send a Fax using my keyboard Entities: • Contact Name • Fax Number • Sides (Double-sided, or Single-Sided) • Color (Black and White, Full Color or Auto Detect Color) • Paper Size (Letter, Legal or Mixed) • Original Type (Printed Original, Inkjet Original, Solid Ink Original or Photocopied • Original) • Resolution (50%, 75%, 100%, 125%, 150% or 200%) • Darken (50% or 100%) • Lighten (50% or 100%) Gabi will decipher from the user input first name, last name, fax number. If a name is supplied and multiple entries exist in the device address book, then the user will be prompted to confirm the correct entry. For example: Gabi will say: Say 1 for Mark Jacobs ... Say 2 for Marc Simpson Reference Gabi Voice User Guide for more detail. Caveats: • If the device address book is unavailable due to permission restrictions, then it will not be queryable for user selection. • If MFP has an active session logged-in at the local user interface then an error “The device is busy” will be reported by Gabi Voice. This is a known limitation of EIP and will be addressed with a future patch provided by Xerox ® . 514 of 1132 519 gab i. 300 John St., Suite 1B, Greer, SC 29651 888-414-GABI (4224) www.GabiSolutions.com 7 Global Artificial Business Intelligence • It is the responsibility of the user engaged in the Voice User Interface to supply a valid fax number in accordance with the dialing restrictions of the environment. Gabi Voice will not attempt to parse or format the number any differently than how it was provided by the user. • The Fax application does not support the following: o Cover sheet o Contrast adjustment o Layout adjustment o Starting rate, delay send, email confirmation, fax cover sheet, job assembly, etc. o Fax mask data is not supported. No special character support. Note: Changes to the MFP’s address book - additions and deletions - will require an export of the address book. Consult the Gabi Voice Installation Guide for more details. SECURE PRINT Allows a user to release secure print jobs from the queue. When invoked, the user will be asked to enter their pin via an external USB keypad (not supplied). Any jobs matching the logged-in user id will be automatically released. Due to confidentiality of the file names, no job names will be read out loud.Entities: Entities: • Secure Print Type (Release or Delete) • PIN Number Caveats: • The MFP must be at a minimum firmware level of 100.XXX.028.05200 . Otherwise jobs cannot be released. • The PIN code can only be read from an external keyboard. The on-board soft-keyboard cannot communicate with Gabi Voice. While we support most external USB keyboards, it is recommended to use the Xerox ® T00015 accessibility keyboard. MACHINE STATUS Allows a user to retrieve machine status as it would be displayed on the walk-up screen, i.e. “Tray 4 is empty, Machine is in sleep mode, etc…” Entities: None Caveats: None Example Invocation: • Hey Gabi [pause for beep ] What is the status of my device? • Hey Gabi [pause for beep] What is the status of my machine? SUPPLY LEVELS Allows user to query the MFP to determine paper and toner levels Example Invocations: • Hey Gabi [pause for beep ] What are my paper levels? • Hey Gabi [pause for beep ] What are my toner levels? Entities: None 515 of 1132 520 gab i. 300 John St., Suite 1B, Greer, SC 29651 888-414-GABI (4224) www.GabiSolutions.com 8 Global Artificial Business Intelligence Caveats: SNMP must be enabled as a service on the MFP for this to operate correctly. In addition, the public community string must be configured if different from default. INQUIRIES Not supported on Xerox Service contracts, check with your Sales Representative. Allows a user to submit a service request to a predetermined endpoint. In the event of a service request, any available diagnostics are collected along with the message body. All Service Support is provided by Gabi Solutions. Contact Gabi Solutions to set up the service request option support@gabisolutions.com TECHNOLOGY PARTNERS Gabi is made possible in part due to the partnership with IBM Watson AI cognitive platform to leverage advanced natural language processing. Gabi also leverages AWS GovCloud for powering its underlying API. AWS GovCloud (US) is an isolated AWS region designed to allow U.S. government agencies and customers to move sensitive workloads into the cloud by addressing their specific regulatory and compliance requirements. The AWS GovCloud (US) Region adheres to U.S. International Traffic in Arms Regulations (ITAR) requirements. INSTALLATION SUPPORT The Gabi Voice system is customer installable. Installation support for Gabi only is provided by the Gabi Voice hotline support@gabisolutions.com. Please contact the Xerox Authorized Service representative for issues related to AltaLink. MAINTENANCE SUPPORT The customer should contact the Gabi Solutions support@gabisolutions.com for any problems, issues or questions with the Gabi Voice Solution. Enhancements, patches, and security updates may periodically be required. Please leave Gabi on-line to received updates. AltaLink issues should be directed to a Xerox Authorized Service provider. For help in determining if issues are AltaLink or Gabi Solutions please reference Xerox Support https://www.support.xerox.com/ and use key word “Gabi” for instructions. ERROR HANDLING The Gabi Smartbox is designed to propagate errors encountered during interaction back to the user. These errors include: • Operational errors that prohibit the device from working properly, i.e. paper tray open • User defined errors, such as invoking an unrecognized whitelisted Gabi Voice command • Device service error, such as an authentication error, that prohibit the request from being fulfilled Gabi Voice will not report errors if there is no activity performed by the user. 516 of 1132 521 gab i. 300 John St., Suite 1B, Greer, SC 29651 888-414-GABI (4224) www.GabiSolutions.com 9 Global Artificial Business Intelligence SUPPORT For issues with Gabi, please feel free to contact Gabi Solutions at support@gabisolutions.com or (888)611-2679 between 8:00-5:00 PM EST 517 of 1132 522 gab i. 300 John St., Suite 1B, Greer, SC 29651 888-414-GABI (4224) www.GabiSolutions.com 10 Global Artificial Business Intelligence APPENDIX A Subscription Services AGREEMENT Note: This is for customer information only. As part of the Gabi Voice enablement process customers will be asked to accept this agreement directly with Gabi Solutions. GABI VOICE SUBSCRIPTION SERVICES AGREEMENT This Gabi Voice Subscription Services Agreement (“Agreement”) is by and between InField Sales Pro, LLC, d/b/a Gabi Solutions (“Gabi“) and Customer and is effective on the date Hardware is delivered to Customer for use with a multifunction printer provided by Xerox Corporation (“MFP”) (“Effective Date”). Whereas, Gabi provides a subscription Service, Customer desires to subscribe to the Service, and this business relationship and the allocation of responsibilities regarding such Service are set forth in this Agreement. Therefore, the parties agree as follows: 1. Customer’s Use of the Service. 1.1 Provision of the Service. In exchange for the fees paid as contemplated herein, Gabi shall: (i) make the Service available in accordance with the Documentation and the SLA to Customer and its Enabled Users in the Field of Use during the Term pursuant to this Agreement; (ii) not use Customer Data except to provide the Service, or to prevent or address service or technical problems, in accordance with this Agreement and the Documentation, or in accordance with Customer’s instructions; and (iii) not disclose Customer Data to any third party. The Service is provided in U.S. English. Gabi has translated portions of the Service into other languages. Customer and its Enabled Users may only use the translated portions of the Service for the number of languages listed in an applicable Order Form. Gabi will provide support in accordance with Exhibit A, which is included at no additional charge to Customer; or at Customer’s option and upon payment of applicable fees, Gabi will provide enhanced support in accordance with Exhibit B. 1.2 Customer Obligations. Customer may enable access of the Service for use only by Enabled Users solely for the internal business purposes of Customer and its Affiliates in accordance with the Documentation and not for the benefit of any third parties. Customer is responsible for all Enabled User use of the Service and compliance with this Agreement. Customer shall: (a) have sole responsibility for promptly installing updates to the Service, and for the accuracy, quality, and legality of all Customer Data; and (b) prevent unauthorized access to, or use of, the Service, and notify Gabi promptly of any such unauthorized access or use. Customer shall not: (i) use the Service in violation of applicable Laws; (ii) in connection with the Service, send or store infringing, obscene, threatening, or otherwise unlawful or tortious material, including material that violates privacy rights; (iii) send or store Malicious Code in connection with the Service; (iv) interfere with or disrupt performance of the Service or the data contained therein; or (v) attempt to gain access to the Service or its related systems or networks in a manner not set forth in the Documentation. Customer shall designate a maximum number of named contacts to request and receive support services from Gabi (“Named Support Contacts”). Named Support Contacts must be designated to assist with Product(s) for which they initiate support requests. 1.3 Federal Government End Use Provisions (if applicable). Gabi provides the Service, including related Software and technology, for federal government end use solely in accordance with the following: Government technical data and software rights related to the Service include only those rights customarily provided to the public as defined in this Agreement. This customary commercial license is provided in accordance with FAR 12.211 (Technical Data) and FAR 12.212 (Software) and, for Department of Defense transactions, DFAR 252.227-7015 (Technical Data – Commercial Items) and DFAR 227.7202.3 (Rights in Commercial Computer Software or Computer Software Documentation). If a government agency has a “need for” right not conveyed under these terms, it must 518 of 1132 523 gab i. 300 John St., Suite 1B, Greer, SC 29651 888-414-GABI (4224) www.GabiSolutions.com 11 Global Artificial Business Intelligence negotiate with Gabi to determine whether there are acceptable terms for transferring additional rights. A mutually acceptable addendum specifically conveying such rights must be executed by the parties in order to convey such rights beyond those set forth herein. 2. Fees. 2.1 Invoices & Payment. Any fees for the Service after the initial five (5) years of the Term, or for any modifications or enhancements to the Service during the Term, will be invoiced in accordance with the relevant Order Form. Except as otherwise set forth in an Order Form executed by Gabi and Customer, all fees due hereunder (except fees subject to good faith dispute) shall be due and payable within thirty (30) days of invoice date. Except as otherwise stated in an Order Form, all fees are quoted and payable in United States dollars and are based on Service rights acquired under this Agreement. Customer shall provide Gabi with complete and accurate billing and contact information including a valid email address for receipt of invoices. Upon Gabi’s request, Customer will make payments via wire transfer. 2.2 Non-cancelable & non-refundable. Except as specifically set forth to the contrary under Section 6.2 “Warranty Remedies”, Section 7.1 “Indemnification by Gabi”, Section 9.2 “Termination”, and under the SLA, all payment obligations under any and all Order Forms are non-cancelable and all payments made are non-refundable. 2.3 Non-Payment and Suspension of Service. If Customer's account is more than thirty (30) days past due (except with respect to charges subject to a reasonable and good faith dispute), in addition to any other rights or remedies it may have under this Agreement or by Law, Gabi reserves the right to suspend the Service upon thirty (30) days written notice, without liability to Customer, until such amounts are paid in full. 2.4 Taxes. Except as otherwise stated in an Order Form, Gabi's fees do not include any direct or indirect local, state, federal or foreign taxes, levies, duties or similar governmental assessments of any nature, including value- added, excise, use or withholding taxes (collectively, "Taxes"). Customer is responsible for paying all Taxes associated with its acquisitions hereunder, this Agreement, and the Service, excluding U.S. income taxes on Gabi. If Customer has an obligation to withhold any amounts under any Law or tax regime (other than U.S. income tax Law), Customer shall gross up the payments so that Gabi receives the amount actually quoted and invoiced. If Gabi has a legal obligation to pay or collect Taxes for which Customer is responsible under this section, the appropriate amount shall be invoiced to and paid by Customer, unless Customer provides Gabi with a valid tax exemption certificate authorized by the appropriate taxing authority. 2.5 Enabled User Count Verification. In order to manage and improve the Service, Gabi may periodically confirm the number of Enabled User records on its hosted servers. 3. Proprietary Rights. 3.1 Ownership and Reservation of Rights to Gabi Intellectual Property. Gabi and its licensors own all right, title and interest in and to the Service, Documentation, and other Gabi Intellectual Property Rights. Subject to the limited rights expressly granted hereunder, Gabi reserves all rights, title and interest in and to the Service, and Documentation, including all related Intellectual Property Rights. No rights are granted to Customer hereunder other than as expressly set forth herein. 3.2 License Grant. Gabi hereby grants Customer a non-exclusive, non-transferable, right to use the Service and Documentation, solely for the internal business purposes of Customer and Affiliates and solely during the Term, subject to the terms and conditions of this Agreement. Gabi agrees that the Software used by Gabi to provide the Service, coupled with the rights granted to Customer in this section constitutes “intellectual property” as defined in Section 101(35A) of the Bankruptcy Code, as amended, and this Agreement shall be governed by Section 365(n) of the Bankruptcy Code, as applicable, in the event Gabi voluntarily or involuntarily becomes subject to the 519 of 1132 524 gab i. 300 John St., Suite 1B, Greer, SC 29651 888-414-GABI (4224) www.GabiSolutions.com 12 Global Artificial Business Intelligence protection of the Bankruptcy Code and Gabi or the trustee in bankruptcy rejects the Agreement. In addition, because pursuant to Section 3.4, Customer owns the Customer Data, Gabi shall not list the Customer Data as an asset in any bankruptcy filing, nor shall Gabi identify Customer’s Confidential Information as a Gabi asset. 3.3 License Restrictions. Customer shall not (i) modify, copy or create any derivative works based on the Service or Documentation; (ii) license, sublicense, sell, resell, rent, lease, transfer, assign, distribute, time share, offer in a service bureau, or otherwise make the Service or Documentation available to any third party, other than to Enabled Users as permitted herein; (iii) reverse engineer or decompile any portion of the Service or Documentation, including but not limited to, any software utilized by Gabi in the provision of the Service and Documentation, except to the extent required by Law; (iv) access the Service or Documentation in order to build any commercially available product or service; or (v) copy any features, functions, integrations, interfaces or graphics of the Service or Documentation. 3.4 Ownership of Customer Data. As between Gabi and Customer, Customer owns Customer Data. Gabi’s use of and activities with respect to any Open Source Software in connection with the Service do not and will not provide to any Open Source licensor any rights in Customer Data or any software or other intellectual property owned by or licensed to Customer by third parties. 3.5 Customer Input. Gabi shall have a royalty-free, worldwide, transferable, sub-licensable, irrevocable, perpetual license to use or incorporate into the Service any Customer Input. Gabi shall have no obligation to make Customer Input an Improvement. Customer shall have no obligation to provide Customer Input. 3.6 Aggregated Data Use. Gabi owns the aggregated and statistical data derived from the operation of the Service, including, without limitation, the number of records in the Service, the number and types of transactions, configurations, and reports processed in the Service and the performance results for the Service (the “Aggregated Data”). Nothing herein shall be construed as prohibiting Gabi from utilizing the Aggregated Data for purposes of operating Gabi’s business, provided that Gabi’s use of Aggregated Data will not reveal the identity, whether directly or indirectly, of any individual or specific data entered by any individual into the Service. In no event does the Aggregated Data include any personally identifiable information; Aggregated Data that is derived, in whole or in part from information that can be identified as being associated with an individual or with a customer shall not be released to any third party unless it has been rendered anonymous in such a way that the data subject is no longer identifiable. 4. Confidentiality. 4.1 Confidentiality. No party shall disclose or use any Confidential Information of the other party except as reasonably necessary to perform its obligations or exercise its rights pursuant to this Agreement and only with the other party's prior written permission. In the event that the receiving party needs to disclose Confidential Information to the disclosing party’s employees or Enabled Users to perform its obligations or exercise its rights pursuant to this Agreement, it may do so without prior written permission. Disclosures to third parties (other than Enabled Users) needed to perform obligations or exercise rights pursuant to this Agreement shall not require prior written permission if the third party recipient is subject to a confidentiality obligation that is equal to or more protective than the confidentiality provisions of this Agreement. 4.2 Protection. Without limiting the foregoing, each party agrees to protect the Confidential Information of the other party in the same manner that it protects its own Confidential Information of like kind, but in no event using less than a reasonable standard of care. Confidential Information that is Customer Data shall receive protection in accordance with Section 5 of this Agreement. 520 of 1132 525 gab i. 300 John St., Suite 1B, Greer, SC 29651 888-414-GABI (4224) www.GabiSolutions.com 13 Global Artificial Business Intelligence 4.3 Compelled Disclosure. A disclosure by one party of Confidential Information of the other party to the extent required by Law shall not be considered a breach of this Agreement, provided the party so compelled promptly provides the other party with prior notice of such compelled disclosure (to the extent legally permitted) and provides reasonable assistance, at the other party's cost, if the other party wishes to contest the disclosure. 4.4 Remedies. If a party discloses or uses (or threatens to disclose or use) any Confidential Information of the other party in breach of confidentiality protections hereunder, the other party shall have the right, in addition to any other remedies available, to seek injunctive relief to enjoin such acts without first exhausting the informal resolution or mediation processes described in section 10.11. The parties acknowledge that disclosure of Confidential Information may cause irreparable injury and damages, which may be difficult to ascertain and that remedies other than injunctive relief may be inadequate. In addition, in the event that a party fails to return or certify destruction of Confidential Information upon termination of this Agreement, each party is entitled to seek injunctive relief, including a preliminary injunction and an order of seizure and impoundment under Section 503 of the Copyright Act upon an ex parte application by Disclosing Party to protect and recover its Confidential Information. 4.5 Return or Destruction of Confidential Information. Upon the termination or expiration of this Agreement and at Customer's request, Gabi will return or destroy any and all Customer Confidential Information (excluding Customer Data, which is subject to Section 5) that Gabi is capable of returning or destroying in the ordinary course of Gabi's business, unless legally prohibited from doing so. Gabi shall protect any Customer Confidential Information in accordance with this Agreement for so long as Gabi retains such Customer Confidential Information. 4.6 Access to Customer’s Computer Systems. Customer and Enabled Users access the Service through the internet; the Service does not require that Gabi have access to Customer’s computer systems. In the unlikely event that the parties identify a situation where Gabi will need access to Customer’s computer systems, the parties will execute a separate agreement which specifies the terms for such access. 5. Security 5.1 Protection and Retrieval of PII. Unless otherwise requested and expressly agreed in writing by a Customer and Gabi via an Order Form submitted by such Customer to Gabi pursuant to this Agreement, Gabi Voice’s default configuration for SaaS does not store PII on (i) Amazon Web Services, or (ii) IBM Watson, where it opts out of data sharing so that, after executing the given task on the Watson platform, Watson is instructed not to store any data; or (iii) any future SaaS component which Gabi may elect to incorporate or make a part of the Gabi Voice configuration at any time during the Initial Term and any renewal term of this Agreement; During the Term of this Agreement, Gabi shall not store any PII in provisioning Services to Customer or its Enabled Users in connection with Gabi Voice. In the event that Customer requests services from Gabi requiring Gabi to gather and store PII (e.g. multifactor authentication for security), Gabi shall provide means to Customer to access and retrieve such Customer Data pursuant to a properly executed Order Form between Gabi and the Customer. 5.2 Unauthorized Disclosure. If either party believes that there has been a disclosure of unencrypted Customer Data to anyone other than Gabi (a “Security Incident”), such party must promptly notify the other party, but not later than forty-eight hours after identification of the disclosure unless Law enforcement officials have requested or require a delay in notice. Additionally, each party will reasonably assist the other party in remediating or mitigating any potential damage, including any notification which should be sent to individuals impacted or potentially impacted, or the provision of credit reporting services to such individuals. Each party shall bear the costs of such remediation or mitigation to the extent the breach or security incident was caused by it. Where the type of Customer Data disclosed is such that credit reporting services should be part of remediation efforts, unless the party financially responsible for the remediation efforts agrees to a longer period, one year of credit reporting 521 of 1132 526 gab i. 300 John St., Suite 1B, Greer, SC 29651 888-414-GABI (4224) www.GabiSolutions.com 14 Global Artificial Business Intelligence services shall be provided. Subject to the limitation of liability in Section 8, to the extent that Gabi caused the breach or security incident, Gabi’s obligation to bear the costs of such remediation or mitigation shall include the cost of defending or settling third party claims brought against Customer as the result of the breach or security incident. As soon as reasonably practicable after any such Security Incident, Customer and Gabi will consult in good faith regarding the root cause analysis and any remediation efforts. Following notice from Gabi to Customer of a security incident caused by Gabi, Customer will have the right to request from Gabi a report prepared by a nationally recognized independent third party audit firm of the relevant security and controls and/or, if applicable, a summary report of a penetration test of the application performed by an independent third party demonstrating remediation of material risks to the unauthorized disclosure of Customer Data. Gabi will work in good faith to remediate any material security risks identified in the root cause analysis that are within Gabi’s reasonable control. Except to the extent prohibited by applicable Law, each party shall provide the other party with reasonable notice of and the opportunity to comment on and approve the content of all notices, filings, communications, press releases or reports about an unauthorized disclosure of Customer Data that identify the other party by name prior to any publication or communication thereof to any third party other than legal advisors. Notwithstanding the foregoing, each party may provide notice as required by Law even if the other party has not provided such consent. Nothing herein will prevent Gabi from making disclosures about a security incident generally. Where applicable Law clearly allocates the responsibility for providing notice about a Security Incident to Customer, Gabi agrees that Customer has the sole right to determine: (i) whether or not any notices of a Security Incident are required by Law or regulation; (ii) the recipients of each notice of a Security Incident, including individuals, regulators, Law enforcement agencies, and consumer reporting agencies; and (iii) the contents of each notice. 6. Warranties & Disclaimers. 6.1 Mutual Warranties. Each party represents and warrants to the other that: (i) this Agreement has been duly authorized, executed and delivered and constitutes a valid and binding agreement enforceable against such party in accordance with its terms; (ii) no authorization or approval from any third party is required in connection with such party’s execution, delivery or performance of this Agreement; (iii) the execution, delivery and performance of this Agreement does not violate the terms or conditions of any other agreement to which it is a party or by which it is otherwise bound; and (iv), with respect to its activities pursuant to this Agreement, it shall comply with all Laws applicable to it related to data privacy, international communications and the transmission of technical or personal data. 6.2 Gabi Warranties. Gabi hereby warrants and represents that during the Term: (i) the Service shall perform materially in accordance with the Documentation; (ii) the functionality of the Service will not be materially decreased during the Term; (iii) it will use commercially reasonable efforts to prevent the introduction of Malicious Code into the Service (except for any Malicious Code submitted by Customer or its Enabled Users to the Service); Gabi warrants the Hardware to be free from defects for a period of one (1) year from the date of purchase. 6.3 Warranty Remedies. Each party shall promptly remedy its breach of the warranties in Section 6.1 upon receipt of notification of such breach. As Customer's exclusive remedy and Gabi's sole liability for breach of the warranty set forth in Section 6.2 (i), (ii), and (iii): (a) Gabi shall correct the non-conforming Service or replace the defective Hardware at no additional charge to Customer; or (b) in the event Gabi is unable to correct such deficiencies after good-faith efforts, Gabi shall refund Customer amounts paid that are attributable to the defective Service from the date Gabi received such notice. To receive warranty remedies, Customer must promptly report deficiencies in writing to Gabi, but no later than thirty (30) days of the first date the deficiency is identified by Customer. Following expiration of the Hardware warranty, Customer may purchase replacement Hardware units from Gabi or 522 of 1132 527 gab i. 300 John St., Suite 1B, Greer, SC 29651 888-414-GABI (4224) www.GabiSolutions.com 15 Global Artificial Business Intelligence its authorized reseller for use with the Service provided hereunder in place of any defective Hardware unit, without any additional service or other charge. 6.4 Disclaimer. EXCEPT AS EXPRESSLY PROVIDED HEREIN AND TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, GABI MAKES NO WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, AND SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING ANY WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE WITH RESPECT TO THE SERVICE AND/OR RELATED DOCUMENTATION. GABI DOES NOT WARRANT THAT THE SERVICE WILL BE ERROR FREE OR UNINTERRUPTED. THE LIMITED WARRANTIES PROVIDED HEREIN ARE THE SOLE AND EXCLUSIVE WARRANTIES PROVIDED TO CUSTOMER IN CONNECTION WITH THE PROVISION OF THE SERVICE. 7. Indemnification. 7.1 Gabi shall defend, indemnify and hold Customer and its respective officers, directors, successors, assigns, agents, and employees (collectively, the “Customer Indemnified Parties”), harmless against any loss, damage or costs (including reasonable attorneys' fees) in connection with claims, demands, suits, or proceedings ("Claims") made or brought against the Customer Indemnified Parties by a third party alleging that the use of the Product by Customer as contemplated hereunder infringes a copyright, a U.S. patent issued as of the Effective Date, or a trademark of a third party; provided, however, that Customer: (a) promptly gives written notice of the Claim to Gabi; (b) gives Gabi sole control of the defense and settlement of the Claim (provided that Gabi may not settle any Claim unless it unconditionally releases Customer of all liability); and (c) provides to Gabi, at Gabi's cost, all reasonable assistance. Gabi shall not be required to indemnify Customer in the event of: (w) modification of the Service by Customer or Enabled Users in conflict with Customer’s obligations or as a result of any prohibited activity as set forth herein; (x) use of the Service in a manner inconsistent with the Documentation; (y) use of the Service in combination with any other product or service not provided by Gabi; or (z) use of the Service in a manner not otherwise contemplated by this Agreement. If Customer is enjoined from using the Service or Gabi reasonably believes it will be enjoined, Gabi shall have the right, at its sole option, to obtain for Customer the right to continue use of the Service or to replace or modify the Service so that it is no longer infringing. If neither of the foregoing options is reasonably available to Gabi, then use of the Service may be terminated at the option of Gabi and Gabi’s sole liability shall be to refund any prepaid fees for the Service that were to be provided after the effective date of termination. 8. Limitation of Liability. 8.1 Limitation of Liability. (a)TO THE MAXIMUM EXTENT PERMITTED BY LAW AND EXCEPT WITH RESPECT TO LIABILITY ARISING FROM (I) GABI’S INDEMNIFICATION OBLIGATIONS; (II) CLAIMS FOR BODILY INJURY OR DEATH OR DAMAGES TO REAL PROPERTY OR TANGIBLE PERSONAL PROPERTY TO THE EXENT RESULTING FROM WILLFUL OR INTENTIONAL MISCONDUCT OF THE PARTY LIABLE FOR THE DAMAGES AND/OR (III) GABI’S BREACH OF THIS AGREEMENT RESULTING IN UNAUTHORIZED DISCLOSURE OF CUSTOMER DATA AS SET FORTH IN SECTION 8.1(b) BELOW, IN NO EVENT SHALL GABI’S OR GABI’S THIRD PARTY LICENSORS’ AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT, WHETHER IN CONTRACT, TORT OR OTHERWISE, EXCEED SUBSCRIPTION FEES ACTUALLY PAID BY CUSTOMER IN CONSIDERATION FOR GABI’S SERVICE DELIVERY DURING THE IMMEDIATELY PRECEEDING TWELVE (12) MONTH PERIOD FOR THE SERVICE FROM WHICH THE CLAIM AROSE (OR, FOR A CLAIM ARISING BEFORE THE SECOND ANNIVERSARY OF THE EFFECTIVE DATE OF THE APPLICABLE ORDER FORM, THE AMOUNT PAID FOR THE FIRST TWELVE MONTH PERIOD). (b) GABI’S AGGREGATE LIABILITY TO CUSTOMER FOR ITS BREACH OF THIS AGREEMENT RESULTING FROM GABI’S UNAUTHORIZED DISCLOSURE OF UNENCRYPTED CUSTOMER DATA COLLECTED VIA THE SERVICE (A “SECURITY 523 of 1132 528 gab i. 300 John St., Suite 1B, Greer, SC 29651 888-414-GABI (4224) www.GabiSolutions.com 16 Global Artificial Business Intelligence INCIDENT”) (INCLUDING THE COST TO DEFEND THIRD PARTY CLAIMS CAUSED BY SUCH BREACH) SHALL NOT EXCEED $1,000,000. 8.2 Damages. IN NO EVENT SHALL GABI HAVE ANY LIABILITY TO CUSTOMER FOR ANY INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES, HOWEVER CAUSED, OR FOR ANY LOST PROFITS, LOSS OF USE, COST OF DATA RECONSTRUCTION, COST OR PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, WHETHER IN CONTRACT, TORT OR OTHERWISE, ARISING OUT OF, OR IN ANY WAY CONNECTED WITH THE SERVICE, INCLUDING BUT NOT LIMITED TO THE USE OR INABILITY TO USE THE SERVICE, ANY INTERRUPTION, INACCURACY, ERROR OR OMISSION, EVEN IF THE PARTY FROM WHICH DAMAGES ARE BEING SOUGHT OR SUCH PARTY'S LICENSORS OR SUBCONTRACTORS HAVE BEEN PREVIOUSLY ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGES. NOTWITHSTANDING THE FOREGOING, THE PARTIES AGREE THAT GABI’S OBLIGATION TO RESTORE CUSTOMER DATA IN ACCORDANCE WITH THE SLA IS NOT AN INDIRECT DAMAGE, WHETHER IN CONTRACT, TORT OR OTHERWISE. 9. Term & Termination. 9.1 Term of Agreement. The term of this Agreement commences on the Effective Date and continues for an initial period of five (5) years and at Customer’s election and payment of the applicable then-current subscription fee stated in the Order Form, for successive one-year annual renewal periods (the “Term”). 9.2 Termination. Customer may terminate use of Services upon written notice to Gabi within three (3) months following the commencement date of any renewal period. Gabi shall not issue any credit for the unused portion of Services. In addition, either party may terminate this Agreement, (i) upon thirty (30) days prior written notice to the other party of a material breach by the other party if such breach remains uncured at the expiration of such notice period; or (ii) immediately in the event the other party becomes the subject of a petition in bankruptcy or any other proceeding relating to insolvency, receivership, liquidation or assignment for the benefit of creditors. Customer’s failure to meet its payment obligations when due shall be considered a material breach, authorizing Gabi’s immediate termination of this Agreement. In the event the Agreement is terminated, all Order Forms are simultaneously terminated. Upon any termination by Customer pursuant to this section, Gabi shall refund Customer any prepaid fees for the affected Service that were to be provided after the effective date of termination. Finally, each Gabi Voice unit is associated with an MFP serial number. In the event the Customer no longer owns or controls the MFP with which Gabi Voice is installed, Gabi shall have no further obligation under this Subscription Services Agreement. 9.3 Effect of Termination. Upon any termination of this Agreement, Customer shall, as of the date of such termination, immediately cease accessing and otherwise utilizing the applicable Service and Gabi Confidential Information; and Gabi shall immediately cease accessing and otherwise utilizing Customer Confidential Information and Customer Data. Termination for any reason shall not relieve Customer of the obligation to pay any fees accrued or due and payable to Gabi prior to the effective date of termination. Upon termination for cause by Gabi, all future amounts due under all Order Forms shall be accelerated and become due and payable immediately. 9.4 Surviving Provisions. The following provisions of this Agreement shall not survive and will have no further force or effect following any termination or expiration of this Agreement: (i) subsection (i) of Section 1.1 “Provision of the Service”; (ii) Section 3.2 “License Grant”; and (iii) any Order Form(s). All other provisions of this Agreement shall survive any termination or expiration of this Agreement. 10. General Provisions. 524 of 1132 529 gab i. 300 John St., Suite 1B, Greer, SC 29651 888-414-GABI (4224) www.GabiSolutions.com 17 Global Artificial Business Intelligence 10.1 Relationship of the Parties. The parties are independent contractors. This Agreement does not create nor is it intended to create a partnership, franchise, joint venture, agency, fiduciary or employment relationship between the parties. There are no third-party beneficiaries to this Agreement. 10.2 Notices. All notices under this Agreement shall be in writing and shall be deemed to have been given upon: (i) personal delivery; (ii) the third business day after first class mailing; or (iii) the second business day after sending by facsimile with telephonic confirmation of receipt. Notices to Gabi shall be addressed to the attention of its General Counsel, Luis J. Diaz, at the address listed above for Gabi. Notices to Customer shall be addressed to Customer’s address on file in accordance with its registration. Each party may modify its recipient of notices by providing notice pursuant to this Agreement. 10.3 Waiver and Cumulative Remedies. No failure or delay by either party in exercising any right under this Agreement shall constitute a waiver of that right or any other right. Other than as expressly stated herein, the remedies provided herein are in addition to, and not exclusive of, any other remedies of a party at law or in equity. 10.4 Force Majeure. Neither party shall be liable for any failure or delay in performance under this Agreement (other than for delay in the payment of money due and payable hereunder) for causes beyond that party’s reasonable control and occurring without that party’s fault or negligence, including, but not limited to, acts of God, acts of government, flood, fire, civil unrest, acts of terror, strikes or other labor problems (other than those involving Gabi or Customer employees, respectively), computer attacks or malicious acts, such as attacks on or through the Internet, any Internet service provider, telecommunications or hosting facility. Dates by which performance obligations are scheduled to be met will be extended for a period of time equal to the time lost due to any delay so caused. 10.5 Assignment. Neither party may assign any of its rights or obligations hereunder, whether by operation of Law or otherwise, without the prior written consent of the other party (which consent shall not be unreasonably withheld). Notwithstanding the foregoing, either party may assign this Agreement in its entirety (including all Order Forms) without consent of the other party in connection with a merger, acquisition, reorganization, or sale of all or substantially all of its assets provided the assignee has agreed to be bound by all of the terms of this Agreement and all past due fees are paid in full, except that Customer shall have no right to assign this Agreement to a direct Competitor of Gabi. Any attempt by a party to assign its rights or obligations under this Agreement in breach of this section shall be void and of no effect. Subject to the foregoing, this Agreement shall bind and inure to the benefit of the parties, their respective successors and permitted assigns. 10.6 Governing Law; Waiver of Jury Trial. This Agreement shall be governed exclusively by the internal Laws of the State of New Jersey, without regard to its conflicts of laws rules. No version of the Uniform Computer Information Transactions Act or any substantially similar Law enacted in any jurisdiction (collectively “UCITA”) will apply to or govern any license granted or any party’s performance under this Agreement, or any of the parties’ rights and obligations arising pursuant to this Agreement. The applicable Law will be the Law as it existed prior to the enactment of UCITA. All claims must be brought in the state or federal courts located in Essex County, New Jersey, and each party agrees to these as the exclusive forums and waives any claim of inconvenient forum. EACH PARTY HEREBY WAIVES ANY RIGHT TO A JURY TRIAL IN CONNECTION WITH ANY LITIGATION IN ANY WAY ARISING OUT OF OR RELATING TO THIS AGREEMENT. Before commencing any litigation, except for one seeking injunctive relief, the party commencing litigation must exhaust alternative dispute resolution processes described in section 10.11. 10.7 Export. Each party shall comply with the export Laws and regulations of the United States and other applicable jurisdictions in providing and using the Service. Without limiting the generality of the foregoing, Customer shall not make the Service available to any person or entity that: (i) is located in a country that is subject 525 of 1132 530 gab i. 300 John St., Suite 1B, Greer, SC 29651 888-414-GABI (4224) www.GabiSolutions.com 18 Global Artificial Business Intelligence to a U.S. government embargo; (ii) is listed on any U.S. government list of prohibited or restricted parties; or (iii) is engaged in activities directly or indirectly related to the proliferation of weapons of mass destruction. 10.8 Insurance. Gabi will maintain during the entire Term of this Agreement, at its own expense, the types of insurance coverage specified below, on standard policy forms and with insurance companies with at least an A.M. Best Rating of A-VII authorized to do business in the jurisdictions where the Gabi Services are to be performed. (a) Workers’ Compensation insurance prescribed by applicable local Law and Employers Liability insurance with limits not less than $1,000,000 per accident/per employee. (b) Business Automobile Liability covering all vehicles that Gabi owns, hires or leases with a limit of no less than $1,000,000 (combined single limit for bodily injury and property damage) for each accident. (c) Commercial General Liability insurance including Contractual Liability Coverage, with coverage for products liability, completed operations, property damage and bodily injury, including death, with an aggregate limit of no less than $2,000,000. 10.9 Miscellaneous. This Agreement, including Exhibit A, Exhibit B, Exhibit C, and all Order Forms, constitutes the entire agreement between the parties with respect to the subject matter hereof. In the event of a conflict, the provisions of an Order Form shall take precedence over provisions of the body of this Agreement and over any other Exhibit or Attachment. This Agreement supersedes all prior and contemporaneous agreements, proposals or representations, written or oral, concerning its subject matter. No modification, amendment, or waiver of any provision of this Agreement shall be effective unless in writing and signed by the party against whom the modification, amendment or waiver is to be asserted. The enumeration and section headings are used in this Agreement for reference and convenience only and do not have any substantive significance in the construction or interpretation of this Agreement. As used in this Agreement, the word “including” (as well as “include” and “includes”) is not limiting and means “including without limitation.” This Agreement has been negotiated and no provision shall be construed against either party for the sole reason that it is the drafter of the provision. If any provision of this Agreement is held by a court of competent jurisdiction to be contrary to Law, the provision shall be modified by the court and interpreted so as best to accomplish the objectives of the original provision to the fullest extent permitted by Law, and the remaining provisions of this Agreement shall remain in effect. Notwithstanding any language to the contrary therein, no terms or conditions stated in a Customer purchase order or in any other Customer order documentation shall be incorporated into or form any part of this Agreement, and all such terms or conditions shall be null and void. Gabi may use Customer's name and logo in lists of customers, on marketing materials and on its website with Customer’s prior written consent. This Agreement may be executed in counterparts, which taken together shall form one binding legal instrument. The parties hereby consent to the use of electronic signatures in connection with the execution of this Agreement, and further agree that electronic signatures to this Agreement shall be legally binding with the same force and effect as manually executed signatures. 10.10 Publicity. Gabi shall not use Customer's name, logos or trademarks in any written press releases, advertisements and/or marketing materials, or use Customer's name in lists of customers and on its website, including, but not limited to, Gabi’s community portal, without the prior written consent of Customer 10.11 Alternative Dispute Resolution. All disputes between the parties arising out of this Agreement or any corresponding Order Form will first be submitted for informal resolution between authorized representatives of Gabi and Customer. Should the parties be unable to obtain a resolution within thirty (30) days after commencement of informal resolution negotiation, or such other time period agreed to in writing by the parties, either Party (the “Complaining Party”) shall submit the dispute to non-binding mediation under the auspices of the American Arbitration Association (“AAA”) or another mediation organization agreed upon by the parties for 526 of 1132 531 gab i. 300 John St., Suite 1B, Greer, SC 29651 888-414-GABI (4224) www.GabiSolutions.com 19 Global Artificial Business Intelligence resolution under its rules then in effect, Each Party shall be responsible for its own expenses related to mediation, including attorneys’ fees. If the dispute is not resolved within sixty (60) days after its submission to mediation, the Complaining Party may commence litigation in accordance with section 10.6. All statutes of limitations and periods of repose shall be tolled during the informal resolution period and the mediation proceedings. Pending final resolution of any dispute, the Parties shall continue to fulfill their respective obligations hereunder except that either party may exercise termination rights if permitted by this Agreement. This Section shall survive completion or termination of this Agreement, but under no circumstances shall either party be allowed to initiate Alternative Dispute Resolution or court action of any claim or dispute arising out of this Agreement after such period of time as would normally bar the initiation of legal proceedings to litigate such claim or dispute under the Laws of the State of New Jersey. Notwithstanding anything in this Section 10.11, either party may seek injunctive relief at any time. 11. Definitions. “Affiliate” means any entity which directly or indirectly controls, is controlled by, or is under common control by either party. For purposes of the preceding sentence, "control" means direct or indirect ownership or control of more than fifty percent (50%) of the voting interests of the subject entity. “Agreement” means this Gabi Voice Subscription Services Agreement, including its Exhibits, and any fully executed Order Form. “Competitor” means any entity that may be reasonably construed as offering competitive functionality or services to those offered by Gabi. If the parties cannot agree on whether an entity is a Competitor, then the opinion of three (3) financial analysts with adequate knowledge of the human resources and/or financials software and services industry (chosen by mutual agreement of the parties) commissioned at Gabi’s sole expense, shall determine such. "Confidential Information" means (a) any software utilized by Gabi in the provision of the Service and its respective source code; (b) Customer Data; (c) each party’s business or technical information, including but not limited to the Documentation, training materials, any information relating to software plans, designs, costs, prices and names, finances, marketing plans, business opportunities or initiatives, organizational restructuring, insurance or health care offerings, personnel, research, development or know-how that is designated by the disclosing party as "confidential" or "proprietary" or the receiving party knows or should reasonably know is confidential or proprietary; and (d) the terms, conditions and pricing of this Agreement (but not its existence or parties). "Customer Data" means the electronic data or information submitted by Customer or Enabled Users to the Service including any structured or unstructured information (including, without limitation, text, images, data files, and software) provided by Customer for capture, storage, analysis, processing, extraction, retrieval, management, and/or distribution, including any information that can be generated or derived from such information provided by Customer. Customer Data may include PII. “Customer Input” means suggestions, enhancement requests, recommendations or other feedback provided by Customer and Enabled Users relating to the operation or functionality of the Service. “Documentation" means Gabi’s electronic and hardcopy user guide for the Service, which may be updated by Gabi from time to time, including the Gabi Voice Technology Overview Document version 03-30-18.1 located at http://www.gabisolutions.com/assets/uploads/Gabi-Voice-Technology-Overview.pdf . Gabi may modify the Gabi Voice Technology Overview Document from time to time provided that Gabi shall not materially reduce the features and functionality of, and level of support for, the Product. 527 of 1132 532 gab i. 300 John St., Suite 1B, Greer, SC 29651 888-414-GABI (4224) www.GabiSolutions.com 20 Global Artificial Business Intelligence "Employee" means employees, consultants, contingent workers, independent contractors, Customer authorized visitors, and retirees of Customer and its Affiliates whose active business record(s) are or may be managed by the Service and for which a subscription to the Service has been purchased. “Enabled User” shall mean each Employee end-user of Customer that is authorized by Customer to access and use a Product identified at Exhibit A following installation by the Customer with an MFP. “Hardware” shall mean the Gabi SMARTBOX, and the speaker/microphone that accompanies that Service. “Improvements” means all improvements, updates, enhancements, error corrections, bug fixes, release notes, upgrades and changes to the Service and Documentation, as developed by Gabi and made generally available for Production use without a separate charge to Customers. “Intellectual Property Rights” means any and all common law, statutory and other industrial property rights and intellectual property rights, including copyrights, trademarks, trade secrets, patents and other proprietary rights issued, honored or enforceable under any applicable Laws anywhere in the world, and all moral rights related thereto. “Law” means any local, state, national and/or foreign law, treaties, and/or regulations applicable to a respective party. “Malicious Code” means viruses, worms, time bombs, Trojan horses and other malicious code, files, scripts, agents or programs. "Order Form" means the separate ordering documents under which Customer modifies or enhances the Gabi Service pursuant to this Agreement that have been fully executed by the parties. "Open Source Software" shall have the meaning set forth in Section 3.4 of this Agreement. “PII” or “Personally Identifiable Information” means. any information provided by Customer to Gabi or Gabi Voice relating to an identified or identifiable individual, including, but not limited to, social security number or other unique identifier, health or medical information, credit or debit card numbers, bank account numbers or other financial information, driver’s license numbers, and other types of sensitive personal information. "Product" means the Service and related Hardware that allows persons with disabilities to better access a multifunction printer, the Gabi SmartBox that controls the printer/copier and communicates with our cognitive intelligence engine. "Security Incident" shall have the meaning set forth in Section 5.3 of this Agreement. “Software as a Service” or “SaaS” or “Service” mean software-based AI and voice-enabled services (collecting, processing, manipulating, transmitting and storing data) provided to Customers by means of a software application or applications hosted remotely by or on behalf of Gabi and further described in the Gabi Subscription Services Agreement to be executed by Customers. “SLA” means the Gabi Support and Service Level Availability Policy at Exhibit A, which may be updated by Gabi from time to time. “Subcontractor” means an entity engaged by Gabi to fulfill part or all of its obligations specific to this Agreement and not suppliers or vendors Gabi may engage in general to provide the Service for its general customer population in a manner that is not specific to this Agreement. “Term” has the meaning set forth in Section 9.1. 528 of 1132 533 gab i. In a commitment to be the vendor of choice for consumers seeking product accessibility, Xerox and Gabi Solutions have formed a strategic partnership in support of a 508c solution for your Xerox  Multifunction Printer (MFP). Powered by IBM Watson, Gabi Voice allows workers with physical, mental, and learning disabilities within today’s workforce to interact with their Xerox MFP. By using the wake-up word Hey Gabi, you can now tell your Xerox device to make a copy, send an email, fax, and even access secure print functionalities on the device. Want to learn more? Your Xerox Voice Recognition Solution 529 of 1132 534 gab ~ t I 0 --· • voice ©2018 Gabi Inc. All rights reserved. Vision-e® and Gabi® are trademarks of InField Salespro, LLC in the United States and/or other countries. Getting Started with Gabi Voice – What’s Included? When unboxing your Gabi Voice package, you’ll receive the following components: 1-to-1 Gabi Smartbox: An Ethernet/USB equipped micro-controller device designed to communicate directly with the MFP. Speaker: An on-site microphone/speaker that aids the user in communicating vocally with Gabi. This device connects directly to the Gabi Smartbox via USB. Power: 5.1v micro USB power adapter UL approved to power up your Gabi Smartbox at all times. To learn more about Gabi Voice, visit www.gabisolutions.com/gabi-voice Gabi Voice complies with Federal 508c compliance terms enabling the visually impaired and those with learning disabilities to use the MFP’s features via natural language. Disabled workers can now vocalize voice commands through Gabi and watch their MFP execute them flawlessly whether it be making a copy, checking your toner levels, and send an E-Mail. Why Gabi Voice? From Social Security Numbers to Credit Card information, the data you run through your Xerox  Multifunction Printer can be extremely sensitive. Your jobs issued through Gabi Voice are interpreted securely and accurately at all times. Your data is not stored or transmitted to a third party by neither Gabi Solutions nor IBM Watson. 530 of 1132 535 I':::\. 300 John Street \!!J Greer, SC 29651 CD Call (888) 414-GABI (4224) ® Support@GabiSolut ions .com Xerox HR Outsourcing Brochure Xerox® Adaptable Accessibility Solution Product Brochure Xerox ® Adaptable Accessibility Solution Empowering the blind, visually impaired and people of all abilities. To keep your business strong, your employees need to feel empowered to perform their best. The Xerox® Adaptable Accessibility Solution makes that happen. It operates on a standard tablet to leverage users’ existing working knowledge of technology tools. Plus, audio talk-back provides work independence for key features like Copy, Scan to Email and Faxing—helping minimize the barriers technology can have for people with disabilities. 531 of 1132 536 Technology created for users of all abilities. To learn more about the Xerox® Adaptable Accessibility Solution, call your local Xerox sales representative. Of the 15 million visually impaired residents of the United States, nearly 38 percent* are employed. Do you have the resources and tools in place to help them succeed? *Online Resource for U.S. Disability Statistics. Cornell University. 2013. ©2015 Xerox Corporation. All rights reserved. Xerox®, Xerox and Design®, ConnectKey® and WorkCentre® are trademarks of Xerox Corporation in the United States and/or other countries. BR13804 Ensures Legislation Compliance and Security This solution is compliant with the U.S. legislation of the federal Workforce Investment Act of 1998 and amended Section 508 of the Rehabilitation Act. It’s integrated with secure solutions like Xerox® Common Access Card authentication for advanced levels of security for sensitive government information. Plus, with Xerox® Secure Print, a unique Pin ID is required for print submission—further enhancing security. Enhances Workplace Independence The touch screen of the standard tablet features oversized, easy-to-view application icons for the multifunction features. Combine that with the adjustable mounting bracket that allows them to modify the tablet to their own proper viewing angle—a great flexibility for the visually impaired as well as for those who use wheelchairs. Plus, the USB keyboard provides an easier alternative for data entry for users who prefer this method to navigate through menus and populate fields. Strengthens Employee Confidence There are two user modes. User mode one enables audible and talk-back features. That way, blind and visually impaired employees can copy, scan to email and scan with ease. Stress-free accurate task selections can be heard as they are touched on the screen. User mode two displays all features of the multifunction printer user interface. This viewing mode accommodates others using all the solutions and capabilities of the device. These key multifunction printer features are available with talk-back audio: • Copy • Scan to Email • Fax • Secure Print Release Industry-standard tablet Tutorial available in audio format Large application icons and touch screen Robust workflows • Scan to Email is simple with a local address book on the tablet and USB keyboard. • Users can scan documents to be turned into searchable PDFs which can be emailed and used with existing technologies providing audible playback. Scan this QR code to see how this solution empowers employees at the Association for the Blind and Visually Impaired. 532 of 1132 537 E= ~, ® xerox •~ Touchless Workplace Technologies 533 of 1132 538 Xerox Scan Compression Technology Smaller scan fi les mean greater offi ce productivity The power of scanning gives your offi ce more workfl ow options, making it easy to turn hard copy documents into electronic fi les for fast distributing, organizing and archiving. But many popular multifunction devices lack the ability to adequately compress a scanned image, resulting in greater strain on network bandwidth or fi les with degraded image quality. Xerox MFPs, however, feature advanced scan-fi le compression technology that greatly reduces a scanned image’s fi le size — without affecting image quality. Xerox WorkCentre products* produce scan fi les that are up to 9 times smaller than those produced by the competition as tested by Industry Analysts, Inc. The fi le-size advantage delivered by Xerox means you can create and distribute high-resolution scanned images that contain both text and graphical elements without consuming excessive network bandwidth. Our products employ the latest image-compression technologies, including the Mixed Raster Content (MRC) method, which splits scanned-fi le data into separate text and graphic elements. JPEG compression technology is used to compress graphical elements, while JBIG2 is used to compress text elements. In settings that swing from pine-oak-forest ecologic regions to turquoise seas rich in ocean life, follow the Compass Tours star on a hiking trek through the Baja, California, desert, followed by a snorkeling and kayaking expedition to the neighboring Sea of Cortez. We promise gorgeous, challenging topography, excellent local fare to satisfy your ravenous appetites, and memorable adventures. Our multiactivity Baja, California, odyssey begins in the pine-oak forests of the Sierra Juarez and San Pedro Martir mountain ranges of northern Baja. We’ll hike into these small ecoregions, which sit like temperate islands of coniferous forest in an enormous desert of arid terrain, for two full days of exploration. Many picnics, beach bonfires, and fish cookouts with plenty of Dos Equis beer will give you the chance to get to know your tour mates and exchange “fish tales” about your best fauna sightings in the Sea of Cortez! We’ll spend two evenings next to roaring fires, listening to the babble of small mountain brooks and naming constellations while the campfire coffee percolates. After we disembark from the mountaintops, we’ll reverse gears and drive toward the seaThis narrow sea is home to a unique and rich ecosystem: In addition to its wide range of native species, it also hosts a wide range of migratory animals, including humpback and gray whales, leatherback sea turtles, and manta rays (brave swimmers can abandon their paddling duties and try to hitch a ride on these gentle giants!). Baha desert and sea trek outfitting you for fun since 1971! Compass Tours 357 Marble Ct., San Francisco, CA 415-337-4545 www.compass_tours.net In settings that swing from pine-oak-forest ecologic regions to turquoise seas rich in ocean life, follow the Compass Tours star on a hiking trek through the Baja, California, desert, followed by a snorkeling and kayaking expedition to the neighboring Sea of Cortez. We promise gorgeous, challenging topography, excellent local fare to satisfy your ravenous appetites, and memorable adventures. Our multiactivity Baja, California, odyssey begins in the pine-oak forests of the Sierra Juarez and San Pedro Martir mountain ranges of northern Baja. We’ll hike into these small ecoregions, which sit like temperate islands of coniferous forest in an enormous desert of arid terrain, for two full days of exploration. Many picnics, beach bonfires, and fish cookouts with plenty of Dos Equis beer will give you the chance to get to know your tour mates and exchange “fish tales” about your best fauna sightings in the Sea of Cortez! We’ll spend two evenings next to roaring fires, listening to the babble of small mountain brooks and naming constellations while the campfire coffee percolates. After we disembark from the mountaintops, we’ll reverse gears and drive toward the seaThis narrow sea is home to a unique and rich ecosystem: In addition to its wide range of native species, it also hosts a wide range of migratory animals, including humpback and gray whales, leatherback sea turtles, and manta rays (brave swimmers can abandon their paddling duties and try to hitch a ride on these gentle giants!). Baha desert and sea trek outfitting you for fun since 1971! Compass Tours 357 Marble Ct., San Francisco, CA 415-337-4545 www.compass_tours.net Baha desert and sea trek The Xerox MRC image compression method splits a single scan into separate text and graphics components for optimized compression of each element. Copyright © 2008 Xerox Corporation. All rights reserved. Contents of this publication may not be reproduced in any form without permission of Xerox Corporation. XEROX® and the sphere of connectivity design are trademarks of Xerox Corporation in the U.S. and/or other countries. 5/08 610P729740 SCNBR-02UA JPEG compression JBIG2 compression * Xerox MFPs tested by Industry Analysts, Inc., include the WorkCentre 7242, WorkCentre 7345, WorkCentre 7675, WorkCentre 5632 and WorkCentre 5675. “As a group, the Xerox color MFPs produced signifi cantly smaller fi le sizes when scanned to fi le than any of the MFPs from the other vendors tested. Xerox black-and-white MFPs, as a group, produced the smallest fi le sizes of all of the MFPs tested.” 534 of 1132 539 Jobs for Color and Mono Average Scanned File Size o~:~ller File Size Is Better Ps from All Vundon;: xerox On devices with scanning functionality, will the installer or repair person ensure that a one-page instructional flyer is posted at the device that explains why OCR is critical to make PDFs accessible to people with disabilities and instructs the user how to easily turn the OCR capability on/off? Please explain Yes, we can print and mount a sign at the devices were requested to include the below information. For Searchable PDF in Scan To: 1. Login to the Embedded Web Server. 2. Select Apps. 3. Select Scan To. 4. Scroll Down to Searchable Text and set to On. The Searchable Text selection will apply Optical Character Recognition (OCR) to file formats that support OCR such as PDF. When enabled the output file will include text based information derived from the scanned image of text characters. Scroll Down to Searchable Text Compression and set to On. Searchable Text Compression is only applicable when Searchable Text is enabled. When Searchable Text and Searchable Text Compression are both turned on along with a compatible file format (PDF, XPS) then the text based information included in the output file will be compressed creating a smaller sized output file. 5. Logout of Embedded Web Server. How To Enable Optical Character Recognition When Scanning Documents Product support for: AltaLink B80XX, AltaLink C80XX, AltaLink B80XX Family, AltaLink C80XX Family Note: Internet Explorer for Windows and Safari for Macintosh are the recommended Internet browsers when accessing the Configuration Site. 1. Open a web browser and enter the IP address of the printer in the address field, then press Enter. Note: You can find the IP address of the machine by pressing the Deviceapp and then the Aboutapp on the printers' user interface. 2. Log-in as an Administrator by pressing the Log-In button. 3. Click on the Properties tab. 4. On the left side of the page click on Apps. 5. Click on Email > Setup. 6. On the right side of the page, under Email Setup, click on Defaults. 7. Under Email Options, click on Edit. This will bring up a set of formats for your files. 8. Under File Options, select the Searchable option to enable it. Note: With this option enabled, scanned documents can now be edited. 9. Click Save. 10. Test by sending a scanned document to yourself. Note: Enabling this option will make the sizes of your scanned files bigger and this could prevent the ability to scan successfully. 535 of 1132 540 An innovative voice solution supporting workers of all abilities.Language is an effective means of communication.“Gabi, make 10 color copies, double-sided, and stapled.”Gabi Voice allows workers of all abilities to access their multifunction printer’s copying, scanning, faxing, and secure printing functions using their voice. The device is controlled using natural language and simple commands including a request for service. Ensure legislative requirements: Gabi Voice is 508c compliant for use by employees with disabilities. Enable workplace independence: No commands to memorize. Basic commands are spoken in any order for the desired outcome. Increase productivity: Voice commands save time. No need for manuals, icons, or menus. Stay secure: Powered by IBM Watson, Gabi voice commands are interpreted securely and accurately. No personal information is exchanged or stored with this solution. Gabi Voice is convenient: Place a service call while at the device. Gabi gathers the pertinent service information along with your serial number and emails your service provider. Currently utilizing English-only commands, Gabi can help with conveying toner and paper levels before performing large jobs. Why Gabi Voice? These key multifunction printer features are supported with Gabi Voice: - Copy - Scan to Email - Fax - Secure Print - Device - to submit a service request Current Xerox® Devices Supported: - Xerox® AltaLink© C8030/C8035/C8045/C8055/C8070 - Xerox® AltaLink© B8045/B8055/B8065/B8075/B8090 Engage our voice recognition solution by using the wake-up word, “gabi.” Gabi Voice is not just a name, but a Global Artificial Business Intelligence platform for the printing industry complying with 508c standards. Powered by the cognitive brain of IBM Watson, Gabi enables hands-free access to your multifunction printer. Components 1-to-1 Gabi Smartbox: Ethernet/USB/Bluetoothequipped micro-controller device designedto communicate directly with the MFP. Speaker: An on-premises dedicated and integrated microphone/speaker that aids the user in communication via voice. Connected directly to the Gabi Smartbox via USB. Power: 5.1V micro USB power adapter UL approved. 12 Gloria Lane, Suite 5, Fairfield, NJ 07004 Text: (864) 416-1355Call: (888) 414-GABI (4224)support@gabisolutions.com To learn more about Gabi Voice and Gabi Solutions, visit www.gabisolutions.com ©2018 Vision-e. All rights reserved. Vision-e® and Gabi® are trademarks of InFieldSalesPro in the United States and/or other countries. 536 of 1132 541 • voice An innovative voice solution supporting workers of all abilities.Language is an effective means of communication.“Gabi, make 10 color copies, double-sided, and stapled.”Gabi Voice allows workers of all abilities to access their multifunction printer’s copying, scanning, faxing, and secure printing functions using their voice. The device is controlled using natural language and simple commands including a request for service. Ensure legislative requirements: Gabi Voice is 508c compliant for use by employees with disabilities. Enable workplace independence: No commands to memorize. Basic commands are spoken in any order for the desired outcome. Increase productivity: Voice commands save time. No need for manuals, icons, or menus. Stay secure: Powered by IBM Watson, Gabi voice commands are interpreted securely and accurately. No personal information is exchanged or stored with this solution. Gabi Voice is convenient: Place a service call while at the device. Gabi gathers the pertinent service information along with your serial number and emails your service provider. Currently utilizing English-only commands, Gabi can help with conveying toner and paper levels before performing large jobs. Why Gabi Voice? These key multifunction printer features are supported with Gabi Voice: - Copy - Scan to Email - Fax - Secure Print - Device - to submit a service request Current Xerox® Devices Supported: - Xerox® AltaLink© C8030/C8035/C8045/C8055/C8070 - Xerox® AltaLink© B8045/B8055/B8065/B8075/B8090 Engage our voice recognition solution by using the wake-up word, “gabi.” Gabi Voice is not just a name, but a Global Artificial Business Intelligence platform for the printing industry complying with 508c standards. Powered by the cognitive brain of IBM Watson, Gabi enables hands-free access to your multifunction printer. Components 1-to-1 Gabi Smartbox: Ethernet/USB/Bluetoothequipped micro-controller device designedto communicate directly with the MFP. Speaker: An on-premises dedicated and integrated microphone/speaker that aids the user in communication via voice. Connected directly to the Gabi Smartbox via USB. Power: 5.1V micro USB power adapter UL approved. 12 Gloria Lane, Suite 5, Fairfield, NJ 07004 Text: (864) 416-1355Call: (888) 414-GABI (4224)support@gabisolutions.com To learn more about Gabi Voice and Gabi Solutions, visit www.gabisolutions.com ©2018 Vision-e. All rights reserved. Vision-e® and Gabi® are trademarks of InFieldSalesPro in the United States and/or other countries. 537 of 1132 542 Q) 300 John St., Suite 1B, Greer, SC 29651 888-414-GABI (4224) www.GabiSolutions.com 1 Global Artificial Business Intelligence Gabi Voice Customer Expectations Document For Xerox® AltaLink family Document version: 27April 2020 538 of 1132 543 gab i. 300 John St., Suite 1B, Greer, SC 29651 888-414-GABI (4224) www.GabiSolutions.com 2 Global Artificial Business Intelligence Gabi Gov Customer Expectation Document Table of Contents ABOUT THIS DOCUMENT 3 PRODUCT DESCRIPTION 3 CAPABILITIES OF GABI VOICE 3 PRODUCT HARDWARE 3 PRE-REQUISITES 4 TERMINOLOGY 4 INSTALLATION 4 USER INTERACTION 4 PROCESS FLOW 4 AVAILABLE INTENTS 5 COPY 5 SCAN TO EMAIL 5 SERVER FAX 6 SECURE PRINT 7 MACHINE STATUS 7 SUPPLY LEVELS 7 INQUIRIES 8 TECHNOLOGY PARTNERS 8 INSTALLATION SUPPORT 8 MAINTENANCE SUPPORT 8 ERROR HANDLING 8 SUPPORT 9 APPENDIX A 10 539 of 1132 544 gab i. 300 John St., Suite 1B, Greer, SC 29651 888-414-GABI (4224) www.GabiSolutions.com 3 Global Artificial Business Intelligence ABOUT THIS DOCUMENT The purpose of this document is to set customer expectations of the Gabi Voice workflows and any associated caveats related to the Xerox AltaLink family. In addition, this document includes reference to the Service Subscription Agreement required to understand Gabi Voice Solution (APPENDIX A). Please read this document in its entirety. It contains important information that will help ensure a smooth operating experience with Gabi Voice. Please note: Completing the Configuration Worksheet is the single most important step for ensuring successful enablement of the Gabi Voice solution. The Configuration Worksheet available on TXC is required before placing orders for Gabi Voice Solution with your Xerox authorized sales rep. The configuration information needs to be sent to support@gabisolutions.com as soon as your purchase of the Gabi Voice system is processed with Xerox via TXC. PRODUCT DESCRIPTION English only Gabi Voice provides a touchless voice user interface for interfacing with a Xerox AltaLink Multifunction printer (MFP). The voice user interface is structured via natural language input and adapts to variances based on user speech patterns. As the input is detected from the conversation, a corresponding set of machine executable commands are derived from a database whitelist of known functions. Gabi Voice will only perform actions that have been pre- programmed, which will be covered later in this document. The Gabi Voice solution is designed to be an on-premises device that securely interfaces with IBM Watson ® once the wake-word has been invoked and language commands have been supplied.. CAPABILITIES OF GABI VOICE The following multifunction printer functions are enabled with Gabi Voice. • Copy • Email • Server Fax • Secure Print Release1 • Machine Status • Inquiries2 1 Secure Print Release requires external keyboard for pin entering 2 Please check with your Sales Represtative to determine if Service Ticket Assistance is supported. GabiVoice is not supported with any Xerox Service Contract, all support is provided via GabiSolutions. Gabi Voice is not supported on Xerox FSMA Service contracts. Gabi Voice does not support any 3rd Party Authenication Solutions, XWS, XDM, XDA. PRODUCT HARDWARE Contents provided with Gabi Voice include: • Smartbox appliance • Power supply • Talk to Me Speaker/Microphone 540 of 1132 545 gab i. 300 John St., Suite 1B, Greer, SC 29651 888-414-GABI (4224) www.GabiSolutions.com 4 Global Artificial Business Intelligence Note: An ethernet cable is not included. Gabi Voice supports IPV4 and IPV6 environments. PRE-REQUISITES 1. Gabi Voice Solution requires a separate physical dedicated Ethernet port and power outlet from the MFP. 2. Customer required to supply an Ethernet Cable that will enable connection between the Smartbox and Network drop.. 3. The Xerox AltaLink device firmware must be at level 100.XXX.028.05200 or higher. This firmware can be found on the AltaLink configuration sheet or on the Local User Interface device icon. 4. Scan to fax feature requires Gabi Voice to be in a Server Fax enabled environment. 5. Secure Print Release may require the optional USB keyboard. Contact Xerox Customized Application Solutions or your Xerox Sales Represtative for more information. TERMINOLOGY Intent: Expected goal to be achieved. Entity: An item, term, or object that provides context to the intent. Wake-word: A word said aloud to start the microphone recording service. Throughout the document when mentioning the wake-word, it is assumed the user is saying “gabi.” VUI: Voice User Interface. INSTALLATION Setup for Gabi Solutions requires AltaLink Administration Log-in access. A customer Administrator should reference the Gabi Voice Technology Overview and Installation Guide prior to connecting Gabi to the MFP. USER INTERACTION To initiate Gabi Voice the user can invoke the wake-word “Hey Gabi” along with the intended command. The Wake word systematically triggers release of the microphone from a non-recording state and places into an active recording stream. The recording stream remains active until it detects a natural pause in the conversation. After the command is detected, Gabi invokes a sub process to determine if the minimum parameters have been supplied. If additional options are required, a conversation dialog will be initiated to gather more input from the user. At any time, a user can simply say “Cancel” to break out of the dialog and return to the default home/idle state. Any errors encountered on the device during user interaction will be reported back verbally if the requested intent could not be completed successfully. PROCESS FLOW Along with the Gabi conversation the Speaker/Microphone is equiped with LED lights to provide a visual feedback. • Device thinking state, led bars will flash • Microphone is activated and listening, led bars are solid green • Error occurrence (Gabi Voice or Device), led bars are solid red 541 of 1132 546 gab i. 300 John St., Suite 1B, Greer, SC 29651 888-414-GABI (4224) www.GabiSolutions.com 5 Global Artificial Business Intelligence AVAILABLE INTENTS COPY Entities: Quantity (1-50), Sides (Double-sided or Single-sided), Color (Full Color, Black and White or Auto Detect Color) Caveats: Leveraging copy functionality by an external application such as Gabi Voice is only made possible in Xerox proprietary EIP 4.0. Settings for EIP 4.0 are described in the install guide. Copy function does not support the following: • Booklet making, C/Z-folding and hole punching are not supported • Layout adjustments and Job Assembly functions are not supported Example Flow: User - “Hey Gabi [pause for beep] Make a Copy.” Gabi - “Your Job will now begin.” To access your MFP’s additional options for making a copy, you’ll need to add these values at the end of your command as shown in the below example interaction. User - “Hey Gabi [pause for beep] Make a Single Sided Copy.” Gabi - “Your Job will now begin.” SCAN TO EMAIL The email is sent to the recipient directly from the device using the SMTP settings as defined locally. Entities: Gabi will decipher from the user input first name, last name, email address. If a name is supplied with multiple entries in the device address book, the user will be prompted to confirm the correct entry. For example: Gabi will say: Say 1 for Mark Jacobs … Say 2 for Marc Simpson Caveats: • If the device address book is unavailable due to permission restrictions, then it will not be queryable for user selection. • If MFP has an active session logged-in at the local user interface then an error “The device is busy” will be reported by Gabi Voice. This is a known limitation of EIP and will be addressed with a future patch provided by Xerox ® . • The Email application does not support the following: o Not all scan file formats – PDF is the default o Build Job is not supported o Layout adjustments and job assembly functions are not supported Note: Changes to the address book - additions and deletions - will require an export of the address book. Consult the Gabi Voice Installation Guide for more Example Flow: User - “Hey Gabi [pause for beep] Scan to Email.” Gabi - “Now checking for logged in users to email. I could not find a logged in user’s email. Who would you like to email?” User - “Bruno Silva” Gabi - “Now searching the address book. Do you want to email Bruno Silva?” User - “Yes” 542 of 1132 547 gab i. 300 John St., Suite 1B, Greer, SC 29651 888-414-GABI (4224) www.GabiSolutions.com 6 Global Artificial Business Intelligence Gabi - “Okay, would you like to set any additional options?” User - “Yes” Gabi - “Which option would you like to set? Say ‘ I need help’ for a list of options or help me with setting and [ Option Name] ” User - “I need help.” Gabi - “Options are sides, color, resolution, original type, paper size, orientation, lighten, darken, searchable text, background suppression, subject line and file attachment name. To set, say Set [ Option Name] to [ Value] .” SERVER FAX Server fax is only supported at this time. Using the Gabi VUI, a user can construct a scan job ticket with the purpose of setting the destination to be a fax recipient. If the user is currently logged-in at the time, then the session will be associated with the process. The fax is sent to the recipient directly from the device using the fax communication settings as defined locally. Example Invocations: • Hey Gabi [pause for beep ] Send a Fax • Hey Gabi [pause for beep ] Send a Fax to Jane Doe • Hey Gabi [pause for beep ] Send a Fax using my keyboard Entities: • Contact Name • Fax Number • Sides (Double-sided, or Single-Sided) • Color (Black and White, Full Color or Auto Detect Color) • Paper Size (Letter, Legal or Mixed) • Original Type (Printed Original, Inkjet Original, Solid Ink Original or Photocopied • Original) • Resolution (50%, 75%, 100%, 125%, 150% or 200%) • Darken (50% or 100%) • Lighten (50% or 100%) Gabi will decipher from the user input first name, last name, fax number. If a name is supplied and multiple entries exist in the device address book, then the user will be prompted to confirm the correct entry. For example: Gabi will say: Say 1 for Mark Jacobs ... Say 2 for Marc Simpson Reference Gabi Voice User Guide for more detail. Caveats: • If the device address book is unavailable due to permission restrictions, then it will not be queryable for user selection. • If MFP has an active session logged-in at the local user interface then an error “The device is busy” will be reported by Gabi Voice. This is a known limitation of EIP and will be addressed with a future patch provided by Xerox ® . 543 of 1132 548 gab i. 300 John St., Suite 1B, Greer, SC 29651 888-414-GABI (4224) www.GabiSolutions.com 7 Global Artificial Business Intelligence • It is the responsibility of the user engaged in the Voice User Interface to supply a valid fax number in accordance with the dialing restrictions of the environment. Gabi Voice will not attempt to parse or format the number any differently than how it was provided by the user. • The Fax application does not support the following: o Cover sheet o Contrast adjustment o Layout adjustment o Starting rate, delay send, email confirmation, fax cover sheet, job assembly, etc. o Fax mask data is not supported. No special character support. Note: Changes to the MFP’s address book - additions and deletions - will require an export of the address book. Consult the Gabi Voice Installation Guide for more details. SECURE PRINT Allows a user to release secure print jobs from the queue. When invoked, the user will be asked to enter their pin via an external USB keypad (not supplied). Any jobs matching the logged-in user id will be automatically released. Due to confidentiality of the file names, no job names will be read out loud.Entities: Entities: • Secure Print Type (Release or Delete) • PIN Number Caveats: • The MFP must be at a minimum firmware level of 100.XXX.028.05200 . Otherwise jobs cannot be released. • The PIN code can only be read from an external keyboard. The on-board soft-keyboard cannot communicate with Gabi Voice. While we support most external USB keyboards, it is recommended to use the Xerox ® T00015 accessibility keyboard. MACHINE STATUS Allows a user to retrieve machine status as it would be displayed on the walk-up screen, i.e. “Tray 4 is empty, Machine is in sleep mode, etc…” Entities: None Caveats: None Example Invocation: • Hey Gabi [pause for beep ] What is the status of my device? • Hey Gabi [pause for beep] What is the status of my machine? SUPPLY LEVELS Allows user to query the MFP to determine paper and toner levels Example Invocations: • Hey Gabi [pause for beep ] What are my paper levels? • Hey Gabi [pause for beep ] What are my toner levels? Entities: None 544 of 1132 549 gab i. 300 John St., Suite 1B, Greer, SC 29651 888-414-GABI (4224) www.GabiSolutions.com 8 Global Artificial Business Intelligence Caveats: SNMP must be enabled as a service on the MFP for this to operate correctly. In addition, the public community string must be configured if different from default. INQUIRIES Not supported on Xerox Service contracts, check with your Sales Representative. Allows a user to submit a service request to a predetermined endpoint. In the event of a service request, any available diagnostics are collected along with the message body. All Service Support is provided by Gabi Solutions. Contact Gabi Solutions to set up the service request option support@gabisolutions.com TECHNOLOGY PARTNERS Gabi is made possible in part due to the partnership with IBM Watson AI cognitive platform to leverage advanced natural language processing. Gabi also leverages AWS GovCloud for powering its underlying API. AWS GovCloud (US) is an isolated AWS region designed to allow U.S. government agencies and customers to move sensitive workloads into the cloud by addressing their specific regulatory and compliance requirements. The AWS GovCloud (US) Region adheres to U.S. International Traffic in Arms Regulations (ITAR) requirements. INSTALLATION SUPPORT The Gabi Voice system is customer installable. Installation support for Gabi only is provided by the Gabi Voice hotline support@gabisolutions.com. Please contact the Xerox Authorized Service representative for issues related to AltaLink. MAINTENANCE SUPPORT The customer should contact the Gabi Solutions support@gabisolutions.com for any problems, issues or questions with the Gabi Voice Solution. Enhancements, patches, and security updates may periodically be required. Please leave Gabi on-line to received updates. AltaLink issues should be directed to a Xerox Authorized Service provider. For help in determining if issues are AltaLink or Gabi Solutions please reference Xerox Support https://www.support.xerox.com/ and use key word “Gabi” for instructions. ERROR HANDLING The Gabi Smartbox is designed to propagate errors encountered during interaction back to the user. These errors include: • Operational errors that prohibit the device from working properly, i.e. paper tray open • User defined errors, such as invoking an unrecognized whitelisted Gabi Voice command • Device service error, such as an authentication error, that prohibit the request from being fulfilled Gabi Voice will not report errors if there is no activity performed by the user. 545 of 1132 550 gab i. 300 John St., Suite 1B, Greer, SC 29651 888-414-GABI (4224) www.GabiSolutions.com 9 Global Artificial Business Intelligence SUPPORT For issues with Gabi, please feel free to contact Gabi Solutions at support@gabisolutions.com or (888)611-2679 between 8:00-5:00 PM EST 546 of 1132 551 gab i. 300 John St., Suite 1B, Greer, SC 29651 888-414-GABI (4224) www.GabiSolutions.com 10 Global Artificial Business Intelligence APPENDIX A Subscription Services AGREEMENT Note: This is for customer information only. As part of the Gabi Voice enablement process customers will be asked to accept this agreement directly with Gabi Solutions. GABI VOICE SUBSCRIPTION SERVICES AGREEMENT This Gabi Voice Subscription Services Agreement (“Agreement”) is by and between InField Sales Pro, LLC, d/b/a Gabi Solutions (“Gabi“) and Customer and is effective on the date Hardware is delivered to Customer for use with a multifunction printer provided by Xerox Corporation (“MFP”) (“Effective Date”). Whereas, Gabi provides a subscription Service, Customer desires to subscribe to the Service, and this business relationship and the allocation of responsibilities regarding such Service are set forth in this Agreement. Therefore, the parties agree as follows: 1. Customer’s Use of the Service. 1.1 Provision of the Service. In exchange for the fees paid as contemplated herein, Gabi shall: (i) make the Service available in accordance with the Documentation and the SLA to Customer and its Enabled Users in the Field of Use during the Term pursuant to this Agreement; (ii) not use Customer Data except to provide the Service, or to prevent or address service or technical problems, in accordance with this Agreement and the Documentation, or in accordance with Customer’s instructions; and (iii) not disclose Customer Data to any third party. The Service is provided in U.S. English. Gabi has translated portions of the Service into other languages. Customer and its Enabled Users may only use the translated portions of the Service for the number of languages listed in an applicable Order Form. Gabi will provide support in accordance with Exhibit A, which is included at no additional charge to Customer; or at Customer’s option and upon payment of applicable fees, Gabi will provide enhanced support in accordance with Exhibit B. 1.2 Customer Obligations. Customer may enable access of the Service for use only by Enabled Users solely for the internal business purposes of Customer and its Affiliates in accordance with the Documentation and not for the benefit of any third parties. Customer is responsible for all Enabled User use of the Service and compliance with this Agreement. Customer shall: (a) have sole responsibility for promptly installing updates to the Service, and for the accuracy, quality, and legality of all Customer Data; and (b) prevent unauthorized access to, or use of, the Service, and notify Gabi promptly of any such unauthorized access or use. Customer shall not: (i) use the Service in violation of applicable Laws; (ii) in connection with the Service, send or store infringing, obscene, threatening, or otherwise unlawful or tortious material, including material that violates privacy rights; (iii) send or store Malicious Code in connection with the Service; (iv) interfere with or disrupt performance of the Service or the data contained therein; or (v) attempt to gain access to the Service or its related systems or networks in a manner not set forth in the Documentation. Customer shall designate a maximum number of named contacts to request and receive support services from Gabi (“Named Support Contacts”). Named Support Contacts must be designated to assist with Product(s) for which they initiate support requests. 1.3 Federal Government End Use Provisions (if applicable). Gabi provides the Service, including related Software and technology, for federal government end use solely in accordance with the following: Government technical data and software rights related to the Service include only those rights customarily provided to the public as defined in this Agreement. This customary commercial license is provided in accordance with FAR 12.211 (Technical Data) and FAR 12.212 (Software) and, for Department of Defense transactions, DFAR 252.227-7015 (Technical Data – Commercial Items) and DFAR 227.7202.3 (Rights in Commercial Computer Software or Computer Software Documentation). If a government agency has a “need for” right not conveyed under these terms, it must 547 of 1132 552 gab i. 300 John St., Suite 1B, Greer, SC 29651 888-414-GABI (4224) www.GabiSolutions.com 11 Global Artificial Business Intelligence negotiate with Gabi to determine whether there are acceptable terms for transferring additional rights. A mutually acceptable addendum specifically conveying such rights must be executed by the parties in order to convey such rights beyond those set forth herein. 2. Fees. 2.1 Invoices & Payment. Any fees for the Service after the initial five (5) years of the Term, or for any modifications or enhancements to the Service during the Term, will be invoiced in accordance with the relevant Order Form. Except as otherwise set forth in an Order Form executed by Gabi and Customer, all fees due hereunder (except fees subject to good faith dispute) shall be due and payable within thirty (30) days of invoice date. Except as otherwise stated in an Order Form, all fees are quoted and payable in United States dollars and are based on Service rights acquired under this Agreement. Customer shall provide Gabi with complete and accurate billing and contact information including a valid email address for receipt of invoices. Upon Gabi’s request, Customer will make payments via wire transfer. 2.2 Non-cancelable & non-refundable. Except as specifically set forth to the contrary under Section 6.2 “Warranty Remedies”, Section 7.1 “Indemnification by Gabi”, Section 9.2 “Termination”, and under the SLA, all payment obligations under any and all Order Forms are non-cancelable and all payments made are non-refundable. 2.3 Non-Payment and Suspension of Service. If Customer's account is more than thirty (30) days past due (except with respect to charges subject to a reasonable and good faith dispute), in addition to any other rights or remedies it may have under this Agreement or by Law, Gabi reserves the right to suspend the Service upon thirty (30) days written notice, without liability to Customer, until such amounts are paid in full. 2.4 Taxes. Except as otherwise stated in an Order Form, Gabi's fees do not include any direct or indirect local, state, federal or foreign taxes, levies, duties or similar governmental assessments of any nature, including value- added, excise, use or withholding taxes (collectively, "Taxes"). Customer is responsible for paying all Taxes associated with its acquisitions hereunder, this Agreement, and the Service, excluding U.S. income taxes on Gabi. If Customer has an obligation to withhold any amounts under any Law or tax regime (other than U.S. income tax Law), Customer shall gross up the payments so that Gabi receives the amount actually quoted and invoiced. If Gabi has a legal obligation to pay or collect Taxes for which Customer is responsible under this section, the appropriate amount shall be invoiced to and paid by Customer, unless Customer provides Gabi with a valid tax exemption certificate authorized by the appropriate taxing authority. 2.5 Enabled User Count Verification. In order to manage and improve the Service, Gabi may periodically confirm the number of Enabled User records on its hosted servers. 3. Proprietary Rights. 3.1 Ownership and Reservation of Rights to Gabi Intellectual Property. Gabi and its licensors own all right, title and interest in and to the Service, Documentation, and other Gabi Intellectual Property Rights. Subject to the limited rights expressly granted hereunder, Gabi reserves all rights, title and interest in and to the Service, and Documentation, including all related Intellectual Property Rights. No rights are granted to Customer hereunder other than as expressly set forth herein. 3.2 License Grant. Gabi hereby grants Customer a non-exclusive, non-transferable, right to use the Service and Documentation, solely for the internal business purposes of Customer and Affiliates and solely during the Term, subject to the terms and conditions of this Agreement. Gabi agrees that the Software used by Gabi to provide the Service, coupled with the rights granted to Customer in this section constitutes “intellectual property” as defined in Section 101(35A) of the Bankruptcy Code, as amended, and this Agreement shall be governed by Section 365(n) of the Bankruptcy Code, as applicable, in the event Gabi voluntarily or involuntarily becomes subject to the 548 of 1132 553 gab i. 300 John St., Suite 1B, Greer, SC 29651 888-414-GABI (4224) www.GabiSolutions.com 12 Global Artificial Business Intelligence protection of the Bankruptcy Code and Gabi or the trustee in bankruptcy rejects the Agreement. In addition, because pursuant to Section 3.4, Customer owns the Customer Data, Gabi shall not list the Customer Data as an asset in any bankruptcy filing, nor shall Gabi identify Customer’s Confidential Information as a Gabi asset. 3.3 License Restrictions. Customer shall not (i) modify, copy or create any derivative works based on the Service or Documentation; (ii) license, sublicense, sell, resell, rent, lease, transfer, assign, distribute, time share, offer in a service bureau, or otherwise make the Service or Documentation available to any third party, other than to Enabled Users as permitted herein; (iii) reverse engineer or decompile any portion of the Service or Documentation, including but not limited to, any software utilized by Gabi in the provision of the Service and Documentation, except to the extent required by Law; (iv) access the Service or Documentation in order to build any commercially available product or service; or (v) copy any features, functions, integrations, interfaces or graphics of the Service or Documentation. 3.4 Ownership of Customer Data. As between Gabi and Customer, Customer owns Customer Data. Gabi’s use of and activities with respect to any Open Source Software in connection with the Service do not and will not provide to any Open Source licensor any rights in Customer Data or any software or other intellectual property owned by or licensed to Customer by third parties. 3.5 Customer Input. Gabi shall have a royalty-free, worldwide, transferable, sub-licensable, irrevocable, perpetual license to use or incorporate into the Service any Customer Input. Gabi shall have no obligation to make Customer Input an Improvement. Customer shall have no obligation to provide Customer Input. 3.6 Aggregated Data Use. Gabi owns the aggregated and statistical data derived from the operation of the Service, including, without limitation, the number of records in the Service, the number and types of transactions, configurations, and reports processed in the Service and the performance results for the Service (the “Aggregated Data”). Nothing herein shall be construed as prohibiting Gabi from utilizing the Aggregated Data for purposes of operating Gabi’s business, provided that Gabi’s use of Aggregated Data will not reveal the identity, whether directly or indirectly, of any individual or specific data entered by any individual into the Service. In no event does the Aggregated Data include any personally identifiable information; Aggregated Data that is derived, in whole or in part from information that can be identified as being associated with an individual or with a customer shall not be released to any third party unless it has been rendered anonymous in such a way that the data subject is no longer identifiable. 4. Confidentiality. 4.1 Confidentiality. No party shall disclose or use any Confidential Information of the other party except as reasonably necessary to perform its obligations or exercise its rights pursuant to this Agreement and only with the other party's prior written permission. In the event that the receiving party needs to disclose Confidential Information to the disclosing party’s employees or Enabled Users to perform its obligations or exercise its rights pursuant to this Agreement, it may do so without prior written permission. Disclosures to third parties (other than Enabled Users) needed to perform obligations or exercise rights pursuant to this Agreement shall not require prior written permission if the third party recipient is subject to a confidentiality obligation that is equal to or more protective than the confidentiality provisions of this Agreement. 4.2 Protection. Without limiting the foregoing, each party agrees to protect the Confidential Information of the other party in the same manner that it protects its own Confidential Information of like kind, but in no event using less than a reasonable standard of care. Confidential Information that is Customer Data shall receive protection in accordance with Section 5 of this Agreement. 549 of 1132 554 gab i. 300 John St., Suite 1B, Greer, SC 29651 888-414-GABI (4224) www.GabiSolutions.com 13 Global Artificial Business Intelligence 4.3 Compelled Disclosure. A disclosure by one party of Confidential Information of the other party to the extent required by Law shall not be considered a breach of this Agreement, provided the party so compelled promptly provides the other party with prior notice of such compelled disclosure (to the extent legally permitted) and provides reasonable assistance, at the other party's cost, if the other party wishes to contest the disclosure. 4.4 Remedies. If a party discloses or uses (or threatens to disclose or use) any Confidential Information of the other party in breach of confidentiality protections hereunder, the other party shall have the right, in addition to any other remedies available, to seek injunctive relief to enjoin such acts without first exhausting the informal resolution or mediation processes described in section 10.11. The parties acknowledge that disclosure of Confidential Information may cause irreparable injury and damages, which may be difficult to ascertain and that remedies other than injunctive relief may be inadequate. In addition, in the event that a party fails to return or certify destruction of Confidential Information upon termination of this Agreement, each party is entitled to seek injunctive relief, including a preliminary injunction and an order of seizure and impoundment under Section 503 of the Copyright Act upon an ex parte application by Disclosing Party to protect and recover its Confidential Information. 4.5 Return or Destruction of Confidential Information. Upon the termination or expiration of this Agreement and at Customer's request, Gabi will return or destroy any and all Customer Confidential Information (excluding Customer Data, which is subject to Section 5) that Gabi is capable of returning or destroying in the ordinary course of Gabi's business, unless legally prohibited from doing so. Gabi shall protect any Customer Confidential Information in accordance with this Agreement for so long as Gabi retains such Customer Confidential Information. 4.6 Access to Customer’s Computer Systems. Customer and Enabled Users access the Service through the internet; the Service does not require that Gabi have access to Customer’s computer systems. In the unlikely event that the parties identify a situation where Gabi will need access to Customer’s computer systems, the parties will execute a separate agreement which specifies the terms for such access. 5. Security 5.1 Protection and Retrieval of PII. Unless otherwise requested and expressly agreed in writing by a Customer and Gabi via an Order Form submitted by such Customer to Gabi pursuant to this Agreement, Gabi Voice’s default configuration for SaaS does not store PII on (i) Amazon Web Services, or (ii) IBM Watson, where it opts out of data sharing so that, after executing the given task on the Watson platform, Watson is instructed not to store any data; or (iii) any future SaaS component which Gabi may elect to incorporate or make a part of the Gabi Voice configuration at any time during the Initial Term and any renewal term of this Agreement; During the Term of this Agreement, Gabi shall not store any PII in provisioning Services to Customer or its Enabled Users in connection with Gabi Voice. In the event that Customer requests services from Gabi requiring Gabi to gather and store PII (e.g. multifactor authentication for security), Gabi shall provide means to Customer to access and retrieve such Customer Data pursuant to a properly executed Order Form between Gabi and the Customer. 5.2 Unauthorized Disclosure. If either party believes that there has been a disclosure of unencrypted Customer Data to anyone other than Gabi (a “Security Incident”), such party must promptly notify the other party, but not later than forty-eight hours after identification of the disclosure unless Law enforcement officials have requested or require a delay in notice. Additionally, each party will reasonably assist the other party in remediating or mitigating any potential damage, including any notification which should be sent to individuals impacted or potentially impacted, or the provision of credit reporting services to such individuals. Each party shall bear the costs of such remediation or mitigation to the extent the breach or security incident was caused by it. Where the type of Customer Data disclosed is such that credit reporting services should be part of remediation efforts, unless the party financially responsible for the remediation efforts agrees to a longer period, one year of credit reporting 550 of 1132 555 gab i. 300 John St., Suite 1B, Greer, SC 29651 888-414-GABI (4224) www.GabiSolutions.com 14 Global Artificial Business Intelligence services shall be provided. Subject to the limitation of liability in Section 8, to the extent that Gabi caused the breach or security incident, Gabi’s obligation to bear the costs of such remediation or mitigation shall include the cost of defending or settling third party claims brought against Customer as the result of the breach or security incident. As soon as reasonably practicable after any such Security Incident, Customer and Gabi will consult in good faith regarding the root cause analysis and any remediation efforts. Following notice from Gabi to Customer of a security incident caused by Gabi, Customer will have the right to request from Gabi a report prepared by a nationally recognized independent third party audit firm of the relevant security and controls and/or, if applicable, a summary report of a penetration test of the application performed by an independent third party demonstrating remediation of material risks to the unauthorized disclosure of Customer Data. Gabi will work in good faith to remediate any material security risks identified in the root cause analysis that are within Gabi’s reasonable control. Except to the extent prohibited by applicable Law, each party shall provide the other party with reasonable notice of and the opportunity to comment on and approve the content of all notices, filings, communications, press releases or reports about an unauthorized disclosure of Customer Data that identify the other party by name prior to any publication or communication thereof to any third party other than legal advisors. Notwithstanding the foregoing, each party may provide notice as required by Law even if the other party has not provided such consent. Nothing herein will prevent Gabi from making disclosures about a security incident generally. Where applicable Law clearly allocates the responsibility for providing notice about a Security Incident to Customer, Gabi agrees that Customer has the sole right to determine: (i) whether or not any notices of a Security Incident are required by Law or regulation; (ii) the recipients of each notice of a Security Incident, including individuals, regulators, Law enforcement agencies, and consumer reporting agencies; and (iii) the contents of each notice. 6. Warranties & Disclaimers. 6.1 Mutual Warranties. Each party represents and warrants to the other that: (i) this Agreement has been duly authorized, executed and delivered and constitutes a valid and binding agreement enforceable against such party in accordance with its terms; (ii) no authorization or approval from any third party is required in connection with such party’s execution, delivery or performance of this Agreement; (iii) the execution, delivery and performance of this Agreement does not violate the terms or conditions of any other agreement to which it is a party or by which it is otherwise bound; and (iv), with respect to its activities pursuant to this Agreement, it shall comply with all Laws applicable to it related to data privacy, international communications and the transmission of technical or personal data. 6.2 Gabi Warranties. Gabi hereby warrants and represents that during the Term: (i) the Service shall perform materially in accordance with the Documentation; (ii) the functionality of the Service will not be materially decreased during the Term; (iii) it will use commercially reasonable efforts to prevent the introduction of Malicious Code into the Service (except for any Malicious Code submitted by Customer or its Enabled Users to the Service); Gabi warrants the Hardware to be free from defects for a period of one (1) year from the date of purchase. 6.3 Warranty Remedies. Each party shall promptly remedy its breach of the warranties in Section 6.1 upon receipt of notification of such breach. As Customer's exclusive remedy and Gabi's sole liability for breach of the warranty set forth in Section 6.2 (i), (ii), and (iii): (a) Gabi shall correct the non-conforming Service or replace the defective Hardware at no additional charge to Customer; or (b) in the event Gabi is unable to correct such deficiencies after good-faith efforts, Gabi shall refund Customer amounts paid that are attributable to the defective Service from the date Gabi received such notice. To receive warranty remedies, Customer must promptly report deficiencies in writing to Gabi, but no later than thirty (30) days of the first date the deficiency is identified by Customer. Following expiration of the Hardware warranty, Customer may purchase replacement Hardware units from Gabi or 551 of 1132 556 gab i. 300 John St., Suite 1B, Greer, SC 29651 888-414-GABI (4224) www.GabiSolutions.com 15 Global Artificial Business Intelligence its authorized reseller for use with the Service provided hereunder in place of any defective Hardware unit, without any additional service or other charge. 6.4 Disclaimer. EXCEPT AS EXPRESSLY PROVIDED HEREIN AND TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, GABI MAKES NO WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, AND SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING ANY WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE WITH RESPECT TO THE SERVICE AND/OR RELATED DOCUMENTATION. GABI DOES NOT WARRANT THAT THE SERVICE WILL BE ERROR FREE OR UNINTERRUPTED. THE LIMITED WARRANTIES PROVIDED HEREIN ARE THE SOLE AND EXCLUSIVE WARRANTIES PROVIDED TO CUSTOMER IN CONNECTION WITH THE PROVISION OF THE SERVICE. 7. Indemnification. 7.1 Gabi shall defend, indemnify and hold Customer and its respective officers, directors, successors, assigns, agents, and employees (collectively, the “Customer Indemnified Parties”), harmless against any loss, damage or costs (including reasonable attorneys' fees) in connection with claims, demands, suits, or proceedings ("Claims") made or brought against the Customer Indemnified Parties by a third party alleging that the use of the Product by Customer as contemplated hereunder infringes a copyright, a U.S. patent issued as of the Effective Date, or a trademark of a third party; provided, however, that Customer: (a) promptly gives written notice of the Claim to Gabi; (b) gives Gabi sole control of the defense and settlement of the Claim (provided that Gabi may not settle any Claim unless it unconditionally releases Customer of all liability); and (c) provides to Gabi, at Gabi's cost, all reasonable assistance. Gabi shall not be required to indemnify Customer in the event of: (w) modification of the Service by Customer or Enabled Users in conflict with Customer’s obligations or as a result of any prohibited activity as set forth herein; (x) use of the Service in a manner inconsistent with the Documentation; (y) use of the Service in combination with any other product or service not provided by Gabi; or (z) use of the Service in a manner not otherwise contemplated by this Agreement. If Customer is enjoined from using the Service or Gabi reasonably believes it will be enjoined, Gabi shall have the right, at its sole option, to obtain for Customer the right to continue use of the Service or to replace or modify the Service so that it is no longer infringing. If neither of the foregoing options is reasonably available to Gabi, then use of the Service may be terminated at the option of Gabi and Gabi’s sole liability shall be to refund any prepaid fees for the Service that were to be provided after the effective date of termination. 8. Limitation of Liability. 8.1 Limitation of Liability. (a)TO THE MAXIMUM EXTENT PERMITTED BY LAW AND EXCEPT WITH RESPECT TO LIABILITY ARISING FROM (I) GABI’S INDEMNIFICATION OBLIGATIONS; (II) CLAIMS FOR BODILY INJURY OR DEATH OR DAMAGES TO REAL PROPERTY OR TANGIBLE PERSONAL PROPERTY TO THE EXENT RESULTING FROM WILLFUL OR INTENTIONAL MISCONDUCT OF THE PARTY LIABLE FOR THE DAMAGES AND/OR (III) GABI’S BREACH OF THIS AGREEMENT RESULTING IN UNAUTHORIZED DISCLOSURE OF CUSTOMER DATA AS SET FORTH IN SECTION 8.1(b) BELOW, IN NO EVENT SHALL GABI’S OR GABI’S THIRD PARTY LICENSORS’ AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT, WHETHER IN CONTRACT, TORT OR OTHERWISE, EXCEED SUBSCRIPTION FEES ACTUALLY PAID BY CUSTOMER IN CONSIDERATION FOR GABI’S SERVICE DELIVERY DURING THE IMMEDIATELY PRECEEDING TWELVE (12) MONTH PERIOD FOR THE SERVICE FROM WHICH THE CLAIM AROSE (OR, FOR A CLAIM ARISING BEFORE THE SECOND ANNIVERSARY OF THE EFFECTIVE DATE OF THE APPLICABLE ORDER FORM, THE AMOUNT PAID FOR THE FIRST TWELVE MONTH PERIOD). (b) GABI’S AGGREGATE LIABILITY TO CUSTOMER FOR ITS BREACH OF THIS AGREEMENT RESULTING FROM GABI’S UNAUTHORIZED DISCLOSURE OF UNENCRYPTED CUSTOMER DATA COLLECTED VIA THE SERVICE (A “SECURITY 552 of 1132 557 gab i. 300 John St., Suite 1B, Greer, SC 29651 888-414-GABI (4224) www.GabiSolutions.com 16 Global Artificial Business Intelligence INCIDENT”) (INCLUDING THE COST TO DEFEND THIRD PARTY CLAIMS CAUSED BY SUCH BREACH) SHALL NOT EXCEED $1,000,000. 8.2 Damages. IN NO EVENT SHALL GABI HAVE ANY LIABILITY TO CUSTOMER FOR ANY INDIRECT, SPECIAL, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES, HOWEVER CAUSED, OR FOR ANY LOST PROFITS, LOSS OF USE, COST OF DATA RECONSTRUCTION, COST OR PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, WHETHER IN CONTRACT, TORT OR OTHERWISE, ARISING OUT OF, OR IN ANY WAY CONNECTED WITH THE SERVICE, INCLUDING BUT NOT LIMITED TO THE USE OR INABILITY TO USE THE SERVICE, ANY INTERRUPTION, INACCURACY, ERROR OR OMISSION, EVEN IF THE PARTY FROM WHICH DAMAGES ARE BEING SOUGHT OR SUCH PARTY'S LICENSORS OR SUBCONTRACTORS HAVE BEEN PREVIOUSLY ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGES. NOTWITHSTANDING THE FOREGOING, THE PARTIES AGREE THAT GABI’S OBLIGATION TO RESTORE CUSTOMER DATA IN ACCORDANCE WITH THE SLA IS NOT AN INDIRECT DAMAGE, WHETHER IN CONTRACT, TORT OR OTHERWISE. 9. Term & Termination. 9.1 Term of Agreement. The term of this Agreement commences on the Effective Date and continues for an initial period of five (5) years and at Customer’s election and payment of the applicable then-current subscription fee stated in the Order Form, for successive one-year annual renewal periods (the “Term”). 9.2 Termination. Customer may terminate use of Services upon written notice to Gabi within three (3) months following the commencement date of any renewal period. Gabi shall not issue any credit for the unused portion of Services. In addition, either party may terminate this Agreement, (i) upon thirty (30) days prior written notice to the other party of a material breach by the other party if such breach remains uncured at the expiration of such notice period; or (ii) immediately in the event the other party becomes the subject of a petition in bankruptcy or any other proceeding relating to insolvency, receivership, liquidation or assignment for the benefit of creditors. Customer’s failure to meet its payment obligations when due shall be considered a material breach, authorizing Gabi’s immediate termination of this Agreement. In the event the Agreement is terminated, all Order Forms are simultaneously terminated. Upon any termination by Customer pursuant to this section, Gabi shall refund Customer any prepaid fees for the affected Service that were to be provided after the effective date of termination. Finally, each Gabi Voice unit is associated with an MFP serial number. In the event the Customer no longer owns or controls the MFP with which Gabi Voice is installed, Gabi shall have no further obligation under this Subscription Services Agreement. 9.3 Effect of Termination. Upon any termination of this Agreement, Customer shall, as of the date of such termination, immediately cease accessing and otherwise utilizing the applicable Service and Gabi Confidential Information; and Gabi shall immediately cease accessing and otherwise utilizing Customer Confidential Information and Customer Data. Termination for any reason shall not relieve Customer of the obligation to pay any fees accrued or due and payable to Gabi prior to the effective date of termination. Upon termination for cause by Gabi, all future amounts due under all Order Forms shall be accelerated and become due and payable immediately. 9.4 Surviving Provisions. The following provisions of this Agreement shall not survive and will have no further force or effect following any termination or expiration of this Agreement: (i) subsection (i) of Section 1.1 “Provision of the Service”; (ii) Section 3.2 “License Grant”; and (iii) any Order Form(s). All other provisions of this Agreement shall survive any termination or expiration of this Agreement. 10. General Provisions. 553 of 1132 558 gab i. 300 John St., Suite 1B, Greer, SC 29651 888-414-GABI (4224) www.GabiSolutions.com 17 Global Artificial Business Intelligence 10.1 Relationship of the Parties. The parties are independent contractors. This Agreement does not create nor is it intended to create a partnership, franchise, joint venture, agency, fiduciary or employment relationship between the parties. There are no third-party beneficiaries to this Agreement. 10.2 Notices. All notices under this Agreement shall be in writing and shall be deemed to have been given upon: (i) personal delivery; (ii) the third business day after first class mailing; or (iii) the second business day after sending by facsimile with telephonic confirmation of receipt. Notices to Gabi shall be addressed to the attention of its General Counsel, Luis J. Diaz, at the address listed above for Gabi. Notices to Customer shall be addressed to Customer’s address on file in accordance with its registration. Each party may modify its recipient of notices by providing notice pursuant to this Agreement. 10.3 Waiver and Cumulative Remedies. No failure or delay by either party in exercising any right under this Agreement shall constitute a waiver of that right or any other right. Other than as expressly stated herein, the remedies provided herein are in addition to, and not exclusive of, any other remedies of a party at law or in equity. 10.4 Force Majeure. Neither party shall be liable for any failure or delay in performance under this Agreement (other than for delay in the payment of money due and payable hereunder) for causes beyond that party’s reasonable control and occurring without that party’s fault or negligence, including, but not limited to, acts of God, acts of government, flood, fire, civil unrest, acts of terror, strikes or other labor problems (other than those involving Gabi or Customer employees, respectively), computer attacks or malicious acts, such as attacks on or through the Internet, any Internet service provider, telecommunications or hosting facility. Dates by which performance obligations are scheduled to be met will be extended for a period of time equal to the time lost due to any delay so caused. 10.5 Assignment. Neither party may assign any of its rights or obligations hereunder, whether by operation of Law or otherwise, without the prior written consent of the other party (which consent shall not be unreasonably withheld). Notwithstanding the foregoing, either party may assign this Agreement in its entirety (including all Order Forms) without consent of the other party in connection with a merger, acquisition, reorganization, or sale of all or substantially all of its assets provided the assignee has agreed to be bound by all of the terms of this Agreement and all past due fees are paid in full, except that Customer shall have no right to assign this Agreement to a direct Competitor of Gabi. Any attempt by a party to assign its rights or obligations under this Agreement in breach of this section shall be void and of no effect. Subject to the foregoing, this Agreement shall bind and inure to the benefit of the parties, their respective successors and permitted assigns. 10.6 Governing Law; Waiver of Jury Trial. This Agreement shall be governed exclusively by the internal Laws of the State of New Jersey, without regard to its conflicts of laws rules. No version of the Uniform Computer Information Transactions Act or any substantially similar Law enacted in any jurisdiction (collectively “UCITA”) will apply to or govern any license granted or any party’s performance under this Agreement, or any of the parties’ rights and obligations arising pursuant to this Agreement. The applicable Law will be the Law as it existed prior to the enactment of UCITA. All claims must be brought in the state or federal courts located in Essex County, New Jersey, and each party agrees to these as the exclusive forums and waives any claim of inconvenient forum. EACH PARTY HEREBY WAIVES ANY RIGHT TO A JURY TRIAL IN CONNECTION WITH ANY LITIGATION IN ANY WAY ARISING OUT OF OR RELATING TO THIS AGREEMENT. Before commencing any litigation, except for one seeking injunctive relief, the party commencing litigation must exhaust alternative dispute resolution processes described in section 10.11. 10.7 Export. Each party shall comply with the export Laws and regulations of the United States and other applicable jurisdictions in providing and using the Service. Without limiting the generality of the foregoing, Customer shall not make the Service available to any person or entity that: (i) is located in a country that is subject 554 of 1132 559 gab i. 300 John St., Suite 1B, Greer, SC 29651 888-414-GABI (4224) www.GabiSolutions.com 18 Global Artificial Business Intelligence to a U.S. government embargo; (ii) is listed on any U.S. government list of prohibited or restricted parties; or (iii) is engaged in activities directly or indirectly related to the proliferation of weapons of mass destruction. 10.8 Insurance. Gabi will maintain during the entire Term of this Agreement, at its own expense, the types of insurance coverage specified below, on standard policy forms and with insurance companies with at least an A.M. Best Rating of A-VII authorized to do business in the jurisdictions where the Gabi Services are to be performed. (a) Workers’ Compensation insurance prescribed by applicable local Law and Employers Liability insurance with limits not less than $1,000,000 per accident/per employee. (b) Business Automobile Liability covering all vehicles that Gabi owns, hires or leases with a limit of no less than $1,000,000 (combined single limit for bodily injury and property damage) for each accident. (c) Commercial General Liability insurance including Contractual Liability Coverage, with coverage for products liability, completed operations, property damage and bodily injury, including death, with an aggregate limit of no less than $2,000,000. 10.9 Miscellaneous. This Agreement, including Exhibit A, Exhibit B, Exhibit C, and all Order Forms, constitutes the entire agreement between the parties with respect to the subject matter hereof. In the event of a conflict, the provisions of an Order Form shall take precedence over provisions of the body of this Agreement and over any other Exhibit or Attachment. This Agreement supersedes all prior and contemporaneous agreements, proposals or representations, written or oral, concerning its subject matter. No modification, amendment, or waiver of any provision of this Agreement shall be effective unless in writing and signed by the party against whom the modification, amendment or waiver is to be asserted. The enumeration and section headings are used in this Agreement for reference and convenience only and do not have any substantive significance in the construction or interpretation of this Agreement. As used in this Agreement, the word “including” (as well as “include” and “includes”) is not limiting and means “including without limitation.” This Agreement has been negotiated and no provision shall be construed against either party for the sole reason that it is the drafter of the provision. If any provision of this Agreement is held by a court of competent jurisdiction to be contrary to Law, the provision shall be modified by the court and interpreted so as best to accomplish the objectives of the original provision to the fullest extent permitted by Law, and the remaining provisions of this Agreement shall remain in effect. Notwithstanding any language to the contrary therein, no terms or conditions stated in a Customer purchase order or in any other Customer order documentation shall be incorporated into or form any part of this Agreement, and all such terms or conditions shall be null and void. Gabi may use Customer's name and logo in lists of customers, on marketing materials and on its website with Customer’s prior written consent. This Agreement may be executed in counterparts, which taken together shall form one binding legal instrument. The parties hereby consent to the use of electronic signatures in connection with the execution of this Agreement, and further agree that electronic signatures to this Agreement shall be legally binding with the same force and effect as manually executed signatures. 10.10 Publicity. Gabi shall not use Customer's name, logos or trademarks in any written press releases, advertisements and/or marketing materials, or use Customer's name in lists of customers and on its website, including, but not limited to, Gabi’s community portal, without the prior written consent of Customer 10.11 Alternative Dispute Resolution. All disputes between the parties arising out of this Agreement or any corresponding Order Form will first be submitted for informal resolution between authorized representatives of Gabi and Customer. Should the parties be unable to obtain a resolution within thirty (30) days after commencement of informal resolution negotiation, or such other time period agreed to in writing by the parties, either Party (the “Complaining Party”) shall submit the dispute to non-binding mediation under the auspices of the American Arbitration Association (“AAA”) or another mediation organization agreed upon by the parties for 555 of 1132 560 gab i. 300 John St., Suite 1B, Greer, SC 29651 888-414-GABI (4224) www.GabiSolutions.com 19 Global Artificial Business Intelligence resolution under its rules then in effect, Each Party shall be responsible for its own expenses related to mediation, including attorneys’ fees. If the dispute is not resolved within sixty (60) days after its submission to mediation, the Complaining Party may commence litigation in accordance with section 10.6. All statutes of limitations and periods of repose shall be tolled during the informal resolution period and the mediation proceedings. Pending final resolution of any dispute, the Parties shall continue to fulfill their respective obligations hereunder except that either party may exercise termination rights if permitted by this Agreement. This Section shall survive completion or termination of this Agreement, but under no circumstances shall either party be allowed to initiate Alternative Dispute Resolution or court action of any claim or dispute arising out of this Agreement after such period of time as would normally bar the initiation of legal proceedings to litigate such claim or dispute under the Laws of the State of New Jersey. Notwithstanding anything in this Section 10.11, either party may seek injunctive relief at any time. 11. Definitions. “Affiliate” means any entity which directly or indirectly controls, is controlled by, or is under common control by either party. For purposes of the preceding sentence, "control" means direct or indirect ownership or control of more than fifty percent (50%) of the voting interests of the subject entity. “Agreement” means this Gabi Voice Subscription Services Agreement, including its Exhibits, and any fully executed Order Form. “Competitor” means any entity that may be reasonably construed as offering competitive functionality or services to those offered by Gabi. If the parties cannot agree on whether an entity is a Competitor, then the opinion of three (3) financial analysts with adequate knowledge of the human resources and/or financials software and services industry (chosen by mutual agreement of the parties) commissioned at Gabi’s sole expense, shall determine such. "Confidential Information" means (a) any software utilized by Gabi in the provision of the Service and its respective source code; (b) Customer Data; (c) each party’s business or technical information, including but not limited to the Documentation, training materials, any information relating to software plans, designs, costs, prices and names, finances, marketing plans, business opportunities or initiatives, organizational restructuring, insurance or health care offerings, personnel, research, development or know-how that is designated by the disclosing party as "confidential" or "proprietary" or the receiving party knows or should reasonably know is confidential or proprietary; and (d) the terms, conditions and pricing of this Agreement (but not its existence or parties). "Customer Data" means the electronic data or information submitted by Customer or Enabled Users to the Service including any structured or unstructured information (including, without limitation, text, images, data files, and software) provided by Customer for capture, storage, analysis, processing, extraction, retrieval, management, and/or distribution, including any information that can be generated or derived from such information provided by Customer. Customer Data may include PII. “Customer Input” means suggestions, enhancement requests, recommendations or other feedback provided by Customer and Enabled Users relating to the operation or functionality of the Service. “Documentation" means Gabi’s electronic and hardcopy user guide for the Service, which may be updated by Gabi from time to time, including the Gabi Voice Technology Overview Document version 03-30-18.1 located at http://www.gabisolutions.com/assets/uploads/Gabi-Voice-Technology-Overview.pdf . Gabi may modify the Gabi Voice Technology Overview Document from time to time provided that Gabi shall not materially reduce the features and functionality of, and level of support for, the Product. 556 of 1132 561 gab i. 300 John St., Suite 1B, Greer, SC 29651 888-414-GABI (4224) www.GabiSolutions.com 20 Global Artificial Business Intelligence "Employee" means employees, consultants, contingent workers, independent contractors, Customer authorized visitors, and retirees of Customer and its Affiliates whose active business record(s) are or may be managed by the Service and for which a subscription to the Service has been purchased. “Enabled User” shall mean each Employee end-user of Customer that is authorized by Customer to access and use a Product identified at Exhibit A following installation by the Customer with an MFP. “Hardware” shall mean the Gabi SMARTBOX, and the speaker/microphone that accompanies that Service. “Improvements” means all improvements, updates, enhancements, error corrections, bug fixes, release notes, upgrades and changes to the Service and Documentation, as developed by Gabi and made generally available for Production use without a separate charge to Customers. “Intellectual Property Rights” means any and all common law, statutory and other industrial property rights and intellectual property rights, including copyrights, trademarks, trade secrets, patents and other proprietary rights issued, honored or enforceable under any applicable Laws anywhere in the world, and all moral rights related thereto. “Law” means any local, state, national and/or foreign law, treaties, and/or regulations applicable to a respective party. “Malicious Code” means viruses, worms, time bombs, Trojan horses and other malicious code, files, scripts, agents or programs. "Order Form" means the separate ordering documents under which Customer modifies or enhances the Gabi Service pursuant to this Agreement that have been fully executed by the parties. "Open Source Software" shall have the meaning set forth in Section 3.4 of this Agreement. “PII” or “Personally Identifiable Information” means. any information provided by Customer to Gabi or Gabi Voice relating to an identified or identifiable individual, including, but not limited to, social security number or other unique identifier, health or medical information, credit or debit card numbers, bank account numbers or other financial information, driver’s license numbers, and other types of sensitive personal information. "Product" means the Service and related Hardware that allows persons with disabilities to better access a multifunction printer, the Gabi SmartBox that controls the printer/copier and communicates with our cognitive intelligence engine. "Security Incident" shall have the meaning set forth in Section 5.3 of this Agreement. “Software as a Service” or “SaaS” or “Service” mean software-based AI and voice-enabled services (collecting, processing, manipulating, transmitting and storing data) provided to Customers by means of a software application or applications hosted remotely by or on behalf of Gabi and further described in the Gabi Subscription Services Agreement to be executed by Customers. “SLA” means the Gabi Support and Service Level Availability Policy at Exhibit A, which may be updated by Gabi from time to time. “Subcontractor” means an entity engaged by Gabi to fulfill part or all of its obligations specific to this Agreement and not suppliers or vendors Gabi may engage in general to provide the Service for its general customer population in a manner that is not specific to this Agreement. “Term” has the meaning set forth in Section 9.1. 557 of 1132 562 gab i. In a commitment to be the vendor of choice for consumers seeking product accessibility, Xerox and Gabi Solutions have formed a strategic partnership in support of a 508c solution for your Xerox  Multifunction Printer (MFP). Powered by IBM Watson, Gabi Voice allows workers with physical, mental, and learning disabilities within today’s workforce to interact with their Xerox MFP. By using the wake-up word Hey Gabi, you can now tell your Xerox device to make a copy, send an email, fax, and even access secure print functionalities on the device. Want to learn more? Your Xerox Voice Recognition Solution 558 of 1132 563 gab ~ t I 0 --· • voice ©2018 Gabi Inc. All rights reserved. Vision-e® and Gabi® are trademarks of InField Salespro, LLC in the United States and/or other countries. Getting Started with Gabi Voice – What’s Included? When unboxing your Gabi Voice package, you’ll receive the following components: 1-to-1 Gabi Smartbox: An Ethernet/USB equipped micro-controller device designed to communicate directly with the MFP. Speaker: An on-site microphone/speaker that aids the user in communicating vocally with Gabi. This device connects directly to the Gabi Smartbox via USB. Power: 5.1v micro USB power adapter UL approved to power up your Gabi Smartbox at all times. To learn more about Gabi Voice, visit www.gabisolutions.com/gabi-voice Gabi Voice complies with Federal 508c compliance terms enabling the visually impaired and those with learning disabilities to use the MFP’s features via natural language. Disabled workers can now vocalize voice commands through Gabi and watch their MFP execute them flawlessly whether it be making a copy, checking your toner levels, and send an E-Mail. Why Gabi Voice? From Social Security Numbers to Credit Card information, the data you run through your Xerox  Multifunction Printer can be extremely sensitive. Your jobs issued through Gabi Voice are interpreted securely and accurately at all times. Your data is not stored or transmitted to a third party by neither Gabi Solutions nor IBM Watson. 559 of 1132 564 I':::\. 300 John Street \!!J Greer, SC 29651 CD Call (888) 414-GABI (4224) ® Support@GabiSolut ions .com Xerox® Workplace Suite 5.4 Security Guide 560 of 1132 565 xerox,- © 2019 Xerox® Corporation. All rights reserved. Xerox®, AltaLink®, VersaLink®, Xerox Extensible Interface Platform® are trademarks of Xerox® Corporation in the United States and/or other countries. BR27653 Apache OpenOffice™ is a trademark of the Apache Software Foundation in the United States and/or other countries. Apple® and Mac® are trademarks of Apple, Inc. registered in the United States and/or other countries. Chrome™ is a trademark of Google Inc. Firefox® is a registered trademark of Mozilla Corporation. Intel® Core™ is a trademark of the Intel Corporation in the United States and/or other countries. IOS® is a trademark or registered trademark of Cisco in the United States and other countries and is used under license. Microsoft®, SQL Server®, Microsoft®.NET, Windows®, Windows Server®, Windows 7®, Windows 8®, Office®, Excel® and Internet Explorer® are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. Xerox® PDF Reader Powered by Foxit Software Company (http://www.foxitsoftware.com). This product includes software developed by Aspose (http://www.aspose.com). Document Version: 1.0 BR27653 Other company trademarks are also acknowledged. Document Version: 1.0 (October 2019). Copyright protection claim ed includes all forms and matters of copyrightable material and information now allowed by statutory or judicial law or hereinafter granted including without limitation, material generated from the software programs which are displayed on the screen, such as icons, screen displays, looks, etc. Changes are periodically made to this document. Changes, technical inaccuracies, and typographic errors will be corrected in subsequent editions. 561 of 1132 566 Security Guide – Xerox® Workplace Suite 5.4 i Table of Contents 1. Introduction ..................................................................................................................................... 1-1 Purpose ........................................................................................................................................... 1-1 Target Audience .............................................................................................................................. 1-1 Disclaimer ....................................................................................................................................... 1-1 2. Product Description ......................................................................................................................... 2-1 Overview ......................................................................................................................................... 2-1 Print Management Workflow ........................................................................................................... 2-1 Authentication.............................................................................................................................. 2-1 Single Sign-On ............................................................................................................................ 2-1 Desktop Printing .......................................................................................................................... 2-2 Mobile Print Workflow ..................................................................................................................... 2-2 Submission Methods ................................................................................................................... 2-3 Release Methods ........................................................................................................................ 2-3 Combined Submission / Release Methods ................................................................................. 2-3 Content Security Workflow .............................................................................................................. 2-3 Diagrams ......................................................................................................................................... 2-4 Simple Workplace Suite Components ........................................................................................ 2-4 Advanced Workplace Suite Architecture ..................................................................................... 2-4 Single Sign-On Components....................................................................................................... 2-6 Description of System Components ................................................................................................ 2-6 3. System Architecture ........................................................................................................................ 3-1 Xerox® Workplace Suite Server ...................................................................................................... 3-1 Xerox® Workplace Suite Volatile Memory ................................................................................... 3-1 Xerox® Workplace Suite Non-Volatile Memory ........................................................................... 3-1 Print Server Running Job Agent Service ........................................................................................ 3-1 Print Server and Job Agent Service Volatile Memory ................................................................. 3-2 Print Server and Job Agent Service Non-Volatile Memory ......................................................... 3-2 Document Conversion Engine ........................................................................................................ 3-2 Document Conversion Engine Volatile Memory ......................................................................... 3-2 Document Conversion Engine Non-Volatile Memory.................................................................. 3-2 562 of 1132 567 Security Guide – Xerox® Workplace Suite 5.4 ii Client PC Running Job Agent Client ............................................................................................... 3-3 Client PC and Job Agent Client Volatile Memory........................................................................ 3-3 Client PC and Job Agent Client Non-Volatile Memory ................................................................ 3-3 Open Source Components ............................................................................................................. 3-3 4. System Interaction .......................................................................................................................... 4-4 Xerox® Workplace Suite Server ...................................................................................................... 4-4 Administration Services ............................................................................................................... 4-4 User Portal Services ................................................................................................................... 4-5 Mobile Print Workflow Details ..................................................................................................... 4-5 Print Management Workflow Details ........................................................................................... 4-5 Rules Processing ........................................................................................................................ 4-6 Content Security Processing ....................................................................................................... 4-6 Copy and Scan Job Processing .................................................................................................. 4-6 Single Sign-On ............................................................................................................................ 4-7 Xerox® Workplace App (formerly Print Portal) ................................................................................ 4-7 Xerox Managed Cloud Based Routing Service .............................................................................. 4-8 Document Conversion Servers ....................................................................................................... 4-8 Document Storage ...................................................................................................................... 4-9 Job Agent Service / Workplace Client ............................................................................................. 4-9 Job Agent Service ....................................................................................................................... 4-9 Workplace Client ....................................................................................................................... 4-10 Document Storage ........................................................................................................................ 4-10 Mobile Print Workflow ............................................................................................................... 4-10 Print Management Workflow ..................................................................................................... 4-10 Xerox® Workplace Suite Database ............................................................................................... 4-11 LDAP / ADS Server ....................................................................................................................... 4-11 LDAP Authentication ................................................................................................................. 4-11 LDAP Import .............................................................................................................................. 4-11 Printer ............................................................................................................................................ 4-12 Secure Print............................................................................................................................... 4-12 Printer Authentication ................................................................................................................ 4-12 Xerox® Workplace Suite: Printer Client App ............................................................................. 4-13 Xerox Apeos .............................................................................................................................. 4-13 Customer Email Server(s) ............................................................................................................. 4-13 563 of 1132 568 Security Guide – Xerox® Workplace Suite 5.4 iii Network Appliance ........................................................................................................................ 4-14 Xerox® Services Manager ............................................................................................................. 4-14 Export Jobs to Xerox® Services Manager ................................................................................. 4-14 Import Printers / Sites from Xerox® Services Manager ............................................................. 4-15 App in the Gallery ...................................................................................................................... 4-16 App Server ................................................................................................................................ 4-16 User and Email Server Communication ........................................................................................ 4-16 Xerox® Workplace App and Xerox® Workplace Suite Service ...................................................... 4-17 Customer Email Server and Xerox® Workplace Suite Service Communication ........................... 4-18 Workplace Suite Server and Printer Communication ................................................................... 4-19 Discovery ................................................................................................................................... 4-19 Printer Client (EIP App) ............................................................................................................. 4-19 Print Authentication ................................................................................................................... 4-19 Scan and Copy .......................................................................................................................... 4-19 Administrator Configuration and the Workplace Suite Server ...................................................... 4-20 Document Conversion Server and Workplace Suite Service Communication ............................. 4-20 Document Conversion Server and the Printer .............................................................................. 4-20 User Workstation and Print Server Communication ..................................................................... 4-21 Job Agent Service/Client and Xerox® Workplace Suite Server Communication .......................... 4-21 Job Agent Service Start Up ....................................................................................................... 4-21 Job Agent Client Configuration ................................................................................................. 4-21 Job Management ...................................................................................................................... 4-21 Primary Print Server and Secondary Print Server .................................................................... 4-22 Job Agent Service and Printer Communication ............................................................................ 4-22 External Communication Between Xerox® Workplace Suite Service and Xerox® Cloud Services ........................................................................................................... 4-22 Xerox® Services Manager and the Windows Azure Service Bus ............................................. 4-22 Mobile Devices and the Windows Azure Service Bus .............................................................. 4-22 Mobile Devices and the Managed Cloud Based Routing Service ............................................ 4-23 Xerox® Workplace Suite and LDAP / Active Directory Communication ........................................ 4-23 LDAP / Active Directory Authentication ..................................................................................... 4-23 Active Directory Import .............................................................................................................. 4-23 Active Directory On-Boarding Using Email ............................................................................... 4-23 Communication Between Xerox® Workplace Suite and Xerox® Service Manager ....................... 4-24 564 of 1132 569 Security Guide – Xerox® Workplace Suite 5.4 iv Communication Between Xerox® Workplace Suite and Workplace Suite Reporting Service in Azure ........................................................................................................... 4-24 Communication Between the App from the Gallery, the App Server, and the Xerox® Workplace Suite Server ....................................................................................... 4-25 5. Logical Access, Network Protocol Information................................................................................ 5-1 Protocols and Ports ......................................................................................................................... 5-1 Xerox® Workplace App Ports ...................................................................................................... 5-1 Xerox® Workplace Suite Ports .................................................................................................... 5-1 Document Conversion Engine Server Ports ............................................................................... 5-6 Print Server Ports ........................................................................................................................ 5-6 Printer and Printer Client (EIP App) Ports ................................................................................... 5-7 Job Agent Service Ports .............................................................................................................. 5-7 Job Agent Client Ports ................................................................................................................ 5-7 Network Appliance Ports ............................................................................................................. 5-8 iOS Native Printing Ports ............................................................................................................ 5-8 Port Diagram ................................................................................................................................... 5-9 Network Port Diagram ................................................................................................................. 5-9 6. System Access ................................................................................................................................ 6-1 Xerox® Workplace Suite (Web Administration Portal) .................................................................... 6-1 Xerox® Workplace App (Print Portal) .............................................................................................. 6-1 Workplace Client ............................................................................................................................. 6-2 Printer Client (EIP App) ................................................................................................................... 6-2 User Portal ...................................................................................................................................... 6-2 7. Additional Security Items................................................................................................................. 7-1 Auto Release via Network Appliance Workflow .............................................................................. 7-1 Models ......................................................................................................................................... 7-1 Audit Log ......................................................................................................................................... 7-1 DMZ Configuration .......................................................................................................................... 7-2 DMZ Setup .................................................................................................................................. 7-2 Mobile Devices and the DMZ Server .......................................................................................... 7-2 Debug Logs ..................................................................................................................................... 7-3 Workplace Suite Server Windows File Structure ............................................................................ 7-3 Smartcard (CAC/PIV) Integration .................................................................................................... 7-3 Printer Client Release Permissions ................................................................................................ 7-3 Administration Recovery ................................................................................................................. 7-4 Single Sign-On ................................................................................................................................ 7-4 565 of 1132 570 Security Guide – Xerox® Workplace Suite 5.4 v 8. Additional Information and Resources ............................................................................................ 8-1 Security @ Xerox ............................................................................................................................ 8-1 Responses to Known Vulnerabilities ............................................................................................... 8-1 Additional Resources ...................................................................................................................... 8-1 566 of 1132 571 Xerox® Workplace Suite 5.4 – Security Guide 1-1 1. Introduction Xerox® Workplace Suite (WS) is a workflow solution that connects a corporation mobile workforce to new productive ways of printing, and controls user access to Xerox® Multifunction Printers (MFP). Printing is easy and convenient from any mobile device without needing standard driver s and cables. This solution also supports Desktop Printing, allowing printing to a common queue with the ability to release jobs to any printer. This reduces waste from uncollected jobs and provides security for sensitive information, since jobs are only printed when the user is standing at the printer. WS has been extended in version 5.0, providing a single sign-on (SSO) infrastructure. Apps in the Xerox App Gallery which have been modified to support this new infrastructure may use WS as a storage vault for user login information (e.g., credentials or tokens). After logging into WS, a user may select an SSO enabled Gallery App, which queries WS to obtain the user’s login information for that app. If available (and valid…e.g., not expired), the app uses that information to log the user into the Gallery App without the need to provide additional login credentials. Purpose The purpose of the Security Guide is to disclose information for Xerox® Workplace Suite with respect to application security. Application security, in this context, is defined as how data is stored and transmitted, how the product behaves in a networked environment, and how the product may be accessed, both locally and remotely. This document describes design, functions, and features of the Xerox® Workplace Suite relative to Information Assurance (IA) and the protection of customer sensitive information. Please note that the customer is responsible for the security of their network and the Xerox® Workplace Suite does not establish security for any network environment. This document does not provide tutorial level information about security, connectivity or Xerox ® Workplace Suite features and functions. This information is readily available elsewhere. We assume that the reader has a working knowledge of these types of topics. Target Audience The target audience for this document is Xerox field personnel and customers concerned with IT security. It is assumed that the reader is familiar with the solution; as such, some user actions are not described in detail. Disclaimer The content of this document is provided for information purposes only. Performance of the products referenced herein is exclusively subject to the applicable Xerox Corporation terms and conditions of sale and/or lease. Nothing stated in this document constitutes the establishment of any additional agreement or binding obligations between Xerox Corporation and any third party. 567 of 1132 572 Xerox® Workplace Suite 5.4 – Security Guide 2-1 2. Product Description Overview The Xerox® Workplace Suite provides three primary workflows: • Print Management Workflow (which includes Single Sign-On for supported Gallery Apps) • Mobile Print Workflow • Content Security Workflow Print Management Workflow There are two parts to the Print Management workflow: Printer Authentication and Desktop Printing and Release. Authentication Defined as customers who require validation of user access to MFPs before device usage is allowed at the “All Services” screen. Card-based is the most widely used authentication method. User name and PIN-based login at the device is an alternate method of login when card readers are not installed or are not functional. Authentication as a standalone option provides device security access only, for the customer who does not require print jobs associated with their network login. Supported authentication mechanisms include: • Cards (e.g., HID Prox) • Alternate Login – Email and Confirmation Number – PIN (card number) – LDAP/AD • Mobile Phone Unlock using the Xerox® Workplace App: supporting NFC, QR Codes and Unlock Code Entry • NFC Unlock with a support USB Card Reader (Android Only using Elatec TWN4 Reader with NFC unique programming) Single Sign-On Xerox and its partners offer different types of Apps in the Xerox App Gallery, many of which require some type of user authentication. These Apps typically requiring unique login credentials for each one. In order to improve this user experience, WS offers a Single Sign-On (SSO) capability, where users log into the printer, and are then able to select one of these supporting Gallery Apps without the need to provide additional credentials. The Single Sign-On feature allows WS to store user access information for Xerox® Gallery Apps that have been designed to support the single sign-on feature. The Authentication solution now becomes an SSO vault. The SSO vault acts as a storage vault, where login information for each supported/enabled Gallery App is stored. 568 of 1132 573 Xerox® Workplace Suite 5.4 – Security Guide 2-2 As an analogy, you can think of the SSO vault (e.g., XWC) as a security vault with a collection of safety deposit boxes. Each user is given a safety deposit box that is unique for that user and a specific App (e.g., the File and Print Dropbox App). To access the safety deposit box, the user provides their identity (i.e. they log into the printer) and then indicates which safety deposit box they wish to access by selecting an App on the User Interface of the printer. The App then views the contents of the safety deposit box from the security vault or they may update or delete the contents. All content to be stored in the vault is encrypted by the App (or its backend hosted sys tem) before being given to the SSO vault. This ensures that the SSO vault can never view or use the contents being stored in the vault. Only the App infrastructure knows how to decrypt and use the contents of the vault. Desktop Printing The Workplace Suite supports the Desktop Print feature using two different print queue types. 1. Network Queues – where jobs are printed to a shared Windows network print queue and can then be routed or processed appropriately according to the print workflow (Direct or Pull-Print). 2. Client Queues – where jobs are retained locally on the user’s client PC until they are routed and processed, again based on the print workflow (Direct or Pull-Print). This method requires the installation of a desktop client on the user’s workstation. For either of the above print server models, the administrator may configure the type of print workflow that they would like to use. The two supported workflows: 1. Pull Print – where jobs are held until the user authenticates themselves at a printer and releases. 2. Direct Print – where jobs are sent immediately to the printer that is associated with the queue. Rules and Quotas can also be applied to desktop jobs, which allows control over who is able to print, to which devices and at what time as well as controlling how many pages can be printed. Rules can also be used to control which print features (color or 2-sided) are available to users. Mobile Print Workflow The workflow of mobile printing is quite simple. A user using a mobile device such as a smart phone, tablet, or laptop sends a document to the Xerox® Workplace Suite. Depending on the submission method, the job is either printed without any further user action or the user manually releases the job to print. Rules can also be applied to mobile print jobs, which allow control over who is able to print, to which devices and at what time. Rules can also be used to control which print features (color or 2-sided) are available to users. There are several methods for a mobile user to submit or release a job to print. The Submission method is technically decoupled from the release method. However, certain submission/release pairs make more sense than other pairs. 569 of 1132 574 Xerox® Workplace Suite 5.4 – Security Guide 2-3 Submission Methods • E-mail • Xerox® Workplace App (formerly Print Portal) • Simple Desktop Print Service (upload) Release Methods • Printing device UI (via EIP) • Xerox® Workplace App (formerly Print Portal) Combined Submission / Release Methods (Note: jobs print without any explicit user action after submission): • E-mail • Xerox® Workplace App (formerly Print Portal) Content Security Workflow The Content Security Workflow allows an administrator to create Content Profiles and define search strings which are used to track documents processed by WS. The administrator can define actions that will be taken when a document is searched and found to match a Content Profile. The possible actions include: • Logging the matching Content Profile name in the Job History. • Emailing (notifying) a list of recipients with details on the job (e.g., who printed it, name of the job, the device it was printed to, the time and date it was printed and the matching Content Profile name. • Storing a copy of the job for audit purposes. 570 of 1132 575 Xerox® Workplace Suite 5.4 – Security Guide 2-4 Diagrams The below diagram shows a couple of example system component / architecture diagrams for different sized customers using the Workplace Suite for both the Print Management and Mobile Print Workflows. These diagrams and their components will be discussed in greater detail in the following sections of this document. Simple Workplace Suite Components Workplace Suite Server WS Service DCE Print Server DB File Store Simple Workplace Suite Architecture (Single Server) Xerox® EIP MFPNon-EIP Printer Network Appliance and Reader Cellular Network Azure Cloud Cloud Based Routing ServiceLogin Job and Printer Transations Customer Email Server Email Submission Email Submission Send / Receive Email Upload Jobs Via Network Queue Job Notification and Configuration Job Notification Print Job Submission Printer Discovery Print Job Submission Card Data Customer LDAP Server Printer Discovery And Configuraiton EIP Browser Pages, Job Management, Convenience Authentication Print Job Submission Job and Print Information, Authentication LDAP Authentication And User Lookup Web Administration Notifications Xerox® Services Manager Service Bus Printer and Site Import / Job Data Export Azure Service Bus Onboarding Corporate Wireless Usage Tracking Information Workplace Suite Reporting Service Scan Job Mobile Phone User PC with Network Queue User PC with Client Queue 571 of 1132 576 ..... t--- • I I , ___ J r----1 I I I I I I I I I I I , ____ ] • Xerox® Workplace Suite 5.4 – Security Guide 2-5 Advanced Workplace Suite Architecture Load Balancer Database Regional Print Cluster Print Server Regional Print Cluster Hyper-V Failover Advanced Workplace Suite Architecture Azure Cloud Azure Service Bus Cloud Based Routing Service Xerox Services Manager Service Bus WS Servers Printers (Distributed Regionally) Shared File Store DCE DCE DCE Customer Email Server Print Server Secondary Print Server Secondary Print Server Shared File Store Secondary Print Server Secondary Print Server Print Server DCE DCE ADS ADS ADS Workplace Server Workplace Server Workplace Server 572 of 1132 577 -------------------------------, D :·::··: . . • • . . • • . . • • . . • • • . . ------· Do o· I I I I I I I I I I I I I I I I I I I I I I 14 I I I ~-----~ ~---~I I I I I I I I ~----~ ~~-~1 I --------------___ J r------, I I I I I I 1 ____ ~1 I I I I L_ ____ _J ~--------- L--------------------------------- Xerox® Workplace Suite 5.4 – Security Guide 2-6 Single Sign-On Components Xerox® Workplace Suite Database WS Server Gallery App Printer EIP Browser Gallery App Server Database Description of System Components Component Description User A user of the WS system. Xerox® Workplace Suite On premise application that runs on customer provided hardware/server, which supports Printer Discovery, Printer Management, Print Routing, EIP Web Page Host, Administration Host, and Convenience Authentication. Xerox® Workplace App (print portal) Mobile Phone application that allows the user to find printers and upload / send print jobs to WS. Xerox Cloud Services Xerox Cloud Services hosted on Microsoft Azure that support Mobile Phone authentication, printer discovery and print submission. Customer ADS/LDAP Server Used for user authentication. Print Server with Network Queues Windows PC hosting Shared Network Print Queues running the Job Agent Service. Handles job routing, notifying the WS of new jobs, parses jobs, modifies job for selected attributes, and transmits jobs to the printer on release. Document Conversion Engine (DCE) Converts mobile jobs to print ready format upon release and transmits jobs to the printer. 573 of 1132 578 I /\ 1-C----I I I \) -I I I I I I I ,, I J ~ -~------➔ 7 + I I\ \) Xerox® Workplace Suite 5.4 – Security Guide 2-7 Component Description SQL Database Storage of WS configuration, user info, job info, job history. File Storage Storage of print jobs. Printer Any printing device (Xerox® or Non-Xerox®) that is enabled to support WS. Customer Email Server The Customer Email Server is used to get print jobs to the Xerox® Workplace Suite. User PC with Network Queue and/or Client Queue User’s system on which network print queues or client queues (using the desktop client) are installed. Network Appliance External hardware device that supports card-based document release at Non- Xerox or Non-EIP Devices. Xerox® Services Manager External Xerox application used in managed service accounts. Workplace Suite Reporting Service Collects usage information used to improve future performance and functionality of the solution. App from App Gallery An App found in the Xerox App Gallery that has been modified to support SSO. App Server A backend system that handles the browser-based calls and processing needed by the App. Maintains knowledge and information about the SSO server. 574 of 1132 579 Xerox® Workplace Suite 5.4 – Security Guide 3-1 3. System Architecture Xerox® Workplace Suite Server The Xerox Workplace Suite server is the primary server for this Xerox solution. It is responsible for handling administration and configuration of the system, orchestration of all components and services, performing authentication and serving EIP browser pages, performing usage tracking and job management. WS runs on a Windows based server or PC. Xerox® Workplace Suite Volatile Memory Type (SRAM, DRAM, etc.) Size User Modifiable (Y/N) Function or Use Contains Customer Data Process to Clear: RAM Varies based on customer system N Executable code, temporary storage for messages processing related data, variables, state information, etc. Y Power Off or Exit of the Service Xerox® Workplace Suite Non-Volatile Memory Type (Flash, EEPROM, etc.) Size User Modifiable (Y/N) Function or Use Contains Customer Data Process to Clear: HDD Varies Based on Customer System Y Storage of binaries, libraries, graphic images, HTML pages, JavaScript pages, certs, configuration, logs, user documents, print drivers, installers, templates, job metadata Y Requires uninstall of software and then manual removal of remaining files (e.g., logs and database file) Print Server Running Job Agent Service Print Servers for WS are Windows Servers running the Job Agent Service (JAS). Print Server can run as standalone systems, separate from the WS main server, or the JAS can run on the same system as the WS server software. The Print Server / JAS is responsible for accepting incoming jobs, storing them to the designated location, parsing jobs to detect user and accounting information as well as job attributes, notifying the WS system of the job, updating job attributes and transmitting released jobs to the printer. 575 of 1132 580 Xerox® Workplace Suite 5.4 – Security Guide 3-2 Print Server and Job Agent Service Volatile Memory Type (SRAM, DRAM, etc.) Size User Modifiable (Y/N) Function or Use Contains Customer Data Process to Clear: RAM Varies Based on Customer System N Executable code, temporary storage for processing related data, variables, state information, etc. Y Power Off or Exit of the Service Print Server and Job Agent Service Non-Volatile Memory Type (Flash, EEPROM, etc.) Size User Modifiable (Y/N) Function or Use Contains Customer Data Process to Clear: HDD Varies Based on Customer System Y Storage job and related info, configuration, logs. Y Removal / Un-install of the JAC. Manual removal of some files after uninstall is required (e.g., job information). Document Conversion Engine Document Conversion Engine Volatile Memory Type (SRAM, DRAM, etc.) Size User Modifiable (Y/N) Function or Use Contains Customer Data Process to Clear: RAM Varies Based on Customer System N Executable code, temporary storage for processing related data, variables, state information, etc. Y Power Off or Exit of the Service Document Conversion Engine Non-Volatile Memory Type (Flash, EEPROM, etc.) Size User Modifiable (Y/N) Function or Use Contains Customer Data Process to Clear: HDD Varies Based on Customer System N Storage of binaries, libraries, logs, printer information, print job data. Y Removal / Un-install of the DCE. Manual removal of some files after uninstall is required (e.g., job information). 576 of 1132 581 Xerox® Workplace Suite 5.4 – Security Guide 3-3 Client PC Running Job Agent Client Client PC and Job Agent Client Volatile Memory Type (SRAM, DRAM, etc.) Size User Modifiable (Y/N) Function or Use Contains Customer Data Process to Clear: RAM Varies Based on Customer System N Executable code, temporary storage for processing related data, variables, state information, etc. Y Power Off Client PC and Job Agent Client Non-Volatile Memory Type (Flash, EEPROM, etc.) Size User Modifiable (Y/N) Function or Use Contains Customer Data Process to Clear: HDD / SSD Varies Based on Customer System N Storage of binaries, libraries, printer information, print job data Y Removal / Un- install of the DCE. Manual removal of some files after uninstall is required (e.g., job information). Open Source Components Xerox® Workplace Suite does make use of Open Source software modules in its different components (e.g., the Workplace Suite Server, DCE, JAS/JAC, etc.). An up to date bill of materials for this solution is available upon request from Xerox. 577 of 1132 582 Xerox® Workplace Suite 5.4 – Security Guide 4-4 4. System Interaction This section describes the system components and their interfaces. Xerox® Workplace Suite Server The Workplace Suite server is the foundational component of the Xerox® Workplace Suite solution, used to manage the system’s behavior and user’s interaction within the system from authentication, document submission, and printing. The Xerox® Workplace Suite Server (WSS) is a Windows® application running on a Windows® Server. WSS will conform to the customer’s existing security policies, using Windows® based authentication to access this application. It is recommended that access to the server be limited to Systems Administrators and authorized Xerox® personnel. Users authenticate themselves at a printer using the WSS. In addition, user’s documents are received and either stored for secure release or directly printed at a printer. The Xerox ® Workplace Suite server monitors and works in conjunction with the available Conversion Servers for document conversion and print processing, as well as the Job Agent Clients and Print Servers on receiving and releasing desktop print jobs. The XWSS provides Single Sign-On functionality for supported Gallery Apps. For network communication using HTTPS, the WSS supports TLS versions 1.0, 1.1 and 1.2. Support for SSL v2/v3 has been deprecated. There are a number of sub-functions of the Xerox® Workplace Suite server, which are discussed in greater details below. Administration Services The WSS administration services provide configuration, user, printer and job management. The administrator interacts with the Administration Services via a web browser interface to perform tasks such as creating an incoming email account to receive jobs upon, managing users, registering printers, and enabling features. Connection to the Administration Services is supported via HTTP (port 80) or HTTPS (port 443). By default, the Workplace Suite Server uses a self -signed certificate for HTTPS communication. [Please note that most web browsers will generate a warning when using the self -signed certificate as it was not generated by a trusted authority]. The administrator has the option to load and use a certificate from a trusted certificate authority on the Xerox® Workplace Suite server. The Workplace Suite Admin webpage is accessed via a web browser. By default, the system uses an email address and confirmation number to access the administration interface the first time. From there, there administrator may select the desired authentication mechanism for both web administration and user portal (see next section) access. The supported authentication mechanisms are: • Email and Confirmation Number – User can login using their email and a system generated Confirmation Number. • LDAP Authentication – User can login using their LDAP credentials. At least one LDAP Connection must be enabled to select this option. 578 of 1132 583 Xerox® Workplace Suite 5.4 – Security Guide 4-5 • Windows Integrated Authentication - When this option is enabled, users will not be required to log into the User Portal. Workplace Suite will use the identity of the current Microsoft Windows session to log the user into the portal. User Portal Services The WSS User Portal provides the ability for a user to manage settings and configuration specific to themselves. At this time, this is limited to being able to view and manage Release Permissions for the Printer Client (EIP App). Refer to section “7.5 – Printer Client Release Permissions” for further details on this feature. Users interact with the User Portal via a web browser interface. Connection to the User Portal is supported via HTTPS (port 443). By default, the Workplace Suite Server uses a self -signed certificate for HTTPS communication. Mobile Print Workflow Details By default, the Mobile Print Workflow allows any user to create an account within the system. Accounts are created whenever an email submission is received or when the Xerox® Workplace App (print portal) is first used to access the system. However, the system can be configured to only allow a specific set of users (an allowed -list) or to not allow a specific set of users (a block-list). When an account is created the user receives a system generated confirmation code. The confirmation code is used to access their jobs at the MFP or to connect the Workplace App to the server. All users’ jobs are stored and referenced based upon the user’s email address. User’s jobs are stored in the Workplace Suite Server Windows file system with a randomized file name. By default, they are not encrypted, however, an Encrypted File System (EFS) may be configured manually. Unprinted jobs are deleted based upon an administrator configured retention period. The default retention period is 1 day. The Retention Settings apply to Third Party Print Queues in addition to printers. Sending documents to a Third-Party Print Queue is equivalent to the print command in the Mobile Print Workflow. This means that if the system is configured to delete documents after printing, documents are deleted after sending them to a print queue. Based on this same example, if a default print queue is set on the system, all emails sent to Workplace Suite are in turn sent to the default print queue and immediately deleted from the system. Print Management Workflow Details By default, the Print Management Workflow supports auto-registration. If the customer site uses LDAP or Domain controllers, then auto-registration allows the user to scan their badge (or Android phone with NFC) via a connected USB card reader at a Print Management (authentication) enabled printer. The user would then provide their LDAP authentication credentials to validate their identity, resulting in the addition of that user and their relevant LDAP information (name, email, network user name) in the Workplace Suite user database. The solution can support multiple badges per user if desired. If auto-registration is not used, there are other options to create and manage users, including: Manual Updates, CSV Import, and LDAP Import. All submitted jobs are stored and referenced based on the user’s network user name and email address. The user’s jobs are stored in the print server’s Windows file system, or on the client with a randomized file name. Unprinted jobs are deleted based on an administrator configured retention period. The default retention period is one day. 579 of 1132 584 Xerox® Workplace Suite 5.4 – Security Guide 4-6 Rules Processing The WS system allows the administrator to define rules which are applied at print release time (applies to copy jobs as well). There are 2 types of Rules available in WS. 1. Print Controls – are used to determine which printers are available, the time and day when they can be accessed and what attributes may be used when processing jobs for any given user. 2. Print Quotas – are used to set a page limit per user that they are allowed to print during a given time period (daily, weekly, monthly). By default, no rules are defined. Users may access any printer, at any time, and all print attributes are available. In addition, there are no print quotas defined, so users can print an unlimited number of pages. When one or more rules have been defined and enabled, the system switches to a permission access mode. In order to print, the user must be granted permission to print to a given device using a rule. The administrator can control which devices, which time of day and which attributes are available to the users of the system. If there are no rules allowing a user to print, based on the device being used and the time of day, then the user’s job is blocked from printing after release. If a user exists in multiple rules, then all rules are checked at the time of print release. If there is at least one rule allowing the user to print to the given device based on the time of day, then the jobs are allowed to complete. If there are multiple rules that map the current printer and time of day, which have conflicting print feature access (e.g., color and single-sided), the rule(s) granting access to these features take precedence). Rule processing always occurs on the WS server. This processing determines if a user is allowed to release a print job on a given printer, at the current time and if any job attributes need to be modified (e.g., change to black & white or duplex). The actual job attribute changes occur in different components based on the location of the job: JAS/JAC for desktop jobs and the DCE for mobile jobs. Content Security Processing The processing of jobs for Content Security occurs at the time the job is uploaded into the WS system. This implies that the processing occurs in different components based on entry into the solution. For desktop submitted jobs using the Print Management Workflow, the J AS/JAC components handle content security processing. For Mobile Print jobs and Copy and Scan jobs, the WS server handles the processing. The WS server handles the coordination of the results of the content security processing and ensuring the configured options for a matching profile is applied: Logging, Email Notification and Storing. In the case of Content Storing of a job, the administrator defines the location of where the data will be stored using the web admin as well as the retention period of the stored files. The maximum allowed retention period is one year. Once the retention period is reached, the stored file(s) are deleted. As with any Microsoft server OS, the deleted documents follow traditional Microsoft Windows deletion processes and are deleted from the NTFS list. Documents are not actually deleted from the hard disk itself, but are overwritten as the system reclaims the disk space. The Workplace Suite provides no facilities to erase the documents themselves. The stored files are not encrypted by WS. However, file Encryption is available using the Microsoft built-in Encrypted File System (EFS) feature. Copy and Scan Job Processing The WS solution supports the ability to perform Scan and Copy jobs. Both job types result in the scan job being sent or pulled to the server. The job is stored temporarily in the Content Partition Storage location until it is printed or emailed. The job is deleted after it is transferred to the final destination. If Content Security is enabled and the job matches a Content Profile that is configured 580 of 1132 585 Xerox® Workplace Suite 5.4 – Security Guide 4-7 with the content storage option, the original PDF received from the scan is then stored in the configured content storage location. If Rules are enabled, then they are applied to Copy jobs, as copies result in printed / marked pages. Single Sign-On The WS Server provides the SSO functionality that can be called or access from supported Apps in the Gallery. The server acts as the network interface accepting and responding to requests to store or retrieve authentication information as well as the keeper of that information. All SSO related information is stored in the SQL database used by WS. Sensitive information such as the actual stored authentication data, the private key used to decrypt the SSO requests sent by an App and the public key used to validate signed requests from an App are all stored in encrypted format (SHA256) within the SQL database. Xerox® Workplace App (formerly Print Portal) The application uses a Xerox managed cloud-based routing service to direct the user to the appropriate Xerox® Workplace Suite server. Once authenticated, the user’s credentials and authentication token are stored in the application until they log out. The Workplace Suite Admin has control over how often a user will need to re-supply their credentials when using the Workplace App. An option exists to retain the logged -on user’s credentials within the app, such that any subsequent logon will not require the user to re-supply their credentials. The Admin may also control the length of time that the user will remain logged into the account when using the Workplace App. Users will be required to re-supply their credentials once the once the timeout is reached. If the Admin has enabled the “Retain Login Credentials” feature, then the user would automatically be logged back into the system after the expiration time period. Users can only access jobs that they have submitted. This includes Print Management Workflow (Pull-Print) jobs as well. With the Workplace App, users can preview their jobs, see a list of available printers, select print options and submit their job for printing. For security reasons, enabling and accessing the Workplace Suite server using the Workplace App is a multi-step process: 1. An administrator must enable the use of the Workplace App via Administration Services at the Workplace Suite Server, the result of which is a “company code.” The Workplace Suite administrator must distribute this code to authorized users. [Note: An administrator may request a new company code at any time.] 2. During initial log-in a user must enter their email address and company code. 3. The Workplace Suite system generates a confirmation code and sends the confirmation number to the user at the supplied email address. 4. The user must then enter the confirmation code into the Workplace App. The Mobile Print Workflow supports both an allowed-list and a block-list capability. An allowed-list would restrict access to only a specified set of user email addresses; a block -list would disallow these email accounts. Lastly, if a user needs to reconfigure the Workplace App from one company code to another, an action verification code is sent to the user by the Xerox ® Workplace Cloud (Cloud Hosted) itself. For customers that have installed both the Mobile Print Workflow and the Print Management Workflow, the Workplace App supports the ability to authenticate with an enabled printer. There is an option in the menu of the app called “Unlock Printer”. This option allows you to use your phone 581 of 1132 586 Xerox® Workplace Suite 5.4 – Security Guide 4-8 to authenticate with a device in place of a card or using Alternate Login. The supported logon methods for mobile phone unlock include: • NFC (Android and iOS, where your iOS device must be an iPhone 7 or newer running iOS 11 or later). [Feature requires a Xerox® VersaLink or Xerox® AltaLink series printer] • QR Code – You may scan the QR code found on the welcome page or on the blocking screen of the printer user interface panel. • Unlock Code – You may enter the 4-character code found on the authentication blocking screen of the printer. The Workplace App supports iOS native printing. This print mechanism uses a combination of printer discovery, via either mDNS or DNS-SD to locate a compatible printer. If using mDNS, the Apple Bonjour Service must be installed on the Xerox® Workplace Suite server, and the standard Bonjour ports must be opened on the server’s firewall. The Xerox® Workplace Suite Server responds to mDNS queries and advertises itself as a printer, thereby allowing Workplace App users to submit print jobs to Workplace Suite using iOS native printing. Alternatively, the IT administration at a customer site can configure their DNS servers to advertise the Xerox ® Workplace Suite server as a printer. This allows client applications such as Workplace App to use DNS-SD (service discovery), to discover the Workplace Suite Server as a printer. Regardless of the type of discovery method, once found, the Workplace App can submit (upload) jobs to the Xerox® Workplace Suite server using IPP (port 631). Jobs are then available for release using t he Workplace App to a printer, or the Printer Client (EIP) Application. There is a version of the Workplace App that supports Google Chromebooks as well as an extension to the Google Chrome browser. When run in these environments, the Workplace App supports “single sign-on” using your Google credentials to validate the user in place of manually entering credentials. Xerox Managed Cloud Based Routing Service The managed cloud routing service provides a “routing” capability between the Workplace App, running on a customer’s smart device, and the Workplace Suite Server running within the customer’s network. Messages are sent from the Workplace App to the Cloud Service. The managed cloud-based routing service runs on the Microsoft Windows Azure Platform (see below). All communication is handled using Industry standard HTTPS protocols. The security certificate is issued by Comodo (a trusted certificate authority) and ensures that the application has been verified and validated. For more information on Windows Azure Security, please visit: http://azure.microsoft.com/en-us/support/trust-center/ Document Conversion Servers The Xerox® Workplace Suite is modular in design, leveraging a core Workplace Suite server component as well as one or more additional Mobile Print Workflow components referred to as Conversion Servers. The Conversion Server converts documents from their native format (e.g., .doc, .ppt) to a print ready file (e.g., Postscript, PCL) that the destination printer understands. A Conversion Server may reside on the same server as the Xerox® Workplace Suite server, or it may reside on a separate server. Only one Conversion Server may reside on any given server. 582 of 1132 587 Xerox® Workplace Suite 5.4 – Security Guide 4-9 Document Storage Both the native format document and the print ready file are temporarily stored to the Conversion Server system disk while the files are active. Once the Conversion Server has completed the document conversion process, the print ready document is stored in the configured Content Storage location, which could be local to the DCE or a shared network resources (e.g., RAID system). Any temporary files created during the conversion process are deleted from the Conversion Server disk and memory after storing the print ready document. The print ready file is deleted from the system once the original is deleted. As with any Microsoft server OS, the deleted documents follow traditional Microsoft Windows deletion processes and are deleted from the NTFS list. Documents are not actually deleted from the hard disk itself, but are overwritten as the system reclaims the disk space. The Workplace Suite provides no facilities to erase the documents themselves. In this sense, the Conversion Server is treated as any other document server within the corporate firewall. Job Agent Service / Workplace Client The Print Management Workflow is modular in design, leveraging the core Workplace Suite Server, as well as one or more additional components referred to as the Job Agent Service and the Workplace Client. The Job Agent Service runs on the print server and is included as part of the install of the Xerox® Workplace Suite software. For customers who want to use an external print server, they can install the Job Agent Service on one or more external servers to create a distributed or regional system of print servers. For environments that want to forego a traditional print server, they can instead install the Workplace Client on each user’s workstation. The Job Agent Service/Client is also responsible for processing incoming print jobs for Content Security. Jobs are processed to see if they match one of the configured Content Profiles. If a match is found, the agent notifies the WS server. If the matching profile has the content storage option enabled, the agent also creates a PDF of the print job and sends this to the WS server to be stored. Job Agent Service The Job Agent Service is a Windows service installed on a print server used in conjunction with the Xerox® Workplace Suite software with the Print Management Workflow license. The service can run on the same server running the Xerox® Workplace Suite, or it can run on one or more external print servers. When installed on an external server, the Job Agent Service starts a listening service and waits for the Workplace Suite Server to enable it to perform job management. The Xerox ® Workplace Suite administrator must add the print server IP Address to the list of print servers, effectively enabling the Job Agent Service to begin communicating with the Workplace Suite server. The messaging between the Workplace Suite Server and Workplace Client consists of: • Reporting of available printers (Queues) • Enablement of printers (Queues) • Job Information – Reporting of new jobs and their details • Notification of job release to an enabled printer • Results of job transfer to a printer • Periodic job synchronization 583 of 1132 588 Xerox® Workplace Suite 5.4 – Security Guide 4-10 Workplace Client The Workplace Client is a Windows service installed on a client workstation used in conjunction with Xerox® Workplace Suite Software with the Print Management Workflow license. When installed a user workstation, the Workplace Client must be pointed to the Workplace Suite Server via the inclusion of a configuration file or via a Service Registry setting which can be pushed to the workstation by the customer IT organization. The Workplace Client is responsible for managing print queues and print jobs on the client workstation. The messaging between the Workplace Suite Server and Workplace Client consists of: • Querying the server for configuration (e.g., polling intervals, timeouts, etc.) • Querying the server for the list of printers (Queues) • Installing or removing printers (Queues) • Job Information – Reporting of new jobs and their details • Polling or notification for job release to an enabled printer • Reporting of job transfer to a printer • Periodic job synchronization Document Storage Mobile Print Workflow Documents are stored unencrypted in the Xerox® Workplace Suite server. The documents are stored in a configurable location†, which can be any location to which the Xerox® Workplace Suite server has access. For performance and configuration reasons, on-box storage is recommended. Access to the documents is protected by Windows and Server access on the client’s domain. As a layer of protection, actual documents are stored with an obfuscated file name and extension. The documents are retained until either: • The user deletes them via the Print Client App at the device UI or the Workplace App. • The Xerox® Workplace Suite deletes them after a configurable timeout. As with any Microsoft server OS, the deleted documents follow traditional Microsoft Windows deletion processes and are deleted from the NTFS list. Documents are not actually deleted from the hard disk itself but are overwritten as the system reclaims the disk space. The Mobile Suite Web Administration UI does provide the ability to delete documents if needed. Note: Encryption is available using the Microsoft built-in Encrypted File System (EFS) feature. Workplace Suite limits the maximum size of a submitted file to 1GB or smaller. A utility may be used to modify this value if necessary. Print Management Workflow All printers (queues) configured for the Print Management Workflow use the Workplace Suite Port Monitor. Part of the Windows print path, this monitor accepts a print ready file (e.g., Postscript of PCL) and writes it to disk. The location where the file is written is configured using the Workplace Suite Web Admin tool. The print ready file and some descriptor files are temporarily stored on the print server or client workstation system disk while the files are active. Upon release to a printer, the Job Agent Service or Client removes the associated files. As with any Microsoft server OS, the deleted documents follow traditional MS Windows deletion processes and are deleted from the NTFS list. Documents are not actually deleted from the hard disk itself, but are overwritten as the system reclaims the disk space. The Xerox® Workplace Suite provides no facilities to erase the documents. 584 of 1132 589 Xerox® Workplace Suite 5.4 – Security Guide 4-11 Xerox® Workplace Suite Database Microsoft SQL Express 2014 database is used by Xerox ® Workplace Suite as the default relational data store. However, WS can be configured to work with an external Microsoft SQL database. In order to create this database, the user who installs Xerox ® Workplace Suite must have permissions to create databases and database logins, and grant permissions. During the installation, Xerox® Workplace Suite grants the system account “Domain\ComputerName$”, the rights to update the created database. LDAP / ADS Server The Xerox® Workplace Suite server retrieves and stores a list of available active directory domains based on the context of the domain to which the WS server belongs. The administrator may also manually add domains if desired. The administrator may then enable or disable domains which can be used for authentication and user import. LDAP Authentication The LDAP/ADS Server is part of the customer’s network and is not a deliverable of the Xerox® Workplace Suite. Therefore, the security and maintenance of the LDAP/ADS Server is outside of the responsibility of WS. When the Authentication Type for the Workplace App or the EIP Printer Client App is enabled for LDAP Authentication, or Convenience Authentication is configured for LDAP when using Alternate Login or Auto Enrollment of Cards (or Android phones with NFC and a supported USB card reader), the Workplace Suite Server verifies user credentials against Active Directory. The workplace credentials consist of Domain Name, Domain Username and Domain Password. The Workplace Suite Server performs an LDAP login using the supplied credentials. Passwords are never stored. By default, the system uses SASL when doing an LDAP bind. In order to communicate with Active Directory, Xerox® Workplace Suite uses the Active Directory Services Interfaces (ADSI) technology available in all Windows operating systems supported by Xerox® Workplace Suite. The communication with the Active Directory servers occurs via the standard LDAP port 389, or via 636 if TLS is being used. LDAP Import Xerox® Workplace Suite can be configured to import users from Active Directory. This capability is an extension of the setup used for LDAP/ADS Authentication. The administrator has the ability to configure the type of LDAP access (Anonymous, Basic, Negotiate) required when connecting the LDAP server. By default, the system is configured to use the Negotiate setting, which instructs the Workplace Suite Server to use SASL when doing an LDAP bind. The administrator must supply user credentials to be supplied to the LDAP server when performing an import, assuming they have selected either Simple or Negotiate for the Usage Mode. The credentials are stored in the Workplace Suite Server database (SQL), and encrypted using SHA256 and AES. As part of the import, the administrator can define the LDAP containers that are queried as part of the import and map the fields within those contains to fields within the Workplace Suite user database. 585 of 1132 590 Xerox® Workplace Suite 5.4 – Security Guide 4-12 As part of the import, the administrator may configure the type of LDAP records that they wish to import: Additions (new LDAP records), Modifications (updated LDAP records) or Deletions (users that have been removed or marked as deleted in LDAP). As part of the “Deletions” option, the administrator may configure an LDAP Filter specific to each LDAP server to be used when looking for deleted records to be removed from the WS database. In order to communicate with Active Directory, Xerox® Workplace Suite uses the Active Directory Services Interfaces (ADSI) technology available in all Windows operating systems supported by Xerox® Workplace Suite. The communication with the Active Directory servers occurs via the standard LDAP port 389, or via 636 if TLS is being used. Printer Xerox printers have a variety of security features that can be employed to increase security. Availability of these features will vary depending on model. It is the customer’s responsibility to understand and implement appropriate controls for printer behavior. Secure Print Xerox® Secure Print allows you to control the print timing of your documents. When using Secure Print during print job submission, users enter a passcode, and then must enter the same passcode to retrieve the job at the printer. Users may choose to use Secure Print with Secure Print enabled printers, or the administrator may configure their system to require that Secure Print be used for all jobs sent via the Mobile Print Workflow to that printer. Secure Print passcodes are never stored on the mobile App or in the Workplace Suite Server. They are transferred securely over TLS. Passcodes are never stored externally to the job on the printer. Passcodes are numeric and conform to the requirements of the printer model. Auto-generated passcodes are a minimum of 6 digits for all printers whose maximum is at least 6 digits. For information on the security of a job while it is stored on the printer, refer to your printer’s documentation. Printer Authentication Xerox® multifunction devices introduce a flexible Xerox Extensible Interface Platform® (EIP). This platform acts as a secure embedded web service that other applications can leverage to expose functionality and services to the user through the local control panel interface. Xerox ® Workplace Suite uses this platform to secure access to the printer. Additional security can be enforced at the printer if the printer is EIP capable and/or supports the EIP Convenience Authentication API. For those printers which support this capability, the Xerox ® Workplace Suite provides the capability to lock the printer’s local user interface, and require the user to authenticate themselves at the printer in order to gain access to any of the services / features of the printer. There are three ways in which a user can authenticate themselves: 1. The user may supply their Xerox® Workplace Suite user credentials (username / password or LDAP credentials depending upon the Company/Account configuration) at the printer. 586 of 1132 591 Xerox® Workplace Suite 5.4 – Security Guide 4-13 2. The user can identify themselves using their access card (e.g., employee badge), or an NFC capable Android phone with a supported USB card reader. [Note: The system can support multiple badges for each user if desired]. 3. The user may use the Xerox® Workplace App, using any of the following methods: a. Supplying the 4-character code found on the local user interface of the machine into the Workplace App. This identifies the printer in the App and the user can confirm that they wish to unlock the device. b. Tapping the NFC tag of the printer using their mobile phone (Android or iPhone 7 or newer with iOS 11). c. Scanning a QR Code (found on the Welcome Page or on the blocking page for AltaLink devices). In each of the above scenarios, upon supplying valid credentials or making the unlock request, the printer removes the blocking screen and the user has access to the services / features of the printer. If the printer is an EIP capable device and the Print Client App is installed, then the user may select the App and view their list of jobs without providing additional login credentials for the app. In conjunction with authentication feature, the Xerox® Workplace Suite supports a feature called Auto-Release. This feature is disabled by default but may be enabled by the Administrator. Upon successfully completing the authentication step at a printer, if the Auto-Release feature is enabled, any print jobs uploaded to the system are automatically be released and printed at the device. Xerox® Workplace Suite: Printer Client App Devices which are EIP capable have the ability to support the Xerox® Workplace Suite App Authentication Solution. This App allows users to identify themselves, view and manage their print jobs. The Workplace Suite Server installs the EIP App on the printer using the EIP Registration API, which is done using HTTP/HTTPS. Communication between the EIP App and the Workplace Suite Server is done using HTTPS over port 443. For older legacy devices that do not support HTTPS or are not able to handle the encryption keys used by the WS server, the option exists to enable the App to use HTTP over port 80 on a printer by printer basis. Xerox Apeos Fuji Xerox® multifunction devices introduce a flexible proprietary platform called Apeos. This platform acts as a secure embedded web service that other applications can leverage to expose functionality and services to the user through the local control panel interfa ce. The Xerox® Workplace Suite uses this platform to secure access and present users with the Xerox® Workplace Suite solution for the Mobile Print Workflow. [The Print Management Workflow does not support Apeos]. Customer Email Server(s) The email server is used to receive emails from and send emails to users of the Workplace Suite solution. The preferred implementation is to leverage the client’s established email infrastructure and email security in place; however, the mail server can be an internally or externally managed server. The email infrastructure acts as the path to transport user’s documents into the Xerox ® Workplace Suite infrastructure. The user’s documents temporarily reside on the mail server until the email message and its attachments are retrieved by the Xerox® Workplace Suite server. 587 of 1132 592 Xerox® Workplace Suite 5.4 – Security Guide 4-14 The Xerox® Workplace Suite administrator will need to configure both the incoming mail server as well as the outgoing mail server. Both connections require credentials (e.g., username / password) to access the mail servers. The setup, maintenance, and security of the customer email server is outside the scope of Xerox® Workplace Suite. Network Appliance The network appliance, sometimes referred to as an ID Controller, is an external hardware device that supports the ability to plug in a USB keyboard mode card reader and transfer card information to a configured application. In this case, the Network Appliance is configured to send card data to the Workplace Suite Server. The network appliance and the Agent communicate via raw TCP sockets with proprietary data exchange based on the manufacturer of the appliance. Elatec: The Elatec TCP Conv and TCP Conv2 use ports 7778 and 7777 respectively. The card data is sent in plain text. RF Ideas: The RF Ideas Ethernet 241 uses port 2001. By default, the card data is not encrypted, but the option to use encryption is available. Xerox® Services Manager The Xerox® Workplace Suite can connect to Xerox® Services Manager (SM) in order to perform the following actions: • Export Job Data (Page count, Plex, etc.) • Import Printers, Sites and Printer/Site Mappings Each of these methods of synchronizing with SM has its own configuration as well as specific limitations on the system as a whole. Connectivity to SM can only be enabled if Xerox® Workplace Suite has a license for “Xerox® Workplace Suite – Managed Print Services.” Export Jobs to Xerox® Services Manager Only the account ID is needed in order to export jobs to SM. If the printer data is matched to a printer in SM, then SM records the data. If “Obscure User Data” is enabled, no identifying user information such as the username or password is sent to SM. All identifying information is replaced by unique GUIDs such that the number of individual users reported remains the same but each unique user cannot be identified. The following data is sent to SM: Display Name • Printer Display Name Network User Name (e.g., the Domain\Username) • If Obscure User Data is set, a random GUID is sent • If Obscure User Data is not set, the Domain\Username is sent 588 of 1132 593 Xerox® Workplace Suite 5.4 – Security Guide 4-15 Email Address • If Obscure User Data is set, a random GUID is sent – Network Accounting ID and User Name – NUp • This only applies when printing using the FX Apeos workflow – Job ID – Job Type – Copies – Page Count B/W – Page Count Color – Total Page Count – Plex – Submission Date Time – Completed Date Time – Content Size – Color • If the document contains color – Duplex – Document Name – Document Type • If the document is Word, PPT, etc. – Media Size – Printer Name – Printer MAC Address – Server Name • Always Workplace Suite Server Name – Server MAC Address • Always Workplace Suite Server MAC address – PDL Type – Fax Destination Number – Fax Duration – Scan Recipient Description – Scan Recipient Type – Device Job Completion Time Import Printers / Sites from Xerox® Services Manager When the Xerox® Workflow Suite is configured to import printers and sites from SM, then SM is treated as the source of record. As such, the administrator has several limitations on what can be modified on printers and sites. The general principle is that any data that comes from SM will be 589 of 1132 594 Xerox® Workplace Suite 5.4 – Security Guide 4-16 read-only. The administrator can only change fields related to printers and sites that do not come from SM. When printers are imported from SM, Xerox® Workplace Suite performs an SNMP discovery to add the printers to the printer list. If the discovery fails, printers are not added to the system. In order to correctly discover SM printers, discovery settings such as SNMP community names and device credentials must be set correctly on the discovery tab. The settings that the printers used to discover the printers from Xerox® Device Manager or Xerox® Device Agent are not used and must be specified again in Xerox® Workplace Suite. If a printer is successfully imported in Xerox® Workplace Suite and is then deleted from SM, it remains in the Xerox® Workplace Suite until the system administrator disables or deletes it. App in the Gallery This item refers to an App in the Xerox App Gallery that has been modified to use the Single Sign- On feature provided by WS and is running on the EIP browser of the printer. The App is expected to retrieve configuration from the printer and pass this back to the App Server so that it can determine if the SSO feature is supported by the WS server. The App and EIP browser act as an intermediary between the App Server (usually outside the corporate firewall) and the WS server, which is typically on the internal customer network. All communication between the App, the App Server and the WS server uses TLS. [Note: the App is not written by or controlled by the WS solution. It is an external component to the system that is making use of functionality provided by the WS.] App Server The server hosting the functionality supplied by an App in the Gallery. This may be a Xerox hosted server or a third-party server, depending upon who created the App. The App Server never directly communicates with the WS. All communication is funneled through the instance of the App running on a printer and the EIP browser of that device. Communication between the App Server and the App uses TLS. [Note: The App is not written by or controlled by the WS solution. It is an external component to the system that is making use of functionality provided by the WS.] User and Email Server Communication The first layer of security is at the point of contact between the user and the method used to expose the email address to the end user. Although this is necessary to facilitate the use of the system, it can be controlled using various mechanisms. For exam ple, the email address can be made available through a Xerox printer’s EIP interface and thus accessible to only people physically at the printing device. The details on how the XMPS solution interacts with the customer email server are provided later. Users submit their documents for printing using standard email messages from their smartphone to their company’s email server. Whether the email messages are encrypted or not is a decision and responsibility of the company’s IT department. If the user is submitting the email within the internal corporate network to a corporate email server, the transmission of the document is as secure as any email sent over the corporate network. This is true for both wired and wireless connections. However, if the user submits the email from outside the corporate network, for example, sending it from a personal email account such as Gmail, security cannot be guaranteed until the email is within the corporate network. 590 of 1132 595 Xerox® Workplace Suite 5.4 – Security Guide 4-17 In both cases, the security of the document is no different than any email sent to a co-worker’s corporate email address. While a public email server can be used, it is recommended that you have control over the email server and that it is within your corporate firewall. This latter configuration offers the fir st line of defense by giving you the ability to create and control Blocked and Allowed user lists based on email domain. The Workplace Suite Server communicates to the end user via email messages sent through the customer’s email server. Each time a user submits documents for printing; the Workplace Suite Server retrieves the message and responds with a confirmation email message. The confirmation email message contains a personal confirmation code. The confirmation code is later used to retrieve and print their documents at the multifunction device (MFD). Confirmation codes are configurable in length and unique for each user. Once assigned the confirmation code will be reused for each submission from the same user. Note, this is specifically for the user’s convenience so that all their jobs will be shown at the MFD. Users may request that their confirmation code be changed at any time. Xerox® Workplace App and Xerox® Workplace Suite Service In order for a smart device application, running on a service provider’s 3G/4G/LTE network to “talk” to a server behind a corporate firewall, an intermediate cloud-based service is used. Xerox uses the Microsoft Azure Service Bus Relay to create this cloud endpoint between the mobile device and the Workplace Suite Service. The HTTPS protocol is used for all communications between the Workplace App, the Xerox managed cloud-based routing service, and the Workplace Suite Service. Validation of the certificate is done by the receiving system. Therefore, the Xerox managed cloud-based routing service relies on the mobile device operating system to validate the security certificate as part of establishing the TLS connection. Likewise, the Xerox managed cloud-based routing service relies on the Workplace Suite Service to validate the security certificate as part of establishing a TLS connection. The Workplace App requires users to authenticate before using any of its features. Basic authentication is performed with the Mobile Workplace App providing email and confirmation number or using LDAP credentials over the HTTPS (TLS) protocol. If using the Chromebook or Chrome browser Workplace Mobile (Print Portal) extension with the single sign-on feature, when a user attempts to log in, the app pre-populates the email field with the logged-on user’s email address. When this is submitted to the server, the app also includes the Google authentication token of the logged-on user as well as the AppID of the Workplace App. The server validates the email, token and AppID with Google using HTTPS over port 443. If these are valid, the user is considered authenticated. The server then creates a Mobile Print authentication token and returns that to the Workplace App. The user then remains logged into the App until the Mobile Print token expires. At this time, the app attempts to repeat the process. Once authentication is complete, data is passed directly between the Workplace App and the Workplace Suite Server or from outside the corporate network by routing through the Azure Service Bus Relay. This includes all data for previewing and printing jobs, location of printers, and user location data as determined by the mobile device. Users are only able to access documents they submitted. Again, all communication is using the HTTPS protocol. In a DMZ Configuration, the intermediate cloud-based service is hosted by the customer. The Workplace App communicates with the customer hosted cloud service, which in turn communicates with the Workplace Suite Server. All communication between the mobile phone and the DMZ 591 of 1132 596 Xerox® Workplace Suite 5.4 – Security Guide 4-18 server, as well as the DMZ server and the Workplace Suite Server is done using HTTPS. All other details in the above section apply to a DMZ setup except for the replacement of the Xerox hosted cloud service with the customer hosted DMZ server. If using iOS native printing, the Workplace App may use mDNS (Port 5353) to discover printers (e.g., the Xerox® Workplace Suite server). When iOS Native Printing is enabled, the Workplace Suite Server is listening for and responding to mDNS queries. Alternatively, the Workplace App may use DNS-SD (Service Discovery) to locate printers. Once found, the Workplace App uses the iOS native print submission mechanism (IPP over port 631) to upload jobs to the Workplace Suite Server. Customer Email Server and Xerox® Workplace Suite Service Communication Network communication between the email server and the Mobile Suite Server is configured within the administration pages. For security: • The Workplace Suite server requires a customer supplied username and password to access the Mail Server. The credentials are stored within the SQL database. • The communication port is configurable. • Network communication between the servers can be configured to be encrypted using TLS. The Workplace Suite server can send emails to the user and acts as a standard email client. It periodically polls the email server (the poll time is configurable) and retrieves any emails and attachments as needed. Once the email is retrieved, the email and attachments on the email server are deleted. The Xerox® Workplace Suite server supports connectivity to the following: • SMTP (port 25 or 587), • IMAP (143 or 993 (TLS)) and • POP (110 or 995 (TLS)) • Microsoft Exchange Web Services (80 or 443 (TLS)) • Lotus Domino NRPC (Port 1352) Using the protocols above, the Workplace Suite connects to the inbound email account to pull messages and use the outbound email configuration for sending email. The inbound and outbound email configurations may use different protocols. Workplace Suite can connect to a Microsoft Exchange Server 2007 or later using Exchange Web Services (EWS). This connection is made over the HTTPS protocol. When communicating with Domino, the WSS communicates using a local API with Lotus Notes Client installed on the same PC as WSS, which in turn uses Note RPC to communicate with the Domino server. The Workplace Suite Server can authenticate either using Basic Authentication or Impersonation. In the case of basic authentication, the username and password are sent securely to the EWS server for authentication. When impersonation is used, the Workplace Suite will Log On as the impersonated user for the duration of the EWS connection. The impersonated user must have Log On credentials to the Workplace Suite system. 592 of 1132 597 Xerox® Workplace Suite 5.4 – Security Guide 4-19 Workplace Suite Server and Printer Communication The Workplace Suite server communicates with the Printer for a number of different reasons using various protocols. These are outlined below: Discovery Discovery applies to all printers that are enabled to work with Xerox ® Workplace Suite. The Workplace Suite Server connects to the printer via SNMP (Port 161) to retrieve printer configuration, capabilities, paper tray information (paper size and availability). The SNMP communication is done either via SNMPv1/v2 (no encryption) or SNMPv3 (encryption) using port 161. Printer Client (EIP App) The Workplace Suite connects to the printer’s web services to install the Printer Client EIP/Apeos application on Xerox printers via port 80 (HTTP) or 443 (HTTPS) based on the configuration of the printer. The Server makes use of the EIP Session API and Device Configuration APIs using these same ports. The Workplace Suite can host web pages to the printing device’s User Interface commonly referred to as Xerox Extensible Interface Platform ® (EIP) and Apeos. The device must be enabled to display these web pages and the web pages do not have any access to documents or any data residing on the printing device. All data exchanged is over port 80 via HTTP (default). HTTPS (port 443) unless the printer is specifically configured to use HTTP (port 80). Based on the configuration of the system, users may need to identify themselves using the Printer Client. This done by entering their confirmation number, primary PIN, email and confirmation number, or their LDAP credentials based on the system configuration. The LDAP password is always obscured (hidden) when entered in the application. The confirmation number is shown by default, but the option to obscure the confirmation number may be enabled by the administrator if necessary. The primary PIN is always displayed. Print Authentication Authentication is only supported by Xerox® multifunction devices that support the EIP Convenience Authentication API. The server configures the authentication feature on the printer via SNMP (Port 161). The SNMP communication is done via SNMPv1/v2 (no encryption) or SNMPv3 (encryption). During user authentication, the Workplace Suite Server and the printer communicate using web service calls to initiate an authentication session, supply card data, and / or prompt the user to supply credentials or other data, and unlock the device for user access. All data exchanged is over port 443 via HTTPS. Scan and Copy For Scan and Copy jobs processed by WS, the scan job is transferred from the printer to the se rver using HTTPS (or HTTP if HTTPS is not available). The server initiates this transaction, so the job is pulled to the server. In the case of Copy jobs, the WS server sends the job back to the printer using the configured print protocol for that device (LPR / RawIP / IPP over SSL). 593 of 1132 598 Xerox® Workplace Suite 5.4 – Security Guide 4-20 Administrator Configuration and the Workplace Suite Server In order to administer the Workplace Suite server, users connect to the server using a web browser. When the system is first installed and not yet configured, the system will be in an open state, allowing any user to connect and configure the basic system using the Install Wizard. This process also requires the configuration of an initial starting administrator by supplying their email address and assigning them a confirmation number. Once the Install Wizard is complete, users log into the system using the configured authentication mechanism for the User Portal. The supported methods for authentication include: • Email and Confirmation Number • LDAP/AD User Credentials • Windows Integrated Authentication For Windows Integrated Authentication, Workplace Suite will use the identity of the current Microsoft Windows session to look up the user in the SQL database. If the user exists, then they are logged into the User Portal without having to provide credentials. If the user does not exist, then they will be blocked from accessing the web interface. [Note: If IIS web server on the XWS system is unable to validate the identity of the logged-on user, then they may be prompted to supply Windows credentials.] The administrator may assign roles to the users of the system, such as “General User” or “System Administrator”. Document Conversion Server and Workplace Suite Service Communication The Workplace Suite service sends the user’s Mobile Print Workflow documents to the Document Conversion Server using a named pipe (net.pipe) protocol on port 8802. The connection can be configured to use other bindings if desired. User documents are only temporarily stored within the external Conversion Server and only to the extent of network communication and conversion. When the Workplace Suite Service and the Conversion Server(s) are on separate machines, they communicate via TCP/IP over ports 8801 and 8802. Document Conversion Server and the Printer The Conversion Server which hosts the Document Conversion Engine (whether running on the same server as the Workplace Suite Service or on a separate server) is responsible for submitting the converted Mobile Print job to the printer. The default submission method for Mobile Jobs is Raw IP (Port 9100) over TCP/IP. Other ports that can be used are 2501, 2000, 515 (LPR), and 443 (IPP over TLS). 594 of 1132 599 Xerox® Workplace Suite 5.4 – Security Guide 4-21 User Workstation and Print Server Communication The user workstation communicates with the print server in two ways: • Print queue and driver install • Print submission Print queue install can be initiated via the Workplace Client, or via the Windows print install wizard if print queues are added manually. Printing is done via traditional shared Windows network printers. These capabilities use DCE/RPC communication over port 1058 and SMB communication via port 445. Job Agent Service/Client and Xerox® Workplace Suite Server Communication The Job Agent runs either on the user’s workstation (Job Agent Client as part of the Workplace Client) or on a Print Server (Job Agent Service). Job Agent Service Start Up When the Job Agent Service is first installed, the software listens on port 443 using HTTPS for initial configuration information from the Workplace Suite Server. Once the administrator adds the IP address of the external print server to its list of supported servers, the Workplace Suite Server pushes the communication endpoint to the Job Agent Service. This endpoint is used for all communication between the Job Agent Service and the Workplace Suite Server. The JAS processes incoming jobs if Content Security is enabled, looking for matches to any of the Content Profiles. If a matching profile has content storage enabled, the JAS creates a PDF copy of the job. The results of content matching and any PDF copies are transferred to the WS server. Job Agent Client Configuration The Workplace Client periodically polls the Workplace Suite Server using the configure endpoint with HTTPS on port 443. This includes the retrieval of timers for job polling, configuration polling, Content Profiles, and maintenance polling. Optionally, the Workplace Client can also be configured to listen for message notification being sent from the Workplace Suite Server. This lessens the amount of network traffic generated using the Workplace Client. When running in the messaging mode, the Job Agent Client (JAC) listens on port 9807 using UDP by default. If this port is not available, the client tries 3 other ports to find one that is not in use, adding 10 each time (e.g., 9807, 9817, 9827 and 9837). If the client fails to obtain a port, then it defaults to using polling when querying for pending jobs. The JAC processes incoming jobs if Content Security is enabled, looking for matches to any of the Content Profiles. If a matching profile has content storage enabled, the JAC creates a PDF copy of the job. The results of content matching and any PDF copies are transferred to the WS server. Job Management Both the Workplace Client and the Job Agent Service c ommunicate with the Workplace Suite Server to communicate new jobs being added to the system, to know when jobs are to be released, to update job status, and job synchronization. This is done via web service calls using HTTPS over port 443. The Job Agent Service listens for notifications from the server about jobs to be released. The Workplace Client either polls for this information or if messaging is enabled it listens on port 595 of 1132 600 Xerox® Workplace Suite 5.4 – Security Guide 4-22 443. The reporting of new jobs and job status is always initiated by the Workplace Client. For the Job Agent Service, communication is two-way. Primary Print Server and Secondary Print Server In the event that a customer has configured the use of 1 or more Secondary Print Servers to be used in conjunction with a Primary Print Server, the servers communicate together using port 443 and HTTPS for the purpose of facilitating workload distribution. Job Agent Service and Printer Communication When a job is released for printing, the Job Agent Service / Client submits a print ready file to the printer. The default submission method is Port 515 (LPR). Raw IP (Port 9100) over TCP/IP can also be used as well as IPP over SSL (Port 443). For Raw IP printing, the port is configurable. External Communication Between Xerox® Workplace Suite Service and Xerox® Cloud Services Except for incoming email, by default Xerox® Workplace Suite cannot be accessed from outside the company network. The administrator enables this workflow and may choose to limit it to only users which are operating within the company network. The Windows Azure Service Bus is a Microsoft Cloud based messaging system that Xerox leverages to establish a secure application to application connection allowing select communication between approved clients outside a company’s network to leverage services within a company’s solution. While the Windows Azure and Xerox hosted service provide the secure connection path to the service, access to the Xerox® Workplace Suite continues to be controlled by the local Workplace Suite solution. The Microsoft Azure Service Bus communication requires that the Workplace Suite server supports TLS 1.0. Xerox® Services Manager and the Windows Azure Service Bus During the provisioning process at set-up time an external URL is provisioned on the service bus then Xerox® Workplace Suite is configured to facilitate communication through that URL using an encrypted key. XMS initiates and maintains a connection to Azure service bus over HTTPS to XMS services so that users using their mobile device over a public cellular or Internet connection can use the Mobile Print Workflow. The URL endpoint assigned is what various end clients (i.e., mobile devices) connect to. Mobile Devices and the Windows Azure Service Bus When the mobile device communicates with XMS through the Azure service bus, communication is always over HTTPS with a secure trusted certificate over the service bus URL allocated in the provisioning process. To mitigate the need for the user to type in the URL, a routing mechanism was created to allow URL discovery based on the user’s email address domain. Users may be prompted for a company code if the login service is unable to determine which company they are associated with using the domain. Company code is used as a deciding factor to which account/service the user will authenticate/route against. Users have an option to always prompt for company code inside the settings view during login. This gives greater flexibility for a user to specify a certain company to be routed to upon login. The discovery and rou ting are facilitated through a Xerox® managed cloud-based routing service, which is discussed in the next section. 596 of 1132 601 Xerox® Workplace Suite 5.4 – Security Guide 4-23 Mobile Devices and the Managed Cloud Based Routing Service Mobile devices or other user interfaces may connect to the Managed Cloud Based Routing Service to determine what cloud endpoint is used for the remainder of the mobile print session. The routing service determines the cloud endpoint by the user’s email address. If this service cannot resolve the external endpoint it may prompt the user for their company code to further resolve the cloud external endpoint. All communication between the mobile devices and managed cloud-based routing service is secure over HTTPS (port 443) with a trusted certificate. Xerox® Workplace Suite and LDAP / Active Directory Communication LDAP / Active Directory Authentication When configured for Enterprise Authentication, Workplace Suite verifies user credentials against Active Directory. Workplace Suite also queries Active Directory for information regarding trust ed domains. In order to communicate with Active Directory, Workplace Suite uses the Active Directory Services Interfaces (ADSI) technology that is available in all Windows Operating Systems supported by Workplace Suite. The communication with the Active Directory servers occurs via the standard LDAP port 389, or via 636 if TLS is being used. Communication is secured via SASL bind using the GSSAPI mechanism. Active Directory Import Xerox® Workplace Suite can be configured to import users from Active Director y. This capability is an extension of the setup used for LDAP / ADS Authentication. The Admin has the ability to configure the type of LDAP access (Anonymous, Basic, Negotiate) required when connecting the LDAP server. By default, the system is configured to use the Negotiate setting, which in turn instructs the Workplace Suite Server to use SASL when doing an LDAP Bind. The Admin must supply user credentials that are in turn supplied to the LDAP server when performing an import (assuming they have selected either Simple or Negotiate for the Usage Mode. The credentials are stored in the Workplace Suite Server database (SQL), and are encrypted using SHA256 and AES. As part of the import, the Admin can define the LDAP containers that are to be queried as part of the import and, in turn, map the fields within those containers to fields within the Workplace Suite User Database. In order to communicate with Active Directory, Workplace Suite uses the Active Directory Services Interfaces (ADSI) technology that is available in all Windows Operating Systems supported by Workplace Suite. The communication with the Active Directory servers occurs via the standard LDAP port 389 or via 636, if TLS is being used. Active Directory On-Boarding Using Email When a new user sends an email, Workplace Suite checks all of the domains configured for “Advanced” or “Advanced with Import” for the user entry matching the user’s email address. If the user is found in Active Directory, Workplace Suite populates the user database with the data found in Active Directory. 597 of 1132 602 Xerox® Workplace Suite 5.4 – Security Guide 4-24 Communication Between Xerox® Workplace Suite and Xerox® Service Manager The Workplace Suite system can be configured to connect to SM in order to perform the following actions: • Export Job Data (Page count, Plex, etc.) • Import Printers, Sites and Printer/Site Mappings Each of these methods of synchronizing with SM has its own configuration as well as specific limitations on the system as a whole. Connectivity to SM can only be enabled if Workplace Suite has a license for “Managed Print Services”. The Importing of Printers and Sites requires the SA to configure an Account ID as well as a Username and Password. Optionally, a Chargeback Code may be specified. For the Exporting of Job Data, the Admin need only configure the Account ID. They may optionally enable the “Obscure User Data” setting, which when enabled obfuscate all user data (e.g., User Name, Email Address, Accounting User Name before sending any data to the SM server. All communication between SM and Xerox® Workplace Suite is over HTTPS (port 443). Communication Between Xerox® Workplace Suite and Workplace Suite Reporting Service in Azure The Workplace Suite Server collects system usage information on a daily basis and report this to the Workplace Suite Reporting Service, an online Xerox service. The type of information being collected includes, but is not limited to, items such as: • Version of Workplace Suite Software • Type of SQL Database • Associated Licenses • Printer Details: – Number of Printers – Features that are enabled (Mobile Print, Authentication, Desktop Print, Printer Client, etc) – Xerox vs Non-Xerox • Server Details – Operating System – Size of Memory – 32 vs 64 Bit – Microsoft Office: Installed, Activation State, Version • Print Queues: – Number and Type (Outgoing, Incoming, Client, Network, Conversion Mode) • Prints: – Number Succeeded, Failed, Deleted or Expired. – Release Mechanism: Email, Printer Client, Mobile App, Auto Release. – Print Job Summary: Number of Color Pages, Number Black & White Pages. – Document Types: Word, Excel, Power Point, etc. 598 of 1132 603 Xerox® Workplace Suite 5.4 – Security Guide 4-25 Information is used to improve Xerox customer support as well as the performance and functionality of the product in future releases. No personal or customer sensitive information is collected. This feature is enabled by default but may be disabled by the customer if desired. This setting resides on the following page: Company > Maintenance > System Health Dashboard > System Utilization. Communication Between the App from the Gallery, the App Server, and the Xerox® Workplace Suite Server All SSO related communication requests to get or set a user’s authentication data uses TLS. Sensitive information in all communications is also encrypted at the message / data item level in addition to the encryption of the data stream itself using TLS. Message level encryption uses shared keys pairs (a public and private key) for exchange of data between the WS Server and the App Server. Data is both encrypted and signed to ensure authenticity and privacy. Encryption is done using an RSA algorithm with key size of 10240. Additional details on SSO can be found in section 7.9 Single Sign-On of this document. 599 of 1132 604 Xerox® Workplace Suite 5.4 – Security Guide 5-1 5. Logical Access, Network Protocol Information Protocols and Ports The following table lists the standard default ports used by the Xerox® Workplace Suite. Some port numbers are configurable on the printer, such as the Raw IP printing port. Other port numbers are non-configurable and cannot be changed. Xerox® Workplace App Ports Protocol Transport and Port Value Use Option Component Direction HTTPS using TLS TCP 443 Authentication, Job / Printer Listing, Initiate Print Conversion Non- configurable App to WS Service Out Xerox® Workplace Suite Ports Protocol Transport and Port Value Use Option Component Direction Azure Service Bus TCP 80, 443 Handling Mobile App requests: Authentication, Submission, Job Listing, Print Release Non- configurable WS to ASB Out Cloud Routing Service TCP 443 Store or update mobile routing information for phone communication Non- configurable WS to Cloud Routing Service Out DCE TCP 8801, 8802 WS and DCE Communication Configurable WS to DCE Out HTTPS TCP 443 WS uses this port to communicate with other WS servers. JAS and JAC also request info using this port. Configurable WS / JAS / JAC to WS Out HTTP TCP 80 WS uses this port to notify JAC Non- configurable WS to JAC Out 600 of 1132 605 Xerox® Workplace Suite 5.4 – Security Guide 5-2 Protocol Transport and Port Value Use Option Component Direction that a job is ready to be released SQL TCP 1433 Microsoft SQL Client to Server Communication for database queries and storing. Non- configurable WS to SQL Server Out LDAP TCP 389 Authentication, User Look-up Non- configurable WS to ADS Server Out LDAPS TCP 636 Authentication, User Look-up. Configurable WS to LDAP Server Out HTTPS using TLS TCP 443 EIP Registration, Configuration, Accounting, Scan Job Retrieval (Note: HTTPS preferred) Non- configurable WS to Printer Out HTTPS TCP 443 Print Authentication (Convenience Authentication) Non- configurable WS to/from Printer In/Out HTTP TCP 80 EIP Registration, Configuration, Accounting, Scan Job Retrieval (Note: HTTPS is used if enabled on the printer) Non- configurable WS to Printer Out SNMP UDP 161 Printer Discovery, Configuration Non- configurable WS to Printer Out HTTPS using TLS TCP 443 Send Print History and Retrieve Printer List to/from Xerox® Services Manager Non- configurable WS to SM Out 601 of 1132 606 Xerox® Workplace Suite 5.4 – Security Guide 5-3 Protocol Transport and Port Value Use Option Component Direction HTTPS using TLS TCP 443 Send system utilization information to the Workplace Suite Reporting Service (MSRS) Non- configurable WS to MSRS Out SMTP TCP 25 Sending email responses Non- configurable WS to SMTP Server Out SMTP / TLS (Secure SMTP) TCP 465 SMTP over TLS. TCP port 465 is reserved by common industry practice for secure SMTP communication using the TLS protocol. Configurable WS to SMTP Server Out POP3 TCP 110 Post Office Protocol version 3, enables “standards- based” clients such as Outlook to access the email server. Configurable WS to POP3 Server Out POP3 / TLS TCP 995 POP3 over TLS uses TCP port 995 to receive encrypted email messages. Configurable WS to POP3 Server Out Exchange Web Services TCP 443 Exchange Web Services used for receiving Email Configurable WS to Exchange Out IMAP TCP 143 Internet Message Access Protocol version 4, may be used by Configurable WS to IMAP Server Out 602 of 1132 607 Xerox® Workplace Suite 5.4 – Security Guide 5-4 Protocol Transport and Port Value Use Option Component Direction “standards- based” clients such as Microsoft Outlook Express to access the email server. IMAP/TLS TCP 993 IMAP4 over TLS for securely receiving encrypted email messages. Configurable WS to IMAP Server Out NRPC TCP 1352 Lotus Notes RPC. This is the API used between Lotus Notes and the Lotus Domino server. Communication between WS and Lotus Notes is via a local API on the same PC. Non- configurable WS (running Lotus Notes) to Domino Server Out HTTP / HTTPS TCP 80 / TCP 443 Administration using Web Admin Tool. If a certificate is already configured on the IIS default website it is used by Xerox® Workplace Suite. If no certificate is configured, WS creates a self- signed cert. The administrator has the option to load a certificate from a trusted Non- configurable Browser to Workplace Suite Service In 603 of 1132 608 Xerox® Workplace Suite 5.4 – Security Guide 5-5 Protocol Transport and Port Value Use Option Component Direction authority later if desired. HTTPS TCP 8443 HTTP over TLS. Used to activate or validate a license. If the customer is using off-line activation, then this port is not needed. Non- configurable Workplace Suite Service to Xerox® Licensing Server Out IPP TCP 631 Receipt of Mobile Jobs on phones using the iOS Native Print feature. Always uses TLS. Non- configurable Mobile Phone to WS In HTTPS TCP 443 HTTP over TLS. Used to validate a Chrome browser or Chromebook single sign-on user with Google. Non- configurable WS to Google Out App Socket RAW or Windows TCP- Mon TCP 9100 Print Submission of Copy Jobs Configurable WS to Printer Out LPR TCP 515 Print Submission of Copy Jobs Non- configurable WS to Printer Out IPP over TLS TCP 443 Print Submission of Copy Jobs. Encrypted print transfer. Non- configurable WS to Printer Out HTTPS TCP 443 Single Sign-On requests. Non- configurable WS <-> Printer In/Out Raw TCP 7778 Receive Card Swipe Data from Elatec TCPConv Configurable Network Appliance to WS In 604 of 1132 609 Xerox® Workplace Suite 5.4 – Security Guide 5-6 Protocol Transport and Port Value Use Option Component Direction Raw TCP 7777 Receive Card Swipe Data from Elatec TCPConv2 Configurable Network Appliance to WS In Raw TCP 2001 Receive Card Swipe Data from RFIdeas Ethernet 241 Configurable Network Appliance to WS In Document Conversion Engine Server Ports Protocol Transport and Port Value Use Option Component Direction App Socket RAW or Windows TCP- Mon TCP 9100 Print Submission Configurable DCE to Printer Out LPR TCP 515 Print Submission Non- configurable DCE to Printer Out IPP over TLS TCP 443 Print Submission. Encrypted print transfer Non- configurable DCE to Printer Out DCE TCP 8801, 8802 WS and DCE Communication Configurable WS to DCE In Print Server Ports Protocol Transport and Port Value Use Option Component Direction SMB Print TCP 445 Print submission to a network queue. Client Workstation to print server. Non- configurable Workstation to Print Server In DCE/RPC TCP 1058 Network Print Queue Access and Driver Download. From Workstation Print Queue to Print Server or from Workplace Client to Print Server. Non- configurable Workstation to Print Server In 605 of 1132 610 Xerox® Workplace Suite 5.4 – Security Guide 5-7 Printer and Printer Client (EIP App) Ports Protocol Transport and Port Value Use Option Component Direction HTTP / HTTPS TCP 80 / 443 Retrieval of EIP Browser pages for display on the UI. Uses HTTPS by default. Authentication, Job Listing, Initiate Print Conversion Non- configurable Printer EIP App to WS Service Out HTTPS TCP 443 Printer Authentication Non- configurable Printer to/from WS In/Out Job Agent Service Ports Protocol Transport and Port Value Use Option Component Direction Raw IP TCP 9100 Print Submission Configurable JAS to Printer Out LPR TCP 515 Print Submission Non- configurable JAS to Printer Out IPP over TLS TCP 443 Print Submission Non- configurable JAS to Printer Out HTTPS TCP 443 Configuration, Job Information, Print Release Configurable WS to/from JAS In/Out Job Agent Client Ports Protocol Transport and Port Value Use Option Component Direction Raw IP TCP 9100 Print Submission Configurable JAC to Printer Out LPR TCP 515 Print Submission Non- configurable JAC to Printer Out IPP over TLS TCP 443 Print Submission Non- configurable JAC to Printer Out DCE/RPC TCP 1058 Network Print Queue Access and Driver Download. Non- configurable Workplace Client to Print Server In 606 of 1132 611 Xerox® Workplace Suite 5.4 – Security Guide 5-8 Protocol Transport and Port Value Use Option Component Direction From Workplace Client to Print Server. HTTPS TCP 443 Configuration, Job Information, Print Release Configurable JAC to WS Out Raw UDP 9807 Notification of Print Job Release Configurable WS to JAC In Network Appliance Ports Protocol Transport and Port Value Use Option Component Direction Raw TCP 7778 Receive Card Swipe Data from Elatec TCPConv Configurable Network Appliance to WS Out Raw TCP 7777 Receive Card Swipe Data from Elatec TCPConv2 Configurable Network Appliance to WS Out Raw TCP 2001 Receive Card Swipe Data from RFIdeas Ethernet 241 Configurable Network Appliance to WS Out iOS Native Printing Ports Protocol Transport and Port Value Use Option Component Direction DNS-SD UDP 53 Mobile Phone printer discovery using DNS. Not- configurable Phone to DNS Server Out mDNS UDP 5353 Mobile Phone printer discovery on the local subnet using mDNS. Not- configurable Phone Broadcast on Local Subnet Out IPP TCP 631 IPP Print submission Not- configurable Phone to WS Out 607 of 1132 612 Xerox® Workplace Suite 5.4 – Security Guide 5-9 Protocol Transport and Port Value Use Option Component Direction to Xerox® Workplace Suite. Always uses TLS. The default port for hosting application web pages is 443 using HTTPS. If HTTPS cannot be used (for example, it is prohibited in a specific region), HTTP over port 80 can also be configured. Both ports can run simultaneously. Port Diagram The following diagram gives a pictorial representation of the components and ports being used to facilitate communication. Network Port Diagram TCP (1433) DCE/RPC (1058) User PC with Network Queue User PC with Client Queue Network Appliance and Reader Azure Cloud Cloud Based Routing Service Azure Service Bus Workplace Suite Reporting Service Cellular Network Xerox® Services Manager Service Bus HTTPS (443) SMTP (25), SMTP/TLS (465), POP3 (110) POP3/TLS (995) EWS (443), IMAP (143), IMAP/TLS (993) NRPC (1352) Email Submission and Retrieval TCP (8801, 8802) LPR (515) RawIP (9100) IPP/TLS (443) LDAP (389) LDAPS (636) HTTPS/TLS (443) TCP (433) UDP (9807) TCP (433) SNMP (UDP 161) Xerox Licensing Server Licensing Service TCP (8433) TCP (2001, 7777, 7778) SMB (445) TCP (433) Print Print Print Xerox® Workplace Suite – Network Port Diagram TCP (80, 443) TCP (433) TCP (433) Mobile Phone Customer Email Server Print Server Customer LDAP Server SQL DB DCE WS Server 608 of 1132 613 r---1 r-------, r---1 r----1 I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I I , ___ J , ___ I __ J I ____ J • • • • • Xerox® Workplace Suite 5.4 – Security Guide 6-1 6. System Access Xerox® Workplace Suite (Web Administration Portal) When accessing the Xerox® Workplace Suite directly (i.e., the User Portal for administrative access), the administrator connects to: https://<webserver address>/Login/ The user provides credentials to log into the User Portal based on the configurated authentication type: • Email and Confirmation Number • LDAP Authentication • Windows Integrated Authentication The user must exist in the WS user database and must be assigned the “administrator” role. For Windows Integrated Authentication, Workplace Suite will use the identity of the current Microsoft Windows session to look up the user in its SQL database. If the user exists, then they are logged into the User Portal without having to provide credentials. Xerox® Workplace App (Print Portal) When accessing the Workplace App, users need to provide their email address. WS looks up the user’s email address to determine the company account to which they are homed, and then based on that company’s authentication configuration, they are prompted to enter either their Xerox ® Workplace Suite Confirmation Number, or their company LDAP credentials (DOMAIN\USERNAME and PASSWORD). When using LDAP, the Domain is used to route the LDAP requests to the correct Agent, which in turn communicates with the ADS/LDAP server. The results of successfully authenticating with WS is an access token. The token is stored on the phone and used for subsequent communication with WS. The lifetime of the access token configurable. Prior to the token expiring, the phone obtains a new token, which requires the use of the user’s login credentials. The Workplace App stores the user’s access credentials on the phone in encrypted format in order to support renewing the access token. For Android devices, the credentials are encrypted and saved to internal storage of mobile device and this is only accessible by the Workplace App. For iOS devices, the credentials are saved in a keychain which is encrypted and only accessible by the Workplace App. The OS of the mobile device deletes any saved data including the credentials when the application gets un-installed. Some customers have security concerns about providing authentication credentials (even though they are always encrypted) on their mobile phone using the internet or through their wireless provider (3G/4G). For accounts with this concern, the WS provides a configuration option which forces Workplace App user authentication to take place only on the corporate LAN. Once authentication has taken place, users are then allowed to use the app on networks outside of their company LAN for printing. This option is disabled by default. 609 of 1132 614 Xerox® Workplace Suite 5.4 – Security Guide 6-2 Workplace Client The Workplace Client needs to access the enabled client-based queues hosted on the Print Server(s) in order to download and install the print driver for each client queue. By default, the Workplace Client runs as an NT Service on the workstation and uses the Local System Account when attempting to connect to the Print Server hosting the client queue. If these credentials are not valid, the user may supply different credentials using the Sys Tray utility installed with the Workplace Client. The supplied credentials are then used by the Workplace Client NT Service when accessing the Print Server queues to retrieve the driver. Credentials are stored in the system registry of the workstation. The password is encrypted using SHA1-AES. Print jobs submitted via the Workplace Client always use the network username of the person logged into the workstation as the job owner. Printer Client (EIP App) To access the Printer Client App, users either need to log into the printer via the Convenience Authentication feature and then select the Printer Client App, or they need to log into the EIP App itself. The Workplace Suite administrator also has the option of allowing an external authentication mechanism (something other than the Workplace Suite itself) as an approved authentication service. So a user can authenticate themselves at the printer with the external service, and if they then select the Workplace Suite Printer Client App, the App pulls the logged on users credentials from the session (network username and email address) and if these values map to a user in the Workplace Suite database, then the user has access to their print job(s) for release at the device. [Note: the ability to use an external authentication mechanism is off by default]. The Printer Client (EIP App) never saves the user’s credentials. The user can log out of the EIP App manually but selecting the “Exit” button in the App, or by navigating out of the App (e.g., selecting the All Services, Machine Status, or Job Status buttons on the UI panel). The UI itself has a built-in inactivity timer that logs the user out if the user is not interacting with the UI. The inactivity period is configurable by the device administrator. In addition to the device timer, the EIP App itself has its own 5-minute timer. The EIP App timeout logs the user out of the App after 5 minutes of use, unless they dismiss warning pop-up, which restarts the 5-minute timer. User Portal When accessing the User Portal, users connect to: https://<webserver address>/Login The user must exist in the WS user database, and the user record must be enabled and not locked out. The administrator can configure the type of authentication that will be required to access the User Portal. The supported methods include: • Email and Confirmation Number • LDAP Authentication • Windows Integrated Authentication For Windows Integrated Authentication, Workplace Suite will use the identity of the current Microsoft Windows session to look up the user in its SQL database. If the user exists, then they are logged into the User Portal without having to provide credentials. 610 of 1132 615 Xerox® Workplace Suite 5.4 – Security Guide 6-3 The only setting or configuration available to the user using the User Portal is the configuration of Release Permissions for the Printer Client. 611 of 1132 616 Xerox® Workplace Suite 5.4 – Security Guide 7-1 7. Additional Security Items Auto Release via Network Appliance Workflow Held print jobs are released automatically as soon as the user scans a card at a mapped network appliance associated with the printer. Network appliances are small network boxes that attach to the network and permit Xerox® Workplace Suite to control the release of user documents to printers that do not support the use of Secure Access / Convenience Authentication. A network appliance is configured on the network by the administrator, the appliance is associated with the particular printer in the WS Admin Web Portal, and the user can release their jobs at the printer by swiping their card using the card reader associated with the printer. One network appliance is required for each printer. Models Three network appliance models are supported by WS: • RF Ideas Ethernet 241 • Elatec TCP Conv2 • Elatec TCP Conv Each of these models is available by default on the Workplace Suite Admin webpage at Account > Settings > Network Appliances > Models. If any or all of these models are not going to be part of your site installation, they can be disabled to turn the listeners off on the server. The listeners use these default ports: • RF Ideas Ethernet 241 - 2001 • Elatec TCP Conv2 - 7777 • Elatec TCP Conv - 7778 The default ports can be changed by the administrator if the network appliances on your system have been configured to use a different port. Any firewall on the Agent must be configured to allow communication through the port(s). By default, the network appliances support communication using non-encrypted channels. Therefore, card data is sent in plain text format when transmitting the card data from the network appliance to the Agent. The RF Ideas Ethernet 241 is the only network appliance that supports encryption (using SSL) of the communication path. Note: The Ethernet 241 supports SSLv3. It does not support TLS1.x. Audit Log The Xerox® Workplace Suite maintains a history of the users that have logged in WS via any of the interfaces: Workplace App, Printer Client, or Convenience Authentication. Entries are maintained for a period of 1 year. Entries older than that are purged from the log. 612 of 1132 617 Xerox® Workplace Suite 5.4 – Security Guide 7-2 DMZ Configuration The Azure service bus public endpoint is the typical configuration when a customer wants to allow users outside the network to access the Xerox® Workplace Suite. However, there are some customers who wish to allow users outside the company network to access the Workplace Suite, yet they do not want to allow documents to be passed through the Microsoft owned cloud. Xerox® Workplace Suite supports a configuration where the customer can set up a satellite pass - through server in a DMZ, which is accessible from outside the network. This server is configured as the external endpoint in a private configuration, and all data sent to it is forwarded to the internal server. The communication between DMZ servers and internal servers is secured. Before a DMZ server can communicate with an internal server, the DMZ server must authenticate with a valid username/password for the internal server. Once this authentication is successful the DMZ server receives a token that is used for all further communication. This token is required for all communication to the internal server. DMZ Setup In order to enable the DMZ feature, the Workplace Suite Server must be set to “Private” mode. When inside of your company firewall, Mobile App users are able to access WS via the Internal Server endpoint. When outside of the firewall, Mobile App users can access WS via the External Server endpoint. DMZ Setup requires that a server be set up which has an external network connection to the Internet. The XMS software needs to be installed on this server and configured to support the DMZ feature. The setup entails pointing the DMZ server at your WS server and supplying administrator credentials which are used by the DMZ server when connecting to the WS server. All DMZ configuration is done using HTTPS communication over port 443. The connection is initiated by the DMZ server, and can be trusted by the WS server based on the supplied administration credentials. Mobile Devices and the DMZ Server Mobile devices or other user interfaces may connect to the DMZ Server to access their Workplace Suite Server when they are external to the company’s network. All communication between the Mobile Print App and the DMZ Server is over HTTPS (port 443). Mobile Login using a Company Code The mobile app can be configured to prompt for a company code at logon time. When configured to do this, the app queries the Azure Service Bus to find the DMZ Server end point. After which, all communication between the mobile app and the Workplace Suite Server is directly between the mobile phone and the DMZ server. User validation of credentials and transmission of all jobs occurs between the phone and the DMZ Server. Mobile Login using the Private Access Control The mobile app can be configured with using the Private Access Control feature, such that the app points to the DMZ server for all communication. With this configuration, the mobile app never accesses the Azure Service Bus. To perform this setup in the mobile app, Users can manually enter the link (as provided by their Workplace Suite Administrator), or the Admin has the ability to push out an email to all users which includes a link that, when selected from a Mobile device, updates the configuration of the App and makes it point to the desired external URL. 613 of 1132 618 Xerox® Workplace Suite 5.4 – Security Guide 7-3 Debug Logs The Workplace Suite server uses logging to help diagnose issues and problems. User cred entials (e.g., passwords or confirmation numbers) are never logged. Workplace Suite Server Windows File Structure The Workplace Suite Server stores files in the install location: %ProgramData%\Xerox\XMP Smartcard (CAC/PIV) Integration The Workplace Suite solution may be used with external authentication mechanisms, including CAC/PIV card authentication. Many Xerox advanced office products support smartcard integration, which is built into the Xerox ® multifunction device (MFD) itself. Smartcard authentication is not performed directly within Xerox® Workplace Suite. Instead, the authentication of the user is performed between the printer, the smartcard and the Domain Controller at the customer site. The Xerox® Workplace Suite can be configured to allow users authenticated by an external system (i.e. something external to Workplace Suite) to access the printer client (EIP App) using the logged-on user identity. This removes the need for the user log into the Workplace Suite Printer Client. Users see their list of jobs after starting the app and may select and release them as desired. The Workplace Suite server must be configured to allow the logged-on user (using an external authentication mechanism) to access the Printer Client. This is done using the following settings from the Web Admin Tool: Company > Policies > Security > Printer Client • Enable “Logged on Users (Access Card) • Enable “External Printer Authentication”. The Workplace Suite server must also be configured such that the “Alternate Access Card User” field for each user in the User database is populated. Typically, this field is populated from LDAP using the UPN (universalprinciplename) field. In a typical customer environment using this capability, a user logged onto the Printer would normally have an identifier something like: • username@domain (UPN) When that same user submits jobs from their PC, the user identity is typically has a format of: • DOMAIN\username Enhancements to the Xerox® Workplace Suite server, allow the matching of the UPN value to the DOMAIN\username value, so that the user may be presented with their list of jobs and release them from the Printer Client (EIP App). Printer Client Release Permissions The Printer Client (or EIP App) provides an interface on some Xerox devices to view and release the user’s printer jobs. This includes both Mobile Print jobs and Print Management Workflow submitted jobs. By default, only the user that submitted a job will be allowed to view and manage their jobs. However, the Xerox® Workplace Suite system allows users to grant access permission to other users in the system to view and manage their jobs. This feature is available when the User Portal interface has been enabled. 614 of 1132 619 Xerox® Workplace Suite 5.4 – Security Guide 7-4 Company > Policies > Security > User Portal Once enabled, users may log into the web portal: https://<server>/login After logging into the web portal, users have access to the Delegation tab, allowing them to both view the list of users which have granted them permission to access their print jobs using the “Print Theirs” tab. They may also grant permission to other user users to access their print jobs. Details on this functionality can be found in the administration guide for this solution. Release permissions are only supported via the Printer Client. This configuration does not impact any other interface (e.g., Workplace App). Users can always view the list of users that have been granted release permission to their documents and they may revoke that ability at any time . To help distinguish who is releasing a job versus who originally sent it, the job history (Jobs > History) and reports (Reports > Job Reporting) summary have been updated for the CSV export capability to include “Printed By Email” and “Print By User Name” fields. These fields are populated with corresponding information from the person that released the job to the printer using the Printer Client. Administration Recovery The Administration Recovery Procedure is used to log in to repair settings that preve nt you or another Administrator from logging in. This procedure allows you to assign a new Administrator, repair email, LDAP, and other settings. When using this feature, the User Portal authentication mechanism is reset to “Email and Confirmation Number”. If this is not the preferred login method, change the User Portal authentication method back to your desired configuration. To access the Administration Recovery Procedure, you must use Domain or Workstation local user account the satisifiessatisfies either of the following requirements: • The User must be in the “Administrator” group of the server. • The User must be in the “MPAdmin” group of the server Details on using the feature can be found in the Administration and Configuration Guide. Single Sign-On The SSO capability was designed with a focus on security of the Gallery App authentication data (credentials, token, etc.). Below is a highlight of the main security points of this solution: • All communication is over HTTPS. • The WS server validates the certificate of the App Server vault. The certificate must be from a well-known and trusted provider, or it must exist in the trusted root certs on the server (e.g., if generated from a local certificate authority). • The SSO authentication data for a given user and app is given to the WS Server in an encrypted format. The WS can never view the authentication data. [Note: It is the responsibility of the App from the Gallery and/or its backend server to encrypt the authentication data before sending it to WS for storage]. • Exchange of sensitive information between WS and the App / App Server uses public key cryptography with asymmetric keys. Each side (WS and App Server) has its own public and 615 of 1132 620 Xerox® Workplace Suite 5.4 – Security Guide 7-5 private keys, and shares the public key with the opposite side, but ke eps its private key hidden. Data is encrypted by the public key and then sent to the owner of the private key to decrypt it. • All message exchanges related to authentication data include digital signatures, so that the receiver can always validate that the request is coming from a trusted entity. • Messages containing authentication data include 3 levels of encryption: – The channel is encrypted via HTTPS. – Message content is encrypted using public key cryptography with asymmetric keys. An RSA algorithm is used for encryption with a key size maximum of 16384. – Authentication data is encrypted by the Gallery App or its backend server prior to storing it with WS. The format and encryption method used are up to the Gallery APP vault. Data sent from one entity to the other is always encrypted using the public key of the receiver. As an example, let’s assume the App / Gallery App Server would like to store new authentication data on the WS Server. The steps to manage the encryption of this data are as follows: 1. The Gallery App Server constructs the appropriate message data to be sent to WS, and then encrypts that data using the public key of WS. 2. That data is then signed by the App Server using its own private key. 3. When this data is received by WS, it validates the signature using the public key of the Gallery App Server. 4. The message is then decrypted by WS using its private key. A similar exchange takes place when sending the response message from the SSO vault to the Gallery App Server. 616 of 1132 621 Xerox® Workplace Suite 5.4 – Security Guide 8-1 8. Additional Information and Resources Security @ Xerox Xerox maintains an evergreen public web page that contains the latest security information pertaining to its products. Please see https://www.xerox.com/security. Responses to Known Vulnerabilities Xerox has created a document which details the Xerox Vulnerability Management and Disclosure Policy used in discovery and remediation of vulnerabilities in Xerox software and hardware. It can be downloaded from this page: https://www.xerox.com/information-security/information-security- articles-whitepapers/enus.html. Additional Resources Below are additional resources. Security Resource URL Frequently Asked Security Questions https://www.xerox.com/en-us/information- security/frequently-asked-questions Common Criteria Certified Products https://security.business.xerox.com/en- us/documents/common-criteria/ Current Software Release Quick Lookup Table https://www.xerox.com/security Bulletins, Advisories, and Security Updates https://www.xerox.com/security Security News Archive https://security.business.xerox.com/en-us/news/ 617 of 1132 622 Xerox and Information Security Your Data, Your Business: Partnering to Protect What’s Most Important 618 of 1132 623 xerox ~ ® 1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3 2 Security Vulnerabilities: Industry Risks and Costs . . . .5 3 Security Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7 4 Regulatory and Policy Compliance . . . . . . . . . . . . . . . .19 5 Risk Assessment and Mitigation . . . . . . . . . . . . . . . . . .20 6 Manufacturing and Supplier Security Practices . . . . . .21 7 Product Returns and Disposals . . . . . . . . . . . . . . . . . . .22 8 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23 9 Security Checklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24 Table of Contents 619 of 1132 624 3 For those in Information Security, it’s critical to the security of an organization’s network to make sure that security infractions can’t happen through network-connected printers and MFPs—or at the devices themselves. After all, attacks can originate in unexpected ways: • The phone line attached to an MFP could be used to access the network. • The Web server used to manage the MFPs and printers may be vulnerable to attack. • Unprotected electronic data can be inappropriately accessed while at rest on the hard disk or in motion to/from the device. • Malicious emails can be sent from an MFP with no audit trail. Printers and multifunction printers are sophisticated, multiple sub-system IT platforms, and meaningful security measures must comprehend every element of the platform. Today’s printers and MFPs are quite different from PCs and servers. • Printers and MFPs are shared devices with multiple users and multiple administrators. • Printers and MFPs are embedded devices: –There may be a real operating system within the system. –The operating system may have a direct external interface. –The operating system may be proprietary. –The operating system may be Microsoft® Windows®. • Printers and MFPs have the following, all of which are typically associated with more advanced computing nodes: –Network protocol stacks –Authentication and authorization functions –Encryption –Device management –Web servers Nearly every business, and every person in it, is connected to the Internet. Your business—and every organization with which you collaborate—is part of a global system of interconnected computer networks and servers. There are countless users simultaneously performing tasks, accessing and sharing information, shopping for and selling goods and services and communicating via email, instant messaging, Skype™, Twitter and many other services. The security threat is very real and the stakes are growing at exponential rates. A breach in the security of an organization’s documents can result in unauthorized acquisition or use of sensitive or proprietary information. It can lead to harmful disclosure, stolen or compromised intellectual property and trade secrets. And for many organizations, these security breaches can end with costly fines and litigation, to the tune of hundreds of thousands to millions of dollars. Today’s rising security threats come in various forms and in varying degrees of severity. The explosive proliferation of networked devices means an ever-increasing number of potentially vulnerable points of entry for intruders. And the “hacker” threat is constant, with programs running 24/7 that automatically seek and exploit network security shortcomings. Security threats vary from relatively harmless spam messages to persistent threats that can take down entire networks. With such constant Internet activity, you must be sure your company’s confidential information stays secure. But the demands change, and change daily. Networked printers and multifunction printers, or MFPs, which can print, copy, scan to network destinations, send email attachments and handle incoming and outgoing fax transmissions, are particularly vulnerable. Information is every organization’s key asset, and security is essential to the office—for documents and for any devices, including printers and multifunction printers, connected to the network . And in the 21st century, the network is the hub of virtually all business activity . Overview 620 of 1132 625 4 Overview Heterogeneity of printer and MFP implementations poses challenges. • Much more diverse than traditional PCs • High degree of diversity regarding underlying operating systems among different manufacturers and even within single manufacturer product lines Traditional PC and server controls are not optimized for printers and MFPs. • Anti-virus approach –May not be available for the operating system type used in the printer and MFP –Generally losing the war against malware anyway –Complexity of managing data file updates in a distributed environment • Patching printers and MFPs –Software version control of printers and MFPs is inconsistent –Configuration management creates operational overhead • Security Information and Event Management (SIEM) –Alerts and awareness from printers and MFPs are uneven –Remediation of printers and MFPs is not standardized This is a very different situation from the printers and copiers of yesterday. Just about anyone can launch attacks against a network and a company’s information assets if a printer and MFP’s physical and electronic access isn’t securely controlled and protected. Those attacks can be as simple as someone picking up documents left in the printer and MFP’s output tray to malicious worms pulling sensitive documents off the network. A printer's and MFP’s entire system, along with any device management software on the network, must be evaluated and certified so that Information Security and all the workers of an organization are certain that their documents and network are safe and secure from information predators—or even from internal security breaches. In that respect, not all printers and MFPs are equal. Therefore, a comprehensive approach, based on foundational, functional, advanced and usable security, is critical to safeguarding the information assets of today’s businesses. Thankfully, Xerox has the security capabilities to help. For the last 20 years, Xerox has been a leader in providing secure document solutions to a variety of industries across the globe. In fact, every Xerox® product and service we offer was designed with security in mind and to seamlessly integrate into existing security frameworks. Plus, security is managed throughout the entire product life cycle from requirements analysis, design, development, manufacturing, deployment and disposal—giving you and your customers more protection and peace of mind. At Xerox, we help protect your data at every potential point of vulnerability so you don’t have to. By staying focused on what we do best, you can stay focused on what you do best. Xerox Security Goals We’ve identified five key security goals in our quest to provide secure solutions to every one of our customers: CONFIDENTIALITY • No unauthorized disclosure of data during processing, transmission or storage INTEGRITY • No unauthorized alteration of data • System performs as intended, free from unauthorized manipulation AVAILABILITY • System works properly • No denial of service for authorized users • Protection against unauthorized use of the system ACCOUNTABILITY • Actions of an entity can be traced directly to that entity NON-REPUDIATION • Mutual assurance that the authenticity and integrity of network communications are maintained 621 of 1132 626 5 Security Vulnerabilities: Industry Risks and Costs Healthcare Advances in information technology—including the use of handheld computers—have created the need to share important medical data and patient information electronically—and that’s where security becomes a major concern. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was put in place by the federal government to force all healthcare organizations to apply uniform data management practices to protect patient information and patient privacy at all times. Under HIPAA, an audit trail is required to track who viewed data, when they viewed it and if they had the proper authorization to do so. The Health Information Technology for Economic and Clinical Health (HITECH) Act significantly expanded the U.S. government’s efforts to establish a national electronic record keeping system for the healthcare industry. HITECH was enacted as part of the American Recovery and Reinvestment Act of 2009 to promote the adoption and meaningful use of health information technology. Failure to comply with HIPAA can result in civil and criminal penalties, even if no breach occurs. Government Today, local, state and federal governments have put an emphasis on simplifying processes and improving cross-agency collaboration to provide better outcomes for the citizens they serve. To do so, they’re employing various initiatives to take advantage of the latest technologies, while putting strict regulations in place to ensure the information being shared is safe and secure. One example is the Massachusetts state data breach law, which is one of the most aggressive in the nation. Xerox® systems, software and services conform to these strict guidelines, as well as others. In 2014, the Department of Defense adopted National Institute of Standards and Technology (NIST) 800-53 standards, which is a publication that recommends security controls for federal information systems and organizations, and document security controls for all federal information systems, except those designed for national security. 1. 2015 Cost of Data Breach Study: Global Analysis, IBM and Ponemon Institute, May 2015. Businesses of all sizes have sensitive information valuable to cybercriminals that must be protected. The threat landscape is changing constantly. With an increase in Bring Your Own Devices (BYOD), wearables for health-tracking data, mobile payment systems, cloud storage and the Internet of Things, the threat is real and continues to grow. Cybercriminals are increasingly focusing their attention on small- and mid-sized businesses (SMBs), because they are easier targets than large enterprises and because SMBs typically lack the resources needed to protect themselves against attacks. Data breaches for large enterprises make news headlines but, unfortunately, we don’t hear much in the news about cyber-attacks on SMBs. The stakes for SMBs are even higher than for large corporations. Customer information maintained within SMBs is becoming a more valuable commodity and the costs of these breaches can devastate an SMB. According to a study conducted in 2015 by IBM and Ponemon Institute, the average total cost of a data breach for the participating companies increased 23% over two years to $3.79 million.1 The average cost paid for each lost or stolen record containing sensitive and confidential information increased from $145 in 2014 to $154 in 2015.1 That doesn’t account for possible fines, loss of reputation and business disruption. Security may not always be a top business priority, but keeping information protected is critical for the health of the organization. What’s at Risk Financial Data Compliance Breaches/Fines Revenues/Proﬁts Financial Loss Government Compliance Employee Conﬁdentiality Trade Secrets Data Integrity/ Disaster Recovery Auditability/Accountability Litigation Repudiation Intellectual Property Customer/Patient/ Student Conﬁdentiality Loss of Brand Respect Loss of Productivity Marketing Competitiveness 622 of 1132 627 6 Security Vulnerabilities: Industry Risks and Costs Education With today’s educational institutions—including K–12, colleges and universities—transcript requests, financial aid applications and even class notes can all be found online. Because some schools have their own medical centers, they also have to store and share medical information electronically. This interactive environment enhances the student experience and improves staff productivity, but it also makes schools susceptible to security threats. Because these institutions manage a variety of information, many state and federal regulations apply, including the Computer Fraud and Abuse Act, USA Patriot Act, HIPAA and GLBA. However, the most applicable regulation to the education industry is the Family Education Rights and Privacy Act (FERPA). This act prohibits the disclosure of personally identifiable education information without the written permission of the student or the student’s guardian. With so many regulatory and compliance measures requiring a response, Xerox has looked to the federal government requirements, among others, as guidelines. By developing solutions that strive to meet the most stringent security standards, we can offer highly secure solutions to all of our customers—regardless of business sector. Also, the Department of Defense has adopted additional security measures with the use of Common Access Cards (CAC) and their civilian government counterparts, Personal Identity Verification (PIV) cards. Such cards require a PKI infrastructure to ensure a secure authentication and communications environment. Additionally, most federal government agencies have adopted the FIPS 140-2 standard to certify encryption modules used in printer and MFP products. And finally, many federal government customers require products be certified to the Common Criteria standard. Financial Services Direct deposit, online banking, debit cards and other advances in information technology are revolutionizing the financial services industry. Though more convenient for both customers and businesses, this heavy use of technology has its own set of security concerns. A secure exchange of credit card information is vital and compliance with the Payment Card Industry (PCI) Data Security Standard (DSS) helps to alleviate vulnerabilities and protect cardholder data. PCI DSS is a proprietary information security standard for organizations that handle credit cards, including Visa®, Mastercard®, American Express®, Discover® and JCB. The Gramm-Leach-Bliley Financial Services Modernization Act of 1999 (GLBA) was instituted to ensure financial institutions that collect or receive private customer data have a security plan in place to protect it. To reach compliance, organizations must complete a risk analysis on their current processes and implement firewalls, restrict user access, monitor printing and more. The Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 further increases the need for accurate collection and reporting of financial data. Through the Office of Financial Research and member agencies, data will be collected and analyzed to identify and monitor emerging risks to the economy and make this information public in periodic reports and annual testimony to Congress. 623 of 1132 628 7 Security Overview Certification ISO 15408 Common Criteria for Information Technology Security Evaluation is the only internationally recognized standard for security certification. Xerox was the first manufacturer to seek and obtain certifications for “complete” MFP devices. Because each element of the multifunction platform is a potential point of entry, meaningful security certification must comprehend all elements, including the operating systems, network interface, disk drive(s), Web server, PDL interpreter(s), MFP user interface, local hardware ports and fax system. Maintenance At Xerox, maintaining our printer and multifunction devices’ security throughout their lifespan requires ongoing diligence to ensure continuous protection against newly discovered exploits. This is accomplished by: • Ensuring that software updates are issued on an ongoing basis • Notification of new security bulletins with RSS feeds • Responding to identified vulnerabilities • Providing secure installation and operation guidelines • Providing Common Criteria information • Making patches available at www.xerox.com/security The Xerox Security Model, in concert with the Secure Development Life Cycle, is a commitment that all features and functions of the system, not just one or two, are safe and secure. At Xerox, our “Security = Safety” philosophy drives the development of products, services and technologies that are infused with security at every level. Security is front and center when engineering our “Smart MFPs.” As a leader in the development of digital technology, Xerox has demonstrated a commitment to keeping digital information safe and secure by identifying potential vulnerabilities and proactively addressing them to limit risk. Customers have responded by looking to Xerox as a trusted provider of secure solutions that offer a host of standard and optional state-of-the-art security features. Our Security Strategy The development of Xerox® products is guided by a Secure Development Life Cycle Process, which takes the Open Web Application Security Project (OWASP) Software Assurance Maturity Model (SAMM) and SANS Institute guidelines into consideration. This involves defining security requirements, assessing risks, analyzing vulnerabilities and penetration testing, as well as information obtained from OWASP and the SANS Institute. This strategy consists of three pillars: State-of-the-Art Security Features Printers and multifunction devices are sophisticated, multiple sub-system network platforms, and Xerox offers the broadest range of security functionality on the market, including encryption, authentication, authorization per user and auditing. 624 of 1132 629 8 Security Overview 1. Intrusion Prevention Prevent general access to restricted devices with user access and internal firewall on the printer. 2. Device Detection Be alerted at startup or on demand if any harmful changes to your printer have been detected. 3. Document and Data Protection Keep personal and confidential information safe with encrypted hard disk (AES 256-bit, FIPS validated for many products) and image overwrite. 4. External Partnerships Protect your data and device from malicious intrusions with McAfee whitelisting technology, Cisco® Identity Services Engine (ISE) integration, certification bodies and compliance testing organizations. A Comprehensive Approach to Printer and MFP Security Xerox long ago recognized and embraced this shift in technology and the evolving needs of the workplace. We offer a comprehensive set of security features to keep your printers/MFPs and your data safe. Xerox secures every part of the data chain, including print, copy, scan, fax, file downloads and system software. There are four key aspects to our multilayered approach. 1. Intrusion Prevention Your first and most obvious vulnerability is the user interface— who has physical access to your printer and its features. User Authentication is the basis for granting access to Xerox® printers and multifunction devices for authorized walkup and network users. Once authenticated, the user can interact with the device or access customer data, which is subject to restrictions based on the user’s role. Xerox® printers and MFPs employ a variety of technologies to ensure authorized access to device features and functions by users and other network devices. Then we tackle less obvious points of intrusion—what is sent to the printer and how Xerox® ConnectKey® Technology will intercept attacks from corrupted files and malicious software. Our system software, including DLMs and weblets, is Digitally Signed: any attempts to install infected, non-signed versions will result in the file being automatically rejected. Print files will also get deleted if any part is not recognized as legitimate. NETWORK AUTHENTICATION Network authentication allows users to authenticate to the device by validating user names and passwords prior to use. Network authentication authorizes an individual to access one or any combination of the following services: Print, Copy, Fax, Server Fax, Reprint Saved Jobs, Email, Internet Fax and Workflow Scanning Server. Also, users can be authorized to access one or any combination of the following machine pathways: Services, Job Status or Machine Status. MICROSOFT® ACTIVE DIRECTORY® SERVICES The Microsoft Active Directory Services (ADS) feature enables the device to authenticate user accounts against a centralized user account database, instead of exclusively using the user account database that is managed locally at the device. LDAP AUTHENTICATION LDAP authentication (BIND) is supported for authenticating with the LDAP servers for information lookup and access. When an LDAP client connects to the server, the default authentication state of the session is set to anonymous. The BIND operation establishes the authentication state for a session. SMTP AUTHENTICATION This feature validates the user’s email account and prevents unauthorized users from sending emails from the device. System Administrators can enable TLS for all SMTP send and receive operations. 625 of 1132 630 0 0 ~ 9 Security Overview POP3 AUTHENTICATION BEFORE SMTP As an additional layer of security, Xerox® MFPs support the ability for System Administrators to enable or disable the POP3 authentication before SMTP feature. POP3 authentication before SMTP forces a successful login to a POP3 server prior to being able to send mail via SMTP. ROLE BASED ACCESS CONTROL (RBAC) The RBAC feature ensures that authenticated users are assigned to a role of either Non-logged-in User/Logged-in User, System Administrator or Accounting Administrator. Each role has associated privileges with appropriate levels of access to features, jobs and print queue attributes. It enables Administrators to choose precisely which functions are permitted for a given role. Once a user logs into the device with the user’s name and password, the device can determine which roles are assigned to that particular user. Restrictions are applied based on the assigned roles. If an entire function is restricted, it can appear locked out to the user after authentication or not appear at all. Non-logged-in User/Logged-in User System Administrator Accounting Administrator PRINT USER PERMISSIONS Xerox user permissions provide the ability to restrict access to print features by user, by group, by time of day and by application. Users and groups can be set up with varying levels of access to print features. For example, limits can be set that allow color print jobs only during certain hours of the day; Microsoft® PowerPoint® presentations automatically print in duplex mode; or Microsoft Outlook® emails always print in black and white. Set color user permissions and other print restrictions with intuitive graphical interfaces. SMART CARD AUTHENTICATION Also known as Proximity Card or Contactless Smart Card Authentication, Smart Card Authentication protects your printer and MFP from unauthorized walkup access. Xerox® devices support multiple major smart cards (CAC/PIV, .NET, Rijkspas and other smart and proximity cards), around 30 different types of card readers and 65 different proximity cards. With Smart Card Authentication, users can be authenticated using a two-factor identification system— possession of the card and a personal identification number entered at the device's user interface—to gain access to the walkup features at the device and on the network. The Common Access Card/Personal Identity Verification (CAC/PIV) is a U.S. Department of Defense smart card issued as standard identification for active-duty military personnel, reserve personnel, civilian employees, other non-government employees and eligible contractor personnel. The CAC/PIV can be used for general identification, controlled building access and for authentication of personal computers, in addition to printers/MFPs and the networks that connect them. 626 of 1132 631 Fto ature Namto PrintSubmitttor Unknown Time ~ Black&WhitePrinting ~ Time Color Printing ~ Simplex ~ 1-SidedPrinting ~ Paper Tray ~ Trayl ~ Paper Tray ~Tray2 ~ Paper Tray ~ TrayJ ~ P.!lperlray ~ Tr.!y4 ~ Paper Tray ~ TrayS(Bypass) ~ Job Type i Secure Print ~ Job Type ~ Norma l Print ~ Job Type [Ii Sample Set ~ 10 Security Overview Configuration Diagram for Common Access Card (CAC)/ Personal Identity Verification (PIV) Card Reader MFP Domain Controller Certificate Authority Server (OCSP Protocol) USB Ethernet DoD PKI Infrastructure Certificate 1. A card is inserted into the reader and the user is prompted to enter a PIN at the MFP. 2. The MFP checks the OCSP server to confirm that the card’s certificate has not expired and then verifies the “Chain of Trust” back to a known Certificate Authority. 3. The MFP initiates an encrypted challenge/response dialog between the Domain Controller and the Common Access Card. If successful, the Domain Controller issues a “Ticket Granting Ticket” and authorization is complete. 4. Authorization unlocks Walkup MFP features: • Scan to Email • Copy • Fax • Custom Services • Workflow Scanning The 144k CAC/PIV is a version of the smart card. Users can be authenticated using two-factor identification to gain access to walkup services at the device. The 144k CAC/PIV provides the following benefits: • Scan to Email S/MIME encryption to self or any recipient in the MFP’s local or LDAP global address book • Digital signing using the Email Signing Certificate from the user’s card • Automatic population of the “To:” field when using the MFP’s Scan to Email function • Up to 2048-bit certificate key • Restrict outgoing transmissions to recipients with valid certificates • Receive email confirmation reports and maintain audit logs • Single signon to Scan to Home and LDAP 627 of 1132 632 a-D [B:] ~ . § 11 Security Overview DEVICE USER INTERFACE AND REMOTE USER INTERFACE ACCESS System Administrators can lock out access to device setup screens for unauthorized users from the control panel and Remote User Interface utility in an effort to protect its configuration information. 2. Device Detection In the unlikely event that your data and network defenses are bypassed, Xerox® ConnectKey® Technology will run a comprehensive Firmware Verification test, either at start-up* or when activated by authorized users. This alerts you if any harmful changes to your printer or MFP have been detected. If any anomalies are detected, the device will display a message advising the user to reload the firmware. Our most advanced built-in solutions use McAfee® Whitelisting** technology that constantly monitors for and automatically prevents any malicious malware from running. In partnership with Cisco, Xerox has implemented our device profiling in Cisco® Identity Services Engine (ISE). Integration with Cisco Identity Services Engine (ISE) auto-detects Xerox® devices on the network and classifies them as printers for security policy implementation and compliance. For more information, refer to the following white papers: McAfee Whitelisting White Paper: http://www.office.xerox.com/latest/SECWP-03.PDF Cisco ISE White Paper: http://www.office.xerox.com/latest/SECWP-04.PDF *Xerox® VersaLink® Printers and Multifunction Printers **Xerox® AltaLink® and i-Series Multifunction Printers XEROX® PRINTSAFE SOFTWARE Xerox® PrintSafe Software provides secure print authentication for printed data on most printers and MFPs, including both Xerox® devices and devices from other vendors. This software is open to work with a variety of industry standard secure readers and cards. Secure, Convenient and Flexible Print Workflows Flexible workflows allow the user to load software on their PC client for direct printing or onto an existing print server, which can easily be configured for Xerox® PrintSafe Software. * Non-Xerox® devices require a network accessory; see your Xerox Sales Representative for details on the makes/models supported. Xerox® PrintSafe Software is not limited to Xerox® devices. Any printer or MFP* registered with Xerox® PrintSafe Software can output PrintSafe jobs. The user submits the document. Simply by pressing “Print”, the document is held until authentication. The user can approach any printer or MFP on their network enabled to accept a PrintSafe job, and authenticate with a simple card swipe or PIN. Once the user is authenticated, they can select either to release a single job or all secure jobs at the printer or MFP. 628 of 1132 633~ ~ -a i ~ i □ i QJ 12 Security Overview SECURE PRINT Sensitive print jobs are held at the printer or MFP until the document owner releases them by entering their unique PIN through the device's user interface. This ensures that a document’s intended recipient is physically present when printing sensitive information and can immediately remove the output from the printer or MFP before exposing it to other device users. Secure printing based on Common Access Card (CAC)/Personal Identity Verification (PIV) card technologies attaches the print-job sender’s identity certificate to their print job. At the device, the user must authenticate with the user’s CAC/PIV card before the job will be released. ENCRYPTED PDF/PASSWORD-PROTECTED PDF When scanning a hard-copy document for electronic distribution via the Scan to Email feature, Xerox® MFPs can create 128-bit or 256-bit AES-encrypted PDFs or password-protected PDFs, which are then securely transmitted over the network, and can be opened, printed or changed only by those who possess the correct password. FAX FORWARDING TO EMAIL AND NETWORK Xerox® MFPs with fax forwarding capability can route incoming faxes to specific recipients’ email in-boxes and/or to a secure network repository, where they can be accessed only by authorized viewers. FAX DESTINATION CONFIRMATION A fax sender receives automated confirmation that the sender’s fax was successfully received by the intended recipient. 3. Document and Data Protection Document Protection Even when all necessary network security measures are in place to effectively protect critical data as it travels between users’ computers and office printing devices, security technologies must also ensure that your sensitive hard-copy documents are received and viewed only by their intended recipients. Xerox employs the latest technologies to safeguard your output, whether printing hard copies or distributing electronic documents. SCAN DATA ENCRYPTION Users of our Xerox® ConnectKey® Technology-enabled i-Series, VersaLink® and AltaLink® Series Smart MFPs also have the option to encrypt PDF files with a password when using the Scan to Email service. • Protection outside of firewall –Securing data in an unsecure environment –Using industry standard protocols such as TLS and Secure PDF PRINT STREAM ENCRYPTION The Xerox® Global Print Driver® and some product drivers support document encryption when submitting Secure Print print jobs to ConnectKey Technology-enabled devices. Xerox® AltaLink and i-Series Multifunction Printers also support document encryption for regular print jobs. No additional hardware is required for print driver encryption. 629 of 1132 634 ------1:J I ~ .. 'l'al~t..J-= JS ~~~ 'hi,:,t,wlbotdd•llho-lftl""'_ .. ~to...,_, 0 ) 1 13 Security Overview SECURE SOCKETS LAYER (SSL)/TRANSPORT LAYER SECURITY (TLS) Many organizations are required to comply with security policies that require all transactions between the client and printer or MFP to be secure via secure Web transactions, secure file transfers and secure emails. Data that is transmitted over the network without encryption can be read by anyone that sniffs the network. Xerox mitigates this problem with Secure Sockets Layer/Transport Layer Security for transmissions of data over certain protocols such as HTTPs and IPP. IPSEC ENCRYPTION Internet Protocol Security (IPsec) secures all communication at the IP layer and is primarily used to encrypt print submittals to the device. It encrypts all traffic between Point A and Point B in such a way that only trusted users can send and receive the information, the data is not altered during its transmission and only authorized users can receive and read the information. IPsec is designed to provide the following security services: • Traffic encryption (preventing unintended parties from reading private communications) • Integrity validation (ensuring traffic has not been modified along its path) • Peer authentication (ensuring that traffic is from a trusted party) • Anti-replay (protecting against replay of the secure session) NETWORK PORTS ENABLE/DISABLE With the Network Ports Enable/Disable capability, unnecessary ports and services can be disabled to prevent unauthorized or malicious access. On smaller desktop devices, these options can be adjusted through their control panel or PC-based configuration software. On larger MFPs, tools are provided to set security levels and disable specific ports and services. DIGITAL SIGNATURES A digital signature is a mathematical scheme for demonstrating the authenticity of a digital message or document. A digital signature is used to protect the device firmware from undetected modification and to provide data origin authentication. With smart cards, emails can be digitally signed with the sender’s certificate. A valid digital signature gives the recipient confidence to believe that the message was created by a known sender and that it was not altered in transit. SECURE WATERMARKS Some Xerox® printers and MFPs have a Secure Watermark feature that helps prevent original printouts with sensitive information from being copied. If a document with a secure watermark is copied, the watermark image becomes visible, making it apparent that the document contains sensitive information and has been illegally duplicated. USER/TIME/DATE STAMP Through the Xerox® drivers, a user/time/date stamp can be applied to any document printed by any networked device. This provides an audit trail of who printed what, and at what time. IP ADDRESS FILTERING Internet Protocol (IP) filtering allows System Administrators to create rules to accept or reject information coming to the MFP device based on specific IP addresses or range of addresses. This gives the System Administrator control over who can and cannot access the device. IP No IP Registered IP Addresses: Available Non-Registered IP Addresses: Not Available 630 of 1132 635 I:J, ~ 1~ ... 1 14 Security Overview SNMP COMMUNITY NAME STRINGS Typical read-only Management Information Base (MIB) data use the “public” string and the read-write community strings that are set to “private.” Using the read-write community name strings, an application can change the configurations setting of the device using MIB variables. The read-write community name strings on Xerox® devices can be changed by the System Administrator to increase the security when managing MFPs using SNMP. 802.1X AUTHENTICATION IEEE 802.1X is an IEEE Standard for port-based Network Access Control (PNAC). It is part of the IEEE 802.1 group of networking protocols. It provides an authentication mechanism to devices wishing to attach to a local area network (LAN) or wireless local area network (WLAN). IEEE 802.1X functionality is supported by many Ethernet switches and can prevent guest, rogue or unmanaged systems that cannot perform a successful authentication from connecting to your network. DIGITAL CERTIFICATES Digital certificates are electronic documents that use a digital signature to bind a public key with an identity—information such as the name of a person or an organization, their address and so forth. The certificate can be used to verify that a public key belongs to an individual. MFPs can add digital signatures that verify the source and authenticity of a PDF document. When recipients open a PDF file that has been saved with a digital signature, they can view the document’s properties to review the signature’s contents including the Certificate Authority, system product name, serial number and the time/date stamp of when it was created. If the signature is a device signature, it will also contain the name of the device that created the document, while a user signature verifies the identity of the authenticated user that sent or saved the document. Xerox® MFPs can be loaded with a certificate signed by a certificate authority such as VeriSign, or your System Administrator can create a self-signed certificate on the device itself. By setting up a certificate on your device, you can enable encryption for specific types of workflows. SNMPV3 Simple Network Management Protocol (SNMP) is an Internet- standard protocol for managing devices on IP networks, which provides greater security by protecting data against tampering, ensuring access is limited to authorized users through authentication and encrypting data sent over a network. Devices that typically support SNMP include routers, switches, servers, workstations, printers, modem racks and more. It is used mostly in network management systems to monitor network- attached devices for conditions that warrant administrative attention. SNMP is a component of the Internet Protocol Suite as defined by the Internet Engineering Task Force (IETF). The SNMPv3 protocol provides significantly enhanced security functions including message encryption and authentication. How It Works: 802.1X Authentication 802.1X authentication for wireless LANs provides centralized, server-based authentication of end users. Client Access Point Authentication Server 1 2 4 3 1. A client sends a “start” message to an access point, which requests the identity of the client. 2. The client replies with a response packet containing an identity, and the access point forwards the packet to an authentication server. 3. The authentication server sends an “accept” packet to the access point. 4. The access point places the client port in authorized state, and traffic is allowed to proceed. 631 of 1132 636 15 Security Overview Data Protection Technology has transformed the way employees conduct business. Today, documents take shape in not only the traditional hard copy forms, including handwritten notes and draft versions of paper communications, but also in electronic forms on desktops and in email. Because employees create, store, share and distribute these electronic documents differently than traditional paper documents, this information may be subject to new types of risks. To remain competitive, a company must address these threats by securing the documents and document management systems that contain a company’s most valuable asset—knowledge. Information and document management systems face a wide range of security threats. These threats include intentional espionage acts, such as computer hacking, theft, fraud and sabotage, as well as unintentional acts such as human error and natural disasters. Information security is more than protection. It is about ensuring timely access and availability of document content to improve business process and performance. It is also about managing original content and complying with federal regulations. From the introduction of the first digital products, Xerox has recognized the risk of retained data being inappropriately recovered from non-volatile storage and built features and countermeasures into our devices to help customers safeguard their data. IMAGE DATA ENCRYPTION Using 128-bit or 256-bit AES encryption, many Xerox® devices feature data encryption including job, image and customer data, which protects your Xerox® MFP’s data at rest from unauthorized access. With data encryption, the disk is partitioned and only the user data partition is encrypted. Operating system partitions are not and cannot be encrypted. • AES 128-bit or 256-bit encryption, Federal Information Processing Standard (FIPS) 140-2 validated • All user image data on the hard disk is encrypted The 802.1X protocol has become more prevalent with the increased popularity of wireless networks. Many organizations lock down port access to their internal networks using this protocol. This prevents any information from passing onto the network until the device is authenticated. From a risk management perspective, this allows for both wireless and wired devices to prove who they are before any information is passed through to the network. If unauthorized access is attempted, the port is locked down until unlocked by the System Administrator. The Extensible Authentication Protocol (EAP) is an authentication framework that performs its functions as part of 802.1X authentication. EAP types currently supported by Xerox® MFPs are: • EAP-MD5 • PEAPv0/EAP-MS-CHAPv2 • EAP-MS-CHAPv2 • EAP-TLS (AltaLink® and i-Series products) FIREWALL A firewall is a part of a computer system or network that is designed to block the device from external threats and unauthorized access while permitting authorized communications. The device can be configured to permit or deny network transmissions based upon a set of rules and other criteria. Network Administrators can restrict access to network segments, services and the devices' ports to secure the devices. FAX AND NETWORK SEPARATION Separating the fax interface from the network controller eliminates the security risk of hacking into an office network via the fax line. The MFP does not provide a function to access the network via the fax phone line. The Fax Class 1 protocol used on the MFP only responds to fax commands that allow the exchange of fax data. The data passed from the client PC can only be compressed image data with destination information. Any data other than image information (such as a virus, security code or a control code that directly accesses the network) is abandoned at this stage, and the MFP immediately ends the call. Thus, there is no mechanism by which to access the network subsystem via the fax line. 632 of 1132 637 16 Security Overview SECURE FAX Sensitive incoming faxes are held until released by the System Administrator. SCAN TO MAILBOX PASSWORD PROTECTION When using an MFP’s Scan to Mailbox feature, the designated mailbox can be password protected to ensure only those authorized can access the scans stored within it. Scan to Mailbox security is further enhanced by encryption of the hard disk image data partition. S/MIME FOR SCAN TO EMAIL Secure/Multipurpose Internet Mail Extensions (S/MIME) provides the following cryptographic security services for the Scan to Email feature: authentication, message integrity and non-repudiation of origin (using digital signatures), and privacy and data security (using encryption). In S/MIME communication, when sending data to the network, a signature is added to each mail message based on the certificate information retained in the device. Encryption is performed when sending data based on the certificate corresponding to each mail message’s designated address. The certificate is verified when data transmission information is entered, as well as when the data is to be sent. S/MIME communication is conducted only when the certificate’s validity is confirmed. SCAN TO EMAIL ENCRYPTION Email encryption via Smart Card Authentication allows users to send up to 100 encrypted emails to multiple recipients in an organization’s LDAP directory using the recipients’ public keys. Most Xerox® MFPs using Smart Card Authentication also provide the ability to digitally sign emails. Users may view certificates of potential recipients prior to sending email. The MFP disallows sending to users without an encryption certificate. Also, the MFP logs all records of email sent with an option for the administrator to receive confirmation reports. JOB LOG CONCEAL The standard Job Log Conceal function ensures that jobs processed through the device are not visible to a walkup user or through the Remote User Interface. The Job Log information, although concealed, is still accessible by the System Administrator, who can print the Job Log to show copy, fax, print and scan usage on the device. AES is a small, fast, hard-to-crack encryption standard and is suitable for a wide range of devices or applications. It is the state-of-the-art combination of security, performance, efficiency, ease of implementation and flexibility. Many Xerox® devices can be put into FIPS 140-2 mode, which means that they will utilize only FIPS 140-2 certified encryption algorithms. 128-bit or 256-bit AES Encryption IMAGE OVERWRITE Image overwrite erases image data from your Xerox® device's hard drive once the data is no longer needed. This can be performed automatically after completion of processing each job, scheduled on a periodic basis, as well as at the request of the System Administrator. Xerox® devices feature both Immediate and On Demand Image Overwrite. Hard Drive 10110010 10100101 01010010 01010010 00000000 00000000 00000000 00000000 VOLATILE AND NON-VOLATILE MEMORY Within every Xerox® MFP, the controller includes volatile memory (RAM) and non-volatile memory (hard disk). With volatile memory, all image data is lost upon shutdown or system reboot. With non-volatile memory, image data typically is stored either in flash or on the MFP’s hard drive, and is preserved until it is erased. As concerns for data security increase, customers want to know how and where data can be compromised. Statements of Volatility are documents created to help identify where customer image data is located in Xerox® devices. A Statement of Volatility describes the locations, capacities and contents of volatile and non-volatile memory devices within a given Xerox® device. Statements of Volatility have been created for many Xerox® devices to help security-conscious customers. These documents may be obtained by contacting your local Xerox support team (for existing customers), a Xerox sales professional (for new customers) or may be accessed at www.xerox.com/security. 633 of 1132 638 c-~ ••• ~ A*3 61§ ~ ?M/ 17 Security Overview The Audit Log interface is accessed from a System Administrator’s workstation using any standard Web browser. The log can then be exported into a .txt file, and opened in Microsoft® Excel®. HARD DRIVE RETENTION OFFERING Xerox provides a Hard Drive Retention Offering for Xerox® devices to those customers who are concerned that the image data on their hard drive is more sensitive or even classified. This service allows a customer, for a fee, to retain their hard drive(s) and sanitize or destroy them in a manner that they feel will keep their image data secure. REMOTE SERVICES DATA VALIDATION Many Xerox® devices obtain customer buy-in prior to transmitting Personal Identifiable Information (PII) and Customer Identifiable Information (CII) via Remote Services to Xerox. POSTSCRIPT PASSWORDS Another printing-related area of risk is when printing with the Adobe® PostScript® page description language (PDL). PostScript includes commands that allow print jobs to change the device’s default behaviors, which could expose the device. Because the PostScript language includes very powerful utilities that could be used to compromise a device's security, administrators can configure the device so that PostScript jobs are required to include a password to change the device’s default behaviors. The basic privileges of the PostScript interpreter within the controller are limited by design, but administrators have some capability to manage the operation of the PostScript subsystem. AUDIT LOG Xerox® MFPs and many of our printers can maintain Audit Logs to track activity by document, user and function. The Audit Log is enabled by default on newer devices and can be enabled or disabled by the System Administrator. It can track access and attempted access to the device and transmit audit logs to a SIEM system or audit log server. An example of an Audit Log entry: “User xx logged into the Xerox® AltaLink® MFP at 12:48 AM and faxed 10 pages to 888.123.1234.” For Xerox® ConnectKey® Technology-enabled multifunction printers, the Audit Log can be automatically and securely sent to a SIEM system to provide for continual monitoring of the MFP. 634 of 1132 639 ,. I ( g N11lll-Hlllll,'ll!IUUtl1 ,_,... l&ll-ll/l-nol1 UUI ~-- i,IHYll11/WZ!~ t.:,• ·----ll,'U{:.C:U t:<11 .,..,._ M:i-un~ t-nu .,.,,.,.. X.Ullll61~1t'2il,!,l,llC.0,,,- IW1 NU 11/1~ t".zllU llC.O,,,M ,:::: ~= ::=:: 1::=:=~~ :::: ·==:~~;:;:~ ::::: ·=:~:~~~~= 1:::.:... ... •-MllllmnOUIIIHI IJl-•o, i::::=::!!:: 'N1'•"1111iwm111-11n _ll,.l1{1&11!!l?lll>U ,..,..:onu1W2r>:,::u, ,;;;:E?;~:: ... ,, , ........ c-.,, .. n, • ._u._.,.. -~"(lJ .... o.--..-:u ... ___ .,.. ... -----(-.dw.l'II"" .......... -\Jl-·f---,.,_,.. 18 Security Overview 4. External Partnerships Xerox works with compliance testing organizations and security industry leaders such as McAfee to wrap their overarching standards and know-how around ours. The following malware protection features are available on Xerox® ConnectKey® Technology-enabled MFPs (Xerox® AltaLink® and i-Series Multifunction Printers). MCAFEE® EMBEDDED CONTROL—ENHANCED SECURITY Xerox® MFPs built on Xerox® ConnectKey® Technology include McAfee Embedded Control integration powered by Intel® Security, resulting in the industry’s first lineup of multifunction printers that protect themselves from potential outside threats. McAfee’s whitelisting technology detects unauthorized attempts to read, write or add to protected files and directories and sends alerts if they occur. Also, seamless integration with Xerox® CentreWare® Web Software, the Xerox® MPS toolset and McAfee ePolicy Orchestrator® (McAfee ePO™) allows for monitoring from the preferred console. MCAFEE EMBEDDED CONTROL—INTEGRITY CONTROL Integrity Control builds on the Enhanced Security capabilities and adds prevention of new files from being executed from any location by untrusted means. Only approved software is allowed to run, which prevents both general and targeted attacks. Useful especially for enterprise-wide security implementations, Xerox and Intel Security offer whitelisting technology that ensures the only function those devices are doing are the services you want to deliver. This same technology is used to protect servers, ATMs, point-of-sale terminals and embedded devices such as mobile devices. MCAFEE’S EPOLICY ORCHESTRATOR (EPO) McAfee’s ePolicy Orchestrator (ePO) is a security management software tool that makes risk and compliance management easier for organizations of all sizes. It presents the users with drag-and- drop dashboards that provide security intelligence across endpoints—data, mobile and networks—for immediate insight and faster response times. ePolicy leverages existing IT infrastructures by connecting management of both McAfee and third-party security solutions to LDAP, IT operations and configuration management tools. For third-party independent proof that we achieve top levels of compliance, certification bodies like Common Criteria (ISO/IEC 15408) and FIPS 140-2 measure our performance against international standards. They recognize us for our comprehensive approach to printer security. CISCO® IDENTITY SERVICES ENGINE (ISE) INTEGRATION Centrally manage and deploy printer security policies. Our partnership with Cisco provides greater Xerox® print device detection capabilities, resulting in finer-grain security policy enforcement. Xerox® devices are automatically recognized and classified by Cisco ISE, permitting network access control and reduction of overhead by eliminating manual entry of printer attributes. Our profiling of printers with Cisco ISE thwarts spoofing attempts by saboteurs to gain unfettered access to sensitive systems. Xerox® print device integration with Cisco ISE provides an operationally efficient approach to meeting security policy objectives. 635 of 1132 640 19 Modern printers and MFPs are a focus for compliance due to the personal and sensitive data they access, store and communicate. Non-compliance can lead to lost business opportunities, losing existing customers or even legal action. Levels of required compliance vary by country and vertical market. The Health Insurance Portability and Accountability Act (HIPAA) in the U.S. and the Data Protection Act in the UK are examples of standards that may need to be met to continue business legally. Common Criteria Certification is an internationally recognized security standard that meets U.S. Department of Defense specifications. With industry-leading security features and a flexible approach to configuration and deployment, Xerox® devices can conform to any standard and have the controls available to match any need. Xerox® systems, software and services conform to recognized industry standards and the latest governmental security regulations. Our products offer features that enable our customers to meet those standards. The following standards are examples: • Payment Card Industry (PCI) Data Security Standards Version 3.0 • Sarbanes-Oxley • Basel II Framework • The Health Insurance Portability and Accountability Act (HIPAA) • E-Privacy Directive (2002/58/EC) • Gramm-Leach-Bliley Act • Family Educational Rights and Privacy Act • The Health Information Technology for Economic and Clinical Health Act • Dodd-Frank Wall Street Reform and Consumer Protection Act • ISO-15408 Common Criteria for Information Technology Security Evaluation • ISO-27001 Information Security Management System Standards • Control Objectives for Information and Related Technology • Statement on Auditing Standards No. 70 • NIST 800-53, adopted by Federal Government and DOD in 2014 • Federal Risk and Authorization Program (FedRAMP) Regulatory and Policy Compliance Product Security Evaluation Document security means peace of mind. One of the hallmarks of the Xerox® product line is a commitment to information security. Our systems, software and services comprehend and conform to recognized industry standards and the latest governmental security regulations. Common Criteria Certification Common Criteria Certification provides independent, objective third-party validation of the reliability, quality and trustworthiness of IT products. It is a standard that customers can rely on to help them make informed decisions about their IT purchases. Common Criteria sets specific information assurance goals including strict levels of integrity, confidentiality, availability for systems and data, accountability at the individual level and assurance that all goals are met. Common Criteria Certification is a requirement of hardware and software devices used by the federal government on national security systems. Achieving Common Criteria Certification Common Criteria Certification is a rigorous process that includes product testing by a third-party laboratory that has been accredited by the National Voluntary Laboratory Accreditation Program (NVLAP) to perform evaluation of products against security requirements. Products are tested against security functional requirements based on predefined Evaluation Assurance Levels (EALs) or specialized assurance requirements. For healthcare, financial services and other industries, the need for security is no less important. Whether they are protecting their customers’ privacy, or intellectual and financial assets, assurance that networks, hard drives and phone lines are safe and secure from hackers, viruses and other malicious activities is critical. Common Criteria Certification, while not a requirement outside the federal government, can provide independent validation. With approximately 150 devices having completed the certification process, Xerox has one of the largest numbers of Common Criteria Certified MFPs. In addition, Xerox was the first manufacturer to certify the entire device and Xerox is the only manufacturer to always certify the entire device. Visit www.xerox.com/information-security/common-criteria-certified to see which Xerox® MFPs have achieved Common Criteria Certification. 636 of 1132 641 20 Security Bulletins and Patch Deployment Xerox developers follow a formal security development life cycle that manages security problems through identification, analysis, prioritization, coding and testing. We strive to provide patches as expediently as possible based on the nature, origin and severity of the vulnerability. Depending on the severity of the vulnerability, the size of the patch and the product, the patch may be deployed separately or take the form of a new release of software for that product. Depending on which Xerox® product requires a patch, customers can download security patches at www.xerox.com/security. For other Xerox® products, the security patch will be made available as part of a new release version of system software. You can register to receive bulletins regularly. In the U.S., customers should sign up for the security RSS feed. Outside the U.S., contact your local Xerox support center. From the www.xerox.com/security website, you have access to timely information updates and important resources: • Security Bulletins • RSS Feed: Get Security Bulletins • Xerox® Product Security Frequently Asked Questions • Information Assurance Disclosure Papers • Common Criteria Certified Products • Vulnerability Management and Disclosure Policy • Product Security Guidance • Articles and White Papers • Statements of Volatility • Software Release Quick Lookup Table • FTC Guide for Digital Copiers and MFPs www.xerox.com/security is your portal to a diverse breadth of security-related information and updates, including bulletins, white papers, patches and much more. Proactive Security for Emergent Threats Offering you the market’s most secure products and solutions today is just part of our story. Our scientists and engineers are hard at work developing the next generation of innovative security technologies to combat tomorrow’s threats and keep your documents safe: micro-printing, fluorescence and infrared print security, Xerox® Glossmark® and Correlation Marks print mark technology, just to name a few. For more information about these technologies, visit www.xerox.com/security. Other things Xerox does: Keep a close eye on the latest risks We closely monitor vulnerability clearinghouses to keep up to date on the latest information—so you don’t have to. Issue security bulletins We’re proactive in providing you with security patches and updates when necessary, keeping your equipment up to date and your data safe. Distribute RSS feeds Up-to-the-minute updates are automatically distributed to customers’ RSS feed readers. Provide you with a wealth of information If you want to learn more on your own, we offer an ever-expanding library of security articles, white papers and guides. Visit www.xerox.com/security to access our full breadth of security resources. In addition to our own extensive internal testing, Xerox regularly monitors vulnerability clearinghouses made available by such entities and resources as US-CERT and Oracle® Critical Patch Updates report; Microsoft® Security Bulletins, for various software and operating system vulnerabilities; and bugtraq, SANS.org and secunia.com for open source vulnerabilities. A robust internal security testing program is also engaged that involves vulnerability analysis and penetration testing to provide fully tested patches. Visit www.xerox.com/security to read the Vulnerability Management and Disclosure Policy. Risk Assessment and Mitigation 637 of 1132 642 21 Xerox and our major manufacturing partners are members of the Electronic Industry Citizenship Coalition (http://www.eicc.info). By subscribing to the EICC Code of Conduct, Xerox and other companies demonstrate that they maintain stringent oversight of their manufacturing processes. Also, Xerox has contractual relationships with its primary and secondary suppliers that allow Xerox to conduct on-site audits to ensure the integrity of the process down to the component level. Xerox also is a member of the U.S. Customs Agency Trade Partnership Against Terrorism. This initiative is focused on supply chain security. Examples of practices adopted by Xerox under this program are those put in place to counter theft or hijacking. Within North America, all trailers moving between the factory and the product distribution centers (PDCs), and between the PDCs and Carrier Logistics Centers (CLCs) are sealed at the point of origin. All trucks have GPS locators installed and are continuously monitored. Manufacturing and Supplier Security Practices 638 of 1132 643 22 Hard Drive Retention Offering for Xerox® Products Xerox provides a Hard Drive Retention Offering to allow customers in the United States, for a fee, to retain the hard drive on leased Xerox® products. This service may be required for customers with very sensitive data, perhaps classified, or with internal policies or regulatory standards that mandate specific disposition processes for hard drives. Upon request for this service offering, a Xerox service technician will travel to the customer location, remove the hard drive and provide it ‘as is’ to a customer representative. At this time, Xerox does not provide hard drive sanitization, cleansing or destruction services on site at customer locations. Customers will need to make arrangements for final disposition of the physical hard drive received from the technician. To determine if your Xerox® product contains a hard drive or review security features available to secure data on hard drives, please visit www.xerox.com/harddrive. For more details about this program, contact your Xerox sales representative or visit www.xerox.com/security under Security Resources in the Articles and White Papers section. Additionally, virtually all new Xerox® printers and MFPs come standard with 256-bit AES disk encryption, as well as 3-pass image data overwrite to ensure our customers’ data is protected from day one on their new equipment. Product Returns and Disposals 639 of 1132 644 23 Network and data security are among the many challenges that businesses face on a daily basis. And because today’s printers and MFPs serve as business-critical network devices that receive and send important data through a variety of functions, ensuring comprehensive security is paramount. An MFP’s entire system, along with any device management software on the network, must be evaluated and certified so that Information Security and all the workers of an organization are certain that their documents and network are safe and secure from information predators—or even from internal security breaches. In that respect, Xerox® MFPs lead the industry. Our comprehensive approach, based on foundational, functional, advanced and usable security, is critical to safeguarding our customers’ information assets. Recognizing this, Xerox continues to engineer and design all of its products to ensure the highest possible level of security at all potential points of vulnerability. We’re committed to safeguarding your data so you can focus on the pursuits and activities that make your business or organization as successful as possible. For more information about the many security advantages offered by Xerox, visit www.xerox.com/security. Summary 640 of 1132 645 24 Competitor Xerox 1 2 3 IP/MAC Address Filtering  IPsec Encryption  IPv6  802.1X Authentication  Secure Print  Scan to Email Encryption  Encrypted PDF/Password- Protected PDF  Digital Signatures  256-bit AES Hard Disk Encryption  Image Overwrite  Secure Fax  Port Blocking  Scan to Mailbox Password Protection  Hard Drive Retention Offering  Print Restrictions  Audit Log  Role Based Access Control  Smart Card Authentication  Common Access Card/ Personal Identity Verification  User Permissions  “Full System” Common Criteria Certification  Integration with Standard Network Management Tools  Security Updates Via RSS Feeds  Embedded McAfee Protection Powered by Intel® Security  McAfee® Integrity Control  McAfee® ePolicy Orchestrator® Integration  Cisco® Identity Services Engine (ISE) Integration  IT security managers are already overwhelmed with managing security demands. Small businesses must rely on effective systems and security software to do much of the work for them. The last thing you and your staff need is more high-touch activity or manual interventions to monitor and keep updated every device and data stream in your environment, including your MFPs and printers. A comprehensive network security plan should include three points of emphasis, with a strategy in place for each to ensure you have a plan that works. 1. “Hands-off, self-protecting” devices that are resilient to new attacks 2. Compliance with the most up-to-date security standards and regulations 3. Complete visibility on the network The New Security Standard for a New Age • Security cannot be an afterthought. • Information is an increasingly valuable intellectual property. • Firewalls aren’t enough; security policies must be holistic and ubiquitous. • Protection for embedded devices is now an integral part of today’s security imperative. Xerox offers comprehensive, multi-layer security that is easy to deploy and manage, and helps keep your business compliant with industry and government standards. Xerox® technology is tested and validated to protect against unauthorized access, data and identity. When comparing Xerox® MFPs with other manufacturers’ products, use the following checklist to determine whether the competitors’ devices provide the same level of end-to-end security as delivered by Xerox. Security Checklist 641 of 1132 646 ©2018 Xerox Corporation. All rights reserved. Xerox®, Xerox and Design®, AltaLink®, CentreWare®, ConnectKey®, Global Print Driver®, GlossMark® and VersaLink® are trademarks of Xerox Corporation in the United States and/or other countries. 4/18 BR21699 SECGD-01UH To learn more, visit www.xerox.com . 642 of 1132 647 ~ ® xerox~ Version 6.3 October2018 Xerox®Device Manager Certification Guide Xerox Confidential 643 of 1132 648 xerox~) ©2018 Xerox Corporation. All rights reserved. Xerox ®, Xerox and Design ®, Xerox Nuvera ®, Phaser ®, VersaLink®, AltaLink ®, iGen ®, WorkCentre ®, CentreWare Web, and Xerox ®ConnectKey®Technology are trademarks of Xerox Corporation in the United States and/or other countries. BR22537 Microsoft®, Windows ®, SQL Server ®, and InternetExplorer ®are either registered trademarks or trademarks of MicrosoftCorporation in the United States and/or other countries. Novell®and Netware ®are trademarks of Novell, Inc. in the United States and other countries. To ensure the efficientfulfillmentof Xerox service offerings, we leverage global competency centers and cloud technology. This may resultin the personal data we process being transferred beyond the European Economic Area (EEA), butwithin the parameters of the defined service offering. The level of protection afforded by General Data Protection Regulation (GDPR) is notundermined through data transfers, and all transfers undertaken by Xerox are carried outin full compliance with GDPR using an approved mechanism and subjectto appropriate safeguards. Changes are periodically made to this document. Changes, technical inaccuracies, and typographic errors will be corrected in subsequenteditions. RevisionHistory Version Date Description 6.3 October 2018 Addressed remote SQL database workload behavior, Fleet Orchestrator to firm- ware upgrade options, new CWW Customer Report User role,permissions require- ments for Certificate Management 6.2 May 2018 Added note about personal data processing for GDPR, removed support for SQL Server 2008 6.1 October 2017 Rebranded. Updated supported versions of SQL Server and Windows Server. 6.0 May 2017 updated supported browsers, hardware and SQL requirements, firmware upgrade details 5.15 February 2016 Added support for SQL 2014 and Microsoft Edge. New section for Setting Addi- tional SNMP V3 Encryption and authentication 5.14 October 2015 Added recommendation example to Hardware and Software Requirements Updated the Windows Server Security Section with FIPS note and admin rights note 5.13 June 2015 Added Windows Event Viewer, updated the Printer Fields Exported to Xerox ®Ser- vices Manager table, and update version of .NET 644 of 1132 649 Table of Contents How to Use This Guide 2 Intended Audience 2 FAQ Related to Implementation 2 Using This Guide 2 Limits to This Guide 3 Certification Roles and Responsibilities 3 Customer IT Organization 3 Enterprise PrintServices – Office Organization 3 Ongoing Operational Roles and Responsibilities – Xerox® Device Manager Site Maintenance 3 Product Overview 6 Requirements 7 Xerox® Device Manager Communication with Devices 7 Hardware and Software Requirements 7 SQL Server Licensing Requirements 9 Remote SQL Database Workload Behavior 9 Software Requirements 9 Network Printer Requirements 10 ClientSoftware Requirements 11 Browser Requirements 11 Browser Settings 11 Additional Recommendations for ClientBrowsing to MPS 12 SNMP Services 12 SNMP V3 Security Enhancements 12 Services Used by the Xerox® Device Manager Application 13 Check the Windows Firewall Status 13 Security 15 Windows Server® Security 15 SQL Server Security 15 InternetInformation Services (IIS) Security 15 Xerox®Device Manager Certification Guide Xerox Confidential i645 of 1132 650 Xerox® Device Manager Configuration Sets Feature 16 SNMP Security 16 SNMP v1-v2 Security 17 SNMP v3 Security Enhancements 17 Users and Groups 17 CWW-Specific Groups 17 The Run As Account 18 Required Permissions 19 Windows Considerations 20 Printer Information Communicated to Xerox® Services Manager 20 Xerox® Device Manager Server Information Exported to Xerox® Services Manager 21 Xerox® Device Manager Job Accounting Data Exported to Xerox® Services Manager 21 Xerox® Device Manager Policy Log Data Exported to Xerox® Services Manager 24 New entry 24 Corporate Security Mode 24 Remote Commands from Xerox® Services Manager 25 Remote Configuration 25 Additional Administration Capabilities 26 Xerox® Device Manager Logs 28 Action Log 28 AuditLog 28 E-mail Log 28 EventLog 28 Systems Infrastructure 30 Network Ports Used by Xerox® Device Manager 30 Windows® Services Utilized by Xerox® Device Manager 31 General Discovery Considerations 31 Discovery Network Data Calculations 34 Network ImpactConsiderations of Status Polling 35 Scheduled Communications Calculations 35 SNMP Alerts Traffic Calculation 35 Active Directory® Customer ImportNetwork Data Calculations 36 Total Xerox® Device Manager Data Transfer Calculations 36 Email Data Comparison 37 Xerox®Device Manager Certification Guide Xerox Confidential ii646 of 1132 651 Production Device Job Data Transfer 38 Integrations with Xerox® Services Manager and the Hosted Deployment Model 40 Xerox® Device Manager to Xerox® Services Manager Interactions 40 Alternative Device Discover Methods 43 IP Easy Discovery 43 Operation 43 When to Use 43 Network Impact 43 Accuracy 43 IP Broadcast 43 Operation 43 When to Use 44 Network Impact 44 Accuracy 44 IP ARP Cache Discovery 44 Operation 44 When to Use 46 Network Impact 46 Accuracy 46 IP Sweep 46 Operation 46 When to Use 46 Network Impact 46 Accuracy 47 SNMP V3 IP Sweep 47 Operation 47 When to Use 47 Network Impact 47 Accuracy 47 SubnetScan 47 Operation 47 When to Use 48 Network Impact 48 Accuracy 48 Xerox®Device Manager Certification Guide Xerox Confidential iii647 of 1132 652 IPX Network Scan Discovery 49 Operation 49 When to Use 49 Network Impact 49 Accuracy 50 IPX Server Discovery 50 Operation 50 When to Use 51 Network Impact 51 Accuracy 51 IPX Address Scan Discovery 51 Operation 51 When to Use 52 Network Impact 52 Accuracy 52 Summary and Next Steps 54 Appendix 55 Firmware Upgrade Information 55 Xerox®Device Manager Certification Guide Xerox Confidential iv648 of 1132 653 Xerox®Device Manager Certification Guide Xerox Confidential 5649 of 1132 654 Xerox®Device Manager Certification Guide Xerox Confidential 1650 of 1132 655 How to Use This Guide How to Use This Guide This guide is designed to help customer organizations certify the deploymentof Xerox ®Device Manager, a front-end software componentof the Xerox Managed PrintServices (MPS software suite. The document contains information related to Xerox ®Device Manager’s potential impactto security, enterprise IT infrastructure, network traffic, resources, and required planning. The certification guide is meantto be used primarily during implementation and after contractsignature, butitcan also be used during pre-sales and evaluation activities. Because the Xerox ®Device Manager software typically is installed within the customer’s network environment, this guide also covers key aspects of the back-end MPS software components. Xerox support teams operate the back-end applications from the secure remote MPS hosted facility, as facilitated by MPS/Xerox®Device Manager interoperability. Intended Audience This guide will be used by the customer’s IT, security, and managementorganizations as well as by Xerox management. Before certifying Xerox ®Device Manager, customers and appropriate Xerox personnel should have a clear understanding of: l the IT environmentatthe site where Xerox ®Device Manager will be installed, l the IP topography (addresses, subnets, and gateways), l any restrictions placed on applications thatare deployed on thatnetwork, and l the Microsoft ®Windows Server ®operating system. FAQ Related to Implementation These are some of the questions thatthis certification guide should address for the IT staff: l Whatadditional hardware and software will be introduced to my IT environment? l Whattypical loads and bandwidth demands will be made on my network? l Whatnew user accounts will be created and whatexisting accounts (if any) will be touched by this applic- ation? l Whatnetwork protocols and IP ports will be used by this application? l Whatlevels of security are incorporated within/around Xerox ®Device Manager? l Whatwill the impactto my printing environmentbe after this application is installed? l Whatother impacts/effects to people, processes, or products will occur? l Whatconsiderations should be given to those who perform the periodic backup of the Xerox ®Device Manager Microsoft ®SQL Server ®database, and if applicable, the database restore? Using This Guide This guide is meantfor customer and Xerox personnel to use as partof the evaluation, testing, and acceptance process. Actual testplans and acceptance criteria are dependentupon the formality or Xerox®Device Manager Certification Guide Xerox Confidential 2651 of 1132 656 How to Use This Guide required documentation of the customer. Responsible areas include security, network, IT Infrastructure, testorganization if required, and outputdevice operations personnel. Limits to This Guide This guide is intended to be the initial information source for MPS customer IT organizations—specifically, a review of those Xerox ®Device Manager features thatmay have a discernible impactto the customer IT environment. The Xerox® Device Manager software is highly configurable and has many features. This guide is based on a standard implementation and a typical customer IT and printer environment. If the customer’s IT environmentdiffers from whatis described in this guide, then the customer’s IT team and the Xerox Managed PrintServices representative need to identify the differences and resolve any potential concerns. The guide’s information is related to the Xerox ®Device Manager 6.3.x release. Although much of this information will remain constantthrough the software’s life cycle, some of the data provided may be revision-specific, and will be revised periodically. IT organizations should check with the Xerox representative to obtain the appropriate version. Certification Roles and Responsibilities Customer IT Organization Ultimately, itis the responsibility of the customer’s IT organization to certify and acceptthe deployment and operation of the Xerox ®Device Manager software and server within their network environment. The customer may have an informal certification process, which is limited to the review of MPS documentation and a Xerox demonstration. Or, the customer may have a more formal process thatrequires actual installation and testing with defined testcriteria and testplan. The customer needs to define the certification criteria, and work with the Xerox team to define the required steps and timeline. Enterprise Print Services – Office Organization Xerox personnel will participate in the certification process, and determine which Xerox® Device Manager features and functions are required and the frequency of Xerox ®Device Manager activities. Ongoing Operational Roles and Responsibilities – Xerox ®Device Manager Site Maintenance As partof the customer certification process, the Xerox accountteam, also known as the Operations Team, and the customer’s IT organization need to define the roles and responsibilities for the ongoing care of the Xerox®Device Manager software installation: l Who will be responsible and whatis the planned schedule for periodic backups for the SQL database thatXerox®Device Manager uses in its operation?If the accountis “unstaffed” with Xerox personnel, then the IT organization needs to include the Xerox ®Device Manager database within their periodic database backup schedule, which they may perform on other systems. In the case thatinstructions for performing MS SQL Server database backups and restores are needed, the instructions for these oper- ations can be found in the Xerox ®Device Manager Read Me file, which is partof the Xerox ®Device Manager software installation (Program Files\Xerox\Xerox Device Manager\Readme.txt). Xerox®Device Manager Certification Guide Xerox Confidential 3652 of 1132 657 How to Use This Guide l If an installation includes server hardware, whatwill be the standard practice for performing the periodic Microsoft®operating system software update?Typically, the Xerox ®Device Manager server will have to follow the software update policies of the customer’s IT organization, butthe two parties need to discuss and agree to this standard practice. l If Xerox staff will notbe managing Xerox ®Device Manager for a customer’s account, who will be responsible for installing required patch upgrades to Xerox ®Device Manager? Xerox®Device Manager Certification Guide Xerox Confidential 4653 of 1132 658 Xerox®Device Manager Certification Guide Xerox Confidential 5654 of 1132 659 Product Overview Product Overview Xerox®Device Manager is the front-end application of the Managed PrintServices (MPS) suite that discovers, installs, configures, manages, monitors, and reports on any type of SNMP-based printing device attached to an IP network, regardless of manufacturer. Xerox ®Device Manager communicates all of this information via a secure link to the Xerox MPS hosted facility. Xerox ®Device Manager is Xerox proprietary software and partof the infrastructure thatfacilitates the delivery of managed printservices by Xerox personnel, which only Xerox personnel can access. Xerox®Device Manager discovers network-connected printers within designated areas of an enterprise (via IP subnets). Xerox ®Device Manager conducts status and meter polling as well as collects device and status history information. Xerox ®Device Manager provides clear and concise status for all networked printers, with the ability to group printers as required for reporting. In summary, Xerox ®Device Manager performs the following: l gathers and reports on printer status l discovers and manages network-connected printers and printservers l collects meter and device history information l monitors printers and printservers for status and alertconditions with auto ticketcreation l initiates troubleshooting tests on single printers (or multiples in a group) and display the results l creates and manages configuration sets used to setup printers and multi-function devices l upgrades printer firmware l installs and manages local and remote printqueues l communicates required information to the secure hosted site Xerox®Device Manager can also discover Locally Connected (Direct) printers attached to computers providing basic printer information, and in some cases, detailed information thatincludes Meters and Consumable Levels. Detailed information is dependenton whatthe DirectPrinter supports. All contractreporting will come from the hosted facility application, Xerox ®ReportManager. Xerox ® Device Manager also has limited reporting capability, which may be used for archive or validation purposes, such as reports on device alerthistory tables and a security auditreport. Xerox®Device Manager Certification Guide Xerox Confidential 6655 of 1132 660 Requirements Requirements Xerox®Device Manager Communication with Devices Xerox®Device Manager supports both industry-standard and private SNMP MIBs; however, the amount and types of managementthatXerox ®Device Manager can provide is dependenton the printer’s level of conformance to these coding standards, such as: l Device Identity (e.g., model, serial number, manufacturer, etc.) l Device Properties (e.g., inputtrays, outputbins, serial number, etc.) l Device Status including overall state, detailed status, UI messages, etc. l Consumables + levels (toner, fuser, printcartridge, + device unique parts) l Supported PDL interpreters (PostScript, PCL, TIFF, PDF, automatic, etc.) l Supported printprotocols (LPD, HTTP, Port9100, Netware PServer, etc.) l TCP/IP protocol suite (SNMP, TCP, UDP, IP, NIC details, etc.) l Finishing options (hole punch, fold, staple, stack, booklet, etc.) l SNMP v3-based trap registration Xerox®Device Manager also collects information from private MIBs for mostmanufacturers where the device is notcoded to the industry standard. The collected information may include the following: l Device firmware and possible upgrade l Device configuration cloning l Detailed usage counters l SNMP based trap registration l Detailed network protocol configuration settings l Network scanning configuration settings on multi-function devices (MFDs) Xerox®Device Manager can also obtain basic information from Directprinters attached to Computers. There are two ways thatXerox ®Device Manager can discover the Directprinters: 1. Discovery of Computers and their Directprinters: Computer Discovery uses by defaultICMP and NetBios File and Printsharing protocols for Computer/DirectPrinter discovery, butcan be expanded to use WMI over RPC when ICMP is notsupported. This method provides basic information aboutthe printers, and does notinclude meter information or consumable levels. See the Required Permissions section for information on whatuser permissions are needed to discover Computers and their DirectPrinters. 2. Xerox ®Printer Agent: Xerox ®Printer Agentclients installed on computers thathave DirectPrinters can reportto an Xerox ®Device Manager server aboutthe directprinters attached. Basic printer information is provided with additional detailed information (meters, consumable levels, etc.) for printers thatsup- portquerying of the detailed information. Note:Refer to the Xerox ®PrintAgentCertification Guide for more details on Xerox ®PrintAgentand the specific data gathered by a Xerox ®PrintAgentclient. Hardware and Software Requirements These are the minimal hardware requirements. Depending on the number of devices being managed and the configuration of the Xerox® Device Manager server, you may need a more advanced hardware configuration or multiple servers. Xerox®Device Manager Certification Guide Xerox Confidential 7656 of 1132 661 Requirements Hardware Requirement Recommendations Processor Intel®Pentium®4 processor at 3 GHZ or Intel ®Core 2 duo (AMD equivalent pro- cessors are supported as well) Memory 4 GB of RAM, with one of the following versions of SQL ® Server installed on the same system: l 2012 l 2014 (Recommended) l 2016 (Recommended) l 2017 (Recommended) l SQL Express ® Server A separate server with SQL installed is highly recommended if: l the number of groups configured for concurrent status polling is greater than 20 and/or l the number of alert profiles is greater than 20 and/or l Job data consumption is greater than 100,000/week. Available Disk Space Minimum: 3GB Recommended: 40GB on 7200 rpm hard drive if collecting historical data on thousands of devices. Table 1: Hardware Requirements RecommendedHardware OperatingSystem AndSQL Requirements: For Installs < 5000 Devices: l Xerox® Device Manager on Windows Server 2008R2 with off-box SQL* - 2 CPU cores @2.9 GHz - 4 GBRAM - 40 GBfree space (preferably on a non-system disk) l Xerox® Device Manager on Windows Server 2008R2 with on-box SQL/SQL Express** - 2 CPU cores @2.9 GHz - 8 GBRAM - 60 GBfree space (preferably on a non-system disk) l Xerox® Device Manager on Windows Server 2012R2 with off-box SQL* - 2 CPU cores @2.9 GHz - 12 GBRAM - 40 GBfree space (preferably on a non-system disk) l Xerox® Device Manager on Windows Server 2012R2 with on-box SQL/SQL Express** - 2 CPU cores @2.9 GHz - 16 GBRAM - 60 GBfree space (preferably on a non-system disk) * Use the newestversion of SQL acceptable to the customer. ** On-box SQL is only recommend for very small installations (< 200 devices) For Installs > 5000 devices: l Use an off-box SQL Server l Increase memory by 50% Xerox®Device Manager Certification Guide Xerox Confidential 8657 of 1132 662 Requirements l Add 2 CPU cores For Installs >10,000 devices: l One terabyte disk space l 6 GBRAM l Quad Core 3.4 Ghtz processor l SQL Enterprise on separate server If running on a virtual system, all resources need to be dedicated to Xerox ®Device Manager. Note:In the eventthatyou need to install Xerox® Device Manager on a rack-mounted server, itis expected thata Keyboard-Video-Mouse terminal interface to the server will be provided. SQL Server Licensing Requirements When deploying Xerox ®Device Manager, you have to consider the SQL Server ®licensing because Microsoftoffers a number of licensing options. If you are going to use an Express version, be aware that since ituses a single processor license, you do nothave to consider the number of connections. If you are going to an Enterprise version, you need to consider the licensing option. If you are going to use CAL licensing, Xerox ®Device Manager requires a minimum of three CALs, which covers only the application and local access to the server. If you have any connections to help you manage Xerox ®Device Manager through a browser or if you have any printserver/workstation thatis running the Xerox ®PrintAgent, you will need an additional CAL for each one. Note:You have the ability to change the SQL Server database names during installation. When multiple Xerox®Device Manager servers are required and you mustuse a remote SQL Server, you can install the differentXerox®Device Manager servers on the same instance of the SQL Server by giving the Xerox ® Device Manager SQL Server databases differentnames. Remote SQL Database Workload Behavior In mostcases the database workload behavior of Xerox ®Device Manager is OLAP. However, please note thatfor configuration setting updates thatinvolve large fleets the system can exhibitbehavior consistent with Batch or ETL workloads. Customer choices for managementof features (updates vs audit) and scheduling of configuration policies (immediate vs off hours) will affectthe workload behavior. Software Requirements Software Requirements Supported Operating Systems Windows®2008 R2 x86 and x64 Windows®2012 and 2012 R2 Windows®Server 2016 x64 Note:Xerox®Device Manager does not support Windows ®systems running on a Nov- ell®client, Macintosh ®, or non-NTFS partitions. Note:Xerox®Device Manager does not support installation on a Domain Controller. Web Server Internet Information Services (IIS) 6.0 or above Internet Protocol Working Microsoft ®TCP/IPv4 Stack Browser Internet Explorer ®9.0, 10, 11 Microsoft Edge Access Components Windows Data Access Components (WDAC):MDAC changed its name to WDAC (Windows Data Access Components) and Windows Server 2008. WDAC is included as part of the operating system and is not available separately for redistribution. Ser- Xerox®Device Manager Certification Guide Xerox Confidential 9658 of 1132 663 Requirements Software Requirements Supported viceability for WDAC is subject to the life cycle of the operating system. Microsoft®.NET Framework Microsoft®.NET 4.5.2 Note:The .Net Framework is not installed with Xerox ®Device Manager and needs to be installed prior to running the installation for Xerox ®Device Manager. Microsoft®Core XML Ser- vices 6.0 required for some of the application's functionality Database Server Recommended:Use SQL Server ®Standard/Enterprise if available in the customer’s IT environment. Note:If using a remote SQL Server, both the remote client on which SQL Server is installed and the Xerox ®Device Manager Server client require the Microsoft ®Dis- tributed Transaction Coordinator (MSDTC) service to be enabled and configured in order to allow remote client access. If the Windows ®Firewall is running a firewall, an exception needs to be created for the MSDTC service. Note:When managing more than 5,000 devices or using the Xerox ®Print Agent fea- ture,we recommend that you install a SQL Standard/Enterprise version of SQL on a separate server. The requirements for the separate database server should match the requirements for the Xerox ®Device Manager server. Note:If using an Azure SQL Services installation, the following components need to be installed and the server rebooted prior to installing Xerox® Device Manager 6.3: 1. Windows Management Framework 5.1 (Windows Server 2016, 2012 R2 or 2012*) *not available for Server 2008 or Server 2008 R2. 2. Azure Powershell 6.7.0 or later can be downloaded here from https://github.com/Azure/azure-powershell/ Both *x86 or x64 (default) should work. Table 2: Software Requirements Network Printer Requirements For a full Xerox Office Services implementation, Xerox® Device Manager will require access to the Internetvia SSL for integration with Xerox® Services Manager. For successful managementby Xerox ® Device Manager, all SNMP-based printer devices should supportthe mandatory MIBelements and groups as defined by the following standards: Network Printer Discovery/Monitoring Requirements Recommendations RFC 1157 SNMP Version 1 RFC 1213 MIB II-for TCP/IP-based Internet RFC 1514/2790 Host Resources MIB v1/v2 RFC 1759 Printer MIB v1 RFC 3805 Printer MIB v2 RFC 3806 Printer Finishing MIB Optional: RFC 2271-2275 SNMP V3 Architecture Table 1: Hardware Requirements Xerox®Device Manager Certification Guide Xerox Confidential 10659 of 1132 664 Requirements Client Software Requirements The following sections discuss the requirements for PC access to the Xerox ®Device Manager Web-served application. Browser Requirements Although the Xerox ®Device Manager server can be used to directly browse to the Xerox ®Device Manager application, in some cases, itis necessary for Xerox Managed PrintServices personnel to access the application from a desktop. The supported browsers for Xerox ®Device Manager are InternetExplorer 9.0, 10.0, 11.0 and MicrosoftEdge. Note: l Transmission Control Protocol/InternetProtocol (TCP/IP) mustbe loaded and operational. l To use the IPX Network features of Xerox ®Device Manager, an IPX protocol stack mustbe loaded and operational on the Xerox ®Device Manager server. l In environments supporting devices with IPv6 addresses, InternetExplorer 9.0 or above should be installed to enable printer images to be visible on the Device Details page in Xerox ®Device Manager. Browser Settings The following settings should be applied to any browser connecting to the MPS software. 1. From Tools>Internet Options>Advanced, locate the HTTP 1.1 settings node in the settings. Use HTTP 1.1 is required, and should already be checked. Use HTTP 1.1 through Proxy connections is required if you are behind a proxy server. Check with your local Desktop Administrator if you are unsure. Scroll further in the Advanced tab options, to the Security section. For application Security, uncheck Do notsave encryp- ted pages to disk. For application performance: check Do notsave encrypted pages to disk. Note:For Security, uncheck Do notsave encrypted pages to disk. Application performance will be heav- ily degraded. Verify this setting with your local Desktop Administrator first. 2. Check Use SSL 3.0 and Use TLS 1.0, TLS 1.1, and TLS 1.2. (Verify this setting with your local Desktop Administrator first). Note:We recommend thatyou use the mostrecentand, therefore, mostsecure version when possible. Some Microsoftsecurity patches have disabled TLS 1.0 and 1.2 on targeted systems. An Administrator needs to manually re-enable 1.0 and 1.2, if those versions are desired. Additionally, some older devices may notsupportTLS 1.2 withoutthe latestsystem firmware. As a result, you may experience incom- patibility with your system and selectdevices. A hybrid approach is necessary in such cases. 3. Check Warn if forms submission is being redirected. (Verify this setting with your local Desktop Admin- istrator first.) The remaining settings on this tab have no bearing on MPS security or performance: 1. From Tools>Internet Options>Privacy: Advanced 2. There are two acceptable settings for this option. This is a required setting, buteither of the two choices is acceptable. The firstis for the Override automatic cookie handling box to be unchecked. This is the defaultsetting. If the Override automatic cookie handling box is checked, under First-party Cookies the radio button for Acceptshould be selected. Always allow session cookies should also be selected. The Third-party Cookies option has no bearing for the MPS applications. Verify with your local Desktop Administrator which cookie handling setting is appropriate for your site. 3. From Tools>Internet Options>Privacy: Settings, if the Block pop-ups option is checked, click the Settings button to editthese settings. Add *.services.xerox.com to the listof Allowed Sites. This setting change Xerox®Device Manager Certification Guide Xerox Confidential 11660 of 1132 665 Requirements also applies to any third-party popup-blockers. (Verify this setting with your local Desktop Administrator first). 4. From Tools>Internet Options>General>Temporary internet file settings, make sure thatCheck for newer versions of stored pages is setto Automatically. Make sure thatthe Amountof disk space to use: is setto atleast500 Mb. 5. From Tools>Internet Options>Security, click the Trusted sites Web contentzone, and click the Sites but- ton. Add https://office.services.xerox.com and https://reporting.services.xerox.com to the listof Web sites. Make sure thatRequire server verification (https:) for all sites in this zone is selected. Additional Recommendations for Client Browsing to MPS 1. If your Anti-Virus producthas a scriptscanning feature, this feature should be disabled or *.ser- vices.xerox.com should be added to the listof excluded sites. (Optional:However, application per- formance could be heavily degraded if scriptscanning is enabled. Verify this setting with your local Desktop Administrator.) 2. If you are running third party pop-up blockers, you should add *.services.xerox.com to the listof allowed sites. SNMP Services The Windows ®“SNMP Service” installs an SNMP agenton the server and can respond to SNMP-based requests for information. l WIN SNMP APIs are notused. Instead of using WinSNMP API to decode and encode packets Xerox ®Device Manager uses the Xerox SNMP encoding/decoding mechanism. The Xerox ®Device Manager SNMP communication infrastructure is completely .NET managed and .NET runtime provides fundamental security benefits which include, but are notlimited to, invalid pointer manipulations, buffer overruns and bounds checking. l Unless there is a local requirementto utilize the Microsoft ®SNMP service, itshould be disabled on the Xerox®Device Manager server. The Xerox ®Device Manager server is only atrisk if the Windows ® “SNMP Service” is installed and running. l The Windows ®SNMP Trap service should also be disabled in order for Xerox ®Device Manager to receive SNMP traps. Note: The SNMP agentservice, which ships with Windows ®platforms, is notinstalled or running by default. l The SNMP protocol can be disabled on several newer network printers as well. If this protocol is dis- abled, the Xerox ®Device Manager application will notbe able to discover these newer printers. l The SNMP protocol may be blocked atthe router level on one or more of the customer’s subnets. If this is the case, the Xerox ®Device Manager application will notbe able to discover printers connected to these subnets. SNMP V3 Security Enhancements SNMP is the mostwidely used in-band managementprotocol used for communication among network managementstations and the devices being managed. In its currentform, SNMP's security is limited to three methods of access: Read-only, Write-only and Read-write. Access from the managementstation (Xerox®Device Manager) to the devices is granted by "community strings," which are simply the groups to which the devices belong. Although disabling the write function in SNMP can preventmostin-band attacks, SNMP is a relatively insecure protocol, with nothing more than the community strings acting as passwords. Xerox®Device Manager Certification Guide Xerox Confidential 12661 of 1132 666 Requirements The SNMP V3 framework supports multiple security models, which can existsimultaneously, within an SNMP entity. SNMP V3 messages contain a field in the header thatidentifies which security model must process the message. To ensure some form of interoperability, a User-based Security Model (USM) is implemented to defend againstunauthorized modification of managed elements and spoofing. Although SNMP V3 is a huge step forward in secure manageability, itcannotprevent"denial-of-service" attacks. In addition, its security system muststand alone, meaning every device musthave a database of users/passwords. Since this is notlikely to happen in mostcompanies, all devices are leftatrisk. Note:Refer to the Enabling High Security Guide for further SNMP v3 information and deployment considerations. Services Used by the Xerox ®Device Manager Application The following services are used by the Xerox ®Device Manager application: l Remote Procedure Call l Windows®ManagementInstrumentation(Used for detailed computer information during IP Domain Discovery or Managed Printer Server operations) l MSSQL$XEROXCWW (if selected defaultSQL option during install, otherwise the SQL Server® service selected during install) The following services are a partof the Xerox® Services Manager applications: l Xerox®Discovery Service l Xerox®Schedule Service A listof the services in use is available from the Xerox ®Services Manager interface to registered Device Managers. Check the Windows Firewall Status Certain Windows Firewall settings are required to allow the server to be added as a managed printserver, which allows the Xerox ®Device Manager server to communicate with the Xerox PrintAgenton peer computers and to getbasic properties from any computer discovery. To retrieve additional detailed computer properties, Windows Firewall mustbe disabled. To check the configuration of the Windows Firewall software perform the following: Windows Server ®: 1. Select Start> Control Panel> Windows Firewall. 2. Select Change Settings. 3. SelectExceptions tab. Enable the File and Printer Sharing program and select OK. 4. Select Start> Administrative Tools> Windows Firewall with Advanced Security. 5. Select Inbound Rules. Make sure the File and Printer Sharing (Echo Requests) are enabled. The correctenablementshould happen when the File and Printer Sharing Exception has been enabled. Xerox®Device Manager Certification Guide Xerox Confidential 13662 of 1132 667 Xerox®Device Manager Certification Guide Xerox Confidential 14663 of 1132 668 Security Security Security is an importantconsideration when evaluating tools of this class. This section is intended to provide some background into the security methods used by Xerox ®Device Manager and offer some information on changing security-related defaults, if required. Windows Server ®Security Xerox®Device Manager uses the security features builtinto MicrosoftWindows Server ®operating system including: l User authentication and authorization - The User requires a Domain/Local service accountwith full administrator rights l Services configuration and management l Group policy deploymentand management l InternetConnection Firewall (ICF) including: - Security Logging settings - ICMP settings l FIPS 140-2 compliant SQL Server Security Xerox®Device Manager uses the security features of both SQL Server Express and SQL Server including SQL Server user accountregistration and DSN encryption. During Xerox ®Device Manager installation, a non-standard SQL Server network portcan be used if desired. This portcannotbe changed after installation. During Xerox ®Device Manager installation, the user will need SQL Server administrative rights, while Xerox ®Device Manager will only need DBO rights after installation. During Xerox ®Device Manager installation, the accountused to install Xerox ®Device Manager requires the SQL Server administrative rights (i.e., sys_admin). After installation this role may be revoked, and the Xerox ®Device Manager accountwill only need DBO rights after installation. As with many applications, customers must take extra care to preventunauthorized use and abuse. Therefore, itis importantto keep all servers and applications updated with the latestpatches and service packs. Internet Information Services (IIS) Security IIS, as a Web page server, is an area thatrequires particular attention in terms of security. The following are security-related recommendations for using IIS with Xerox® Device Manager. l Apply the latestService Packs and Critical Updates available from Microsoft. l Leave basic authentication off – With basic authentication on, the username and password are clear text-based and pose a potential security issue. When itis turned off, clientbrowsers mustconnectto these secure areas via Windows® authentication. Xerox®Device Manager Certification Guide Xerox Confidential 15664 of 1132 669 Security If more security measures need to be employed atthis site, firstconsider using native IIS security features such as: l Use alternative Web site other than the default– Xerox® Device Manager can be configured to use a differentWeb site other than the defaultWeb site setduring installation. l Change the HTTP portnumber – In IIS, the portnumber used for the Xerox® Device Manager server can be modified on the defaultWeb site, which is partof the installation, or on another Web site that you have configured Xerox® Device Manager to use. l Restrictaccess to the Web site to specific IP addresses – Modify the access via the properties on the DefaultWeb site found in the IIS snap-in. l Consider turning off anonymous authentication to all of Xerox® Device Manager – By default, no pass- word is required to access the view-only Xerox® Device Manager pages. l Use secure communications such as HTTPS/SSL/certificates. Xerox®Device Manager Configuration Sets Feature Within any managed site, there may be a need to manage the settings common to various machines efficiently and effectively. Xerox ®Device Manager’s Configuration Sets functionality can provide this capability to significantly aid in conformance stability. Configuration Sets are extremely useful with a large fleetof devices and/or where there is a high level of device moves, adds, or changes because they provide a reusable template to both monitor and setdevice configuration parameters. Configuration Sets are currently compatible with a variety of the Xerox ®networked models. Configuration Sets have the ability to: l expose and display open TCP and UDP ports on any network printer to identify potential security holes within the printenvironment l lock the device console to preventtampering l inspectprinter protocols and service settings for unauthorized changes l turn on authentication for network scanning l disable unused protocols and services on Xerox ®network printers l define SNMP Get/Set/Trap community names l manually add SNMP v3-compliantprinters in order to authenticate and encryptall communication between them l setthe Image Overwrite capability l setthe Feature Installation Key across a fleetof eligible devices l enable webletfor remote installation on Xerox ®ConnectKey®Technology devices l enable remote access to the console panel on ConnectKey devices SNMP Security The Simple Network ManagementProtocol (SNMP) is the mostwidely-used-network-managementtool for communication between network managementstations and the managed devices. Xerox ®Device Manager uses SNMP during its discovery operations to provide detailed information aboutprinters itfinds on the network. After discovery, SNMP monitors printers for faults and changes in status, to carry configuration setchanges and supportprinter troubleshooting. SNMP V3 is the latestversion on SNMP and, as such, is the mostsecure and supported. We recommend thatyou use SNMP V3 whenever possible, including in conjunction with V1 and V2. In some instances, OS supportwill notbe available for SNMP V3. In such cases, use V1 and V2. Xerox®Device Manager Certification Guide Xerox Confidential 16665 of 1132 670 Security SNMP v1-v2 Security In SNMP v1/v2, security is limited to three methods of access: Read-Only, Write-Only, and Read-Write. Community strings, which are the names of the groups thatthe devices belong to, provide access from the managementstation to the devices. You can configure Xerox® Device Manager to use non-default community string names and to use multiple community string names. Be careful when configuring additional community string names because each name increases the overall discovery process workload. SNMP v3 Security Enhancements SNMP is the mostwidely used in-band managementprotocol used for communication among network managementstations and the devices being managed. In its currentform, SNMP's security is limited to three methods of access: Read-only, Write-only and Read-write. Access from the managementstation (Xerox® Device Manager) to the devices is granted by "community strings," which are simply the groups to which the devices belong. Although disabling the write function in SNMP can preventmostin-band attacks, SNMP is a relatively insecure protocol, with nothing more than the community strings acting as passwords. The SNMP V3 framework supports multiple security models, which can existsimultaneously, within an SNMP entity. SNMP V3 messages contain a field in the header thatidentifies which security model must process the message. To ensure some form of interoperability, a User-based Security Model (USM) is implemented to defend againstunauthorized modification of managed elements and spoofing. Although SNMP V3 is a huge step forward in secure manageability, itcannotprevent"denial-of-service" attacks. In addition, its security system muststand alone, meaning every device musthave a database of users/passwords. Since this is notlikely to happen in mostcompanies, all devices are leftatrisk. Users and Groups Xerox® Device Manager provides access restriction based upon the roles assigned to Windows users including: Administrator, Power User, and User. The Administrator role is used during the Xerox® Device Manager installation and remote discovery procedures,Power User during printmanagementactivity, and the User role for local discovery, view-only display and reporting. Note:User names and passwords are notsentover the network. If no username is provided during software installation, the Xerox ®Device Manager installer will create a “CWW Run As Account” user and place itinto the local Administrators group. If a username is provided atinstallation, thatuser will be authenticated and then placed in the local Administrators group. If users remain restricted to the local Administrators group, they will only be able to manage local printers and queues and notbe able to manage any network connected devices. CWW-Specific Groups Access restriction is dependentupon the groups to which the user is assigned. Xerox ®Device Manager creates user groups during install thatgrantmembers specific rights to the Xerox ®Device Manager application. Xerox ®Device Manager groups are created with “CWW” in the name. The CWW Administrators group grants full administrative permissions to its members. The CWW Power Users Group grants printmanagementpermissions to users in environments where sysadmin privileges would be neither required nor desirable. Members of this group can: l Create/Edit/Delete reports l Editand Modify Traps Xerox®Device Manager Certification Guide Xerox Confidential 17666 of 1132 671 Security l EditPrinter/Protocol/Scan Properties printer action l Apply Configuration Sets/Check Compliance l Troubleshoot/Rebootfaulted printers l Perform printer group administration The CWW Configuration Set Admin performs all actions on configuration sets and may editprinters, troubleshoot, and resetprinters. The CWW Edit Device Admin may editprinters, troubleshoot, run configuration sets, and resetprinters. The CWW Report User has limited access to the Reports tab and may view and send reports. The CWW Report Admin may perform all action on reports. The CWW SQL Users Group grants rights to run the Xerox ®Device Manager application instead of using the Network Services account. The CWW Customer Group grants access rights to the Xerox ®Device Manager Customer View. The CWW Customer Administrators Group grants administrative rights to access the Xerox ®Device Manager Customer View. The CWW User may view the printer group to which the user belongs, refresh printer data, and view the Xerox®Services Manager assetdetails for a printer. The CWW Customer Report User has read access to the device compliance dashboard and includes the per- missions of the CWW Customer. Users cannotremediate or create policies, they can only see the results. The Run As Account Before deploying Xerox ®Device Manager, the implementation team should consider whether there is a need to administer remote printservers. If there is a need, then the necessary authorization credentials for those printservers are required. Xerox ®Device Manager supplies an existing accountas the application administrator. The Run As capability provides additional security by defining a specific Windows ®account thatXerox®Device Manager can use to administer printservers. Enter these credentials in one of the following ways: l The application installer provides an inputfor the Run As account, if known. l The Xerox ®Device Manager Configuration Utility specifies the credentials of the Run As accountafter installation. This utility complies with the customer user accountsecurity policies and provides flexible configuration of the Xerox ®Device Manager application. - The Xerox ®Device Manager Configuration Utility can only be launched from the Xerox ®Device Man- ager server UI unless Terminal Services are available. - The Xerox ®Device Manager Configuration Utility is accessed from Start>Programs>Xerox on the Xerox®Device Manager server. This utility enables an administrator to perform the following tasks: l Change the defaultXerox ®CentreWare®Web user accountpassword l Change the password of the Run As account l Change the password of the SQL Server and port l Importand exportdatabases Xerox®Device Manager Certification Guide Xerox Confidential 18667 of 1132 672 Security Required Permissions Depending on the configuration of the devices thatneed to be managed, you mightneed differentlevels of accounts and privileges. The table below outlines the functions and privileges required within Xerox ® Device Manager and offers some alternate group choices to accomplish printer and queue management. Xerox®Device Manager Function Required Pribiledges for the Xerox® Device Manager Run-As Account Discover Network Printers None Discover Locally-connected (Direct) Desktop Printers Account can be a member of the Domain Users group to query only shared print queues on every computer that will be inspected or Member of the Domain Administrators groupt to query both shared and unshared print queues on every computer that will be inspected or Member of every computer’s local Administrators group to query both shared and unshared print queues on every computer that will be inspected Note: Integration with XPA for the detection of Locally (Direct) Printers does not require certain permissions from the Run As Account. Discover Computers Member of the Domain Users group to discover and retrieve only basic com- puter properties or Member of the Domain Administrators group to discover and retrieve basic AND detailed computer properties or Member of every computer’s local Administrators group to discover and retrieve basic and detailed computer properties Discover printers via Active Dir- ectory®partitions Member of the Domain Users group Discover printers via Managed Print Servers Account can be a member of the Domain Users group to query only shared print queues or Member of the Domain Administrators group to query both shared and unshared print queues or Member of every computer’s local Administrators group to query both shared and unshared print queues Create New Queue + Publish in Act- ive Directory Member of the local Administrators group where print queue is created Delete/Edit Print Queue Member of the Print Operator group or Member of the Administrators group where the queue resides Certificate Management In order to access the private key to download the certificate from an NDES server security, a Network Service user needs security permission in the fol- lowing folder: C:\Documents and Settings\All Users\Application Data\Mi- crosoft\Crypto\RSA\MachineKeys Xerox®Device Manager Run As AccountPrivileges Xerox®Device Manager Certification Guide Xerox Confidential 19668 of 1132 673 Security Windows Considerations You may wantto disable InternetExplorer Enhanced Security Configuration. This improves user experience. 1. To disable this feature click on Start > Administrative Tools > Server Manager. 2. Under Security Information select Configure IE ESC. 3. The Have Disk control for adding device drivers to the printserver in Xerox ®Device Manager will not work unless webdav has been enabled for IIS. 4. To enable webdav for IIS, select Start > Administrative Tools > Internet Information Services (IIS) Man- ager. Click on Web Service Extensions and then select Webdav in the rightpane. Finally, click the Allow button. Printer Information Communicated to Xerox ®Services Manager The table below identifies printer attributes exported by defaultto Xerox ®Services Manager. In those accountimplementations where customer network security may dictate limited data exports, all of these fields (exceptfor those in the bulleted listbelow) can be disabled for transmission to Xerox ®Services Manager through the AccountAdministration>Field Customization function within Xerox ®Services Manager. l Description l Icon l Manufactuer (Device) l Serial Number (Device) l Serial Number (Scrubbed) l Usages Counter Meters Once configured, Xerox ®Services Manager communicates these restrictions to Xerox® Device Manager to preventtransmission of restricted data by Xerox® Device Manager to Xerox® Services Manager. For those accounts requiring configuration of fields in Xerox® Device Manager, a subsetof these fields can be configured within the Xerox® Device Manager server’s Xerox Services Manager sync options configuration. The listof fields disabled in Xerox® Device Manager can be seen in Xerox® Services Manager, butcannot be modified within Xerox® Services Manager. 2 Sided Percentage Advanced Finishing Supported Advanced Status Update Date Analog Fax Capable Analog Fax Description Analog Fax Modem Installed Analog Fax Phone Number Black Rated PPM Can Manage Color Capable Color Rated PPM Compliance Level Console Country Console Language Customer Asset Number* Custom Property 1 Custom Property 2 Custom Property 3 Custom Property 4 Custom Property 5 IP Default Gateway Description*Device Language Device Time Zone Discovery Date Discovery Method Discovery Type DNS Name Duplex Capable Finishing Options Firmware Level*Hard Disk Present Hard Disk Size MD Icon IP Address Changed IP Address (Device) IPX Address IPX External Network Number IPX Print Server Name Last Known IP Address Last Status Attempt MAC Address Machine Up Main Status Manage Request Date Xerox®Device Manager Certification Guide Xerox Confidential 20669 of 1132 674 r l I I I I I I I I I I I I I I I I I I l l Security Time Manage Request Date Managed State Manufacturer (Device)* Marking Technology (Device) Xerox Asset Number MIB Country Physical Memory Total MB Queue Name (Device)* Scan to E-Mail Capable Scan to File Capable Scan to Internet Fax CApable Scan to Server Fax Capable Scanner Description Scanner Installed Serial Number (Device)* Serial Number Scrubbed Status Date SubnetAddress Subnet Mask System Contact System Name Target Volume Traps Enabled Traps Supported Type*Update Date Usage Counter (Meters)* Utilization Percentage Consumables Inform- ation Printer Fields Exported to Xerox ®Services Manager by Xerox ®Device Manager Note:Items marked with an * are items sentfor Locally Connected (Direct) Printers. Xerox®Device Manager Server Information Exported to Xerox ®Services Manager Certain fields are required by Xerox® Services Manager in order to successfully exportjob accounting data up to Xerox® Services Manager. Please note thatyou should enable or disable any optional fields in Xerox® Device Manager before enabling the feature thatwill exportjob accounting data to Xerox® Services Manager. Xerox®Device Manager Server DNS Name Xerox®Device Manager Server IP Address Xerox®Device Manager Site Name Xerox®Device Manager Software Build version Xerox®Device Manager Server Time Zone License Expiration Date Xerox ®Device Manager data- base size (in MB) Xerox®Device Manager Discovery database size (in MB) Hard Drive capacity (in MB) Hard Drive free space (in MB) Xerox®Device Manager Server RAM memory size (in MB) Xerox®Device Manager Server RAM memory free size (in MB) Number of Managed Print- ers Number of Unmanaged Printers Critical Services running on the Xerox®Services Manager Server (this includes both Xerox®Device Manager and Xerox®Services Manager) Operating System Name Operating System Type (32/64 bit) Processor .NET version Corporation Security Mode Xerox ®Device Manager Server MAC Address (Cur- rent & Initial) Xerox®Device Manager Information Exported to Xerox® Services Manager Xerox®Device Manager Job Accounting Data Exported to Xerox® Services Manager Certain fields are required by Xerox ®Services Manager in order to successfully exportjob accounting data up to Xerox ®Services Manager. Please note thatyou should enable or disable any optional fields in Xerox®Device Manager before enabling the feature thatwill exportjob accounting data to Xerox ® Services Manager. Xerox®Device Manager Certification Guide Xerox Confidential 21670 of 1132 675 r l I I I I I I I I I I I I I I l l Security Column Name Required Enabled by Default Description Comments j_clientMachineName No Yes WINS name of workstation from where job was sub- mitted j_colorPrint No Yes Whether job is color j_contentSize No Yes Job size in bytes j_copiesPrinted No Yes Number of copies reques- ted for the job j_deviceIP No No IP address of the printer that processed the job Not exported j_deviceMACAddress No Yes Mac address of the printer that processed the job Not exported j_deviceModel No No Printer driver through which the print job was submitted Not exported j_documentName No Yes Title of the job j_documentTypeID No Yes Document type of the file which was submitted as a print job j_duplexPrint No Yes Whether job requested is duplex j_jobCompletionTime Yes No Date and time when the job is completed as per the job reporting source j_jobID Yes No Job ID assigned by the source reporting the job j_jobPK Yes No DB Unique ID assigned to each job record j_jobSubmissionTime Yes Yes Date and time when the job was submitted as per the job reporting source j_mediaSize No Yes Media size requested in the job j_mediaType No Yes Media type requested in the job j_ownerUser No No Network user who sub- mitted the job j_pageCount No Yes Total impressions scanned or printed by the printer j_printServerName No Yes WINS name of the machine that delivered the job to the printer j_queueName No Yes Windows Queue Name through which job was prin- ted j_portName No Yes Windows Queue Port Name through which job was prin- Xerox®Device Manager Certification Guide Xerox Confidential 22671 of 1132 676 Security Column Name Required Enabled by Default Description Comments ted j_printServerMacAddress No Yes Mac address of the machine that delivered the job to the printer j_overflowOccured No No Set to TRUE if Xerox® Device Manager determ- ines erroneous page count was reported Not exported j_exportedXAM No No Set to TRUE if job record has been exported to Xer- ox® Services Manager Not exported j_uniqueID Yes No Unique ID of the printer record that processed the job j_deviceCreated No No Set to TRUE if job asso- ciated printer is known to Xerox® Device Manager Not exported j_bwPageCount No Yes Total BW impressions scanned or printed by the printer j_colorPageCount No Yes Total Color impressions scanned or printed by the printer j_jobType Yes Yes Whether the job is PRINT or COPY or SCAN or FAX- SEND or FAX-RECEIVE Required j_jobAcctSource No Yes Identifies the job account- ing source: blueprint, equitrac, docusp, other Added j_devJobCompletionTime No Yes The job completion time reported by device. Added j_userID No Yes The accounting user name Added j_userAccountID No Yes The chargeback code for the job Added J_deviceDNSName No Yes DNS Name of the printer J_deviceSerialNumber No No Serial Number of the printer j_jobUniqueID No Yes The unique job ID Added j_chargebackPrice No Yes The chargeback price of the job Added Xerox®Device Manager Certification Guide Xerox Confidential 23672 of 1132 677 Security Column Name Required Enabled by Default Description Comments j_colorMode No Yes The job color details: 1 col- or,2 colors,3 colors,4 colors, few colors, auto, for low price mode, mixed, mono- chrome, other, unspecified Added j_nUp No No Number of images per page Added. Only exported for FX. Xerox®Device Manager Job Data Exported to Xerox ®Services Manager Xerox® Device Manager Policy Log Data Exported to Xerox® Services Manager If XPA is leveraged in the accountto implementthe Enterprise PrintGovernance solution, policy log data is collected by Xerox® Device Manager and then exported to Xerox® Services Manager. The following log data is collected as per policy violation when a printdocumentis submitted: Client Machine Name Print Server Name Date and Time when policy rule was violate Document Name Windows Network User Name Windows Print Queue Name Rule Action Is Customer Noti- fied Is Duplex Is Color Total Impressions Job Price Message shown to the User Print Policy Plan Name Print Policy Rule Name New entry Corporate Security Mode In addition to any scheduled synchronization by the Xerox ®Device Manager server to Xerox ®Services Manager, there is a daily synchronization performed by default. If all scheduled synchronizations are turned off, the daily synchronization maintains accurate information between Xerox ®Device Manager and Xerox®Services Manager. There is a capability within Xerox ®Device Manager to turn off this daily synchronization. Within the Administration> XOS Suite > Xerox Services Manager > Sync Option page, there is a configuration item for Corporation Security mode. The two modes thatexistare Normal and Locked Down. In Normal mode, the defaultsynchronization will continue to run when all scheduled synchronizations have been switched off (recommended mode). In Locked Down mode, the default synchronization will also be turned off if all polling schedules are switched off as well. When Locked Down mode is turned on, there is no communication with Xerox ®Services Manager, and any setting changes done through Xerox ®Services Manager mustthen be done on-site. Locked Down mode does the following: 1. Disable the Nightly synchronization with Xerox ®Services Manager. 2. Disables the sending of the Xerox ®Device Manager server IP address and DNS name to Xerox ®Ser- vices Manager. 3. Disables the sending of device IP address information to Xerox ®Services Manager. 4. Disables the ability to importXerox ®Services Manager discoveries. 5. Disables the exportof Xerox ®Device Manager discoveries to Xerox ®Services Manager. Xerox®Device Manager Certification Guide Xerox Confidential 24673 of 1132 678 Security Remote Commands from Xerox® Services Manager Xerox®Device Manager can be configured in two ways to check its corresponding accountwithin Xerox ® Services Manager to see if the accountadministrator has posted a command requestto Xerox ®Device Manager. First, Xerox ®Device Manager can be configured for instantremote commands. When configured for instantremote commands, Xerox ®Device Manager will make an immediate connection to Xerox ® Services Manager for remote commands. Xerox ®Services Manager will notreturn and the session will be leftopen until a command is posted or the session is timed out. When a command is posted, Xerox ® Device Manager will execute the command and return to Xerox ®Services Manager with the results, and then reopen a new session. If there is a timeouta new session will be established with Xerox ®Services Manager within 60 seconds. In this configuration, we can getreal-time responses to commands, reducing the time operations centers waitfor information. Second, Xerox ®Device Manager can be configured to periodically poll. You can configure Xerox ®Device Manager to periodically poll its corresponding accountwithin Xerox ®Services Manager to see if the accountadministrator has posted a command requestto Xerox ®Device Manager. This polling is an extremely lightweightWeb interface interrogation by Xerox ®Device Manager and should cause little if any extra network bandwidth loading for the customer’s IT network. Both configurations use standard HTTPS port443 on an inbound to Xerox ®Device Manager basis. The listof commands available to an Xerox ®Services Manager accountmanager to requestis the following: l Get Device Status – obtains the currentstatus of a device. l Reboot Device – stops and restarts a device. l Troubleshoot Device – pings a device and retrieves its status. l Upgrade Device – updates the device to a newer software release version. l Start Managing Device – sets the status of the selected device to the managed state. When a device is in the managed state, device data, such as meter readings and alerts, are sentto the application. l Print Test Page – initiates a testprintjob on a device. Xerox®Device Manager can disable access to each of the Xerox ®Services Manager remote commands during setup of the Xerox ®Device Manager Xerox ®Services Manager Configuration. This includes Device Remote Commands as well as Remote Configuration commands. Remote Configuration The listof commands available to an Xerox ®Services Manager AccountManager to requestis the following: Device Discovery Xerox®Services Manager can issue a request for a specific IP Sweep dis- covery, which can include individual IP addresses, IP address ranges, and lists of subnets. The definition for the IP Sweep specified by Xerox ®Services Man- ager is stored within Xerox ®Device Manager locally within its built-in Xerox Services Manager Sweep. Using the results of this sweep, Xerox® Device Man- ager will automatically upload any new discovered device information and a results summary, so that the Xerox ®Services Manager account manager can review it. Rediscovery You can configure the Rediscovery within Xerox ®Device Manager from Xer- ox® Services Manager. This discovery method refreshes all the printer inform- ation for each device known by Xerox ®Device Manager. You can configure the time when this discovery runs, the number of retries, and the timeout period. Xerox®Device Manager Certification Guide Xerox Confidential 25674 of 1132 679 Security Data Export Within Xerox ®Services Manager, you can configure when the managed and unmanaged devices are exported to Xerox ®Services Manager. You can change these settings for each Xerox ®Device Manager server found in an account from Device Manager>Data Export page. Network Settings You can use Xerox ®Services Manager to change the following key settings within Xerox® Device Manager: the default number of retries and timeout, how often to retrieve status from both managed and unmanaged devices, and the SNMP set and get community strings names that are used when com- municating to a device. Unlink and Delete Device You can use Xerox ®Services Manager to unlink and delete a device from the Xerox®Device Manager database. In this way, you can remove a device from the Xerox ®Device Manager database so that it is not reported to Xerox® Ser- vices Manager. If the device is rediscovered, it will be added back into the Xerox®Device Manager database resent back to Xerox ®Services Manager. Xerox®Services Manager-Initiated Remote Configuration Additional Administration Capabilities Xerox® Device Manager Circuit Breaker ConfigurationSettings Any (and all) of the Xerox ®Device Manager related net-based functions can be quickly disabled without application reconfiguration via the Admin > Network> Network Usage Configuration > Application Wide Network Traffic Switch dialog. This feature makes iteasy to switch off network traffic generated by Xerox®Device Manager during troubleshooting or evaluation. Xerox®Device Manager Certification Guide Xerox Confidential 26675 of 1132 680 Xerox®Device Manager Certification Guide Xerox Confidential 27676 of 1132 681 Xerox® Device Manager Logs Xerox®Device Manager Logs Action Log This log enables you to view all actions thatoccur during administration of the application. Itcan be used to track unauthorized changes to the application or to provide a process log of activity. The log displays the Category and Subcategory where the activity was performed, the user who performed the activity and the time and date of the activity are shown. Audit Log This page enables the user to view a log thattracks changes made to critical areas of the Xerox ®Device Manager server application. The Auditlog tracks who made the changes, as well as whatwas changed. Critical areas include Discovery Setups, Xerox ®Services Manager settings, Discovery exclusions, and Status polling configuration. An additional setof auditlogs (XDM AuditLog) is available through the Windows EventViewer. These logs allow users to ascertain the security level being maintained, and they provide forensics data in case of a security issue. The XDM AuditLog is in XML formatand contains EventIDs thatreflectthe source of the logged event/function. E-mail Log This page enables the user to view all E-Mails sentoutby the Xerox ®Device Manager application. The Log contains information pertaining to the recipients of the email, the date and time of email, the subject, the application source, and the email message body. Event Log This page enables the user to view the printserver’s eventlog, particularly informational and error messages. The type of event, date, source, category, and identity information is shown. Click Refresh to update the information on this page. Xerox®Device Manager Certification Guide Xerox Confidential 28677 of 1132 682 Xerox®Device Manager Certification Guide Xerox Confidential 29678 of 1132 683 Systems Infrastructure Systems Infrastructure Network Ports Used by Xerox ®Device Manager Xerox®Device Manager relies on a number of TCP/IP network ports, all predefined by the Windows ® operating system as defaults to perform its activities. A table of Xerox ®Device Manager features, network protocols, and ports with the data direction (related to the Xerox ®Device Manager server) is defined below. Xerox® Device Manager Feature/Function Protocol Port Number Used Data Direction Xerox® Device Manager Web page queries Job accounting data Auto Driver Download Cloning Wizard Scan Template configuration set transfer Troubleshoot Xerox® Print Agent Communications Configuration Sets HTTP 80 but could be altered via IIS Administration Incoming/Outgoing Secure Xerox® Device Manager Web page queries Secure Xerox® Device Manager-to-Hosted data transfer Upgrading Android Tablets HTTPS 443 Incoming/Outgoing Receive unsolicited printer status notifications SNMP v1 Trap 162 Incoming Network printer discovery using Novell® Server queries via IPX SAP 452 Incoming Network printer discovery Retrieval of capabilities, status & usage coun- ters Single device configuration Configuration sets SNMP V1, V3 SNMP V1, V3 161 but could vary depending upon OS port allocation 161 Outgoing/Incoming Incoming/Outgoing E-mail alerts SMTP 25 Outgoing Printer discovery via Managed Server/Active Directory Queue-based operations/diagnostics Locally-Connected Printer discovery Data synchronization RPC 135 Outgoing Retrieval of computer properties WMI over RPC 135 + random port Outgoing Network printer discovery for non-SNMP- enabled printers IPP 631 Outgoing Add/Delete Directory Scan Service Configuration Set Active Directory Customer Import Customer Group Configurations LDAP 389 Outgoing Troubleshoot – Print Test Page Printer Firmware Upgrade TCP/IP 515, 9100, 2000, 2105 Outgoing Xerox®Device Manager Certification Guide Xerox Confidential 30679 of 1132 684 Systems Infrastructure Xerox® Device Manager Feature/Function Protocol Port Number Used Data Direction Managed Print Server Xerox® Print Agent operations Computer property queries NetBIOS 137, 139 Outgoing Xerox®Print Agent operations SMB 445 Outgoing Xerox® Print Agent communications WCF 23900 Outgoing Network Printer Discovery Troubleshoot / [Test] PING / CMP none Outgoing Hard coded for Remote Discovery TCP 8105 Internal Xerox ®Device Manager uses to com- municate with Sched- uler Scheduler (Changeable string entry in the registry) TCP 8085 Internal Xerox ®Device Manager uses to com- municate with Sched- uler Reverse DNS Lookup of discovered devices DNS 53 Outgoing Ports and Protocols Used by Xerox ®Device Manager Note:Some customer environments may restrictthe routing of ICMP packets across routers using an access control listto avoid denial of service attacks and worms (e.g., Nachi) from impacting their network. As a result, the following Xerox ®Device Manager features will be adversely impacted: l TroubleshootPrinters wizard l Troubleshootwithin Printers device view l Add Printer within Printers device view l IP Domain Scan for computers within the Discovery Administration tab l Add Server within Queues device view Windows®Services Utilized by Xerox ®Device Manager The following Windows-based services are partof or are used by the Xerox ®Device Manager application: l InternetInformation Service (IIS) l Windows®PrintSpooler l Remote Procedure Calls l Windows®ManagementInstrumentation (for detailed computer information) l SQL Server ®Service The following services are partof the Xerox ®Device Manager application. These services will automatically startwhen the system boots and will restartif stopped: l Xerox Discovery Service (device discovery and identification and SNMP trap monitoring) l Xerox Scheduler Service (automatic and scheduled background tasks, e.g. device polling, discovery) General Discovery Considerations The Discovery function allows Xerox® Device Manager to search for network printers on the customer’s intranet. Device discovery is a crucial partof the Xerox® Device Manager application because itis the main method to identify networked and direct-connected devices and store them in the database. Itis a compound operation thatinvolves discovering appropriate network addresses based on the type of discovery configured and the subsequentquerying of those addresses (via SNMP) for device type and Xerox®Device Manager Certification Guide Xerox Confidential 31680 of 1132 685 Systems Infrastructure general configuration information. Since this operation uses the network resource, consider what information you wantto be detected and configure the discovery to achieve this goal with a minimum of network contention. Xerox® Device Manager provides a number of customizable methods to discover devices and various ways to manage discovery to gain the mostinformation with the leastimpactto network bandwidth. ManagingDiscovery The discovery process can be managed in a number of ways. l You can setup discovery to only discover those devices in certain locations. This throttling ability can be used to customize the discovery processes and reduce the amountof network traffic generated by Xer- ox® Device Manager. l You can schedule discoveries to execute during off-hours to reduce impactto network traffic. l You can setup the Xerox® Device Manager server to execute multiple instances of discoveries. Each dis- covery instance can be saved. l You can add exclusions to Xerox® Device Manager to limitor specify the IP subnets and addresses that will notbe probed. l You can control the discovery process by the use of SNMP community name strings to query certain net- work printers over others. l You can retrieve status information since the discovery will provide active status on its progress, the num- ber and types of devices found, and information aboutthe lastscan, including how long ittook to com- plete. l You can establish device timeoutand retry parameters before the discovery occurs to getprintinform- ation from slower network subnets on a WAN. l Xerox® Device Manager can importdiscovery parameters from CSV files, atthe time of creation or when the discovery runs, to eliminate tedious data entry. This importcapability also provides CSV file error handling and duplicate address checking, which reduces the amountof time required to configure Xerox® Device Manager. Printer Rediscovery Xerox® Device Manager also provides a printer rediscovery capability, which will gather information about previously discovered printers. You can schedule rediscovery to query for any changes to only those devices contained within the database (e.g., firmware level, scan-to-e-mail capability, physical memory, etc.). Note:When the initial discovery was an SNMP v3 sweep and the devices are then enabled for v1/v2, if the rediscovery is an SNMP v1 or v2 IP sweep, the devices will notbe discovered. To discover those devices, the user mustfirstclear the devices from the database in Xerox® Device Manager and perform an SNMP v1/v2 IP sweep again. This capability helps when monitoring for device changes and is also used to cutdown on the number of new discoveries needed, thus reducing network bandwidth requirements. Note:As a rule of thumb, each printer thatis discovered may generate as much as 50KB(maximum) of network message traffic including device capabilities, usage counters, and an alerttable. IPSweepDiscovery Operation The IP Sweep Discovery method is the preferred method of accurately discovering printers on a network (see the Alternative Device Discovery Methods section for the other discovery methods available in Xerox ® Device Manager). A packetis sentto every IP address within the user-defined subnetor address range list. These address ranges should be known and provided before running the discovery. Xerox®Device Manager Certification Guide Xerox Confidential 32681 of 1132 686 Systems Infrastructure Specifically: l A single packetis sentto each IP address contained within each subnetor address range defined within the currentIP address for the currentIP Sweep. In this packet, Xerox ®Device Manager requests a value for a single SNMP-based RFC 1213 ObjectIdentifier (OID). l For each device thatresponds to the RFC 1213 OID, Xerox ®Device Manager will add the IP address of the response packetinto its listof live IP addresses. l Xerox®Device Manager then queries those devices with live IP addresses for two more OIDs: one RFC 1213 OID and one RFC 1759 OID. This enables Xerox ®Device Manager to identify printing devices from non-printing devices. Both groups of devices are stored within the Xerox ®Device Manager data- base, however, only printing devices are exposed via the Xerox ®Device Manager UI. l For those printer devices thatrespond to the RFC 1759 OID query, Xerox ®Device Manager flags them as printers. For those devices thatdo notrespond to the RFC 1759 OID query, Xerox ®Device Manager then checks a RFC 1213 OID value againsttwo registry key values to determine if the device is in facta known printer. This is necessary because some printing devices (e.g., printers using external printserver boxes, older printers, etc.) do notsupportRFC 1759 – the Printer MIB. The registry keys contain RFC 1213 values for several known supported and unsupported printers. l Xerox® Device Manager then queries all live IP addresses for three RFC 1213 OIDs and one RFC 1514/2790 OID. l For those devices identified as printers, Xerox® Device Manager queries three more RFC 1514/2790 OIDs and four more RFC 1759 OIDs to obtain some basic attributes of the printer l Based upon the identity of each printing device, Xerox ®Device Manager then queries the appropriate vendor-specific OID and a new OID from the InternetDraftof the Printer MIBin order to obtain the printer’s serial number. l Xerox® Device Manager then queries 3 RFC 1759 OIDs in order to display the printing device’s rated speed in pages per minute units (PPM). l Based upon the identity of each printing device, Xerox ®Device Manager then queries the appropriate vendor-specific OID(s) to obtain the printing device’s software/firmware level. Note:Before implementing the IP Sweep method, the evaluator mustbe supplied with a listof known IP addresses (and subnetranges) to use. By preconfiguring the subnetand IP address information, you can tailor discovery to find or exclude specific subnets or groups of printers. When to Use The IP Sweep Discovery method is the preferred method of accurately discovering printers on a network. Use this method when the clienthas knowledge of the IP subnetaddresses where printers may exist. Network Impact The amountof network traffic generated by a sweep-based discovery is minimized because the requests are directed to specific IP addresses. Accuracy The IP Sweep method produces a controlled and orderly flow of data between the printers and the server, reducing network packetcollisions thatcan introduce errors in the printer information. Xerox®Device Manager Certification Guide Xerox Confidential 33682 of 1132 687 Systems Infrastructure Discovery Network Data Calculations As mentioned earlier, each discovered printer can create as much as 50KBof discovery-based traffic. IP Sweep discovery sweeps all of the addresses in the ranges supplied. Device Discovery DataSet MagnitudesOnTypicalPrinters The amountof data transferred during an operation, such as discovery or status polling, is a function of the device’s capabilities. Measurements made on typical devices show the variability of these parameters. Itis highly unlikely thatany one network would be populated with only one device type. Instead, the typical case is a variety of devices thatare dependentupon the particular needs of individuals or groups on the network. Here are three printer examples to demonstrate the variability in both the amountof collected data and the data transfer rate for typical devices. As we release new and updated machines with increasing functionality, the size of the discovery dataset will also increase. The network traffic volume may be higher for machines and sites with more advanced technology. Machine Model Discovery Historical Data Gathering Status Polling Xerox®WorkCentre®7800 263 KB 15 KB 1.0 KB Xerox®WorkCentre®3315 116 KB 7 KB 1.1 KB VersaLink®7035 133 KB 13 KB 1.2 KB Xerox®Phaser®4622 115 KB 6 KB 1.0 KB AltaLink®C8055 261 KB 8 KB 1.2 KB AltaLink®C8070 180 KB 20 KB 1.3 KB CERT avg 178KB 11 KB 1 KB Typical Device Data You also need to consider the frequency atwhich you will perform these operations. For purposes of this document, the following schedule for device data retrieval and their data setsize will be assumed to be: Operation Type Frequency Average Data Set Size Discovery Weekly 178 KB Historical Data Gathering Never 11 KB Status Polling Hourly 1 KB Xerox®Device Manager Data Gathering Options Itwill be assumed that: l Xerox®Device Manager will discover and monitor 1000 network devices, l Xerox®Device Manager does notperform historical data gathering, l Xerox®Device Manager is configured for communication to a hosted site. Each device discovery data setsize is 178KB, its historical data gathering setsize is 11 KB, and its status polling data setsize is approximately 1 KB. This setof devices is expected to retrieve the following printer-based discovery data over the network each month: l 4 discovery cycles/month x 1000 printers x 178KBytes/printer (Discovery data setsize) is approximately 712MB/month Note:Extended Data Retrieval, when enabled, will increase the amountof data retrieved from a device. Extended Data Retrieval gathers the data related to protocol information (see the Protocol tab on the Xerox®Device Manager Certification Guide Xerox Confidential 34683 of 1132 688 I ----------------+--------[-------------- Systems Infrastructure Device page) on a polling basis for the purposes of reporting changes within the Change History report. The data setsize is less than thatof a full Discovery. Network Impact Considerations of Status Polling Xerox®Device Manager communicates with the printers under managementon a regular basis. Examples include status polling and historical data gathering (scheduled to run atcertain times) and SNMP traps (occurring atrandom times). Each transaction consists of a series of back-and-forth SNMP queries with the device, beginning with an are you there query, then progressively asking for more information (with each device response) until the transaction purpose is complete. Scheduled Communications Calculations Status polling assumptions: l Status polling traffic averages 1 KBper transmission l Status polling occurs every day, once per hour (24x7) l 1,000 printers are being monitored The expected amountof data to be retrieved from this setof devices over the network for printer-based discovery over one month is: 1,000 printers x 24 hours x 30 days x 1 KBytes is approximately .72 GBper month ScheduledStatusRetrievalAndAlertsFeature Xerox®Device Manager restricts the hours of operation when itwill retrieve printer status and alerts polling. By defining a schedule within Xerox ®Device Manager, status retrieval will occur only during certain hours for each week. SNMP Alerts Traffic Calculation An SNMP trap is an unsolicited alertthatnotifies Xerox® Device Manager when a significanteventoccurs on a networkdevice. Traps can occur atany time and have minimal impacton network traffic (packetsize is approximately 1KB). Xerox® Device Manager allows you to configure which events in a device warranttrap notification and supports a feature called IntelligentTrap Reception. You can configure this feature to either perform a status query to the device immediately after receiving a trap, or to collecttraps for 30 seconds before querying the device generating the fault. This 30-second time delay eliminates unnecessary queries to devices, which reduces network traffic. SNMP Trap Assumptions: l IntelligentTrap Reception is setto query immediately after a trap occurs l 1,000 devices are monitored l 20% of the devices generate a trap during one month The calculation for the amountof nettraffic generated during a month of SNMP traps is: (1 KBytes per trap packet+ 15 KBytes per query) x 200 device traps = 3000KBor ≈ 3 MB/mo. Note:With trap supportenabled, you can consider a reduction in the frequency of status polling, which can be a greatbenefitto both the customer network bandwidth considerations as well as proactive device monitoring goals. Xerox®Device Manager Certification Guide Xerox Confidential 35684 of 1132 689 Systems Infrastructure Active Directory ®Customer Import Network Data Calculations Xerox®Device Manager can be configured for periodic synchronization of customer data from Active Directory. You can configure which fields need to be synched. Atthe most, each customer import generates ~2KBof network traffic, which includes data and AD interfaces overhead. Total Xerox ®Device Manager Data Transfer Calculations The nexttwo traffic calculation examples show totals for both a typical and a more exaggerated network data transfer size during a one-month period. Both totals include the use of regularly scheduled discovery, status polling, historical data gathering, and job tracking activities. The firstexample estimates traffic based on the typical sizes of network communications used by Xerox ® Device Manager. This also assumes Xerox ®Device Manager is configured to business hours of 8 hours/day and 21 days/month. Using 178KBfor discovery, 1KBfor non-printers, 1KBfor status polling, and 11KBfor historical data gathering, and 4KBfor Xerox PrintAgent, the network traffic could be as much as follows for the same 1,000 printers in a given month: Discovery total 2 cycles/month x 1,000 printers x 178KBytes /printer = 60,000 KB/month ≈ 356MB/month Discovery traffic to non-print devices during a sweep 2 cycles/month x 1000 IP Address x 1 KBytes/packet= 2,000 KB/month ≈2 MB/month Historical Data Gathering total 21 days/month x 1,000 printers x 11 KBytes/printer = 231,000 KB/month ≈ 231 MB/month Status polling total 21 days/mo x 8 polls/day x 1,000 printers x 1 KBytes/printer = 168,000 KB/month ≈168 MB/month *Job Tracking total 21 days/mo x 15 printjobs/day x 1,000 users x 4 KBytes/job = 1,260,000 KB/month = 1.20 GB/month OVERALL (Typical) TOTAL 356 MB+ 2 MB+ 231 MB+ 168 MB+ 1.20 GB≈ 1.9 GB/month The second calculation is inflated to show an above-the-limits traffic estimate. Itassumes thatevery discovery requires 200 KBof traffic to complete (exceptnon-printer discovery); history requires 20 KB; status requires 10 KB; and thatthe organization is active 30 days per month. Although this situation is extremely unlikely, itdemonstrates the extreme upper limits for a network with 1,000 printdevices being monitored monthly. Xerox®Device Manager Certification Guide Xerox Confidential 36685 of 1132 690 Systems Infrastructure Discovery total 4 cycles/month x 1,000 printers x 200KBytes/printer = 800,000 KB≈ 0.8 GB/month Discovery traffic to non-print devices during a sweep 4 cycles/month x 65,534 IP Address x 1 KBytes/device = 262,136 KB≈ 0.250 GB/month Historical Data Gathering total 30 days/month x 1,000 printers x 20 KBytes/printer = 600,000 KB≈ 0.6 GB/month Status polling total 30 days x 24 polls/day x 1,000 printers x 10 KBytes/printer = 7,200,000 KB/month ≈ 7.2 GB/month *Job Tracking total 30 days x 15 printjobs/day x 1000 users x 7 KBytes/job = 3,150,000 KB/month ≈ 3.0 GB/month AD Customer import total 30 days x 10000 users x 2KBytes/user = 300,000 KB/month ≈ 0.6 GB/month OVERALL (Exaggerated) TOTAL 0.8 GB+ 0.250 GB+ 0.6 GB+ 7.2 GB+ 3.0 GB+ 0.6 GB≈ 12.45 GB/month *Job Tracking calculations shown above are based on legacy Job Tracking Agent(JTA) software. JTA is superseded by Xerox PrintAgent, which may generate higher network traffic depending on whatfeatures are being used. Please refer to the XPA Certification guide for the exactdetails on network traffic generated due to XPA and Xerox® Device Manager communication. Email Data Comparison The following e-mail example can be used as a comparison to the amountof traffic generated by Xerox® Device Manager. Assume an average size of 3 KB(essentially text-only) with 1,000 employees using e-mail 20 times per day every business day a month. E-mail Data - Assuming 3KB average size 21 days/month x 20 e-mails/person x 3 KBytes/e-mail x 1,000 person = 1,260,000 KB/month ≈ 1.20 GBof E- mail Data/month The example above is based on text-only e-mails and demonstrates the lower end of traffic. Itdoes not include any attachments to e-mail traffic thatare typical. Therefore, the above estimate could be an order of magnitude less than whatcould be experienced on the same 1,000-employee network thatincludes attachments. The following e-mail example contains the same calculation based on a size of 30 KB (assuming a 27KBattachment). Xerox®Device Manager Certification Guide Xerox Confidential 37686 of 1132 691 Systems Infrastructure E-mail Data - Assuming 30KB average size 21 days/mo. x 20 e-mails/person x 30 KBytes/e-mail x 1,000 person = 12,600,000 KB/month ≈ 12 GBE-mail data/month Note:Although itis difficultto accurately determine the amountof network traffic generated and consumed by an application like Xerox® Device Manager (and/or e-mail) with all of its options and activity, the above comparison proposes thatthe Xerox® Device Manager data created and transferred across the network is significantly lower than thatcreated and consumed by even a conservative e-mail implementation. Production Device Job Data Transfer For production-based devices, Xerox ®Device Manager retrieves job data for accounting purposes using IPP. This table shows the approximate amountof data transferred per job: Machine Model Job Data Xerox®Nuvera®144 CP 1.76 KB/job Xerox®Nuvera®144 EA 1.70 KB/job Xerox®iGen 2.38 KB/job Average 1.92 KB/job Xerox®Device Manager Data Gathering Options Note:When you wantto pull data on any new jobs, you mustyou clear all the previous jobs first. Otherwise, Xerox®Device Manager will pull all the jobs from a device thatitpolled before and notimportthem. Xerox®Device Manager Certification Guide Xerox Confidential 38687 of 1132 692 Xerox®Device Manager Certification Guide Xerox Confidential 39688 of 1132 693 Integrations with Xerox® Services Manager and the Hosted Deployment Model Integrations with Xerox ®Services Manager and the Hos- ted Deployment Model When Xerox ®Device Manager is used in conjunction Xerox® Services Manager, multiple Xerox ®Device Manager servers can be employed to discover and monitor printers. The Xerox ®Device Manager servers transfer the associated printer information to the Xerox ®Services Manager module, which will store itin the SQL ®server database and track the devices as assets. The assetinformation can then be mined and displayed through the use of the Xerox ®ReportManager. As partof Xerox ®Services Manager, you can use alerts to create and track incidents generated by the devices. In order to keep all of the elements within the suite informed, the applications transfer commands, data and status between them. The Hosted Services deploymentmodel (similar to Figure 1) is shown again below for reference. The paragraphs following the diagram outline the types, sizes, and frequency of the information passed between the applications. MPS (Hosted) Configuration Xerox®Device Manager to Xerox ®Services Manager Interactions Xerox®Device Manager when configured to communicate with a Xerox ®Services Manager server, does so through secure Web services (using HTTPS). Note: The communication between Xerox ®Device Manager and Xerox ®Services Manager utilizes TLS 1.2 and AES-256 bitcipher suite. The public key certificate is RSA 2048 bit. Xerox®Device Manager Certification Guide Xerox Confidential 40689 of 1132 694 r, Prirnte r Jn fmno tiGn sent to xemx Sffl.ii;.es Mong ger !f"M'!mlf • O..i« ldontm.,. copcm11,u ... s..v- M-. • U,ogo eo.nt.n ConstJmm!Has • ~s: Devia! Ccnf,gurGllon HTTPS- pcrtl,4,3 JiJ,;rtDl,tKtiOt,~ul,;o Rannat. D..ic.a C~ Remote Di,w;"'Y Cooll g..- Remate X..... O..,;c,,ct M°"""' C..,lig-mom lnternd C....,,,_Fir.- Pd □w Alc!l Infprmgtjqp sw IP Xcw:! Secvices Maoo ger C.,r,.,,tAJ- x.,,,_. Or,u Ma""'9"' Server Status Sto1,...,Foi,,ll;H- R,mote c.orr...r.t R,oik Centrally Hosted (ISO 27001 Certified) D --iOO<P"'1ai t D >:..m• Sarria,, ~r l / l] ___ Integrations with Xerox® Services Manager and the Hosted Deployment Model WebServicesSecurity With MPS The security of this communication method is protected by several mechanisms. l The Xerox ®Device Manager administrator mustacquire both a valid Xerox ®Services Manager URL and a valid Xerox® Services Manager accountID from the Xerox ®Services Manager administrator. l The Xerox ®Device Manager administrator mustthen use Xerox ®Device Manager to requestregis- tration with Xerox® Services Manager. l The Xerox ®Services Manager administrator mustthen acceptthe registration from Xerox ®Device Man- ager. l Xerox®Device Manager, when configured to communicate with a Xerox ®Services Manager server, does so through secure Web services (using HTTPS). l Xerox®Device Manager initiates all contactwith Xerox ®Services Manager. WebServicesDataInteractionsWith MPS l The types of information thatare exchanged between Xerox ®Device Manager and Xerox® Services Manager include assetexistence and identification, device usage, configuration, capabilities, customers, chargeback codes, job accounting data, policy log data, and remote commands. These numbers are for the data thatis transmitted and do notinclude any extra data size created when sending the SOAP mes- sage. l Xerox®Device Manager-specific configuration data pulls from the Auto Update Server, which, like Xerox®Services Manager, is also a secure Xerox MPS-hosted server. The configuration data includes firmware upgrade enablement, synthetic alertconfiguration, and protocol configuration setenable- ment. Xerox®Device Manager registration is required to initialize or pair Xerox ®Device Managers with Xerox ® Services Manager for a given account: l Data contentincludes accountID and Xerox ®Device Manager ID. l Data size is negligible ( <2KB). l Frequency is typically once when Xerox ®Device Manager is firstinstalled and then every time a new group or category needs to be mapped for alerts (very infrequent). Once the Xerox ®Device Manager site has been accepted, the export/importsettings are created. You can schedule to have the data senton a regular basis: l Data contentincludes Xerox ®Services Manager sweep settings, rediscovery settings, data exportset- tings, SNMP community strings, SNMP timeout, and retries. l Data size depends on the setting defined in the Xerox ®Services Manager Sweep butwill be ~2 KBata minimum and can grow to be more than 9 KB. l The importwill occur every day atmidnightwithoutany user intervention. ReportApplication Status occurs once the Xerox ®Device Manager site has been accepted and can also be initiated from the Xerox ®Services Manager page: l Data contentincludes site information and server information including IP address, memory, hard drive size, and critical services. l Data size is ~ 3 KB. l Frequency is configurable and the defaultis every 60 minutes. Exportof printer information can be configured for both managed and unmanaged devices: l Data contentincludes all fields thathave been enabled for exportand by defaultall data is exported. l Data size is ~35 KBper 100 devices. l Managed devices can be exported every hour, butunmanaged devices can only be exported every day. Note: When Xerox ®Device Manager is connected to hosted Xerox ®Services Manager, exporttime is lim- ited to every 6 hours. Xerox®Device Manager Certification Guide Xerox Confidential 41690 of 1132 695 Integrations with Xerox® Services Manager and the Hosted Deployment Model Poll for Remote Commands: Periodically, Xerox ®Device Manager will query Xerox ®Services Manager if there are any remote commands to execute. Remote commands can be requests for status or rebootfor example. When Remote Alerts are sent, they will come down as a Remote Command. l Data contentwill be a No-Op if there are no commands to execute. If there is a command to execute, then the information aboutthe Remote Command will be sent. l Data size depends on the command and number of commands. - For a troubleshootDevice command the response will be 9 KB - If an Upgrade Device command is queued, Xerox ®Device Manager will also retrieve the firmware file from the Xerox® Services Manager. Firmware files can be more than 100 MB. Frequency is configurable and by defaultis setto five minutes. Job Accounting Data: This data is reported by Xerox ®Device Manager to Xerox ®Services Manager, and can be configured for managed and unmanaged devices. l Data contentincludes all fields thathave been enabled for export, and by defaultonly the selected fields are exported. l Data size is ~1 KBper job. Customers and Chargeback Codes: This data exchange depends on whether synchronization is enabled within Xerox ®Device Manager. If synchronization is enabled, customer data will be periodically pulled down to Xerox ®Device Manager from Xerox ®Services Manager. Also, if Active Directory ®or CSV file Customer Importis configured, Customer and chargeback code information will be periodically exported directly to Xerox ®Services Manager through Xerox ®Device Manager. l For each customer, depending upon number of fields, Xerox® Services Manager upload data size can be on average ~1KB. l For each customer, depending upon number of fields, Xerox® Services Manager download data size can be on average ~1KB. PrintPolicy Log Data: This data exchange is from Xerox ®Device Manager to Xerox ®Services Manager. Policy logs are collected by Xerox® Device Manager for each policy violation againsta printjob document. l For each policy log, the average data size is ~1KB. Xerox®Device Manager Certification Guide Xerox Confidential 42691 of 1132 696 Alternative Device Discover Methods Alternative Device Discover Methods IP Easy Discovery Operation The IP Easy Discovery feature provides printer discovery with minimum user intervention. Itconsolidates the existing mechanisms of IP SubnetScan, described below, and IP Sweep, described above, into a single, easy-to-use process. With this method, device discovery will be driven by the subnetinformation stored in the customer’s network routers. When to Use The IP Easy Discovery method is a useful way to discover IP subnets on a network if you do nothave first- hand knowledge of the company’s IP subnetinfrastructure. Network Impact Before running this discovery, itmay be necessary to exclude sensitive addresses from the discovery process. This is particularly importantwhen scanning all subnets within a firewall. Accuracy The IP Easy Discovery method is particularly useful in those environments thatare open in terms of unrestricted subnets and whose routers have been enabled to pass SNMP queries. As the amountof network restrictions is increased, the less effective this approach tends to be. IP Broadcast Operation A single packetis broadcastto every subnetdefined within discovery’s subnetlistspecification. Specifically: l In this packet, Xerox ®Device Manager requests a value for a single SNMP-based RFC 1213. l For each device thatresponds to the RFC 1213 MIBOID, Xerox® Device Manager will add the IP address of the response packetinto its listof live IP addresses. l Xerox®Device Manager then queries those devices with live IP addresses for two more OIDs; one from RFC 1213 and one from RFC 1759. This enables Xerox ®Device Manager to identify printing devices from non-printing devices. Both groups of devices are stored within the Xerox ®Device Manager data- base; however, only printing devices are exposed via the Xerox ®Device Manager UI. l For those printer devices thatrespond to the RFC 1759 OID query, Xerox ®Device Manager flags them as printers. l For those devices thatdo notrespond to the RFC 1759 OID query, Xerox ®Device Manager then checks a RFC 1213 OID value againsttwo registry key values to determine if the device is in facta known printer. This is necessary because some printing devices (e.g., printers using external printserver boxes, older printers, etc.) do notsupportRFC 1759 – the Printer MIB. l The registry keys contain RFC 1213 values for several known supported and unsupported printers. Xerox®Device Manager Certification Guide Xerox Confidential 43692 of 1132 697 Alternative Device Discover Methods l Xerox®Device Manager then queries all live IP addresses for four additional OIDs; three RFC 1213 OIDs and one RFC 1514 /2790 OID. l For those devices identified as printers, Xerox ®Device Manager queries three more RFC 1514/2790 OID and four more RFC 1759 OIDs to obtain some basic attributes of the printer. l Based upon the identity of each printing device, Xerox ®Device Manager then queries the appropriate vendor-specific OID and a new OID from the InternetDraftof the Printer MIBin order to obtain the printer’s serial number. l Xerox®Device Manager then queries three RFC 1759 OIDs in order to display the printing device’s rated speed in pages per minute units (PPM). l Based upon the identity of each printing device, Xerox ®Device Manager then queries the appropriate vendor-specific OID(s) to obtain the printing device’s software/firmware level. When to Use The IP BroadcastDiscovery method can be used as a quick and easy method of populating the Xerox ® Device Manager database. In order to populate the Xerox ®Device Manager database with an initial setof printers, Xerox ®Device Manager performs this broadcaston its local subnetthe firsttime the application is started after installation. Network Impact A sharp spike in network traffic usually occurs when these devices respond all atonce—creating packet collisions. Accuracy This discovery method is considered to be a less reliable way of discovering printers because packet collisions are likely to occur when all of the devices on a subnetrespond to the single broadcast simultaneously. As a resultof these collisions, some data may be lostfrom those printing devices attempting to respond to the initial broadcastpacket. IP ARP Cache Discovery Operation A table, usually called the ARP Cache, is implemented on all network routers and maintains a mapping between all of the devices (in its subnet) physical addresses (MAC) and assigned IP addresses. The ARP Cache Table is exposed via SNMP; therefore, Xerox® Device Manager can query itto find live addresses thatcan subsequently be queried to find printers. Specifically: l An SNMP-based broadcastpacketis sentoutto the local subnet. In this packet, Xerox® Device Man- ager requests a single RFC 1213 OID thatituses to identify routers from the listof responses received. l Devices thatdo nothave an SNMP agentcurrently running will notrespond to this SNMP-based broad- castpacket. l Itis importantto note thatthe SNMP-based broadcastpacketis only sentto the local subnet. Beyond the local subnet(hop count>0), only directSNMP queries are made to known IP addresses. l Xerox® Device Manager will then create two lists based upon all responses received on the local subnet: l A listof live, non-router-related IP addresses l A listof devices identified as routers Xerox®Device Manager Certification Guide Xerox Confidential 44693 of 1132 698 Alternative Device Discover Methods l If the hop countwithin the ARP Cache configuration page was setto 0, the address generation portion of discovery would stop atthis pointand Xerox® Device Manager would then begin to query each IP address for printer information. l If the hop countwithin the ARP Cache configuration page is greater than 0 for those devices identified as routers, Xerox® Device Manager performs an SNMP Get-Table operation on each router’s MIBver- sion of the ARP Cache. This is done to build the listof live IP addresses thatexistbeyond the local sub- net. l For each IP address retrieved from a router’s MIB-based ARP Cache, Xerox® Device Manager then per- forms the same SNMP query for an RFC 1213 OID. Again, Xerox® Device Manager is looking for those IP addresses thatrepresentrouter devices. Similar algorithms apply as before: l Those devices thatdo nothave an SNMP agentcurrently running will notrespond to this SNMP OID query. Therefore, Xerox® Device Manager will remove the IP addresses of such devices from the listof live IP addresses. l The IP addresses for non-router-related devices thatrespond to the SNMP OID query will then be flagged with an appropriate hop count. l The process of querying routers and MIB-based ARP Cache entries to identify live IP addresses continues until either the user-defined number of hops has been reached or when the MIB-based ARP Cache quer- ies no longer yield new IP addresses. Atthis point, the address generation portion of the SNMP-based ARP Cache discovery operation is complete. l The printer-related data gathering process begins in parallel with the live IP address gathering process once the listof live IP addresses begins to accumulate addresses. l A single packetis sentto each live IP address discovered during the SNMP-based ARP Cache queries. In this packet, Xerox® Device Manager requests a value for a single SNMP-based RFC 1213 OID. l For each device thatresponds to the RFC 1213 OID query, Xerox® Device Manager will save the value returned as the device’s MAC address. l Xerox® Device Manager then queries those devices with live IP addresses for two more OIDs; one from RFC 1213 and one from RFC 1759. This enables Xerox® Device Manager to identify printing devices from non-printing devices. Both groups of devices are stored within the Xerox® Device Manager data- base; however, only printing devices are exposed via the Xerox® Device Manager UI. l For those printer devices thatrespond to the RFC 1759 query, Xerox® Device Manager flags them as printers. l For those devices thatdo notrespond to the RFC 1759 OID query, Xerox® Device Manager then checks the RFC 1213 OID value againsttwo registry key values to determine if the device is in facta known printer. This is necessary because some printing devices (e.g., printers using external printserver boxes, older printers, etc.) do notsupportRFC 1759 – the Printer MIB. l The registry keys contain a comma separated listof RFC 1213 OID values for several known supported and unsupported printers. l Xerox® Device Manager then queries all live IP addresses for three RFC 1213 OIDs and one RFC 1514/2790 OID. l For those devices identified as printers, Xerox® Device Manager queries three more RFC 1514/2790 OIDs and four more RFC 1759 OIDs to obtain some basic attributes of the printer. l Based upon the identity of each printing device, Xerox® Device Manager then queries the appropriate vendor-specific OID and a new OID from the InternetDraftof the Printer MIBin order to obtain the printer’s serial number. l Xerox® Device Manager then queries three RFC 1759 OIDs in order to display the printing device’s rated speed in pages per minute units. l Based upon the identity of each printing device, Xerox® Device Manager then queries the appropriate vendor-specific OID(s) to obtain the printing device’s software/firmware level. Xerox®Device Manager Certification Guide Xerox Confidential 45694 of 1132 699 Alternative Device Discover Methods When to Use Like the IP Broadcast, itis a good method for obtaining a quick collection of printers on a network. For the ARP Cache discovery method to be effective, itshould be run during business hours in order to increase the success rate for finding live IP addresses. Network Impact The amountof traffic generated by the SNMP-based ARP Cache discovery is less than a Sweep discovery because the requests are directed to only live, known IP addresses instead of every possible address within the subnet/address range. Typically, the impactto the network is barely noticeable although a steady stream of packets can be seen. Also, router usage-related logs may grow in size due to this discovery method. Accuracy Because itis based on dynamic router information, the ARP Cache discovery method is notas reliable as the SNMP Sweep method and mustbe used more frequently than the IP Sweep. IP Sweep Operation SNMP Sweep Discovery sends a packetto every IP address in the user-defined subnetor address range list to generate a comprehensive listof devices responding atthe endpoints. Note:Routers can block or disable the ability to answer SNMP requests on some printers. When discovering computers, you can selectwhether or notto use WMI queries through RPC communication to computers thatdo notrespond to ICMP pings. If notenabled (setby default), those computers thatdo notrespond to an ICMP ping are considered “disconnected” and the discovery method moves on. Routers can block the ability to answer ICMP Ping requests or disabled atthe computer. By adding the WMI interface to the Discovery method, more computers are found, butatthe possible costof additional network traffic due to the WMI RPC calls When to Use The SNMP Sweep Discovery method (IP Sweep) is the preferred method of accurately discovering printers on a network. Itshould be run during business hours in order to increase the success rate for finding live IP addresses. Network Impact The amountof network traffic generated by a sweep-based discovery is minimized because the requests are directed to specific IP addresses defined by the user. Specific blocks can be included or excluded to reduce network traffic. With IP Sweep Discovery, you can add the InternetPrinting Protocol (IPP) as a last resortduring device querying, in the eventthatthe device fails to respond to SNMP v1/v2 queries. By selecting this option, the Discovery process may experience significantdelay in completing the sweep operation, and could introduce additional network traffic. Xerox®Device Manager Certification Guide Xerox Confidential 46695 of 1132 700 Alternative Device Discover Methods Accuracy The SNMP Sweep Discovery method (IP Sweep) offers results in a more controlled and orderly flow of data between printers and Xerox ®Device Manager (unlike the Broadcastmethod). SNMP V3 IP Sweep Operation The SNMP V3 Discovery method allows multiple SNMP V3 devices to be discovered atone time. You can setup a discovery method and importa csv file of device addresses, subnets, or ranges with the V3 credentials. You can schedule device discovery so thatnew devices added to the network with the same credentials are automatically added to Xerox ®Device Manager. SNMP V3 is the mostsecure; ttuses authentication and encryption to provide enhanced security over whatis supplied by SNMP V1/V2. When to Use Run SNMP V3 IP Sweep during business hours in order to increase the success rate for finding live IP addresses. Network Impact The amountof network traffic generated by a sweep-based discovery is minimized because the requests are directed to specific IP addresses defined by the user. Specific blocks can be included or excluded to reduce network traffic. Accuracy The SNMP V3 Sweep: l Is the mostreliable method of finding devices l IP Address ranges are sweptusing SNMP V3 only l The SNMP V3 Discovery method allows multiple SNMP V3 devices to be discovered atone time. Subnet Scan Operation Although this discovery method does notfind printers, IP SubnetScan finds the subnets thatare available for printer discovery. The IP subnets found during this discovery method are made available to the IP Broadcastand the IP Sweep discovery methods. Specifically: l The listof known subnets is cleared. l An SNMP-based broadcastpacketis initially sentoutto the local subnet. In this packet, Xerox® Device Manager requests a single RFC 1213 OID which ituses to identify routers from the listof responses received. - Only those devices thathave SNMP agents currently running will respond to this broadcastpacket. Xerox®Device Manager Certification Guide Xerox Confidential 47696 of 1132 701 Alternative Device Discover Methods - Itis importantto note thatthe SNMP-based broadcastpacketis only sentto the local subnet. Beyond the local subnet(hop count>0), only directSNMP queries are made to known IP addresses. l Xerox® Device Manager will then create two lists based upon all responses received on the local subnet: - A listof live, non-router-related IP addresses - A listof devices identified as routers l If the hop countwithin the IP SubnetScan configuration page was setto 0, the address generation por- tion of discovery would stop atthis point. l If the hop countwithin the IP SubnetScan configuration page is greater than 0 for those devices iden- tified as routers, Xerox® Device Manager will then perform an SNMP Get-Table operation on each router’s MIBversion of the ARP Cache. This is done to continue to populate the router listand the live IP address list. l For each IP address retrieved from a router’s MIB-based ARP Cache, the Xerox® Device Manager applic- ation then performs the same SNMP query for an RFC 1213 OID. Again, Xerox® Device Manager is look- ing for those IP addresses thatrepresentrouter devices. The same algorithms apply as before with just one modification: - Those devices thatdo nothave an SNMP agentcurrently running will notrespond to this SNMP OID query. Therefore, Xerox® Device Manager will remove the IP addresses of such devices from the list of live IP addresses. - Xerox® Device Manager then determines whether the new IP address fits within the known listof sub- nets. l If the IP address is from a known IP subnet, Xerox® Device Manager moves to the nextIP address within the listof live IP addresses. l If the IP address is notfrom one of the known IP subnets, Xerox® Device Manager will use thatIP address to determine its subnetmask by performing an SNMP query to a single RFC 1213 OID. From this data, Xerox® Device Manager calculates the subnetaddress and then adds this new subnetto the listof known subnets. l The process of querying routers and MIB-based ARP Cache entries to identify IP subnets continues until either the user-defined number of hops has been reached or when the MIB-based ARP Cache queries no longer yield new IP addresses. Atthis point, the IP SubnetScan discovery operation is complete. When to Use The IP SubnetScan discovery method is a useful way to discover subnets on a network if you don’thave first-hand knowledge of the company’s IP infrastructure. However, this scan technique can take a long time to complete due to its thoroughness. Network Impact The amountof traffic generated by an IP subnetbased discovery is less than the ARP cache discovery method described above. Accuracy This discovery method is only as accurate as the ARP Cache maintained by network routers. Furthermore, the number of IP subnets thatcan be detected is dependentupon the SNMP community names used by routers thatare configured within the Administration>Discovery>SNMPv1/v2 page. If a SNMP community name used by a network router is notknown to Xerox® Device Manager, those subnets will notbe detected by this discovery method. Xerox®Device Manager Certification Guide Xerox Confidential 48697 of 1132 702 Alternative Device Discover Methods IPX Network Scan Discovery Operation The IPX Network Discovery mechanism uses the Service AdvertisementProtocol (SAP) to find NetWare® servers and IPX networks by querying routers for attached IPX subnets. This method is notused to find printers, butrather the NetWare® components (NetWare® servers and networks) thatknow where IPX networked printers are located. The results of this scan are returned and displayed on the IPX Servers and IPX Addresses Discovery configuration pages, making iteasier to configure information for these methods (discussed below). The results also appear on the page in the servers and networks found in LastScan section. Specifically: l An SAP broadcastpacketis sentto the local sub-network. This packetis a type 4-based (servers only) SAP broadcastpacketthatis used to obtain a listof all available Novell® NetWare® servers connected to the local sub-network. l Novell® NetWare® servers maintain a complete listof NetWare® servers and each server’s cor- responding internal IPX network number. l Each Novell® NetWare® server connected to the local sub-network will respond to the SAP broadcast with its listof known NetWare® servers and corresponding internal IPX network numbers. l Xerox® Device Manager then queries each internal IPX network number received for its corresponding external IPX network number using SNMP and a Novell®-unique OID - The external network number is used for display purposes only. Mostprintvendors’configuration pages display the external IPX network number thatthe printer is using instead of the internal IPX network number. Therefore, to ensure thatthe IPX address information obtained from a printer can be used by the Xerox® Device Manager application, the external IPX network number is displayed. - Xerox® Device Manager uses the IPX internal network number when communicating with servers and printers. l The external IPX network number operation continues until all internal IPX network numbers have been queried. The data obtained by this discovery method is made available to the IPX Servers and the IPX Addresses dis- covery methods discussed below. When to Use IPX Network Scan is useful when you do notknow all of the IPX networks and server combinations atyour site. Network Impact The amountof traffic generated by an IPX network scan discovery is very light, and itis extremely quick when compared with other Xerox® Device Manager discovery methods. This is because only an initial SAP broadcastpacketis transmitted over the network followed by an SNMP packetfor each NetWare® server thatresponded to the SAP broadcastpacket. However, itis the broadcastof SAP packets thatcreates a fair amountof network traffic, depending upon the number of Novell® NetWare® servers connected to the network and whether routers are configured to pass SAP broadcasts. Xerox®Device Manager Certification Guide Xerox Confidential 49698 of 1132 703 Alternative Device Discover Methods Accuracy This discovery method is very good atdetecting NetWare® servers connected to the network. However, it is only marginally successful atdetecting the corresponding IPX Network Address of those servers. IPX Network Scan provides accurate information, so thatyou do nothave to know all of the IPX networks and server combinations atyour site, which makes the configuration process more efficientand improves overall discovery results. Notes: l A Novell ®server mustbe presenton the local subnetor atleastbe reachable via SAP broadcastacross a router; otherwise, Xerox® Device Manager will notbe able to discover printers running the IPX protocol. l If an accountdoes notallow SAP Broadcastpackets to traverse their routers, a complete listof Novell® NetWare® servers will be more difficultto obtain. In this case, knowledge of the network topology will be required. Use the IPX Server Discovery method discussed below and manually add the IPX server name in the servers for Printer Discovery>Specify NetWare® Server tile. l If the network topology is known and there are a large number of NetWare® servers to import, an Xer- ox® Device Manager utility is provided to importthose from a listfile. Browse to C:\Program Files\Xer- ox\Xerox Device Manager\DBscripts for a program named DiscoDBui. l Use dynamic groups to automatically identify printers running the IPX protocol l Printers running the IPX protocol typically perform an SAP broadcastto announce its presence when con- necting to a network segment. Any Novell® NetWare® server thatis connected to the same network segmentwill detectthis SAP broadcastand will update its SAP table accordingly. This SAP table is very similar in conceptto the routers ARP Cache. l The Xerox® Device Manager application’s configurable timeoutvalue will impactthe performance of IPX-based communications. (e.g., IPX SAP, IPX NCP, IPX SNMP, etc.) Therefore, only adjustthis value if known IPX-based printers do notappear within the Xerox® Device Manager database. IPX Server Discovery Operation As described above, NetWare® uses the Service Advertising Protocol (SAP) which allows file servers, print servers and application servers to advertise their services and addresses. Xerox® Device Manager broadcasts an SAP packetacross the network and these servers respond with the information aboutthem. Specifically, Xerox® Device Manager: l Creates a NetWare® Core Protocol (NCP) connection with the Novell® NetWare® Server in order to establish communication. l Queries the Novell® NetWare® server’s SAP tables for printers with a particular SAP type ID. This ID is unique to each printer vendor (e.g. Xerox = 1900h, Tektronix = 0535h, etc.) l The Novell® NetWare® Server will then respond with a single device whose SAP type ID matches the requested Xerox® Device Manager printer ID. The data contained within this response includes the printer’s IPX network number and node address. l The device’s address is added to the listof live IPX device addresses. l Xerox® Device Manager then sends another NCP requestto the Novell® NetWare® server to getthe nextdevice whose SAP type ID matches the requested Xerox® Device Manager printer ID. The Nov- ell® NetWare® server’s response is processed as described previously. l This request/response process continues until all devices for each SAP ID have been retrieved. This scan operation is very similar in conceptto an SNMP Get-Nextoperation performed on a printer. (i.e., An MIB Xerox®Device Manager Certification Guide Xerox Confidential 50699 of 1132 704 Alternative Device Discover Methods browser continues to receive responses to the GET-NEXT PDU until an SNMP error is received indicating thatthe printer has reached the end of its supported MIBobjects.) l Atthis point, Xerox® Device Manager has a complete listof IPX-based printers thatare communicating with the currentNovell® NetWare® server When to Use Use this method after performing an IPX Network Scan to determine Novell® server address information. Network Impact We expectminimal impacts to the because directqueries are restricted to known servers. Accuracy IPX server-based discovery is the quicker and more accurate of the two IPX discovery methods provided by Xerox® Device Manager (IPX Server and IPX address). IPX Address Scan Discovery Operation This discovery method will query the IPX addresses returned from the IPX Network Scan and Server Discovery for printdevices. Specifically: l A single packetis sentto each IPX address selected within the IPX Addresses configuration page. In this packet, Xerox® Device Manager requests a value for a single SNMP-based RFC 1213 OID. l For each device thatresponds to the RFC 1213 OID, Xerox® Device Manager will add the IPX address of the response packetinto its listof live IPX addresses. l Xerox® Device Manager then queries those devices with live IPX addresses for two more OIDs; one RFC 1213 OID and one RFC 1759 OID. This enables Xerox® Device Manager to identify printing devices from non-printing devices. Both groups of devices are stored within the Xerox® Device Manager data- base, however, only printing devices are exposed via the Xerox® Device Manager UI. - For those printer devices thatrespond to the RFC 1759 OID query, Xerox® Device Manager flags them as printers. - For those devices thatdo notrespond to the RFC 1759 OID query, Xerox® Device Manager then checks the RFC 1213 OID value againsttwo registry key values to determine if the device is in facta known printer. This is necessary because some printing devices (e.g., printers using external printserver boxes, older printers, etc.) do notsupportRFC 1759 – the Printer MIB. l The registry keys contain a comma separated listof RFC 1213 values for several known supported and unsupported printers. l Xerox® Device Manager then queries all live IPX addresses for three RFC 1213 OIDs and one RFC 1514/ 2790 OID. l For those devices identified as printers, Xerox® Device Manager queries three more RFC 1514/2790 OIDs and four more 1759 to obtain some basic attributes of the printer. l Based upon the identity of each printing device, Xerox® Device Manager then queries the appropriate vendor-specific OID and a new OID from the InternetDraftof the Printer MIBin order to obtain the printer’s serial number. Xerox®Device Manager Certification Guide Xerox Confidential 51700 of 1132 705 Alternative Device Discover Methods l Xerox® Device Manager then queries three RFC 1759 OIDs in order to display the printing device’s rated speed in pages per minute units. l Based upon the identity of each printing device, Xerox® Device Manager then queries the appropriate vendor-specific OID(s) to obtain the printing device’s software/firmware level. When to Use Use this method after performing an IPX Network Scan and IPX server discovery to determine printdevice information connected to those addresses. Network Impact We expectminimal impacts to the network because directqueries are restricted to known addresses. Accuracy This method may return less IPX-based printers than will be returned by an IPX Server discovery method. Note:The Xerox® Device Manager application’s configurable timeoutvalue will impactthe performance of IPX-based communications. Therefore, only adjustthis value if known IPX-based printers do notappear within the Xerox® Device Manager database. Xerox®Device Manager Certification Guide Xerox Confidential 52701 of 1132 706 Xerox®Device Manager Certification Guide Xerox Confidential 53702 of 1132 707 Summary and Next Steps Summary and Next Steps By this point, the user should have answers to the following FAQs thatwere indicated in Section 1: Whatadditional hardware and software will be introduced to my IT world? l The team will install the Wintel server-class systems with Xerox developed software depending on the operability model (hosted or on-site), locations, and network configurations of the devices to be man- aged and the Xerox ®Device Manager options. l Optionally, a thin-clientjob tracking application will be installed on printservers and workstations. Whattypical loads and bandwidth demands will be made on my network? l Sample calculations have been provided; actual demands will be based on amountand frequency of use. Whatnew user accounts will be created and whatexisting accounts (if any) will be touched by this application? l A CentreWare ®user accountmay be created with local administrative privileges, and depending on any requirementto manage remote devices and queues, itmay need to acceptdomain-based admin- istration privileges. l An existing administrator accountcould be substituted for the default(Run As). Whatnetwork protocols and IP ports will be used by this application? l Tables of information are provided; the actual protocols and ports thatare used depend on the oper- ability model and options required. Whatlevels of network and e-mail security are incorporated within/around Xerox ®Device Manager? l User Authentication and Authorization, group policy administration, and data encryption l TCP portmonitoring and restriction l Standard SMTP e-mail security capabilities l SNMP community string naming Whatwill the impactto my printing environmentbe after this application is installed? l The printers under managementwill create and consume SNMP-based traffic on the network within some predefined time windows. l The printers will be reporting status, failures, job activities, and usage information to a central location (Xerox®Device Manager). l Printer driver downloading may be performed remotely. Whatother impacts/effects will exist(i.e. to people, processes, or products)? l Normal server maintenance and floor space will be required on the MPS servers located behind the cli- ent’s firewall. Consideration on who will perform the periodic backup of the two Xerox ®Device Man- ager SQL Server ®databases and the hopefully little-needed database restore. Xerox®Device Manager Certification Guide Xerox Confidential 54703 of 1132 708 Appendix Appendix Firmware Upgrade Information l Firmware Upgrades are handled via Firmware Upgrade Policies. Policies can be created to apply to an entire fleet, groups of devices, or to a single device. l Firmware Upgrade supports up to 500 firmware upgrades atone time. l Retries can be scheduled and failed updates can be restarted. l Upgrade files are sentto one device ata time. - Verification of the upgrade is done after all firmware files have been sent. l The FleetOrchestrator feature distributes the network load when deploying to Xerox ®Altalink®devices. Xerox®Device Manager can selectdevices automatically within the same subnetto actas distribution hubs for the firmware files. This reduces the overall time ittakes to upgrade a fleetof devices. InternetInformation Server 7(IIS7) InternetInformation Server (IIS) can limitthe Firmware Upgrade file size Xerox ®Device Manager can upload. The following command is an example of how to change the supported maximum contentallowed by IIS to allow for larger firmware files: %windir%\system32\inetsrv\appcmd setconfig "DefaultWeb Site/XeroxDeviceManager" - section:requestFiltering -requestLimits.maxAllowedContentLength:524288000 Note thatthe maxAllowedContentLength has been setto the maximum Firmware file Xerox® Device Manager supports of 500MB. The maxAllowedContentLength should also be modified with IIS by downloading the IIS Admin Pack and then following the steps on the below website: Admin Pack Download:http://www.iis.net/download/AdministrationPack Refer to the website below to modify IIS RequestFiltering. http://www.iis.net/ConfigReference/system.webServer/security/requestFiltering Xerox®Device Manager Certification Guide Xerox Confidential 55704 of 1132 709 705 of 1132 710 Xerox l1nte llll ige 1nt Workplace Services IWS Suite -Secure Component Architecture Client Printer Fleet r-, 1·-·-11 r, G------1 Xerox®and non-Xerox® printers and mu lt ifiunctim1 devices X e rox D evice Agent Xerox Devi ce M ana ger ✓ Device Dis covel)f ✓ P ro a.clirire SupJ)lies/Set-v ice .Alerts ✓ Meler Reads □-Cii ,ent Firewall I Xerox P ri nt Security Aud it Service ✓ XDliA Capallilily ✓ Compi s nce A uditing ✓ Compism:e Remediation Se cure/1 ru sted Intern et Conn ecti o n Hostedl S ite Firewall • Xero:x He lp Desk Singl ,e Po i nt of Co11tact ✓ l e•vel 1 Hel p Desk ✓ De,,.ice and So ll!llioR9 Support ✓ Supplies Oispatdi ✓ B reak li'ix ca'II Roul il'IQ ✓ 1ckel Mam~gemenl ✓ Remote Help Fl eet Mana geme n t Portall ✓ Oew:e Heal ✓ S er.riice a nd Supply Incidents ✓ Meter Reads Xerox Repo rt Manage r ✓ Asset Dela is ✓ Service a nd SuPtJlies ✓ Account SLA ✓ Meter Vol mes Xerox Services Mana ger S&V-ce Performance IDa shboan:t ✓ He lp Desk ✓ lncide11t ansg en! ✓ Asset Management ✓ MACD ✓ Aeet at a GIBn,ce ✓ Volume• & U iza.tio I nforms ion ✓ Perlomiance Me rfcs ✓ De'iice Extract Security Guide Xerox® VersaLink® B405/B605/B615/B7025/B7030/B7035, C405/C505/C605/C7020/C7025/C7030 Multifunction Products Xerox® VersaLink® B400/B600/B610, C400/C500/C600/C7000/C8000/C9000 Printers 706 of 1132 711 xerox,- © 2019 Xerox Corporation. All rights reserved. Xerox®, CentreWare®, FreeFlow®, PrimeLink®, Xerox Extensible Interface Platform® are trademarks of Xerox Corporation in the United States and/or other countries. BR27410 Other company trademarks are also acknowledged. Document Version: 1.1 (January 2020). Copyright protection claimed includes all forms and matters of copyrightable material and information now allowed by statutory or judicial law or hereinafter granted including without limitation, material generated from the software programs which are displayed on the screen, such as icons, screen displays, looks, etc. Changes are periodically made to this document. Changes, technical inaccuracies, and typographic errors will be corrected in subsequent edit ions. 707 of 1132 712 Security Guide – Xerox® VersaLink® B405/B605/B615/B7025/B7030/B7035, C405/C505/C605/C7020/C7025/C7030 Multifunction Products, and B400/B600/B610, C400/C500/C600/C7000/C8000/C9000 Printers i Table of Contents 1. Introduction ........................................................................................................................................ vi Purpose .............................................................................................................................................. vi Target Audience ................................................................................................................................. vi Disclaimer .......................................................................................................................................... vi 2. Product Description ......................................................................................................................... 3-1 Physical Components ..................................................................................................................... 3-1 Architecture ................................................................................................................................. 3-2 User Interface .............................................................................................................................. 3-2 Scanner ....................................................................................................................................... 3-2 Marking Engine ........................................................................................................................... 3-2 Controller ..................................................................................................................................... 3-3 Controller External Interfaces ......................................................................................................... 3-3 Front Panel USB (Type A) prot(s) ............................................................................................... 3-3 10/100/1000 MB Ethernet RJ-45 Network Connector ................................................................ 3-3 Rear USB (Type B) Target Port .................................................................................................. 3-3 Optional Equipment ......................................................................................................................... 3-4 RJ-11 Analog Fax and Telephone .............................................................................................. 3-4 Wireless Network Connector ....................................................................................................... 3-4 Near Field Communications (NFC) Reader ................................................................................ 3-4 SMART CARD – CAC/PIV .......................................................................................................... 3-4 Foreign Product Interface ............................................................................................................ 3-4 3. User Data Protection ....................................................................................................................... 4-1 User Data Protection While Within Product .................................................................................... 4-1 Encryption ................................................................................................................................... 4-1 Trusted Platform Module (TPM Chip) ......................................................................................... 4-1 Media Sanitization (Image Overwrite) ......................................................................................... 4-1 Overwriting Immediate Image Overwrite ..................................................................................... 4-2 On-Demand Image Overwrite ..................................................................................................... 4-2 User Data in Transit ........................................................................................................................ 4-2 Inbound User Data (Print Job Submission) ................................................................................. 4-2 Scanning to Network Repository, Email, Fax Server (Outbound User Data) ............................. 4-3 708 of 1132 713 Security Guide – Xerox® VersaLink® B405/B605/B615/B7025/B7030/B7035, C405/C505/C605/C7020/C7025/C7030 Multifunction Products, and B400/B600/B610, C400/C500/C600/C7000/C8000/C9000 Printers ii Scanning to User Local USB Storage Product (Outbound User Data) ....................................... 4-3 Add on Apps – Cloud, Google, DropBox, and others (Outbound User Data) ............................. 4-4 4. Network Security ............................................................................................................................. 5-1 TCP/IP Ports and Services ............................................................................................................. 5-1 Listening Services (inbound ports) .............................................................................................. 5-2 Network Encryption ......................................................................................................................... 5-3 IPSec ........................................................................................................................................... 5-3 Wireless 802.11 Wi-Fi Protected Access (WPA) ........................................................................ 5-3 TLS .............................................................................................................................................. 5-4 Public Key Encryption (PKI) ........................................................................................................ 5-4 Device Certificates ...................................................................................................................... 5-5 Trusted Certificates ..................................................................................................................... 5-6 Certificate Validation ................................................................................................................... 5-6 Email Signing and Encryption using S/MIME .............................................................................. 5-7 SNMPv3 ...................................................................................................................................... 5-7 Network Access Control .................................................................................................................. 5-8 802.1x .......................................................................................................................................... 5-8 Cisco Identity Services Engine (ISE) .......................................................................................... 5-8 Contextual Endpoint Connection Management .......................................................................... 5-9 FIPS140-2 Compliance Validation .............................................................................................. 5-9 Additional Network Security Controls ............................................................................................ 5-10 Endpoint Firewall Options ......................................................................................................... 5-10 IP Whitelisting (IP Address Filtering) ........................................................................................ 5-10 Stateful Firewall (Advanced IP Filtering) ................................................................................... 5-10 Personal Identifiable Information (PII) ....................................................................................... 5-10 5. Device Security: BIOS, Firmware, OS, Runtime, and Operational Security Controls .................... 6-1 Pre-Boot BIOS Protection ............................................................................................................... 6-1 BIOS ............................................................................................................................................ 6-1 Embedded Encryption ................................................................................................................. 6-1 Boot Process Integrity ..................................................................................................................... 6-1 Firmware Integrity & Verification ................................................................................................. 6-1 Event Monitoring & Logging ........................................................................................................ 6-1 Event Monitoring and Logging .................................................................................................... 6-1 Continuous Operational Security .................................................................................................... 6-1 709 of 1132 714 Security Guide – Xerox® VersaLink® B405/B605/B615/B7025/B7030/B7035, C405/C505/C605/C7020/C7025/C7030 Multifunction Products, and B400/B600/B610, C400/C500/C600/C7000/C8000/C9000 Printers iii Firmware and Diagnostic Security Controls ................................................................................ 6-1 Fail Secure Vs Fail Safe.................................................................................................................. 6-2 Pre-Boot Security ............................................................................................................................ 6-2 BIOS ............................................................................................................................................ 6-2 Embedded Encryption ................................................................................................................. 6-2 Boot Process Security ..................................................................................................................... 6-2 Firmware Integrity ....................................................................................................................... 6-2 Runtime Security ............................................................................................................................. 6-1 Event Monitoring and Logging ........................................................................................................ 6-4 Audit Log ..................................................................................................................................... 6-4 Operational Security ........................................................................................................................ 6-4 Firmware Restrictions ................................................................................................................. 6-4 Service Technician (CSE) Access Restriction ............................................................................ 6-5 Additional Service Details ........................................................................................................... 6-5 Backup and Restore (Cloning) .................................................................................................... 6-5 EIP Applications .......................................................................................................................... 6-5 XCP (eXtensible Customizable Platform .................................................................................... 6-6 6. Configuration and Security Policy Management Solutions ............................................................. 7-1 7. Identification, Authentication, and Authorization ............................................................................. 8-1 Authentication ................................................................................................................................. 8-1 Local Authentication .................................................................................................................... 8-1 Password Policy .......................................................................................................................... 8-2 Network Authentication ............................................................................................................... 8-2 Smart Card Authentication .......................................................................................................... 8-2 Convenience Authentication ....................................................................................................... 8-3 Simple Authentication (non-secure) ............................................................................................ 8-3 Authorization (Role Based Access Controls) .................................................................................. 8-3 Remote Access ........................................................................................................................... 8-3 Local Access ............................................................................................................................... 8-3 8. Additional Information and Resources ............................................................................................ 9-1 Security @ Xerox® .......................................................................................................................... 9-1 Responses to Known Vulnerabilities ............................................................................................... 9-1 Additional Resources ...................................................................................................................... 9-1 9. Appendix A: Product Security Profiles .......................................................................................... 10-2 710 of 1132 715 Security Guide – Xerox® VersaLink® B405/B605/B615/B7025/B7030/B7035, C405/C505/C605/C7020/C7025/C7030 Multifunction Products, and B400/B600/B610, C400/C500/C600/C7000/C8000/C9000 Printers iv VersaLink B7025/B7030/B7035 .................................................................................................... 10-2 Physical Overview ..................................................................................................................... 10-2 Security Related Interfaces ....................................................................................................... 10-3 Encryption and Overwrite .......................................................................................................... 10-3 Controller Non-Volatile Storage ................................................................................................ 10-3 Controller Volatile Memory ........................................................................................................ 10-4 Marking Engine Non-Volatile Storage ....................................................................................... 10-4 Marking Engine Volatile Memory .............................................................................................. 10-4 VersaLink C7000/C7020/C7025/C7030 ........................................................................................ 10-5 Physical Overview ..................................................................................................................... 10-5 Security Related Interfaces ....................................................................................................... 10-6 Encryption and Overwrite .......................................................................................................... 10-6 Controller Non-Volatile Storage ................................................................................................ 10-6 Controller Volatile Memory ........................................................................................................ 10-7 Marking Engine Non-Volatile Storage ....................................................................................... 10-7 Marking Engine Volatile Memory .............................................................................................. 10-7 VersaLink B400/B405 ................................................................................................................... 10-8 Physical Overview ..................................................................................................................... 10-8 Security Related Interfaces ....................................................................................................... 10-9 Encryption and Overwrite .......................................................................................................... 10-9 Controller Non-Volatile Storage ................................................................................................ 10-9 Controller Volatile Memory ...................................................................................................... 10-10 Marking Engine Non-Volatile Storage ..................................................................................... 10-10 Marking Engine Volatile Memory ............................................................................................ 10-10 VersaLink C400/C405 ................................................................................................................. 10-11 Physical Overview ................................................................................................................... 10-11 Security Related Interfaces ..................................................................................................... 10-12 Encryption and Overwrite ........................................................................................................ 10-12 Controller Non-Volatile Storage .............................................................................................. 10-12 Controller Volatile Memory ...................................................................................................... 10-13 Marking Engine Non-Volatile Storage ..................................................................................... 10-13 Marking Engine Volatile Memory ............................................................................................ 10-13 VersaLink C500/C600/C505/C605 .............................................................................................. 10-14 Physical Overview ................................................................................................................... 10-14 Security Related Interfaces ..................................................................................................... 10-15 711 of 1132 716 Security Guide – Xerox® VersaLink® B405/B605/B615/B7025/B7030/B7035, C405/C505/C605/C7020/C7025/C7030 Multifunction Products, and B400/B600/B610, C400/C500/C600/C7000/C8000/C9000 Printers v Encryption and Overwrite ........................................................................................................ 10-15 Controller Non-Volatile Storage .............................................................................................. 10-15 Controller Volatile Memory ...................................................................................................... 10-16 Marking Engine Non-Volatile Storage ..................................................................................... 10-16 Marking Engine Volatile Memory ............................................................................................ 10-16 VersaLink B600/B605/B610/B615 .............................................................................................. 10-17 Physical Overview ................................................................................................................... 10-17 Security Related Interfaces ..................................................................................................... 10-18 Encryption and Overwrite ........................................................................................................ 10-18 Controller Non-Volatile Storage .............................................................................................. 10-18 Controller Volatile Memory ...................................................................................................... 10-19 Marking Engine Non-Volatile Storage ..................................................................................... 10-19 Marking Engine Volatile Memory ............................................................................................ 10-19 VersaLink C8000/C9000 ............................................................................................................. 10-20 Physical Overview ................................................................................................................... 10-20 Security Related Interfaces ..................................................................................................... 10-21 Encryption and Overwrite ........................................................................................................ 10-21 Controller Non-Volatile Storage .............................................................................................. 10-21 Controller Volatile Memory ...................................................................................................... 10-22 Marking Engine Non-Volatile Storage ..................................................................................... 10-22 Marking Engine Volatile Memory ............................................................................................ 10-22 10. Appendix B: Security Events ......................................................................................................... 11-1 Xerox VersaLink Security Events .................................................................................................. 11-1 1. 712 of 1132 717 Security Guide – Xerox® VersaLink® B405/B605/B615/B7025/B7030/B7035, C405/C505/C605/C7020/C7025/C7030 Multifunction Products, and B400/B600/B610, C400/C500/C600/C7000/C8000/C9000 Printers vi 2. Introduction Purpose The purpose of this document is to disclose information for the VersaLink® multifunction devices and printers (hereinafter called as “the product” or “the system”) with respect to product security. Product Security, for this paper, is defined as how image data is stored and transmitted, how the product behaves in a network environment, and how the product may be accessed both locally and remotely. The purpose of this document is to inform Xerox customers of the design, functions, and features of the product with respect to Information Assurance. This document does not provide tutorial level information about security, connectivity, or the product’s features a nd functions. This information is readily available elsewhere. We assume that the reader has a working knowledge of these types of topics. Target Audience The target audience for this document is Xerox field personnel and customers concerned with IT security. Disclaimer The content of this document is provided for information purposes only. Performance of the products referenced herein is exclusively subject to the applicable Xerox Corporation terms and conditions of sale and/or lease. Nothing stated in this document constitutes the establishment of any additional agreement or binding obligations between Xerox Corporation and any third party. 713 of 1132 718 Security Guide – Xerox® VersaLink® B8045/B8055/B8065/B8075/B8090, C8030/C8035/C8045/C8055/C8070 Multifunction Products 3-1 3. Product Description Physical Components VersaLink® products consist of an input document handler a nd scanner, marking engine, controller, and user interface. A typical configuration is depicted below. Please note that options including finishers, paper trays, document handers, etc. may vary configuration, however, they are not relevant to security and are not discussed. 1. Stabilizer. 2. Bypass paper feed tray. 3. Front USB Port(s)* 4. Touch screen user interface. 5. Upper paper tray. 6. Lower paper tray. 7. Paper feed trays. 8. Caster wheels. 9. Rear USB Port(s)* 10. Optional Wi-Fi dongle port* 11. RJ45 Ethernet connection* 12. Service port (May require disassembly to access). 13. AC Power *Denotes a security related component 714 of 1132 719 ,- 13 Security Guide – Xerox® VersaLink® B8045/B8055/B8065/B8075/B8090, C8030/C8035/C8045/C8055/C8070 Multifunction Products 3-2 Architecture VersaLink® products share a common architecture which is depicted below. The following sections describe components in detail. User Interface The user interface detects soft and hard button actuations and provides text and graphical prompts to the user. The user interface is sometimes referred to as the Graphical User Interface (GUI) or Local UI (LUI) to distinguish it from the remote web server interface (WebUI). The user interface allows users to access product services and functions. Users with administrative privileges can manage the product configuration settings. User permissions are configurable through Role Based Access Control (RBAC) policies, described in section 7 Identification, Authentication, and Authorization Scanner The scanner converts documents from hardcopy to electronic data. A document handler moves originals into a position to be scanned. The scanner provides enough image processing for signal conditioning and formatting. The scanner does not store scanned images. Marking Engine The Marking Engine performs copy/print paper feeding and transport, image marking, fusing, and document finishing. The marking engine is comprised of paper supply trays and feeders, paper transport, LED scanner, xerographics, and paper output and finishing. The marking engine is only accessible to the Controller via inter-chip communication with no other access and does not store user data. 715 of 1132 720 Device Storage User Interface Scanner Controller * Marking Engine External Interfaces * Optional Interfaces Security Guide – Xerox® VersaLink® B8045/B8055/B8065/B8075/B8090, C8030/C8035/C8045/C8055/C8070 Multifunction Products 3-3 Controller The controller manages document processing using proprietary hardware and algorithms to process documents into high-quality electronic and/or printed reproductions. Documents may be temporarily buffered in RAM during processing. Some models may be equipped with additional storage options such as magnetic Hard Disk Drive (HDD), Solid State Disk (SSD), SD Card, or Flash media. For model specific details please see Appendix A: Product Security Profiles. VersaLink® products encrypt user data and include media sanitization (overwrite) options that ensure that erased data cannot be recovered, described further in section 3 User Data Protection. In addition to managing document processing the controller manages all network functions and services. Details can be found in section Network Security. The controller handles all I/O communications with connected products. The following section provides a description of each interface. Please note that not all interfaces are supported on all models; details about each model can be found in Appendix A: Product Security Profiles. Controller External Interfaces Front Panel USB (Type A) prot(s) One or more USB ports may be located on the front of the product, near the user interface. Front USB ports may be enabled or disabled by a system administrator. The front USB port supports the following: • Walk-up users may insert a USB thumb drive to store or retrieve documents for scanning and/or printing from a FAT formatted USB device. The controller will only allow reading/writing of a limited set of known document types (such as DOC, PDF, PNG, JPEG, TIFF, etc.). Other file types including binary executables are not supported. Note: Features that use the front USB ports (such as Scan To USB) can be disabled independently or restricted using role-based access controls. • Connection of optional equipment such as NFC or CAC readers. • Firmware updates may be submitted through the front USB ports. (Note that the product must be configured to allow local firmware updates, or the update will not be processed. 10/100/1000 MB Ethernet RJ-45 Network Connector This is a standard RJ45 Ethernet network connector and confirms to IEEE Ethernet 802.3 standards. Rear USB (Type B) Target Port A USB type B port located on the controller board at the rear of the product. This port supports the following: • USB target connector used for printing Note: This port cannot be disabled completely by a system administrator. 716 of 1132 721 Security Guide – Xerox® VersaLink® B8045/B8055/B8065/B8075/B8090, C8030/C8035/C8045/C8055/C8070 Multifunction Products 3-4 Optional Equipment RJ-11 Analog Fax and Telephone The analog fax module connects to the controller. The fax connection supports the Fax Modem T.30 protocol only and will not accept data or voice communication attempts. An external (EXT) is available to connect an external handset. In this configuration, the FAX card acts as a passive relay. Wireless Network Connector VersaLink® products accept an optional wireless module via a proprietary port. Near Field Communications (NFC) Reader The system supports an installable RFID reader for authentication and convenience in certain configurations. VersaLink® products accept the RFID reader via USB on the front of the product. This communication cannot write or change any settings on the system. The data exchanged is not encrypted and may include information including system network status, IP address and product location. NFC functionality can be disabled using the embedded web server of the product. NFC functionality requires a software plugin that can be obtained from Xerox sales and support. NFC functionality is supported via optional touch screen user interface or optional dedicated NFC USB dongle. Information shared over NFC includes: IPv4 Address, IPv6 Address, MAC Address, UUID (a unique identifier on the NFC client), and Fully qualified domain name SMART CARD – CAC/PIV All VersaLink® products support CAC/PIV login by enabling the VersaLink® Plug-in feature and then enabling the appropriate plug-in. Additional plug-ins can be downloaded from Xerox.com in the product Support area online. All VersaLink® products support SIPR network access through a plug-in. The SIPR network plug-in is restricted only to users who have purchased the SIPR kit from Xerox. Contact your Xerox sales representative for details. Foreign Product Interface This port is used to connect optional equipment to control access to the machine. A typical application is a coin-operated product where a user must deposit money to enable the machine to print. The information available via the Foreign Product Interface is limited to optically-isolated pulses that can be used to count impressions marked on hardcopy sheets. No user data is transmitted to or from this interface. 717 of 1132 722 Security Guide – Xerox® VersaLink® B8045/B8055/B8065/B8075/B8090, C8030/C8035/C8045/C8055/C8070 Multifunction Products 4-1 4. User Data Protection Xerox printers and multifunction products receive, process, and may optionally store user data from several sources including as local print, scan, fax, or copy jobs or mobile and cloud applications, etc. Xerox products protect user data being processed by employing strong encryption. When the data is no longer needed, the Image Overwrite (IIO) feature automatically erases and overwrites the data on magnetic media, rendering it unrecoverable. As an additional layer of protection, an extension of IIO called On-Demand Image Overwrite (ODIO) can be invoked to securely wipe all user data from magnetic media. User Data Protection While Within Product This section describes security controls that protect user data while it is resident within the product. For a description of security controls that protect data in transit please refer to the following section that discusses data in transit; also, the Network Security section of this document. Encryption All user data being processed or stored to the product is encrypted by default. The algorithm used in the product is AES-256. The encryption key is automatically created at start up and stored in the RAM. The key is deleted by a power-off, due to the physical characteristics of the RAM. Trusted Platform Module (TPM Chip) Some models include a Trusted Platform Module (TPM). The TPM is compliant with ISO/IEC 11889, the international standard for a secure cryptoprocessor, dedicated to secure cryptographic keys. The TPM is used to securely hold the product storage encryption key. Please refer to Appendix A: Product Security Profiles for model specific information. Media Sanitization (Image Overwrite) VersaLink® products equipped with magnetic hard disk drives are compliant with NIST Special Publication 800-88 Rev1: Guidelines for Media Sanitization. User data is securely erased using a three-pass algorithm as described in the following link: https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-88r1.pdf Note: Solid-State storage media such as Solid-State Disk, eMMC, SD-Card, and Flash media cannot be completely sanitized by multi-pass overwriting methods due to the memory wear mapping that occurs. (Additionally, attempts to do so would also greatly erode the operational lifetime of solid-state media). Solid State media is therefore not recommended for use in highly secure environments. Please refer to NIST-800-88 “Table A-8: Flash Memory-Based Storage Product Sanitization” for technical details. 718 of 1132 723 Security Guide – Xerox® VersaLink® B8045/B8055/B8065/B8075/B8090, C8030/C8035/C8045/C8055/C8070 Multifunction Products 4-2 Overwriting Immediate Image Overwrite When enabled, Immediate Image Overwrite (IIO) will overwrite any temporary files that were created on the magnetic hard disk that may contain user data. The feature provides continuous automatic of sensitive data with minimal impact to performance, robust error reporting, and logging via the Audit Log. On-Demand Image Overwrite Complementing the Immediate Image Overwrite is On-Demand Overwrite (ODIO). While IIO overwrites individual files, ODIO overwrites entire partitions. The ODIO feature can be invoked at any time and optionally may be scheduled to run automatically. User Data in Transit This section focuses on the protection of user data (print/scan/other jobs) in transit as they are submitted to the product for processing and/or are sent from the product to other systems. Additional protections are also discussed in the Network Security section of this document. Inbound User Data (Print Job Submission) In addition to supporting network level encryption including IPSec and WPA Xerox products also support encryption of print job data at the time of submission. This can be used to securely transmit print jobs over unencrypted connections or to enhance existing network level security controls. Encrypted Transport Description IPPS (TLS) Submit print jobs via Secure Internet Printing Protocol. This protocol is based on HTTP and utilizes the TLS suite to encrypt data. HTTPS (TLS) Securely submit a print job directly to product via the built-in web server. Xerox Print Stream Encryption The Xerox Global Print Driver® supports document encryption when submitting Secure Print jobs to enabled products. Simply check the box to Enable Encryption when adding the Passcode to the print job. 719 of 1132 724 Security Guide – Xerox® VersaLink® B8045/B8055/B8065/B8075/B8090, C8030/C8035/C8045/C8055/C8070 Multifunction Products 4-3 Scanning to Network Repository, Email, Fax Server (Outbound User Data) VersaLink® multifunction products support scanning of hardcopy documents to external network locations including file repositories and email and facsimile services. In addition to supporting network level encryption including IPSec Xerox products support the following. Protocol Encryption Description HTTP N/A Unencrypted HTTP protocol. HTTPS (TLS) TLS HTTP encrypted by TLS FTP N/A Unencrypted FTP. SFTP (SSH) SSH FTP encrypted by SSH through “EIP” ONLY SMBv3 N/A Encryption may be enabled on a Windows share. VersaLink® products do not currently support SMB encryption. SMBv2 N/A Unencrypted SMB SMBv1 N/A (Not used as a transport protocol. Used for network discovery only) SMTP (email) S/MIME The product uses SMTP to transmit data to the email server. Email authentication, encryption, and signing are supported. Please refer to the Network Security section of this document for details. Scanning to User Local USB Storage Product (Outbound User Data) Scan data is transferred directly to the user’s USB product. Filesystem encryption of user products are not supported. 720 of 1132 725 Security Guide – Xerox® VersaLink® B8045/B8055/B8065/B8075/B8090, C8030/C8035/C8045/C8055/C8070 Multifunction Products 4-4 Add on Apps – Cloud, Google, DropBox, and others (Outbound User Data) The Xerox App Gallery® contains several additional applications that extend the capabilities of Xerox products. Discussion of App security is beyond the scope of this document. Xerox Apps utilize the security framework provided by the third-party vendor. (For example, Microsoft O365 or Google apps would utilize Microsoft and Google’s security mechanisms respectively). Please consult documentation for individual Apps and third-party security for details. VersaLink® Multifunction VersaLink® Printers B405, B605, B615, B7025, B7030, B7035, C405, C505, C605, C7020, C7025, C7030 B400, B600, B610, C400, C500, C600, C7000, C8000, C9000 Local Data Encryption (HDD, SDD, IC, SD Card) AES-256 AES-256 Federal Information Protection Standard 140-2 Yes Yes Media Sanitization NIST 800-171 (Image Overwrite) Models with magnetic HDD. See Appendix A: Product Security Profiles Models with magnetic HDD. See Appendix A: Product Security Profiles Print Submission IPPS (TLS) Supported Supported HTTPS (TLS) Supported Supported Xerox Print Stream Encryption (Not currently supported) (Not currently supported) Scan to Repository Server HTTPS (TLS) (Not currently supported) (Not Applicable) SFTP (SSH) (Not currently supported) (Not Applicable) SMB (unencrypted) v3 (Not Applicable) SMB (with share encryption enabled) (Not currently supported) (Not Applicable) HTTP (unencrypted) (Not currently supported) (Not Applicable) FTP (unencrypted) (Not currently supported) (Not Applicable) Scan to Fax Server HTTPS (TLS) (Not currently supported) (Not Applicable) SFTP (SSH) (Not currently supported) (Not Applicable) SMB (unencrypted) v3 (Not Applicable) SMB (with share encryption enabled) (Not currently supported) (Not Applicable) S/MIME Supported (Not Applicable) HTTP (unencrypted) (Not currently supported) (Not Applicable) FTP (unencrypted) (Not currently supported) (Not Applicable) SMTP (unencrypted) Supported (Not Applicable) Scan to Email S/MIME Supported (Not Applicable) SMTP (unencrypted) Supported (Not Applicable) 721 of 1132 726 Security Guide – Xerox® VersaLink® B8045/B8055/B8065/B8075/B8090, C8030/C8035/C8045/C8055/C8070 Multifunction Products 5-1 5. Network Security Xerox products are designed to offer a high degree of security and flexibility in almost any network environment. This section describes several aspects of the product related to network security. TCP/IP Ports and Services Xerox devices are robust, offering support for a wide array of services and protocols. The devices are capable of hosting services as well as acting as a client for others. The diagram below presents a high-level overview of inbound communications (from other hosts on the network into listening services on the device) and outbound connections initiated by the device (acting as a client to external network services). Inbound (Listening Services) Out Bound (Network Client) Print Services LPR, IPP, Raw IP, etc. Management Services SNMP, Web interface, WebServices, etc. Infrastructure and Discovery Services IPSEC, SSDP, WSD, mDNS, NetBIOS, etc. Built-in Scan Services FTP, HTTP & HTTPS (TLS) ,SMB, CIFS, SMTP & SMTPS, POP3 and POPS, etc. Authentication Services LDAP & LDAPS, SMB, Kerberos. Infrastructure ISAKMP (IPSec), DHCP and DHCPv6, etc. Cloud Services Dropbox, Google Drive, OneDrive, and several others. 722 of 1132 727 Security Guide – Xerox® VersaLink® B8045/B8055/B8065/B8075/B8090, C8030/C8035/C8045/C8055/C8070 Multifunction Products 5-2 Listening Services (inbound ports) The following table summarizes all potentially open ports on the product. These ports can be enabled/disabled within the product configuration. Port Type Service Name 80 or 443 TCP HTTP including: Web User Interface UPnP Discovery Web Services for Products (WSD) WebDAV 631 or 443 TCP HTTP (IPP) 137 UDP NETBIOS (Name Service) 138 UDP NETBIOS (Datagram Service) 161 UDP SNMP 427 TCP/UDP SLP 445 TCP CIFS 500 & 4500 UDP IPSec 515 TCP LPR 631 TCP IPP 1900 UDP SSDP 3702 TCP WSD (Discovery) 5353 UDP mDNS 9100 TCP Raw IP (also known as JetDirect, AppSocket or PDL-datastream) 5909-5999 TCP Remote Access to local display panel. Port is randomly selected and communications encrypted with TLS 1.2. 53202 TCP WSD Transfer 53303 TCP WSD Print 53404 TCP WSD Scan 723 of 1132 728 Security Guide – Xerox® VersaLink® B8045/B8055/B8065/B8075/B8090, C8030/C8035/C8045/C8055/C8070 Multifunction Products 5-3 Network Encryption IPSec Internet Protocol Security (IPsec) is a network security protocol capable of providing encryption and authentication at the packet level. VersaLink® products support IPSec for both IPv4 and IPv6 protocols. VersaLink® Multifunction VersaLink® Printers B405, B605, B615, B7025, B7030, B7035, C405, C505, C605, C7020, C7025, C7030 B400, B600, B610, C400, C500, C600, C7000, C8000, C9000 IPSec Supported IP Versions IPv4, IPv6 IPv4, IPv6 Key exchange authentication method Preshared Key & digital signature Preshared Key & digital signature Transport Mode Transport mode only Transport mode only Security Protocol ESP only ESP only ESP Encryption Method AES, 3DES, DES AES, 3DES, DES ESP Authentication Methods SHA1, SHA256, None SHA1, SHA256, None Wireless 802.11 Wi-Fi Protected Access (WPA) Products equipped with WiFi support WPA2 Personal, WPA2 Enterprise, and Mixed Mode compliant with IEEE 802.11i. The wireless network adapters used in Xerox products are certified by the Wi-Fi Alliance. VersaLink® Multifunction VersaLink® Printers B405, B605, B615, B7025, B7030, B7035, C405, C505, C605, C7020, C7025, C7030 B400, B600, B610, C400, C500, C600, C7000, C8000, C9000 Wi-Fi (802.11) No Encryption Supported Supported WEP RC4 RC4 WPA2 Personal (PSK) CCMP (AES) CCMP (AES) WPA2 Enterprise CCMP (AES) + TKIP -- PEAPv0 MS-CHAPv2 EAP-TLS EAP-TTLS/PAP EAP-TTLS/CHAP EAP-TTLS/MS-CHAPv2 CCMP (AES) + TKIP -- PEAPv0 MS-CHAPv2 EAP-TLS EAP-TTLS/PAP EAP-TTLS/CHAP EAP-TTLS/MS-CHAPv2 BSSID Roaming Restriction (Not Currently Supported) (Not Currently Supported) 724 of 1132 729 Security Guide – Xerox® VersaLink® B8045/B8055/B8065/B8075/B8090, C8030/C8035/C8045/C8055/C8070 Multifunction Products 5-4 TLS VersaLink® products support the latest version, TLS 1.2. Public Key Encryption (PKI) A digital certificate is a file that contains data used to verify the identity of the client or server in a network transaction. A certificate also contains a public key used to create and verify digital signatures. To prove identity to another product, a product presents a certificate trusted by the other product. The product can also present a certificate signed by a trusted third party and a digital signature proving that it owns the certificate. A digital certificate includes the following data: • Information about the owner of the certificate • The certificate serial number and expiration date • The name and digital signature of the certificate authority (CA) that issued the certificate • A public key • A purpose defining how the certificate and public key can be used • There are four types of certificates: • A Product Certificate is a certificate for which the printer has a private key. The purpose specified in the certificate allows it to be used to prove identity. • A CA Certificate is a certificate with authority to sign other certificates. • A Trusted Certificate is a self-signed certificate from another product that you want to trust. • A domain controller certificate is a self-signed certificate for a domain controller in your network. Domain controller certificates are used to verify the identity of a user when the user logs in to the product using a Smart Card. For protocols such as HTTPS, the printer is the server, and must prove its identity to the client Web browser. For protocols such as 802.1X, the printer is the client, and must prove its identity to the authentication server, typically a RADIUS server. VersaLink® Multifunction VersaLink® Printers B405, B605, B615, B7025, B7030, B7035, C405, C505, C605, C7020, C7025, C7030 B400, B600, B610, C400, C500, C600, C7000, C8000, C9000 TLS Versions Supported Product Web Interface 1.2, 1.1, 1.0 1.2, 1.1, 1.0 Product Web Services 1.2, 1.1, 1.0 1.2, 1.1, 1.0 Product IPPS printing 1.2, 1.1, 1.0 1.2, 1.1, 1.0 Remote control 1.2 1.2 725 of 1132 730 Security Guide – Xerox® VersaLink® B8045/B8055/B8065/B8075/B8090, C8030/C8035/C8045/C8055/C8070 Multifunction Products 5-5 Device Certificates VersaLink® products support both CA signed and self-signed certificates. Product certificates support a bit length of up to 2048 bits. A CA signed certificate can be created by generating a Certificate Signing Request (CSR), and sending it to a CA or a local server functioning as a CA to sign the CSR. An example of a server functioning as a certificate authority is Windows Server 2008 running Certificate Services. When the CA returns the signed certificate, install it on the printer. Alternatively, a self-signed certificate may be created. When you create a Product Certificate, the product generates a certificate, signs it, and creates a public key used in SSL/TLS encryption. VersaLink® Multifunction VersaLink® Printers B405, B605, B615, B7025, B7030, B7035, C405, C505, C605, C7020, C7025, C7030 B400, B600, B610, C400, C500, C600, C7000, C8000, C9000 Device Certificates Certificate Length 1024, 2048 1024, 2048 Supported Hashes SHA256, SHA384, SHA512 SHA256, SHA384, SHA512 Product Web Server Supported Supported IPPS (TLS) Printing Supported Supported 802.1X Client Supported Supported Email Signing Supported (Not Applicable) Email Encryption Supported (Not Applicable) OCSP Signing Supported Supported IPSec (Not currently supported) (Not currently supported) SFTP (Not currently supported) (Not Applicable) 726 of 1132 731 Security Guide – Xerox® VersaLink® B8045/B8055/B8065/B8075/B8090, C8030/C8035/C8045/C8055/C8070 Multifunction Products 5-6 Trusted Certificates Public certificates may be imported to the product’s certificate store for validation of trusted external products. The following categories are supported: • A Trusted Root CA Certificate is a certificate with authority to sign other certificates. These certificates usually are self-signed certificates that come from another product or service that you want to trust. • An Intermediate CA Certificate is a certificate that links a certificate to a Trusted Root CA Certificate in certain network environments. • Other Certificates are certificates that are installed on the printer for solution-specific uses. An administrator can specify the minimum encryption key length required for certificates. If a user attempts to upload a certificate that contains a key that does not meet this requirement, a message appears. The message alerts the user that the certificate they are attempting to upload does not meet the key length requirement. VersaLink® Multifunction VersaLink® Printers B405, B605, B615, B7025, B7030, B7035, C405, C505, C605, C7020, C7025, C7030 B400, B600, B610, C400, C500, C600, C7000, C8000, C9000 Trusted Certificates Minimum Length Restriction Options 1024, 2048 1024, 2048 Maximum Length 4096 4096 Supported Hashes SHA1/224/256/384/512 SHA1/224/256/384/512 Supported Formats .cer, .der, PKCS#7, PKCS#12 (.pfx, .p12) .cer, .der, PKCS#7, PKCS#12 (.pfx, .p12) IPSec Supported Supported LDAP Supported Supported Scanning (HTTPS/TLS) (Not currently supported) (Not Applicable) Scanning (SFTP/SSH) (Not currently supported) (Not Applicable) 802.1X Client Supported Supported Email Signing Supported (Not Applicable) Email Encryption Supported (Not Applicable) OCSP Signing Supported Supported Certificate Validation VersaLink® devices support certificate validation with configurable checks for OSCP and CRL. Validation checks include: • Validation of certificate path • Certificate expiration • Validation of trusted CA • Signature validation 727 of 1132 732 Security Guide – Xerox® VersaLink® B8045/B8055/B8065/B8075/B8090, C8030/C8035/C8045/C8055/C8070 Multifunction Products 5-7 Email Signing and Encryption using S/MIME S/MIME (Secure/Multipurpose Internet Mail Extensions) provides Authentication, Message integrity, Non-repudiation, and encryption of email. VersaLink® Multifunction VersaLink® Printers B405, B605, B615, B7025, B7030, B7035, C405, C505, C605, C7020, C7025, C7030 B400, B600, B610, C400, C500, C600, C7000, C8000, C9000 Email S/MIME Versions v2, v3, v3.2 (Not Applicable) Digest MD5, SHA1, SHA256 (Not Applicable) Encryption 3DES, RC2, AES128, AES192, AES256 (Not Applicable) SNMPv3 SNMPv3 is the current standard version of SNMP defined by the Internet Engineering Task Force (IETF). It provides three important security features: • Message integrity to ensure that a packet has not been tampered with in transit • Authentication to verify that the message is from a valid source • Encryption of packets to prevent unauthorized access VersaLink® Multifunction VersaLink® Printers B405, B605, B615, B7025, B7030, B7035, C405, C505, C605, C7020, C7025, C7030 B400, B600, B610, C400, C500, C600, C7000, C8000, C9000 SNMPv3 Digest SHA1, MD5 SHA1, MD5 Encryption DES, AES128 DES, AES128 728 of 1132 733 I I Security Guide – Xerox® VersaLink® B8045/B8055/B8065/B8075/B8090, C8030/C8035/C8045/C8055/C8070 Multifunction Products 5-8 Network Access Control 802.1x In 802.1X authentication, when the product is connected to the LAN port of Authenticator such as the switch as shown below, the Authentication Server authenticates the product, and the Authenticator controls access of the LAN port according to the authentication result. The product starts authentication processing at startup when the startup settings for 802.1X authentication are enabled. VersaLink® Multifunction VersaLink® Printers B405, B605, B615, B7025, B7030, B7035, C405, C505, C605, C7020, C7025, C7030 B400, B600, B610, C400, C500, C600, C7000, C8000, C9000 Network Access Control 802.1x Supported Supported Authentication Methods MD5, MS-CHAPv2, PEAP/MS- CHAPv2, EAP-TLS MD5, MS-CHAPv2, PEAP/MS- CHAPv2, EAP-TLS Cisco Identity Services Engine (ISE) Cisco ISE is an intelligent security policy enforcement platform that mitigates security risks by providing a complete view of which users and what products are being connected across the entire network infrastructure. It also provides control over what users can acces s your network and where they can go. Cisco's ISE includes over 200 Xerox product profiles that are ready for security policy enablement. This allows ISE to automatically detect Xerox products in your network. Xerox products are organized in Cisco ISE under product families, such as VersaLink® products, enabling Cisco ISE to automatically detect and profile new Xerox products from the day they are released. Customers who use Cisco ISE find that including Xerox products in their security policies is simpler and requires minimal effort. Cisco ISE Profiling Services provides dynamic detection and classification of endpoints connected to the network. ISE collects various attributes for each network endpoint to build an endpoint database. The classification process matches the collected attributes to prebuilt or user-defined conditions, which are then correlated to an extensive library of product profiles. These profiles include a wide range of product types, including tablets, smartphones, cameras, desktop operat ing systems (for example, Windows®, Mac OS® X, Linux® and others), and workgroup systems such as Xerox printers and MFPs. Once classified, endpoints can be authorized to the network and granted access based on their profile signature. For example, guests to your network will have different level of access to printers and other end points in your network. As an example, you and your employees can get full printer access when accessing the network from a corporate workstation but be granted limited printer access when accessing the network from your personal Apple® iPhone®. Authentication Server Authenticator (e.g. Switch) Product (Supplicant) EAPOL 729 of 1132 734 □· · I I· ·.____I______. Security Guide – Xerox® VersaLink® B8045/B8055/B8065/B8075/B8090, C8030/C8035/C8045/C8055/C8070 Multifunction Products 5-9 Cisco ISE allows you to deploy the following controls and monitoring of Xerox products: • Automatically provision and grant network access rights to printers and MFPs to prevent inappropriate access (including automatically tracking new printing products connecting to the network): – Block non-printers from connecting on ports assigned to printers – Prevent impersonation (aka spoofing) of a printer/MFP – Automatically prevent connection of non-approved print products – Smart rules-based policies to govern user interaction with network printing products • Provide simplified implementation of security policies for printers and MFPs by: – Providing real time policy violation alerts and logging – Enforcing network segmentation policy – Isolating the printing products to prevent general access to printers and MFPs in restricted areas • Automated access to policy enforcement – Provide extensive reporting of printing product network activity VersaLink® Multifunction VersaLink® Printers B405, B605, B615, B7025, B7030, B7035, C405, C505, C605, C7020, C7025, C7030 B400, B600, B610, C400, C500, C600, C7000, C8000, C9000 Network Access Control Cisco ISE Supported Supported Contextual Endpoint Connection Management Traditionally network connection management has been limited to managing endpoints by IP address and use of VLANs and firewalls. This is effective, but highly complex to manage for every endpoint on a network. Managing, maintaining, and reviewing the ACLs (and the necessary change management and audit processes to support them) quickly become prohibitively expensive. It also lacks the ability to manage endpoints contextually. Connectivity of VersaLink® devices can be fully managed contextually by Cisco TrustSec. TrustSec uses Security Group Tags (SGT) that are associated with an endpoint’s user, device, and location attributes. SG-ACLs can also block unwanted traffic so that malicious reconnaissance activities and even remote exploitation from malware can be effectively prevented . FIPS140-2 Compliance Validation When enabled, the product will validate its current configuration to identify cryptographic modules in use. Modules which are not FIPS 140-2 (Level 1) compliant will be reported. VersaLink® products use encryption algorithms for Kerberos, SMB, SNMPv3, and PDF Direct Print Service that are not approved by FIPS140-2. They can however operate in FIPS140-2 approved Mode in order to maintain compatibility with conventional products after an exception is approved by a system administrator. They do not use FIPS compliant algorithms when in this configuration. 730 of 1132 735 I I I Security Guide – Xerox® VersaLink® B8045/B8055/B8065/B8075/B8090, C8030/C8035/C8045/C8055/C8070 Multifunction Products 5-10 Additional Network Security Controls Endpoint Firewall Options VersaLink® Multifunction VersaLink® Printers B405, B605, B615, B7025, B7030, B7035, C405, C505, C605, C7020, C7025, C7030 B400, B600, B610, C400, C500, C600, C7000, C8000, C9000 Firewall IP Whitelisting IP Whitelisting Stateful Firewall (Not currently supported) (Not currently supported) IP Whitelist Supported Supported IP Whitelisting (IP Address Filtering) VersaLink® products support Whitelisting only When enabled all traffic is prohibited regardless of interface (wired/wireless) unless enabled by IP filter rule. IPv4 and IPv6 are enabled separately. If IP Filter and IPsec are both enabled, IPsec is evaluated first. Up to 25 addresses can be enabled for IPv4 and an additional 25 for IPv6. Addresses include IP and s ubnet allowing individual system or subnets to be enabled. A system administrator can disable this feature using the embedded web server. Stateful Firewall (Advanced IP Filtering) VersaLink® products do not support Stateful Firewall. Personal Identifiable Information (PII) Personal Identifiable Information (PII) can be entered or stored into the device through several means: address book, scan templates, device description, display device information, audit logs, and engineering logs. The PII is encrypted on the device so not readable outside of the operation of the device. The Admin controls the ability of users to enter data, and controls the accessibility of logs, or the deletion of logs. If users wish not to have any PII stored on the device, the Admin has the ability to restrict the features where PII could be stored and has the ability to restrict access to logs. Users do not have access to the internals of the device (memory, hard drive) where PII may be resident. 731 of 1132 736 I I Security Guide – Xerox® VersaLink® B8045/B8055/B8065/B8075/B8090, C8030/C8035/C8045/C8055/C8070 Multifunction Products 6-1 6. Device Security: BIOS, Firmware, OS, Runtime, and Operational Security Controls VersaLink® products have robust security features that are designed to protect the system from a wide range of threats. Below is a summary of some of the key security controls. Pre-Boot BIOS Protection BIOS • The BIOS is inaccessible and cannot be cleared or reset. • The BIOS can only be modified by a firmware update, which is digitally signed. • BIOS will fail secure, locking the system if integrity is compromised. Embedded Encryption • Configuration Settings (including security settings) and User Data are encrypted by AES. • Each device is encrypted using its own unique key. Boot Process Integrity Firmware Integrity & Verification • Firmware is digitally signed. • Firmware is verified against a whitelist using cryptographic hashing. Event Monitoring & Logging • The Audit Log feature records security-related events. Runtime Security VersaLink® does not support McAfee Embedded Control. Event Monitoring and Logging • The Audit Log feature records security-related events. Continuous Operational Security Firmware and Diagnostic Security Controls • Firmware installation controls limit who can install firmware and from where. 732 of 1132 737 Security Guide – Xerox® VersaLink® B8045/B8055/B8065/B8075/B8090, C8030/C8035/C8045/C8055/C8070 Multifunction Products 6-2 • Customer defined service technician (CSE) restrictions add an additional layer of protection to prevent unauthorized access and/or modification of VersaLink® products. • Continuous logging Fail Secure Vs Fail Safe VersaLink® products are designed to fail secure. When a security control is compromised, the control is no longer trustworthy, and a system is at risk of further compromise. In such a scenario, security products may either fail safe [open] or fail secure [closed]. An example from physical security is a door. If power is lost the door may either: • Unlock and ‘fail safe’ to an open state (likely for safety reasons such as in a public building). • Lock and ‘fail secure’ for security reasons (such as a bank vault). Pre-Boot Security BIOS The BIOS used in VersaLink® products is embedded and cannot be accessed directly. Unlike devices such as Desktop and Laptop computers that have a BIOS that can be accessed via a keystroke on startup, the BIOS of VersaLink® products it’s not accessible. Many devices can be cleared to factory defaults (including passwords and security settings) by depressing a reset button using a paperclip or similar method. For security reasons, VersaLink® products do not offer such a method to clear or reset the BIOS. (Note that configuration settings may be reset to factory defaults by an authorized administrator, however this does not impact BIOS settings). BIOS updates are not applied by device firmware updates. Firmware is protected from tampering by use of digital signatures (discussed later in this section). The BIOS is designed to fail secure. An integrity check is performed immediately when power is applied. If verification is successful, the system proceeds with OS kernel boot. If the integrity check fails, the system will fail secure. Embedded Encryption AES encryption is used to protect the system, user data, and configuration (including security settings) from being retrieved or modified. Each device uses its own unique key that is securely generated. Encryption is enabled by default. Media encryption and sanitization are discussed in Section 3 User Data Protection. Boot Process Security Firmware Integrity Unlike open operating systems such as servers and user workstations in which software may be installed by users, Xerox products are based on embedded systems and the contents are managed by Xerox. The only means of modifying the contents of a device is by applying a firmware update package. 733 of 1132 738 Security Guide – Xerox® VersaLink® B8045/B8055/B8065/B8075/B8090, C8030/C8035/C8045/C8055/C8070 Multifunction Products 6-3 Firmware updates use a special format and each firmware update is digitally signed to protect the integrity of the contents. Firmware that is corrupt or has been illicitly modified will be rejected. This security control cannot be disabled. VersaLink® products include a built-in firmware software validation. This is a file integrity monitor that compares the security hashes of currently installed firmware to a secured whitelist that was installed when the signed firmware was installed. 734 of 1132 739 Security Guide – Xerox® VersaLink® B8045/B8055/B8065/B8075/B8090, C8030/C8035/C8045/C8055/C8070 Multifunction Products 6-4 Event Monitoring and Logging Audit Log The Audit Log feature records security-related events. The Audit Log contains the following information: Field Description Index A unique value that identifies the event. Date The date that the event happened in mm/dd/yy format. Time The time that the event happened in hh:mm:ss format. ID The type of event. The number corresponds to a unique description. Description An abbreviated description of the type of event. Additional Details Columns 6–10 list other information about the event, such as: Identity: User Name, Job Name, Computer Name, Printer Name, Folder Name, or Accounting Account ID display when Network Accounting is enabled. Completion Status Image Overwrite Status: The status of overwrites completed on each job. Immediate Image must be enabled. VersaLink® products currently support 52 unique events. A maximum of 15,000 events can be stored on the device. When the number of events exceeds 15,000, audit log events will be deleted in order of timestamp, and then new events will be recorded. The audit log be exported at any time by a user with administrative privileges. Note that as a security precaution, audit log settings and data can only be accessed via HTTPS. Operational Security Firmware Restrictions The list below describes supported firmware delivery methods and applicable access controls. • Local Firmware Upgrade via USB port: Xerox service technicians can update product firmware using a USB port and specially configured USB thumb drive. This ability can be restricted by enabling the Customer Service Engineer Restriction feature which will require entry of a unique, customer designa ted password in order to accept the update. • Network Firmware Update: Product system administrators can update product firmware using the Embedded Web Server. The ability to apply a firmware update is restricted to roles with system administrator or Xerox service permissions. Firmware updates can be disabled by a system administrator. • Xerox Remote Services Firmware Update: Xerox Remote Services can update product firmware securely over the internet using HTTPS. This feature can be disabled, scheduled, and includes optional email alerts for system administrators. 735 of 1132 740 Security Guide – Xerox® VersaLink® B8045/B8055/B8065/B8075/B8090, C8030/C8035/C8045/C8055/C8070 Multifunction Products 6-5 The programs stored in the Flash ROM listed below are downloadable from external sources. • Controller • Marking Engine • Scanner • Document Feeder • Finisher (Option for processing printed paper. No description on Finisher is provided in this document because user’s image data will not be stored in it.) • High capacity feeder (No description on High capacity feeder is provided in this document because user’s image data will not be stored in it.) • High capacity stacker (No description on high capacity stacker is provided in this document because user’s image data will not be stored in it.) • Interface Module (No description on interface module is provided in this document because user’s image data will not be stored in it.) – This program-downloading function can be disabled by a system administrator from the local UI. – The header part of file is using software to identify whether the download file is legitimate. Service Technician (CSE) Access Restriction The CSE (Customer Service Engineer) Access Restriction allows customers to create an additional password that is independent of existing administrator passwords. This password must be supplied to allow service of the product. This password is not accessible to Xerox support and cannot be reset by Xerox service personnel. Additional Service Details Xerox products are serviced by a tool referred to as the Portable Service Workstation (PWS). Only Xerox authorized service technicians are granted access to the PWS. Customer documents or files cannot be accessed during a diagnostic session, nor are network servers accessible through this port. If a network connection is required while servicing a Xerox device, service technicians will remove the device from any connected networks. The technician will then connect directly to the device using an Ethernet cable, creating a physically secure and isolated network during service operations. Backup and Restore (Cloning) Certain system settings can be captured in a ‘clone’ fi le that may be applied to other systems that are the same model. Clone files are encoded but not encrypted and have the potential to contain sensitive information depending on which product feature setting is selected. Access to both create and apply a clone file can be restricted using role-based access controls. Clone files can only be created and applied through the Embedded Web Server. EIP Applications Xerox products can offer additional functionality through the Xerox Extensible Interface Platform ® (EIP). Third party vendors can create Apps that extend the functionality of a product. Xerox signs EIP applications that are developed by Xerox or Xerox partners. Products can be configured to prevent installation of unauthorized EIP applications. 736 of 1132 741 Security Guide – Xerox® VersaLink® B8045/B8055/B8065/B8075/B8090, C8030/C8035/C8045/C8055/C8070 Multifunction Products 6-6 XCP (eXtensible Customizable Platform VersaLink® products offer additional functionality through the eXtensible Customizable Platform (XCP) plug-in interface. Plug-ins can alter current functionality and add new functionality that may impact the security of the product. XCP Plug-ins are signed and encrypted by Xerox; products can be configured to reject unsigned plug-ins. XCP plug-ins are used to support USB peripherals and alternative login methods (such as Smart Card login). The XCP plug-in feature is disabled by default and must be manually enabled by a system administrator using the embedded web server. 737 of 1132 742 Security Guide – Xerox® VersaLink® B8045/B8055/B8065/B8075/B8090, C8030/C8035/C8045/C8055/C8070 Multifunction Products 7-1 7. Configuration and Security Policy Management Solutions Xerox Device Manager and Xerox® CentreWare® Web (available as a free download) centrally manage Xerox Devices. For details please visit Xerox.com or speak with a Xerox representative. 738 of 1132 743 Security Guide – Xerox® VersaLink® B8045/B8055/B8065/B8075/B8090, C8030/C8035/C8045/C8055/C8070 Multifunction Products 8-1 8. Identification, Authentication, and Authorization VersaLink® products offer a range of authentication and authorization options to support various environments. Single Factor authentication is supported locally on the product or via external network authentication servers (e.g., LDAP, Kerberos, ADS). Multi Factor authentication is supported by addition of card reader hardware. (Where ease of access is desired, open access and simple user identification modes also exist, however these are not recommended for secure environments.) In all modes, product administrator accounts always require authentication. This cannot be disabled. A flexible RBAC (Role Based Access Control) security model supports granular to assign of user permissions. Once a user has been authenticated, the product grants (or denies) user permissions based upon the role(s) they have been assigned to. Pre-defined roles that may be used or custom roles may be created as desired. Authentication VersaLink® devices support the following authentication mode: • Local Authentication • Network Authentication • Smart Card Authentication (CAC, PIV, SIPR, .Net) • Convenience Authentication Local Authentication The local user database stores user credential information. The printer uses this information for local authentication and authorization, and for Xerox ® Standard Accounting. When you configure local authentication, the printer checks the credentials that a user provides against the information in the user database. When you configure local authorization, the printer checks the user database to determine which features the user is allowed access. Each device has a unique default administrator password which should be changed as soon as possible along with enabling recommended security features to secure the system. Note: User names and passwords stored in the user database are not transmitted over the network 739 of 1132 744 Security Guide – Xerox® VersaLink® B8045/B8055/B8065/B8075/B8090, C8030/C8035/C8045/C8055/C8070 Multifunction Products 8-2 Password Policy The following password attributes can be configured: Password Policy Minimum Length 1 Maximum Length 63 Password cannot contain User Name Supported Password complexity options (in addition to alphabetic characters) Require a number Requires non-alphabetic Network Authentication When configured for network authentication, user credentials are validated by a remote authentication server. Network Authentication Providers Kerberos (Microsoft Active Directory) Supported Kerberos (MIT) Supported SMB NTLM Versions Supported NTLMv2 LDAP Versions Supported Version 3 (including TLS 1.2) Smart Card Authentication Two-factor security – Smart Card plus User Name/Password combination. Requires optional card reader hardware and software plugin. Authentication is handled by a remote server. Supported remote authentication methods include Kerberos, SMB and LDAP. Smart Card authentication is considered very secure due to the nature of the Smart Card architecture and potential levels of encryption of data on the card itself. Support for the SIPR network is provided using the XCP Plug-in architecture and a Smart Card authentication solution created by 90meter under contract for Xerox. Details regarding 90meter can be found online here: https://www.90meter.com/ Other Smart Card authentication solutions are offered including support for CAC/PIV and .NET compatible cards leveraging XCP Plug-ins. Smart Cards Common Access Card (CAC) Supported PIV / PIV II Supported Net (Gemalto .Net v1, Gemalto .Net v2) Supported Gemalto MD Not Currently Supported 740 of 1132 745 Security Guide – Xerox® VersaLink® B8045/B8055/B8065/B8075/B8090, C8030/C8035/C8045/C8055/C8070 Multifunction Products 8-3 Convenience Authentication Convenience authentication offloads authentication to a third-party solution which may offer more or less security than native security implementations. Users swipe a pre-programmed identification card or key fob to access the device. For example, employees may be issued key fobs for access to facilities. Convenience mode may be configured to allow an employee to authenticate using their fob or require the fob in a multi- factor manor. The level of security provided is dependent upon the chosen implementatio n. Some examples of third party convenience authentication providers include: • Pharos print management solutions: https://pharos.com/ • YSoft SafeQ: https://www.ysoft.com/en Contact your Xerox sales representative for details and other options. Simple Authentication (non-secure) Simple authentication is mentioned here for completeness. It is intended for environments where authentication is not required. It is used for customization only. When in this mode, users are not required to enter a password. (The device administrator account always requires a password). Authorization (Role Based Access Controls) VersaLink® products offer granular control of user permissions. Users can be assigned to pre- defined roles or customers may design highly flexible custom permissions. A user must be authenticated before being authorized to use the services of the product. Authorization ACLs (Access Control Lists) are stored in the local user database. Authorization privileges (referred to as permissions) can be assigned on a per user or group basis. Please note that Xerox products are designed to be customizable and support various workflows as well as security needs. User permissions include security-related permissions and non-security related workflow permissions (e.g., walkup user options, copy, scan, paper selection, etc.). Only security-related permissions are discussed here. Remote Access Without RBAC permissions defined basic information such as Model, Serial number, and Software Version can be viewed by unauthenticated users. This can be disabled by restricting access to the device website pages for non-logged-in users. By default, users are allowed to view basic status and support related information, however they are restricted from accessing device configuration settings. Permission to view this information can be disallowed. Local Access Without RBAC permissions defined basic information such as Model, Serial number, Software Version, IP address, and Host Name can be viewed without authentication. This can be dis abled by disallowing access to device settings for unauthenticated. By default, users are allowed to access the local interface, however they are restricted from accessing device configuration settings. Roles can be configured to allows granular access to applications, services, and tools. Users can be also restricted from accessing the local interface completely. 741 of 1132 746 Security Guide – Xerox® VersaLink® B8045/B8055/B8065/B8075/B8090, C8030/C8035/C8045/C8055/C8070 Multifunction Products 9-1 9. Additional Information and Resources Security @ Xerox® Xerox maintains an evergreen public web page that contains the latest security information pertaining to its products. Please see https://www.xerox.com/security. Responses to Known Vulnerabilities Xerox has created a document which details the Xerox Vulnerability Management and Disclosure Policy used in discovery and remediation of vulnerabilities in Xerox software and hardware. It can be downloaded from this page: https://www.xerox.com/information-security/information-security- articles-whitepapers/enus.html Additional Resources Below are additional resources. Security Resource URL Frequently Asked Security Questions https://www.xerox.com/en-us/information- security/frequently-asked-questions Common Criteria Certified Products https://security.business.xerox.com/en- us/documents/common-criteria/ Current Software Release Quick Lookup Table https://www.xerox.com/security Bulletins, Advisories, and Security Updates https://www.xerox.com/security Security News Archive https://security.business.xerox.com/en-us/news/ 742 of 1132 747 Security Guide – Xerox® VersaLink® B8045/B8055/B8065/B8075/B8090, C8030/C8035/C8045/C8055/C8070 Multifunction Products 10-2 10. Appendix A: Product Security Profiles This appendix describes specific details of each VersaLink® product. VersaLink B7025/B7030/B7035 Physical Overview 1. Stabilizer 2. Bypass paper feed tray 3. USB2.0 (Host Type A)* 4. Touch screen user interface. 5. Upper paper tray 6. Lower paper tray 7. Paper feed trays 8. Caster wheels 9. USB3.0 (Target Type B)* 10. Optional Wi-Fi dongle port* 11. RJ45 Ethernet connection* 12. Debug serial port (DIN)* (Located under steel plate) 13. AC Power 743 of 1132 748 _:;;---• "T----S ---r~~~~~~"'§:x , 7 ' 13 Security Guide – Xerox® VersaLink® B8045/B8055/B8065/B8075/B8090, C8030/C8035/C8045/C8055/C8070 Multifunction Products 10-3 Security Related Interfaces Security Related Interfaces Ethernet 10/100/1000 MB Ethernet interface. Optional Wi-Fi Dongle Supports optional 802.11 Dongle. Rear USB 3.0 (Type B) USB target connector used for printing. Note: This port can be disabled completely by a system administrator. Front Panel Optional USB2.0 (Type A) port(s) Users may insert a USB thumb drive to print from or store scanned files to. (Physical security of this information is the responsibility of the user or operator.) Note that features that leverage USB ports (such as Scan To USB) can be disabled independently or restricted using role based access controls. Firmware upgrades may be applied using this port. Connection of optional equipment such as NFC or CAC readers. Note: This port can be disabled completely by a system administrator. Encryption and Overwrite Encryption and Overwrite Encryption AES-256 TPM Chip TPM chip is standard and cannot be disabled. Media Sanitization Immediate and On-Demand Image Overwrite. Controller Non-Volatile Storage IC HDD SSD SD Card N/A Optional N/A Internal Contains User Data (e.g., Print, Scan, Fax) N/A Yes N/A Yes Encryption Support N/A Always-On N/A Always-On NIST 800-171 Overwrite Support N/A Yes N/A N/A Contains Configuration Settings N/A Yes N/A Yes Encryption Support N/A Always-On N/A Always-On Customer Erasable N/A Factory Reset N/A Factory Reset Note: Configuration settings may be erased by the reset to factory defaults feature. IC- Integrated Circuit, soldered to circuit board HDD- Magnetic Hard Disk Drive SSD- Solid State Disk SD Card- Secure Digital Card 744 of 1132 749 Security Guide – Xerox® VersaLink® B8045/B8055/B8065/B8075/B8090, C8030/C8035/C8045/C8055/C8070 Multifunction Products 10-4 Controller Volatile Memory Size Type Use User Data How to Clear Volatile 2GB DDR3 DRAM Executable code, Printer control data, temporary storage of job data Yes Power off system Yes Additional Information: The controller operating system memory manager allocates memory dynamically between OS, running processes, and temporary data which includes jobs in process. When a job is complete, the memory pages in use are freed and reallocated as required by the OS. Marking Engine Non-Volatile Storage N/A. The marking engine does not contain any non-volatile storage. Marking Engine Volatile Memory N/A. The marking engine volatile memory does not store or process user data. 745 of 1132 750 Security Guide – Xerox® VersaLink® B8045/B8055/B8065/B8075/B8090, C8030/C8035/C8045/C8055/C8070 Multifunction Products 10-5 VersaLink C7000/C7020/C7025/C7030 Physical Overview 1. Stabilizer 2. Bypass paper feed tray 3. USB2.0 (Host Type A)* 4. Touch screen user interface. 5. Upper paper tray 6. Lower paper tray 7. Paper feed trays 8. Caster wheels 9. USB3.0 (Target Type B)* 10. Optional Wi-Fi dongle port* 11. RJ45 Ethernet connection* 12. Debug serial port (DIN)* (Located under steel plate) 13. AC Power 746 of 1132 751 1 3 Security Guide – Xerox® VersaLink® B8045/B8055/B8065/B8075/B8090, C8030/C8035/C8045/C8055/C8070 Multifunction Products 10-6 Security Related Interfaces Security Related Interfaces Ethernet 10/100/1000 MB Ethernet interface. Optional Wi-Fi Dongle Supports optional 802.11 Dongle. Rear USB 3.0 (Type B) USB target connector used for printing. Note: This port can be disabled completely by a system administrator. Front Panel Optional USB2.0 (Type A) port(s) Users may insert a USB thumb drive to print from or store scanned files to. (Physical security of this information is the responsibility of the user or operator.) Note that features that leverage USB ports (such as Scan To USB) can be disabled independently or restricted using role based access controls. Firmware upgrades may be applied using this port. Connection of optional equipment such as NFC or CAC readers. Note: This port can be disabled completely by a system administrator. Encryption and Overwrite Encryption and Overwrite Encryption AES-256 TPM Chip TPM chip is standard and cannot be disabled. Media Sanitization Immediate and On-Demand Image Overwrite. Controller Non-Volatile Storage IC HDD SSD SD Card N/A Optional N/A Internal Contains User Data (e.g., Print, Scan, Fax) N/A Yes N/A Yes Encryption Support N/A Always-On N/A Always-On NIST 800-171 Overwrite Support N/A Yes N/A N/A Contains Configuration Settings N/A Yes N/A Yes Encryption Support N/A Always-On N/A Always-On Customer Erasable N/A Factory Reset N/A Factory Reset Note: Configuration settings may be erased by the reset to factory defaults feature. IC- Integrated Circuit, soldered to circuit board HDD- Magnetic Hard Disk Drive SSD- Solid State Disk SD Card- Secure Digital Card 747 of 1132 752 Security Guide – Xerox® VersaLink® B8045/B8055/B8065/B8075/B8090, C8030/C8035/C8045/C8055/C8070 Multifunction Products 10-7 Controller Volatile Memory Size Type Use User Data How to Clear Volatile 2/4GB DDR3 DRAM Executable code, Printer control data, temporary storage of job data Yes Power off system Yes Additional Information: The controller operating system memory manager allocates memory dynamically between OS, running processes, and temporary data which includes jobs in process. When a job is complete, the memory pages in use are freed and reallocated as required by the OS. Marking Engine Non-Volatile Storage N/A. The marking engine does not contain any non-volatile storage. Marking Engine Volatile Memory N/A. The marking engine volatile memory does not store or process user data. 748 of 1132 753 Security Guide – Xerox® VersaLink® B8045/B8055/B8065/B8075/B8090, C8030/C8035/C8045/C8055/C8070 Multifunction Products 10-8 VersaLink B400/B405 Physical Overview . 1. Upper Paper Tray 2. Special Paper Feed 3. Front Bezel 4. USB 2.0 (A) 5. Touch Screen User Interface , Power Button and Optional NFC 6. Document Feeder 7. Catch Tray 8. Catch Tray Extension 9. Jam Clearance Open 10. Lower Paper Tray 11. Optional SSD Install Location 12. SSD Install Location Cover 13. AC Power 14. Foreign Device Interface 15. USB 3.0 (B) 16. Optional Wireless Adapter Connector 17. RJ-45 Ethernet Connector 18. RJ-11 Fax and Telephone Connector 749 of 1132 754 Security Guide – Xerox® VersaLink® B8045/B8055/B8065/B8075/B8090, C8030/C8035/C8045/C8055/C8070 Multifunction Products 10-9 Security Related Interfaces Security Related Interfaces Ethernet 10/100/1000 MB Ethernet interface. Optional Wi-Fi Dongle Supports optional 802.11 Dongle. Rear USB 3.0 (Type B) USB target connector used for printing. Note: This port can be disabled completely by a system administrator. Front Panel Optional USB2.0 (Type A) port(s) Users may insert a USB thumb drive to print from or store scanned files to. (Physical security of this information is the responsibility of the user or operator.) Note that features that leverage USB ports (such as Scan To USB) can be disabled independently or restricted using role based access controls. Firmware upgrades may be applied using this port. Connection of optional equipment such as NFC or CAC readers. Note: This port can be disabled completely by a system administrator. Encryption and Overwrite Encryption and Overwrite Encryption AES-256 TPM Chip TPM chip is standard and cannot be disabled. Media Sanitization Immediate and On-Demand Image Overwrite. Controller Non-Volatile Storage IC HDD SSD SD Card N/A N/A Optional Internal Contains User Data (e.g., Print, Scan, Fax) Yes N/A Yes N/A Encryption Support Always-On N/A Always-On N/A NIST 800-171 Overwrite Support Yes N/A Yes N/A Contains Configuration Settings Yes N/A Yes N/A Encryption Support Always-On N/A Always-On N/A Customer Erasable Factory Reset N/A Factory Reset N/A Note: Configuration settings may be erased by the reset to factory defaults feature. IC- Integrated Circuit, soldered to circuit board HDD- Magnetic Hard Disk Drive SSD- Solid State Disk SD Card- Secure Digital Card 750 of 1132 755 Security Guide – Xerox® VersaLink® B8045/B8055/B8065/B8075/B8090, C8030/C8035/C8045/C8055/C8070 Multifunction Products 10-10 Controller Volatile Memory Size Type Use User Data How to Clear Volatile 2GB DDR3 DRAM Executable code, Printer control data, temporary storage of job data Yes Power off system Yes Additional Information: The controller operating system memory manager allocates memory dynamically between OS, running processes, and temporary data which includes jobs in process. When a job is complete, the memory pages in use are freed and reallocated as required by the OS. Marking Engine Non-Volatile Storage N/A. The marking engine does not contain any non-volatile storage. Marking Engine Volatile Memory N/A. The marking engine volatile memory does not store or process user data. 751 of 1132 756 Security Guide – Xerox® VersaLink® B8045/B8055/B8065/B8075/B8090, C8030/C8035/C8045/C8055/C8070 Multifunction Products 10-11 VersaLink C400/C405 Physical Overview . 1. Upper Paper Tray 2. Special Paper Feed 3. Front Bezel 4. USB 2.0 (A) 5. Touch Screen User Interface, Power Button and Optional NFC 6. Document Feeder 7. Catch Tray 8. Side Panel 9. Lower Paper Tray 10. Service Panel 11. RJ-11 Fax and Telephone Connector 12. RJ-11 Fax and Telephone Connector 13. Optional Wireless Adapter Connector 14. USB 3.0 (B) 15. RJ-45 Ethernet Connector 16. Foreign Device Interface 17. AC Power 752 of 1132 757 17 10 t-l _11 ot-1 -1 12 I I rtfyy-13 i --14 ~-~:-15 Q:~·16 -.:...:..:."".!!....r __J Security Guide – Xerox® VersaLink® B8045/B8055/B8065/B8075/B8090, C8030/C8035/C8045/C8055/C8070 Multifunction Products 10-12 Security Related Interfaces Security Related Interfaces Ethernet 10/100/1000 MB Ethernet interface. Optional Wi-Fi Dongle Supports optional 802.11 Dongle. Rear USB 3.0 (Type B) USB target connector used for printing. Note: This port can be disabled completely by a system administrator. Front Panel Optional USB2.0 (Type A) port(s) Users may insert a USB thumb drive to print from or store scanned files to. (Physical security of this information is the responsibility of the user or operator.) Note that features that leverage USB ports (such as Scan To USB) can be disabled independently or restricted using role based access controls. Firmware upgrades may be applied using this port. Connection of optional equipment such as NFC or CAC readers. Note: This port can be disabled completely by a system administrator. Encryption and Overwrite Encryption and Overwrite Encryption AES-256 TPM Chip TPM chip is standard and cannot be disabled. Media Sanitization Immediate and On-Demand Image Overwrite. Controller Non-Volatile Storage IC HDD SSD SD Card N/A N/A Optional Internal Contains User Data (e.g., Print, Scan, Fax) Yes Yes N/A N/A Encryption Support Always-On Always-On N/A N/A NIST 800-171 Overwrite Support N/A Yes N/A N/A Contains Configuration Settings Yes Yes N/A N/A Encryption Support Always-On Always-On N/A N/A Customer Erasable Factory Reset Factory Reset N/A N/A Note: Configuration settings may be erased by the reset to factory defaults feature. IC- Integrated Circuit, soldered to circuit board HDD- Magnetic Hard Disk Drive SSD- Solid State Disk SD Card- Secure Digital Card 753 of 1132 758 Security Guide – Xerox® VersaLink® B8045/B8055/B8065/B8075/B8090, C8030/C8035/C8045/C8055/C8070 Multifunction Products 10-13 Controller Volatile Memory Size Type Use User Data How to Clear Volatile 2GB DDR3 DRAM Executable code, Printer control data, temporary storage of job data Yes Power off system Yes Additional Information: The controller operating system memory manager allocates memory dynamically between OS, running processes, and temporary data which includes jobs in process. When a job is complete, the memory pages in use are freed and reallocated as required by the OS. Marking Engine Non-Volatile Storage N/A. The marking engine does not contain any non-volatile storage. Marking Engine Volatile Memory N/A. The marking engine volatile memory does not store or process user data. 754 of 1132 759 Security Guide – Xerox® VersaLink® B8045/B8055/B8065/B8075/B8090, C8030/C8035/C8045/C8055/C8070 Multifunction Products 10-14 VersaLink C500/C600/C505/C605 Physical Overview . 1. Paper feed tray. 2. Paper feed tray. 3. Bypass paper feed tray. 4. Front bezel. 5. USB2.0(A). 6. Touch screen user interface. 7. System power button. 8. Document feeder. 9. Document output tray. 10. Document output tray extension. 11. Jam clearance panel. 12. Optional Wi-Fi dongle connection. 13. RJ11 Fax 14. USB3.0 (B) & RJ45 Ethernet connection. 15. Foreign device interface. 16. AC Power. 755 of 1132 760 8 12 9 10 13 c:;, 11 14 15 2 16 , ~ Security Guide – Xerox® VersaLink® B8045/B8055/B8065/B8075/B8090, C8030/C8035/C8045/C8055/C8070 Multifunction Products 10-15 Security Related Interfaces Security Related Interfaces Ethernet 10/100/1000 MB Ethernet interface. Optional Wi-Fi Dongle Supports optional 802.11 Dongle. Rear USB 3.0 (Type B) USB target connector used for printing. Note: This port can be disabled completely by a system administrator. Front Panel Optional USB2.0 (Type A) port(s) Users may insert a USB thumb drive to print from or store scanned files to. (Physical security of this information is the responsibility of the user or operator.) Note that features that leverage USB ports (such as Scan To USB) can be disabled independently or restricted using role based access controls. Firmware upgrades may be applied using this port. Connection of optional equipment such as NFC or CAC readers. Note: This port can be disabled completely by a system administrator. Encryption and Overwrite Encryption and Overwrite Encryption AES-256 TPM Chip TPM chip is standard and cannot be disabled. Media Sanitization Immediate and On-Demand Image Overwrite. Controller Non-Volatile Storage IC HDD SSD SD Card N/A N/A Optional Internal Contains User Data (e.g., Print, Scan, Fax) Yes Yes N/A N/A Encryption Support Always-On Always-On N/A N/A NIST 800-171 Overwrite Support N/A Yes N/A N/A Contains Configuration Settings Yes Yes N/A N/A Encryption Support Always-On Always-On N/A N/A Customer Erasable Factory Reset Factory Reset N/A N/A Note: Configuration settings may be erased by the reset to factory defaults feature. IC- Integrated Circuit, soldered to circuit board HDD- Magnetic Hard Disk Drive SSD- Solid State Disk SD Card- Secure Digital Card 756 of 1132 761 Security Guide – Xerox® VersaLink® B8045/B8055/B8065/B8075/B8090, C8030/C8035/C8045/C8055/C8070 Multifunction Products 10-16 Controller Volatile Memory Size Type Use User Data How to Clear Volatile 2/4GB DDR3 DRAM Executable code, Printer control data, temporary storage of job data Yes Power off system Yes Additional Information: The controller operating system memory manager allocates memory dynamically between OS, running processes, and temporary data which includes jobs in process. When a job is complete, the memory pages in use are freed and reallocated as required by the OS. Marking Engine Non-Volatile Storage N/A. The marking engine does not contain any non-volatile storage. Marking Engine Volatile Memory N/A. The marking engine volatile memory does not store or process user data. 757 of 1132 762 Security Guide – Xerox® VersaLink® B8045/B8055/B8065/B8075/B8090, C8030/C8035/C8045/C8055/C8070 Multifunction Products 10-17 VersaLink B600/B605/B610/B615 Physical Overview . 1. Document feeder. 2. Touch screen user interface. 3. USB2.0(A). 4. Document output tray. 5. Bypass paper feed. 6. Paper tray 7. Optional Wi-Fi dongle connection. 8. Optional RJ11 Fax 9. USB2.0(A) 10. USB3.0(B) 11. RJ45 Ethernet 12. Foreign device interface. 13. AC Power. 758 of 1132 763 1 2 3 4 5 6 -+---12 ~...J_~.:;__L____._ __ 13 Security Guide – Xerox® VersaLink® B8045/B8055/B8065/B8075/B8090, C8030/C8035/C8045/C8055/C8070 Multifunction Products 10-18 Security Related Interfaces Security Related Interfaces Ethernet 10/100/1000 MB Ethernet interface. Optional Wi-Fi Dongle Supports optional 802.11 Dongle. Rear USB 3.0 (Type B) USB target connector used for printing. Note: This port can be disabled completely by a system administrator. Front Panel Optional USB2.0 (Type A) port(s) Users may insert a USB thumb drive to print from or store scanned files to. (Physical security of this information is the responsibility of the user or operator.) Note that features that leverage USB ports (such as Scan To USB) can be disabled independently or restricted using role based access controls. Firmware upgrades may be applied using this port. Connection of optional equipment such as NFC or CAC readers. Note: This port can be disabled completely by a system administrator. Encryption and Overwrite Encryption and Overwrite Encryption AES-256 TPM Chip TPM chip is standard and cannot be disabled. Media Sanitization Immediate and On-Demand Image Overwrite. Controller Non-Volatile Storage IC HDD SSD SD Card N/A N/A Optional Internal Contains User Data (e.g., Print, Scan, Fax) Yes Yes N/A N/A Encryption Support Always-On Always-On N/A N/A NIST 800-171 Overwrite Support N/A Yes N/A N/A Contains Configuration Settings Yes Yes N/A N/A Encryption Support Always-On Always-On N/A N/A Customer Erasable Factory Reset Factory Reset N/A N/A Note: Configuration settings may be erased by the reset to factory defaults feature. IC- Integrated Circuit, soldered to circuit board HDD- Magnetic Hard Disk Drive SSD- Solid State Disk SD Card- Secure Digital Card 759 of 1132 764 Security Guide – Xerox® VersaLink® B8045/B8055/B8065/B8075/B8090, C8030/C8035/C8045/C8055/C8070 Multifunction Products 10-19 Controller Volatile Memory Size Type Use User Data How to Clear Volatile 2GB DDR3 DRAM Executable code, Printer control data, temporary storage of job data Yes Power off system Yes Additional Information: The controller operating system memory manager allocates memory dynamically between OS, running processes, and temporary data which includes jobs in process. When a job is complete, the memory pages in use are freed and reallocated as required by the OS. Marking Engine Non-Volatile Storage N/A. The marking engine does not contain any non-volatile storage. Marking Engine Volatile Memory N/A. The marking engine volatile memory does not store or process user data. 760 of 1132 765 Security Guide – Xerox® VersaLink® B8045/B8055/B8065/B8075/B8090, C8030/C8035/C8045/C8055/C8070 Multifunction Products 10-20 VersaLink C8000/C9000 Physical Overview . 1. Paper feed tray. 2. USB2.0(A). 3. Touch screen user interface. 4. Document output tray. 5. Jam clearance panel. 6. USB2.0(A). 7. USB3.0(B). 8. RJ45 Ethernet connection. 9. Optional Wi-Fi dongle connection. 10. Foreign device interface. 11. AC Power. 12. Jam clearance panel. 13. Special paper tray. 14. Jam clearance panel. 761 of 1132 766 u 3 @ @ 12 2 13 6 4 7 .,@ 8 14 9 ~ 10 iY~ 5 1 Security Guide – Xerox® VersaLink® B8045/B8055/B8065/B8075/B8090, C8030/C8035/C8045/C8055/C8070 Multifunction Products 10-21 Security Related Interfaces Security Related Interfaces Ethernet 10/100/1000 MB Ethernet interface. Optional Wi-Fi Dongle Supports optional 802.11 Dongle. Rear USB 3.0 (Type B) USB target connector used for printing. Note: This port can be disabled completely by a system administrator. Front Panel Optional USB2.0 (Type A) port(s) Users may insert a USB thumb drive to print from or store scanned files to. (Physical security of this information is the responsibility of the user or operator.) Note that features that leverage USB ports (such as Scan To USB) can be disabled independently or restricted using role based access controls. Firmware upgrades may be applied using this port. Connection of optional equipment such as NFC or CAC readers. Note: This port can be disabled completely by a system administrator. Encryption and Overwrite Encryption and Overwrite Encryption AES-256 TPM Chip TPM chip is standard and cannot be disabled. Media Sanitization Immediate and On-Demand Image Overwrite. Controller Non-Volatile Storage IC HDD SSD SD Card N/A N/A Optional Internal Contains User Data (e.g., Print, Scan, Fax) N/A Yes N/A Yes Encryption Support N/A Always-On N/A Always-On NIST 800-171 Overwrite Support N/A Yes N/A N/A Contains Configuration Settings N/A Yes N/A Yes Encryption Support N/A Always-On N/A Always-On Customer Erasable N/A Factory Reset N/A Factory Reset Note: Configuration settings may be erased by the reset to factory defaults feature. IC- Integrated Circuit, soldered to circuit board HDD- Magnetic Hard Disk Drive SSD- Solid State Disk SD Card- Secure Digital Card 762 of 1132 767 Security Guide – Xerox® VersaLink® B8045/B8055/B8065/B8075/B8090, C8030/C8035/C8045/C8055/C8070 Multifunction Products 10-22 Controller Volatile Memory Size Type Use User Data How to Clear Volatile 4GB DDR3 DRAM Executable code, Printer control data, temporary storage of job data Yes Power off system Yes Additional Information: The controller operating system memory manager allocates memory dynamically between OS, running processes, and temporary data which includes jobs in process. When a job is complete, the memory pages in use are freed and reallocated as required by the OS. Marking Engine Non-Volatile Storage N/A. The marking engine does not contain any non-volatile storage. Marking Engine Volatile Memory N/A. The marking engine volatile memory does not store or process user data. 763 of 1132 768 Security Guide – Xerox® VersaLink® B8045/B8055/B8065/B8075/B8090, C8030/C8035/C8045/C8055/C8070 Multifunction Products 10-23 764 of 1132 769 Security Guide – Xerox® VersaLink® B8045/B8055/B8065/B8075/B8090, C8030/C8035/C8045/C8055/C8070 Multifunction Products 11-1 11. Appendix B: Security Events Xerox VersaLink Security Events ID Event Description 101 Started normally (cold boot) 101 Started normally (warm boot) 101 Started (NVM initialized) 101 Started (Hard Disk initialized) 101 Shutdown requested 101 Image Overwriting started Completion: (“Success” / “Failed”) Scheduled On Demand 101 Image Overwriting finished Completion: (“Success” / “Failed”) 101 Self-Test Completion: (“Success” / “Failed”) CheckSum of ROM image 1 CheckSum of ROM image 2 201 Login User name Completion: (“Success” / “Failed Invalid User ID” / “Failed Invalid Password” / “Failed”) Host Name or IP Address Method: (“Local” / “Remote” / “Convenience” , “Custom”) Role: (“System Administrator” / “Customer Engineer” / “Casual Operator”) 201 Logout User name Completion: (“Success” / “Failed”) 201 Locked System Administrator Authentication Count of Remaining Authentication Failures 201 Detected Continuous Authentication Fail User name Protocol: (“SNMPv3” / “EWS”) Count of Remaining Authentication Failures 301 Audit Log User name Completion: (“Enabled” / “Disabled”) 765 of 1132 770 Security Guide – Xerox® VersaLink® B8045/B8055/B8065/B8075/B8090, C8030/C8035/C8045/C8055/C8070 Multifunction Products 11-2 ID Event Description 401 Print User name Completion: (“Completed” / “Completed with Warnings” / “Cancelled by User”/ “Cancelled by Shutdown”/ “Aborted”/ “Unknown”) Root Job UUID Relation: (“Related” / “Owned”) Job Accounting ID Action Details Host Name or IP Address File Name 401 Copy Action Details 401 Scan Encrypted, Signed, Destination Name, Sender Name 401 Fax Action Details, Destination Name, Sender Name 401 Mailbox Action Details 401 Print Reports 401 Job Flow Service 501 Adjust Time Completion: (“Success” / “Failed”) 501 Add User User name User Role 501 Edit User User name User Role ID Password CardID Name Permission Role ICCardID Other 501 Delete User User Name 501 Create Mailbox Host Name or IP Address Box Number 501 Delete Mailbox 501 Switch Authentication Mode Completion: (“Success”) New Setting Previous Setting 766 of 1132 771 Security Guide – Xerox® VersaLink® B8045/B8055/B8065/B8075/B8090, C8030/C8035/C8045/C8055/C8070 Multifunction Products 11-3 ID Event Description 501 Change Security Setting Authentication Accounting Image Overwrite HDD Encryption SSL S/MIME IPSEC SNMPv3 802.1x Certificate Verify Mode Maintainer Password SmartCard FIPS140 Self Test Auto Clear Timer Service Rep. Restricted Operation Print Reports Button External Code Integrity Check Authorization NFC 501 View Security Setting Access Method: (“Local” / “EWS” ) Host Name or IP Address 501 Change Contract Type User name Completion: (“Success” / “Failed” / “Aborted”) 501 Change Geographic Region 501 Enter Activation Code Completion: (“Success”) 501 Change Job Setting Completion: (“Success”) Function Name: (“Delay Print” / “Private Print”) 601 Change Billing Impression Mode Completion: (“Success” / “Failed”) Designated Mode (“A3 Mode” / “A4 Mode”) Billing Meter Values 601 Import Certificate User name Completion: (“Success” / “Failed”) Category: (“RootCA” / “DeviceEE” / “SSCEE”) Key Size Issuer DN Serial Number 601 Delete Certificate 601 Add Address Entry Host Name or IP Address Registration Number 601 Delete Address Entry 601 Edit Address Entry 601 Import Address Book Host Name or IP Address 601 Export Address Book 767 of 1132 772 Security Guide – Xerox® VersaLink® B8045/B8055/B8065/B8075/B8090, C8030/C8035/C8045/C8055/C8070 Multifunction Products 11-4 ID Event Description 601 Clear Address Book Host Name or IP Address 601 Export Audit Log 601 Install Custom Service Completion: ( “Failed”) Host Name or IP Address Custom Service Name 601 Install Embedded Plug-in Host Name or IP Address Plugin File Name 601 Export Cloning Data Completion: (“Success” / “Failed”) Category: (“Apps” / “Contacts” / “Connectivity”/ “Permissions”/ “System”) 601 Import Cloning Data 701 Important Parts Completion: (“Replaced”) 701 Hard Disk Completion: (“Replaced” / “Installed” / “Removed”) 701 Software Completion: (“Updated”) ROM Type: (“IOT” / “UI”/ “Controller”/ “FAX”) New Version Previous Version 701 Trusted Communication Completion: (“Failed”) Protocol Name: (“SSL/TLS” / “IPSEC”/ “S/MIME”) 768 of 1132 773 1 June 26, 2019 Xerox Security Incident Management Xerox requires immediate reporting of potential security concerns through prescribed channels to enable prompt analysis, investigation and containment as needed to limit risk or loss. Corporate Security Incident Mgt Report Respond Contain Communicate Xerox Incident Management procedures are based on NIST 800-61 and aligned with corporate security policies as well as global ISO standards. Xerox Security Incident Management Process Overview 769 of 1132 774 Security Incident Examples Physical/Personal Security Electronic Security ,. Crim i n a l activity • Ap p l ica t io n exp lo it s ,. Harass m e n t • Co m prom ised h os.ts ,. I n app ropni at e u se of em a il or • De n ia l o f se rv i ce attracts i n t ern et • Malwme a n d v ir u ses ,. Po rn og raph y • Ph ish in g a t t e m p t s ,. Th ef t of d a t a or inform at ion So cia l m ed ia posti n gs that can • ,. Work p lace v io le n ce i m pact t h e re p ut at ion o f Xerox ,. Lo ss of Cu stom er Confid en t ia l Dat a • I n co rrect post a l o r e-m ail o f cu sto m er d a t a_ @ OGC 770 of 1132775Janurary 9, 2019 Attestation of independent vulnerability/penetration testing This document is intended to address any requests of Xerox's Engineering Services and Support (ESS) group to provide evidence of 3rd party vulnerability/penetration testing to external parties. The ESS ISO 27001-certified information security management system (ISMS) conforms to the international standard's independent review of information security control as well as complies with the related control defined in the Xerox corporate Information Security Policy {lnfoSec 001). ESS implementation of these controls include internal and external ISO 27001 ISMS audits as well as penetration and vulnerability from external organizations on a regular basis. ESS protects the results of all vulnerability assessments as we strive to diligently safeguard the confidentiality, integrity and availability of the information we manage for all of our customers. Per Xerox information classification policy this document is classified as Xerox Confidential. As a result, it is the policy of Xerox to not release the results of vulnerability assessments. This letter serves to attest that ESS's last independent vulnerability/penetration assessment was performed: Date: November 2017 Date of Report: December 28, 2017 Assessing Organization: Tag Solutions The ESS ISMS is managed to review, risk assess and treat all found vulnerabilities in a timely manner. If additional evidence of this assessment is desired, a controlled review of the related assessment report can be arranged. Sincerely, Ron Druzynski xerox Ron Druzynski Manager, Service Design Engineering Services and Support Xerox Corporation 800 Phillips Road Webster, NY 14580 Ronald.druzynski@xerox.com tel 585.422-9393 AltaLink and VersaLink: Are compliant to the FAX requirement AltaLink: Type A ports can be Disbaled, Type B Ports cannot be Disabled but configured for one of two functions: Software Tools (Xerox Copier Assistant and Customer Utilities) and Direct Printing via Print Driver (USB memory Sticks are not supported). VersaLink: Type A and Type B ports can be disabled AltaLink and VersaLink: Hard Drives can be removed for a fee. For comparable effective data removal - -> Full device reset back to FACTORY DEFAULT is available in addition to an On Demand Image Overwrite. Performing both would be an extremely effective data clearing method that requires no addtional cost. 771 of 1132 776 Xerox ® ConnectKey® Technology THE ECOSYSTEM FOR WORKPLACE PRODUCTIVITY 772 of 1132 777 made to think. 2 Your Workplace Assistant, Built on Xerox ® ConnectKey® Technology Today's workplace has evolved beyond the ability of any single machine to fulfill the productivity needs of the modern, mobile, always-connected workforce. Workplace assistants built on Xerox® ConnectKey Technology help businesses discover new ways to work smarter and create the most productive workplace. It's time to stop thinking about printers as standalone, task-specific workhorses, and start demanding more up-to-date, useful — and usable — solutions. Xerox® ConnectKey Technology delivers. Each ConnectKey Technology-enabled printer and multifunction printer in our lineup becomes the center of a productivity ecosystem, bringing together all your devices, delivering an intuitive user experience, providing mobile and cloud connectivity, complete security and access to value-extending services right out of the box. You’ll do more than print, scan or copy. You'll connect like never before. XEROX® VERSALINK® PRINTER Ideal for smaller workgroups in decentralized settings without full IT support, printers and multifunction printers in the VersaLink family are full-featured, app-centric workplace assistants. They provide an intuitive user experience and allow users to work whenever, from wherever. XEROX® ALTALINK® PRINTER With more performance and scalability for centralized, mid-size and larger workgroups, AltaLink multifunction printers deliver — with the advanced finishing options businesses need to boost output while reducing time spent on task. 773 of 1132 778 3 Intuitive User Experience KEEPING IT CONSISTENT With a ConnectKey® Technology-enabled fleet — regardless of model — the user experience is always consistent. Common functions work similarly on every machine so users learn once and apply fleet-wide. New installation wizards streamline setup to get you started with little or no IT support. Print drivers look and feel the same, while the Xerox® Global Print Driver® can be used on all machines regardless of model. TOUCH, AND GO FAST. The multi-touch experience — the way millions of phone and tablet users interact with today’s most advanced devices — now finds its way to the printer or multifunction printer you’ll depend on to get work done quickly and easily. Swipe, tap and pinch your way through simplified workflows on a large, colorful, tablet-like screen. Download apps directly from the Xerox App Gallery and customize your interface to keep the apps you use most front and center. It’s a completely new — and yet entirely familiar — way to power through complex workflows and common tasks. LET’S CUSTOMIZE. With ConnectKey Technology's flexible design, device interfaces are customizable to provide only the apps you use most, including specific one-touch workflows to or from cloud or network locations. And because ConnectKey Technology is built on an open systems architecture (Xerox Extensible Interface Platform®), even more customization is possible for highly specialized workflows. Finally. Multifunction printers that work the way you expect them to — with a consistent user experience across the portfolio — and in perfect sync with the other devices you depend on to get work done. 774 of 1132 779 :;,.... ~- m • • -~ @'] ~ [rn ~ . IE"ol El ~ Isl " 4 Mobile and Cloud Ready Your connected workforce — whether at home, on the road or in the office — relies on a variety of devices to do their jobs and on multiple remote locations from which to send or retrieve documents and information. Xerox® ConnectKey® Technology brings it all together. READY FOR THE WAY YOU WORK All ConnectKey Technology-enabled printers and multifunction printers give you the freedom to work where and how you want to — with access to Google Drive, Microsoft OneDrive, Dropbox, and additional options through the Xerox App Gallery. The ability to connect and print from multiple devices is key for today’s mobile worker, and ConnectKey multifunction printers are ready to roll with optional Wi-Fi® connectivity, front-panel-integrated Near Field Communication (NFC) Tap-to-Pair, Apple® AirPrint® and native support for Google Cloud Print™, Xerox® Print Service for Android™ and Mopria®. CONVENIENT, VERSATILE AND CLOUD-CONNECTED With easy-to-use apps like Xerox® @printbyXerox App, printing to any ConnectKey Technology-enabled printer is as easy as sending an email with an attachment and retrieving it at any ConnectKey Technology-enabled device worldwide. It's easy, secure and free. Scan or print directly to or from the cloud, easily share documents with individuals or groups without the hassle of multiple steps and create editable documents from hard copy source material. It’s all possible, right from the device. 775 of 1132 780 5 Benchmark Security Security is a top priority for every business. Xerox® ConnectKey ® Technology exceeds industry standards for security features and technologies. Work with total peace of mind. A HIGHER STANDARD Although it’s integral to our technology, there’s nothing standard about the levels of security included with every ConnectKey Technology-enabled device. Our holistic four-point approach to security ensures comprehensive and all-encompassing protection for all system components and points of vulnerability. Prevent ConnectKey Technology utilizes a comprehensive set of capabilities that prevents malicious attacks, the proliferation of malware and misuse of/unauthorized access to the printer, whether from transmitted data or direct interaction at the device. All possible access points are secure, including the user interface and input ports accessible to walkup users as well as PC, server, mobile devices or cloud connections. Detect Xerox® ConnectKey Technology runs a comprehensive Firmware Verification test, either at start-up* or when activated by authorized users. This provides alerts if any harmful changes to the printer have been detected. McAfee® Whitelisting** technology constantly monitors for and automatically prevents any malicious malware from running. Protect Our comprehensive security measures don’t stop with preventing unauthorized access to your printer and securing your information from the inside. ConnectKey® Technology provides capabilities to prevent intentional or unintentional transmission of critical data to unauthorized parties. From protecting printed materials by not releasing documents until the right user is at the device, to preventing scanned information reaching beyond its intended recipient, ConnectKey Technology offers the safeguards you need to keep your most critical data assets safe and secure. Xerox also protects all your stored information, using the highest levels of encryption. You can delete any processed or stored data that is no longer required using National Institute of Standards and Technology (NIST) and U.S. Department of Defense approved data clearing and sanitization algorithms***. External Partnerships ConnectKey Technology provides extra security standards through our partnership with McAfee®** and Cisco. We measure our performance against international standards with certifications like Common Criteria and FIPS 140-2 to ensure our devices are trusted in even the most secure environments. * Ver saLink® devices ** AltaLink® and iSeries devices *** Applies to devices with hard disk drives only Prevent unauthorized access A COMPREHENSIVE APPROACH TO SECURITY Detect suspicious or malicious behavior Protect data and documents External Partnerships 776 of 1132 781 0 0 ~ 1/ 6 Enables Next Generation Services Combining Xerox® ConnectKey® Technology with Xerox® Intelligent Workplace Services creates an optimized infrastructure that is customized to your organization — whether it’s large or small. Our state-of-the-art assessment tools and three-stage approach make sure you have the right mix of technology, apps and solutions. ASSESS AND OPTIMIZE With Xerox® ConnectKey Technology, you’ll have powerful tools for ultimate control over every printer or multifunction printer in your network, including the ability to set job limits, monitor usage and perform backup and restoration operations. You’ll gain more control over costs, reduce strain on IT resources and improve overall performance. ConnectKey Technology-enabled devices are Cisco EnergyWise® compliant, so you can monitor and control energy usage across the fleet, or device by device. Set job limits with Xerox® Global Print Driver® and set material- and energy-saving print parameters with Earth Smart Printing. You’ll reduce waste and power consumption while improving visibility to end-user printer usage. SECURE AND INTEGRATE You’ll have comprehensive device, document and data security, with built-in protections that meet and exceed industry standards and government regulations. Security measures include Encrypted Secure Print and Print Queue Deletion, Hard Disk Encryption and Disk Overwrite. Beyond on-device protections, your transmitted data is safer too, with Secure Email and Encryption, and powerful third-party protections like McAfee® Whitelisting*. When it comes to mobile and cloud printing, ConnectKey Technology gives mobile and virtual workers a wide range of secure options to work from anywhere, anytime, including easy print support from tablets and mobile phones with support for Android™ devices and Apple® AirPrint®. AUTOMATE AND SIMPLIFY ConnectKey Technology-enabled devices, combined with MPS, accelerate the paper-to- digital transformation. A large and growing library of downloadable apps helps to automate processes, saving time and improving workforce productivity. For example, single touch, cloud-connected apps allow users to scan directly to or from popular cloud-based repositories like Dropbox™ and Google Drive™ and scan to/print from Microsoft® Office 365®, transform paper documents to searchable PDFs right at the device or any other of the virtually unlimited options for hard-copy-to- digital document integration with proprietary and third-party document management systems like Microsoft SharePoint® and Xerox® DocuShare®. * Xerox® AltaLink® devices only 777 of 1132 782 7 Feature Focus XEROX® EASY TRANSLATOR SERVICE This service brings possibilities to life by allowing MFP users to scan a document and immediately receive a translated print and/or email notification. Documents or images can also be sent to the service from a PC, any iOS or Android™ device. It’s just one example of the advanced capabilities and services available with Xerox® ConnectKey® Technology. Find out more at www.xeroxtranslates.com. Multifunction printers built on Xerox® ConnectKey® Technology are more than machines. They are workplace assistants and the centerpiece of a workplace transformation and productivity ecosystem combining all the technologies, capabilities and extensibility you need to let your work — and work teams — flow. EASY, APP-BASED FUNCTIONALITY ConnectKey Technology brings an entirely new level of flexibility, efficiency and possibility to your workforce with both its native apps and those available through the Xerox App Gallery. Native apps simplify print, scan and copy functions as well as provide access to contact lists and frequently used locations, while apps available through the App Gallery allow users to download serverless apps like Connect 2.0 for Dropbox™ and Connect 2.0 for Microsoft® Office 365® directly from the user interface. With Xerox App Gallery and Personalized Application Builder (PAB)*, Xerox partners can offer even more sophisticated levels of customization to automate your unique workflow requirements. It all adds up to unlimited opportunities to streamline processes and improve productivity. CLOUD CONNECTED In addition to the extreme productivity you'll gain from ConnectKey and its mobile apps, our Xerox Extensible Interface Platform® (an open architecture software platform available on all ConnectKey Technology- enabled devices from entry level printers to large office multifunction printers) allows our partners and independent software developers to offer sophisticated solutions for document management, workflow automation, security and accounting. With Xerox Extensible Interface Platform, your ConnectKey Technology-enabled printer or multifunction printer can adapt to the way you work with comprehensive, custom productivity-enhancing solutions for document management, accounting, mobile printing and user access controls. Gateway to New Possibilities * For Xerox channel partner customers. Xerox Direct sales customers should contact their sales executive for information on the Xerox® MFP Workflow App Customization Program. 778 of 1132 783 BLACK-AND-WHITE TABLOID/A3 DEVICES Xerox® VersaLink B7025/B7030/ B7035 Multifunction Printer Xerox® AltaLink B8045/8055/8065/ 8075/8090 Multifunction Printer Xerox ® Devices Built on Xerox® ConnectKey® Technology ©2019 Xerox Corporation. All rights reserved. Xerox®, AltaLink®, ConnectKey®, DocuShare®, Global Print Driver®, "Made to Think", VersaLink® and Xerox Extensible Interface Platform® are trademarks of Xerox Corporation in the United States and/or other countries. The information in this brochure is subject to change without notice. 8/19 PN03660 BR27181 XOGBR-65UC COLOR LETTER/A4 DEVICES Xerox® VersaLink® C400 Color Printer Xerox® VersaLink C500 Color Printer Xerox® VersaLink C600 Color Printer Xerox® VersaLink C405 Color Multifunction Printer Xerox® VersaLink C505 Color Multifunction Printer Xerox® VersaLink C605 Color Multifunction Printer BLACK-AND-WHITE LETTER/A4 DEVICES Xerox® VersaLink B400 Printer Xerox® VersaLink B600 Printer Xerox® VersaLink B610 Printer Xerox® VersaLink B405 Multifunction Printer Xerox® VersaLink B605 Multifunction Printer Xerox® VersaLink B615 Multifunction Printer You'll work better, faster and smarter with a consistent user experience, mobile and cloud connectivity, easy automation, benchmark security and access to a growing library of apps to expand functionality and boost productivity. To learn more about Xerox® ConnectKey Technology, go to www.connectkey.com. COLOR TABLOID/A3 DEVICES Xerox® VersaLink C7000 Color Printer Xerox® VersaLink C8000 Color Printer Xerox® VersaLink C9000 Color Printer Xerox® VersaLink C7020/C7025/ C7030 Color Multifunction Printer Xerox® AltaLink C8030/C8035/ C8045/C8055/ C8070 Color Multifunction Printer 779 of 1132 784 - Ll Security Guide Xerox® AltaLink® B8145/B8155/B8170 Multifunction Printer Xerox® AltaLink® C8130/C8135/C8145/C8155/C8170 Color Multifunction Printer Additional information, if needed, on one or more lines Month 00, 0000 <Part Number> 780 of 1132 785 xerox,- 2020 Xerox Corporation. All rights reserved. Xerox®, CentreWare®, AltaLink®, Xerox Extensible Interface Platform® are trademarks of Xerox Corporation in the United States and/or other countries. BR# 28402 Other company trademarks are also acknowledged. Document Version: 1.0 (January 2020). Copyright protection claimed includes all forms and matters of copyrightable material and information now allowed by statutory or judicial law or hereinafter granted including without limitation, material generated from the software programs which are displayed on the screen, such as icons, screen displays, looks, etc. Changes are periodically made to this document. Changes, technical inaccuracies, and typographic errors will be corrected in subsequent editions 781 of 1132 786 Footer i Contents 1. Introduction ....................................................................................................................... 1-1 Purpose ........................................................................................................................................... 1-1 Target Audience .............................................................................................................................. 1-1 Disclaimer ....................................................................................................................................... 1-1 2. Product Description .......................................................................................................... 2-2 Physical Components ................................................................................................................. 2-2 Architecture ................................................................................................................................. 2-3 User Interface .............................................................................................................................. 2-3 Scanner ....................................................................................................................................... 2-3 Marking Engine ........................................................................................................................... 2-3 Controller ..................................................................................................................................... 2-4 Controller External Interfaces ......................................................................................................... 2-4 Front/Rear Panel USB (Type A) port(s) ...................................................................................... 2-4 10/100/1000 MB Ethernet TIA-568 Network Connector ............................................................. 2-4 Rear USB (Type B) Target Port .................................................................................................. 2-4 Optional Equipment ......................................................................................................................... 2-5 RJ-11 Analog Fax and Telephone .............................................................................................. 2-5 Wireless Network Connector ....................................................................................................... 2-5 Bluetooth® MicroAdapter ............................................................................................................ 2-5 Near Field Communications (NFC) Reader ................................................................................ 2-5 SMART CARD – CAC/PIV .......................................................................................................... 2-5 Foreign Product Interface ............................................................................................................ 2-5 3. User Data Protection ......................................................................................................... 3-1 User Data Protection While Within Product .................................................................................... 3-1 Encryption ................................................................................................................................... 3-1 Private Key Management ............................................................................................................ 3-1 Job Data Removal available on standard SSD configuration ..................................................... 3-1 Media Sanitization (Image Overwrite) available with optional HDD configuration ...................... 3-1 Overwriting Immediate Image Overwrite available with optional HDD configuration .................. 3-1 On-Demand Image Overwrite available with optional HDD configuration .................................. 3-2 User Data in Transit ........................................................................................................................ 3-2 Inbound User Data (Print Job Submission) ................................................................................. 3-2 782 of 1132 787 Footer ii Email Signing and Encryption using S/MIME .............................................................................. 3-2 Scanning to Network Repository, Email, Fax Server (Outbound User Data) ............................. 3-3 Scanning to User Local USB Storage Product (Outbound User Data) ....................................... 3-3 Add on Apps – Cloud, Google, DropBox, and others (Outbound User Data) ............................. 3-4 4. Network Security ............................................................................................................... 4-5 TCP/IP Ports and Services ............................................................................................................. 4-5 Listening Services (inbound ports) .............................................................................................. 4-6 Network Encryption ......................................................................................................................... 4-7 IPsec ........................................................................................................................................... 4-7 Wireless 802.11 Wi-Fi Protected Access (WPA) ........................................................................ 4-7 TLS .............................................................................................................................................. 4-8 SNMPv3 ...................................................................................................................................... 4-8 Public Key Infrastructure (PKI) ........................................................................................................ 4-9 Device Certificates ...................................................................................................................... 4-9 Trusted Certificates ................................................................................................................... 4-10 Minimum Key length .................................................................................................................. 4-10 Network Access Control ................................................................................................................ 4-11 802.1x ........................................................................................................................................ 4-11 Cisco Identity Services Engine (ISE) ........................................................................................ 4-11 Contextual Endpoint Connection Management ........................................................................ 4-12 FIPS140-2 Compliance Validation ............................................................................................ 4-12 Additional Network Security Controls ............................................................................................ 4-13 IP Filtering ................................................................................................................................. 4-13 Personal Identifiable Information (PII) ....................................................................................... 4-13 5. Device Security: BIOS, Firmware, OS, Runtime, and Operational Security Controls 5-1 Pre-Boot Security ............................................................................................................................ 5-1 BIOS ............................................................................................................................................ 5-1 Embedded Encryption ................................................................................................................. 5-1 Boot Process Security ..................................................................................................................... 5-1 Trusted Boot ................................................................................................................................ 5-1 Firmware Integrity ....................................................................................................................... 5-2 Runtime Security ............................................................................................................................. 5-2 Operational Security ........................................................................................................................ 5-2 Firmware Restrictions ................................................................................................................. 5-2 Event Monitoring and Logging ........................................................................................................ 5-3 783 of 1132 788 Footer iii Configuration Watchdog .............................................................................................................. 5-3 Audit Log ..................................................................................................................................... 5-3 Security Information Event Management (SIEM) Support .......................................................... 5-4 Operational Security ........................................................................................................................ 5-4 Service Technician (CSE) Access Restriction ............................................................................ 5-4 Additional Service Details ........................................................................................................... 5-4 Cloning ........................................................................................................................................ 5-4 Backup and Restore .................................................................................................................... 5-5 EIP Applications .......................................................................................................................... 5-5 6. Configuration and Security Policy Management Solutions .......................................... 6-1 7. Identification, Authentication, and Authorization .......................................................... 7-1 Authentication ................................................................................................................................. 7-1 Local Authentication ..................................................................................................................... 7-1 Network Authentication ................................................................................................................ 7-1 Smart Card Authentication (CAC, PIV, SIPR, etc.) ..................................................................... 7-1 Convenience Authentication ....................................................................................................... 7-1 Local Authentication .................................................................................................................... 7-1 Password Policy .......................................................................................................................... 7-2 Network Authentication ............................................................................................................... 7-2 Smart Card Authentication .......................................................................................................... 7-2 Convenience Authentication ....................................................................................................... 7-3 Xerox Workplace Cloud https://www.xerox.com/ ...................................................................... 7-3 Pharos print management solutions https://pharos.com/ ........................................................ 7-3 YSoft SafeQ https://www.ysoft.com/en ....................................................................................... 7-3 Authorization (Role-Based Access Controls) .................................................................................. 7-3 Remote Access ........................................................................................................................... 7-3 Local Access ............................................................................................................................... 7-3 8. Additional Information and Resources ........................................................................... 8-1 Security @ Xerox® ......................................................................................................................... 8-1 Responses to Known Vulnerabilities ............................................................................................... 8-1 Additional Resources ...................................................................................................................... 8-1 9. Appendix A: Product Security Profiles ........................................................................... 9-2 784 of 1132 789 Footer iv AltaLink® B8145/B8155/B8170 &C8130/C8135/C8145/C8155/C8170 .......................................... 9-2 Physical Overview ....................................................................................................................... 9-2 Security Related Interfaces ......................................................................................................... 9-3 Controller Non-Volatile Storage .................................................................................................. 9-3 Controller Volatile Memory .......................................................................................................... 9-4 Marking Engine Non-Volatile Storage ......................................................................................... 9-4 Marking Engine Volatile Memory ................................................................................................ 9-4 10. Appendix B: Security Events ......................................................................................... 10-1 Xerox AltaLink Security Events ..................................................................................................... 10-1 785 of 1132 790 Security Guide – Xerox® AltaLink® B8145/B8155/B8170 Multifunction Printer Xerox® AltaLink® C8130/C8135/C8145/C8155/C8170 Color Multifunction Printer 1-1 1. Introduction Purpose The purpose of this document is to disclose information for the AltaLink® multifunction devices (hereinafter called as “the product” or “the system”) with respect to product security. Product Security, for this paper, is defined as how image data is stored and transmitted, how the product behaves in a network environment, and how the product may be accessed both locally and remotely. The purpose of this document is to inform Xerox customers of the design, functions, and features of the product with respect to Information Assurance. This document does not provide tutorial level information about security, connectivity, or the product’s features and functions. This information is readily available elsewhere. We assume that the reader has a working knowledge of these types of topics. Target Audience The target audience for this document is Xerox field personnel and customers concerned with IT security. Disclaimer The content of this document is provided for information purposes only. Performance of the products referenced herein is exclusively subject to the applicable Xerox Corporation terms and conditions of sale and/or lease. Nothing stated in this document constitutes the establishment of any additional agreement or binding obligations between Xerox Corporation and any third party. 786 of 1132 791 Security Guide – Xerox® AltaLink® B8145/B8155/B8170 Multifunction Printer Xerox® AltaLink® C8130/C8135/C8145/C8155/C8170 Color Multifunction Printer 2-2 2. Product Description PHYSICAL COMPONENTS Xerox® AltaLink® B8145/B8155/B8170 (Mono MFP) and C8130/C8135/C8145/C8155/C8170 (Color MFP) are very similar and consist of an input document handler and scanner, marking engine, controller, and user interface. A typical configuration is depicted below. Please note that options including finishers, paper trays, document handers, etc. may vary configuration, however, they are not relevant to security and are not discussed. 787 of 1132 792 1. Stab iliizer 2. Bypass paper feed tray l. FrontllSB Port(s)"' 4 .. To11ch sc1reen 11ser iintertace 5. Upper paper tray 6. Lower pa;per tray 1.. Paper feed trays! 8. 9 . 10. 111 .. 12. 13. Co,v e , Need s to be re m o ved to revea l Smart PrOXJirnity Sensor Rear U SB Port(sl* ~Wi-Fi ~ ~Port"~ Bl11etooth ~ port RJ45. Ethernet connection* Service port AC Power '1118notee a eeoollly roiJal e<I c1>mp1>..,nl Security Guide – Xerox® AltaLink® B8145/B8155/B8170 Multifunction Printer Xerox® AltaLink® C8130/C8135/C8145/C8155/C8170 Color Multifunction Printer 2-3 ARCHITECTURE AltaLink® products share a common architecture which is depicted below. The following sections describe components in detail. USER INTERFACE The user interface detects soft and hard button actuations and provides text and graphical prompts to the user. The user interface is sometimes referred to as the Graphical User Interface (GUI) or Local UI (LUI) to distinguish it from the remote web server interface (WebUI). The user interface allows users to access product services and functions. Users with administrative privileges can manage the product configuration settings. User permissions are configurable through Role-Based Access Control (RBAC) policies, described in section 7 Identification, Authentication, and Authorization SCANNER The scanner converts documents from hardcopy to electronic data. A document handler moves originals into a position to be scanned. The scanner provides enough image processing for signal conditioning and formatting. The scanner does not store scanned images. MARKING ENGINE The Marking Engine performs copy/print paper feeding and transport, image marking, fusing, and document finishing. The marking engine is comprised of paper supply trays and feeders, paper transport, LED scanner, xerographics, and paper output and finishing. The marking engine is only accessible to the Controller via inter-chip communication with no other access and does not store user data. User Interface Scanner Controller Marking Engine External Interfaces Device Storage Optional Interfaces 788 of 1132 793 Security Guide – Xerox® AltaLink® B8145/B8155/B8170 Multifunction Printer Xerox® AltaLink® C8130/C8135/C8145/C8155/C8170 Color Multifunction Printer 2-4 CONTROLLER The controller manages document processing using proprietary hardware and algorithms to process documents into high-quality electronic and/or printed reproductions. Documents may be temporarily buffered in RAM during processing. Standard models are equipped with a Solid State Disk (SSD). Optional magnetic Hard Disk Drive (HDD) is also available. For model specific details please see Appendix A: Product Security Profiles. In addition to managing document processing the controller manages all ne twork functions and services. Details can be found in section Network Security. The controller handles all I/O communications with connected products. The following section provides a description of each interface. Please note that not all interfaces are s upported on all models; details about each model can be found in Appendix A: Product Security Profiles. Controller External Interfaces FRONT/REAR PANEL USB (TYPE A) PORT(S) One or more USB ports may be located on the front of the product, near the user interface. Front USB ports may be enabled or disabled by a system administrator. The front USB port supports the following: • Walk-up users may insert a USB thumb drive to store or retrieve documents for scanning and/or printing from a FAT formatted USB device. The controller will only allow reading/writing of a limited set of known document types (such as, PDF, PNG, JPEG, TIFF, etc.). Other file types including binary executables are not supported. Note: Features that use the USB ports (such as Scan To USB) can be disabled independently. • Connection of optional equipment such as Bluetooth or CAC readers. • Firmware updates may be submitted through the USB ports. Note that the product must be configured to allow local firmware updates, or the update will not be processed. 10/100/1000 MB ETHER NET TIA -568 NETWORK CONNECTOR This is a standard Ethernet network connector and confirms to IEEE Ethernet 802.3 standards. REAR USB (TYPE B) TA RGET PORT A USB type B port located on the controller board at the rear of the product. This port supports the following: • USB target connector used for printing Note: This port is used for service Diagnostics and cannot be disabled by a system administrator. 789 of 1132 794 Security Guide – Xerox® AltaLink® B8145/B8155/B8170 Multifunction Printer Xerox® AltaLink® C8130/C8135/C8145/C8155/C8170 Color Multifunction Printer 2-5 Optional Equipment RJ-11 ANALOG FAX AND TELEPHONE The embedded FAX service uses the installed embedded fax card to send and receive images over the telephone interface. The FAX card plugs into a custom interface slot on the controller. The fax telephone lines are connected directly to the Fax Card via RJ -11 connectors and it uses T.30 Fax Modem protocol and will not accept data or voice communication. All remaining fax -specific features are implemented in software on the controller. WIRELESS NETWORK CON NECTOR AltaLink® products accept an optional wireless kit that can be installed in the rear USB port. BLUETOOTH ® MICROADAPTER AltaLink® products accept an optional Bluetooth MicroAdapter that can be installed in the rear USB port to support iBeacon for AirPrint Discovery. When enabled and configured, iBeacon enables the Xerox® AltaLink® product to advertise basic printer discovery information, including a routable IP address, via the Bluetooth Low Energy Beacon. iBeacon functionality can be disabled using the embedded web server of the product. NEAR FIELD COMMUNICA TIONS (NFC) READER AltaLink® products come standard with an NFC Chip built into the front panel. This is read only from an NFC client. The data exchanged is not encrypted and may include information including system network status, IP address and product location. NFC functionality can be disabled using the embedded web server of the product. NFC functionality requires a software plugin that can be obtained from Xerox sales and support. Information shared over NFC includes: IPv4 Address, IPv6 Address, MAC Addres s, UUID (a unique identifier on the NFC client), and Fully qualified domain name SMART CARD – CAC/PIV AltaLink® products support a variety of smart cards that can be used to login to the machine. Please contact Xerox Support for a list of supported cards and card readers. FOREIGN PRODUCT INTE RFACE This port is used to connect optional equipment to control access to the machine. A typical application is a coin-operated product where a user must deposit money to enable the machine to print. The information available via the Foreign Product Interface is limited to optically-isolated pulses that can be used to count impressions marked on hardcopy sheets. No user data is transmitted to or from this interface. 790 of 1132 795 Security Guide – Xerox® AltaLink® B8145/B8155/B8170 Multifunction Printer Xerox® AltaLink® C8130/C8135/C8145/C8155/C8170 Color Multifunction Printer 3-1 3. User Data Protection Xerox printers and multifunction products receive, process, and may optionally store user data from several sources including as local print, scan, fax, or copy jobs or mobile and cloud applications, etc. Xerox products protect user data being processed by employing strong encryption. The standard configuration is sold with SSD. User Data Protection While Within Product This section describes security controls that protect user data while it is resident within the product. For a description of security controls that protect data in transit please refer to the following section that discusses data in transit; also, the Network Security section of this document. ENCRYPTION All user data being processed or stored to the product is encrypted by default. Encryption cannot be disabled on this family of products. PRIVATE KEY MANAGEME NT Any private key on the system is managed in compliance with NIST Special Publication 800-57 Recommendation for Key Management. This includes keying material in transition and at rest. An onboard TPM module (v2.0) compliant with ISO/IEC 11889 is used in support of private key management. JOB DATA REMOVAL AVA ILABLE ON STANDARD S SD CONFIGURATION The Job Data Removal feature is provided to allow security conscious customers the facility to remove all residual image data from the Network Controller, the image system and, if installed, the Embedded Classic Fax card memory. Job Data Removal is being introduced to provide customers with SSD devices the ability to clean up the disk by purging job data (no overwrite) using the same interface as ODIO available with HDD configuration. MEDIA SANITIZATION (IMAGE OVERWRITE) AVA ILABLE WITH OPTIONAL HDD CONFIGURATION AltaLink® products equipped with magnetic hard disk drives are compliant with NIST Special Publication 800-88 Rev1: Guidelines for Media Sanitization. User data is securely erased using a the algorithm as described in the following link: https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-88r1.pdf OVERWRITING IMMEDIATE IMAGE OVER WRITE AVAILABLE WITH OPTIONAL HDD CONFIGURATION When enabled, Immediate Image Overwrite (IIO) will overwrite any temporary files that were created on the magnetic hard disk that may contain user data. The feature provides continuous automatic overwrite of sensitive data with minimal impact to performance, robust error reporting, and logging via the Audit Log. 791 of 1132 796 Security Guide – Xerox® AltaLink® B8145/B8155/B8170 Multifunction Printer Xerox® AltaLink® C8130/C8135/C8145/C8155/C8170 Color Multifunction Printer 3-2 ON-DEMAND IMAGE OVER WRITE AVAILABLE WITH OPTIONAL HDD CONFIG URATION Complementing the Immediate Image Overwrite is On-Demand Overwrite (ODIO). While IIO overwrites individual files, ODIO overwrites entire partitions. The ODIO feature can be invoked at any time and optionally may be scheduled to run automatically. When enabled, Immediate Image Overwrite (IIO) will overwrite and remove any remnants and temporary files of all print, copy, scan, and fax jobs from the image disk as soon as the job finishes processing. The feature provides continuous automatic overwrite of sensitive data with minimal impact to performance, robust error reporting, and logging via the Audit Log. User Data in Transit This section focuses on the protection of user data (print/scan/other jobs) in transit as they are submitted to the product for processing and/or are sent from the product to other systems. Additional protections are also discussed in the Network Security section of this document. INBOUND USER DATA (P RINT JOB SUBMISSION) In addition to supporting network level encryption including IPsec and WPA, Xerox products also support encryption of print job data at the time of submission. This can be used to securely transmit print jobs over unencrypted connections or to enhance existing network level security controls. Encrypted Transport Description IPPS (TLS) Submit print jobs via Secure Internet Printing Protocol. This protocol is based on HTTP and utilizes the TLS suite to encrypt data. HTTPS (TLS) Securely submit a print job directly to product via the built-in web server. Xerox Print Stream Encryption The Xerox Global Print Driver® supports document encryption for any print jobs to enabled products. Simply configure Document Encryption to On in the Advanced tab of the print driver at print time. EMAIL SIGNING AND EN CRYPTION USING S/MIM E S/MIME (Secure/Multipurpose Internet Mail Extensions) provides Authentication, Message integrity, Non-repudiation, and encryption of email. AltaLink® Multifunction B8145, B8155, B8170, C8030, C8135, C8145, C8155, C8170 Email S/MIME Versions v3 Digest SHA1, SHA256, SHA384, SHA512 Encryption AES128, AES192, AES256 792 of 1132 797 Security Guide – Xerox® AltaLink® B8145/B8155/B8170 Multifunction Printer Xerox® AltaLink® C8130/C8135/C8145/C8155/C8170 Color Multifunction Printer 3-3 SCANNING TO NETWORK REPOSITORY, EMAIL, F AX SERVER (OUTBOUND USER DATA) AltaLink® multifunction products support scanning of hardcopy documents to external network locations including file repositories and email and facsimile services. In addition to supporting network level encryption including IPsec, Xerox products support the following. Protocol Encryption Description HTTP N/A Unencrypted HTTP protocol. HTTPS (TLS) TLS HTTP encrypted by TLS FTP N/A Unencrypted FTP SFTP (SSH) SSH FTP encrypted by SSH. SMBv3 Yes Encryption may be enabled on a Windows share SMBv2 N/A Unencrypted SMB SMBv1 N/A (Not used as a transport protocol. Used for network discovery only) SMTP (email) S/MIME The product uses SMTP to transmit data to the email server. Email authentication, encryption, and signing are supported. Please refer to the Network Security section of this document for details. SCANNING TO USER LOC AL USB STORAGE PRODU CT (OUTBOUND USER DA TA) Scan data is transferred directly to the user’s USB product. Filesystem encryption of user products are not supported. AltaLink® Multifunction B8145, B8155, B8170 C8130, C8135, C8145, C8155, C8170 Local Data Encryption AES-256 Federal Information Protection Standard 140-2 Yes Media Sanitization NIST 800-171 (Image Overwrite) Models with magnetic HDD. See Appendix A: Product Security Profiles Print Submission IPPS (TLS) Supported HTTPS (TLS) Supported Xerox Print Stream Encryption Supported Scan to Repository Server HTTPS (TLS) 1.0, 1.1, 1.2 SFTP (SSH) SSH-2 SMB (unencrypted) v1, v2, v3 793 of 1132 798 Security Guide – Xerox® AltaLink® B8145/B8155/B8170 Multifunction Printer Xerox® AltaLink® C8130/C8135/C8145/C8155/C8170 Color Multifunction Printer 3-4 SMB (with share encryption enabled) V3 HTTP (unencrypted) Supported FTP (unencrypted) Supported Scan to Fax Server HTTPS (TLS) 1.0, 1.1.1, 1.2 SFTP (SSH) SSH-2 SMB (unencrypted) v1, v2, v3 SMB (with share encryption enabled) V3 S/MIME Supported HTTP (unencrypted) Supported FTP (unencrypted) Supported SMTP (unencrypted) Supported Scan to Email S/MIME Supported SMTP (unencrypted) Supported TLS (Start TLS) Supported ADD ON APPS – CLOUD, GOOGLE, DROPBOX, AND OTHERS (OUTBOUND US ER DATA) The Xerox App Gallery® contains several additional applications that extend the capabilities of Xerox products. Discussion of App security is beyond the scope of this document. Xerox Apps utilize the security framework provided by the third-party vendor. (For example, Microsoft O365 or Google Apps would utilize Microsoft and Google’s security mechanisms respectively). Please consult documentation for individual Apps and third-party security for details. 794 of 1132 799 Security Guide – Xerox® AltaLink® B8145/B8155/B8170 Multifunction Printer Xerox® AltaLink® C8130/C8135/C8145/C8155/C8170 Color Multifunction Printer 4-5 4. Network Security Xerox products are designed to offer a high degree of security and flexibility in almost any network environment. This section describes several aspects of the product related to network security. TCP/IP Ports and Services Xerox devices are robust, offering support for a wide array of services and protocols. The devices are capable of hosting services as well as acting as a client for others. The diagram below presents a high-level overview of inbound communications (from other hosts on the network into listening services on the device) and outbound connections initiated by the device (acting as a client to external network services). Inbound (Listening Services) Outbound (Network Client) Print Services LPR, IPPs (TLS), Raw IP, etc. Management Services SNMP, Web interface, Web Services, etc. Infrastructure and Discovery Services IPsec, WSD, mDNS, Bonjour, etc. Built-in Scan Services FTP, HTTP & HTTPS (TLS), SMB, SMTP & SMTPS, POP3, etc. Authentication Services LDAP & LDAPS, SMB, Kerberos Infrastructure IPsec, DHCP and DHCPv6, etc. Cloud Services Dropbox, Google Drive, OneDrive, and several others 795 of 1132 800 Security Guide – Xerox® AltaLink® B8145/B8155/B8170 Multifunction Printer Xerox® AltaLink® C8130/C8135/C8145/C8155/C8170 Color Multifunction Printer 4-6 LISTENING SERVICES (INBOUND PORTS) The following table summarizes all potentially open ports on the product. These ports can be enabled/disabled within the product configuration. Some ports can be configured to different value for some features/protocols. Port Type Service Name 80 or 443 TCP HTTP including: Web User Interface Web Services for Products (WSD) WebDAV 68 UDP DHC ACK Response to DHCP 88 UDP Kerberos 110 TCP POP3 139 TCP NETBIOS 161 TCP SNMP 162 TCP SNMP Trap 137 UDP NETBIOS (Name Service) 138 UDP NETBIOS (Datagram Service) 161 UDP SNMP 427 TCP/UDP SLP 443 TCP HTTPS – HTTP over TLS, IPPS 445 TCP SMB 500 & 4500 TCP/UDP IPsec 515 TCP LPR 631 TCP IPP 3702 TCP/UDP WSD (Discovery) 4000 TCP ThinPrint 5353 TCP/UDP mDNS 5354 TCP mDNS Responder IPC 9100 TCP Raw IP (also known as JetDirect, AppSocket or PDL- datastream) 5909-5999 TCP Remote Access to local display panel. Port is randomly selected and communications encrypted with TLS 1.2 51333 TCP Device File Distribution downloads 53202 TCP WSD Transfer 53303 TCP WSD Print 53404 TCP WSD Scan 796 of 1132 801 Security Guide – Xerox® AltaLink® B8145/B8155/B8170 Multifunction Printer Xerox® AltaLink® C8130/C8135/C8145/C8155/C8170 Color Multifunction Printer 4-7 Network Encryption IPSEC Internet Protocol Security (IPsec) is a network security protocol capable of providing encryption and authentication at the packet level. AltaLink® products support IPsec for both IPv4 and IPv6 protocols. AltaLink® Multifunction B8145, B8155, B8170, C8130, C8135, C8145, C8155, C8170 IPsec Supported IP Versions IPv4, IPv6 Key exchange authentication method Preshared Key & digital signature authentication (device authentication certificate, server validation certificate) Transport Mode Transport & Tunnel mode Security Protocol ESP & AH ESP Encryption Method AES, Null ESP Authentication Methods SHA1, SHA256, None WIRELESS 802.11 WI -F I PROTECTED ACCESS (WPA) Products equipped with WiFi support WPA2 Personal, WPA2 Enterprise, and Mixed Mode compliant with IEEE 802.11i. The wireless network adapters used in Xerox products are certified by the Wi-Fi Alliance. AltaLink® Multifunction B8145, B8155, B8170, C8130, C8135, C8145, C8155, C8170 Wi-Fi (802.11) No Encryption Supported WEP RC4 WPA2 Personal (PSK) CCMP (AES), TKIP, TKIP+CCMP (AES) WPA2 Enterprise CCMP (AES), TKIP, TKIP+CCMP (AES) PEAPv0 MS-CHAPv2 EAP-TLS EAP-TTLS/PAP EAP-TTLS/MS-CHAPv2 EAP-TTLS/EAP-TLS 797 of 1132 802 Security Guide – Xerox® AltaLink® B8145/B8155/B8170 Multifunction Printer Xerox® AltaLink® C8130/C8135/C8145/C8155/C8170 Color Multifunction Printer 4-8 BSSID Roaming Restriction Supported TLS AltaLink® products support the latest version, TLS 1.2 and the default setting is TLS1.0. AltaLink® Multifunction B8145, B8155, B8170, C8030, C8135, C8145, C8155, C8170 TLS Versions Supported Product Web Interface 1.2, 1.1, 1.0 Product Web Services 1.2, 1.1, 1.0 Product IPPS printing 1.2, 1.1, 1.0 Remote control 1.2 SNMPV3 SNMPv3 is the current standard version of SNMP defined by the Internet Engineering Task Force (IETF). It provides three important security features: Message integrity to ensure that a packet has not been tampered with in transit Authentication to verify that the message is from a valid source Encryption of packets to prevent unauthorized access AltaLink® Multifunction B8145, B8155, B8170, C8030, C8135, C8145, C8155, C8170 SNMPv3 Digest SHA1, MD5 Encryption DES, AES128 798 of 1132 803 Security Guide – Xerox® AltaLink® B8145/B8155/B8170 Multifunction Printer Xerox® AltaLink® C8130/C8135/C8145/C8155/C8170 Color Multifunction Printer 4-9 Public Key Infrastructure (PKI) Digital certificates are a key component of public key infrastructure. A digital certificate contains information about the identity of an entity, the certificate authority that issued the certificate, and its associated public and private key pair. The certificate’s private key is used to generate digital signatures, and the public key is used to validate those digital signatures. For entiti es to validate a digital signature, the certificate and its public key are shared freely. Trust is established by validating the certificate path, which contains the certificate authorities that issued the certificate. DEVICE CERTIFICATES AltaLink® products support both CA signed and self-signed device certificates. The device certificates support a bit length of up to 4096 bits. AltaLink® products require a device certificate. The MFP will use the device certificate as its identity. The MFP EWS certificate is an example of a device certificate. The device certificate must be issued by a certificate authority (CA) trusted by the device. The Xerox device certificate, which is the default device certificate installed on the MFP, is issued by the Xerox Root CA embedded in the MFP firmware. The Xerox device certificate details are configurable and can be recreated as need by the device administrator. The MFP can be configured to use any installed CA signed certificate as its device certificate. To install a CA signed certificate, the device administrator can generate and download a Certificate Signing Request (CSR) from the MFP, have the CSR be signed by an Enterprise CAs or 3rd Party CAs, and then imported the CA signed certificate into the MFP. Alternatively, this process can be completed off-box and a CA signed certificate in PKCS #12 format can be imported into the MFP. AltaLink® Multifunction B8145, B8155, B8170, C8030, C8135, C8145, C8155, C8170 Device Certificates Certificate Length Up to 4096 (for RSA certificates) Default Device Certificate ECDSA P-384 Supported Hashes SHA256 Product Web Server Supported IPPS Printing Supported 802.1X Client Supported IPsec Supported SFTP Supported 799 of 1132 804 Security Guide – Xerox® AltaLink® B8145/B8155/B8170 Multifunction Printer Xerox® AltaLink® C8130/C8135/C8145/C8155/C8170 Color Multifunction Printer 4-10 TRUSTED CERTIFICATES Public Root and Intermediate Root Certificate Authority (CA) certificates may be imported to the product’s certificate store to establish trust with external products and services. The following categories are supported: • A Root CA certificate is a certificate with authority to sign other certificates. These certificates usually are self-signed certificates that come from another product or service that you want to trust. • An Intermediate CA certificate is a certificate that links a certificate to a Trusted Root CA Certificate in certain network environments. • Peer Device certificates are certificates that are installed on the printer for solution-specific uses. AltaLink® Multifunction B8145, B8155, B8170, C8030, C8135, C8145, C8155, C8170 Trusted Certificates (CA & Peer device) Minimum Length RSA Restriction Options None, 1024, 2048 Maximum Length 4096 Supported Hashes SHA1/224/256/384/512 IPsec Supported LDAP Supported Scanning (HTTPS/TLS) Supported Scanning (SFTP/SSH) Used for audit log transfer 802.1X Client Supported Email Signing Supported Email Encryption Supported Email (STARTLS) Supported OCSP Signing Supported MINIMUM KEY LENGTH An administrator can specify the minimum encryption key length required for certificates. If a user attempts to upload a certificate that contains a key that does not meet this requirement, a message appears. The message alerts the user that the certificate they are attempting to upload does not meet the key length requirement. 800 of 1132 805 Security Guide – Xerox® AltaLink® B8145/B8155/B8170 Multifunction Printer Xerox® AltaLink® C8130/C8135/C8145/C8155/C8170 Color Multifunction Printer 4-11 Network Access Control 802.1X In 802.1X authentication, when the product is connected to the LAN port of Authenticator such as the switch as shown below, the Authentication Server authenticates the product, and the Authenticator controls access of the LAN port according to the authentication result. The product starts authentication processing at startup when the startup settings for 802.1X authentication are enabled. AltaLink® Multifunction B8145, B8155, B8170, C8030, C8135, C8145, C8155, C8170 Network Access Control 802.1x Supported Authentication Methods EAP-MD5, PEAPv0/EAP MSCHAPv2, EAP-MSCHAPv2, EAP-TLS CISCO IDENTITY SERVI CES ENGINE (ISE) Cisco ISE is an intelligent security policy enforcement platform that mitigates security risks by providing a complete view of which users and what products are being connected across the entire network infrastructure. It also provides control over what users can access your network and where they can go. Cisco's ISE includes over 200 Xerox product profiles that are ready for security policy enablement. This allows ISE to automatically detect Xerox products in your netwo rk. Xerox products are organized in Cisco ISE under product families, such as AltaLink® products, enabling Cisco ISE to automatically detect and profile new Xerox products from the day they are released. Customers who use Cisco ISE find that including Xero x products in their security policies is simpler and requires minimal effort. Cisco ISE Profiling Services provides dynamic detection and classification of endpoints connected to the network. ISE collects various attributes for each network endpoint to build an endpoint database. The classification process matches the collected attributes to prebuilt or user -defined conditions, which are then correlated to an extensive library of product profiles. These profiles include a wide range of product types, including tablets, smartphones, cameras, desktop operating systems (for example, Windows®, Mac OS® X, Linux® and others), and workgroup systems such as Xerox printers and MFPs. Once classified, endpoints can be authorized to the network and granted access based on their profile signature. For example, guests to your network will have different level of access to printers and other end points in your network. As an example, you and your employees can get full printer access when accessing the network from a corporate workstation but be granted limited printer access when accessing the network from your personal Apple® iPhone®. Authentication Server Authenticator (e.g. Switch) Product (Supplicant) EAPOL 801 of 1132 806 Security Guide – Xerox® AltaLink® B8145/B8155/B8170 Multifunction Printer Xerox® AltaLink® C8130/C8135/C8145/C8155/C8170 Color Multifunction Printer 4-12 Cisco ISE allows you to deploy the following controls and monitoring of Xerox products: Automatically provision and grant network access rights to printers and MFPs to prevent inappropriate access (including automatically tracking new printing products connecting to the network): - Block non-printers from connecting on ports assigned to printers - Prevent impersonation (aka spoofing) of a printer/MFP - Automatically prevent connection of non-approved print products - Smart rules-based policies to govern user interaction with network printing products Provide simplified implementation of security policies for printers and MFPs by: - Providing real time policy violation alerts and logging - Enforcing network segmentation policy - Isolating the printing products to prevent general access to printers and MFPs in restricted areas Automated access to policy enforcement - Provide extensive reporting of printing product network activity AltaLink® Multifunction B8145, B8155, B8170, C8030, C8135, C8145, C8155, C8170 Network Access Control Cisco ISE Supported CONTEXTUAL ENDPOINT CONNECTION MANAGEMEN T Traditionally network connection management has been limited to managing endpoints by IP address and use of VLANs and firewalls. This is effective, but highly complex to manage for every endpoint on a network. Managing, maintaining, and reviewing the ACLs (and the necessary change management and audit processes to support them) quickly become prohibitively expensive. It also lacks the ability to manage endpoints contextually. Connectivity of AltaLink® devices can be fully managed contextually by Cisco Trus tSec. TrustSec uses Security Group Tags (SGT) that are associated with an endpoint’s user, device, and location attributes. SG-ACLs can also block unwanted traffic so that malicious reconnaissance activities and even remote exploitation from malware can be effectively prevented. FIPS140 -2 COMPLIANCE VALIDATION When enabled, the product will validate its current configuration to identify cryptographic modules in use. Modules which are not FIPS 140-2 (Level 1) compliant will be reported. AltaLink® products include FIPS compliant algorithms of SNMPv3 and Kerberos, however , an exception can be approved to run these in non-FIPS compliant mode when configured for non- FIPS algorithms. 802 of 1132 807 I Security Guide – Xerox® AltaLink® B8145/B8155/B8170 Multifunction Printer Xerox® AltaLink® C8130/C8135/C8145/C8155/C8170 Color Multifunction Printer 4-13 Additional Network Security Controls IP FILTERING The devices contain a static host-based firewall that provides the ability to prevent unauthorized network access based on IP address and/or port number. Filtering rules can be set by the SA using the WebUI. An authorized SA can create rules to (Accept/Reject/Drop) for ALL or a range of IP addresses. In addition to specifying IP addresses to filter, an authorized SA can enable/disable all traffic over a specified transport layer port. PERSONAL IDENTIFIABL E INFORMATION (PII) Personal Identifiable Information (PII) can be entered or stored into the device through several means: address book, scan templates, device description, display device information, audit logs, and engineering logs. The PII is encrypted on the device and it is not readable outside of the operation of the device. The Admin controls the ability of users to enter data, and controls the accessibility of logs, or th may be resident. 803 of 1132 808 Security Guide – Xerox® AltaLink® B8145/B8155/B8170 Multifunction Printer Xerox® AltaLink® C8130/C8135/C8145/C8155/C8170 Color Multifunction Printer 5-1 5. Device Security: BIOS, Firmware, OS, Runtime, and Operational Security Controls AltaLink® products have robust security features that are designed to protect the system from a wide range of threats. Below is a summary of some of the key security controls. Pre-Boot Security BIOS The BIOS used in AltaLink® products is embedded and cannot be accessed directly. Unlike devices such as desktop and laptop computers that have a BIOS that can be accessed via a keystroke on startup, the BIOS of AltaLink® products is not accessible. Many devices can be cleared to factory defaults (including passwords and security settings) by depressing a reset button using a paperclip or similar method. For security reasons, AltaLink® products do not offer such a method to clear or reset the BIOS. (Note that configuration settings may be reset to factory defaults by an authorized administrator, however, this does not impact BIOS settings). BIOS updates can be securely applied by device firmware updates. Firmware is protected from tampering by use of digital signatures (discussed later in this section). The BIOS is designed to fail secure. An integrity check is performed immediately when power is applied. If verification is successful, the system proceeds with OS kernel boot. If the integrity check fails, the system will fail secure. EMBEDDED ENCRYPTION AES encryption is used to protect the system, user data, and configuration (including security settings) from being retrieved or modified. Each device uses its own unique key that is securely generated. Encryption is enabled by default. Media encryption and sanitization are discussed i n Section 3 User Data Protection. Boot Process Security TRUSTED BOOT Xerox® AltaLink® MFPs utilize a Trusted Boot process to enable a secure boot utilizing Intel's Boot Guard and the Unified EFI Forum/Microsoft specified (UEFI) BIOS approach to ensure a verified Chain of Trust is utilized to perform the MFP boot process. This process establishes a root of trust extending from the Intel processor to the UEFI and continuing to the Boot Manager and the Xerox Firmware. The startup process verifies that the installation software/firmware has not been altered, giving the customer assurance that the code has not been altered or replaced. 804 of 1132 809 Security Guide – Xerox® AltaLink® B8145/B8155/B8170 Multifunction Printer Xerox® AltaLink® C8130/C8135/C8145/C8155/C8170 Color Multifunction Printer 5-2 FIRMWARE INTEGRITY Unlike open operating systems such as servers and user workstations in which software may be installed by users, Xerox products are based on embedded systems and the contents are managed by Xerox. The only means of modifying the contents of a device is by applying a firmware update package. Firmware updates use a special format and each firmware update are encrypted and digitally signed to protect the integrity of the contents. Firmware that is corrupt or has been illicitly modified will be rejected. This security control cannot be disabled. AltaLink® products include a built-in firmware software validation. This is a file integrity monitor that compares the security hashes of currently installed firmware to a secured whitelist that was installed when the signed firmware was installed. Runtime Security Each AltaLink® device comes with McAfee Embedded Control built-in and enabled by default and cannot be disabled. McAfee Embedded Control is used to protect a variety of endpoints that range from wearable devices to critical systems controlling electrical generation. Executable control prevents unauthorized code from executing. Xerox has defined a whitelist of executable programs; software that is not on the secure whitelist is not allowed to execute. McAfee cannot be disabled on AltaLink® products; it is always enabled. Memory control monitors memory and running processes. If unauthorized code is injected into a running process, it is detected and prevented. When an anomaly is detected it is logged to the device audit log and optional alerts are immediately sent via email. Events are also reportable through CentreWare® Web or Xerox Device Manager, and McAfee® ePolicy Orchestrator® (ePO). Operational Security FIRMWARE RESTRICTION S The list below describes supported firmware delivery methods and applicable access controls. Local Firmware Upgrade via USB port: Xerox service technicians can update product firmware using a USB port and specially configured USB thumb drive. Network Firmware Update: Product system administrators can update product firmware using the Embedded Web Server. The ability to apply a firmware update is restricted to roles with system administrator or Xerox service permissions. Firmware updates can be disabled by a system administrator. Xerox Remote Services Firmware Update: Xerox Remote Services can update product firmware securely over the internet using HTTPS. This feature can be disabled, scheduled, and includes optional email alerts for system administrators. The programs stored in the Flash ROM listed below are downloadable from external sources. Controller Marking Engine 805 of 1132 810 Security Guide – Xerox® AltaLink® B8145/B8155/B8170 Multifunction Printer Xerox® AltaLink® C8130/C8135/C8145/C8155/C8170 Color Multifunction Printer 5-3 Scanner Document Feeder Finisher (Option for processing printed paper. No description on Finisher is provided in this document because user’s image data will not be stored in it.) High capacity feeder (No description on High capacity feeder is provided in this document because user’s image data will not be stored in it.) High capacity stacker (No description on high capacity stacker is provided in this document because user’s image data will not be stored in it.) Interface Module (No description on interface module is provided in this document because user’s image data will not be stored in it.) The downloading function can be disabled by a system administrator from the local UI or the Embedded Web Server. For additional information on Firmware updates and various upgrade methods supported, please see the System Administrator Guide. Event Monitoring and Logging CONFIGURATION WATCHD OG The Atlantis 2.1 firmware allows Administrators to configure the periodic monitoring of up to thirty - four security-related settings. If, during a check, a monitored security setting is discovered to have been changed, the system will automatically reset it. In the case that remediation is unsuccessful, an email alert is generated, and the event is captured in the Audit Log (see below for information on the Audit Log). For a list of the security settings covered, please see the System Administrator Guide. AUDIT LOG The Audit Log feature records security-related events. The Audit Log contains the following information: Field Description Index A unique value that identifies the event Date The date that the event happened in mm/dd/yy format Time The time that the event happened in hh:mm:ss format ID The type of event. The number corresponds to a unique description Description An abbreviated description of the type of event Additional Details Columns 6–10 list other information about the event, such as: Identity: User Name, Job Name, Computer Name, Printer Name, Folder Name, or Accounting Account ID display when Network Accounting is enabled. Completion Status Image Overwrite Status: The status of overwrites completed on each job. Immediate Image must be enabled. 806 of 1132 811 Security Guide – Xerox® AltaLink® B8145/B8155/B8170 Multifunction Printer Xerox® AltaLink® C8130/C8135/C8145/C8155/C8170 Color Multifunction Printer 5-4 AltaLink® products currently support over a hundred unique events. A maximum of 15,000 events can be stored on the device. When the Audit Log reaches 13,500 entries (90% “full”), an email alert will be sent. When it reaches 28,500 events, the device will send another message stating there have been 15,000 events since the last alert. The device will keep alerting at 15,000 event intervals. When the number of events exceeds 15,000, audit log events will be deleted in order of timestamp, and then new events will be recorded. The audit log can be exported at any time by a user with administrative privileges. Note that as a security precaution, audit log settings and data can only be accessed via HTTPS and Audit Log can’t be disabled on this version of AltaLink ® products. S ECURITY INFORMATION EVENT MANAGEMENT (SIEM) SU PPORT Xerox® AltaLink® supports the ability to directly connect to industry leading security and event management (SIEM) systems. Once configured, Xerox® AltaLink® MFPs send security information, along with the event severity, to the SIEM system for processing and reporting. The Atlantis 2.1 firmware supports connection to McAfee Enterprise Security Manager and LogRhythm Threat Detection. By supporting multiple SIEM solutions, Xerox® AltaLink® MFPs offer our customers the flexibility of choosing the SIEM system that best fits their environment. Operational Security SERVICE TECHNICIAN (CSE) ACCESS RESTRICT ION The CSE (Customer Service Engineer) account allows a Xerox Technicians to access the MFP’s diagnostics and maintenance routines. The CSE role has only ‘guest privileges’ to the other user interfaces including the Local and WebUI. However, CSE access to these other interfaces can be restrict if needed. ADDITIONAL SERVICE D ETAILS Xerox products are serviced by a tool referred to as the Portable Service Workstation (PWS). Only Xerox authorized service technicians are granted access to the PWS. Customer documents or files cannot be accessed during a diagnostic session, nor are network servers accessible through this port. If a network connection is required while servicing a Xerox device, service technicians will remove the device from any connected networks. The technician will then connect directly to the device using an Ethernet cable, creating a physically secure and isolated network d uring service operations. CLONING Certain system settings can be captured (copied) in a clone file that may be installed on other AltaLink systems. Clone files are encrypted and this AltaLink MFP does not support installing older clone files created on other Atlantis 1.0 and 1.5 devices. Access to both creating and installing a clone file can be restricted using role-based access controls. Clone files can only be created through the Embedded Web Server or via USB at the Local UI. Clone files can be installe d through the following methods: Embedded Web Server, USB at the Local UI, Web service, submission as a print job, or file distribution. 807 of 1132 812 Security Guide – Xerox® AltaLink® B8145/B8155/B8170 Multifunction Printer Xerox® AltaLink® C8130/C8135/C8145/C8155/C8170 Color Multifunction Printer 5-5 BACKUP AND RESTORE Like cloning, backup & restore, can capture (copy) certain system and device specific settings in a backup file. This file may be reapplied to the same device at any time. This backup can be stored at the device or exported, and the exported file is encrypted. EIP APPLICATIONS Xerox products can offer additional functionality through the X erox Extensible Interface Platform® (EIP). Third party vendors can create Apps that extend the functionality of a product. Xerox signs EIP applications that are developed by Xerox or Xerox partners. Products can be configured to prevent installation of unauthorized EIP applications. Discussion of individual EIP application security is beyond the scope of this document. EIP applications utilize the security framework provided by the Third-party vendor and the EIP configuration of the product. Please consult documentation for individual EIP application as provided by the Third-party vendor for security details. 808 of 1132 813 Security Guide – Xerox® AltaLink® B8145/B8155/B8170 Multifunction Printer Xerox® AltaLink® C8130/C8135/C8145/C8155/C8170 Color Multifunction Printer 6-1 6. Configuration and Security Policy Management Solutions Xerox Device Manager and Xerox® CentreWare® Web (available as a free download) centrally manage Xerox Devices. Additionally, AltaLink® products come with McAfee built in and can be managed with McAfee ePO™ providing an enhanced security posture supporting proactive monitoring, threat detection, and remediation capabilities. For details please visit Xerox.com or speak with a Xerox representative. 809 of 1132 814 Security Guide – Xerox® AltaLink® B8145/B8155/B8170 Multifunction Printer Xerox® AltaLink® C8130/C8135/C8145/C8155/C8170 Color Multifunction Printer 7-1 7. Identification, Authentication, and Authorization AltaLink® products offer a range of authentication and authorization options to support various environments. Single Factor authentication is supported locally on the product or via external network authentication servers (e.g., LDAP, Kerberos, ADS). Multi Factor authentication is supported by addition of card reader hardware. (Where ease of access is desired, open access and simple user identification modes also exist, however these are not recommended for secure environments.) In all modes, product administrator accounts always require authentication. This cannot be disabled. A flexible RBAC (Role-Based Access Control) security model enables granular control to assign user permissions. Once a user has been authenticated, the product grants (or denies) user permissions based upon the role(s) they have been assigned to. Pre-defined roles that may be used or custom roles may be created as desired. Authentication Xerox® AltaLink® devices support the following authentication mode: Local Authentication Network Authentication Smart Card Authentication (CAC, PIV, SIPR, etc.) Convenience Authentication LOCAL AUTHENTICATION The local user database stores user credential information. The printer uses this information for local authentication and authorization, and for Xerox Standard Accounting. When you configure local authentication, the printer checks the credentials that a user provides against the information in the user database. When you configure local authorization, the printer checks the user database to determine which features the user is allowed access. Each device has a unique default administrator password which should be changed as soon as possible along with enabling recommended security features to secure the system. Note: User names and passwords stored in the user database are not transmitted over the network and passwords are encrypted. 810 of 1132 815 Security Guide – Xerox® AltaLink® B8145/B8155/B8170 Multifunction Printer Xerox® AltaLink® C8130/C8135/C8145/C8155/C8170 Color Multifunction Printer 7-2 PASSW ORD POLICY The following password attributes can be configured: Password Policy Minimum Length 1 Maximum Length 63 Default Minimum 4 Password cannot contain User Name Supported Password complexity options (in addition to alphabetic characters) Can be set to require a number, an upper case character, lower case character and a special character Admin password can be set using any character within the printable Unicode and the AltaLink default administrator password meets the 2020 California Password Law (SB-327). This law states that each ‘internet-connectable’ device must have a unique password by default. All newly sold Xerox devices will have the default administrator password be the serial number of the device. It is recommended the customer change this new default administrator password, as soon as possible, to a strong password that the customer can use and recall. NETWORK AUTHENTICATI ON When configured for network authentication, user credentials are validated by a remote authentication server. Network Authentication Providers Kerberos (Microsoft Active Directory) Supported Kerberos (MIT) Supported SMB NTLM Versions Supported NTLMv2 LDAP Versions Supported Version 3 (including TLS 1.2) SMART CARD AUTHENTICATION Smart Card authentication is considered very secure due to the nature of the Smart Card architecture and potential levels of encryption of data on the card itself. It provides two-factor security: 1) a PIN is required to unlock the smart card and 2) the user’s smart card credential is authenticated over the network using Kerberos PKINIT authentication. Smart Card Authentication requires card reader hardware. Please contact Xerox Support for a list of supported cards and card readers. Smart Cards Common Access Card (CAC) Supported PIV/ PIV II Supported Gemalto MD Supported SIPR Supported 811 of 1132 816 Security Guide – Xerox® AltaLink® B8145/B8155/B8170 Multifunction Printer Xerox® AltaLink® C8130/C8135/C8145/C8155/C8170 Color Multifunction Printer 7-3 Support for the SIPR network is provided using a Smart Card authentication solution created by 90meter under contract for Xerox. Details regarding 90meter can be found online here: https://www.90meter.com/ CONVENI ENCE AUTHENTICATION Convenience authentication offloads authentication to a third-party solution which may offer more or less security than native security implementations. Users swipe a pre-programmed identification card or key fob to access the device. For example, employees may be issued key fobs for access to facilities. Convenience mode may be configured to allow an employee to authenticate using their fob or require the fob in a multi- factor manor. The level of security provided is dependent upon the chosen implementation. Some examples of third-party convenience authentication providers include: Xerox Workplace Cloud https://www.xerox.com/ Pharos print management solutions https://pharos.com/ YSoft SafeQ https://www.ysoft.com/en Contact your Xerox sales representative for details and other options. Authorization (Role-Based Access Controls) AltaLink® products offer granular control of user permissions. Users can be assigned to pre- defined roles or customers may design highly flexible custom permissions. A user must be authenticated before being authorized to use the services of the product. Authorization ACLs (Access Control Lists) are stored in the local user database. Authorization privileges (referred to as permissions) can be assigned on a per user or group basis. Please note that Xerox products are designed to be customizable and support various workflows as well as security needs. User permissions include security-related permissions and non-security related workflow permissions (e.g., walkup user options, copy, scan, plex, etc.). Only security- related permissions are discussed here. REMOTE ACCE SS Without RBAC permissions defined basic information such as model, serial number, and software version can be viewed by unauthenticated users. This can be disabled by restricting access to the device website pages for non-logged-in users. By default, users are allowed to view basic status and support related information, however they are restricted from accessing device configuration settings. Permission to view this information can be disallowed. LOCAL ACCESS Without RBAC permissions defined basic information such as model, serial number, software version, IP address, and host name can be viewed without authentication. This can be disabled by disallowing access to device settings for unauthenticated users. 812 of 1132 817 Security Guide – Xerox® AltaLink® B8145/B8155/B8170 Multifunction Printer Xerox® AltaLink® C8130/C8135/C8145/C8155/C8170 Color Multifunction Printer 7-4 By default, users are allowed to access the local interface, however, they are restricted from accessing device configuration settings. Roles can be configured to allow granular access to applications, services, and tools. Users can be also restricted from accessing the local interface completely. 813 of 1132 818 Security Guide – Xerox® AltaLink® B8145/B8155/B8170 Multifunction Printer Xerox® AltaLink® C8130/C8135/C8145/C8155/C8170 Color Multifunction Printer 8-1 8. Additional Information and Resources Security @ Xerox® Xerox maintains an evergreen public web page that contains the latest security information pertaining to its products. Please see https://www.xerox.com/security. Responses to Known Vulnerabilities Xerox has created a document which details the Xerox Vulnerability Management and Disclosure Policy used in discovery and remediation of vulnerabilities in Xerox software and hardware. It can be downloaded from this page: https://www.xerox.com/information-security/information-security- articles-whitepapers/enus.html Additional Resources Below are additional resources. Security Resource URL Frequently Asked Security Questions https://www.xerox.com/en-us/information- security/frequently-asked-questions Common Criteria Certified Products https://security.business.xerox.com/en- us/documents/common-criteria/ Current Software Release Quick Lookup Table https://www.xerox.com/security Bulletins, Advisories, and Security Updates https://www.xerox.com/security Security News Archive https://security.business.xerox.com/en-us/news/ 814 of 1132 819 Security Guide – Xerox® AltaLink® B8145/B8155/B8170 Multifunction Printer Xerox® AltaLink® C8130/C8135/C8145/C8155/C8170 Color Multifunction Printer 9-2 9. Appendix A: Product Security Profiles This appendix describes specific details of each AltaLink® product. AltaLink® B8145/B8155/B8170 &C8130/C8135/C8145/C8155/C8170 PHYSICAL OVERVIEW . 815 of 1132 820 1. Stabilizer 2. Bypass paper feed tray 3. Front USB Port(s )' 4. Touch soreen user interface 5. Upper paper tray 6. Lower pa,pertray 7. Paper feed traysj Cove r N eeds to be remov ed t o revea l a. Smart Pro)(jimity Sensor- 9. Rear USB Por1{sl* 110. ~Wi-Fi ~ ~Porr/~ Bluetooth ~port 111. RJ45 Ethernet connection• 112. Seivice 1port 113. AC Power □ Security Guide – Xerox® AltaLink® B8145/B8155/B8170 Multifunction Printer Xerox® AltaLink® C8130/C8135/C8145/C8155/C8170 Color Multifunction Printer 9-3 SECURITY RELATED INT ERFACES Security Related Interfaces Ethernet 10/100/1000 MB Ethernet interface. Optional Wi-Fi Dongle Supports optional 802.11 Dongle. Optional Bluetooth MicroAdapter Supports optional iBeacon support for AirPrint Discovery through Bluetooth Low Energy Beacons. Rear USB 3.0 (Type B) USB target connector used for printing. Note: This port can be disabled completely by a system administrator. Front & Rear USB2.0 (Type A) port(s) Users may insert a USB thumb drive to print from or store scanned files to. (Physical security of this information is the responsibility of the user or operator.) Note that features that leverage USB ports (such as Scan To USB) can be disabled independently based on services. Firmware upgrades may be applied using this port. Connection of optional equipment such as NFC or CAC readers. Note: This port can be disabled completely by a system administrator. C O NTROLLER NON -VOLATIL E STORAGE Model Size Type Use User Data How to Clear Non- Volatile B8170, B8155, B8145, C8130, C8135, C8145, C8155, C8170 120 GB or higher SSD* Contains User Data (e.g., Print, Scan, Fax) and Configuration Settings. This data is encypted and Encyption is always-on Yes Factory Reset Yes B8170, B8155, B8145, C8130, C8135, C8145, C8155, C8170 320 GB HDD** Contains User Data (e.g., Print, Scan, Fax) and Configuration Settings. This data is encypted and Encyption is always-on Yes Factory Reset Yes *SSD: Solid State Drive, is a Standard Configuration **HDD: Magnetic Hard Disk Drive, is a purchasable option 816 of 1132 821 I I I I I Security Guide – Xerox® AltaLink® B8145/B8155/B8170 Multifunction Printer Xerox® AltaLink® C8130/C8135/C8145/C8155/C8170 Color Multifunction Printer 9-4 CONTROLLER VOLATILE MEMORY Model Size Type Use User Data How to Clear Non- Volatile B8170, B8155, B8145, C8130, C8135, C8145, C8155 4 GB DDR3 DRAM Executable code, Printer control data, temporary storage of job data Yes Power off system Yes C8170 8 GB DDR3 DRAM Executable code, Printer control data, temporary storage of job data Yes Power off system Yes Additional Information: The controller operating system memory manager allocates memory dynamically between OS, running processes, and temporary data which includes jobs in process. When a job is complete, the memory pages in use are freed and reallocated as required by the OS. MARKING ENGINE NON -V OLATILE STORAGE The marking engine does not contain any non-volatile storage. MARKING ENGINE VOLAT ILE MEMORY The marking engine volatile memory does not store or process user data. 817 of 1132 822 I I I I I Security Guide – Xerox® AltaLink® B8145/B8155/B8170 Multifunction Printer Xerox® AltaLink® C8130/C8135/C8145/C8155/C8170 Color Multifunction Printer 10-1 10. Appendix B: Security Events Xerox AltaLink Security Events ID Event Description 1 System Startup Device Name Device Serial Number 2 System Shutdown Device Name Device Serial Number 3 Standard ODIO Started Device Name Device Serial Number 4 Standard ODIO Complete Device Name Device Serial Number Overwrite Status 5 Print Job Job Name User Name Source Service Name Completion Status IIO Status Accounting User ID Accounting Account ID 6 Network Scan Job Job Name User Name Completion Status IIO status Accounting User ID Accounting Account ID Total Number Net Destination Net Destination 7 Server Fax Job Job Name User Name Completion Status IIO Status Accounting User ID Accounting Account ID Total Fax Recipient Phone Numbers Fax Recipient Phone Numbers Net Destination 8 iFax Job Name User Name Completion Status IIO Status 818 of 1132 823 Security Guide – Xerox® AltaLink® B8145/B8155/B8170 Multifunction Printer Xerox® AltaLink® C8130/C8135/C8145/C8155/C8170 Color Multifunction Printer 10-2 Accounting User ID Accounting Account ID Total Number of SMTP Recipients SMTP Recipients 9 Email Job Job Name User Name Completion Status IIO Status Accounting User ID Accounting Account ID Encryption On or Off Total Number of SMTP Recipients SMTP Recipients 10 Audit Log Disabled Device Name Device Serial Number 11 Audit Log Enabled Device Name Device Serial Number 12 Copy Job Job Name User Name Completion Status IIO Status Accounting User ID Accounting Account ID 13 Embedded Fax Job Name User Name Completion Status IIO Status Accounting User ID Accounting Account ID Total Fax Recipient Phone Numbers Fax Recipient Phone Numbers 14 LAN Fax Job Job Name User Name Completion Status IIO Status Accounting User ID Accounting Account ID Total Fax Recipient Phone Numbers Fax Recipient Phone Numbers 16 Full ODIO Started Device Name Device Serial Number 17 Full ODIO Complete Device Name Device Serial Number Overwrite Status 20 Scan to Mailbox Job Job Name or Directory Name 819 of 1132 824 Security Guide – Xerox® AltaLink® B8145/B8155/B8170 Multifunction Printer Xerox® AltaLink® C8130/C8135/C8145/C8155/C8170 Color Multifunction Printer 10-3 User Name Completion Status IIO Status 21 Delete File/Directory Job Name or Directory Name User Name Completion Status IIO Status 23 Scan to Home User Name Device Name Device Serial Number Completion Status (Enabled/Disabled) 24 Scan to Home Job Job Name or Directory Name User Name Completion Status (Normal/Error) IIO Status Accounting User ID Name Accounting Account ID Name Total Number Net Destination Net Destination 25 Copy Store Job Job Name or Directory Name User Name Completion Status (Normal/Error) IIO Status 26 PagePack Login Device Name Device Serial Number Completion Status: Success (if Passcode is okay) Failed (if Passcode is not okay) Locked Out (if max attempts exceed 5) Time Remaining: Hrs (Remaining for next attempt) Min (Remaining for next attempt) 27 Postscript Passwords Device Name Device Serial Number Startup Mode or System Params Password or Start Job Password 29 Network User Login User Name Device Name Device Serial Number Completion Status (Success/Failed) 30 SA Login User Name Device Name Device Serial Number Completion Status (Success/Failed) 31 User Login User Name Device Name 820 of 1132 825 Security Guide – Xerox® AltaLink® B8145/B8155/B8170 Multifunction Printer Xerox® AltaLink® C8130/C8135/C8145/C8155/C8170 Color Multifunction Printer 10-4 Device Serial Number Completion Status (Success/Failed) 32 Service Login Service Name Device Name Device Serial Number Completion Status (Success/Failed) 33 Audit Log Download User Name Device Name Device Serial Number Destination (WebUI, USB drive) Completion Status (Success/Failed) 34 IIO Feature Status User Name Device Name Device Serial Number IIO Status (Enabled/Disabled) 35 SA Pin Changed User Name Device Name Device Serial Number Completion Status 36 Audit Log Saved User Name Device Name Device Serial Number Completion Status 38 X509 Certificate User Name Device Name Device Serial Number Completion Status (Created/Uploaded/Downloaded) 39 IP Sec User Name Device Name Device Serial Number Completion Status (Configured/Enabled/Disabled/Terminated) 40 SNMPv3 User Name Device Name Device Serial Number Completion Status (Configured/Enabled/Disabled/Terminated) 41 IP Filtering Rules User Name Device Name Device Serial Number Completion Status (Rule Added/Rule Edited/Rule Deleted) 42 Network Authentication User Name Device Name Device Serial Number Completion Status (Configured/Enabled/Disabled) 821 of 1132 826 Security Guide – Xerox® AltaLink® B8145/B8155/B8170 Multifunction Printer Xerox® AltaLink® C8130/C8135/C8145/C8155/C8170 Color Multifunction Printer 10-5 43 Device Clock User Name Device Name Device Serial Number Completion Status (Time Zone Changed/Date/Time Changed/Time Format Changed/Date Format Changed ) 44 SW Upgrade User Name Device Name Device Serial Number Completion Status (Success/Failed) 45 Cloning User Name Device Name Device Serial Number Completion Status 46 Scan Metadata Validation Device Name Device Serial Number Completion Status (Success/Failed) 47 Xerox Secure Access Device Name Device Serial Number Completion status (Configured/Enabled/Disabled) 48 Service Login Copy Mode Service Name Device Name Device Serial Number Completion Status (Success/Failed) 49 Smartcard (CAC/PIV) Access User Name (if valid Card and Password are entered) Device Name Device Serial Number Completion Status (Success/Failed) 50 Process Terminated Device Name Device Serial Number Process Name Termination Reason 51 ODIO Scheduled User Name Device Name Device Serial Number Completion Status (Enabled/Disabled) ODIO Schedule Mode Configured ODIO Schedule Frequency Configured ODIO Schedule Day of Week Configured ODIO Schedule Day of Month Configured 53 CPSR Backup File Name User Name Completion Status (Normal/Error) IIO Status 54 CPSR Restore File Name 822 of 1132 827 Security Guide – Xerox® AltaLink® B8145/B8155/B8170 Multifunction Printer Xerox® AltaLink® C8130/C8135/C8145/C8155/C8170 Color Multifunction Printer 10-6 User Name Completion Status (Normal/Error) IIO Status 55 SA Tools Access Admin Device Serial Number Completion Status (Locked/Unlocked) 57 Session Timer Logout Device Name Device Serial Number Interface (WebUI, LUI, CAC) User Name (who was logged out) Session IP (if available) 58 Session Timer Interval Change Device Name Device Serial Number Interface (WebUI, LUI, CAC) (Timer affected by change) User Name (who made this change) Session IP (if available) Completion Status (Success/Failed) 59 Feature Access Control User Name Device Name Device Serial Number Completion Status (Enabled/Disabled/Configured) Interface (WebUI, LUI, CAC, SNMP) Session IP Address (if available) 60 Device Clock NTP Device Name Device Serial Number Enable/Disable/Config NTP NTP Server IP Address/Hostname Server Port Completion Status (Success/Failed) 61 Grant/Revoke Admin Rights Device Name Device Serial Number User Name (of target user) Grant or Revoke (the admin right) Completion Status (Success/Failed) 62 Smartcard (CAC/PIV) User Name Device Name Device Serial Number Card type (SIPR Token, CAC/PIV) Completion Status (Success/Failed) 63 IPv6 User Name Device Name Device Serial Number Completion Status (Success/Failed) 64 802.1x User Name Device Name Device Serial Number Completion Status (Success/Failed) 65 Abnormal System Termination Device Name Device Serial Number 823 of 1132 828 Security Guide – Xerox® AltaLink® B8145/B8155/B8170 Multifunction Printer Xerox® AltaLink® C8130/C8135/C8145/C8155/C8170 Color Multifunction Printer 10-7 66 Local Authentication User Name Device Name Device Serial Number Completion Status (Enabled/Disabled) 67 Web User Interface Authentication User Name Device Name Device Serial Number Authentication Method Enabled (Network/Local) 68 FIPS Mode User Name Device Name Device Serial Number Completion Status (Enable/Disable/Configure) 69 Xerox Secure Access Login User Name Device Name Device Serial Number Completion Status (Success/Failed) 70 Print from USB User Name Device Name Device Serial Number Completion Status (Enabled/Disabled) 71 USB Port Enable/Disable User Name Device Name Device Serial Number USB Port ID Completion Status (Enabled/Disabled) 72 Scan to USB User Name Device Name Device Serial Number Completion Status (Enabled/Disabled) 73 System Log Download Username Device Name File Names Downloaded Destination (IP address or USB device) Completion Status (Success/Failed) 74 Scan to USB Job Job Name User Name Completion Status IIO Status Accounting User ID Name Accounting Account ID Name 75 Remote UI Feature User Name Device Name Device Serial Number Completion Status (Enabled/Disabled/Configured) 76 Remote UI Session User Name Device Name Device Serial Number Completion Status (Initiated/Terminated) Remote Client IP Address 824 of 1132 829 Security Guide – Xerox® AltaLink® B8145/B8155/B8170 Multifunction Printer Xerox® AltaLink® C8130/C8135/C8145/C8155/C8170 Color Multifunction Printer 10-8 77 Remote Scan Feature (Driver) User Name Device Name Device Serial Number Completion Status (Enable/Disable) 78 Remote Scan Job Submitted (Driver) User Name (at client if available) IP Address of Submitting Client Device Name Device Serial Number Job Name (if accepted) Completion Status (Accept/Reject/Request) 79 Scan to Web Service Job Remote Scan Job Completed (Driver) Job name User Name Accounting User ID Name Accounting Account ID Name Completion Status (Destination) 80 SMTP Connection Encryption User Name Device name Device Serial Number Completion Status (Enabled for STARTLS/ Enabled for STARTLS if available/ Enabled for TLS/Disabled/Configured) 81 Email Domain Filtering Rule User Name Device Name Device Serial Number Completion Status (Feature Enabled/Feature Disabled/Rule Added/Rule Deleted) 82 Software Self Test Started Device Name Device Serial Number 83 Software Self Test Complete Device Name Device Serial Number Completion Status (Success/Failed/Cancelled) 84 McAfee Security State User Name Device Name Device Serial Number Security Mode (Enhanced Security/Integrity Control) Completion Status (Enabled/Disabled/Pending) 85 McAfee Security Event Device Name Device Serial Number Type (Read/Modify/Execute/Deluge) McAfee Message Text 87 McAfee Agent User Name Device Name Device Serial Number Completion Status (Enabled/Disabled) 88 Digital Certificate Import Failure Device Name Device Serial Number Email Address of Requestor (if available) Failure Reason (Invalid Address/Invalid Certificate/Invalid Signature) 825 of 1132 830 Security Guide – Xerox® AltaLink® B8145/B8155/B8170 Multifunction Printer Xerox® AltaLink® C8130/C8135/C8145/C8155/C8170 Color Multifunction Printer 10-9 89 User Name Add/Delete User Name (Managing User Names) Device Name Device Serial Number User Name Added or Deleted Completion Status (Created/Deleted) 90 User Name Password Change User Name (Managing Passwords) Device Name Device Serial Number User Name Affected Completion Status (Password Modified) 91 eFax Job Secure Print Passcode User Name (Managing Passcodes) Device Name Device Serial Number Completion Status (Passcode Created/Changed) 92 Scan2Mailbox Folder Password Change User Name (Managing Passwords) Device Name Device Serial Number Folder Name Completion Status (Password was Changed) 93 eFax Mailbox Passcode User Name (Managing Passcodes) Device Name Device Serial Number Completion Status (Passcode Created/Changed) 94 FTP/SFTP Filing Passive Mode User Name Device Name Device Serial Number Completion Status (Enabled/Disabled) 95 eFax Forwarding Rule User Name Device Name Device Serial Number Fax Line 1 or 2 (if applicable) Completion Status (Rule Edit/Rule Enabled/Rule Disabled) 96 EIP Weblets Allow Install User Name Device Name Device Serial Number Completion Status (Enable Installation/Block Installation) 97 EIP Weblets Install User Name Device Name Device Serial Number Weblet Name Action (Install/Delete) Completion (Success/Fail) 98 EIP Weblets Enable User Name Device Name Device Serial Number Weblet Name Completion Status (Enable/Disable) 99 Network Connectivity User Name Device Name 826 of 1132 831 Security Guide – Xerox® AltaLink® B8145/B8155/B8170 Multifunction Printer Xerox® AltaLink® C8130/C8135/C8145/C8155/C8170 Color Multifunction Printer 10-10 Device Serial Number Completion Status (Enable Wireless/Disable Wireless/ Configure Wireless/Enable Wired/Disable Wired/ Configure Wired/Enable WiFi Direct/Disable WiFi Direct/Configure WiFi Direct) 100 Address Book Permissions User Name Machine Name Machine serial number Completion Status (SA Only/Open Access Enabled WebUI)/ (SA Only/Open Access Enabled LocalUI) 101 Address Book Export User Name Machine Name Machine Serial Number 102 SW Upgrade User Name Device Name Device Serial Number Completion Status (Enable Installation/Disable Installation) 103 Supplies Plan Activation Device Name Device Serial Number Completion Status Success (if Passcode is okay) Failed (if Passcode is not okay) Locked out (if Max Attempts Exceed 5) Time Remaining Hrs (remaining for next attempt) Min (remaining for next attempt) 104 Plan Conversion Device Name Device Serial Number Completion Status Success (if Passcode is okay) Failed (if Passcode is not okay) Locked out (if Max Attempts Exceed 5) Time Remaining Hrs (remaining for next attempt) Min (remaining for next attempt) 105 IPv4 User Name Device Name Device Serial Number Completion Status (Enabled Wireless/Disabled Wireless/ Configured Wireless/Enabled Wired/Disabled Wired/ Configured Wired) 106 SA PIN Reset Device Serial Number Completion Status (Success/Failed) 107 Convenience Authentication Login User Name Device Name Device Serial Number Completion Status (Success/Failed) 108 Convenience Authentication User Name Device Name Device Serial Number Completion Status 827 of 1132 832 Security Guide – Xerox® AltaLink® B8145/B8155/B8170 Multifunction Printer Xerox® AltaLink® C8130/C8135/C8145/C8155/C8170 Color Multifunction Printer 10-11 (Enabled/Disabled/Configured) 109 eFax Passcode Length User Name (Managing Passcodes) Device Name Device Serial Number Completion Status (Passcode Length Changed) 110 Custom Authentication Login User Name Device Name Device Serial Number Completion Status (Success/Failed) 111 Custom Authentication User Name Device Name Device Serial Number Completion Status (Enabled/Disabled/Configured) 112 Billing Impression Mode User Name Device Name Device Serial Number Mode Set to (A4 Mode/A3 Mode) Completion Status (Success/Failed) 114 Device Cloning User Name Device Name Device Serial Number Completion Status (Enable for Encrypted Files Only/Disable) 115 Save for Reprint Job Job Name User Name Print from USB/Print from URL Completion Status 116 WebUI Access Configure Device Name Device Serial Number Completion Status (Standard Access/Open Access/Restricted) 117 System Log Push to Xerox Username if Authenticated Server Destination URL Log Identifier String (Filename) Completion Status (Success/Failed) 119 Scan to WebDAV Job Job Name User Name Completion Status IIO status Accounting User ID Name Accounting Account ID Name WebDAV Destination 123 Near Field Communication User Name Device Name Device Serial Number Completion Status (Enabled/Disabled) 124 Invalid Login Attempt Lockout Device Name Device Serial Number Interface (WebUI, Local UI) Session IP Address (if available) 828 of 1132 833 Security Guide – Xerox® AltaLink® B8145/B8155/B8170 Multifunction Printer Xerox® AltaLink® C8130/C8135/C8145/C8155/C8170 Color Multifunction Printer 10-12 125 Protocol Audit Log Enable/Disable User Name Device Name Device Serial Number Completion Status (Enable/Disable) 126 Display Device Information Configure User Name Device Name Device Serial Number Completion Status (Configured) 127 Invalid Login Lockout Expires Device Name Device Serial Number Interface (WebUI) Session IP Address (if available) Count of Invalid Attempts: xx attempts, where xx = the number of attempts 128 Erase Customer Data Device Serial Number Erase Customer Data Device Serial Number Completion Status (Success/Failed) 129 Audit Log SFTP Scheduled Configure User Name Device Name Device Serial Number Completion Status (Enable/Disable/Configured) 130 Audit Log SFTP Transfer User Name Device Name Device Serial Number Destination Server Completion Status (File Transmitted) 131 Remote Software Download User Name Device Name Device Serial Number Completion Status (Enable/Disable) 132 AirPrint & Mopria Scanning User Name Device Name Device Serial Number Completion Status (Enable/Disable/Configured) 133 AirPrint & Mopria Scan Job Submitted Job Name (if accepted) User Name (if available) IP Address of Submitting Client Device Name Device Serial Number Completion Status (Accept/Reject Request) 134 AirPrint & Mopria Scan Job Completed Job Name User Name (if available) Completion Status 136 Remote Services NVM Write Device Name Device Serial Completion Status (Success/Fail) 137 Remote Services FIK Install Device Name Device Serial 829 of 1132 834 Security Guide – Xerox® AltaLink® B8145/B8155/B8170 Multifunction Printer Xerox® AltaLink® C8130/C8135/C8145/C8155/C8170 Color Multifunction Printer 10-13 Completion Status (Success/Fail) User-readable names for the features being installed 138 Remote Services Data Push Device Name Device Serial Completion Status (Success/Fail) 139 Remote Services User Name, Device Name Device Serial Status (Enabled/Disabled) 140 Restore User Name Device Name Device Serial Number Completion Status (Enable/Disable) 141 Backup-Restore File Downloaded File Name User Name Interface (WebUI) IP Address of the Destination (if applicable) Completion Status (Success/Failed) 142 Backup-Restore Restore Installed File Name User Name Device Name Device IP address Interface (WebUI) Completion Status (Success/Failed) 143 Google Cloud Services User Name Device Name Device Serial Number Completion Status (Enabled/Disabled/Configured) 144 User or Group Role Assignment User Name Device Name Device Serial Number User or Group Name (Assigned) Role Name Action (Added/Removed) 145 User Permission Role User Name Device Name Device Serial Number Role Name Completion Status (Created/Deleted/Configured) 146 Admin Password Policy Configure User Name Device Name Device Serial Number 147 Local User Account Password Policy User Name Device Name Device Serial Number 148 Restricted Admin Login User Name Device Name Device Serial Number Completion Status (Success/Failed) 830 of 1132 835 Security Guide – Xerox® AltaLink® B8145/B8155/B8170 Multifunction Printer Xerox® AltaLink® C8130/C8135/C8145/C8155/C8170 Color Multifunction Printer 10-14 149 Grant/Revoke Restricted Admin Rights User Name (of user making the change) Device Name Device Serial Number User Name (of target user) Action (Grant/Revoke) 150 Manual Session Logout Device Name Device Serial Number Interface (WebUI, LUI, CAC) User Name (who was logged out) Session IP (if available) 151 IPP User Name Device Name Device Serial Number Completion Status (Enabled/Disabled/Configured) 152 HTTP Proxy Server User Name Device Name Device Serial Number Completion Status (Enabled/Disabled/Configured) 153 Remote Services Software Download Device Name Device Serial Number File Name 154 Restricted Admin Permission Role User Name Device Name Device Serial Number Restricted Admin Role Name Completion Status (Created/Deleted/Configured) 155 EIP Weblet Installation Security Policy User Name Device Name Device Serial Number Policy (Allow Installation of Encrypted Weblets/Allow Installation of Both Encrypted and Unencrypted Weblets) 156 Lockdown and Remediate Security User Name Device Name Device Serial Number Completion Status (Enabled/Disabled) 157 Lockdown Security Check Complete User Name Device Name Device Serial Number Completion Status (Success/Failed) 158 Lockdown Remediation Complete User Name Device Name Device Serial Number Completion Status (Success/Failed) 159 Send Engineering Logs on Data Push User Name (if available) Device Name Device Serial Number Current Setting (Enabled/Disabled) 831 of 1132 836 Security Guide – Xerox® AltaLink® B8145/B8155/B8170 Multifunction Printer Xerox® AltaLink® C8130/C8135/C8145/C8155/C8170 Color Multifunction Printer 10-15 160 Allow the Print Submission of Clone Files User Name (if available) Device Name Device Serial Number Completion Status (Enabled/Disabled) 161 Network Troubleshooting Start/Stop User Name Device Name Device Serial Number Completion Status (Started/Stopped) 162 Network Troubleshooting Data Download User Name File Name (of downloaded file) Device Name Device Serial Number Destination (IP Address) Completion Status (Success/Failed) 163 DNS-SD Text File Download User Name File Name (of downloaded file) Device Name Device Serial Number Destination (IP address) Completion Status (Success/Failed) 164 1-Touch App Management User Name Device Name Device Serial Number 1-Touch Application Display Name Action (Install/Un-install) Completion Status (Success/Failed) 165 SMB Browse User Name Device Name Device Serial Number Completion Status (Enabled/Disabled/Configured) 166 Job Data Removal Standard Started Device Name Device Serial Number 167 Job Data Removal Standard Complete Device Name Device Serial Number Completion Status (Success/Failed) 168 Job Data Removal Full Started Device Name Device Serial Number 169 Job Data Removal Full Complete Device Name Device Serial Number Completion Status (Success/Failed) 170 Scheduled Job Data Removal Configure User Name Device Name Device Serial Number Completion Status (Enable/Disable/Configured) 171 Cross-Origin Resource Sharing (CORS) User Name Device Name Device Serial Number Completion Status (Enable/Disable) 832 of 1132 837 Security Guide – Xerox® AltaLink® B8145/B8155/B8170 Multifunction Printer Xerox® AltaLink® C8130/C8135/C8145/C8155/C8170 Color Multifunction Printer 10-16 172 1-Touch App Export User Name Device Name Device Serial Number Completion Status (Success/Failed) 173 Device File Distribution Trust Operations User Name Device Name Device Serial Number Member Name Member Serial Number TC Lead Device Name TC Lead Serial Number Trust Operation (Grant/Revoke) Completion Status (Success/Failed) 174 Device File Distribution Feature User Name Device Name Device Serial Number Trust Operation (Enable/Disable/Configure) Completion Status (Success/Failed) 175 Device File Distribution – Store File for Distribution User Name Device Name Device Serial Number File type (SWUP/Clone/Add-On) File Name 176 Xerox Configuration Watchdog User Name Device Name Device Serial Number Completion Status (Enabled/Disabled) 177 Xerox Configuration Watchdog Check Complete User Name (if available, SYSTEM, if executed as a scheduled event) Device Name Device Serial Number Completion Status (Success/Failed) 178 Xerox Configuration Watchdog Remediation Complete User Name (if available, SYSTEM, if executed as a scheduled event) Device Name Device Serial Number Completion Status (Success/Failed) 179 ThinPrint Feature User Name Device Name Device Serial Number Completion Status (Enabled/Disabled/Configured) 180 Beaconing for iBeacon for AirPrint Discovery User Name Device Name Device Serial Number Completion Status (Enabled/Disabled) 181 Network Troubleshooting User Name Device Name Device Serial Number Completion Status (Installed/Uninstalled) 182 POP3 Connection Encryption (TLS) User Name Device Name 833 of 1132 838 Security Guide – Xerox® AltaLink® B8145/B8155/B8170 Multifunction Printer Xerox® AltaLink® C8130/C8135/C8145/C8155/C8170 Color Multifunction Printer 10-17 Device Serial Number Completion Status (Enabled/Disabled/Configured) 183 FTP Browse User Name Device Name Device Serial Number Completion Status (Configured/Enabled/Disabled) 184 SFTP Browse User Name Device Name Device Serial Number Completion Status (Configured/Enabled/Disabled) 189 Smart Proximity Sensor Sleep on Departure User Name Device Name Device Serial Number Completion Status (Enabled/Disabled) 190 Cloud Service User Name Device Name Device Serial Number Completion Status (Enabled/Disabled) 192 Scan to Cloud Job Job Name User Name Cloud Service Completion Status IIO Status Accounting User ID Name Accounting Account ID Name 193 Xerox Workplace Cloud User Name Device Name Device Serial Number Completion Status (Enabled/Disabled) 194 Scan to Save FTP and SFTP Credentials Policy User Name Device Name Device Serial Number Completion Status (Never/Always/Prompt) 195 Card Reader Device Name Device Serial Number Completion Status (Connected/Disconnected) 196 EIP Apps User Name Device Name Device Serial Number App Name Action (Install/Delete) Completion Status (Success/Failed) 197 EIP Apps User Name Device Name Device Serial Number App Name Action (Install/Delete) Completion Status (Enabled/Disabled) 204 Syslog Server User Name 834 of 1132 839 Security Guide – Xerox® AltaLink® B8145/B8155/B8170 Multifunction Printer Xerox® AltaLink® C8130/C8135/C8145/C8155/C8170 Color Multifunction Printer 10-18 Device Name Device Serial Number Server IPv4 Address (if available) Server IPv6 Address (if available) Completion Status (Configured/Enabled/Disabled) 205 TLS (Version and/or Hash) User Name Device Name Device Serial Number Completion Status (Configured) 835 of 1132 840 Xerox Resources: Coordinate contract implementation, including designating associated Project Manager The Account General Managers, Contract Manager, along with support from the Account Team, will be responsible to ensure efficient and effective management and administration of the contract. Implementations will be project managed by the Client Manager and the Sales Manager for each location. There is an extended team of support resources that will be involved with each implementation and your Client Manager will facilitate this team and is responsible for: • Communicating key information to the Project Team. • Establishing and adhering to the schedule. • Coordinating activities for all other Project Team members. • Providing documentation, including weekly status reports and changes as required. • Making Project Team members aware of all project details, issues and decisions. • Obtaining project closure. Account management for on-going contract monitoring, maintenance and communication Manager Xerox understands and will comply. Account Representative(s) dedicated to UC Locations Manager Xerox understands and will comply. Please also refer to Section III, D.1. To insure customer service satisfaction, Supplier is required to call customer 3 days after equipment installation and training. Customer shall be defined as a designated user for that location. For UC Locations with MFD/Printer Fleet Management Programs, Customer shall be defined as the designated contacts for those Programs Manager Xerox understands and will comply. Follow up will be completed by the assigned Xerox Client Manager supporting the install. On-site sales representation on a regular basis to increase sales activity, assist in resolving problems, demonstrate new products, provide unlimited training and other customer services as required for the efficient operation of the program Manager Xerox understands and will comply. Coordinate all the order/installation process, inquiries regarding order status, and pricing concerns Xerox understands and will comply. Assigned Xerox Client Manager will complete all of the above items. Regular contact and/or meetings (frequency to be determined by each location, though no less than quarterly) between Supplier’s account manager and UC Purchasing and/or MFD/Printer Fleet Management Program at each location to discuss issue resolution, performance activities and all related issues. Xerox understands and will comply. As part of our continuing engagement process, UC representatives and the Xerox account team will hold account review meetings on a regular basis, or as requested. The main objective of these account reviews is to discuss operational and technical issues and performance against standards. Topics discussed may include: open issues and progress toward resolution, proposed /impending changes, status of special projects, optimization/future state review, any UC support requirements, UC management support and UC communication needs. 836 of 1132 841 Monthly Operational Review Meetings Xerox will schedule joint communication and status review meetings with UC’s designated focal point as required. Topics typically discussed include: • Customer support and communication requirements. • Solution activity, metrics, and any analytics. • Open issues and progress toward resolution. • Recommendations for changes. Quarterly Business Review A formal management meeting will be held at a mutually agreed upon location and time. The primary purpose of this meeting is to discuss the services and their relationship to UC’s strategic business goals. The meeting agenda will be mutually agreed upon, and may include the following topics: • Review of the service level reports, trends, and overall services performance. • Review of the progress of the resolution of previously discussed open issues. • Services performance relative to strategic goals. Semi Annual Executive Review Xerox and UC’s executives will hold a semi-annual executive review to discuss mutual objectives, customer business improvement opportunities and strategies. Topics may include: • Annual performance review. • Innovation proposals and opportunities. • Major business and technology changes affecting services delivery or effectiveness. • Maintain a customer service satisfaction level of 98% or better as evidenced by the results of regular customer survey’s conducted by supplier. Xerox understands and will comply. Customer satisfaction and loyalty are Xerox’s number one priority. For this reason, we consistently and proactively elicit customer feedback using a combination of relationship and event-based survey programs. We continuously monitor and polish these programs to ensure we understand the end to end customer experience signals retrieved from the relationship survey and utilize our event-based data to further diagnose deficiencies and drive improvements. Xerox conducts 4 relationship surveys per year (one per quarter) with the goal of obtaining a response from the key decision makers in every account. We utilize a closed-loop management process to review survey results and establish action plans based on those results to ensure positive experiences and interactions with our customers. Xerox tests, validates and ensures that we are meeting our customers’ expectations based on honest feedback that we have obtained through measurement tools such as surveys. We ask for satisfaction feedback so that we can continue to make incremental process improvements that support our customers’ business needs. In addition, Xerox has expanded our standard proactive customer satisfaction system to include a very unique customer polling system called Sentinel TM. We designed the Sentinel system to facilitate gathering end-user customer feedback on a regular basis in order to systematically listen to all employees across a customer’s enterprise. With UC’s permission, Sentinel will send a simple e-mail that prompts one of four responses: delete, send a comment, make a suggestion, or alert Xerox of a problem. Comments, suggestions and problems will “alert Xerox of an opportunity,” automatically opening a dialog box that is completely viewable by 837 of 1132 842 each customer from start to finish. With web-based Sentinel, concerns go straight from your company to Xerox. The system instantly notifies a Xerox Problem Solver, who personally owns the comment through a closed-loop resolution process. The Sentinel “sense and respond” system is a proactive way for Xerox to receive and quickly respond to your feedback. We believe this system sets us apart from our competitors by creating a unique opportunity for our customers to share their thoughts—promoting interaction and collaboration that will strengthen our bottom-line relationships. A designated contact for billing/invoicing questions and issues Accounts are assigned to a specific biller and manager. All billing and invoice inquiries go to our Customer Care Center, where we have multiple resources available to respond to all billing and invoicing questions and issues. 838 of 1132 843 Trade-In Equipment. University warrants that University has the right to transfer title to the Equipment University is trading in as part of an Order ("Trade-In Equipment"), and that the Trade-In Equipment is in good working order and has not been modified from its original configuration (other than by Xerox). Title and risk of loss to the Trade-In Equipment will pass to Xerox when Xerox removes the Trade-In Equipment from University‘s premises. University will maintain the Trade-In Equipment at its present site and in substantially the Trade-In Equipment’s present condition until removed by Xerox. University will pay all accrued charges for the Trade-In Equipment, up to and including payment of the final principal payment number and all applicable maintenance, administrative, supply and finance charges until Xerox removes the Trade-In Equipment from the University’s premises. Upgrades. Xerox’s Purchase and Maintenance as well as Xerox Lease offer allows the University to place additional equipment mainframe orders at the same quoted contract price throughout the 60-month master agreement term, provided each additional equipment placement remains installed for a minimum 60-month term. Xerox will also provide a separate price quote if the University desires to acquire additional equipment having an installation term less than 60-months. The equipment’s features and performance can also be upgraded through the addition of a number of optional accessories. Accessory options included with the mainframe can be obtained at the contract quoted price. Any accessory ordered following the mainframe’s installation will have the price readjusted based on the mainframe’s remaining agreement term. Please remember that the Xerox Purchase and Maintenance as well as Xerox Lease offering is based on a firm 60-month equipment installation term that can only be terminated due to fiscal year funds non- appropriation or an uncured performance failure. If the equipment is cancelled for the University’s convenience and not replaced, or traded to a different unit, the University will be assessed a liquidated damages charge. In order to avoid this charge, Xerox recommends that the equipment either be: (a) exchanged with another University unit, or (b) moved to another University location and replaced with a unit that fits the end users current work requirements. 839 of 1132 844 Time and Materials Current Changes 65191 Time and Materials Price List 840 of 1132 845 xerox . ® Current Changes Published Price Lists – Xerox Internal Use Only CC-1 Time and Materials Price List Xerox Form Number Issue Date Price List Name Reason Changed Sale Range 65191 02/15/17 Time and Materials Price List ADVANCE Pricing Effective 04/01/18 841 of 1132 846 Time and Materials ADVANCED Price List Effective 04/01/18 (Supersedes 05/01/17) 1 65191 1. TIME: Below are the labor rates charged for repair of equipment not covered by Basic Services. The rates are subject to change without notice. Charges do not include replacement parts used in repair. Replacement parts used in repair will be billed in addition to the labor charge. See item 2 on next page. LABOR RATES FOR HIGH END PRODUCTS (NEW AND USED) DocuTech/Nuvera: PP135, NP135, All Nuvera, 6100, 6115, 6135, 6155, 6180, HighLight Color 180/155/128, XDOD / DigiPath, SBMF, SBMF-1, SBMF-2, SFBM, SQFBM & DBSF High End System Printing: MICR/Non-MICR, IPS, LPS, NPS; 4050, 4250, 4650, 4075, 4090, 4135, 4635, DP96, DP100, DP135, DP155, DP180, DP390, DP425DUP, DP425DUPU, DP500, DP500DUP, DP525DUP, DP525DUPU, DP525DUP1, DP525MX-MX1-MX2, CF495DUP, CF650DUP, CCF490, DP2K100, DP2K115, DP2K135, DP2K155, DP2K180, HLC128, HCL155, HCL180, HLCP128, HLCP155 & HLCP180, ESPRESSO, All CiPress, any and all DFEs that support these products. Production Color: Fiery, Splash, Creo (Scites), DocuSP, DocuColor 2045/2060/6060/5352/5000/6060/7000/8000, C60/C70, X700s, X770s, & any and all iGEN models up through and including IGEN 5, 8250 and all DFEs that support these products. Early Production Color: V180B, V180P, V3100, V80B, V80P, V2100, C75, J75, XC800/XC1000/ XC800P/XC1000P/XC1000i, XC550, XC560, XC570, and any all associated DFEs that support these products. Production Ink Jet: Brenva HD, Rialto 900, Trivor 2400HD, All Xerox iPrint Products and any all associated DFEs that support these products. CALL CHARGE LABOR RATES PER ADDITIONAL 15 MINUTES OR PORTION THEREOF (UNIT OF SERVICE) (INCLUDES FIRST 30 MINUTES OF LABOR) REGULAR BUSINESS HOURS 8:00 AM TO 5:00 PM MONDAY - FRIDAY EXCEPT HOLIDAYS PREMIUM BUSINESS HOURS (AS AVAILABLE IN LOCATION) 5:01 PM TO 7:59 AM MONDAY - FRIDAY AND ALL DAY SATURDAY EXCEPT HOLIDAYS SUNDAY AND HOLIDAY BUSINESS HOURS (AS AVAILABLE IN LOCATION) ALL DAY NATIONAL HOLIDAYS AS OBSERVED BY XEROX $820.00 $94.00 $146.00 $194.00 T&M service on PRINTERs not listed below are conducted by the Xerox Office Group. Please call 1-800- 835-6100 for support. LABOR RATES FOR PRINTERs & A4 MFPs PRODUCTS (NEW AND USED) Products: VersaLink B400, B405, C400, C405, C500, C505, C600, C605, 3330, 4150, 4250, 4260, 4600, 5550, 6510, 6700, 7760, 7800, CC20, CC118, CC123, CC128, CC133, CFFPMAPP, FFPMAPP, IFFPMAPP, M118, WC15, WC123, WC128, WC133, WC3335/3345, WC3550, WC4118, WCM20, WC3335/3345, WC6400. CALL CHARGE LABOR RATES PER ADDITIONAL 15 MINUTES OR PORTION THEREOF (UNIT OF SERVICE) (INCLUDES FIRST 30 MINUTES OF LABOR REGULAR BUSINESS HOURS 8:00 AM TO 5:00 PM MONDAY - FRIDAY EXCEPT HOLIDAYS PREMIUM BUSINESS HOURS (AS AVAILABLE IN LOCATION) 5:01 PM TO 7:59 AM MONDAY - FRIDAY AND ALL DAY SATURDAY EXCEPT HOLIDAYS SUNDAY AND HOLIDAY BUSINESS HOURS (AS AVAILABLE IN LOCATION) ALL DAY NATIONAL HOLIDAYS AS OBSERVED BY XEROX $314.00 $72.00 $123.00 $152.00 LABOR RATES FOR FACSIMILE PRODUCTS (NEW AND USED) Products: DFC735, DFC745, DWC535, DWC545, DWC635, DWC645, DWC657, DWC665, DWC765, FC12, F110, F116, F2121, F2218, WCP555, WCP575, WCP580, WCP685, WCP785 CALL CHARGE LABOR RATES PER ADDITIONAL 15 MINUTES OR PORTION THEREOF (UNIT OF SERVICE) (INCLUDES FIRST 30 MINUTES OF LABOR REGULAR BUSINESS HOURS 8:00 AM TO 5:00 PM MONDAY - FRIDAY EXCEPT HOLIDAYS PREMIUM BUSINESS HOURS (AS AVAILABLE IN LOCATION) 5:01 PM TO 7:59 AM MONDAY - FRIDAY AND ALL DAY SATURDAY EXCEPT HOLIDAYS SUNDAY AND HOLIDAY BUSINESS HOURS (AS AVAILABLE IN LOCATION) ALL DAY NATIONAL HOLIDAYS AS OBSERVED BY XEROX $320.00 $27.00 $149.00 $185.00 842 of 1132 847 ® Time and Materials ADVANCED Price List Effective 04/01/18 (Supersedes 05/01/17) 2 65191 LABOR RATES For All Products NOT Previously Listed (includes Xerox Wide Format products) CALL CHARGE LABOR RATES PER ADDITIONAL 15 MINUTES OR PORTION THEREOF (UNIT OF SERVICE) (INCLUDES FIRST 30 MINUTES OF LABOR) REGULAR BUSINESS HOURS 8:00 AM TO 5:00 PM MONDAY - FRIDAY EXCEPT HOLIDAYS PREMIUM BUSINESS HOURS (AS AVAILABLE IN LOCATION) 5:01 PM TO 7:59 AM MONDAY - FRIDAY AND ALL DAY SATURDAY EXCEPT HOLIDAYS SUNDAY AND HOLIDAY BUSINESS HOURS (AS AVAILABLE IN LOCATION) ALL DAY NATIONAL HOLIDAYS AS OBSERVED BY XEROX $437.00 $79.00 $136.00 $168.00 A. Service Call Charge: A Call Charge is assessed per machine service call. A Call Charge includes travel to the Customer site and up to 30 minutes of labor at that site. B. Unit of Service: A unit of service is defined as 15 minutes of service or any portion thereof. A Call Charge includes two units of service (up to 30 minutes). Any additional units of service will be billed at the above labor rates. 2. MATERIALS: Parts used in repair will be invoiced at the then current commercial list prices, which are subject to change without notice. Replacement parts may be recovered or reprocessed, at Xerox’ option. All parts used in association with a service call are billable. Replaced parts become the property of Xerox at Xerox’ option. Xerox will issue partial credit for selected replaced parts that Xerox deems repairable. 3. AFTER HOURS SERVICE FOR EQUIPMENT COVERED BY BASIC SERVICES: For most equipment covered by Basic Services, for which service is requested after Xerox’ standard business hours or any customer contracted for Extended Service Hours, the charge for both time (labor) and materials (parts) will be at a flat fee of $676.00 per call. The flat fee for the products identified above as “High End Products” is $820.00 per call. These fees are subject to change without notice. After Hours service is available in most areas as determined by Xerox local business practices. Note: The after hours flat fee does not apply to the Xerox Wide Format products. The labor rates shown in item 1 above apply for these products. 4. TIME AND MATERIALS WARRANTY: All labor is warranted for 30 calendar days from the date of service. All replacement parts are warranted for 30 calendar days from the time of installation on the machine. 5. REMOTE SERVICE SURCHARGE: A. State of Alaska: 1. An additional 25% surcharge will be added to the labor charge for Time & Materials and After-Hours service repairs performed on products located in service Zones A, B and C. 2. Supplemental Zone C charges (applies to both FSMA and T&M): a. Customer Service Engineer round trip transportation expenses from Juneau, Anchorage, or Fairbanks to machine location, if required, plus; b. Customer Service Engineer food and lodging expenses, if required, plus; c. Customer Service Engineer portal to portal charges, if required, or; d. Zone surcharge. 3. ZONE DEFINITION ZONE A Zone A is restricted to Customers within a geographic area within a 50 mile driving radius of those areas that currently have resident service coverage. These areas are Anchorage, Bethel, Fairbanks, Juneau, Kenai, Kodiak, Palmer and Soldotna. 843 of 1132 848 ® Time and Materials ADVANCED Price List Effective 04/01/18 (Supersedes 05/01/17) 3 65191 ZONE B Zone B locations are those areas accessible by road that are up to 50 miles beyond the Zone A limit. These include Glennallen, Delta Junction, Fort Greeley, Denali National Park, Healy, Seward, Talkeetna, and Whittier. ZONE C Zone C locations are all other areas of Alaska not accessible by road or more than 100 miles from Anchorage, Bethel, Fairbanks, Juneau, Kenai, Kodiak, Palmer and Soldotna. These include Barrow, Nome, Kotzebue, Dillingham, Cordova, Sitka, Petersburg, Wrangell, Ketchikan, Haines, Skagway, and Yakutat. All Zone A, B and C locations are subject to zone classification change based on the economy of the area and the available manpower to service that area and is subject to a 30 day written notice. B. Hawaii, Pacific Islands: 1. Service on products located in service Zone A will be charged at Xerox’ then current FSMA or Time and Material rates. 2. An additional 25% surcharge will be added to the current FSMA or Time and Materials labor charge for service repairs performed on products located in Zone B. 3. Supplemental Zone C charges: a) Customer Service Engineer round trip transportation expenses to machine location. b) Customer Service Engineer food and lodging expenses. 4. ZONE DEFINITION ZONE A Islands of Hawaii, Oahu, Maui, Kauai, Guam S&L, Saipan S&L. ZONE B Guam Commercial, Saipan Commercial. ZONE C Islands of Molokai, Lanai, Tinian, Rota. C. Continental Remote Locations: Charges for Customer Service Engineer round trip transportation expenses and food / lodging expenses may be applicable. 844 of 1132 849 ® Question # 6 Equipment Technical Service and Support -Describe how your Company will meet or exceed UC’s service guarantee commitments and credits for MFDs attached. 1.Service Guarantee Commitments a. Describe how the Company will meet UC’s service guarantee commitment requirements for digital MFDs below: Description Commitment 1.Service/Guarantee a) Total uptime (MFDs) b) MFD warranty (parts & labor) a)96% (not more than 8 hours of downtime per month based on the total number of working hours per month) b)90 days - Total customer satisfaction guarantee 2.Response/Repair Time –MFDs a) Response time b) Response times to areas beyond 20 miles from major UC Locations a) 4 business hours with 1 business hour acknowledging call back from technician or dispatch – starting from time of call placement b) Maximum 8 hours or upon mutually agreed time with field office or location administrators. 3.Delivery/Installation a) Delivery (new equipment) b) Delivery (replacement parts) c) Delivery (supplies) Installation a) 10 business days from vendor receipt of order; delivery between 8am and 12noon (Pacific), with one hour pre- delivery call, unless otherwise arranged b) Within 8 business hours from vendor receipt of order c) Within 2 business days from vendor receipt of order d) Installation upon delivery, unless otherwise arranged 4.Setup Within 4 business hours of delivery, unless otherwise arranged. 5.Training Initial Customer training and IT support Unlimited user training on features and functionality at no charge. Initial IT - support no charge. 6. Customer Service a) 800 Number b) Return customer calls a) At no cost b) Within 1 business hour Service Guarantee Commitments, Delivery/Installation.Delivery.Please note the following will apply to any Purchase and Lease transaction: Unless otherwise agreed upon by the parties, Xerox equipment deliveries can normally be expected within ten business days following the receipt of the University’s equipment approved and accepted purchase order, except during times of product constraint. Xerox will inform the University if a constraint condition exists and will provide a revised delivery date. If the revised target delivery date is unacceptable, the University can cancel the order without penalty to either party. Accepted by Xerox? Installation. Unless the Purchase and Maintenance and Lease Agreement is preceded by a Trial order, the equipment will be deemed accepted on the equipment’s installation date, which is the date Xerox determines the equipment to be operating satisfactorily, as demonstrated by the successful completion of diagnostic routines, and is available for the University’s use. The Installation Date for equipment and software designated as “Customer Installable” will be the equipment delivery date. Any equipment that does not perform to its published specification will be repaired or replaced by Xerox at its expense, provided the equipment is covered by a Xerox warranty or maintenance plan. Any equipment that needs to be replaced will be replaced with an identical model, or at Xerox’s option a unit with similar capabilities and comparable usage. 845 of 1132 850 Service Guarantee Commitments.Total Uptime Xerox’s Uptime objective is to maintain an average 96% equipment uptime performance based on a three-month rolling average for the University’s entire Xerox-branded equipment population that is operated with the equipment’s operating guideline for the specified product. Uptime is calculated as follows: Uptime target. Provided Customer has at least twenty-five (25) units of Equipment installed under this Agreement, Xerox agrees to maintain an Uptime Target for the total Equipment population installed under this Agreement, which shall be measured as provided below over a three (3) calendar month rolling period, of at least ninety-six percent (96%) in the aggregate for the Equipment subject to this Agreement that is operated within the specified Maximum Monthly Volume Range, (to be included upon University’s request in an Appendix to this Contract) and installed within twenty-five (25) miles of a Xerox service location. This Uptime Target commences on the first day of the calendar month that begins at least one hundred twenty (120) days after the Agreement commences. Contracted period of coverage.Xerox will provide Maintenance Services, as the same is set forth in this Agreement, during Customer’s normal business hours Contracted Period of Coverage (“CPOC”), which shall be defined as 9:00 a.m. to 5:00 p.m., Local Time, Mondays through Fridays (excluding Xerox-recognized holidays), for the purposes of this Agreement. Uptime hours definition."Uptime Hours" equals the number of hours per calendar month that the Equipment is available for use. For this Agreement, Uptime Hours equals 567 hours per three (3) calendar months and has been calculated by multiplying the number of hours per day in the CPOC times the average number of days per three (3) calendar month period such coverage is provided, which, for the purposes of this Agreement, is sixty-three (63) days per three (3) calendar month period.. Downtime hours definition.“Downtime Hours” shall mean the number of hours in any three (3) calendar month period during which Equipment maintained hereunder is inoperative (i.e., cannot make any copies or prints, as applicable) during the CPOC, including machine-repair time and response time when the Equipment is inoperative. Downtime Hours do not include time when the Equipment's inoperability is due to user misuse or abuse of the Equipment, Customer's negligence or intentional acts, fire, environmental failure at the installation site or use of the Equipment in a manner other than was intended; preventative maintenance, Equipment relocation or inspections are being performed; and, time taken in producing usable copies or prints. Calculation.The Uptime Percentage Rate for a given calendar month is calculated as follows: Uptime Percentage Rate = CPOC (567) – Downtime Hours (x) CPOC Hours (567) MFD warranty (parts and labor): Purchase and Maintenance.Please note Xerox’s proposal includes a 90 days no charge warranty (service/parts/supplies). Lease.Please note that all of the Xerox-branded equipment is backed by Xerox’s Total Satisfaction Guarantee Program, which allows the University, at its request, to replace any problem equipment with an identical model or, at the option of Xerox with a machine with comparable features and capabilities, and comparable usage. This guarantee will be effective for three years following the equipment’s installation for purchased equipment that has been continuously maintained by Xerox or its authorized representatives under a Xerox express warranty or Xerox maintenance plan, and during the entire 60- month equipment Purchase and Maintenance and Lease term, except for equipment damaged or destroyed due to an Act of God. If the situation arises, where the equipment does not perform to its published specification and the University elects to exercise the Total Satisfaction Guarantee, Xerox agrees to meet with the University’s representative and arrange a mutually agreeable time for the equipment’s exchange. 846 of 1132 851 Describe how your Company will meet or exceed UC’s service guarantee commitment requirements for Laser Printers attached. 1.Service /Guarantee a) Total uptime - Laser Printers b) Printer warranty (parts & labor) c) 96% (not more than 8 hour of downtime per month based on total number of working hours per month) d) Standard 1 year or more 2.Response/Repair Time – Laser Printers Response time Within 2 business days 3.Delivery/Installation a) Delivery (new equipment) b) Delivery (replacement parts) c) Delivery (supplies) d) Installation (optional) e) 10 business days f) Within 2 business days g) Within 2 business days h) If requested, within 2 business days of delivery, unless otherwise arranged. 4. Customer Service a) 800 Number 1-800-821-2797 b) Return customer call Within 1 business hour 847 of 1132 852 a. Describe how the Company will meet UC’s service guarantee commitment requirements for Laser Printers below: Description Commitment 1. Service/Guarantee a) Total uptime - Laser Printers b) Printer warranty (parts & labor) a) 96% (not more than 8 hour of downtime per month based on total number of working hours per month) b) Standard 1 year or more 2. Response/Repair Time – Laser Printers Response time Within 2 business days 4. Delivery/IServicenstallation a) Delivery (new equipment) b) Delivery (replacement parts) c) Delivery (supplies) d) Installation (optional) a) 10 business days b) Within 2 business days c) Within 2 business days d) If requested, within 2 business days of delivery, unless otherwise arranged. 5. Customer Service a) 800 Number b) Return customer calls a) At no cost b) Within 1 business hour Laser Printers. Purchase and Maintenance. Please note Xerox’s proposal includes one year no charge Warranty for Printers under the “Outright Sale with Maintenance Offer” only. Lease: For FMV/FPO leases the Maintenance is included and begins upon install. Response/Repair Time. Xerox’s response time objective is to return all service calls within one business hour, and to arrive on-site on average within 3.5 to 4 business hours for multifunction color devices, if the problem cannot be resolved over the phone. Response Time for other devices will be provided upon request. Response time is calculated based on the quarterly response time average for the University’s entire Xerox-branded equipment population. Calls can be placed toll free 24-business hours per day, 7 days per week, and 365 days a year. During standard business hours (8 A.M. to 5 P.M., Monday thru Friday), all service calls will be directed to our Service Welcome Center where our service personnel will attempt to resolve the issue over the phone through on -line diagnostics. If the problem cannot be resolved over the phone the representative will provide the caller with the technicians estimated time of arrival. The Service Technician will contact the caller prior to arriving on-site to discuss the problem and determine if they have the appropriate parts, or if there will be a change to the arrival time. Evening, weekend, and holiday phone service is also available. On-site evening, weekend, and holiday service support can also be prearranged or may be available based on evening resource availability. The 24x7 - call center and business hour technical support is included in our contract offering. After hour, weekend, and holiday on-site technical support is available at Xerox’s then current overtime rate. Please refer to the XPS Description of Services for response time objectives relating to the XPS / Managed Print Services offering. 848 of 1132 853 Delivery/Installation. Delivery. Please note the following will apply to any Purchase and Lease transaction: Unless otherwise agreed upon by the parties, Xerox equipment deliveries can normally be expected within ten business days following the receipt of the University’s equipment approved purchase order, except during times of product constraint. Xerox will inform the University if a constraint condition exists and will provide a revised delivery date. If the revised target delivery date is unacceptable, the University can cancel the order without penalty to either party. Installation. Unless the Purchase and Maintenance and Lease Agreement is preceded by a Trial order, the equipment will be deemed accepted on the equipment’s installation date, which is the date Xerox determines the equipment to be operating satisfactorily, as demonstrated by the successful completion of diagnostic routines, and is available for the University’s use. The Installation Date for equipment and software designated as “Customer Installable” will be the equipment delivery date. Any equipment that does not perform to its published specification will be repaired or replaced by Xerox at its expense, provided the equipment is covered by a Xerox warranty or maintenance plan. Any equipment that needs to be replaced will be replaced with an identical model, or at Xerox’s option a unit with similar capabilities and comparable usage. 849 of 1132 854 Option #1 and #2 will be covered by our Full Service Maintenance Agreement. Detailed pricing has been provided in the UC worksheets. Please note that all of our prices, options, accessories, etc. could not be input into the worksheet due to limited or locked cells. The full Xerox price list has been included in the response for your review and analysis. Please refer to d Xerox Price Addendums. Option #3 – T&M Printers Call charge $314.00 Labor Rates per additional 15 minutes $72.00 After hours Monday - Saturday $123.00 Sunday $152.00 MFD Call charge $ 437.00 Labor Rates per additional 15 minutes $79.00 After hours Monday - Saturday $136.00 Sunday $168.00 Please refer to Attachment - T&M Pricing.pdf. Full Service Maintenance Agreement A Xerox Full Service Maintenance Agreement (FSMA) maximizes your productivity and ensures your investment in technology pays off. Standard service coverage hours are from 8 A.M. until 5 P.M., Monday through Friday, excluding designated holidays. Xerox FSMA includes all parts, labor, software updates, maintenance and travel for your product’s operating hardware and software. A 24x7 support staff to assist with your hardware or software problem resolution, software version updates, hardware retrofits and all diagnostic licenses are also included. Additionally, our Professional Services provide access to fee-based onsite System Analyst support. If Xerox cannot repair your product to full working order, Xerox will ensure you receive a comparable replacement product with an identical model or one with comparable features and capabilities. The FSMA is very flexible and can be customized in a number of ways (additional fees may apply): Extended Shift FSMA: If you require after hours coverage and maximum uptime, this plan is best for you. It provides you all the benefits listed above, plus expanded coverage with eight different shift coverage options based on the number of days per week and shifts per day, up to 24/7. XTend Agreement: This option is an excellent choice if you require holiday coverage and/or unique, nonstandard coverage. It enables you to customize your FSMA to meet your mission- critical needs, for example, if you need weekend coverage for a month or second-shift coverage for a week. 850 of 1132 855 Xerox understands and will comply with all requirements. For situations that need immediate personalized telephone support, you can call the North American Customer Support Center (NACSC). Our team of over 600 professional and friendly Customer Support Representatives (CSRs) provides one-to-one expert advice over the phone during contracted hours of support. You can call the NACSC toll-free at 1-800-821-2797 for Office and Production Equipment and 1- 800-836-6100 for Phaser® and Network Printers. Our goal is to answer within 90 seconds. A CSR answering your call reviews the problem with you over the phone and will provide recommendations for immediate remote resolution of the problem. Our skilled staff at the NACSC is able to solve up to 25 percent of all calls remotely. If onsite service or escalation to second-level support is needed, these are completed within your contracted hours of support. Remote Support Engineers (RSEs). Xerox RSEs provide second level support to both our customers and our CSEs. They are available via the phone and onsite (for some products) as necessary within contracted hours of support. They have access to Design Engineering for escalation and the latest fixes to help you with complex problems or to help our CSEs restore your equipment as quickly as possible. The goal for telephone response from Level 2 is within a minute for Production Equipment and five minutes for Office Products. One of the truly unique aspects of Xerox Support is the use of Design Engineers to assist in supporting our customers. Design Engineers are readily available to assist in the resolution of escalated customer issues and to continue to improve the performance of every machine in the field. The close relationship between our CSEs and Design Engineers allows issues to be discovered at your site and be escalated to Design Engineers for an immediate product retrofit. Sometimes this discussion will lead to a next- generation improvement. For certain types of technical problems, Design Engineering will work with the local service team to determine whether an onsite problem-solving visit by an engineer is required. It is Xerox’s goal to ensure you are totally satisfied. In support of that goal, our simple closed-loop service call process has been designed to resolve any problems that may arise, or any issues you may have with regards to your Xerox product, to your satisfaction as quickly and effectively as possible. The steps in the service call process are as follows: • The process begins by placing a call to Xerox’s Customer Support Center (CSC) at 1-800-821-2797 for Office and Production Equipment and 1-800-836-6100 for Phaser and Network Printers. • The Customer Support Representative (CSR) who answers your call will ask you for the equipment serial number as well as a contact name and phone number. The CSR will then assess your problem and, if possible, make recommendations to immediately resolve your problem remotely. • Office Equipment: If remote resolution is not possible, the CSR will give the Office customer an Estimated Time of Arrival (ETA), and the CSR will send an automatic page to a Customer Service Engineer (CSE) assigned to your area to alert him/her that a service call is required at your facility. **CSEs that support Office products will have a queue for remote solve calls. These calls will be forwarded to a dedicated CSE, who will call the customer and attempt remote solve within one hour. • Production Equipment: Within one hour of your call to the CSC, the dispatched CSE will contact you or the contact person you have identified. At that time they will verify your contact name and phone number, verify the equipment issue, gather your requirements and provide an estimated arrival time. If possible, given the nature of your problem, the CSE may recommend clearance procedures or other steps for you to take in an effort to get you up and running. • Office and Production: Upon arrival at your site, the CSE will review the equipment issue with you and give you an estimate of the time required to repair your equipment. 851 of 1132 856 • The CSE will then repair your equipment. While there, the CSE will check the overall operation of your equipment, perform any preventative maintenance required, and run a thorough system check. • After completing these activities, the CSE will review the repairs made with you to ensure your satisfaction. If follow up is required, the CSE will work with you to establish a convenient follow-up date and time. 852 of 1132 857 Supplier name here: Instructions: (C). Tabs *FY'18 MFDs *FY'18 Laser Printers *FY'19 MFDs *FY'19 Laser Printers Note: Please Do Not change any of the exsiting row and column headers. (A). Enter your company name in the yellow cell above. (B). If you have done business with UC in the last 2 Fiscal Years FY 2018 (July 1, 2017 –June 30, 2018) and FY 2019 (July 1, 2018 –June 30, 2019), populate each tab with UC Historical 853 of 1132 858 Purchases Leases Services Other (accessories, parts, supplies, etc.)Purchases Leases Services Other (accessories, parts, supplies, etc.) UCB 171,147.56$ 29,488.31$ UCD 295,073.52$ 3,134.52$ UCI 1,068,852.07$ 107,257.66$ UCLA 968,161.84$ 71,216.41$ UCM 46,468.82$ UCR 87,706.43$ 1,726.31$ UCSB 73,832.69$ 3,659.44$ UCSC 3,273.48$ UCSD 663,930.82$ 212,325.49$ UCSF 597,510.86$ 868,241.04$ UCOP 145,961.10$ LBNL UCIMC UCDMC UCLAMC UCSDMC UCSFMC UC Hastings UC FY 2018 Historical Purchases (MFDs) July 1, 2017 - June 30, 2018 Multifunction Devices Monochrome Color 854 of 1132 859 Purchases Leases Services Other (accessories, parts, supplies, etc.)Purchases Leases Services Other (accessories, parts, supplies, etc.) UCB 162,274.11$ 19,253.98$ UCD 250,776.95$ 2,398.78$ UCI 1,030,938.91$ 68,050.86$ UCLA 970,512.71$ 52,214.57$ UCM 29,379.11$ UCR 83,925.13$ 6,511.01$ UCSB 55,453.68$ 144.02$ UCSC 3,089.40$ UCSD 552,646.87$ 18,429.14$ UCSF 643,383.08$ 746,384.40$ UCOP 74,250.86$ LBNL UCIMC 2,186.49$ UCDMC 5,072.14$ 238,163.56$ UCLAMC 11,850.81$ UCSDMC UCSFMC 18,224.40$ UC Hastings 1,714.94$ Multifunction Devices Monochrome Color July 1, 2018 - June 30, 2019 UC FY 2019 Historical Purchases (MFDs) 855 of 1132 860 Purchases Services Other (accessories, parts, supplies, etc.)Purchases Leases Services Other (accessories, parts, supplies, etc.) UCB UCD UCI UCLA UCM UCR UCSB UCSC UCSD UCSF UCOP LBNL UCIMC UCDMC UCLAMC UCSDMC UCSFMC UC Hastings UC FY 2018 Historical Purchases (Laser Printers) July 1, 2017 - June 30, 2018 Laser Printers Monochrome Color 856 of 1132 861 Purchases Services Other (accessories, parts, supplies, etc.)Purchases Leases Services Other (accessories, parts, supplies, etc.) UCB UCD UCI UCLA UCM UCR UCSB UCSC UCSD UCSF 57,610.00$ UCOP LBNL UCIMC UCDMC UCLAMC UCSDMC UCSFMC UC Hastings Laser Printers Monochrome Color UC FY 2019 Historical Purchases (Laser Printers) July 1, 2018 - June 30, 2019 857 of 1132 862 3.1 Company A. Brief history and description of Supplier. History: The roots of Xerox Corporation go back over 100 years to our humble beginnings as the Haloid Company, established in 1906. In that time, we pioneered and brought to market many of the technologies and solutions used by office workers every day. From the first xerographic image made in 1938 to breakthroughs in home and business computing during the 1970’s and our influence and leadership in shaping the current Managed Print Services (MPS) offering; to delivering our “game changing” ConnectKey® Technology, which enables modern workers to leverage Xerox® Multifunction Devices (MFDs) to simplify the way work gets done in the office and on the go. Xerox Today: With annual revenues of $9.8 billion we are a leading global provider of digital print technology and related solutions; we operate in a core market estimated at approximately $67 billion. Our primary offerings span three main areas: Intelligent Workplace Services (formerly Managed Document Services (MDS)), Workplace Solutions and Production Solutions (formerly Graphic Communications). Our Intelligent Workplace Services offerings help customers, ranging from small businesses to global enterprises, optimize their printing and related document workflow and business processes. Xerox led the establishment of this expanding market and continues as the industry leader. Our Workplace Solutions and Production Solutions offerings support the work processes of our customers by providing them with solutions built upon our broad portfolio of industry-leading printing and workflow offerings. We also have digital solutions and software assets to compete in an approximately $31 billion adjacent Software and Services market. Our main offerings for this market are focused on industry-specific Digital Solutions, Personalization & Communication Software and Content Management Software. Headquartered in Norwalk, Connecticut, with 32,400 employees, Xerox serves customers in approximately 160 countries providing advanced document technology, services, software and genuine Xerox supplies for a range of customers including small and mid-size businesses ("SMB"), large enterprises, governments and graphic communications providers, and for our partners who serve them. To learn more, visit us on Xerox.com, Xerox Innovation History and Xerox Today. Xerox Research and Innovation We believe that a critical role of our research is to identify new competency areas with attractive addressable markets for the future. Our expertise in technology and printing uniquely positions us to discover those areas and leverage our innovation to move into adjacencies beyond our current core technology. Accordingly, we have prioritized investments in four key areas: Digital Packaging and Print, AI Workflow Assistants for Knowledge Workers, 3D Printing / Digital Manufacturing, and Sensors and Services for the Internet of Things. We also see opportunity in our core coming from our ability to deliver physical devices that connect with the digital world as well as purely digital offerings that improve our customers’ outcomes. As a result, we direct our research and development (R&D) investments to areas such as workflow automation, color printing and customized communication, as well as to improving the quality and reducing the environmental impact of digital printing. We invest in bringing new capabilities to the market such as our ConnectKey™ software to enable our devices to integrate into digital workflows, as well as in technologies to improve the security of our devices and offerings. We will continue to invest in innovations to improve the reliability, IQ and cost of our printing devices, as well as in new services and software that improve our customers’ ability to manage their document-oriented workflows. 858 of 1132 863 Xerox Values Keeping connected to our core values helps us to execute our priorities and strategies and fulfil our mission of delivering excellence to our customers, our shareholders and each other. They are a part of our heritage and are a part of our future. Since our inception, we have operated under the guidance of six core values: • We succeed through satisfied customers. • We deliver quality and excellence in all we do. • We require premium return on assets. • We use technology to develop market leadership. • We value and empower employees. • We behave responsibly as a corporate citizen B. Total number and location of sales persons employed by Supplier. Xerox has a nationwide sales organization that is aligned to a geographic focus and is primarily aligned on the basis of go-to-market sales channels, which are structured to serve a range of customer for our products and services. We employ 1450 sales resources across the United States, covering virtually every metropolitan area. There are three primary sales channels that cover public sector agencies nationally. • Xerox Direct Enterprise: Under the leadership of regional Vice Presidents, Xerox has Sales Professionals across the United States that focus on providing Xerox’s innovative product and services portfolio to large State Government agencies. • Xerox Business Solutions (XBS): A wholly owned unit of Xerox Corporation, XBS is comprised of a nationwide network of companies (all wholly owned by Xerox) that provide Xerox Sales and Services throughout the US. • Authorized Xerox Sales Agencies: Independent Sales Agents that exclusively represent Xerox with access to Xerox products and services for small and medium businesses. Please refer to Attachment A for a complete list of all U.S. Sales offices. C. Number and location of support centers (if applicable) and location of corporate office. Support Centers Customers enjoy unlimited access to the Xerox Welcome Center for technical issues, supplies or billing Inquiries. The Welcome Center provides online support and phone access to our multi-lingual support team. You can contact the Xerox Welcome Center at 1-800-821-2797 (US only). For more assistance, please visit www.support.xerox.com. Our Customer Business Center is another point of contact for customers to call for technical service/repair, make a payment, self-service options (receive copy of an invoice, account balance, Address change form, contract date, status of supply order), billing, obtaining quotes, etc. Our Customer Care and Support team can be reached at 1-888-771-5225. Corporate Office Our registered corporate office address for company headquarters is: Xerox Corporation, 201 Merritt 7, Norwalk, Connecticut 06851. 859 of 1132 864 D. Annual sales for the three previous fiscal years. • 2017 Annual Gross Sales: $ 9,991 billion • 2018 Annual Gross Sales: $ 9,662 billion • 2019 Annual Gross Sales: $ 9,066 billion E. Submit FEIN and Dunn & Bradstreet report. FEIN Xerox FEIN: 16-0468020. Dunn & Bradstreet Report Please refer to Attachment B for Xerox’ s Dun and Bradstreet report. D&B Supplier Qualifier Report- Xerox. F. Describe any green or environmental initiatives or policies. The Xerox Business Code of Conduct for Corporate Social Responsibility is Xerox’s overarching policy from which policies covering social, environmental and economic dimensions are referenced as shown below. For expansive detail on Xerox CSR, please see https://www.xerox.com/en-us/about/corporate- social-responsibility Environmental Policies: • EHS 100 Environment, Health, Safety & Sustainability • EHS 101: Environment, Health and Safety Policy for Xerox Workplaces, • EHS 102: Environment, Health & Safety Policy for Products and Materials Social Policies: • POL 002: Business Ethics • OGC 020: Relationships with Government Customers & Officials and Political Contributions • InfoPriv 001: Personal Information Privacy • InfoPriv 003: Requirements for Commercial E-mail Messaging • SEC 003: Physical Security– General Policy • InfoSec 001: Information Security • HR 101-1: Outside Business Interests and Conflict of Interest • HR 107.1: Employee Communications – Open Door/Internal Escalation Process • HR 201.0: Employment, Placement, & Separations: Non-Discrimination • HR 201.3: Equal Opportunity, Non- Discrimination, & Harassment • HR 503: Alcohol and Drug Misuse • HR 105: Recognition, Recreation and Social Activities • SEC 009: Violence-Free Environment • InfoPriv 001: Personal Information Privacy • POL 007: Human Rights • HR102: Civic and Political Activities • HR 103: Solicitation of Employees • OGC 022: Global Corporate Philanthropy Policy • OGC 023: Global Volunteer Policy 860 of 1132 865 Economic Policies: • ACC 208: Code of Conduct Finance Personnel • ACC 1207: Revenue Recognition • PUR 001: Purchasing Policy • SRY 001: Purchasing and Selling Xerox Securities By Employees, Officers and Directors • OGC 019: Compliance with Antibribery Laws Please describe Environmental Initiatives: Our various environmental initiatives extend across our supply chain, product lifecycle and operations and are described at https://www.xerox.com/en-us/about/ehs. These include: • Commitment to the Responsible Business Alliance (RBA) Code of Conduct for our Operations and Suppliers. Our suppliers must meet Xerox's strict standards to control the chemical content of our products. Xerox is a member of the Responsible Business Alliance (RBA) which has developed a standards-based approach for monitoring suppliers' compliance across several areas of social responsibility, including labor, health, safety and environmental activity. • Design for Sustainability- A cornerstone of our design is meeting the certification of premier eco labels including EPA Energy Star, Electronic Product Environmental Assessment Tool (EPEAT) and the German Blue Angel. Our Cleantech plank will use Xerox technologies to deliver environmental, social and economic benefits to current industrial processes. • Corporate-wide science-based energy and GHG goals to reduce energy consumption and GHG emissions by 85 percent by 2030 (from a 2002 baseline). • Through our partnership with PrintReleaf. Xerox customers have the opportunity to contribute to the reforestation of global forests and reduce their overall sustainability footprint. Based on a theme of “You print one, we’ll plant one,” paper usage reporting is used to equate the number of trees that are reforested into geographic areas of need. • Software products such as DocuShare® and FreeFlow® Digital Workflow Collection help Xerox customers reduce paper consumption by facilitating electronic data management, scan-to-e-mail, print-on-demand and distribute-then-print workflows. Office software solutions › Production software solutions › • The Xerox Green World Alliance collection and reuse / recycling program in partnership with our customers, results in millions of cartridges and toner containers returned for reuse or recycling each year. • Xerox joined the Sustainable Electronic Recycling International coalition as a founding member of the "R2 Leader Program". SERI is a non-profit organization devoted to advancing sustainable electronics reuse and recycling globally. R2 Leaders commit to supporting responsible and sustainable electronics repair and recycling as described in the R2 Standard. Additionally, R2 Leaders, including Xerox are taking leadership roles in projects for responsible reuse and recycling around the globe. 861 of 1132 866 G. Describe any diversity programs or partners supplier does business with and how Participating Agencies may use diverse partners through the Master Agreement. Indicate how, if at all, pricing changes when using the diversity program. As a global leader in business process and document management, Xerox recognizes that having a diverse supplier pool is a major competitive advantage and a powerful business tool. Xerox’s Supplier Diversity Program’s mission is to proactively identify, build relationships with, and purchase goods and services from certified small businesses as well as enterprises owned by minorities, women, veterans, gays and lesbians, and disabled persons that can help Xerox achieve its corporate objectives as suppliers to Xerox. Also, though Xerox’s dedicated Divers Alliance Program, we are committed to understanding and supporting our customer’s supplier diversity goals and objectives. Specifically, Xerox in connection with the University of California Master Agreement will support OMNIA Members by offering solutions which include certified HUBs or other certified diverse subcontractors as part of our offer where applicable and practical. While Xerox is not a certified diverse company, we believe selecting Xerox would give OMNIA Members the best of both worlds by working with the leading global document management company which is committed to having practical and useful diverse certified subcontractors directly supporting our contract with you. H. Describe any historically underutilized business certifications supplier holds and the certifying agency. This may include business enterprise such as minority and women owned, small or disadvantaged, disable veterans, etc. Xerox is not a certified diverse company; however, we do work with certified diverse companies to provide direct and indirect spend as part of our offer to our customers. I. Describe how supplier differentiates itself from its competitors. Today’s Xerox is a leader in print technology and intelligent work solutions using the advantages of our people, our approach, and industry leading technology to solidify our stronghold in a number of competitive markets. Our Approach • We have deep industry knowledge and take the time to understand our clients’ business and how they work, to build and create solutions – to help them achieve their goals. • We work with clients to innovate, incubate and explore new solutions to critical business challenges. • Using user centric design, we study how people work in order to make it better. • We know every workflow is different, so we strive to create solutions that match each need. Our Market Position • MPS Market share leader and thought leader according to leading Industry Analyst Firms. • Xerox is the most decorated and experienced vendor in the Managed Print Services Landscape. All three major industry analysts, (Quocirca, IDC, InfoTrends) have placed Xerox as the top provider in the MPS landscape in their most recent market reports. • We maintain our No. 1 position in worldwide equipment sales revenue and No. 1 marketshare in production color. • Managing billions of printed pages per year with unparalleled global delivery. • Tight integration with technologies used by today’s workforce enabling access to cloud-hosted services, exceptional customized experiences, and maximum productivity. 862 of 1132 867 Our People • We never give up – whether it is providing support to customers, developing a better way to help customers work better, or pushing the limits of technology and software innovation. • We believe collaboration and teamwork are the only way to achieve success. • We attract, hire and retain the top talent with the best skills. • Named one of the World’s Most Ethical companies by Ethisphere Magazine, for 12 consecutive years. • Listed as one of the World’s Most Admired Companies by Fortune Magazine. Our Technology and Innovation • World-renowned innovation and expertise – including printing, advanced color science, digital and video imaging, workflow automation, connectivity, and analytics. • We are innovators and inventors and our people have over 10,307 active patents. Xerox is one of the top 20 patent producing companies in the world. • Over $1 billion is invested in R&D and engineering each year. • Xerox has been the force behind many major technology breakthroughs – such as the ConnectKey interface and the adaptive color technology – which have transformed how work gets done. Security Protocols Providing the Upmost Protection for our Customers • Multifunction devices are sophisticated, multiple sub-system network platforms, and Xerox offers the broadest range of security functionality on the market, including encryption, authentication, authorization per user and auditing. • ISO 15408 Common Criteria for Information Technology Security Evaluation is the only internationally recognized standard for security certification. Xerox was the first manufacturer to seek and obtain certifications for “complete” MFP devices. Because each element of the multifunction platform is a potential point of entry, meaningful security certification must comprehend all elements, including the operating systems, network interface, disk drive(s), Web server, PDL interpreter(s), MFP user interface, local hardware ports and fax system. • Users of Xerox® ConnectKey® Technology-enabled ‘i-Series’ Smart MFPs also now have the option to encrypt PDF files with a password when using the Scan to Email service allowing only authorized users to see documents. • From the introduction of the first digital products, Xerox has recognized the risk of retained data being inappropriately recovered from non-volatile storage and built features and countermeasures into our devices to help customers safeguard their data. • Many Xerox® devices include features to protect the printer or MFP from unauthorized remote access, protect the confidentiality of data transmitted to the device via the network, control which devices can access the MFPs and control the ports, protocols and services that can be accessed on the device. J. Describe any present or past litigation, bankruptcy or reorganization involving supplier. Xerox is a large, global enterprise with thousands of contracts with vendors, customers, business partners and other parties. At any given time, there may be issues that could possibly result in lawsuits or other legal actions. Producing a detail list of such activity would be onerous in the context of responding to this RFQ. However, any material litigation or judgments against Xerox can be found at www//Xerox.com at Investor Relations. Xerox has not been part of any bankruptcy procedures. 863 of 1132 868 K. Felony Conviction Notice: Indicate if the supplier a. is a publicly held corporation and this reporting requirement is not applicable; Xerox is a publicly held corporation. b. is not owned or operated by anyone who has been convicted of a felony; or Xerox is not owned or operated by anyone who has been convicted of a felony. c. is owned or operated by and individual(s) who has been convicted of a felony and provide the names and convictions. Xerox is not owned or operated by anyone who has been convicted of a felony. L. Describe any debarment or suspension actions taken against supplier. Xerox is a large, global enterprise with thousands of contracts with vendors, customers, business partners and other parties. These contracts are amended, renewed, and terminated on a regular basis for a variety of reasons and Xerox does not maintain records regarding the reasons for such routine contract administration matters. However, the termination of any material agreement is disclosed in the periodic reports filed by Xerox with the U.S. Securities and Exchange Commission (“SEC”). These reports are available at www.sec.gov/edgar.shtml. Xerox has not been disbarred, suspended or otherwise disqualified from doing business with the federal government. 3.2 Distribution, Logistics A. Describe the full line of products and services offered by supplier. We provide the industry’s broadest portfolio of document technology and software. Through our innovation and market leadership, we have developed a strong industry reputation and recognizable brand with trusted competencies in bridging the physical and digital printing and communications, both in the office and productions markets. Our core capabilities and offerings consist of technologies, solutions and services that simplify workflows, grow revenue and transform the customer experience, as described below. Xerox Technology and Software – Workplace Solutions Entry Desktop Monochrome and Color Printers Entry Desktop Monochrome and Color Printers range from small devices to workgroup printers and MFPs that serve the needs of office workgroups. These products help build a platform to effectively manage document workflow. Mid Range Our Mid-Range products offer advanced features with the ability to handle higher print volumes as well as varying paper sizes. Entry and Mid-Range products share common technology, manufacturing and product platforms enabling ease of use and complete office integration. Software Platform What makes Xerox Printer/Multifunction Printer (MFP) unique is that they are built on the Xerox ConnectKey Technology platform. This platform enables a Process for Workflow improvement. It operates with an intuitive-like touchscreen user interface. The platform is an open embedded platform that allows the device to be programmed to address specific workflows. This new capability is driven by embedded or server-based software inside the firewall or in the cloud. As such, the smart Printer/MFP incorporates an ecosystem of hardware, software, and services to address public agency’s document and information processing requirements. 864 of 1132 869 Managed Print Services MPS is at the core of what Xerox is today. It is a service that combines traditional document output technology with a services backbone that allows customers to focus on their core competencies while helping clients to cut cost, increase productivity and meet their environmental sustainability goals. As a leader in MPS, Xerox offers a full range of Managed Print Services to embrace all elements of an organization’s print infrastructure–from the networked office to the in-house print center to the virtual worker. Founded on rigorous, data-driven Lean Six Sigma-based methodologies, the Xerox Managed Print Services portfolio extends from global enterprises to small and mid-sized businesses. Xerox has several different approaches to Managed Print Services. All Xerox Managed Print Solutions incorporate an assessment of the current state of the environment and then recommendations for a proposed future state. The assessment typically gathers data on the customer’s current fleet which may include current costs, application requirements and other pertinent information to the clients environment as agreed upon. The data gathered from the current state will be used to develop a proposed future state with proposed costs of an MPS solution and any potential cost savings. The proposed future state typically includes the customer’s output fleet of devices under an umbrella management contract which includes break/fix, help desk services, supplies, management reporting, pro- active problem resolution, etc. Xerox also offers additional optional services as outlined within the response. Xerox Managed Print Services solutions can be contracted for at a fixed price per unit or a per page cost depending upon the size and scope of the engagement. These services are configured based on individual customer requirements, therefore, we do not have list prices for these services. The attached price list provides a not to exceed price for the range of services associated with Managed Print. There are two discreet price lists for two discreet offerings, Xerox Print Services (XPS) and Enterprise Print Services (EPS). XPS is an entry level Managed Print offering that can utilized to manage an in-place multi-vendor printer environment. It can also be used to managed mixed environments of Xerox MFPs/Xerox printers and non-Xerox printers. XPS would be used where the customer intends to acquire Xerox MFPs from the University of California contract using Region 4 ESC contract pricing and terms and then incorporate the Xerox MFPs into a multi-vendor Managed Print Solution. EPS is a more advanced Managed Print offering that is designed to support larger enterprise fleets and offers greater flexibility with respect to pricing options and contract terms. EPS also provides additional services offerings related to Managed Print such as onsite DocuCare Associates, Xerox Print Awareness Tool , etc. EPS can be offered on a fixed price basis or a cost per page basis. In most cases, actual customer prices will be lower than the prices offered on the following XPS and EPS not to exceed price list. The initial assessment is used to develop actual data on current printer models and costs, actual volumes, potential savings and final pricing. Xerox MPS Solution Deliverables Outsourcing MPS requires a very specific, complex and customized approach involving people, process and technology tailored to each company and its unique requirements. Consequently, the process does not lend itself to a one-size-fits-all solution. It requires an experienced business partner like Xerox to manage the components in a simplified manner. 865 of 1132 870 The Xerox MPS solution will deliver the following: • Assessment: An MPS print assessment is the first step to help customers gain control, drive down print costs and improve productivity. The Assess and Optimize stage of Xerox® Managed Print Services leverages our award-winning managed print services assessment processes and tools. Xerox® Asset DB and CompleteView™ Pro turn print data into actionable knowledge to control and drive down costs, while reducing your environmental impact. With a complete and secure analysis of print usage and costs, we help customers understand the total cost of ownership and a more efficient print environment. Xerox® CompleteView™ Pro can significantly reduce the time and effort it takes to gain valuable, comprehensive and accurate knowledge about your print environment. • Device Maintenance: Including normal break-fix management services and the parts that are required to maintain devices in accordance with Original Equipment Manufacturer (OEM) specifications. Services include dispatching Xerox and/or third- party vendors, tracking all service calls through call resolution and reporting all associated maintenance services. • Asset Management: Xerox has developed a centralized database of currently installed Xerox output devices to track the physical location and costs associated with each device. The services require an integrated approach focusing on the Client and Xerox working together to maintain the information. With the support of the Client IT, Xerox will implemented technology to monitor the installed Xerox network-attached SNMP-Level 3 devices, and have integrated this monitoring technology with an SQL-based asset management database. • Consumables Management: Xerox and the Client will agree on those processes for end users to order appropriate consumables. With these mutually agreed processes, Xerox will be able to consistently evaluate and provide the appropriate level of quantities of consumables at each of the Client's location to minimize end-user disruption. • Help Desk Support: The client and Xerox will develop workflow processes that allow for help desk services and consumables for all in- scope devices as well as any services agreed upon by both parties. Utilizing the Xerox technology, we will proactively monitor in-scope devices. The Xerox Helpdesk agents will take the necessary action to ensure end-users have access to the full capability of the installed output devices. Those actions include dispatching appropriate break/fix resources to repair hardware, ordering and shipment of consumables and also contacting the Clients Service desk for application or network issues. The services above will be documented in a formal Statement of Work (SOW) and will be managed to Service Level Agreements (SLA's) governing all key aspects of the program • Xerox Tool Suite The heart of the Xerox MPS solution is the Xerox Tool Suite — a set of Xerox proprietary software tools that provide comprehensive asset management, service support, reporting and problem management tracking services. The Xerox Tool Suite will integrate with Xerox people, process and technology to keep the Client's MFP's and printers running at peak performance, lowering costs as it improves productivity. Getting timely and accurate reporting on fleet performance is a critical enabler to ensure that Xerox meets its agreed financial objectives and SLAs. With the Xerox Tool Suite, users can access real- time data to track how well we are responding when devices run out of supplies or machines jam or need service. The Xerox Tool Suite tracks how long the devices are down and when they are restored. When calls come in to the Help Desk, incident records are generated and tracked through resolution. The Xerox Tool Suite continuously monitors the fleet and provides device status and device alerts. Xerox often proactively resolves service issues before the client even know there is a problem, allowing employees to focus on business, not on device-related issues. 866 of 1132 871 Additional MPS options include: Optimization of the Print Environment is an optional component under the Xerox MPS offer. Optimization of the print environment Includes floor analysis to map out current devices and volumes on the floors, identification of any physical departmental constraints, determination of specific application devices as reported by end users and client management, and identification of the specific move/add/change processes currently supported. Through our analysis, we provide the recommended future state optimized floor plans, which reposition devices to support end user requirements and reduce non- required devices from the floors. On-site Support / DocuCare is an optional component under the Xerox MPS offer. Xerox on-site support, or DocuCare, serves as the primary contact for equipment support and service. They coordinate Move/Add/Change/Delete process and may compliment the primary web based training for end users. In addition, the resource serves as the first point of contact for Help Desk issues, provides basic cleaning and replacement of operator accessible parts and consumables, and first level break fix activities. Basic equipment problem diagnosis, IP address support, and the triage focal with Xerox help desk and technical support. Xerox Services Portal (XSP) is an optional MPS component. The Xerox Services Portal (XSP) provides a customer interface to the Xerox Services information and reporting. It provides a secure website portal enabling customers to request supplies, service or MACD for their devices. XSP also allows end-users to access device training and feature information, find printers, submit meter reads, and deliver feedback on their equipment or MPS experience. Xerox Consulting Services are optional Xerox MPS components. Xerox Consulting Services provide two levels of support: • Sr. Consultant Level - This is to provide senior, strategic and/or management level services associated with delivery of Managed Print Solutions. These include project management, transition management, change management, implementation management and services management. • Consultant Level - This is to provide first line services including data collection, transition services, asset coordination, and implementation execution. Xerox Print Security Audit Service (XPSAS) is an optional MPS component. is a comprehensive device security solution that incorporates risk mitigation services into an automated software tool. XPSAS brings automated remote configuration to device security. Xerox Print Security Audit Service automates setting device configurations remotely, monitors for compliance and remediates any violators in 3 key areas – firmware upgrades, password management and device settings configuration and management. Automation enables installation and delivery teams to reduce errors, save time and provide higher security levels to clients. Teams can demonstrate alignment to compliance standards using interactive dashboards – a unique advantage that comes only with Xerox. User Analytics Service is an optional Xerox MPS component. As Managed Print Services (MPS) environments mature, calculating the return on your investment is more complicated, and analytics become critical. Through analytics, organizations can capture and analyze data from various Print Management Solutions to make key decisions in the MPS environment. Furthermore, as employees continue to drive the usage of smartphones and tablets, user analytics can inform an organization on how to respond to an increasingly digital workforce in your organization. Understanding how users drive document output is the starting point for optimizing and automating the processes behind volumes. Customers uncover specific opportunities to capture savings, improve fleet efficiency and sustainability, tighten information security, increase productivity and drive digital transformation. 867 of 1132 872 A few of the key benefits are the ability to identify areas of MPS competency and opportunities for improvement, obtain a plan and roadmap with Xerox to achieve your goals and gain insight into the value of MPS services available. B. Describe how supplier proposes to distribute the products/service nationwide. Include any states where products and services will not be offered under the Master Agreement, including U.S. Territories and Outlying Areas. Xerox sells our products and services directly to public agencies nationally through our national sales force, our authorized independent agents and our wholly-owned subsidiary, Xerox Business Solutions (XBS), formerly Global Imaging Systems (GIS), an office technology dealer comprised of regional core companies in the U.S. Our products and services can be offered in all 50 States, the District of Columbia as well as Guam, Puerto Rico and the Northern Marina Islands. C. Describe how Participating Agencies are ensure they will receive the Master Agreement pricing; include all distribution channels such as direct ordering; retail or in-store locations, through distributors, etc. Describe how Participating Agencies verify and audit pricing to ensure its compliance with the Master Agreement. Xerox Corporation utilizes multiple sales channels to market our products and services. This includes Xerox Direct Enterprise sales force, Authorized Xerox Agents and all XBS, a wholly owned subsidiary of Xerox Corporation. All orders and PO’s under the UC Procurement Services contract will be processed through the Xerox centralized contracting system no matter which sales channel is making the sale. This ensures both consistency across all sales processes throughout the US and that all orders placed are compliant with the terms and conditions and negotiated pricing agreed to by Xerox and the University of California. As per the University of California’s requirements, Xerox will provide quarterly reports including billed revenue. D. Identify all other companies that will be involved in processing, handling or shipping the products/service to the end user. As an integral part of the Xerox Supply Chain Network, Ryder Solutions is our largest 3rd party logistics partner involved in delivering equipment, parts and supplies. The Ryder relationship with Xerox has evolved over the past few decades in response to a changing transportation environment and Xerox’s process requirements. Today, Ryder operates 5 distinct supply chain functions in the process: Several Carrier Logistics Centers, District Parts Center, Truckload (over the road) Transportation, Drayage of ocean containers and management of our LTL network. The Carrier Logistics Center (CLC) network, made up of 51 locations and 17 different third party carriers (10 continental US and 7 offshore) involves the delivery, installation and removal of more than 100,000 imaging machines per year, where CLC drivers are trained in product installation, testing and removal. Flawless, seamless execution are essential to deliver outstanding service to Xerox customers. CLC “Final mile” companies potentially involved in this business in addition to Ryder would include Fidelitone, All Points, Apex, Monarch/NET, Nationwide Electronics, Redman Van & Storage, Safeway/Unigroup, Sullivan Moving, WDS as our “onshore” or continental locations, as well as Reliable Transfer and Carlile Transportation in Alaska. We have delivery partners in Hawaii, Guam, Saipan, Puerto and the US Virgin Islands. 868 of 1132 873 E. Provide the number, size and location of Supplier’s distribution facilities, warehouses and retail network as applicable. Within the America’s Equipment Supply Chain, our primary distribution warehouse is in Indianapolis, IN. We have an additional six locations within the US where we hold inventory in our XBS facilities under centralized stock. Below is a listing of the locations and size of these distribution sites. Address Size 3747 Plainfield Road - Suite 198, Indianapolis, IN 46321 770k sf 5700 WARLAND DRIVE, CYPRESS, CA, 90603 29k sf 10 Capitol St, Nashua, NH 03063 20.5k sf 17280 Green MTN Road, Ste. 130, San Antonio, TX 78247 48k sf 3 Territorial Court Bolingbrook, IL 60440 65k sf 10690 John Knight Close Montgomery AL 36117 20k sf 3.3 Marketing and Sales A. Provide a detailed ninety-day plan beginning from award date of the Master Agreement describing the strategy to immediately implement the Master Agreement as supplier’s primary go to market strategy for Public Agencies to supplier’s teams nationwide, to include but not limited to: i. Executive leadership endorsement and sponsorship of the award as the public sector go-to market strategy within first 10 days ii. Training and education of Supplier’s national sales force with participation from the Supplier’s executive leadership, along with the OMNIA Partners team within first 90 days As a continued partner of OMNIA Partners, Xerox’s objective is to successfully implement the contract to ensure continued contract awareness, adoption and contract revenue growth. To achieve these goals, Xerox has developed a comprehensive 90-day action plan detailing how we will implement the contract upon award. Within 30 days of award: • Implement contract in the Xerox contract management system to enable order taking • Create and distribute Press Release Announcement of Award • Distribute Executive Sponsored Contract Award Announcement Communique to the Xerox Executive Leadership Teams and their respective sales and sales support resources, to include contract details, pricing and contract resource support • Meet with OMNIA Partners Marketing team to develop specific co-marketing strategies to support the contract • Created OMNIA Partners portal on Xerox.com 869 of 1132 874 Within 60 days of award: • Conduct contract training with all sales to highlight the benefits of our OMNIA Partners partner relationship, the scope of the contract, pricing, marketing strategies and available resources to support day to day sales activities • Create co-marketing collaterals Within 90 days of award: • Assess success of contract launch and make adjustment as needed B. Provide a detailed ninety-day plan beginning from award date of the Master Agreement describing the strategy to market the Master Agreement to current Participating Public Agencies, existing Public Agency customers of Supplier, as well as to prospective Public Agencies nationwide immediately upon award, to include, but not limited to: i. Creation and distribution of a co-branded press release to trade publications Xerox will work collaboratively with OMNIA Partners to create a press release to trade publications announcing the contract and highlighting the benefits of our continued partnership. We will amplify the great news through posts on Xerox’s corporate social channels. ii. Announcement, Master Agreements details and contact information published on the Supplier’s website within first 90 days Xerox Elite eCommerce Solutions can enable an OMNIA Partners’ microsite for the online viewing of Xerox equipment, contract details, Xerox account team contact information and direct links to the OMNIA Partner’s website. Xerox Elite eCommerce solutions can typically be launched within 30 days of contract award. iii. Design, publication and distribution of co-branded marketing materials within first 90 days Xerox will work in partnership with OMNIA Partners Marketing team to design and distribute co-branded marketing collateral for distribution to Xerox Sales, OMNIA Partner Region Managers and on-line retrieval. iv. Commitment to attendance and participation with OMNIA Partners, Public Sector at national (i.e. NIGP Annual Forum, NPI Conference, etc.), regional (i.e. Regional NIGP Chapter Meetings, Regional Cooperative Summits, etc.) and supplier-specific trade shows, conferences and meetings throughout the term of the Master Agreement Xerox attends and participates in many national, state and regional conferences throughout the year, such as NIGP, NAEP, CAPPO and more. Exhibit participation is dependent on current national, regional and local marketing funds. v. Commitment to attend, exhibit and participate at the NIGP Annual Forum in an area reserved by OMNIA Partners, Public Sector for partner suppliers. Booth space will be purchased and staffed by Supplier. In addition, Supplier commits to provide reasonable assistance to the overall promotion and marketing efforts for the NIGP Annual Forum, as directed by OMNIA Partners, Public Sector. Xerox understands the importance of attending and partnering with OMNIA Partners at the Public Sector NIGP Annual Forum. Xerox historically attends the NIGP Annual Form. Exhibit participation is dependent on current available marketing funds. vi. Design and publication of national and regional advertising in trade publications throughout the term of the Master Agreement 870 of 1132 875 Xerox does design and publish national/regional advertisements in trade publications. Participation is dependent upon current marketing funds and priorities. vii. Ongoing marketing and promotion of the Master Agreement throughout its term (case studies, collateral pieces, presentations, promotions, etc.) Xerox will work collaboratively with OMNIA Partners to develop a marketing plan to promote the use of the Master Agreement which may include case studies, co-branded collaterals, campaigns, etc. viii. Dedicated OMNIA Partners internet web-based homepage on Supplier’s website with: • OMNIA Partners, Public Sector standard logo; • Copy of original Request for Proposal; • Copy of Master Agreement and amendments between Principal Procurement Agency and Supplier; • Summary of Products and pricing; • Marketing Materials • Electronic link to OMNIA Partners, Public Sector’s website including the online registration page; • A dedicated toll-free number and email address for OMNIA Partners, Public Sector Offered as a value added service to our clients, upon contract award, Xerox will provide OMNIA Partners with a dedicated private and custom web portal, branded with the OMNIA Partners standard logo, which will include the following information: • Original RFP • Master Agreement and amendments • Summary of Products and pricing • Xerox product documentation and marketing materials (specification sheets, brochures, YouTube videos) • The OMNIA Partners, Public Sector toll-free number and email address • Link to the OMNIA Partners, Public Sector website • Xerox account team contact information C. Describe how Supplier will transition any existing Public Agency customers’ accounts to the Master Agreement available nationally through OMNIA Partners, Public Sector. Include a list of current cooperative contracts (regional and national) Supplier hold and describe how the Master Agreement will be positioned among other cooperative agreements. Xerox has hundreds of state and local government contracts within the US which, per state law, allow for cooperative purchasing. Listed below are the actual national cooperative group purchasing contracts that Xerox is currently awarded on. Within an active procurement cycle, we provide the contract based on the needs, requirements and requests of the procurement agency. Within every procurement order, Xerox provides an implementation plan to allow for transparent transition from one contract to another. Cooperative contracts include: • OMNIA Partners • GSA Schedule 70 • NASPO ValuePoint • E&I • PEPPM • Sourcewell 871 of 1132 876 D. Acknowledge Supplier agrees to provide its (logo(s) to OMNIA Partners and agrees to provide permission for reproduction of such logo in marketing communications and promotions. Acknowledge that use of OMNIA Partners logo will require permission for reproduction, as well. Because of the tremendous value associated with our brand, Xerox provides our company logo after the review of the use of our logo by the Xerox brand team, prior to the release of any marketing communications. Xerox Corporation shall have ten business days to approve such use prior to publication. Any use of OMNIA Partners Public Sector name and logo or any form of publicity, inclusive of press releases will have prior approval from OMNIA Partner. E. Confirm Supplier will be proactive in direct sales of Supplier’s goods and services to Public Agencies nationwide and the timely follow up to leads established by OMNIA Partners, Public Sector. All sales materials are to use the OMNIA Partners, Public Sector logo. At a minimum, the Supplier’s sales initiatives should communicate: i Master Agreement was competitively solicited and publicly awarded by a Principal Procurement Agency ii Best government pricing iii No cost to participate iv Non-exclusive Xerox acknowledges and agrees. F. Confirm Supplier will train its national sales force on the Master Agreement. At a minimum, sales training should include: i. Key features of Master Agreement ii. Working knowledge of the solicitation process iii. Awareness of the range of Public Agencies that can utilize the Master Agreement through OMNIA Partners, Public Sector iv. Knowledge of benefits of the use of cooperative contracts Xerox acknowledges and agrees. G. Provide the name, title, email and phone number for the person(s), who will be responsible for: i. Executive Support Mark Browning | Vice President Public Sector / Healthcare Center of Excellence Sales Enablement Americas Operations mark.browning@xerox.com Phone: 717-777-6624 ii. Marketing Staci McKee | Global Integrated Marketing Government | Healthcare | Education Staci.mckee@xerox.com Phone: 303-881-3718 iii. Sales Rachael Jones Turner | SLED Cooperative Contracts Manager Public Sector / Healthcare Center of Excellence Sales Enablement Americas Operations Rachael.Jones@Xerox.com 872 of 1132 877 Phone: 310-258-6266 iv. Sales Support Jennifer Melgar | S&L Cooperative Contract Support Administrator NAO – SE Xerox Sales Support Center Jennifer.Melgar@Xerox.com Phone: 503-685-2239 v. Financial Reporting Kathlene M. Andris | Rebate Analyst US Customer Business Operations Kathlene.Andris@Xerox.com Phone: 847-928-2543 vi. Accounts Payable Kevin Rowland | Accounts Payable Manager | Systems Support Manager CFO Global Operations Kevin.Rowland@xerox.com Phone: 585-427-3974 vii. Contracts Rachael Jones Turner | SLED Cooperative Contracts Manager Public Sector / Healthcare Center of Excellence Sales Enablement Americas Operations Rachael.Jones@Xerox.com Phone: 310-258-6266 H. Describe in detail how Supplier’s national sales force is structured, including contact information for the highest-level executive in charge of the sales team. Go To Market Teams Xerox is organized from a sales perspective on the basis of “go-to-market” sales channels. These sales channels are structured to serve a range of customers for our products and services. • Mike Feldman, President of the Americas Operations for Xerox Corporation, leads the company’s go-to- market teams in the U.S., Canada, Mexico, Central and South America. Our sales go-to- market teams are focused on bringing our full portfolio or product offerings to current and new customers and partners, while maximizing and expanding coverage through direct and indirect channels. • Jim Wallace leads both the U.S. Commercial Named Accounts and the Government, Healthcare & Education (GHE) sales teams. • Wilson Vega leads the U.S. Agents, Xerox authorized independent agents. • Joanne Collins Smee, the Xerox Chief Commercial Officer, is the Interim XBS President leading our wholly owned subsidiary, Xerox Business Services (XBS) - formerly known as Global Imaging Systems), an office technology dealer comprised of regional companies in the U.S. 873 of 1132 878 874 of 1132 879 US Ent erprise Drga iz at io n Chart March 202 ~l im Wd!ie-e 380iea'\',;e PrE<;~ IJS Erbpn~ Ka'lh•lln 31111 J1c001 c .·-.- : ll'Dllt!llll ' s : Jol"nHDWe: ar ctm~en ! -Mile Pla~.;.r . US Agent Operations Organization Chart Wilson Vega Vice President Diane Miller, Wilsonville Admm. A ssistant Catherine Brun Nat'/ Sales Ops Manager Da nielle Fletcher Office I Production Sales Ops Manager Maggie Hoo-Kim Agent Rep Recrwtmg & Services Support • • • • Stephanie Wosm ansky, Admm Assistant • -~-~-Milagros Vergara , PR BRP & Gov't Affairs Extended Resource s Include: .. _ ------ -- -- -- -- -- --_ _. : I l'll:lil1 Dill □ I l'tilbm. ' M i11I1 Ccm!III Ciuiai• H,ml,;or,u,1 □rilkllII PA~.1,,IUillil'J' SillMI \l,IIM ~ Wltl'!ll:f'IBl!.11'.im t .i..uri vu, ___________ , xerox Senior Managed Print Services Consultants (Jim Joyce's Org.) Virtual Managed Print Service Specialists (XOS) Production Specialists (Sean Hickey's Org.) Contract Administration (Kevin Zielinski's Org .) Coverage,ScottKent BuyfSell Pricing (Ken Altfather's Org.) BinHassett,Controller John Hassokl,Finance Jim Williams , OGC Michael Calomino, HR BP ~ M#i·MMM#i·MMM#,.MMM#i·MMM2Mf·MMM2Mi·MMMMl·MMMWMl·MM Richard Kier, Dale Ventling , Sa ul Soto , Sau l Soto , Mike Haines , Robert Rodriguez , 0 0 d CBM Jon Stitt, CBM CBM CBM CBM CBM CBM ewon ar en , CBM An a Ruiz, IWSC Carmen Soler, IWSC James Morton, Sales Manager, XDS, East Region Lewis Simard, Sales Manager, XDS , West Region Deno Kotsabasakis , VCBM Peter Quinn, VPSE Christine Craft, VCBM Stephanie Simard, VPSE Paul Alleyne , VCBM Ron Brideau, VPSE Cory Nickerson, VSAS TBA, VSE Katelin Craig , VCBM Pa m O'Connor, VCBM Mandy Morrissey, VIWSC Ch ristian Goldie, VPSE Jeff Cam pbell , VPSE Maureen Holditch , covering VCBM John Currie, VPSE Mary Stevenson, VCBM Christin Grattan. VPSE Tara Abbott , VSAS Christi ne Shanno n, VSE Cory Nickerson, coveri ng VCBM Jeff Schell, VPSE xerox ·· Public Sector / Healthcare Center of Excellence On January 1, 2014, Xerox established a Public Sector Center of Excellence (COE), led by Mark Browning. The COE is responsible for the successful implementation and results stemming from the implementation of Federal, State & Local, Education and Healthcare contracts. The COE is focused on all aspects of contract support: • Enabling the contracting for Federal, State, Local, Education and Healthcare contracts. • Fostering high level executive relationships across the Federal and SLED markets. • Drive strategic opportunities in both Technology and Managed Print Services to accelerate revenue growth. • Provide consistent support across all Xerox sales channels. • Contract Management to provide timely contract reports/fees payment. • Manage contract compliance issues and audit readiness. 875 of 1132 880 X s SL i Cirect R ports ;J<.M!M'f[l,loll.tJellOOf'~ ~ ~-!e;~ ■f!.w:alnl J ,Oi!li'i liUt Co n:!ii Smt:t:, Xuro:x Ch If Com murc 0 et1 r Interim XSS Pre-siden · Rachael Jones Turner is the US Director, SLED Cooperative Contract, providing strategic direction and deployment of Cooperative contracts in all Xerox Sales Channels across North America. She provides ongoing support, training and national implementation. I Explain in detail how the sales teams will work with the OMNIA Partners team to implement, grow and service the national program. We have found positive results in taking a collaborative approach with OMNIA Partners to market our contract to public agencies to drive both awareness and adoption. We depend on our partner’s willingness and support to help carry our message and promote our technology and we have learned that taking a joint approach for these initiatives often yields higher rates of success in the long-term. We encourage sales integration to strategize on account specific opportunities, bridge relationships between the member and Xerox and support customer eligibility questions. During the training and launch of the contract, Xerox will reinforce the role of the OMNIA Partner’s Region Managers and will encourage integration during Xerox sales team meetings and one-on-one interaction for account specific opportunities. J. Explain in detail how Supplier will manage the overall national program throughout the term of the Master Agreement, including ongoing coordination of marketing and sales efforts, timely new Participating Public Agency account set-up, timely contract administration, etc. Xerox will continue managing the national program throughout the term of the contract by leveraging our superior national infrastructure solely responsible for all aspects of government contracting. The Xerox Public Sector Center of Excellence (COE) ensures contract education nationally, consistency of pricing and controls, compliance to the terms and conditions of the contract, sales reporting and marketing and sales efforts. Within the COE, we have dedicated resources who are responsible for managing each core competency. Throughout the term of the master agreement, this team will lead the efforts to coordinate all aspects of the management of the contract. 876 of 1132 881 Public Sector Center of Excellence Mar k Browni ng Public Sector Center of Excell ence Cary F rey Feoeral Contracts ano Pricing Dave Goins W1ll 1a111 Johnson Pcl1..• LL'CtmL'I Oan Scr11n 1ett ,------------------ ! Ger i Pomerantz Major Account Contracting Tony lannitelli FED / SLED Major Acct. Operation Ger;;i,ldOritt Cki1u.: l::5 1owr111iy• l:k~ndSk.-y l ~et>ecka ~laele Lin Eunpu YV01 111c H1 t.iu::)' Hc.;1b Jcnkms Cheryl Land I ew !MJ! .U Chris Bantham Jo;1.n ne I evy Lr;a Perk in-... .A1111 t{1,J$'S() Ul'Kla wrute CA Open Rachael Jones Tu r ner SLI: O Cooperative Contracts Ed Buckson Director, Diverse Alliances Jason Rovey D irector, Federal System Integrators Yetta Toliver Fl:O I SLl:O Contract Compliance Office Michelle 6.u.bY. Nicole Ch.:1vis Shaf'Oli ~ Michael Parker Denise Stark Chris McPherson Dir ecto r , US Government Channels xerox·· K. State the amount of Supplier’s Public Agency sales for the previous fiscal year. Provide a list of Supplier’s top 10 Public Agency customers, the total purchases for each for the previous fiscal year along with a key contact for each. Xerox does not make this information publicly available. A significant portion of our revenues is derived from contracts with U.S. state and local governments and their agencies. L. Describe Supplier’s information systems capabilities and limitations regarding order management through receipt of payment, including description of multiple platforms that may be used for any of these functions. Orders are entered into a centralized ordering system which is accessible to only authorized Sales Representatives and the Order Processing Representatives. Editing of the order is completed and the request for equipment or service is passed to distribution in the equipment procurement system to establish a delivery date and time. Additionally, any special requirements are noted, and the appropriate departments are automatically notified if their involvement is necessary at the time of installation. Once successfully installed and accepted a notification is sent to the billing system to start the invoicing of the equipment or service. Invoices are generated and delivered to the customer and are due upon receipt. Generally, any equipment ordered or invoiced can be tracked and any needed reporting can be pulled from a centralized database. M. If the Supplier wants to guarantee sales, provide the Contract Sales (as defined in Section 10 of the National Intergovernmental Purchasing Alliance Company Administration Agreement) that Supplier will guarantee each year under the Master Agreement for the initial three years of the Master Agreement (“Guaranteed Contract Sales”). $_______.00 in year one $_______.00 in year two $_______.00 in year three To the extent Supplier guarantees minimum Contract Sales, the administration fee shall be calculated based on the greater of the actual Contract Sales and the Guaranteed Contract Sales. Xerox does not guarantee minimum contract sales as we are not familiar with the participating public agencies that are anticipated to utilize the resulting Master Agreement. Xerox will pay 3% on all revenue billed under the contract. 877 of 1132 882 N. Even though it is anticipated many Public Agencies will be able to utilize the Master Agreement without further formal solicitation, there may be circumstances where Public Agencies will issue their own solicitations. The following options are available when responding to a solicitation for Products covered under the Master Agreement. i. Respond with Master Agreement pricing (Contract Sales reported to OMNIA Partners). ii. If competitive conditions require pricing lower than the standard Master Agreement not-to-exceed pricing, Supplier may respond with lower pricing through the Master Agreement. If Supplier is awarded the contract, the sales are reported as Contract Sales to OMNIA Partners under the Master Agreement. iii. Respond with pricing higher than Master Agreement only in the unlikely event that the Public Agency refuses to utilize Master Agreement (Contract Sales are not reported to OMNIA Partners). iv. If alternative or multiple proposals are permitted, respond with pricing higher than Master Agreement, and include Master Agreement as the alternate or additional proposal. Detail Supplier’s strategies under these options when responding to a solicitation. Applicable to all four of these situations, whether a formal solicitation or not, as Xerox is requested to participate in a procurement cycle with an OMNIA Partner member, we will provide unique pricing equal to or below the not to exceed pricing based on bulk buy provisions per the terms and conditions of the University of California Master Agreement. If the individual procuring agency requires us to amend those terms and conditions to meet their specific state laws or requirements, we will provide an addendum in conjunction with the master terms and all revenue will be reported under OMNIA Partners. 878 of 1132 883 COMPANY / GROUP STREET ADDRESS CITY/STATE/ZIP WEB ADDRESS SALES MGR/VP Xerox Business Solutions, Inc.8701 Florida Mining Blvd Tampa, FL 33634 www.xeroxbusinesssolutions.com Sylvia Carrizosa Amcom Office - AMC 3600 McClaren Woods Drive Coraopolis, PA 15108 www.teamamcom.com David Saber Arizona Office Technologies - AOT 4320 E. Cotton Center Blvd #100 Phoenix, AZ 85040 www.aot-xerox.com David Hague Berney Office Solutions - BER 10690 John Knight Close Montgomery, AL 36117 www.berney.com David Washington Berney Office Solutions - BER 780 Lakeside Drive W., Ste B Mobile, AL 36693 www.berney.com David Washington Berney Office Solutions - BER 4970 Corporate Drive, Ste 125H Huntsville, AL 35805 www.berney.com David Washington Stewart of Alabama, Inc. - STO 4000 Colonnade Parkway Birmingham, AL 35243 www.berney.com Matt Fulmer Carr Business Systems - CAR 500 Commack Road, Ste 110 Commack, NY 11725 www.carrxerox.com Joe Savino Carr Business Systems - CAR 485 Lexington Ave FL25 New York, NY 10017 www.carrxerox.com Joe Savino Connecticut Bus. Systems - CBS 100 Great Meadow Rd Wethersfield, CT 06109 www.cbs-gisx.com Steve Velardi Connecticut Bus. Systems - CBS (Warehouse)240 Pane Rd Newington, CT 06111 www.cbs-gisx.com Steve Velardi Connecticut Bus. Systems - CBS 134 Capital Drive West Springfield, MA 01089 www.cbs-gisx.com Joe Cunningham Connecticut Bus. Systems - CBS 465 Taylor Street Springfield, MA 01105 www.cbs-gisx.com Joe Cunningham Connecticut Bus. Systems - CBS 931 Jefferson Blvd Warwick, RI 02886 www.cbs-gisx.com Joe Cunningham Integrity One Technologies, Inc.- IOT 2920 Fortune Circle W, Suite C Indianapolis, IN 46241 www.iot-xerox.com Steve Shank Integrity One Technologies, Inc.- IOT 801 N Capitol Avenue Indianapolis, IN 46204 www.iot-xerox.com Steve Shank Integrity One Technologies, Inc.- IOT 2120 High Wickham Place Louisville, KY 40245 www.iot-xerox.com Stephanie Maloney ComDoc, Inc. - COM 8247 Pittsburg Avenue NW North Canton, OH 44720 www.comdoc.com Keith Hanawalt ComDoc, Inc. - COM 9100 South Hills Blvd. (Cleveland)Broadview Hgts, OH 44147 www.comdoc.com Tony Rugar ComDoc, Inc. - COM 9999 Carver Road, Ste 100 Blue Ash, OH 45242 www.comdoc.com Tim Combs ComDoc, Inc. - COM 330 West Spring St, Ste 100 & 140 Columbus, OH 43215 www.comdoc.com David Cathers ComDoc, Inc. - COM (Warehouse)711-713 Hadley Drive (WH)Columbus, OH 43228 www.comdoc.com David Cathers ComDoc, Inc. - COM 55 Amherst Villa Rd Buffalo, NY 14225 www.comdoc.com Eric Smith Capital Busines Systems, Inc.- CBU 2708 Commerce Drive, Unit A Harrisburg, PA 17110 www.capitalbusinessinc.com David Schlomer Conway Technolodgy Group LLC - COP 10 Capitol Street Nashua, NH 03063 www.conwayoffice.com Carl Tourigny Conway Tech Group LLC - COP d/b/a Transco 34 Leighton Road Augusta, ME 04330 www.transcobusiness.com David Palmer Conway Tech Group LLC - COP d/b/a BEU 275 Read Street Portland, ME 04103 www.beu.net David Palmer Capitol Office Solutions, LLC - COS 9065 Guilford Road Columbia, MD 21046 www.cosxs.com MIF Specialist Chicago Office Technology Group, Inc. - COTG 3 Territorial Court Bolingbrook, IL 60440 www.cotg.com Brian McCullough Chicago Office Technology Group, Inc. - COTG 1 East Wacker Dr, #1305 Chicago, IL 60601 www.cotg.com Brian McCullough 879 of 1132 884 Chicago Office Technology Group, Inc. - COTG Two Pierce Pl, Ste 12th Floor Itasca, IL 60143 www.cotg.com Brian McCullough Carolina Office Systems - CSS 10506 Bryton Corp Center Dr, Ste 400 Huntersville, NC 28078 www.carolinaos.com Brad Kikendall Carolina Office Systems - CSS 2265 Clements Ferry Rd, Ste 203 Charleston, SC 29492 www.carolinaos.com Brad Kikendall G-Five, Inc. - GFI 297 Garlington Rd, Suite H Greenville, SC 29615 www.gfive.net Justin Wagner 880 of 1132 885 Dahill Office Technology Corp-DAH d/b/a Xerox Business Solutions Southwest 8200 IH 10 W, Suite 400 San Antonio, TX 78230 www.dahill.com Bonnie Garza Dahill Office Technology Corp-DAH d/b/a Xerox Business Solutions Southwest 17280 Green Mtn Road, Ste. 130 San Antonio, TX 78247 www.dahill.com Bonnie Garza Dahill Office Technology Corp-DAH d/b/a Xerox Business Solutions Southwest 2100 West Loop South, Ste 1300 Houston, TX 77027 (Galleria)www.dahill.com Bonnie Garza Dahill Office Technology Corp-DAH d/b/a Xerox Business Solutions Southwest 5747 Brittmoore Rd, Suite 100 Houston, TX 77041 (WH)www.dahill.com Bonnie Garza Dahill Office Technology Corp-DAH d/b/a Xerox Business Solutions Southwest 901 S. Mopac Expwy, Ste 595 Austin, TX 78746 www.dahill.com Bonnie Garza Dahill Office Technology Corp-DAH d/b/a Xerox Business Solutions Southwest 11831 Miriam, Unit A-9 (Serv Wh)El Paso, TX 79936 Bonnie Garza Denitech Corporation - DEN 820 W Sandy Lake Rd, Ste 100 Coppell, TX 75019 www.denitech.com Bonnie Garza Dahill Office Technology Corp-DAH d/b/a Xerox Business Solutions Southwest 100 North Mustang Rd. Dock 1 Yukon, OK 73099 www.youronesource.com Thomas Meagher Eastern Managed Print Network - ECP 1224 W. Genessee St.Syracuse, NY 13204 www.easternmpn.com Steve Wilmarth Eastern Managed Print Network - ECP 111 Grant Avenue Endicott, NY 13760 www.easternmpn.com Steve Wilmarth Eastern Managed Print Network 8 Access Road Colonie (Albany), NY 12205 www.easternmpn.com Steve Wilmarth Elan Marketing, Inc. d/b/a Elan Office Systems 6760 Surrey Street Las Vegas, NV 89119 www.elanoffice.com John Gallegos Electronic Systems - ESI 369 Edwin Drive (Building 1)Virginia Beach, VA 23462 www.esi.net Steve Pitts Electronic Systems - ESI 365 Edwin Dr (Bldg. 2-not publishd)Virginia Beach, VA 23462 www.esi.net Steve Pitts Electronic Systems - ESI 4417 Expressway Dr Virginia Beach, VA 23452 www.esi.net Steve Pitts Electronic Systems - ESI 3727 Challenger Avenue Roanoke, VA 24012 www.esi.net Steve Pitts Electronic Systems - ESI 10406 Lakeridge Parkwy, Ste 1000 Ashland, VA 23055 www.esi.net Steve Pitts TML Enterprises, Inc. - TML 4151 Lafayette Center Dr, Ste 100 Chantilly, VA 20151 www.tml-xerox.com Steve Pitts GDP Technologies, Inc. - GDP 1180 Eisenhower Parkway Macon, GA 31206 www.gadup.com Keith Harper GDP Technologies, Inc. - GDP 4350 Rivergreen Parkway, Ste 100 Duluth, GA 30096 www.gadup.com Keith Harper imageQuest - IQI 11021 E 26th Street N Wichita, KS 67226 www.imagequestks.com Paul Morton imageQuest - IQI 11106 Strang Line Rd, Bldg K Lenexa, KS 66213 www.imagequestks.com Paul Morton Image Technology Specialists, Inc. - ITS 70 Shawmut Road Canton, MA 02021 www.its-xrx.com Randy Baril Lewan & Associates - LEW 1400 South Colorado Blvd.Denver, CO 80222 www.lewan.com Michael Carroll Lewan & Associates - LEW (Warehouse)8530 Concord Center Dr, #400 Englewood, CO 80112 www.lewan.com Michael Carroll Lewan & Associates - LEW 1551-D Mercantile Avenue NE Albuquerque, NM 87107 www.lewan.com Michael Carroll LRI, LLC 1601 SE Gateway Drive, Ste 130 Grimes, Iowa 50111 www.laserresources.com Paul Bronke Merizon Group, Inc - MBM d/b/a Modern Business Machines 620 N. Lynndale Drive Appleton, WI 54914 www.mbm360.com Jason Loker Michigan Office Solutions - MOS 2859 Walkent Drive NW Grand Rapids, MI 49544 www.mos-xerox.com Keith Stewart Michigan Office Solutions - MOS 3101 Technology Blvd, Ste J Lansing, MI 48910 www.mos-xerox.com Keith Stewart Michigan Office Solutions - MOS 40000 Grand River, Ste 500 Novi, MI 48375 www.mos-xerox.com Walter Reynolds 881 of 1132 886 Minnesota Office Technology Group - MOTG 5600 Rowland Rd, Ste 205 Minnetonka, MN 55343 www.motg-xerox.com Christopher Reeves 882 of 1132 887 Mr. Copy, Inc. - MRC, d/b/a MRC Smart Technology Solutions 5657 Copley Dr.San Diego, CA 92111 www.mrc360.com Charlie Sinnen Mr. Copy, Inc. (Warehouse)5625-5629 Copley Dr San Diego, CA 92111 www.mrc360.com Charlie Sinnen Mr. Copy, Inc. - MRC, d/b/a MRC Smart Technology Solutions 5050 Hopyard Road, Ste 100 Pleasonton, CA 94588 www.mrc360.com Charlie Sinnen Mr. Copy, Inc. - MRC, d/b/a MRC Smart Technology Solutions (Wareh21343 Cabot Blvd, Bldg A Hayward, CA 94545 www.mrc360.com Charlie Sinnen Rabbit Office Automation (ROA)904 Weddell Court Sunnyvale, CA 94089 www.roa-usa.com Charlie Sinnen Inland Business Systems, Inc. - IBS 1326 N. Market Blvd, Sacramento, CA 95834 www.igoinland.com Bill Mello Inland Business Systems, Inc. - IBS aka Sierra Office Solutions - SIO 4710 Longley Lane Reno, NV 89502 www.sierraoffice.com Bill Mello Inland Business Systems, Inc. - IBS aka Lucas Business Systems, Inc. - LUC 627 Bitritto Court Modesto, CA 95351 www.lucassystems.com Bill Mello Inland Business Systems, Inc. - IBS aka Lucas Business Systems, Inc. - LUC 2592 Notre Dame Blv Chico, CA 95928 www.lucassystems.com Bill Mello SoCal Office Technologies f/d/b/a MWB Copy Products. - SOC 5700 Warland Drive Cypress, CA 90630 www.socal-office.com Stephanie Bannon Zoom Imaging Solutions - ZIS 4603 W. Jennifer Ave.Fresno, CA 93722 www.zoomcopiers.com Charlie Sinnen Xerox Hawaii - XHI 700 Bishop Street, Ste 1200 Honolulu, HI www.xerox.com Ian Yee MT Business Technologies, Inc. - MTB 1150 National Parkway Mansfield, OH 44906 www.mtbt.com Mark Oswald MT Business Technologies, Inc. - MTB 1205 Corporate Drive Holland, OH 43528 www.mtbt.com Mark Oswald Quality Business Systems - QBS 14432 SE Eastgate Way, Ste 300 Bellevue, WA 98007 www.qbsi-xerox.com Paul Franetovich Quality Business Systems - QBS (Warehouse)7112 S. 212th Street Kent, WA 98032 www.qbsi-xerox.com Paul Franetovich CTX Business Solutions d/b/a Copytronix - CTX 16640 SW 72nd Ave, Bldg 10 Portland, OR 97224 www.ctx-xerox.com Kyle Marvin Boise Office Equipment, Inc. - BOE 330 North Ancestor Place Boise, ID 83704 www.boeweb.com Rob Davis R.K. Dixon Company - RDK 5700 Utica Ridge Road Davenport, IA 52807 www.rkdixon.com Paul Bronke R.K. Dixon Company - RDK 8630 North Allen Road Peoria, IL 61615 www.rkdixon.com Nick Barnes Premier Office Equipment, Inc. - POE 1510 East Olive Street Marshalltown, IA 50158 www.premierofficeequipment.com Nick Barnes Saxon Business Systems - SAX 14025 NW 60th Avenue Miami Lakes, FL 33014 www.saxon.net Bert LaCalle Saxon Business Systems - SAX 1395 NW 17th Avenue, #107 Delray Beach, FL 33445 www.saxon.net Bert LaCalle Saxon Business Systems - SAX 9150 Phillips Highway, Ste 2 Jacksonville, FL 32256 www.saxon.net Bert LaCalle Stewart Business Systems - STW 6000 Irwin Road, Suite A Mt. Laurel, NJ 08054 www.stewartxerox.com Kathy DiMaggio Stewart Business Systems - STW (Warehouse)3001 Irwin Road, Suite B&C Mt. Laurel, NJ 08054 www.stewartxerox.com Kathy DiMaggio Stewart Business Systems - STW 365 W. Passaic St, Ste 585 Rochelle Park, PA 07662 www.stewartxerox.com Kathy DiMaggio Zeno Office Solutions - ZOS 8701 Florida Mining Blvd Tampa, FL 33634 www.zenosolutions.com Bill Batrow 883 of 1132 888 Establishment Owner_First Owner_Last Address1 City State Zip ADVANCED XEROGRAPHICS RAYMOND BURT 307 S. MAIN STREET UKIAH CA 95482 SMART DOCUMENT SOLUTIONS - (LAKE HAVASU)TRACEY ARVIEUX 4045 E. PALM LANE PHOENIX AZ 85008 COPIERS PLUS INC KRIS SMITH 218 NORTH MAIN, SUITE 1 MONTICELLO IN 47960 NORTHEAST OFFICE EQUIPMENT JIM CHIACCHIERO 1520 W. 13TH STREET ASHTABULA OH 44004 PENDRED OFFICE MACHINES MICHAEL PENDRED 1233 N. MISSION MT. PLEASANT MI 48858 DIGITAL DOCUMENT SOLUTIONS LANNY LEONARD 324 NO. MCPHERSON CHURCH ROAD - 2ND FL FAYETTEVILLE NC 28303 AMERICAN BUSINESS CENTER MPS, INC.RICHARD YEATS PO BOX 20128 PANAMA CITY FL 32417 DOCUGRAPHICS, LLC THOMAS FIMIAN 6624-C GORDON ROAD WILMINGTON NC 28411 COPIERS ETC.PEGGY ANN BRANNON 148 SOUTH DOROUGH ROAD CORDELE GA 31015 XDOS, INC.HAROLD NIXON 18 EAST LIBERTY STREET SUMTER SC 29150 ADVANTAGE BUSINESS PRODUCTS RANDY KIDWELL 2064 S. WESTERN AVENUE SPRINGFIELD MO 65807 PROFESSIONAL OFFICE PRODUCTS, INC. (II)JASON MONTET 441 N. MAIN JENNINGS LA 70546 JUSTTECH, LLC (VI)JOSHUA JUSTICE 101 CATALPA DR STE #102 LA PLATA MD 20646 QUALITY QUICKLY BRIAN MARSHALL 945 3rd AVE SE SUITE 103 HICKORY NC 28602 RYDER BROTHERS STATIONERY RANDY DODSON 1735 MAIN STREET BAKER CITY OR 97814 BUSINESS EQUIPMENT LLC MARK DURBIN PO BOX 7948 PADUCAH KY 42003 BUSINESS IMPRESSIONS JEFF BASSETT PO BOX 959 AUBURN IN 46706 BUTLER’S OFFICE EQUIPMENT & SUPPLY (EAST)PATRICK BUTLER 1900 E. HISTORIC HWY 66, SUITE C GALLUP NM 87301 BENCHMARK BUSINESS SOLUTIONS, INC. (NEW MEXICO)JEFF HORN 1607 BROADWAY LUBBOCK TX 79401 XEROGRAPHIC EQUIPMENT SYSTEMS MICHAEL MCKENNA PO BOX 794 CHEYENNE WY 82003 METRO CENTRE, LP KARLA METZLER 679 COUNTY ROAD 404 GAINESVILLE TX 76240 BEST OFFICE SOLUTIONS BOB VALENTA PO BOX 849 ATLANTA TX 75551 COMPUTERS911, LLC (II)BILLY TINGLE 403 N. MAIN MARKSVILLE LA 71351 COMPUTERS911, LLC BILLY TINGLE 403 N. MAIN MARKSVILLE LA 71351 X WEST INC.RANDALL BERNHARDT 12136 W. BAYAUD AVE., STE 125 LAKEWOOD CO 80228 PROFESSIONAL OFFICE PRODUCTS, INC. (III)JASON MONTET 441 N. MAIN JENNINGS LA 70546 SOUTH TEXAS SALES SONNY HOELSCHER 1901 EAST MAIN STREET ALICE TX 78332 ALABAMA OFFICE SUPPLY HARRIS ASBURY PO BOX 467 OPELIKA AL 36801 COLONY OFFICE PRODUCTS DAN WILSON 121 EAST WASHINGTON STREET DEMOPOLIS AL 36732 LOW COUNTRY OFFICE SOLUTIONS DON NESBITT 802 EAST MARTINTOWN RD, SUITE 162 NO. AUGUSTA SC 29841 SOUTHERN OFFICE EQUIPMENT, LLC TIMOTH TODD PO BOX 636 DAPHNE AL 36526 NO MISSISSIPPI BUS PRODUCTS MARK FOSTER 223 SHARKEY AVE., SUITE 104 CLARKSDALE MS 38614 MICKEY MAYS OFFICE SOLUTIONS MICKEY MAYS 600 MONROVIA DR RUSTON LA 71270 PREFERRED OFFICE MACHINES JOHN MILAN 215 NORTH MICHIGAN BIG RAPIDS MI 49307 DIGITAL OFFICE CENTRE TOM ROSTVEDT 515 20TH AVENUE SE, STE 11 MINOT ND 58701 JUSTTECH, LLC (V)JOSHUA JUSTICE 101 CATALPA DR STE #102 LA PLATA MD 20646 IMAGE MAKERS INC LAURA NYQUIST 3588 VETERANS DRIVE, SUITE 3 TRAVERSE CITY MI 49684 Xerox Authorized Sales Agents 884 of 1132 889 VALLEY OFFICE PRODUCTS LARRY CANTINE 110 SOUTH MAIN STREET MILBANK SD 57252 THE BUSINESS CONNECTION JAMES PUCHNER 214 MAIN CHADRON NE 69337 PROFESSIONAL BUS PRODUCTS KEN MCBRIDE PO BOX 1154 CRAB ORCHARD WV 25827 ATLAS REPRODUCTION, INC.MICHAEL MCKENNA PO BOX 2901 CASPER WY 82601 XEROGRAPHIX EAST TEXAS SCOTT WALLER 424 NORTH STREET NACOGDOCHES TX 75961 SOUTHWEST OFFICE SOLUTIONS, INC. (BELEN)TRACY ASHTON 1789 CENTRAL AVENUE, SUITE 4 LOS ALAMOS NM 87544 SUPERIOR OFFICE PRODUCTS RANDY POCHE 533 HIGHLANDIA DRIVE, STE K BATON ROUGE LA 70810 DOCUMENT SOLUTIONS (II)LOREN MAUK 1540 RICE ROAD, SUITE 100 TYLER TX 75703 BUTLER’S OFFICE EQUIPMENT & SUPPLY (NORTH)PATRICK BUTLER 1900 E. HISTORIC HWY 66, SUITE C GALLUP NM 87301 PROFESSIONAL OFFICE PRODUCTS, INC.JASON MONTET 441 N. MAIN JENNINGS LA 70546 NORMAN ORR OFFICE SUPPLY, LLC REID GRIGSBY 202 WEST MAIN WEST PLAINS MO 65775 MERRIFIELD OFFICE SUPPLY, LLC DARRELL MERRIFIELD 224 SOUTH MAIN ELK CITY OK 73644 OFFICE EQUIPMENT SOURCE, INC. (II)MIKE MITCHELL 227 W. WATER STREET ELMIRA NY 14901 JUSTTECH, LLC (III)JOSHUA JUSTICE 101 CATALPA DR STE #102 LA PLATA MD 20646 JUSTTECH, LLC (IV)JOSHUA JUSTICE 101 CATALPA DR STE #102 LA PLATA MD 20646 WYTHEVILLE OFFICE SUPPLY KENNETH WAYNE ROOP 146 WEST MAIN STREET WYTHEVILLE VA 24382 COMPLETE DOCUMENT SOLUTIONS CENTRAL PENN LLC II JOHN HAND 19 GLORIA LANE FAIRFIELD NJ 07004 KYLE OFFICE SUPPLY CHRIS KYLE 1020 21ST AVENUE TUSCALOOSA AL 35401 COMPLETE DOCUMENT SOLUTIONS, MARYLAND LLC (IV)JOHN HAND 19 GLORIA LANE FAIRFIELD NJ 07004 HUGHES OFFICE EQUIPMENT, LLC JOHN TURZIANO PO BOX 278 BELLAIRE OH 43906 SIERRA OFFICE SOLUTIONS TODD ALLRED 23811 WASHINGTON AVE STE C110-230 MURIETTA CA 92562 PRINT 'N COPY CENTER REECE KEENER 565 W. SILVER ST.ELKO NV 89801 D-TECH NORTH, LLC FRANK DEFRANCESCO 1095 MILITARY TRL, UNIT 1447 JUPITER FL 33458 BUDDE'S OFFICE SUPPLY BERT BUDDE 3210 FLAGLER AVENUE KEY WEST FL 33040 OFFICE AUTOMATION DANIEL PATRICK CURRIE 851 NW 250 TERRACE NEWBERRY FL 32669 PRECISION OFFICE SYSTEMS ROBERT DEMARCO 8817 NW 40th CIRCLE GAINESVILLE FL 32653 DOCUMENT SYSTEMS, INC. (II)CRAIG BRAME 89 MARKET STREET HENDERSON NC 27537 BUERGER OFFICE SYSTEMS CAMERON BUERGER 1670 WARREN ROAD INDIANA PA 15701 OFFICE EQUIPMENT SOURCE, INC. (I)MIKE MITCHELL 227 W. WATER STREET ELMIRA NY 14901 XEROGRAPHICS OF FLAGSTAFF, INC.TRACEY ARVIEUX 4045 E. PALM LANE PHOENIX AZ 85008 ADVANCED DOCUMENT SYSTEMS, INC.HECTOR LIZARDI 19226 66th AVE. S., SUITE L-100 KENT WA 98032 DOCUMENT CONSULTING SERVICES TED SWICK 880 APOLLO STREET, SUITE 353 EL SEGUNDO CA 90245 LAS AMERICAS OFFICE EQUIPMENT, INC.FELIX RIVERA PO BOX 90 MERCEDITA PR 00715 EXECUTIVE OFFICE EQUIPMENT LAURANCE BONELLI PO BOX 6217 ST THOMAS VI 00804 OFFITEK FELIX RIVERA 2980 EMILIO FAGOT AVENUE SUITE 2 PONCE PR 00716 DOCUMENT COMPANY JORGE CANALS AVE. LAUREL #GA11, CALLE 49, SANTA JUANITA BAYAMON PR 00956 C & M DOCUMENT COMPANY, INC.JORGE CANALS MSC 848, AVENIDA WINSTON CHURHILL #138 SAN JUAN PR 00926 COMPLETE DOCUMENT SOLUTIONS LLC (III)JOHN HAND 19 GLORIA LANE FAIRFIELD NJ 07004 JUSTTECH, LLC (VII)JOSHUA JUSTICE 101 CATALPA DR STE #102 LA PLATA MD 20646 885 of 1132 890 ANNAPOLIS OFFICE PRODUCTS JIM SCHALGE 8258 VETERANS HIGHWAY, SUITE 3A MILLERSVILLE MD 21108 MARITIME BUSINESS CONCEPTS SCOTT WILLIAMS 1306 N. HERRITAGE ST KINSTON NC 28501 AMERICAN BUSINESS CENTER MPS INC. (II)RICHARD YEATS PO BOX 20128 PANAMA CITY FL 32417 OFFICE AUTOMATION (EAST-WEST)DANIEL PATRICK CURRIE PO BOX 9 NEWBERRY FL 32669 IMAGE SOURCE IV BRAD CRAFT 650 EAST HOSPITALITY LANE, STE 540 SAN BERNARDINO CA 92408 XEROGRAPHIC BUSINESS SYS LARRY GLEASON 819 WATER ST, SUITE 110.KERRVILLE TX 78028 XMC OF ARKANSAS BOB HAMILTON 7585 AE BEATY DRIVE, SUITE 101 BARTLETT TN 38133 TALLAHASSEE TECHNOLOGY GROUP, INC.RICHARD MAUS 1949 RAYMOND DIEHL ROAD STE B TALLAHASSEE FL 32308 KIMBRELL'S DIGITAL SOLUTIONS SCOTT KIMBRELL 520 MAIN STREET NATCHEZ MS 39120 DOCUMENT SOLUTIONS EAST, INC.DARRELL HARRISON PO BOX 4006 GREENVILLE NC 27858 THE OFFICE ADVANTAGE MARK VAN DEN HOEK 318 N. MAIN MITCHELL SD 57301 FLYNN'S INC.BRIAN CANTOR 115 W 30th ST., RM 411 NEW YORK NY 10001 T.E.C DOCUMENT SOLUTIONS ANTHONY GARCIA 231 WEST 29TH STREET SUITE 905 NEW YORK NY 10001 DELMARVA DOCUMENT SOLUTIONS, INC.JENNIFER ATCHISON 112 SOUTH BOULEVARD SALISBURY MD 21804 DOCUMENT TECHNOLOGIES, INC.JANICE DUPLISEA 23 CROSBY DRIVE BEDFORD MA 01730 CSRA DOCUMENT SOLUTIONS DON NESBITT 802 EAST MARTINTOWN RD, SUITE 162 NO. AUGUSTA SC 29841 IMAGE SOURCE BRAD CRAFT 650 EAST HOSPITALITY LANE, STE 500 SAN BERNARDINO CA 92408 PROFESSIONAL DOCUMENT SOLUTIONS, INC. (PDS - GJ)TROY TAFOYA 4114 TIMBERLINE ROAD FORT COLLINS CO 80525 UTOPIAN IQ SERVICES INC.SEBASTIAN MARTINEZ 6095 NW 82 AVE MIAMI FL 33166 IMPRESSIONS OF ASPEN, INC.NANCY TORINUS P.O. BOX 295 CARBONDALE CO 81623 ADVANCED DOCUMENT SOLUTIONS, INC. (II)SCOTT HAMILTON 819 S. FLOYD STREET LOUISVILLE KY 40203 TOTAL DOCUMENT SOLUTIONS, INC.TIMOTHY STANLEY 2515 NORTH SHILOH DRIVE FAYETTEVILLE AR 72704 COMPLETE DOCUMENT SOLUTIONS, NY LLC JOHN HAND 19 GLORIA LANE FAIRFIELD NJ 07004 XRX BUSINESS CONSULTANTS DAVID CAVAZOS 708 NORTH MCCOLL MCALLEN TX 78501 XMC OF MEMPHIS BOB HAMILTON 7585 AE BEATY DRIVE, SUITE 101 BARTLETT TN 38133 XCEL OFFICE SOLUTIONS MICHAEL REID 304 N MERIDIAN AVE STE 18 OKLAHOMA CITY OK 73107 DIXIE DIGITAL IMAGING, INC.KELLY SMITH 1401 COMMERCE COURT FORT SMITH AR 72908 SHAMROCK OFFICE SUPPLY MIKE FORMELLER 219 E. VEROT SCHOOL ROAD LAFAYETTE LA 70508 DOCUMENT SOLUTIONS OF SPRINGFIELD GREG TIGGES 1736 E. SUNSHINE STREET, SUITE 100 SPRINGFIELD MO 65804 DOCUMENT SOLUTIONS, INC.ROBERT BIGHAM JR.4401 N. MAIN ST., SUITE A VICTORIA TX 77904 BENCHMARK BUSINESS SOLUTIONS JEFF HORN 1607 BROADWAY LUBBOCK TX 79401 COMPLETE OFFICE SOURCE INC.GLEN DUNN 429 CURWOOD DRIVE OWOSSO MI 48867 INDIANA BUSINESS SOLUTIONS TIMOTHY SLOPSEMA 8227 NORTHWEST BLVD., #200 INDIANAPOLIS IN 46278 COPY SOLUTIONS, INC.ROGER ZHAO 919 S. FREMONT AVE, SUITE 398 ALHAMBRA CA 91803 MORRIS COUNTY STATIONERS RICHARD FLETCHER PO BOX 279 FLANDERS NJ 07836 BENCHMARK BUSINESS SOLUTIONS, INC.-ABILENE JEFF HORN 1607 BROADWAY LUBBOCK TX 79401 EDGE OFFICE PRODUCTS LESTER KILPATRICK 1909 JUDSON RD.LONGVIEW TX 75605 DOCUMENT SOLUTIONS LOREN MAUK 1540 RICE ROAD, SUITE 100 TYLER TX 75703 COPIER CONNECTION BONNIE DOOLEY 10425 WESLEY GREENVILLE TX 75402 886 of 1132 891 EXCEL OFFICE SERVICES BRETT BUTLER 12031 JEFFERSON BLVD CULVER CITY CA 90232 RAY BLOCK STATIONERY GEORGE GARCIA 3 PLAINFIELD AVE.FLORAL PARK NY 11001 XCL BUSINESS PRODUCTS MICHAEL DAVID 1767-46 VETERANS MEMORIAL HWY ISLANDIA NY 11749 OFFICE EVOLUTIONS, INC.JOHN GILLON 1808 WHEELER AVE STE #2 HOUSTON TX 77004 ALASKA ENTERPRISE SOLUTIONS, INC. (FAIRBANKS)MICHAEL FERRIS 557 E FIREWEED LANE SUITE A ANCHORAGE AK 99503 HIGH COUNTRY COPIERS, INC.TROY TAFOYA 4114 TIMBERLINE ROAD FORT COLLINS CO 80525 KYLE OFFICE PRODUCTS TOM KYLE 418 TARROW COLLEGE STATION TX 77840 DOCUMENT SOLUTIONS (V)LOREN MAUK 1540 RICE ROAD, SUITE 100 TYLER TX 75703 PREMIER OFFICE SYSTEMS COLIN MCTERNAN 500 N. RAINBOW BLVD. STE 312 LAS VEGAS NV 89107 QUALITY BUSINESS EDGARDO RODRIGUEZ 1142 FD ROOSEVELT AVENUE HATO REY PR 00920 OFFICE EQUIPMENT SOURCE, INC. (VI)MIKE MITCHELL 227 W. WATER STREET ELMIRA NY 14901 PROFESSIONAL DOCUMENT SOLUTIONS (PDS)TROY TAFOYA 4114 TIMBERLINE ROAD FORT COLLINS CO 80525 IMAGE SOURCE - METRO BRAD CRAFT 650 EAST HOSPITALITY LANE, STE 540 SAN BERNARDINO CA 92408 IMAGE SOURCE - TEMECULA BRAD CRAFT 650 EAST HOSPITALITY LANE, STE 540 SAN BERNARDINO CA 92408 BENCHMARK OFFICE SYSTEMS INC.MICHELLE MCMANUS 75 GILCREAST RD., STE. 311 LONDONDERRY NH 03053 ADVANCED DOCUMENT SOLUTIONS, INC. (III)SCOTT HAMILTON 819 S. FLOYD STREET LOUISVILLE KY 40203 DOCUMENT SOLUTIONS - TENNESSEE KAREN MCGINNIS 256 AVIGNON WAY CLARKSVILLE TN 37043 CONVERGING TECHNOLOGIES - SANTA ROSA GENE IRTENKAUF 4331 FISTOR DR SANTA ROSA CA 95409 ITECH MICHAEL WILLIAMS 326 5TH STREET PARKERSBURG WV 26101 NETWORK ENHANCEMENT SYSTEMS, INC.EDGAR SILKEY 10827 EAST MARSHALL STREET TULSA OK 74116 COMPLETE DOCUMENT SOLUTIONS JOHN HAND 19 GLORIA LANE FAIRFIELD NJ 07004 XCEL OFFICE SOLUTIONS, LLC MICHAEL REID 304 N MERIDIAN AVE STE 18 OKLAHOMA CITY OK 73107 Q DOCUMENT SOLUTIONS JOEL HACKETT 3030 OLD RANCH PARKWAY, SUITE 190 SEAL BEACH CA 90740 OFFICE TECH B.K.POWELL 3709 SPENARD ROAD SUITE 200 ANCHORAGE AK 99503 TOTAL OFFICE SOLUTION OF WEST TEXAS TOMMY MCCRURY 1601 N. LEE AVENUE ODESSA TX 79761 DOCUMENT SYSTEMS CRAIG BRAME 89 MARKET STREET HENDERSON NC 27537 GREAT NORTHERN EQUIPMENT KIM BROWN 104 NE 3RD STREET, SUITE 200C GRAND RAPIDS MN 55744 COMPLETE DOCUMENT SOLUTIONS, NY LLC JOHN HAND 19 GLORIA LANE FAIRFIELD NJ 07004 WEST KENTUCKY XEROGRAPHICS LLC JAMES DEMA PO BOX 124 BENTON KY 42025 SOUTHERN DIGITAL LLC ALBERT HENRICKS 330 N JEFFERSON DAVIS PARKWAY NEW ORLEANS LA 70119 CONNEX SYSTEMS INC.GREGORY WALTER 2033 CHENAULT DR STE 150 CARROLLTON TX 75006 IMAGE SOURCE (LA)BRAD CRAFT 650 EAST HOSPITALITY LANE, STE 540 SAN BERNARDINO CA 92408 PROFESSIONAL DOCUMENT SOLUTIONS, INC. (PDS – GJ II)TROY TAFOYA 4114 TIMBERLINE ROAD FORT COLLINS CO 80525 COPY CONNECTION RAJAT GANDHI 201 W. HILLSIDE, SUITE 24 LAREDO TX 78041 ADVANCED XEROGRAPHY DEREK BARNES 1823 N. YELLOWOOD BROKEN ARROW OK 74012 ADVANCED DIGITAL SOLUTIONS, INC BILL NORTHAM 1512 BROADWAY AVENUE MATTOON IL 61938 MOUNTAIN WEST OFFICE SOLUTIONS BRUCE PORCH 1205-B KENSINGTON AVENUE MISSOULA MT 59801 XDOS, INC.HAROLD NIXON 20 EAST LIBERTY STREET SUMTER SC 29150 DOCUMENT TECHNOLOGIES, INC. (SOUTH SHORE)JANICE DUPLISEA 23 CROSBY DRIVE BEDFORD MA 01730 887 of 1132 892 AMBIZ SOLUTIONS, INC.RICHARD YEATS PO BOX 20128 PANAMA CITY FL 32417 SOUTHWEST OFFICE SOLUTIONS, INC. (LOS ALAMOS)TRACY ASHTON 1789 CENTRAL AVENUE, SUITE 4 LOS ALAMOS NM 87544 WASATCH DOCUMENT SOLUTIONS INC.CASEY BECK 373 EDGEHILL DRIVE PROVIDENCE UT 84332 OFFICE SYSTEMS OF FAYETTE & GREENE CAMERON BUERGER 1670 WARREN ROAD INDIANA PA 15701 PDS DENVER TECH CENTER TROY TAFOYA 4114 TIMBERLINE ROAD FORT COLLINS CO 80525 DIGITAL OFFICE SOLUTIONS V ROBERT WEBB 4125 N. 124TH STREET, SUITE J BROOKFIELD WI 53005 MARCOTEK DIGITAL OFFICE SOLUTIONS II KEITH NORRIS 100 NORTH PATTERSON STREET VALDOSTA GA 31601 OFFICETECH NORTHWEST B.K.POWELL 6310 E. SPRAGUE AVENUE SPOKANE WA 99212 XEROGRAPHIC EQUIPMENT SYSTEMS - LARAMIE MICHAEL MCKENNA PO BOX 794 CHEYENNE WY 82003 IT BUSINESS SOLUTIONS ROBERT HAY 2698 CASSELMAN ROAD ROCKWOOD PA 15557 HEARTLAND DIGITAL IMAGING INC.RYAN VERCELLINO 6004 WILLOW SPRINGS MARION IL 62959 XMC OF LITTLE ROCK, INC.BOB HAMILTON 7585 AE BEATY DRIVE, SUITE 101 BARTLETT TN 38133 OFFICE TECH - WENATCHEE B.K.POWELL 6310 E. SPRAGUE AVENUE SPOKANE WA 99212 DIGITAL OFFICE SOLUTIONS ROBERT WEBB 4125 N. 124TH STREET, SUITE J BROOKFIELD WI 53005 DOCUGRAPHICS, LLC THOMAS FIMIAN 2408A ASHLEY RIVER ROAD, SUITE 6-B CHARLESTON SC 29407 POTOMAC BUSINESS SOLUTIONS LLC KRISTIN JAQUETTE 13800 COPPERMINE ROAD, STE 273 HERNDON VA 20171 DIGITAL OFFICE SOLUTIONS II ROBERT WEBB 4125 N. 124TH STREET, SUITE J BROOKFIELD WI 53005 RBI RICK BOWLING 1113B N. CASTLE HEIGHTS AVE LEBANON TN 37087 XCEL OFFICE SOLUTIONS MICHAEL REID 304 N MERIDIAN AVE STE 18 OKLAHOMA CITY OK 73107 QUALITY PRINT SOLUTIONS GENE AYALA 220 N. GETTY STREET UVALDE TX 78801 IMAGE XCELLENCE, LLC JENNIFER CAMBIO 2123 KING STREET LA CROSSE WI 54601 CENTRAL OREGON OFFICE SOLUTIONS RHONDA ROGERS PO BOX 2185 BEND OR 97709 MAINE DOCUMENT SOLUTIONS, LLC GABE POLCHIES 59 SANFORD DRIVE, UNIT 1 GORHAM ME 04038 OFFICE EQUIPMENT SOURCE, INC. (IV)MIKE MITCHELL 227 W. WATER STREET ELMIRA NY 14901 GULF SUPERIOR OFFICE PRODUCTS, INC. – SUPERIOR VI RANDY POCHE 533 HIGHLANDIA DRIVE, STE K BATON ROUGE LA 70810 ADVANCED DOCUMENT SOLUTIONS, INC. (IV)SCOTT HAMILTON 819 S. FLOYD STREET LOUISVILLE KY 40203 DOCUMENT TECHNOLOGIES, INC.JANICE DUPLISEA 23 CROSBY DRIVE BEDFORD MA 01730 METRO CENTRE, LP KARLA METZLER 679 COUNTY ROAD 404 GAINESVILLE TX 76240 BENCHMARK BUSINESS SOLUTIONS, INC. (AMARILLO II)JEFF HORN 1607 BROADWAY LUBBOCK TX 79401 DIGITAL OFFICE CENTRE, INC. (II)TOM ROSTVEDT 515 20TH AVENUE SE, STE 11 MINOT ND 58701 XMC OF WEST TENNESSEE, INC.BOB HAMILTON 7585 AE BEATY DRIVE, SUITE 101 BARTLETT TN 38133 NORTH COUNTRY DIGITAL SOLUTIONS DAN MCALOON 2 CRESTWOOD DRIVE ALEXANDRIA BAY NY 13607 SOLUTIONS FOR DOCUMENTS MARVIN HAMONS 3310 WOODVILLE RD, STE. C NORTHWOOD OH 43619 EAST-PENN BUSINESS MACHINES, INC.HEMAN PATEL 2980 LINDEN STREET BETHLEHEM PA 18017 YAKIMA DOCUMENT SOLUTIONS LEE HARTUNG 6799 N WENAS RD SELAH WA 98942 DOCUGRAPHICS, LLC THOMAS FIMIAN 2015 BOUNDARY ST, STE 232 BEAUFORT SC 29902 MORRIS BUSINESS SOLUTIONS, LLC RICHARD MORRIS P.O. BOX 15090 GREENVILLE SC 29610 XMC OF NORTH ALABAMA, INC.BOB HAMILTON 7585 AE BEATY DRIVE, SUITE 101 BARTLETT TN 38133 DOCUMENT CONSULTING SERVICES II TED SWICK 880 APOLLO STREET, SUITE 353 EL SEGUNDO CA 90245 888 of 1132 893 DIGITAL OFFICE SOLUTIONS, INC.VIC KALIA 311 3RD AVE, SE CEDAR RAPIDS IA 52401 CAPE COD BUSINESS SOLUTIONS, INC.KEVIN DONAHUE PO BOX 323 SANDWICH MA 02563 MARITIME BUSINESS CONCEPTS, INC. (II)SCOTT WILLIAMS 1306 N. HERRITAGE ST KINSTON NC 28501 SUPERIOR OFFICE PRODUCTS II RANDY POCHE 533 HIGHLANDIA DRIVE, STE K BATON ROUGE LA 70810 MAINE DOCUMENT SOLUTIONS OF CENTRAL MAINE GABE POLCHIES 59 SANFORD DRIVE, UNIT 1 GORHAM ME 04038 TALLAHASSEE TECHNOLOGY GROUP, INC. (COLUMBUS)RICHARD MAUS 1949 RAYMOND DIEHL ROAD STE B TALLAHASSEE FL 32308 BUSINESS IMPRESSIONS OF MICHIGAN JEFF BASSETT PO BOX 959 AUBURN IN 46706 DOCUGRAPHICS, LLC THOMAS FIMIAN 2408 ASHLEY RIVER RD, UNIT A CHARLESTON SC 29414 DIGITAL OFFICE SOLUTIONS IV ROBERT WEBB 4125 N. 124TH STREET, SUITE J BROOKFIELD WI 53005 ASTRATECH, INC.CHARLLEE HOLMES 81 EAST GROVE STREET GALESBURG IL 61401 BENCHMARK BUSINESS SOLUTIONS, INC. (MARBLE FALLS)JEFF HORN 1607 BROADWAY LUBBOCK TX 79401 BENCHMARK BUSINESS SOLUTIONS-WICHITA FALLS JEFF HORN 1607 BROADWAY LUBBOCK TX 79401 JUSTTECH, LLC JOSHUA JUSTICE 101 CATALPA DR STE #102 LA PLATA MD 20646 COMPLETE OFFICE SOLUTIONS JOHN COOPER 2627 RIDGEWOOD ROAD JACKSON MS 39216 ADVANCED DOCUMENT SOLUTIONS, INC.SCOTT HAMILTON 819 S. FLOYD STREET LOUISVILLE KY 40203 XMC OF MIDDLE TENNESSEE BOB HAMILTON 7585 AE BEATY DRIVE, SUITE 101 BARTLETT TN 38133 XMC OF FLORENCE BOB HAMILTON 7585 AE BEATY DRIVE, SUITE 101 BARTLETT TN 38133 COMPLETE DOCUMENT SOLUTIONS - MD LLC JOHN HAND 19 GLORIA LANE FAIRFIELD NJ 07004 SOUTHWEST OFFICE SOLUTIONS, INC. (TAOS)TRACY ASHTON 1789 CENTRAL AVENUE, SUITE 4 LOS ALAMOS NM 87544 ELITE BUSINESS SYSTEMS, LLC WILLIAM ARNETT P.O. BOX 737 GADSDEN AL 35901 IMAGE MAKERS INC II LAURA NYQUIST 3588 VETERANS DRIVE, SUITE 3 TRAVERSE CITY MI 49684 DOCUGRAPHICS, LLC THOMAS FIMIAN 454 ANDERSON RD. S, STE 152 BTC 571 ROCK HILL SC 29730 MORRIS BUSINESS SOLUTIONS LLC (IV)RICHARD MORRIS P.O. BOX 15090 GREENVILLE SC 29610 SUPERIOR OFFICE PRODUCTS III RANDY POCHE 533 HIGHLANDIA DRIVE, STE K BATON ROUGE LA 70810 BENCHMARK BUSINESS SOLUTIONS-EL PASO JEFF HORN 1607 BROADWAY LUBBOCK TX 79401 OFFICE EXPERTS, INC KATHLEEN SALIMBENE 520 HIGHRIDGE ROAD LEXINGTON OH 44904 PREFERRED DOCUMENT SOLUTIONS, LLC CHRISTOPHER SPAHN 2395 BRIARGATE BLVD, STE 120 COLORADO SPRINGS CO 80920 ADVANTAGE BUSINESS SYSTEMS, INC.MEIR HOLTZBERG 370 STATE ST., SUITE 2 NORTH HAVEN CT 06473 MIDWEST DATA SYSTEMS, INC.KRISTIN PORTER 10124 HUTTON ROAD KANSAS CITY KS 66109 DOCUGRAPHICS, LLC THOMAS FIMIAN 1201 MAIN STREET SUITE 1100 COLUMBIA SC 29201 COPY SOLUTIONS, INC. (WEST)ROGER ZHAO 919 S. FREMONT AVE, SUITE 398 ALHAMBRA CA 91803 BUTLER’S OFFICE EQUIPMENT & SUPPLY (WEST)PATRICK BUTLER 1900 E. HISTORIC HWY 66, SUITE C GALLUP NM 87301 REPRO PRODUCTS MFD, LLC (NORTH)ROBERT FELDBERG 4485 S ATLANTA RD SMYRNA GA 30080 REPRO PRODUCTS MFD, LLC (EAST)ROBERT FELDBERG 4485 S ATLANTA RD SMYRNA GA 30080 REPRO PRODUCTS MFD, LLC (SOUTH)ROBERT FELDBERG 4485 S ATLANTA RD SMYRNA GA 30080 BENCHMARK BUSINESS SOLUTIONS-SAN ANTONIO JEFF HORN 1607 BROADWAY LUBBOCK TX 79401 SUPERIOR PRINT SOLUTIONS, INC.BETHANY SCHRIEVER 202 1st STREET SE, STE 103 MASON CITY IA 50401 MORRIS BUSINESS SOLUTIONS, LLC (II)RICHARD MORRIS P.O. BOX 15090 GREENVILLE SC 29610 DOCUGRAPHICS, LLC THOMAS FIMIAN 2408 ASHLEY RIVER ROAD, SUITE 6-B CHARLESTON SC 29407 889 of 1132 894 JUSTTECH, LLC (II)JOSHUA JUSTICE 101 CATALPA DR STE #102 LA PLATA MD 20646 HAMILTON DIGITAL, INC. (CINCINNATI)FRED HAMILTON 2165 CENTRAL PARKWAY CINCINNATI OH 45219 GEYER'S OFFICE SUPPLY (II)RON GEYER 169 W. MAIN STREET XENIA OH 45385 IMAGE SOURCE - ORANGE COUNTY BRAD CRAFT 650 EAST HOSPITALITY LANE, STE 540 SAN BERNARDINO CA 92408 ITECH MICHAEL WILLIAMS 326 5TH STREET PARKERSBURG WV 26101 OFFICE EQUIPMENT SOURCE, INC. (III)MIKE MITCHELL 227 W. WATER STREET ELMIRA NY 14901 QUALITY QUICKLY (II)BRIAN MARSHALL 945 3rd AVE SE SUITE 103 HICKORY NC 28602 RAY BLOCK STATIONERY II GEORGE GARCIA 3 PLAINFIELD AVE.FLORAL PARK NY 11001 MCGARITY'S BUSINESS PRODUCTS SCOTT MCGARITY 870 GROVE STREET GAINSVILLE GA 30501 IMAGE SOURCE - ORANGE COUNTY II BRAD CRAFT 650 EAST HOSPITALITY LANE, STE 540 SAN BERNARDINO CA 92408 DOCUMENT SOLUTIONS (III)LOREN MAUK 1540 RICE ROAD, SUITE 100 TYLER TX 75703 XMC OF EAST TENNESSEE, INC.BOB HAMILTON 7585 AE BEATY DRIVE, SUITE 101 BARTLETT TN 38133 SOUTHWEST OFFICE SOLUTIONS, INC. (SANTE FE)TRACY ASHTON 1789 CENTRAL AVENUE, SUITE 4 LOS ALAMOS NM 87544 THE RAY-BLOCK STATIONERY CO. INC. (EAST)GEORGE GARCIA 3 PLAINFIELD AVE.FLORAL PARK NY 11001 COMPLETE DOCUMENT SOLUTIONS PA, LLC (S JERSEY I)JOHN HAND 19 GLORIA LANE FAIRFIELD NJ 07004 COMPLETE DOCUMENT SOLUTIONS PA, LLC (S JERSEY II) JOHN HAND 19 GLORIA LANE FAIRFIELD NJ 07004 COMPLETE DOCUMENT SOLUTIONS PA, LLC (PHL)JOHN HAND 19 GLORIA LANE FAIRFIELD NJ 07004 COMPLETE DOCUMENT SOLUTIONS PA, LLC (PHL II)JOHN HAND 19 GLORIA LANE FAIRFIELD NJ 07004 COMPLETE DOCUMENT SOLUTIONS, LLC (II)JOHN HAND 19 GLORIA LANE FAIRFIELD NJ 07004 ALASKA ENTERPRISE SOLUTIONS, INC.MICHAEL FERRIS 557 E FIREWEED LN, SUITE A ANCHORAGE AK 99503 DOCUMENT SOLUTIONS (IV)LOREN MAUK 1540 RICE ROAD, SUITE 100 TYLER TX 75703 BENCHMARK BUSINESS SOLUTIONS, INC. (AUSTIN)JEFF HORN 1607 BROADWAY LUBBOCK TX 79401 DMC2, INC.KEVIN FITZPATRICK 42 WORTHINGTON ACCESS DR MARYLAND HEIGHTS MO 63043 DMC2, INC. (II)KEVIN FITZPATRICK 42 WORTHINGTON ACCESS DR MARYLAND HEIGHTS MO 63043 SUPERIOR OFFICE PRODUCTS - BEAUMONT RANDY POCHE 533 HIGHLANDIA DRIVE, STE K BATON ROUGE LA 70810 D-TECH BUSINESS SOLUTIONS, LLC FRANK DEFRANCESCO 1095 MILITARY TRL, UNIT 1447 JUPITER FL 33458 DIGITAL DOCUMENT SOLUTIONS, LLC BRIDGET EVANS 901 LAKE ROAD MOUNTAIN TOP PA 18707 IMAGE SOURCE (SAN DIEGO)BRAD CRAFT 650 EAST HOSPITALITY LANE, STE 540 SAN BERNARDINO CA 92408 NAPLES OFFICE SOLUTIONS, LLC CHRIS DEICHMAN 3449 TECHNOLOGY DRIVE STE 108 NORTH VENICE FL 34275 ADVANCED OFFICE SOLUTIONS, LLC JOHN BARROW 4124 KESTEVEN DRIVE BIRMINGHAM AL 35242 AMERICAN BUSINESS CENTER, INC.RICHARD YEATS PO BOX 20128 PANAMA CITY FL 32417 OFFICE EQUIPMENT SOURCE, INC. (V)MIKE MITCHELL 227 W. WATER STREET ELMIRA NY 14901 BENCHMARK OFFICE SYSTEMS INC. (WEST)MICHELLE MCMANUS 75 GILCREAST RD., STE. 311 LONDONDERRY NH 03053 COMPLETE DOCUMENT SOLUTIONS, WC-CT, LLC (I)JOHN HAND 19 GLORIA LANE FAIRFIELD NJ 07004 COMPLETE DOCUMENT SOLUTIONS, MARYLAND LLC (II)JOHN HAND 19 GLORIA LANE FAIRFIELD NJ 07004 COASTAL OREGON OFFICE SOLUTIONS RHONDA ROGERS PO BOX 2185 BEND OR 97709 SOUTHWEST OFFICE SOLUTIONS, INC. (ALBUQUERQUE)TRACY ASHTON 1789 CENTRAL AVENUE, SUITE 4 LOS ALAMOS NM 87544 XMC, INC. (SOUTH ARKANSAS)BOB HAMILTON 7585 AE BEATY DRIVE, SUITE 101 BARTLETT TN 38133 MORRIS BUSINESS SOLUTIONS, LLC (III)RICHARD MORRIS P.O. BOX 15090 GREENVILLE SC 29610 890 of 1132 895 COMPLETE DOCUMENT SOLUTIONS, MARYLAND LLC (III)JOHN HAND 19 GLORIA LANE FAIRFIELD NJ 07004 IMAGE SOURCE (SACRAMENTO)BRAD CRAFT 650 EAST HOSPITALITY LANE, STE 540 SAN BERNARDINO CA 92408 SMART DOCUMENT SOLUTIONS - (PHOENIX)TRACEY ARVIEUX 4045 E. PALM LANE PHOENIX AZ 85008 TINLOF TECHNOLOGIES, INC.FERNANDO MARTINEZ 21011 JOHNSON STREET SUITE #124 PEMBROKE PINES FL 33029 ROCKY MOUNTAIN COMPETITIVE SOLUTIONS, LLC ANDY COON 2413 GRANT AVENUE OGDEN UT 84404 IMAGE SOURCE (OAKLAND)BRAD CRAFT 650 EAST HOSPITALITY LANE, STE 500 SAN BERNARDINO CA 92408 SARASOTA OFF SOL (ORLANDO)CHRIS DEICHMAN 3449 TECHNOLOGY DRIVE STE 108 NORTH VENICE FL 34275 IMAGE SOURCE (STOCKTON)BRAD CRAFT 650 EAST HOSPITALITY LANE, STE 540 SAN BERNARDINO CA 92408 INNOVATIVE DOC TECH INC JULIO DIAZ 2770 AVE HOSTOS, SUITE 303, SVS PLAZA II MAYAGUEZ PR 00682 IMAGE SOURCE (WOODLAND HILLS)BRAD CRAFT 650 EAST HOSPITALITY LANE, STE 540 SAN BERNARDINO CA 92408 COMPLETE DOCUMENT SOLUTIONS WC-CT LLC II JOHN HAND 19 GLORIA LANE FAIRFIELD NJ 07004 COMPLETE DOCUMENT SOLUTIONS PA, LLC JOHN HAND 19 GLORIA LANE FAIRFIELD NJ 07004 COMPLETE DOCUMENT SOLUTIONS CENTRAL PENN LLC JOHN HAND 2209 FOREST HILLS DRIVE HARRISBURG PA 17112 INDIANA BUSINESS SOLUTIONS LLC (SOUTH)TIMOTHY SLOPSEMA 8227 NORTHWEST BLVD., #200 INDIANAPOLIS IN 46278 IMAGE SOURCE (MONT)BRAD CRAFT 650 EAST HOSPITALITY LANE, STE 500 SAN BERNARDINO CA 92408 IMAGE SOURCE (FNO)BRAD CRAFT 650 EAST HOSPITALITY LANE, STE 500 SAN BERNARDINO CA 92408 AMBIZ SOLUTIONS, INC. (EAST)RICHARD YEATS PO BOX 20128 PANAMA CITY FL 32417 IMAGE SOURCE (SAN FRANCISCO)BRAD CRAFT 650 EAST HOSPITALITY LANE, STE 500 SAN BERNARDINO CA 92408 GULF SUPERIOR OFFICE PRODUCTS, INC.RANDY POCHE 533 HIGHLANDIA DRIVE, STE K BATON ROUGE LA 70810 CONNEX SYSTEMS INC. II GREGORY WALTER 2033 CHENAULT DR STE 150 CARROLLTON TX 75006 SHOFNER BUSINESS SOLUTIONS OF EASTERN KY L.L.C.CHARLES SHOFNER 200 PORTA VERDE NICHOLASVILLE KY 40356 SUPERIOR OFFICE SYSTEMS HECTOR LIZARDI 19226 66th AVE. S., SUITE L-100 KENT WA 98032 ADVANCED DOCUMENT SOLUTIONS, INC. (V)SCOTT HAMILTON 819 S. FLOYD STREET LOUISVILLE KY 40203 COMPLETE DOCUMENT SOLUTIONS NORTH, LLC JOHN HAND 19 GLORIA LANE FAIRFIELD NJ 07004 891 of 1132 896 892 of 1132 897 Region VP Sales Email Southeast Steve Pitts Steve.Pitts@Xerox.com Mid America Jorge Galindez Jorge.Galindez@Xerox.com Northeast Chris Goodwin Chris.Goodwin@Xerox.com Texas/Oklahoma Kelly Grotheer Kelly.Grotheere@Xerox.com West Michelle Yoshino Michelle.Yoshino@Xerox.com Xerox US Enterprise Operations Xerox Government, Healthcare and Education 893 of 1132 898 894 of 1132 899 OMNIA PARTNERS EXHIBITS EXHIBIT F -FEDERAL FUNDS CERTIFICATIONS FEDERAL CERTIFICATIONS ADDENDUM FOR AGREEMENT FUNDED BY U.S. FEDERAL GRANT TO WHOM IT MAY CONCERN: Participating Agencies may elect to use federal funds to purchase under the Master Agreement. This form should be completed and returned. DEFINITIONS Contract means a legal instrument by which a non-Federal entity purchases property or services needed to carry out the project or program under a Federal award. The term as used in this part does not include a legal instrument, even if the non-Federal entity considers it a contract , when the substance of the transaction meets the definition of a Federal award or subaward Contractor means an entity that receives a contract as defined in Contrac t. Cooperative agreement means a legal instrument of financial assistance between a Federal awarding agency or pass-through entity and a non-Federal entity that , consistent with 31 U.S.C. 6302-6305 : (a) Is used to enter into a relationship the principal purpose of which is to transfer anything of value from the Federal awarding agency or pass-through entity to the non-Federal entity to carry out a public purpose authorized by a law of the United States (see 31 U.S.C. 6101(3)); and not to acquire property or services for the Federal government or pass-through entity's direct benefit or use; (b) Is distinguished from a grant in that it provides for substantial involvement between the Federal awarding agency or pass-through entity and the non-Federal entity in carrying out the activity contemplated by the Federal award. (c) The term does not include : (1) A cooperative research and development agreement as defined in 15 U.S.C. 371 0a ; or (2) An agreement that provides only : (i) Direc t United States Government cash assistance to an individual ; (ii) A subsidy ; (iii) A loan ; (iv) A loan guarantee ; or (v) Ins urance . Federal awarding agency means the Federal agency that provides a Federal award directly to a non-Federal entity Federal award has the meaning, depending on the context, in either paragraph (a) or (b) of this section: (a)(1) The Federal financ ial assistance that a non-Federal entity receives directly from a Federal awarding agency or indirectly from a pass-through entity , as described in § 200 .101 App licability ; or (2) The cost-reimbursement contract under the Federal Acquisition Regulations that a non-Federal entity receives directly from a Federal award ing agency or indirectly from a pass-through entity , as described in § 200 .101 Applicability. (b) The ins trume nt setting forth the te rms and conditions. The instrument is the grant agreement , cooperative agreement, other agreement for assistance covered in paragraph (b) of§ 200.40 Federal financial assistance , or the cost-reimbursement contract awarded under the Federal Acquisition Regulations. (c) Federal award does not include other co ntracts that a Federal agency uses to buy goods or services from a contractor or a contract to operate Federal government owned , contractor operated facilities (GOCOs ). (d) See also definitions of Federal fina nc ia l assistance , grant agreement , and cooperative agreement. Non-Federal entity means a state , loca l government, Indian tribe , institution of higher education (IHE), or nonprofit organization that carries out a Federal award as a recipient or subrecipient. Nonprofit organization means any corporation , trust , association , cooperative, or other organization , not including IHEs, that: (a) Is operated primarily for scientific , educational, service , charitable , or similar purposes in the public interest; (b) Is not organized primarily for profit; and Requirements for National Cooperative Contract Page 21 of 44 895 of 1132 900 OMNIA PARTNERS EXHIBITS EXHIBIT F -FEDERAL FUNDS CERTIFICATIONS (c) Uses net proceeds to maintain , improve, or expand the operations of the organization . Obligations means, when used in connection with a non-Federal entity 's utilization of funds under a Federal award, orders placed for property and services , contracts and subawards made, and similar transactions during a given period that require payment by the non-Federal entity during the same or a future period . Pass-through entity means a non-Federal entity that provides a subaward to a subrecipient to carry out part of a Federal program. Recipient means a non-Federal entity that receives a Federal award directly from a Federal awarding agency to carry out an activity under a Federal program. The term recipient does not include subrecipients. Simplified acquisition threshold means the dollar amount below which a non-Federal entity may purchase property or services using small purchase methods. Non-Federal entities adopt small purchase procedures in order to expedite the purchase of items costing less than the simplified acquisition threshold. The simplified acquisition threshold is set by the Federal Acquisition Regulation at 48 CFR Subpart 2.1 (Definitions) and in accordance with 41 U.S.C. 1908. As of the publication of this part , the simplified acquisition threshold is $150 ,000 , but this threshold is periodically adjusted for inflation. (Also see definition of§ 200 .67 Micro -pur chase.) Subaward means an award provided by a pass-through entity to a subrecipient for the subrecipient to carry out part of a Federal award received by the pass -thro ugh entity . It does not include payments to a contractor or payments to an individual that is a beneficiary of a Federal program. A subaward may be provided through any form of legal agreement , including an agreement that the pass-through entity considers a contract. Subrecipient means a non-Federal entity that receives a subaward from a pass-through entity to carry out part of a Federal program; but does not include an individual that is a beneficiary of such program. A subrecipient may also be a recipient of other Federal awards directly from a Federal awarding agency . Termination means the ending of a Federal award, in whole or in part at any time pr ior to the planned end of period of performance. The following certifications and provisions may be required and apply when Participating Agency expends federal funds for any purchase resulting from this procurement process . Pursuant to 2 C.F.R. § 200 .326 , all contracts, including smal l purchases , awarded by the Participating Agency and the Participating Agency's subcontractors shall contain the procurement provisions of Appendix II to Part 200 , as applicable . APPENDIX II TO 2 CFR PART 200 (A) Contracts for more than the simplified acquisition threshold currently set at $150,000, which is the inflation adjusted amount determined by the Civilian Agency Acquisition Council and the Defense Acquisition Regulations Council (Councils) as authorized by 41 U.S.C. 1908, must address administrative, contractual, or legal remedies in instances where contractors violate or breach contract terms, and provide for such sanctions and penalties as appropriate. Pursuant to Federal Rule (A) above, when a Participating Agency expends federal funds , the Participating Agency reserves all rights and privileges under the app licable laws and regulations with respect to this procurement in the event of breach of contract by either party . ~ Does offeror agree? YES __ cp_-n-:'----------------lnitials of Authorized Representative of offeror (B) Termination for cause and for convenience by the grantee or subgrantee including the manner by which it will be effected and the basis for settlement. (All contracts in excess of $10,000) Pursuant to Federal Rule (B) above , when a Participating Agency expends federal funds , the Participating Agency reserves the right to ~y. terminate any agreement in excess of $10 ,000 resulting from this procurement process in the event of a breach or default of the agreeme t y ror as detailed in the terms of the contract. Does offeror agree? YES --+---+-~------------Initials of Authorized Representative of Requirements for National Cooperative Contract Page 22 of 44 896 of 1132 901 offeror OMNIA PARTNERS EXHIBITS EXHIBIT F -FEDERAL FUNDS CERTIFICATIONS (C) Equal Employment Opportunity. Except as otherwise provided under 41 CFR Part 60, all contracts that meet the definition of "federally assisted construction contract" in 41 CFR Part 60-1.3 must include the equal opportunity clause provided under 41 CFR 60-1.4(b), in accordance with Executive Order 11246, "Equal Employment Opportunity" (30 CFR 12319, 12935, 3 CFR Part, 1964-1965 Comp., p. 339), as amended by Executive Order 11375, "Amending Executive Order 11246 Relating to Equal Employment Opportunity," and implementing regulations at 41 CFR part 60, "Office of Federal Contract Compliance Programs, Equal Employment Opportunity, Department of Labor." Pursuant to Federal Rule (C} above , when a Participating Agency expends federal funds on any federally assisted construction contract , the equa l opportunity clause is incorporated by r~~re~ herein. Does offeror agree to abide by the above? YES t1_1 Initials of Authorized Representative of offerer (D) Davis-Bacon Act, as amended (40 U.S.C. 3141-3148). When required by Federal program legislation, all prime construction contracts in excess of $2,000 awarded by non-Federal entities must include a provision for compliance with the Davis-Bacon Act (40 U.S.C. 3141-3144, and 3146-3148) as supplemented by Department of Labor regulations (29 CFR Part 5, "Labor Standards Provisions Applicable to Contracts Covering Federally Financed and Assisted Construction"). In accordance with the statute, contractors must be required to pay wages to laborers and mechanics at a rate not less than the prevailing wages specified in a wage determination made by the Secretary of Labor. In addition, contractors must be required to pay wages not less than once a week. The non-Federal entity must place a copy of the current prevailing wage determination issued by the Department of Labor in each solicitation. The decision to award a contract or subcontract must be conditioned upon the acceptance of the wage determination. The non • Federal entity must report all suspected or reported violations to the Federal awarding agency. The contracts must also include a provision for compliance with the Copeland "Anti-Kickback" Act (40 U.S.C. 3145), as supplemented by Department of Labor regulations (29 CFR Part 3, "Contractors and Subcontractors on Public Building or Public Work Financed in Whole or in Part by Loans or Grants from the United States"). The Act provides that each contractor or subrecipient must be prohibited from inducing, by any means, any person employed in the construction, completion , or repair of public work, to give up any part of the compensation to which he or she is otherwise entitled. The non-Federal entity must report all suspected or reported violations to the Federal awarding agency. Pursuant to Federal Rule (D) above , when a Participating Agency expends federal funds during the term of an award for all contracts and subgrants for construction or repair , offeror will be in compliance with all applicable Davis-Bacon Act provisions. Does offeror agree? YES fP{(' In itials of Authorized Representative of offeror (E) Contract Work Hours and Safety Standards Act (40 U.S.C. 3701-3708). Where applicable, all contracts awarded by the non-Federal entity in excess of $100,000 that involve the employment of mechanics or laborers must include a provision for compliance with 40 U.S.C. 3702 and 3704, as supplemented by Department of Labor regulations (29 CFR Part 5). Under 40 U.S.C. 3702 of the Act, each contractor must be required to compute the wages of every mechanic and laborer on the basis of a standard work week of 40 hours. Work in excess of the standard work week is permissible provided that the worker is compensated at a rate of not less than one and a half times the basic rate of pay for all hours worked in excess of 40 hours in the work week. The requirements of 40 U.S.C. 3704 are applicable to construction work and provide that no laborer or mechanic must be required to work in surroundings or under working conditions which are unsanitary, hazardous or dangerous. These requirements do not apply to the purchases of supplies or materials or articles ordinarily available on the open market, or contracts for transportation or transmission of intelligence. Pursuant to Federal Rule (E) above , when a Participating Agency expends federal funds , offerer certifies that offeror will be in compliance with all applicable provisions of the Contract Work Hours and Safety Standards Act during the term of an award for all contracts by Participating Agency res lting from this procu remen t process. Does offerer agree? YES ___ _..,;f--"'lf-+-------------lnitials of Authorized Representative of offeror (F) Rights to Inventions Made Under a Contract or Agreement. If the Federal award meets the definition of "funding agreement" under 37 CFR §401.2 (a) and the recipient or subrecipient wishes to enter into a contract with a small business firm or nonprofit organization regarding the substitution of parties, assignment or performance of experimental, developmental, or research work under that "funding agreement," the recipient or subrecipient must comply with the requirements of 37 CFR Part 401, "Rights to Inventions Made by Nonprofit Organizations and Small Requirements for National Cooperative Contract Page 23 of 44 897 of 1132 902 OMNIA PARTNERS EXHIBITS EXHIBIT F -FEDERAL FUNDS CERTIFICATIONS Business Firms Under Government Grants, Contracts and Cooperative Agreements," and any implementing regulations issued by the awarding agency. Pursuant to Federal Rule (F} above, when federal funds are expended by Participating Agency , the offeror certifies that during the term of an award for all contracts by Participating Agency resulting from this procurement process , the offeror agrees to comply with all applicable requirements !-?:need in Federal Rule (F) above . Does offeror agree? YES C!!/1-Initials of Authorized Representative of offeror (G) Clean Air Act (42 U.S.C. 7401-7671q.) and the Federal Water Pollution Control Act (33 U.S.C. 1251-1387), as amended-Contracts and subgrants of amounts in excess of $150,000 must contain a provision that requires the non- Federal award to agree to comply with all applicable standards, orders or regulations issued pursuant to the Clean Air Act (42 U.S.C. 7401-7671q) and the Federal Water Pollution Control Act as amended (33 U.S.C. 1251-1387). Violations must be reported to the Federal awarding agency and the Regional Office of the Environmental Protection Agency (EPA) Pursuant to Fede ral Rule (G} above , when federal funds are expended by Participating Agency, the offeror certifies that during the term of an award for all contracts by Participating Agency member resulting from this procurement process , the offerer agrees to comply with all applicable requirements as referenced in Federal Rule (G} above . Does offerer agree? YES ~ Initials of Authorized Representative of offerer (H} Debarment and Suspension (Executive Orders 12549 and 12689)-A contract award (see 2 CFR 180.220) must not be made to parties listed on the government wide exclusions in the System for Award Management (SAM), in accordance with the Executive Office of the President Office of Management and Budget (0MB) guidelines at 2 CFR 180 that implement Executive Orders 12549 (3 CFR part 1986 Comp., p. 189) and 12689 (3 CFR part 1989 Comp., p. 235), "Debarment and Suspension." SAM Exclusions contains the names of parties debarred, suspended, or otherwise excluded by agencies, as well as parties declared ineligible under statutory or regulatory authority other than Executive Order 12549. Pursuant to Federal Rule (H) above , when federal funds are expended by Participating Agency, the offeror certifies that during the term of an award for all contracts by Participating Agency resulting from this procurement process , the offeror certifies that neither it nor its principals is presently debarred, suspended , proposed for debarment , declared ineligible , or voluntarily excluded from participa ti on by any federa l department or agency . If at any time during the term of an award the offerer or its principals becomes debarred , suspended , proposed for debarment, declared inelig ible, or voluntar ily excluded from participation by any federal department or agency , the offeror will notify the Participating Agency . Does offerer agree? YES ~ Initials of Authorized Representative of offerer (I) Byrd Anti-Lobbying Amendment (31 U.S.C. 1352)-Contractors that apply or bid for an award exceeding $100,000 must file the required certification. Each tier certifies to the tier above that it will not and has not used Federal appropriated funds to pay any person or organization for influencing or attempting to influence an officer or employee of any agency, a member of Congress, officer or employee of Congress, or an employee of a member of Congress in connection with obtaining any Federal contract, grant or any other award covered by 31 U.S.C. 1352. Each tier must also disclose any lobbying with non-Federal funds that takes place in connection with obtaining any Federal award. Such disclosures are forwarded from tier to tier up to the non-Federal award. Pursuant to Federal Rule (1) above, when federal funds are expended by Participating Agency , the offeror cer tifies that during the term and after the awarded term of an award for all contracts by Participating Agency resu lting from this procurement process, the offerer cer tifies that it is in compliance with all app licable provisions of the Byrd Anti-Lobbying Amendment (31 U.S.C. 1352}. The undersigned further certifies tha t (1} No Federa l appropriated funds have been pa id or will be paid for on beha lf of the undersigned , to any person for influencing or attempting to influence an officer or employee of any agency , a Member of Congress , an officer or employee of congress , or an employee of a Member of Congress in connection with the awarding of a Federa l contract , the making of a Federal gran t, the mak ing of a Federal loan, the entering into a cooperative agreement , and the extension , continuation , renewal , amendmen t, or modifica tion of a Federa l contract , grant, loan , or cooperative agreement. (2) If any funds other than Federal appropriated funds have been pa id or will be paid to any person for influencing or attempting to influence an officer or employee of any agency , a Member of Congress, an officer or employee of congress , or an employee of a Member of Congress in connection with this Federal grant or cooperative agreement , the undersigned shall Requirements for National Cooperativ e Contract Page 24 of 44 898 of 1132 903 OMNIA PARTNERS EXHIBITS EXHIBIT F-FEDERAL FUNDS CERTIFICATIONS complete and submit Standard Form-LLL, "Disclosure Form to Report Lobbying", in accordance with its inst ructions . (3) The undersigned shall require that the language of this certification be included in the award documents for all covered sub-awards exceeding $100 ,000 in Federal funds at all appropriate tiers and that all subrecipients shall certify and disclose accordingly. ~ Does offeror agree? YES ___ ~~·~ _____________ Initials of Authorized Representative of offeror RECORD RETENTION REQUIREMENTS FOR CONTRACTS INVOLVING FEDERAL FUNDS When federal funds are expended by Participating Agency for any contract resulting from this procurement process, offeror certifies that it will comply with the record retention requirements detailed in 2 CFR § 200.333 . The offeror further certifies that offeror will retain all records as required by 2 CFR § 200.333 for a period of three years after grantees or subgrantees submit final expenditure reports or quarterly or annual financial reports, as applicable , and all other pending matters are closed . Does offeror agree? YES _____ _,,_,,__ __________ Initia ls of Authorized Representative of offeror CERTIFICATION OF COMPLIANCE WITH THE ENERGY POLICY AND CONSERVATION ACT When Pa rticipa ting Agency expends federal funds for any contract resulting from this procurement process , offeror ce rtifi es that it will comply with the mandatory standards and policies relating to energy efficiency which are contained in the state energy conservation plan issued in compliance wit he Energy Policy and Conservation Act (42 U.S.C . 6321 et seq .; 49 C.F.R. Part 18). Does offeror agree? YES _________________ Initia ls of Authorized Representative of offeror CERTIFICATION OF COMPLIANCE WITH BUY AMERICA PROVISIONS To the extent purchases are made with Federal Highway Administration , Federal Railroad Administration , or Federa l Transit Administration funds, offeror certifies that its products comp ly with all applicable provisions of the Buy America Act and agrees to provide such certification or applicable wa iver with respect to specific products to any Participating Agency upon request. Purchases made in accordance with the Buy America Act must still follow the applicable procurement rules calling for free and open competition . ~ Does offeror agree? YES _~Lf-!--'--+ ______________ lnitials of Author ized Representative of offeror CERTIFICATION OF ACCESS TO RECORDS-2 C.F.R. § 200.336 Offeror agrees that the Inspector General of the Agency or any of their du ly authorized representatives shall have access to any documents, papers , or other records of offeror that are pertinent to offeror 's discharge of its obligations under the Contract for the purpose of maKing audits , examinations, excerpts , and transcriptions . The right also includes timely and reasonable access to offeror 's personnel for the purp e o · terview and discussion relating to such documents. Does offero r agree? YES __ 1---11-+--------------lnitials of Authorized Representative of offeror CERTIFICATION OF APPLICABILITY TO SUBCONTRACTORS Offeror agrees that all contracts it a rsuant to the Contract shall be bound by the foregoing terms and conditions . Does offeror agree? YES __ -+---+-+--------------Initials of Authorized Representative of offeror Offeror agrees to comply with all federal, state, and local laws, rules, regulations and ordinances, as applicable. It is further acknowledged that offeror certifies compliance with all provisions, laws, acts , regulations, etc. as specifically noted above. Offeror's Name : Address, City , State, and Zip Code: 1-, Requirements for National Cooperative Contract Page 25 of 44 899 of 1132 904 OMNIA PARTNERS EXHIBITS EXHIBIT F -FEDERAL FUNDS CERTIFICATIONS Phone Number : __ 1__.f...::...{)_--_i-,_~_f_-_.:r:_t_:_·-;,__~_(; __ Fax Number: Printed Name and Title of Autho!:,if~d , _ ; ,/('_ ./,"' , , r; /J _ . 1 · A-• -h if-/41#/'->r_pt.. Representative : J:,lfCA11t'-,e,,, Jov,<-.5 / vl!-A-e t'-1 ~[) ~'M f-f.UJ'I vz.t-, ~11, V?.Lr-,r Email Address : I 1rvfi 1t,,vl, :;-;~ _s €> 'KR yZ X . eo YY"- Signature of Authorized Representative: ~ ~ ~ Date : ~ ~/vz.,o /~ r -Y1c...=...+,---- Requirements for National Cooperative Contract Page 26 of 44 900 of 1132 905 XEROX CORPORATION Certificate of Secretary I, Douglas H. Marshall, Secretary of Xerox Corporation , a New York corporation (the "Company"), DO HEREBY CERTIFY that: 1. The following is a true and correct copy of an excerpt from a reso lution duly adopted at a meeting of the Board of Directors of the Company duly held and convened on December 7 , 2011 , at which meeting a duly constituted quor-um of the Board of Directors was present and acting throughout and that such resolu t ion has not been modi f ied , rescinded or revoked and is at present in full force and effect: RESOLVED: that ... the President , any Vice President, the Treasurer, the Controller and any Manager or Director of any group , division or depart-ment of th e Co mpany , be , and each of them severally is , empowered to (i) execute and deliver in the name and on behalf of the Company all agree-men ts, contracts , bids , instruments of conveyance or encumbrance , leas-es , bonds , consents, certificates (including any non-col lusion ce rtificates requ ired by any governmental entity, departm e nt , agency or official), re-leases , powers of attorney and other docume nts which may be necessary or desirable in and relating to the ordi nary conduct of the bus iness of the g roup , division o r department which he serves in that capacity (all of the foregoi ng co llecti vely referre d to as "Ag reements") (ii) perform under agreements or cause to be performed , the Com pany 's obligations under all such Agreements ; and (ii i) from time to t ime deleg ate their authority under th is resolution to such employees of the Comp any and subject to s uch terms , conditions and limitations as they det ermine to be advisable , the execut ion and delivery of any such de legation to be conclusive evi-dence of such determination. 2 . Jo a nn e Lev y is as of th e date he reof Accou nt Gene ra l Ma nager, New York City, New Je rsey and Pen nsy lva ni a, in t he Publ ic Sect o r Cen ter of Exce l-lence , North America Operations , of the Company and is authorized to act under the above resolution. IN WI T NESS WHEREOF , the undersigned has executed this Certificate and af-fixed the corpo rate seal of the Company hereto as of the 20 th day of May, 2019 . .... •··· '' . .' .. ' .. ''' •' vv: .·"'_.()', C . (), ... V .J I .-·_.,"'-l[SF AL] ·•--,~, -.... r - ······· Douglas H . Marshall Secretary 901 of 1132 906 OMNIA PARTNERS EXHIBITS EXHlBIT G-NEW JERSEY BUSINESS COMPLIANCE NEW JERSEY BUSINESS COMPLIANCE Suppliers intending to do business in the State of New Jersey must comply with policies and procedures required under New Jersey statues. All offerors submitting proposals must complete the following forms specific to the State of New Jersey. Completed forms should be submitted with the offeror's response to the RFP. Failure to complete the New Jersey packet will impact OMNIA Partners's ability to promote the Master Agreement in the State of New Jersey. DOC#l DOC #2 DOC#3 DOC#4 DOC#5 DOC#6 DOC#7 Ownership Disclosure Form Non-Collusion Affidavit Affirmative Action Affidavit Political Contribution Disclosure Form Stockholder Disclosure Cetiification Certification of Non -Involvement in Prohibited Activities in Iran New Jersey Business Registration Ce1iificate New Jersey suppliers are required to comply with the following New Jersey statutes when applicable : • all anti-discrim ination laws, including those contained in N.J.S.A. I 0:2-1 through N.J.S.A. I 0:2 -14 , N.J .S .A. 10:5-1 , and N.J.S.A. 10:5-31 through 10:5 -38; • Prevailing Wage Act, N.J .S.A . 34: 11-56.26, for all contracts within the contemplation of the Act; • Public Works Contractor Registration Act, N .J .S.A. 34: 11-56.26; and • Bid and Performance Security, as required by the applicable municipal or state statutes. Requirements for National Cooperative Contract 902 of 1132 907 DOC #1 OMNIA PARTNERS EXHIBITS EXHIBIT G-NEW JERSEY BUSINESS COMPLIANCE OWNERSHIP DISCLOSURE FORM (N.J.S. 52:25-24.2) Pw-suant to the requirements of P.L. 1999 , Chapter 440 effective April l 7, 2000 (Local Public Contracts Law), the offeror shall complete the form attached to these specifications listing the persons owning I 0 percent (10%) or more of the finn presenting the proposal. Company Name: Xerox Corporation Street: 201 Merritt 7 City, State, Zip Code: Norwalk, CT 06851 Complete as appropriate: I , certify that I am the sole owner of ________________ ____,, that there are no partners and th e business is not incorporated, and the provisions of N.JS. 52:25-24.2 do not apply. OR: I , a partner in ____________ ~• do hereby certify that the following is a list of all individual partners who own a 10% or greater interest therein. I further certify that if one (1) or more of the partners is itself a corporation or partnership, there is also set forth the names and addresses of the stockholders holding I 0% or more of that corporation's stock or the individual partners owning 10% or greater interest in that partnership. OR: I, Douglas H. Marshall, an authorized r epresentative of Xerox Corporation, a corporation, do hereby certify that th e following is a list of th e names and addresses of all stockholders in th e corporation who own 10% or more of its stock of any class. !further certify that if one (1) or more of such stockholders is itself a corporation or partnership, that th e re is also set forth the names and addresses of the stock- holders holding I 0% or more of the corporation's stock or the individual partners owning a 10% or greater interest in that partnership. (Note : iriformation is as of December 31 , 2019) (Note: If there are no partners or stockholders owning 10% or more interest, indicate none.) Name Address Interest Carl C. Icahn The Vanguard Group, Inc. c/o Icahn Capital LP 767 Fifth Avenue, Suite 4700 New York, NY 10153 100 Vanguard Blvd. Malvern, PA 19355 10.99% 10.32% Ifitrther certify that the statements and iriformation contained herein, are complete and correct to th e best of my knowledge and be li ef May 8, 2020 Date Authorized Signature and Title Requirements for National Cooperative Contract Secretwy 903 of 1132 908 OMNIA PARTNERS EXHIBITS EXHIBIT G-NEW JERSEY BUSINESS COMPLIANCE DOC#2 NON-COLLUSION AFFIDAVIT Company Name: ---'~----'---------L/_,___&_71-...,_,_:_· GIV14}_,_}j_lZJ_}IV ___ _ Street: d-PI #/.err ; ff 7- City, State, Zip Code: /J1JYt,11!lif-, Lt ()~ fO j ~ , State of _ ___,_/J.-----,.,,·_:'Vvv=----_ --~-~---~--/----1---------~ County of bu de/kw L Jo ~n~ )._0v y ofthe_M_· _tlo_J_k_~-+-fe_. ______ _ Name T City in the County of /11 t j c( /e_s ~ , State of -(--"-~------9'------o f full age, being duly sworn according to law on my oath depose and say that: lam the &~ ~«.~~fthefirmof~J@~~--·t:_~_7 -+rJ_Q/}_~_-t/1,.:-....__· __ _ fule Y CJlnpany Name the Ojferor making the Proposal for the goods, services or public work spec[fied under the attached proposal, and that I executed the said proposal with full authority to do so; that said Offeror has not directly or indirectly entered into any agreement, participated in any collusion, or otherwise taken any action in restraint of free, competitive bidding in connection with the above proposal, and that all statements contained in said proposal and in this affidavit are true and correct; and made with full knowledge that relies upon the truth of the statements contained in said proposal and in the statements contained in this affidavit in awarding the contract for the said goods, services or public work. I further warrant that no person or selling agency has been employed or retained to solicit or secure such contract upon an agreement or understanding for a commission , percentage, brokerage or contingent fee , except bona fide employees or bona fide established commercial or selling agencies maintain ed by , ~✓ 4:7,,,~ bh \/i2tjµ::T,' Company Name Subscribed and sworn before me II ' ·t-1,,, this ~ day of~-------' 20 2-_o TERRENCE HORSLEY NOTARY PUB LIC STAT E OF NEW JERSEY ID# 22 29180 MY COMM ISSI ON EXPIRES SEPTEMBER 2, 2024 Requirements for National Cooperative Contract 904 of 1132 909 DOC#3 Company Name: Street: City, State, Zip Code: Proposal Certification: OMNIA PARTNERS EXHIBITS EXHIBIT G-NEW JERSEY BUSINESS COMPLIANCE AFFIRMATIVE ACTION AFFIDAVIT (P.L. 1975, C.127) SEAL Indicate below company's compliance with New Jersey Affirmative Action regulations. Company's proposal will be accepted even if company is not in compliance at this time. No contract and /or purchase order may be issued, however, until all Affirmative Action requirements are met. Required Affirmative Action Evidence: Procurement, Professional & Service Contracts (Exhibit A) Vendors must submit with proposal: 1. A photo copy of their Federal Letter of A ffirmative Action Plan Approval OR G photo copy of their Certificate of E mployee Information Report OR 3. A complete Affirmative Action E mployee Information Report (AA302) Public Work -Over $50,000 Total Project Cost: A . No approved Federal or New Jersey Affirmative Action Plan. We will complete Report Form AA201-A upon receipt from the B. Approved Federal or New Jersey Plan -ce1tificate enclosed I.further certify that the statements and information contained herein , are complete and correct to the best of my knowledg e and belief .5/1, /2oto 1Date itle Requirements for National C ooperative Contract 905 of 1132 910 DOC #3, continued OMNIA PARTNERS EXHIBITS EXHIBIT G-NEW JERSEY BUSINESS COMPLIANCE P.L. 1995, c. 127 (N.J.A.C. 17:27) MANDATORY AFFIRMATIVE ACTION LANGUAGE PROCUREMENT, PROFESSIONAL AND SERVICE CONTRACTS During the performance of this contract, the contractor agrees as follows: The contractor or subcontractor, where applicable, will not discriminate against any employee or applicant for employment because of age, race , creed , color, nationa l origin, ancestry , marital status, sex, affectional or sexual orientation. The contractor will take affirmative action to ensure that such applicants are recruited and employed, and that employees are treated during emp loyment, without regard to their age, race, creed, color, national origin, ancestry, marital status, sex, affectional or sexual or ientation. Such action shall include, but not be limited to the following: employment, upgrading, demotion , or transfer; recruitment or recruitment advertising; layoff or termination; rates of pay or other forms of compensation; and selection for training, including apprenticeship. The contractor agrees to post in conspicuous places, available to employees and applicants for emp loyment, notices to be provided by the Public Agency Compliance Officer setting forth provisions of this non-discrimination clause. The contractor or subcontractor, where applicab le will , in all solicitations or advertisement for employees placed by or on behalf of the contractor, state that all qualified app licants will receive consideration for employment without regard to age , race , creed, color, national origin, ancestry, marital status, sex, affectional or sexual orientation. The contractor or subcontractor, where applicable , will send to each labor union or representative of workers with which it has a collective bargaining agreement or other contract or understanding, a notice, to be provided by the agency contracting officer advising the labor union or workers' representative of the contractor's commitments under this act and shall post copies of the notice in conspicuous pl aces available to employees and applicants for employment. The contractor or subcontractor, where applicable, agrees to comply with any regulation s promulgated by the Treasurer pursuant to P.L. 1975 , c . 127, as amended and s upplemented from time to time and the Americans with Disabilities Act. The contractor or subcontracto r agrees to attempt in good faith to employ minority and female workers trade consistent with the applicable county employment goal prescribed by N .J.A.C. 17 :27 -5 .2 promulgated by the Treasurer pursuant to P.L. 1975, C .127, as amended and supplemented from time to time or in accordance with a binding determination of the applicable county employment goals determined by the Affirmative Action Office pursuant to N.J .A.C. 17:27-5.2 promulgated by the Treasurer pursuant to P.L. 19 75, C.127 , as amended an d supplemented from time to time. The contractor or subcontractor agrees to inform in writ ing appropriate recruitment agencies in the area, including employment agencies, placement bureaus , colleges , univers ities , labor unions , that it does not discriminate on the basi s of age, creed , color, national origin, ancestry , marital status , sex, affectional or sexual orientation, and that it will discontinue the use of any recruitment agency which engages in direct or indirect discriminatory practices. The contractor or subcontractor agrees to revise any of it testing procedures , if necessary, to assure that all personnel testing conforms with the principl es of job-related testing, as established by the statutes and court decisions of the state of New Jersey and as established by applicable Federal law and applicable Federal court decisions. The contractor or subcontractor agrees to review all procedures relating to transfer , upgrading, downgrading and lay-off to ensure that all such actions are taken without regard to age, creed, color, national origin, ancestry, marital status, sex, affectional or sexual orientation , a nd conform with the applicable employment goals, consistent with the statutes and court deci sions of the State of New Jersey , and applicable Federal law and applicable Federal court decisions . The contractor and it s subcontractors shall furnish such reports or other documents to the Affirmative Action Office as may be requested by the office from t im e to time in order to carry out the purposes of these regulations, and public agencies shall furnish such information as may be requested by the Affirmative Action Office for conducting a compliance investigation pursuant to Subchapter 10 of the Admi nistrative Code (NJAC 17:27). Requirements for National Cooperative Contract 906 of 1132 911>, -Certification 1160 • ',.. z , . ii.._ ' .,, CERTIFl&ftlfiAPf EMPLOYE~ INFORMATION REPORT .,,,,~~ -~ This is to certify that the contractor liste Q1MhJtt~m~Jd~·~1oyee lnfonnation Report pursuant to N.J.A.C. 17:27-1.1 et. seq. and th_:_ erteasure./:,.haSj! Pfr~11e-a-'~'q~~ort. This approval will remain in effect for the period of 15 201_? ... • _ to 15~ 2022 f ' ~-·. ~~--••• ) (-.. -~.--'-.": "I . I l .. ~ • ~ l\... -i 1,.,. . . \ _,. ' I'-:'\ • . r • ({ • .._ • ·, c: . -..,. ';'...:. • - . w ' .. , ✓ ~, l. J ~ ~, ,;\I .. 41 · -• t .r ~ '·'If ,, • •• 1" ,. • 1,i ..... ,, •~. ~ ;:::; l.;:·,..A•~ .~ i..•J I;) ~ , .. ,~\f ~,,. !:t,· XEROX CORPORATION \~-r;1(':'. .. , --17 '. : 1~ 10 WOODBRIDGE CENTER DR.~~-.?_t','. ~ . .1 • r • WOODBRIDGE NJ 07~·ri~~~f'.II~ •• ::;~ ' '"="-'~ ~ -t • ,,.,. ~~ ~.~ I .:s u ' ' H:; ' ~ ..,. , .. _ ' . 1.·...--~· ~.~ Ji .. ' '' " . . i .•,._.-ti.-'.n .;11 .. t ":· ""' f ~. ,'7 •:· ~ ' -,,,,/', ~ ~ ~-~ ELIZABETH MAHER MUOIO State Treasurer :..f .:. . ' 907 of 1132 912 DOC#4 OMNIA PARTNERS EXHIBITS EXHIBIT G-NEW JERSEY BUSINESS COMPLIANCE C. 271 POLITICAL CONTRIBUTION DISCLOSURE FORM Public Agency Instructions This page provides guidance to pub lic agencies entering into contracts with bus i ness entities that are required to fi le Political Contribution D isclosure forms with the agency. It is not intended to be provided to contractors . What fol lows are instructions on the use of form local un its can provide to contractors that are required to disc lose political contributions pursuant to N.J.S.A. l 9:44A-20 .26 (P.L. 2005 , c. 271 , s.2). Additional information on the process is available in Local F inance Notice 2006-1 (http ://www.nj .gov/dca/divisions/dlgs/resources/lfns 2006.htm l). P lease refer back to these instructions for the appropriate links , as the Loca l Finance Notices inc lude links that are no longer operational. 1. The disclosure is required for al l contracts in excess o f $ I 7,500 that are not awarded pursuant to a "fair and open" process (N.J .S.A. 19:44A-20.7). 2. Due to the potential length of some contractor submissions , the public agency should consider allowing data to be s ubmitted in electronic form (i .e., spreadsheet, pdffile, etc.). Submissions must be kept with the contract documents or in an appropriate computer file and be availab le for public access. The form is worded to accept this alternate submission. The text s hould be amended if e lectronic submission w ill not be allowed . 3. The submiss ion must be received from the contractor and on file at least IO days prior to award of the contract. Resolut ions of award should reflect that the disclosure has been received and is on fi le . 4. The contractor must di sc lo se contribut ions made to candidate and party committees covering a wide range of public agencies, including all public agencies that have elected official s in the county of the public agency, state legislative positions , and various state entities . The Division of Local Government Services recommends that contractors be provided a list of the affected agencies. This will assist contractors in determining the campaign and political committees of the officials and candidates affected by the di s closure. a. The Division has prepared model disc losure forms for each county. They can be downloaded from the "County PCD Forms" link on the Pay-to-Play web site at http ://www.nj.gov/dca/divisions/dlgs/programs/lpc1.html #12 . T hey will be updated from time-to-time a s necessary. b . A pub lic agency using these form s should edit them to properly reflect the correct legislative district(s). As the forms are county-based , they list all legislative districts in each county. Districts that do not represent the public agency should be removed from the lists . c. Some contractors may find it eas ier to provide a single list that covers all contributions, regardle s s of the county . These submission s are appropriate and should be accepted . d . The form may be used "as-i s", s ubject to edits as described herein . e . The "Contractor Instructions" sheet is intended to be provided with the form. It is recommended that the Instructions and the form be printed on the sa me piece of paper. The form notes that the Instruct ions are printed on the back of the form ; where that is not the case, the text should be edited accordingly. f. The form is a \Vord document and can be edited to meet loc a l need s, and posted for download on web sites, used as an e-mail attachment, or provided as a printed document. 5. It is recommended that the contractor al so complete a "Stockholder Disclosure Certification." This will assist the local unit in its ob ligation to ensure that contractor did not make any prohibited contributions to the committees listed on the Business Entity Disclosure Certification in the 12 months prior to the contract (See Local Finance Notice 2006 -7 for additional information on this obligation at http ://www.nj .gov/dca/divisions/dlgs/resources/lfns 2006 .html ). A sample Certification form is part o f this package and the instruction to complete it is inc luded in t he Contractor Instructions . N OTE: T his section is not applicable to Boards of Education. Requirements for National Cooperative Contract 908 of 1132 913 OMNIA PARTNERS EXHIBITS EXHIBIT G-NEW JERSEY BUSINESS COMPLIANCE Doc #4, continued C. 271 POLITICAL CONTRIBUTION DISCLOSURE FORM Contractor Instructions Business entities (contractors) receiving contracts from a public agency that are NOT awarded pursuant to a "fair and open" process ( defined at N.J.S.A. 19:44A-20.7) are subject to the provisions of P .L. 2005, c. 271, s.2 (N.J.S.A. 19:44A- 20.26). This law provides that 10 days prior to the award of such a contract, the contractor shall disclose contributions to: • any State, county, or municipal committee of a po litical party • any legislative leadership committee • • any continuing political committee (a.k.a., political action committee) • any candidate committee of a candidate for, or ho lder of, an elective office: o of the pub lic entity awarding the contract o of that county in which that public entity is located o of another public entity within that county o or ofa legislative district in which that public entity is located or, when the public entity is a county, of any legislative district which includes all or part of the county The disclosure must list reportable contributions to any of the committees that exceed $300 per election cycle that were made during the 12 months prior to award of the contract. See N.J.S.A. l 9:44A-8 and 19:44A-J 6 for more details on reportable contributions. N.J.S.A. 19:44A-20.26 itemizes the parties from whom contributions must be disclosed when a business entity is not a natural person. This includes the following: • individuals with an "interest" ownership or control of more than I 0% of the profits or assets of a business entity or 10% of the stock in the case of a business entity that is a corporation for profit • all principals, partners, officers, or directors of the business entity or their spouses • any subsidiaries directly or indirectly controlled by the business entity • [RS Code Section 527 New Jersey based organizations, directly or indirectly controlled by the business entity and filing as continuing political committees , (PACs). When the business entity is a natural person , "a contribution by that person's spouse or child, residing therewith, shall be deemed to be a contribution by the business entity." 11-J:.J.S.A. 19:44A-20 .26(b )] The contributor must be listed on the disclosure. Any business entity that fail s to comply with the disclosure provisions shall be subject to a fine imposed by ELEC in an amount to be determined by the Commission which may be based upon the amount that the business entity failed to report. The enclosed list o f agencies is provided to assist the contractor in identifying those public agencies whose elected official and/or candidate campaign committees are affected by the disclosure requirement. It is the contractor's responsibility to identify the specific committees to which contributions may have been made and need to be disclosed. The disclosed information may exceed the minimum requirement. The enclosed form, a content-consistent facsimile , or an electronic data file containing the required details (along with a signed cover sheet) may be used as the contractor's submission and is disclosable to the public under the Open Public Records Act. The contractor must also complete the attached Stockholder Disclosure Ce1tification . This will assist the agency in meeting its obligations under the law. NOTE: This section does not apply to Board of Education contracts. • N.J .S.A. 19:44A-3(s): 'The term "legislative leaders hip committee" means a committee established , authorized to be established , or designated by the President of the Senate, the Minority Leader of the Senate , the Speaker of the General Assembly or the Minority Leader of the General Assembly pursuant to section 16 of P.L.1993 , c.65 (C. l 9:44A-10 .1) for the purpose ofreceiving contributions and making ex penditures ." Requirements for National Cooperative Contract 909 of 1132 914 Doc #4, continued OMNIA PARTNERS EXHIBITS EXHJBIT G-NEW JERSEY BUSINESS COMPLIANCE C. 271 POLITICAL CONTRIBUTION DISCLOSURE FORM Required Pursuant to N.J.S.A . 19:44A-20.26 This form or its permitted facsimile must be submitted to the local unit no later than 10 days prior to the award of the contract. Vendor Name: Address: C it : The undersigned being authorized to certify, hereby certifies that the submission provided herein represents comp li ance with the provisions ofN.J.S.A. 19:44A-20 .26 and as represented by the lnstructions accompanyi ng tl1is form . Printed Naml Part II -Contribution Disclosure Disclosure requirement: Pursuant to N.J.S .A. 19 :44A -20.26 th is disclosure must include all reportable political contributions (more than $300 per election cycle) over the 12 months prior to submission to the committees of the government entities listed on the form provided by the local unit. D Check here if disclosure is provided in e lectronic form Contri butor Name Recipient Name Date D Check here if the information is continued on subsequent page(s) Requirements for National Cooperative Contract Dollar Amount $ 910 of 1132 915 Doc #4, continued OMNIA PARTNERS EXHIBITS EXHIBIT G-NEW JERSEY BUSINESS COMPLIANCE List of Agencies with Elected Officials Required for Political Contribution Disclosure N.J.S.A. 19:44A-20.26 County Name: State: Governor, and Legis lative Leadership Committees Legislative District #s: County: State Senator and two members of the General Assembly per district. Freeholders { Co unty Executive} County Clerk Surrogate Sheriff Municipalities (Mayor and members of governing body , regardless of title): USERS SHOULD CREATE THEIR OWN FORM, OR DOWNLOAD FROM THE PAY TO PLAY SECTION OF THE DLGS WEBSITE A COUNTY-BASED, CUSTOMIZABLE FORM. Requirements for National Cooperative Contract 911 of 1132 916 OMNIA PARTNERS EXHIBITS EXHIBIT G-NEW JERSEY BUSINESS COMPLIANCE DOC#5 STOCKHOLDER DISCLOSURE CERTIFICATION Name of Business: C I certify that the list below contains the names and home addresses of all stockholders holding 10% or more of the issued and outstanding stock of the undersigned. OR C I certify that no one stockholder owns 10 % or more of the issued and outstanding stock of the undersigned. Check the box that represents the type of business organization: □ Partnership a Corporation □ Sole Proprietorship D Limited Paitnership D L imited Liability Corporation DLimited Liabi li ty Partnership D Subchapter S Corporation Sign and notarize the form below, and, if necessary, complete the stockholder list below. Stockholders · Name : Carl C Icahn Home Address: Business Address: C /o I cahn Capi t al L P 767 5th Ave NY 10153 Name: Home Address : Name : H ome Address: Subscr ibed and swo rn befo re me t hi s~ay o f ff\ A_) 26:-Z..0 (Notary Public) l -l~ My Co mmi ss ion expires : '4 j 2_ / 2...o "2-'-{ Name : The Vanguard Group Home Address: 100 Vanguard Bvd . Business Address Malv ern, Pa 19355 Name: Horne Addres s: Name : Home Address : J ,:)0 n ~ /_e,u , · /1-1 · (Print nam e & titl e f a ffia nt) (C or orate Seal) TERRENCE HORSLEY Requirements::{oi-National Coopet:ative Contract NOTARY PUBLI C STATE OF NEW JERSEY ID# 2229180 MY COMM1SSION EXP IRES SEPTEMBER 2. 20 24 912 of 1132 917 DOC#6 OMNIA PARTNERS EXHIBITS EXHIBIT G-NEW JERSEY BU SINESS COMPLIANCE Certification of Non-Involvement in Prohibited Activities in Iran Pursuant to N.J .S .A. 52:32-58 , Offerors must certify that neither the Offeror, nor any of its parents, subsidiaries , and/or affiliates (as defined in N.J .S.A. 52:32 -56(e) (3)), is listed on the Department of the Treasury 's List of Persons or Entities Engaging in Prohibited Investment Activities in Iran and that neither is involved in any of the investment activities set fotih in N.J .S.A. 52:32 -56(£). Offerors wishing to do business in New Jersey through this contract must fill out the Certification of Non-Involvement in Prohibited Activities in Iran here: http://www.state .n j . us /humanservices/dfd /info/standard/fdc /d i sclosure investmentact.pdf. Offerors should submit the above form completed with their proposal. Requirements for National Cooperative Contract 913 of 1132 918,-- STATE OF NEW JERSEY•· DIVISION OF PURCHASE AND PROPERTY DISCLOSURE OF INVESTMENT ACTIVITIES IN IRAN Quote Number: Bidder/Offeror: Xerox Corporation PART 1: CERTIFICATION BIDDERS MUST COMPLETE PART 1 BY CHECKING EITHER BOX. FAILURE TO CHECK ONE OF THE BOXES WILL RENDER THE PROPOSAL NON-RESPONSIVE. Pursuant to Public Law 2012 , c. 25, any person or entity that submits a bid or proposal or otherwise proposes to enter into or renew a contract must complete the certification below to attest, under penalty of perjury, that neither the person or entity, nor any of its parents, subs idiaries, or affiliates, is identified on the Department of Treasury's Chapter 25 list as a person or entity engag ing in investment activities in Iran. The Chapter 25 list is found on the Division's website at b1t11:JL,www.state.nj.us/treasury/pu rchase/Qdf/Chapter25Listpdf. Bidders must review th is list prior to comp leting the below certification . Failure to complete the certification will render a bidder's proposal non-responsive. If the Director finds a person or entity to be in violation of law, s/he shall take action as may be appropriate and provided by law, rule or contract, including but not limited to, imposing sanctions, seeking compliance, recovering damages, declaring the party in default and seeking debarment or suspension of the party PLEASE CHECK THE APPROPRIAI~J:!QX: [Z] □ I certify, pursuant to Public Law 2012, c. 25, that neither the bidder listed above nor any of the bidder's parents, subsidiaries, or affiliates is listed on the N.J. Department of the Treasury"s list of entities determined to be engaged in prohibited activities in Iran pursuant to P.L. 2012, c. 25 ("C hapter 25 List"). I further certify that I am the person listed above, or I am an office r or representative of the entity listed above and am authorized to make this certification on its behalf. I will skip Part 2 and sign and complete the Certification below. OR I am unable to certify as above because the bidder and/or one or more of its parents, subsidiaries, or affiliates is listed on the Department's Chapter 25 list. I will provide a detailed, accurate and precise description of the activities in Part 2 below and sign and complete the Certification below. Failure to provide such will result in the PI.QPQ.Sal being rendered as non- responsive and appropriate penalties , fines and/or sanctions will be assessed as provided by law. PART 2: PLEASE PROVIDE FURTHER INFORMATION RELATED TO INVESTMENT ACTIVITIES IN IRAN You must provide a detailed , accurate and precise description of the activities of the bidding person/entity , or one of its parents, subsidiaries or affiliates , engaging in the investment activities in Iran outlined above by completing the boxes below. EACH BOX WILL PROMPT YOU TO PROVIDE INFORMATION RELATIVE TO THE ABOVE QUESTIONS. PLEASE PROVIDE THOROUGH ANSWERS TO EACH QUESTION. IF YOU NEED TO MAKE ADDITIONAL ENTRIES, CLICK THE "ADD AN ADDITIONAL ACTIVITIES ENTRY" BUTTON. Name ___________________ Relationship to Bidder/Offerer _______ _ Description of Activities ----------------------------------- Duration of Engagement __________ Anticipated Cessation Date ____________ _ Bidder/Offerer Contact Name Contact Phone Number ------------ ADD AN ADDITIONAL ACTIVITIES ENTRY Certification: I, being duly sworn upon my oath, hereby represent and state that the foregoing information and any attachments thereto to the best of my knowledge are true and complete. I attest that I am authorized to execute this certification on behalf of the above-referenced person or entity. I acknowledge that the State of New Jersey is relying on the information contained herein and thereby acknowledge that I am under a continuing obligation from the date of this certification through the completion of any contracts with the State to notify the State in writing of any changes to the answers of information contained herein. I acknowledge that I am aware that it is a criminal offense to make a false statement or misrepresentati on in this certification, and if I do so, I recognize that I am subject t o criminal prosecution under the law and that it wil onsti e a material breach of my agreement(s) with the State of New Jersey and that the State at its option may declare any con ) r is certification void and unenforceable. Full Name (Print): Joanne Levy Signature: Title: General Manager , State of New Jersey OPP Standard Forms Packet 11/2013 914 of 1132 919 DOC#7 OMNIA PARTNERS EXHIBITS EXHIBIT G-NEW JERSEY BUSINESS COMPLIANCE NEW JERSEY BUSINESS REGISTRATION CERTIFICATE (N.J.S.A. 52:32 -44) Offerors wishing to do business in New Jersey must submit their State Division of Revenue issued Business Registration Certificate with their proposal here . Failure to do so will disqualify the Offeror from offering products or services in New Jersey through any resulting contract. http://www .state .nj .us /treasury/revenue/forms /njreg .pdf Requirements for National Cooperative Contract 915 of 1132 920 STAT E OF NEW JERSEY BUSINESS REGISTRATION CERTIFICATE Taxpayer Name: Trade Name: Address: Certificate Number: Effective Date: Date of Issuance: For Office Use Only: 20180716081443468 XEROX CORPORATION 201 MERRJTT 7 NORWALK, CT 06851 0061020 November 07, 1960 July 16, 2018 END OF SECTION 916 of 1132 921 Date 9/11/20 Dear Xerox Corporation, SUBJECT: Notice of Intent to Award RFP – Print Goods and Services – UC Systemwide The University of California (UC) has completed its evaluation of proposals in response to the above referenced RFP and intends to award a contract to your company for Print Goods and Services. I will represent UC in this regard with appropriate representation from UC and OMNIA Partners members moving forward, and I will contact you soon to begin negotiating the contract. Kindly direct to me all communications regarding this Notice of Intent to Award. This Notice of Intent to Award is non-binding. If your company does not agree with UC on contract terms, UC will not award a contract to your company. Your company may not begin work, purchase materials, or enter into subcontracts relating to the project before both parties sign a contract, unless prior written approval is obtained from me. UC reserves the right to cancel this Notice of Intent to Award at any time before both parties sign a contract. I look forward to working with you to put contract terms in place. Please don’t hesitate to contact me if you have any questions about this Notice of Intent to Award. Sincerely, Michael Wegmann Sr. IT Commodity Manager Center of Excellence University of California Office of the President 510.987.0428 michael.wegmann@ucop.edu 917 of 1132 922 UNIVERSITY OF CALIFORNIA END OF SECTION 918 of 1132 923 UNIVERSITY OF CALIFORNIA STRATEGIC SOURCING OFFICE OF THE PRESIDENT 1111 Franklin Street. 10th Floor Oakland, California 94607-5200 DATE: 9/26/20 TO: Whom It May Concern FROM: Michael Wegmann Sr. IT Commodity Manager University of California SUBJECT: RFP The Evaluation Committee reviewed the responses and recommended the following companies be awarded: • Canon Solutions America • Ricoh USA, Inc. • Xerox Corporation The recommended vendors submitted offers that were determined to be most advantageous to the University of California Office of the President, based upon the evaluation criteria stated in the RFP. All the recommended respondents were determined to be competitively priced and best suited to provide the specified services outlined in the RFP. We believe all recommended vendors demonstrate the ability to provide and perform the services requested in the proposal. We will monitor their performance and determine at the end of each term if they are eligible for renewal with each new term. This multiple award is most advantageous as it limits contract awards to the least number of suppliers necessary to meet the requirements of end-users. Sincerely, Michael Wegmann Senior Commodity Manager, IT Strategic Sourcing Center of Excellence University of California Office of the President Phone 510.987.0428 michael.wegmann@UCOP.edu BERKELEY • DAVIS • IRVINE • LOS ANGELES • MERCED • RIVERSIDE • SAN DIEGO • SAN FRANCISCO SANTA BARBARA • SANTA CRUZ 919 of 1132 924 - END OF SECTION 920 of 1132 925 University of California (UC) Contract # 2020002686 for Print Goods and Services with Xerox Corporation Effective: November 25, 2020 921 of 1132 926 The following documents comprise the executed contract between the University of California, Office of the President and Xerox Corporation effective November 25, 2020: I. Executed Purchasing Agreement II. Supplier’s Response to the RFP, incorporated by reference 922 of 1132 927 Purchasing Agreement# 2020002686 The Agreement to furnish certain goods and services described herein and in the documents referenced herein (“Goods and/or Services”) is made by and between The Regents of the University of California, a California public corporation (“UC”) on behalf of the University of California, and the supplier named below (“Supplier”). This Agreement is binding only if it is negotiated and executed by an authorized representative with the proper delegation of authority. Xerox Corporation 1. Statement of Work Supplier agrees to perform the Services listed in the statement of work attached as Attachment A (“Statement of Work”) and any other documents referenced in the Incorporated Documents section herein, at the prices set forth in the Statement of Work and any other documents referenced in the Incorporated Documents section herein. Unless otherwise provided in the Agreement, UC will not be obligated to purchase a minimum amount of Goods and/or Services from Supplier. 2. Term of Agreement/Termination a) The initial term of the Agreement will be from 11/25/20 and through 11/17/25 (Initial Term) and is subject to earlier termination as provided below. UC may renew the Agreement for 5 (five) successive 1 (one) -year periods (each, a Renewal Term), by providing Supplier with at least 15 calendar days’ written notice before the end of the Initial Term or any Renewal Term. b) UC may terminate the Agreement for convenience by giving Supplier at least 30 calendar days' written notice. This provision will not apply to any in place lease orders under this Agreement. c) UC or Supplier may terminate the Agreement for cause by giving the other party at least 30 days' notice to cure a breach of the Agreement (Cure Period). If the breaching party fails to cure the breach within the Cure Period, the non-breaching party may immediately terminate the Agreement. 3. Purchase Order; Advance Payments Unless otherwise provided in the Agreement, Supplier may not begin providing Goods and/or Services until UC approves a Purchase Order for the Goods and/or Services. 4. Pricing, Invoicing Method, and Settlement Method and Terms Pricing. Refer to Statement of Work or Purchase Order for Pricing. For systemwide agreements, each UC Location will specify the Invoicing Method and Payment Options that will apply, taking into account the operational capabilities of Supplier and the UC Location. See UC’s Procure to Pay Standards http://www.ucop.edu/procurement- services/_files/Matrix%20for%20website.pdf for the options that will be considered. In the case of systemwide agreements, each UC Location will specify these terms in a Statement of Work or Purchase Order, as the case may be.] Invoicing. All invoices must clearly indicate the following information: a. California state and local sales tax as a separate line item (if applicable), including the rate employed. b. Purchase Order or Release Number and the Agreement Number c. Description and Quantity, of the Products and Support ordered d. Net Cost of each item e. Any applicable discount(s) f. Reference to original order and invoice number for all credit invoices issued g. Original order and invoice number for all credit invoices issued h. On invoices for impressions or overage: for each device, (1) the number of impressions and the impression rate, (2) the number of overage impressions and the impression overage rate, and (3) the taxable amount of these impressions or overage. Tax is NOT to be included for labor or technical service charges. i. Start and end meter counts for each device. 923 of 1132 928 UNIVERSITY OF CALIFORNIA Template revised on 10.1.19 Page 2 of 16 1. Maintenance charges may be invoiced on separate invoices from lease or purchase charges, based on the requirements of the individual campuses. 2.If a UC Location has an MFD/Printer Fleet management program, individual device maintenance invoices and individual device lease invoices may be consolidated into separate summary invoices. 3. Invoices shall NOT contain line items for training, delivery, or other charges not expressly detailed in the RFP. 4. Supplier will provide a designated contact for billing/invoicing questions and issues. This contact must be available 8- 5 PST/PDT, Monday-Friday. 5. Invoices will be submitted directly to the UC Locations’ Accounting Departments unless: a. The MFD/Printer Fleet management program at the UC Location requests invoices from Bidder be sent directly to the program, or b. The Supplier is notified otherwise by Amendment to the Agreement. 6. Usage billing and Meter Reading: a. Meter readings may not be estimated for use in invoicing, unl ess Supplier does not have access to such meter readings and/or the end user does not provide them in a timely manner to the Supplier. b. If meters are supplied monthly by MFD/Printer Fleet management programs, these meters must be the basis for invoicing. Supplier will submit invoices following the designated invoice method directly to UC Accounts Payable Departments at each UC Location, unless UC notifies the Supplier otherwise by amendment to the Agreement. Terms. UC payment terms are net 30. Xerox will not issue an invoice until Services have been rendered and accepted. University will pay Xerox, within thirty-one (31) days of receipt of an undisputed and accurate invoice. The agreed upon minimum lease payment will not be subject to dispute at any time. Xerox will not issue an invoice until Services have been rendered and accepted. 5. Notices As provided in the UC Terms and Conditions of Purchase, notices may be given by email, which will be considered legal notice only if such communications include the following text in the Subject field: FORMAL LEGAL NOTICE – [insert, as the case may be, Supplier name or University of California]. If a physical format notice is required, it must be sent by overnight delivery or by certified mail with return receipt requested, at the addresses specified below. To UC, regarding confirmed or suspected Breaches as defined under Appendix – Data Security: Name David Rusting Phone 510-987-0086 Email David.rusting@ucop.edu Address 1111 Franklin Street Oakland, CA 94607 924 of 1132 929 Template revised on 10.1.19 Page 3 of 16 To UC, regarding Breaches or Security Incidents as defined under Appendix – Business Associate: Name Noelle Vidal Phone 510.987.0725 Email noelle.vidal@ucop.edu Address 1111 Franklin Street Oakland, CA 94607 To UC, regarding personal data breaches as defined under Appendix – General Data Protection Regulation: Name Monte Ratzlaff Phone 51-987-0858 Email Monte.ratzlaff@ucop.edu Address 1111 Franklin Street Oakland, CA 94607 To UC, regarding contract issues not addressed above: Name Michael Wegmann Phone 510-987-0428 Email Michael.wegmann@ucop.edu Address 260 Cousteau Place Suite 150 Davis, CA 95618 To Supplier: Name Corporate Risk, Xerox Corporation Phone 847-928-5180 Email Please Email one of the 2 Contacts listed below Address 1301 Ridgeview Dr. Lewisville, TX 75057 Name Doug MacPhee, Vice President Sales Phone 562-977-7464 Email Doug.Macphee@xerox.com Address 5700 Warland Drive Cypress, CA 90630 Name Scott Reiber, Account Manager UC Systems Phone 925-701-1657 Email Scott.Reiber2@xerox.com Address 5050 Hopyard Rd. Pleasanton, CA 94588 To Supplier regarding contract issues copy to: Name Office of General Counsel Xerox Corporation Email Address 201 Merrit 7, Norwalk, CT 06851-1056 925 of 1132 930 I I Template revised on 10.1.19 Page 4 of 16 6. Intellectual Property, Copyright and Patents /___/ The Goods and/or Services involve Work Made for Hire /__X_/ The Goods and/or Services do not involve Work Made for Hire 7. Patient Protection and Affordable Care Act (PPACA) /___/ Because the Services involve temporary or supplementary staffing, they are subject to the PPACA warranties in the T&Cs. /_X__/ The Services do not involve temporary or supplementary staffing, and they are not subject to the PPACA warranties in the T&Cs. 8. Prevailing Wages /_X__/ Supplier is not required to pay prevailing wages when providing the Services. 9. Fair Wage/Fair Work /___/ Supplier is not required to pay the UC Fair Wage (defined as $13 per hour as of 10/1/15, $14 per hour as of 10/1/16, and $15 per hour as of 10/1/17) when providing the Services. 10. Restriction Relating to Consulting Services or Similar Contracts – Follow-on Contracts Please note a Supplier that is awarded a consulting services or similar contract cannot later submit a bid or be considered for any work “required, suggested, or otherwise deemed appropriate” as the end product of the Services (see Public Contract Code Section 10515). 11. Insurance Deliver the PDF version of the Certificate of Insurance to UC’s Buyer, by email with the following text in the Subject field: CERTIFICATE OF INSURANCE –Xerox Corporation. 12. Cooperative Purchasing Supplier agrees to extend for Goods and/or Services to participating agencies (public and private schools, colleges and universities, cities, counties, non-profits, and all governmental entities) registered with OMNIA Partners, Public Sector under the terms of Attachment B Additional Terms Applicable to All Non-University of California Entities under this agreement. All contractual administration issues (e.g. terms and conditions, e xtensions, and renewals) will remain UC’s responsibility except as outlined in the above referenced Request for Proposal “RFP – Print Goods and Services- – UC Systemwide.” Operational issues, fiduciary responsibility, payment issues, performance issues and liabilities, and disputes involving individual participating agencies will be addressed, administered, and resolved by each participating agency. 926 of 1132 931 Template revised on 10.1.19 Page 5 of 16 13. Supplier’s Service-Specific and/or Goods-Specific Provisions 1.SOFTWARE a) Software License Xerox may provide Software to Customer pursuant to an Order hereunder. The following license applies to Software provided hereunder, unless such Software is accompanied by a click-wrap or shrink-wrap license agreement or otherwise provided subject to a separate license agreement. i) Xerox grants Customer a non-exclusive, non-transferable, non-assignable (by operation of law or otherwise) license to use in the U.S.: (i) Base Software only on or with the Equipment with which (or within which) it was delivered; and (ii) Application Software only on any single unit of Equipment, subject to Customer remaining current in the payment of any indicated applicable Software license fees (including any annual renewal fees). For Services Software, Xerox grants Customer a non-exclusive, non-transferable, non-assignable (by operation of law or otherwise) license in the U.S. to install the Services Software on a host computer(s) or server(s) or, if applicable, on Equipment or Third Party Hardware, and, further, if applicable, on the number of workstations, laptops and mobile devices specified in the Order, and to use the Services Software only for the purpose of receiving the applicable Services. Customer has no other rights to the Software. Customer will not and will not allow its employees, agents, contractors or vendors to: (i) distribute, copy, modify, create derivatives of, decompile, or reverse engineer Software except as permitted by applicable law; (ii) activate Software delivered with or within the Equipment in an un-activated state; or, (iii) access or disclose Diagnostic Software for any purpose. Title to Software and all copyrights and other intellectual property rights in Software will reside solely with Xerox and its licensors (who, if required by the terms of the third party license agreement with Xerox, will be considered third party beneficiaries of this Agreement’s software and limitation of liability provisions). ii) The Base Software license will terminate, as applicable: (i) if Customer no longer uses or possesses the Equipment with which the Base Software was provided; or (ii) upon the expiration or termination of any Order under which Customer has acquired the Equipment with which the Base Software was provided (unless Customer has exercised an option to purchase the Equipment, where available, in which case the license to Base Software is perpetual and transferrable with purchase of the Equipment by Customer). iii) Software may contain code to prevent its unlicensed use and/or transfer. If Customer does not permit Xerox periodic access to such Software, this code may impair the Equipment’s and/or Software’s functionality. iv) Xerox does not warrant that the Software will be free from errors or that its operation will be uninterrupted. SOFTWARE SUPPORT i) Software support will be provided by Xerox or a designated service provider as follows. For Base Software, Software support will be provided during the initial term of the applicable Order and any renewal period, but not longer than 5 years after Xerox stops taking orders for the subject model of Equipment. For Application Software, Software support will be provided as long as Customer is current in the payment of all applicable software license, annual renewal and “support only” fees. For Services Software, support will be provided in accordance with the terms of the applicable Statement of Work or Order. ii) Xerox will maintain a web-based or toll-free hotline during Xerox’s standard working hours to report Software problems and answer Software-related questions. Xerox, either directly or with its vendors, will make reasonable efforts to: (i) assure that Software performs in material conformity with its Documentation; (ii) provide available workarounds or patches to resolve Software performance problems; and (iii) resolve coding errors for (1) the current release and (2) the previous release for a period of 6 months after the current release is made available to Customer. Xerox will not be required to provide Software support if Customer has modified the Software. iii) Xerox may make available new releases of the Software that are designated as “Maintenance Releases” or “Updates.” Maintenance Releases or Updates are provided at no charge and must be implemented within 6 927 of 1132 932 Template revised on 10.1.19 Page 6 of 16 months after being made available to Customer. Each Maintenance Release or Update shall be considered Software governed by these terms. Feature Releases will be subject to additional license fees at Xerox’s then- current pricing and shall be considered Software governed by these terms and conditions (unless otherwise noted in an Order). Implementation of a Maintenance Release, Update or Feature Release may require Customer to procure, at its expense, additional hardware and/or software from Xerox or another entity. Upon installation of a Maintenance Release, Update or Feature Release, Customer will return or destroy all prior Maintenance Releases, Updates or Feature Releases. 2. DIAGNOSTIC SOFTWARE Diagnostic Software and method of entry or access to it constitute valuable trade secrets of Xerox. Title to the Diagnostic Software shall at all times remain solely with Xerox and Xerox’s licensors. Xerox does not grant Customer a license or right to use the Diagnostic Software. Customer will not use, reproduce, distribute, or disclose the Diagnostic Software for any purpose (or allow third parties to do so). Customer will allow Xerox reasonable access to the Equipment during Customer’s normal business hours to remove or disable Diagnostic Software if Customer is no longer receiving Maintenance Services from Xerox. 3. Third Party Software may be subject to license and support terms provided by the applicable Third Party Software vendor. 4. Maintenance Terms for Customer Owned Equipment i) Products" means the equipment ("Equipment"), Software and supplies identified in this Agreement. the University agrees the Products are for the University’s business use (not resale) in the United States and its territories and possessions ("U.S.") and will not be used for personal, household or family purposes. ii) Supplier agrees to extend the pricing terms for maintenance services and supplies included in this agreement to Supplier’s current population of Products placed at UC prior to execution of this Agreement. . This provision does not include lease transactions. iii) Renewal. Supplier will provide University with no less than thirty-one (31) days advanced notice of the expiration of the then current term of each individual maintenance order. Upon expiration, University shall have the option to extend the current maintenance coverage at the same monthly price on a month-to-month basis. This type of extension may be cancelled without penalty upon 30 days written notice. 5. Maintenance Terms for Supplier’s Equipment. Except for Equipment and/or Third Party Hardware identified as "No Svc.", Xerox (or a designated servicer) will keep the Equipment and/or Third Party Hardware in good working order ("Maintenance Services"). The provision of Maintenance Services is contingent upon Customer facilitating timely and efficient resolution of Equipment and/or Third Party Hardware issues by: (a) utilizing Customer-implemented remedies provided by Xerox; (b) replacing Cartridges; and (c) providing information to and implementing recommendations provided by Xerox telephone support personnel. If an Equipment and/or Third Party Hardware issue is not resolved after completion of (a) through (c) above, Xerox will provide on-site support as provided herein. Maintenance Services will be provided during Xerox's standard working hours in areas open for repair service for the Equipment and/or Third Party Hardware. Maintenance Services excludes repairs due to: (i) misuse, neglect or abuse; (ii) failure of the installation site or the PC or workstation used with the Equipment and/or Third Party Hardware to comply with Xerox's published specifications or Third Party Hardware vendor’s published specifications, as applicable; (iii) use of options, accessories or products not serviced by Xerox; (iv) non-Xerox alterations, relocation, service or supplies; or (v) failure to perform operator maintenance procedures identified in operator manuals. Replacement parts may be new, reprocessed or recovered and all replaced parts become Xerox's property. Xerox will, as your exclusive remedy for Xerox's failure to provide Maintenance Services, replace the Equipment with an identical model or, at Xerox's option, another model with comparable features and capabilities. There will be no additional charge for the replacement Equipment during the remainder of the initial Term. If meter reads are a component of your Equipment’s Maintenance Plan, you will provide them using the method and frequency identified by Xerox. For Third Party Hardware identified as” No Svc.”, you shall enter into a maintenance agreement with the Third Party Hardware vendor or its maintenance service provider, who shall be solely responsible for the quality, timeliness and other terms and conditions of such maintenance services. Xerox shall have no liability for the acts or omissions of such third party service provider. 928 of 1132 933 Template revised on 10.1.19 Page 7 of 16 6. DELIVERY, REMOVAL & RELOCATION. Equipment prices include standard delivery charges and, for Xerox-owned Equipment, standard removal charges. Charges for non-standard delivery, excessive installation requirements, including rigging, access alterations, and access to non-ground floors via stairs. Any such excessive installation charges must be quoted to the University prior to the signature of any Order, and shall be based on the actual expenditures of Vendor or Authorized Dealer and for any Equipment relocation are the University’s responsibility. Relocation of Xerox-owned Equipment must be arranged (or approved in advance) by Xerox and may not be to a location outside of the U.S. 7. TRADE-IN EQUIPMENT. The University warrants that it has the right to transfer title to the equipment you are trading in as part of this Agreement ("Trade-In Equipment") and that the Trade-In Equipment is in good working order and has not been modified from its original configuration (other than by Xerox). Title and risk of loss to the Trade-In Equipment will pass to Xerox when Xerox removes it from your premises. The University will maintain the Trade-In Equipment at its present site and in substantially its present condition until removed by Xerox. The University will pay all accrued charges for the Trade-In Equipment (up to and including payment of the final principal payment number) and all applicable maintenance, administrative, supply and finance charges until Xerox removes the Trade-In Equipment from your premises. 8. CONSUMABLE SUPPLIES. If "Consumable Supplies" is identified in Maintenance Plan features, Maintenance Services will include black toner and/or solid ink and color toner and/or solid ink, if applicable ("Consumable Supplies"). Highlight color toner, clear toner, and custom color toner are excluded. Depending on the Equipment model, Consumable Supplies may also include developer, fuser agent, imaging units, waste cartridges, transfer rolls, transfer belts, transfer units, belt cleaner, staples, maintenance kits, print Cartridges, drum Cartridges, waste trays and cleaning kits. Consumable Supplies are Xerox’s property until used by you, and you will use them only with the Equipment for which "Consumable Supplies" is identified in Maintenance Plan Features. If Consumables Supplies are furnished with recycling information, Customer will return the used item to Xerox for remanufacturing. Shipping information is available at Xerox.com/GWA. Upon expiration of this Agreement, Customer will include any unused Consumable Supplies with the Equipment for return to Xerox at the time of removal. If your use of Consumable Supplies exceeds Xerox’s published yield by more than 10%, Xerox will notify you of such excess usage. If such excess usage does not cease within 30 days after such notice, Xerox may charge you for such excess usage. Upon request, you will provide current meter reads and/or an inventory of Consumable Supplies in your possession. 9. CARTRIDGES. If Xerox is providing Maintenance Services for Equipment utilizing cartridges designated by Xerox as customer replaceable units, including copy/print cartridges and xerographic modules or fuser modules ("Cartridges"), you agree to use only unmodified Cartridges purchased directly from Xerox or its authorized resellers in the U.S. Cartridges packed with Equipment and replacement Cartridges may be new, remanufactured or reprocessed. Remanufactured and reprocessed Cartridges meet Xerox's new Cartridge performance standards and contain new or reprocessed components. To enhance print quality, Cartridge(s) for many models of Equipment have been designed to cease functioning at a predetermined point. In addition, many Equipment models are designed to function only with Cartridges that are newly manufactured original Xerox Cartridges or with Cartridges intended for use in the U.S. 10. Total Satisfaction Guarantee. "SP Equipment" means any iGen and Xerox Continuous Feed Equipment. Except for SP Equipment identified as “Previously Installed”, If, during any 90 day period, the performance of SP Equipment delivered under the Individual Agreement is not at least substantially consistent with the per formance expectations outlined in the SP Equipment’s Customer Expectations Document ("Expectations Document"), Xerox will, at Customer’s request, replace the SP Equipment without charge with identical SP Equipment or, at Xerox’s option, with Xerox-branded Equipment with comparable features and capabilities. The SP Equipment Guarantee does not apply during the first 180 days after installation and will expire 3 years after the Installation Date for Purchased Equipment. The SP Equipment Guarantee will expire at the end of the initial Term of the subject Installment Purchase, Rental, or Lease Agreement term. This SP Equipment Guarantee applies only to SP Equipment that has been (i) continuously maintained by Xerox under a Xerox maintenance agreement, and (ii) operated at all times in accordance with the Expectations Document. "Non-SP Equipment" means any Equipment other than SP Equipment. If Customer is not totally satisfied with any Non-SP Equipment delivered under an Installment Purchase, Rental, or a Lease Agreement under the Contract, Xerox 929 of 1132 934 Template revised on 10.1.19 Page 8 of 16 will, at Customer’s request, replace it without charge with identical Non-SP Equipment or, at Xerox’s option, with Xerox-branded equipment with comparable features and capabilities. The Non-SP Equipment Guarantee applies only to Non-SP Equipment that has been continuously maintained by Xerox under a Xerox Maintenance Agreement. For "Previously Installed" Non-SP Equipment, the Non-SP Equipment Guarantee is effective for one (1) year after the Installation Date. For all other Non-SP Equipment, The Non-SP Equipment Guarantee will expire at the end of the initial Term of the Installment Purchase, Rental, or Lease Agreement term. In the event of any conflict between Xerox’ Total Satisfaction Guarantee in this section and the Lemon Clause in Section 5.8 of the Attachment A Statement of Work, the Lemon Clause will prevail. 11. WARRANTY DISCLAIMER: XEROX DISCLAIMS THE IMPLIED WARRANTIES OF NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE AND, FOR THIRD PARTY PRODUCTS, THE IMPLIED WARRANTY OF MERCHANTABILITY. 12. REMOTE SERVICES. Certain models of Equipment are supported and serviced using data that is automatically collected by Xerox or transmitted to or from Xerox by the Equipment connected to Customer's network ("Remote Data") via electronic transmission to a secure off-site location ("Remote Data Access"). Remote Data Access also enables Xerox to transmit to Customer Releases for Software and to remotely diagnose and modify Equipment to repair and correct malfunctions. Examples of Remote Data include product registration, meter read, supply level, Equipment configuration and settings, software version, and problem/fault code data. Remote Data may be used by Xerox for billing, report generation, supplies replenishment, support services, recommending additional products and services, and product improvement/development purposes. Remote Data will be transmitted to and from Customer in a secure manner specified by Xerox. Remote Data Access will not allow Xerox to read, view or download the content of any Customer documents or other information residing on or passing through the Equipment or Customer's information management systems. Customer grants the right to Xerox, without charge, to conduct Remote Data Access for the purposes described above. Upon Xerox’s request, Customer will provide contact information for Equipment such as name and address of Customer contact and IP and physical addresses/locations of Equipment. Customer will enable Remote Data Access via a method prescribed by Xerox, and Customer will provide reasonable assistance to allow Xerox to provide Remote Data Access. Unless Xerox deems Equipment incapable of Remote Data Access, Customer will ensure that Remote Data Access is maintained at all times Maintenance Services are being performed. 13. Terms Applicable to Supplier’s Digital Press Products (i.e. iGen, Versant, PrimeLink, Nuvera, Iridesse) i) FREEFLOW LICENSE. The following terms apply to Xerox FreeFlow Print Server /DocuSP software included in Base Software ("FreeFlow Base Software") and/or Application Software identified as Xerox FreeFlow software (including, but not limited to, FreeFlow Makeready and FreeFlow Process Manager ) (collectively, "FreeFlow Application Software"), and are additive to and supplement those found elsewhere in the Agreement. FreeFlow Base Software and FreeFlow Application Software are collectively referred to as "FreeFlow Software." 1. FreeFlow Software may include and/or incorporate font programs ("Font Programs") and other software provided by Adobe Systems Incorporated ("Adobe Software"). You may embed copies of the Font Programs into your electronic documents for the purpose of printing and viewing the document. You are responsible for ensuring that you have the right and are authorized by any necessary third parties to embed any Font Programs in electronic documents created with the FreeFlow Application Software. If the Font Programs are identified as "licensed for editable embedding" at www.adobe.com/type/browser/legal/embeddingeula, you may also embed copies of those Font Programs for the additional purpose of editing your electronic documents. No other embedding rights are implied or permitted under this license. 2. You will not, without the prior written consent of Xerox and its licensors: (a) alter the digital configuration of the FreeFlow Software, or solicit others to cause the same, so as to change the visual appearance of any of the FreeFlow Software output; (b) use the FreeFlow Software in any way that is not authorized by the Agreement; (c) use the embedded code within the FreeFlow Software outside of the Equipment on which it was installed or in a stand-alone, time-share or service bureau model; (d) disclose the results of any performance or 930 of 1132 935 Template revised on 10.1.19 Page 9 of 16 benchmark tests of the FreeFlow Software; (e) use the FreeFlow Software for any purpose other than to carry out the purposes of the Agreement; or (f) disclose or otherwise permit any other person or entity access to the object code of the FreeFlow Software. 3. FreeFlow Process Manager contains Oracle Database Express Edition database software and documentation licensed from Oracle America, Inc. ("Oracle"). Oracle grants you a nonexclusive, nontransferable limited license to use Database Express Edition for purposes of developing, prototyping and running your applications for your own internal data processing operations. Database Express Edition may be installed on a multiple CPU server but may only be executed on one processor in any server. Upon not less than 45 days prior written notice, Xerox and/or its licensors may, at their expense, directly or through an independent auditor, audit your use of FreeFlow Process Manager and all relevant records not more than once annually. Any such audit will be conducted at a mutually agreed location and will not unreasonably interfere with your business activities. 4. The Copyright Management feature of FreeFlow Makeready ("FFCM") contains the optional Copyright Clearance Center, Inc. ("CCC") copyright licensing services feature of FFCM ("CCC Service"). If this option is ordered, you will comply with any applicable terms and conditions contained on the CCC website, www.copyright.com, and any other rights holder terms governing use of materials, which are accessible in FFCM. If CCC terminates Xerox's right to offer access to the CCC Service through FFCM, Xerox may, upon written notice and without any liability to you, terminate your right to access the CCC Service through FFCM. THE CCC SERVICE IS PROVIDED "AS IS," WITHOUT ANY WARRANTIES, WHETHER EXPRESS OR IMPLIED. XEROX DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING WITHOUT LIMITATION THE IMPLIED WARRANTIES OF NONINFRINGEMENT, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. You will defend and indemnify Xerox from any and all losses, claims, damages, fines, penalties, interest, costs and expenses, including reasonable attorney fees, arising from or relating to your use of the CCC Service.5. If you install FreeFlow Application Software on a computer that you supply, the following terms apply: (a) Xerox will only be obligated to support FreeFlow Application Software if it is installed on hardware and software meeting Xerox's published specifications (collectively "Workstation"); (b) IF YOU USE FREEFLOW APPLICATION SOFTWARE WITH ANY HARDWARE OR SOFTWARE OTHER THAN A WORKSTATION, ALL REPRESENTATIONS AND WARRANTIES ACCOMPANYING SUCH FREEFLOW APPLICATION SOFTWARE WILL BE VOID AND ANY SUPPORT/MAINTENANCE YOU CONTRACT FOR IN CONNECTION WITH SUCH FREEFLOW APPLICATION SOFTWARE WILL BE VOIDABLE AND/OR SUBJECT TO ADDITIONAL CHARGES; and (c) you are solely responsible for: (i) the acquisition and support, including any and all associated costs, charges and other fees, of any Workstation you supply; (ii) compliance with all terms governing such Workstation acquisition and support, including terms applicable to any non-Xerox software associated with such Workstation; and (iii) ensuring that such Workstation meets Xerox's published specifications. 6. The following terms apply to FreeFlow Software licensed to U.S. government customers: a. Java technology contained in FreeFlow Software is subject to: (i) FAR 52.227- 14(g)(2) and FAR 52.227-19; and (ii) if licensed to the U.S. Department of Defense ("DOD"), DFARS 252.227-7015(b) and DFARS 227.7202- 3(a). b. Adobe Software is a "commercial item," as that term is defined at FAR 2.101, consisting of "commercial computer software" and "commercial computer software documentation" as such terms are used in FAR 12.212, and is licensed to civilian agencies consistent with the policy set forth in FAR 12.212, or to the DOD consistent with the policies set forth in DFARS 227.7202-1. c. Oracle Database Express Edition is "commercial computer software" and is subject to the restrictions as set forth in the Rights in Technical Data and Computer Software Clauses in DFARS 252.227-7015 and FAR 52.227- 19 as applicable. 7. FreeFlow Software may include Microsoft Embedded Standard operating system software to which the following terms apply: 931 of 1132 936 Template revised on 10.1.19 Page 10 of 16 a. You agree to and will comply with the Microsoft terms and conditions contained on the Xerox website, http://www.support.xerox.com/support/open-source-disclosures/fileredirect/enus.html?&contentId=136023. b. Any updates, upgrades or reinstallations of Microsoft Embedded Standard operating system software are subject to the terms and conditions of this license and may be used only with the Xerox-brand Equipment with which it was delivered. Any other use of the software is strictly prohibited and may subject you to legal action. c. If the Equipment includes Remote Desktop Services that enable it to connect to and access applications running on a server, such as Remote Desktop Protocol, Remote Assistance and Independent Computer Architecture, such Desktop Functions will not run locally on the system, except for network/Internet browsing functions. d. The FreeFlow Base Software contains the Windows Update feature that allows you to access Windows Updates directly through the Microsoft Corp. Windows Update server. If you elect to activate this feature, any Windows Updates installed by you using the Windows Update feature may not function on the Equipment or may cause malfunctions or cause harm to the Equipment. Before you download a Windows Update using this feature, you should contact Xerox so that Xerox can ensure that each Windows Update is suitable for use on the Equipment and provide any necessary technical support for the installation and use of such Windows Update. e. No High Risk Use. WARNING: The Windows Embedded 7 Standard operating system is not fault-tolerant. The Windows Embedded 7 Standard operating system is not designed or intended for any use in any computing device where failure or fault of any kind of the Windows Embedded 7 Standard operating system could reasonably be seen to lead to death or serious bodily injury of any person, or to severe physical or environmental damage ("High Risk Use"). Xerox is not licensed to use, distribute, or sublicense the use of the Windows Embedded 7 Standard operating system in High Risk Use. High Risk Use is STRICTLY PROHIBITED. ii) Versant Products Extra Long Prints Terms. The following Equipment model(s), V180P may now, or in the future, have extra-long print capability, which is the ability to produce a print that is longer than 491mm. Maximum print length may vary by model. The meters for Equipment with extra-long print capability will register the following, as applicable: (i) for impressions greater than 491mm, up to and including 661mm, the Extra Long Impressions meter will register two (2) prints for each such extra-long print, in addition to registering one (1) print on either the Color Impressions meter (in the case of a color print) or the Black Impressions meter (in the case of a B&W print); (ii) for impressions greater than 661mm, up to and including 877mm, the Extra Long Impressions meter will register three (3) prints for each such extra-long print, in addition to registering one (1) print on either the Color Impressions meter (in the case of a color print) or the Black Impression meter (in the case of a B&W print); (iii) for impressions greater than 877mm, up to and including 1,083mm, the Extra Long Impressions meter will register four (4) prints for each such extra-long print, in addition to registering one (1) print on either the Color Impressions meter (in the case of a color print) or the Black Impression meter (in the case of a B&W print); and (iv) for impressions greater than 1,083mm, up to and including 1,299mm, the Extra Long Impressions meter will register five (5) prints for each such extra- long print, in addition to registering one (1) print on either the Color Impressions meter (in the case of a color print) or the Black Impression meter (in the case of a B&W print). 14. Records about Individuals If applicable, records created pursuant to the Agreement that contain personal information about individuals (including statements made by or about individuals) may become subject to the California Information Practices Act of 1977, which includes a right of access by the subject individual. While ownership of confidential or personal information about individuals is subject to negotiated agreement between UC and Supplier, records will normally become UC’s property, and subject to state law and UC policies governing privacy and access to files. When collecting the information, Supplier must inform the individual that the record is being made, and the purpose of the record. Use of recording devices in discussions with employees is permitted only as specified in the Statement of Work. 932 of 1132 937 Template revised on 10.1.19 Page 11 of 16 15. Amendments to the UC Terms and Conditions of Purchase The UC Terms and Conditions of Purchase, dated 2/20/2020 are hereby amended as follows: Article 2.B. is amended to read in full as follows: UC's obligation to proceed is conditioned upon the appropriation of state, federal and other sources of funds not controlled by UC ("Funding"). UC will have the right to terminate the Agreement without damage, penalty, cost or further obligation in the event that through no action or inaction on the part of UC, the Funding is withdrawn. In order to terminate the Agreement due to funding non-appropriation, UC must provide Supplier with written notice, within 31-days of its governing body's decision not to appropriate funds, stating that the University's governing body failed to appropriate funds and that the governing body was unable to find an assignee within the University's organization to continue the Agreement. The notice must certify that the canceled equipment is not being replaced by equipment performing similar functions during the ensuing fiscal year. In addition, the University will be required to return the equipment to Supplier with transportation costs borne by Supplier. The University will then be released from its obligation to make any further payments beyond those through the end of the last fiscal year for which funds have been appropriated. Article 2.C. Last sentence is added to read in full as follows: UC agrees to provide Supplier at least thirty (30) days prior written notice of the effective date of termination and the extent thereof, such termination shall not affect any leased unit that has not fulfilled the appropriate term. Article 4. Inspection. Last sentence is added to read in full as follows: Xerox can support UC’s inspection and acceptance requirement by initially installing the equipment under a Trial arrangement. Unless an order is preceded by a Trial order, the Services will be deemed accepted on the equipment’s installation date, which is the date Xerox determines the equipment to be operating satisfactorily, as demonstrated by the successful completion of diagnostic routines, and is available for the University’s use. The Installation Date for equipment and software designated as “Customer Installable” will be the equipment delivery date. Any equipment that does not perform to its published specification will be repaired or replaced by Xerox at its expense, provided the equipment is covered by a Xerox warranty or maintenance plan. Any equipment that needs to be replaced will be replaced with an identical model, or at Xerox’s option a unit with similar capabilities and comparable usage. Article 6.j Outsourcing Last sentence is added to read in full as follows. All services included in the Xerox bid to be specifically contracted for by the University will be provided within the U.S. However, certain back-office contract administration and customer support services are performed by Xerox and/or its affiliates from locations outside the U.S. Article 9. Insurance. First sentence is amended to read in full as follows: Supplier at its sole cost and expense, will insure its activities in connection with providing the Goods and/or Services and obtain, keep in force, and maintain the following insurance with the minimum limits set below for claims arising out of the willful or negligent acts, or omissions of Xerox in the performance of the services under the contract, unless UC specifies otherwise. 933 of 1132 938 Template revised on 10.1.19 Page 12 of 16 Article 17.A.Price Decreases is amended to read in full as follows: Price Decreases. Supplier agrees to immediately notify UC of any price decreases from its suppliers, and to pass through to UC any price decreases. Any price reduction resulting from this provision shall only apply to orders received after the effective date of the price reduction. Article 20. E. No Offshoring, Last sentence is added to read in full as follows: All services provided to UC will be provided within the U.S. However, certain back-office contract administration and customer support services are performed by Xerox and/or its affiliates from locations outside the U.S. Article 27. Force Majeure is amended to read in full as follows: Neither Party shall be deemed to be in default of or to have breached any provision of this Agreement due to any delay (including delay in delivery), failure in performance or interruption of service, if such performance or service are impossible to execute, illegal or commercially impracticable, because of the following “force majeure” occurrences: acts of God, acts of civil or military authorities, civil disturbances, wars, strikes or other labor disputes, transportation contingencies, freight embargoes, acts or orders of any government or agency or official thereof, earthquakes, fires, floods, unusually severe weather, epidemics, quarantine restrictions and other catastrophes or any other similar occurrences beyond such party’s reasonable control. In every case, the delay or failure in performance or interruption of service must be without the fault or negligence of the Party claiming excusable delay and the Party claiming excusable delay must promptly notify the other Party of such delay. Performance time under this Agreement shall be considered extended for a period of time equivalent to the time lost because of the force majeure occurrence; The University’s payment obligation will be suspended with respect to any equipment that is rendered inoperable during a force majeure event if Xerox is prevented from providing maintenance services. The payment suspension will continue until the end of the force majeure event or until Supplier restores the equipment to operating condition. If payment is suspended, the term of the Contract will be extended for a period equal to the University’s payment suspension. The UC Terms and Conditions of Equipment Lease, dated 12/15/1994 are hereby amended as follows: Article 5. is amended to read in full as follows: The initial term for any individual lease order will be the number of full calendar months stated in the order. The minimum lease payment for any partial month following the equipment installation date will be billed on a pro rata basis, based on a 31-day month. The term for each unit of equipment will commence upon the delivery of customer- installable equipment; or the installation of Xerox-installable equipment and will expire on the last day of the final full calendar month of the contracted term indicated in the order. University may at its option, by written notice stating the extent and effective date, terminate this order at the anniversary date of the lease or at the end of any fiscal year in whole or in part in the event the funding agency does not appropriate sufficient funds to continue the lease payments. In order to terminate the Agreement due to funding non-appropriation, UC must provide Supplier with written notice, within 31-days of its governing body's decision not to appropriate funds, stating that the University's governing body failed to appropriate funds and that the governing body was unable to find an assignee within the University's 934 of 1132 939 Template revised on 10.1.19 Page 13 of 16 organization to continue the Agreement. The notice must certify that the canceled equipment is not being replaced by equipment performing similar functions during the ensuing fiscal year. In addition, the University will be required to return the equipment to Supplier with transportation costs borne by Supplier. The University will then be released from its obligation to make any further payments beyond those through the end of the last fiscal year for which funds have been appropriated. University may by written notice terminate this order for Lessor's default, in whole or in part, at any time, if Lessor refuses or fails to comply with the provisions of this order, or so fails to make progress as to endanger performance and does not cure such failure within thirty (30) days after receip t of University's notice of shortfall, or fails to make deliveries of said equipment or fails perform the services within the time specified or any written extension thereof. In the event University defaults in the payment of any amount due or to become due under the terms of the lease or defaults in the performance of any of the terms and conditions hereof, all the University's rights hereunder as to use and possession of the equipment shall, at the option of Lessor, terminate and Lessor shall become entitled to retain all rentals and to take possession of the property, provided however, that in such event neither Lessor nor University shall have the right to rent said equipment to any third party so long as it remains on the premises of University. Other than as stated above, leases may not be cancelled prior t o expiration. Early cancellation of individual leases without cause or cancellation of individual leases by Xerox due to the University's material breach will result in an early termination charge that is equal to the sum of the remaining payments less any unearned maintenance and supply charges discounted at 4% per annum, and the applicable fair market value In no event shall the amount paid exceed the total contracted price, minus payments already made. Lessor will provide University with no less than thirty-one (31) days advance notice of the expiration of each lease term. Upon lease expiration, University shall have the option to: •Purchase the equipment AS IS, WHERE IS, by giving Lessor at least thirty (30) days prior notice of University intent to purchase at the termination of the term specified in any order or any renewal thereof. The purchase option price for FMV leases shall be the equipment's then fair market value plus all applicable sales taxes. The purchase option for FPO will be $1 plus all applicable sales taxes. •Lease the current equipment at the same monthly price on a month-to-month basis. This type of lease extension may be cancelled without penalty upon 30 days written notice. •Have Lessor provide a quote on a new 12 or 24 month lease on the current equipment. This will yield a lower monthly price; however, the University would not be able to cancel the lease without termination charges until expiration of the new extended lease. Upon expiration of a lease without extension, University will make the equipment available for removal by Lessor at Lessor's cost. At the time of removal, the equipment will be in the same condition as when delivered, reasonable wear and tear accepted. A lease order under the contract is a "finance lease" under Article 2A of the Uniform Commercial Code and, except to the extent expressly provided under the Contract, and to the extent permitted by California law, Customer waives all rights and remedies conferred upon a lessee by Article 2A. Article 11. is amended to read in full as follows: Lessor shall indemnify, defend, and hold harmless University, its officers, and employees against all losses, damages, liabilities, costs and expenses (including but not limited to attorney’s fees) resulting from any judgment or proceedings 935 of 1132 940 Template revised on 10.1.19 Page 14 of 16 in which it is determined, or any settlement agreement arising out of the allegation, that Lessor’s furnishing or supplying University with parts, goods, components, programs, practices, or methods under this order or University’ use of such parts, goods, components, programs, practices, or methods supplied by Lessor under this order constitutes an infringement of any patent, copyright, trademark, trade name, trade secret, or other proprietary or contractual right of any third party. Indemnification is contingent upon UC giving Supplier written notice, promptly after it becomes aware of any claim to be indemnified hereunder and permits Supplier to control the defense of any such claim or action and Supplier’s own expense. Notice shall be sent to “Corporate Risk, Xerox Corporation, Long Ridge Road, Stamford, Connecticut, 06940.” University agrees that Xerox may employ attorneys of its own choice to appear and defend the claim or action and that University shall do nothing to compromise the defense of such claim or action or any settlement thereof and shall provide Xerox with all reasonable assistance which Xerox may require. Xerox shall not be obligated to indemnify the University against the University’s own acts or omissions. Article 15(2) Service and Maintenance. The third sentence is replaced as follows: Lessor agrees the vast majority of on- site equipment repairs will be completed within 12 business hours. However, in the unlikely event that the repair time exceeds 12 business hours, Lessor agrees, as University’s exclusive remedy, to issue an appropriate service credit for Xerox’s failure to repair the equipment within the specified timeframe. The credit will be stated in the applicable SOW and can be used to offset any invoice charge, excluding the Monthly Minimum Charge which is not subject to dispute. In the event of any conflict between this section and section 2.8 of Attachment A Statement of Work, the Statement of Work will prevail. Article 17. Risk of Loss is amended to read in full as follows: During the period of time that property covered by this order is in the possession of University, University (and its customers, if installed on University's customers' premises) shall take good care of the property and University shall be responsible for any loss of or damage to the property caused by University, its officers, employees, volunteers, or agents negligent or willful acts while in its possession and control, unless such damage or loss is a consequence, directly or indirectly of intentional or negligent acts of Lessor or Lessor's agents. Title to the Lessor supplied equipment or third party hardware will remain with Lessor until University elects to purchase the equipment. Risk of the equipment's loss or damage will pass to the University upon delivery. University agrees that: (a) the equipment or third party hardware will remain personal property; (b) it will not attach the equipment as a fixture to any real estate; (c) it will not pledge, sub-lease, or part with possession of the equipment or file, or permit to be filed, any lien against the equipment; and, (d) it will not make any permanent alterations to the Equipment or third party hardware. Article 19.B. The first sentence is amended to read in full as follows: INSURANCE. In consideration of the above, Seller shall at its expense obtain, keep in force and maintain insurance only for claims arising out of the willful or negligent acts, or omissions of Xerox in the performance of the services under this order as follows: The UC Appendix – Business Associate Agreement, dated 8/1/2019 is hereby amended as follows: Section 2.I. is amended to read in full as follows: 936 of 1132 941 Template revised on 10.1.19 Page 15 of 16 With 30 days advanced notice from UC, Supplier will make its internal practices, books, and records, relating to the Use and Disclosure of PHI available to UC, and to the Secretary for purposes of determining UC’s compliance with HIPAA, HITECH and their implementing regulations. The UC Appendix –General Data Protection Regulation, dated 8/21/2019 is hereby amended as follows: Section C.4 is amended to read in full as follows: Supplier agreements with subcontractors are confidential and its terms are subject to confidentiality provisions. Section D.3.(i) is amended to delete the word “pseudonymisation”. Section D.5. is amended to read in full as follows: In the event of any actual personal data breach related to UC data, the Processor shall notify the Controller to the individual identified below without undue delay following discovery, both orally and in writing, and where feasible, within two (2) calendar days after Processor identifies a personal data breach related to UC data has occurred. Processor’s notification to the Controller will identify, to the extent available at the time of notification: (i) the nature of the personal data breach, including where possible, the categories and the approximate number of data subjects concerned; (ii) a description of the likely consequences of the personal data breach; and (iii) a description of the measures taken or proposed to be taken to address the personal data breach, including where appropriate, measures to mitigate its possible adverse effects. Processor will provide such other information as reasonably requested by Controller. In the event of a suspected personal data breach, Processor will keep Controller informed regularly of the progress of its investigation until the uncertainty is resolved. Section D.7. is amended to read in full as follows: Any personal material data breach that cannot be remediated by Processor, may be grounds for immediate termination of the Agreement by the Controller. Section D.12 “As applicable,” is added to the beginning of the first sentence. The University and Supplier hereby agree as follows: “Addendum A, Scope of Processing Data” as well as “Addendum B, Standard Contractual Clause” of the UC Appendix GDPR will be reviewed by Xerox on an engagement basis to determine its applicability. 16. Incorporated Documents This Agreement and its Incorporated Documents contain the entire agreement between the Parties, in order of the below precedent, concerning its subject matter and shall supersede all prior or other agreements, oral and written declarations of intent and other legal arrangements (whether binding or non-binding) made by the Parties in respect thereof. a.Purchasing Agreement #2020002686 b.UC Terms and Conditions of Purchase Dated 2/27/20 c.UC Terms and Conditions of Equipment Lease Dated 12/15/94 d.UC Appendix – Data Security Dated 8/12/19 e.UC Appendix - Business Associate (HIPAA) Dated 8/2/19 f.UC Appendix – General Data Protection Regulation (GDPR) Dated 8/21/19 937 of 1132 942 Template revised on 10.1.19 Page 16 of 16 g.UC Appendix – Electronic Commerce Dated 7/18/19 h.Statement of Work – Attachment A i.Attachment B- Additional Terms Applicable to all Non-University of California Entities j.Xerox Response to “RFP – Print Goods and Services – UC Systemwide” 17. Entire Agreement The Agreement and its Incorporated Documents contain the entire Agreement between the parties and supersede all prior written or oral agreements with respect to the subject matter herein. This Agreement can only be signed by an authorized representative with the proper delegation of authority. THE REGENTS OF THE Xerox Corporation UNIVERSITY OF CALIFORNIA ________________________________ ___________________________________ (Signature) (Signature) ________________________________ ___________________________________ (Printed Name, Title) (Printed Name, Title) ________________________________ ____________________________________ (Date) (Date) James B. Quantrille 11/19/2020 Xerox Corporation ____________________________________________________ (SSSSSSSSSSiiiiiigiiiiinature) 938 of 1132 943 GDocuSi gned by : Justin Sullivan C51AF9F2384C40B ... Page 1 of 16 Revised 2/27/2020 Terms and Conditions of Purchase ARTICLE 1 – GENERAL The equipment, materials, or supplies (“Goods”) and/or services (“Services”) furnished by Supplier (together, the “Goods and Services”) and covered by the UC Purchase Order (“PO”) and/or other agreement (which, when combined with these Terms and Conditions and any other documents incorporated by reference, will constitute the “Agreement”) are governed by the terms and conditions set forth herein. As used herein, the term "Supplier" includes Supplier and its sub-suppliers at any tier. As used herein, “UC” refers to The Regents of the University of California, a corporation described in California Constitution Art. IX, Sec. 9, on behalf of the UC Locations identified in the Agreement and/or the PO. UC and Supplier individually will be referred to as “Party” and collectively as “Parties.” Any defined terms not defined in these Terms and Conditions of Purchase will have the meaning ascribed to such term in any of the other documents incorporated in and constituting the Agreement. No other terms or conditions will be binding upon the Parties unless accepted by them in writing. Written acceptance or shipment of all or any portion of the Goods, or the performance of all or any portion of the Services, covered by the Agreement, will constitute Supplier’s unqualified acceptance of all of the Agreement’s terms and conditions. The terms of any proposal referred to in the Agreement are included and made a part of the Agreement only to the extent the proposal specifies the Goods and/or Services ordered, the price therefor, and the delivery thereof, and then only to the extent that such terms are consistent with the terms and conditions of the Agreement. ARTICLE 2 – TERM AND TERMINATION A. As applicable, the term of the Agreement (“Initial Term”) will be stated in the Agreement. Following the Initial Term, the Agreement may be extended by written mutual agreement. B. UC’s obligation to proceed is conditioned upon the appropriation of state, federal and other sources of funds not controlled by UC ("Funding"). UC will have the right to terminate the Agreement without damage, penalty, cost or further obligation in the event that through no action or inaction on the part of UC, the Funding is withdrawn. C. UC may, by written notice stating the extent and effective date thereof, terminate the Agreement for convenience in whole or in part, at any time. The effective date of such termination shall be consistent with any requirements for providing notice specified in the Agreement, or immediate if no such terms are set forth in the Agreement. As specified in the termination notice, UC will pay Supplier as full compensation the pro rata Agreement price for performance through the later of the date that (i) UC provided Supplier with notice of termination or (ii) Supplier’s provision of Goods and/or Services will terminate. D. UC may by written notice terminate the Agreement for Supplier’s breach of the Agreement, in whole or in part, at any time, if Supplier refuses or fails to comply with the provisions of the Agreement, or so fails to make progress as to endanger performance and does not cure such failure within five (5) business days, or fails to supply the Goods and/or Services within the time specified or any written extension thereof. In such event, UC may purchase or otherwise secure Goods and/or Services and, except as otherwise provided herein, Supplier will be liable to UC for any excess costs UC incurs thereby. E. UC’s Appendix – Data Security, Appendix – BAA, and/or Appendix – GDPR will control in the event that one or more appendices are incorporated into the Agreement and conflicts with the provisions of this Article. ARTICLE 3 – PRICING, INVOICING METHOD, AND SETTLEMENT METHOD AND TERMS. Pricing is set forth in the Agreement or Purchase Order, and the amount UC is charged and responsible for shall not exceed the amount specified in the Agreement unless UC has given prior written approval. Unless otherwise agreed in writing by UC, Supplier will use the invoicing method and payment settlement method (and will extend the terms applicable to such settlement method) set forth in UC’s Supplier Invoicing, Terms & Settlement Matrix. UC will pay Supplier, upon submission of acceptable invoices, for Goods and/or Services provided and accepted. Invoices must be itemized and reference the Agreement or Purchase Order number. UC will not pay shipping, packaging or handling expenses, unless specified in the Agreement or Purchase Order. Unless otherwise provided, freight is to be FOB destination. Any of Supplier’s expenses that UC agrees to reimburse will be reimbursed under UC’s Travel Policy, which may be found at http://www.ucop.edu/central-travel-management/resources/index.html. Where applicable, Supplier will pay all taxes imposed on Supplier in connection with its performance under the Agreement, including any federal, state and local income, sales, use, excise and other taxes or assessments. Notwithstanding any other provision to the contrary, UC will not be responsible for any fees, interest or surcharges Supplier wishes to impose. 939 of 1132 944 ... [ i UNIVERSITY OF CALIFORNIA Page 2 of 16 Revised 2/27/2020 Terms and Conditions of Purchase ARTICLE 4 – INSPECTION. The Goods and/or Services furnished will be exactly as specified in the Agreement, free from all defects in Supplier's performance, design, skill and materials, and, except as otherwise provided in the Agreement, will be subject to inspection and test by UC at all times and places. If, prior to final acceptance, any Goods and/or Services furnished are found to be incomplete, or not as specified, UC may reject them, require Supplier to correct them at the sole cost of Supplier, or require provision of such Goods and/or Services at a reduction in price that is equitable under the circumstances. If Supplier is unable or refuses to correct such deficiencies within a time UC deems reasonable, UC may terminate the Agreement in whole or in part. Supplier will bear all risks as to rejected Goods and/or Services and, in addition to any costs for which Supplier may become liable to UC under other provisions of the Agreement, will reimburse UC for all transportation costs, other related costs incurred, or payments to Supplier in accordance with the terms of the Agreement for unaccepted Goods and/or Services and materials and supplies incidental thereto. Notwithstanding final acceptance and payment, Supplier will be liable for latent defects, fraud or such gross mistakes as amount to fraud. ARTICLE 5 – ASSIGNED PERSONNEL; CHARACTER OF SERVICES Supplier will provide the Services as an independent contractor and furnish all equipment, personnel and materiel sufficient to provide the Services expeditiously and efficiently, during as many hours per shift and shifts per week, and at such locations as UC may so require. Supplier will devote only its best-qualified personnel to work under the Agreement. Should UC inform Supplier that anyone providing the Services is not working to this standard, Supplier will immediately remove such personnel from providing Services and he or she will not 0again, without UC’s written permission, be assigned to provide Services. At no time will Supplier or Supplier’s employees, sub-suppliers, agents, or assigns be considered employees of UC for any purpose, including but not limited to workers’ compensation provisions. Supplier shall not have the power nor right to bind or obligate UC, and Supplier shall not hold itself out as having such authority. Supplier shall be responsible to UC for all Services performed by Supplier’s employees, agents and subcontractors, including being responsible for ensuring payment of all unemployment, social security, payroll, contributions and other taxes with respect to such employees, agents and subcontractors. ARTICLE 6 – WARRANTIES In addition to the warranties set forth in Articles 11, 12, 17, 23, 24, 25 and 26 herein, Supplier makes the following warranties. Supplier acknowledges that failure to comply with any of the warranties in the Agreement will constitute a material breach of the Agreement and UC will have the right to terminate the Agreement without damage, penalty, cost or further obligation. A. General Warranties. Supplier represents, warrants and covenants that: (i) Supplier is free to enter into this Agreement and that Supplier is not, and will not become, during the Term, subject to any restrictions that might restrict or prohibit Supplier from performing the Services or providing the Goods ordered hereunder; (ii) Supplier will comply with all applicable laws, rules and regulations in performing Supplier’s obligations hereunder; (iii) the Goods and/or Services shall be rendered with promptness and diligence and shall be executed in a skilled manner by competent personnel, in accordance with the prevailing industry standards; and if UC Appendix Data Security is NOT included:(iv) Supplier has developed a business interruption and disaster recovery program and is executing such program to assess and reduce the extent to which Supplier’s hardware, software and embedded systems may be susceptible to errors or failures in various crisis (or force majeure) situations; (v) if Supplier uses electronic systems for creating, modifying, maintaining, archiving, retrieving or transmitting any records, including test results that are required by, or subject to inspection by an applicable regulatory authority, then Supplier represents and warrants that Supplier’s systems for electronic records are in compliance; and (vi) Supplier agrees that the Goods and/or Services furnished under the Agreement will be covered by the most favorable warranties Supplier gives to any customer for the same or substantially similar goods or services, or such other more favorable warranties as specified in the Agreement. The rights and remedies so provided are in addition to and do not limit any rights afforded to UC by any other article of the Agreement. B. Permits and Licenses. Supplier agrees to procure all necessary permits or licenses and abide by all applicable laws, regulations and ordinances of the United States and of the state, territory and political subdivision or any other country in which the Goods and/or Services are provided. C. Federal and State Water and Air Pollution Laws. Where applicable, Supplier warrants that it complies with the requirements in UC Business and Finance Bulletin BUS-56 (Materiel Management; Purchases from Entities Violating State or Federal Water or Air Pollution Laws). Consistent with California Government Code 4477, these requirements do not permit UC to contract with entities in violation of Federal or State water or air pollution laws. D. Web Accessibility Requirements. As applicable to the Supplies and/or Services being provided under the Agreement, Supplier warrants that: 940 of 1132 945 ... [ i UNIVERSITY OF CALIFORNIA Page 3 of 16 Revised 2/27/2020 Terms and Conditions of Purchase 1. It complies with California and federal disability laws and regulations; and 2. The Goods and/or Services will conform to the accessibility requirements of WCAG 2.0AA. 3. Supplier agrees to promptly respond to and resolve any complaint regarding accessibility of its Goods and/or Services; E. General Accessibility Requirements. Supplier warrants that: 1. It will comply with California and federal disability laws and regulations; 2. Supplier will promptly respond to remediate to any identified accessibility defects in the Goods and Services to conform to WCAG 2.0 AA; and 3. Supplier agrees to promptly respond to and use reasonable efforts to resolve and remediate any complaint regarding accessi bility of its Goods and/or Services. F. Warranty of Quiet Enjoyment. Supplier warrants that Supplier has the right of Quiet Enjoyment in, and conveys the right of Quiet Enjoyment to UC for UC’s use of, any and all intellectual property that will be needed for Supplier’s provision, and UC’s use of, the Goods and/or Services provided by Supplier under the Agreement. G. California Child Abuse and Neglect Reporting Act ("CANRA"). Where applicable, Supplier warrants that it complies with CANRA. H. Debarment and Suspension. Supplier warrants that it is not presently debarred, suspended, proposed for debarment, or declared ineligible for award of federal contracts or participation in federal assistance programs or activities. I. UC Trademark Licensing Code of Conduct. If the Goods will bear UC’s name (including UC campus names, abbreviations of these names, UC logos, UC mascots, or UC seals) or other trademarks owned by UC, Supplier warrants that it holds a valid license from UC and complies with the Trademark Licensing Code of Conduct policy, available at http://policy.ucop.edu/doc/3000130/TrademarkLicensing. J. Outsourcing (Public Contract Code section 12147) Compliance. Supplier warrants that if the Agreement will displace UC employees, no funds paid under the Agreement will be used to train workers who are located outside of the United States, or plan to relocate outside the United States as part of the Agreement. Additionally, Supplier warrants that no work will be performed under the Agreement with workers outside the United States, except as described in Supplier’s bid. If Supplier or its sub-supplier performs the Agreement with workers outside the United States during the life of the Agreement and Supplier did not describe such work in its bid, Supplier acknowledges and agrees that (i) UC may terminate the Agreement without further obligation for noncompliance, and (ii) Supplier will forfeit to UC the amount UC paid for the percentage of work that was performed with workers outside the United States and not described in Supplier’s bid. ARTICLE 7 – INTELLECTUAL PROPERTY, COPYRIGHT, PATENTS, AND DATA RIGHTS A. Goods and/or Services Involving Work Made for Hire. 1. Unless UC indicates that the Goods and/or Services do not involve work made for hire, Supplier acknowledges and agrees that any deliverables provided to UC by Supplier in the performance of the Agreement, and any intellectual property rights therein, (hereinafter the "Deliverables") will be owned by UC. The Deliverables will be considered "work made for hire" under U.S. copyright law and all right, title, and interest to and in such Deliverables including, but not limited to, any and all copyrights or trademarks, will be owned by UC. In the event that it is determined that UC is not the owner of such Deliverables under the "work made for hire" doctrine of U.S. copyright law, Supplier hereby irrevocably assigns to UC all right, title, and interest to and in such Deliverables and any copyrights or trademarks thereto. 2. The Deliverables must be new and original. Supplier must not use any pre-existing copyrightable or trademarked images, writ ings, or other proprietary materials (hereinafter "Pre-Existing Materials") in the Deliverables without UC’s prior written permission. In the event that Supplier uses any Pre-Existing Materials in the Deliverables in which Supplier has an ownership interest, UC is hereby granted, and will have, a non-exclusive, royalty-free, irrevocable, perpetual, paid-up, worldwide license (with the right to sublicense) to make, have made, copy, modify, make derivative works of, use, perform, display publicly, sell, and otherwise distribute such Pre-Existing Materials in connection with the Deliverables. 3. Whenever any invention or discovery is made or conceived by Supplier in the course of or in connection with the Agreement, Supplier will promptly furnish UC with complete information with respect thereto and UC will have the sole power to determine whether and where a patent application will be filed and to determine the disposition of title to and all rights under any application or patent that may result. 4. Supplier is specifically subject to an obligation to, and hereby does, assign all right, title and interest in any such intellectual property rights to UC as well as all right, title and interest in tangible research products embodying any such inventions whether the inventions are patentable or not. Supplier agrees to promptly execute any additional documents or forms that UC may require in order to effectuate such assignment. B. Goods and/or Services Not Involving Work Made for Hire. 941 of 1132 946 ... [ i UNIVERSITY OF CALIFORNIA Page 4 of 16 Revised 2/27/2020 Terms and Conditions of Purchase 1. If the Goods and/or Services do not involve work made for hire, and in the event that Supplier uses any Pre-Existing Materials in the Deliverables in which Supplier has an ownership interest, UC is hereby granted, and will have, a non-exclusive, royalty-free, irrevocable, perpetual, paid-up, worldwide license (with the right to sublicense) to make, have made, copy, modify, make derivative works of, use, perform, display publicly, sell, and otherwise distribute such Pre-Existing Materials in connection with the Deliverables. 2. The Deliverables must be new and original. Supplier must not use any Pre-Existing Materials in the Deliverables without UC’s prior written permission. 3. Whenever any invention or discovery is made or conceived by Supplier in the course of or in connection with the Agreement, Supplier will promptly furnish UC complete information with respect thereto and UC will have the sole power to determine whether and where a patent application will be filed and to determine the disposition of title to and all rights under any application or patent that may result. 4. Supplier is specifically subject to an obligation to, and hereby does, assign all right, title and interest in any such intellectual property rights to UC as well as all right, title and interest in tangible research products embodying any such inventions whether the inventions are patentable or not. Supplier agrees to promptly execute any additional documents or forms that UC may require in order to effectuate such assignment. C. General. Should the Goods and/or Services become, or in Supplier’s opinion be likely to become, the subject of a claim of i nfringement of any patent, copyright, trademark, trade name, trade secret, or other proprietary or contractual right of any third party, S upplier will provide written notice to UC of the circumstances giving rise to such claim or likely claim. In the event that UC receives notice of a claim of infringement or is made a party to or is threatened with being made a party to any claim of infringement related to t he Goods and/or Services, UC will provide Supplier with notice of such claim or threat. Following receipt of such notice, Supplier will either (at Supplier’s sole election) (i) procure for UC the right to continue to use the affected portion of the Goods and/or Services, o r (ii) replace or otherwise modify the affected portion of the Goods and/or Services to make them non-infringing, or obtain a reasonable substitute product for the affected portion of the Goods and/or Services, provided that any replacement, modification or substitution under this paragraph does not effect a material change in the Goods and/or Services’ functionality. If none of the foregoing options is reasonably acceptable to UC, UC will have the right to terminate the Agreement without damage, penalty, cost or further obligation. D. UC Rights to Institutional Information. Institutional Information shall belong exclusively to UC and unless expressly provided, this Agreement shall not be construed as conferring on Supplier any patent, copyright, trademark, license right or trade secret owned or obtained by UC. Any right for Supplier to use Institutional Information is solely provided on a non-exclusive basis, and only to the extent required for Supplier to provide the Goods or Services under the Agreement. As used herein, “Institutional Information” means any information or data created, received, and/or collected by UC or on its behalf, including but not limited to application logs, metadata and data derived from such data. ARTICLE 8 – INDEMNITY AND LIABILITY To the fullest extent permitted by law, Supplier will defend, indemnify, and hold harmless UC, its officers, employees, and agents, from and against all losses, expenses (including, without limitation, reasonable attorneys' fees and costs), damages, and liabilities of any kind resulting from or arising out of the Agreement, including the performance hereunder of Supplier, its officers, employees, agents, sub-suppliers, or anyone directly or indirectly employed by Supplier, or any person or persons under Supplier's direction and control, provided such losses, expenses, damages and liabilities are due or claimed to be due to the acts or omissions of Supplier, its officers, employees, agents, sub- suppliers, or anyone directly or indirectly employed by Supplier, or any person or persons under Supplier's direction and control. UC agrees to provide Supplier with prompt notice of any such claim or action and to permit Supplier to defend any claim or action, and that UC will cooperate fully in such defense. UC retains the right to participate in the defense against any such claim or action, and the right to consent to any settlement, which consent will not unreasonably be withheld. In the event Appendix DS applies to this Agreement, Supplier shall reimburse or otherwise be responsible for any costs, fines or penalties imposed against UC as a result of Supplier’s Breach of Institutional Information and/or failure to cooperate with UC’s response to such Breach. As used herein, “Breach” means: (1) any disclosure of Institutional Information to an unauthorized party or in an unlawful manner; (2) unauthorized or unlawful acquisition of information that compromises the security, confidentiality or integrity of Institutional Information and/or IT Resources; and (3) the acquisition, access, use, or disclosure of Protected Health Information or medical information in a manner not permitted under the Health Insurance Portability and Accountability Act (HIPAA) or California law. “IT Resources” means IT infrastructure, cloud services, software, and/or hardware with computing and/or networking capability that is Supplier owned/managed, or UC-owned, or a personally owned device that stores Institutional Information, is connected to UC systems, is connected to U C networks, or is used for UC business. 942 of 1132 947 ... [ i UNIVERSITY OF CALIFORNIA Page 5 of 16 Revised 2/27/2020 Terms and Conditions of Purchase ARTICLE 9 – INSURANCE Supplier, at its sole cost and expense, will insure its activities in connection with providing the Goods and/or Services and obtain, keep in force, and maintain the following insurance with the minimum limits set forth below, unless UC specifies otherwise: A. Commercial Form General Liability Insurance (contractual liability included) with limits as follows: 1. Each Occurrence $ 1,000,000 2. Products/Completed Operations Aggregate $ 2,000,000 3. Personal and Advertising Injury $ 1,000,000 4. General Aggregate $ 2,000,000 B. Business Automobile Liability Insurance for owned, scheduled, non-owned, or hired automobiles with a combined single limit of not less than one million dollars ($1,000,000) per occurrence. (Required only if Supplier drives on UC premises or transports UC employees, officers, invitees, or agents in the course of supplying the Goods and/or Services to UC.) C. If applicable, Professional Liability Insurance with a limit of two million dollars ($2,000,000) per occurrence or claim with an aggregate of not less than two million dollars ($2,000,000). If this insurance is written on a claims-made form, it will continue for three years following termination of the Agreement. The insurance will have a retroactive date of placement prior to or coinciding with the effective date of the Agreement. D. Workers' Compensation as required by applicable state law and Employer’s Liability with limits of one million dollars ($1,000,000) per occurrence. Workers' Compensation as required by applicable state law and Employer’s Liability with limits of one million dollars ($1,000,000) per occurrence. E. If applicable, Supplier Fidelity Bond or Crime coverage for the dishonest acts of its employees in a minimum amount of one million dollars ($1,000,000). Supplier will endorse such policy to include a “Regents of the University of California Coverage” or “Joint Payee Coverage” endorsement. UC and, if so requested, UC’s officers, employees, agents and sub-suppliers will be named as "Loss Payee, as Their Interest May Appear” in such Fidelity Bond. F. In the event Appendix DS applies to this Agreement, Supplier, at its sole cost and expense, will obtain, keep in force, and maintain one or more insurance policies that provide coverage for technology, professional liability, data protection, and/or cyber liability. Typically referred to as Privacy, Technology and Data Security Liability, Cyber Liability, or Technology Professional Liability insurance, it will cover liabilities for financial loss due to the acts, omissions, or intentional misconduct of Supplier, its officers, employees, agents, sub- suppliers, or anyone directly or indirectly employed by Supplier, or any person or persons under Supplier’s direction and control, in connection with the performance of this Agreement, as well as all Supplier costs, including damages it is obligated to pay UC or any third party, that are associated with any confirmed or suspected Breach or compromise of Institutional Information. In some cases, Professional Liability policies may include some coverage for data breaches or loss of Institutional Information. Regardless of the type of policy(ies) in place, such coverage will include without limitation: (i) costs to notify parties whose data were lost or compromised; (ii) costs to provide credit monitoring and credit restoration services to parties whose data were lost or compromised; (iii) costs associated with third party claims arising from the confirmed or suspected Breach or loss of Institutional Information, including litigation costs and settlement costs; (iv) any investigation, enforcement, fines and penalties, or similar miscellaneous costs; and (v) any payment made to a third party as a result of extortion related to a confirmed or suspected Breach. The following insurance coverage is based on the highest Protection Level Classification of Institutional Information identified in Exhibit 1 to Appendix DS: 1. P1 - This insurance policy must have minimum limits of $500,000 each occurrence and $500,000 in the aggregate. 2. P2 - This insurance policy must have minimum limits of $1,000,000 each occurrence and $1,000,000 in the aggregate. 3. P3 and P4, less than 70,000 records - this insurance policy must have minimum limits of $5,000,000 each occurrence and $5,000,000 in the aggregate. 4. P3 and P4, 70,000 or more records - this insurance policy must have minimum limits of $10,000,000 each occurrence and $10,000,000 in the aggregate. Protection Level Classifications are defined in the UC Systemwide Information Security Classification of Information and IT Resources: https://security.ucop.edu/policies/institutional-information-and-it-resource-classification.html G. Additional other insurance in such amounts as may be reasonably required by UC against other insurable risks relating to performance. If the above insurance is written on a claims-made form, it will continue for three years following termination of the Agreement. The insurance will have a retroactive date of placement prior to or coinciding with the effective date of the Agreement. If the above insurance coverage is modified, changed or cancelled, Supplier will provide UC with not less than fifteen (15) days’ advance written notice of such modification, change, or cancellation, and will promptly obtain replacement coverage that complies with this Article. I. The coverages referred to under A and B of this Article must include UC as an additional insured. It is understood that the coverage and limits referred to under A, B and C of this Article will not in any way limit Supplier’s liability. Supplier will furnish UC with certificates 943 of 1132 948 ... [ i UNIVERSITY OF CALIFORNIA Page 6 of 16 Revised 2/27/2020 Terms and Conditions of Purchase of insurance (and the relevant endorsement pages) evidencing compliance with all requirements prior to commencing work under the Agreement. Such certificates will: 1. Indicate that The Regents of the University of California has been endorsed as an additional insured for the coverage referred to under A and B of this Article. This provision will only apply in proportion to and to the extent of the negligent acts or omissions of Supplier, its officers, agents, or employees. 2. Include a provision that the coverage will be primary and will not participate with or be excess over any valid and collectible insurance or program of self-insurance carried or maintained by UC. ARTICLE 10 – USE OF UC NAME AND TRADEMARKS Supplier will not use the UC name, abbreviation of the UC name, trade names and/or trademarks (i.e., logos and seals) or any derivation thereof, in any form or manner in advertisements, reports, or other information released to the public, or place the UC name, abbreviations, trade names and/or trademarks or any derivation thereof on any consumer goods, products, or services for sale or distribution to the public, without UC’s prior written approval. Supplier agrees to comply at all times with California Education Code Section 92000. ARTICLE 11 – FEDERAL FUNDS Supplier who supplies Goods and/or Services certifies and represents its compliance with the following clauses, as applicable. Supplier shall promptly notify UC of any change of status with regard to these certifications and representations. These certifications and representations are material statements upon which UC will rely. A. For commercial transactions involving funds on a federal contract (federal awards governed by the FAR), the following provisions apply, as applicable: 1. FAR 52.203-13, Contractor Code of Business Ethics and Conduct; 2. FAR 52.203-17, Contractor Employee Whistleblower Rights and Requirement to Inform Employees of Whistleblower Rights; 3. FAR 52.203-19, Prohibition on Requiring Certain Internal Confidentiality Agreements or Statements; 4. FAR 52.219-8, Utilization of Small Business Concerns; 5. FAR 52.222-17, Non-displacement of Qualified Workers; 6. FAR 52.222-21, Prohibition of Segregated Facilities; 7. FAR 52.222-26, Equal Opportunity; 8. FAR 52.222-35, Equal Opportunity for Veterans; 9. FAR 52.222-36, Equal Opportunity for Workers with Disabilities; 10. FAR 52.222-37, Employment Reports on Veterans; 11. FAR 52.222-40, Notification of Employee Rights Under the National Labor Relations Act; 12. FAR 52.222-41, Service Contract Labor Standards; 13. FAR 52.222-50, Combating Trafficking in Persons; 14. FAR 52.222-51, Exemption from Application of the Service Contract Labor Standards to Contracts for Maintenance, Calibration, or Repair of Certain Equipment - Requirements; 15. FAR 52.222-53, Exemption from Application of the Service Contract Labor Standards to Contracts for Certain Services - Requirements; 16. FAR 52.222-54, Employment Eligibility Verification; 17. FAR 52.222-55, Minimum Wages Under Executive Order 13658; 18. FAR 52.222-62, Paid Sick Leave under Executive Order 13706; 19. FAR 52.224-3, Privacy Training; 20. FAR 52.226-6, Promoting Excess Food Donation to Nonprofit Organizations; 21. FAR 52.233-1, Disputes; and 22. FAR 52.247-64, Preference for Privately Owned U.S.-Flag Commercial Vessels. B. For non-commercial transactions involving funds on a federal contract, the UC Appendix titled ‘Federal Government Contracts Special terms and Conditions (Non-Commercial Items or Services)’ and located at www.ucop.edu/procurement-services/policies- forms/index.html is hereby incorporated herein by this reference. C. For transactions involving funds on a federal grant or cooperative agreement (federal awards governed by eCFR Title 2, Subtitle A, Chapter II, Part 200) the following provisions apply, as applicable: 944 of 1132 949 ... [ i UNIVERSITY OF CALIFORNIA Page 7 of 16 Revised 2/27/2020 Terms and Conditions of Purchase 1. Rights to Inventions. If Supplier is a small business firm or nonprofit organization, and is providing experimental, development, or research work under this transaction, Supplier must comply with the requirements of 3 CFR Part 401, “Rights to Inventions Made by nonprofit Organizations and Small Business Firms Under Government Grants, Contracts, and Cooperative Agreements”. 2. Clean Air Act. Supplier agrees to comply with all applicable standards, orders or regulations issued pursuant to the Clean Air Act (42 U.S.C. 7401-7671q) and the Federal Water Pollution Control Act as amended (33 U.S.C. 1251-1387). Violations must be reported to the Federal awarding agency and the Regional Office of the Environmental Protection Agency (EPA). 3. Byrd Anti-Lobbying. Supplier certifies that it will not, and has not used Federal appropriated funds to pay any person or organization for influencing or attempting to influence an officer or employee of any agency, a member of Congress, officer or employee of Congress, or an employee of a member of Congress in connection with obtaining any Federal contract, grant or any other award covered by 31 U.S.C. 1352. 4. Procurement of Recovered Materials. If Supplier is a state agency or agency of a political subdivision of a state, then Supplier must comply with section 6002 of the Solid Waste Disposal Act, as amended by the Resource Conservation and Recovery Act. D. In these provisions, the term "contractor" as used therein will refer to Supplier, and the terms “Government” or “Contracting Officer” as used therein will refer to UC. Where a purchase of items is for fulfillment of a specific U.S. Government prime or subcontract, additional information and/or terms and conditions may be included in an attached supplement. By submitting an invoice to UC, Supplier is representing to UC that, at the time of submission: 1. Neither Supplier nor its principals are presently debarred, suspended, or proposed for debarment by the U.S. government (see FAR 52.209-6); 2. Supplier has filed all compliance reports required by the Equal Opportunity clause (see FAR 52.222-22); and 3. Any Supplier representations to UC about U.S. Small Business Administration or state and local classifications, including but not limited to size standards, ownership, and control, are accurate and complete. 4. Byrd Anti-Lobbying. Supplier certifies that it will not, and has not used Federal appropriated funds to pay any person or organization for influencing or attempting to influence an officer or employee of any agency, a member of Congress, officer or employee of Congress, or an employee of a member of Congress in connection with obtaining any Federal contract, grant or any other award covered by 31 U.S.C. 1352. ARTICLE 12 – EQUAL OPPORTUNITY AFFIRMATIVE ACTION Supplier will abide by the requirements set forth in Executive Orders 11246 and 11375. Where applicable, Supplier will comply with 41 CFR §§ 60-1.4(a), 60-300.5(a) and 60-741.5(a), incorporated by reference with this statement: “This contractor and subcontractor shall abide by the requirements of 41 CFR §§ 60-1.4(a), 60-300.5(a) and 60-741.5(a). These regulations prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities, and prohibit discrimination against all individuals based on their race, color, religion, sex, sexual orientation, gender identity, or national origin. Moreover, these regulations require that covered prime contractors and subcontractors take affirmative action to employ and advance in employment individuals without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status or disability.” With respect to activities occurring in the State of California, Supplier agrees to adhere to the California Fair Employment and Housing Act. Supplier will provide UC on request a breakdown of its labor force by groups as specified by UC, and will discuss with UC its policies and practices relating to its affirmative action programs. Supplier will not maintain or provide facilities for employees at any establishment under its control that are segregated on a basis prohibited by federal law. Separate or single-user restrooms and necessary dressing or sleeping areas must be provided, however, to ensure privacy. ARTICLE 13 – LIENS Supplier agrees that upon UC’s request, Supplier will submit a sworn statement setting forth the work performed or material furnished by sub-suppliers and material men, and the amount due and to become due to each, and that before the final payment called for under the Agreement, will upon UC’s request submit to UC a complete set of vouchers showing what payments have been made for such work performed or material furnished. Supplier will promptly notify UC in writing, of any claims, demands, causes of action, liens or suits brought to its attention that arise out of the Agreement. UC will not make final payment until Supplier, if required, delivers to UC a complete release of all liens arising out of the Agreement, or receipts in full in lieu thereof, as UC may require, and if required in either case, an affidavit that as far as it has knowledge or information, the receipts include all the labor and materials for which a lien could be filed; but Supplier may, if any sub-supplier refuses to furnish a release or receipt in full, furnish a bond satisfactory to UC to indemnify it against any claim by lien or otherwise. If any lien or claim remains unsatisfied after all payments are made, Supplier will refund to UC all monies that UC may be compelled to pay in discharging such lien or claim, including all costs and reasonable attorneys' fees. 945 of 1132 950 ... [ i UNIVERSITY OF CALIFORNIA Page 8 of 16 Revised 2/27/2020 Terms and Conditions of Purchase ARTICLE 14 – PREMISES WHERE SERVICES ARE PROVIDED A. Cleaning Up. Supplier will at all times keep UC premises where the Services are performed and adjoining premises free from accumulations of waste material or rubbish caused by its employees or work of any of its sub-suppliers, and, at the completion of the Services; will remove all rubbish from and about the premises and all its tools, scaffolding, and surplus materials, and will leave the premises "broom clean" or its equivalent, unless more exactly specified. In case of dispute between Supplier and its sub-suppliers as to responsibility for the removal of the rubbish, or if it is not promptly removed, UC may remove the rubbish and charge the cost to Supplier. B. Environmental, Safety, Health and Fire Protection. Supplier will take all reasonable precautions in providing the Goods and Services to protect the health and safety of UC employees and members of the public and to minimize danger from all hazards to life and property, and will comply with all applicable environmental protection, health, safety, and fire protection regulations and requirements (including reporting requirements). In the event that Supplier fails to comply with such regulations and requirements, UC may, without prejudice to any other legal or contractual rights of UC, issue an order stopping all or any part of the provision of the Goods and/or Services; thereafter a start order for resumption of providing the Goods and/or Services may be issued at UC’s discretion. Supplier will not be entitled to make a claim for extension of time or for compensation or damages by reason of or in connection with such stoppage. Supplier will have sole responsibility for the safety of all persons employed by Supplier and its sub-suppliers on UC premises, or any other person who enters upon UC premises for reasons relating to the Agreement. Supplier will at all times maintain good order among its employees and all other persons who come onto UC's premises at Supplier's request and will not engage any unfit or unskilled person to provide the Goods and/or Services. Supplier will confine its employees and all other persons who come onto UC's premises at Supplier's request or for reasons relating to the Agreement and its equipment to that portion of UC's premises where the Services are to be provided or to roads leading to and from such work sites, and to any other area which UC may permit Supplier to use. Supplier will take all reasonable measures and precautions at all times to prevent injuries to or the death of any of its employees or any other person who enters upon UC premises at Supplier’s request. Such measures and precautions will include, but will not be limited to, all safeguards and warnings necessary to protect workers and others against any conditions on the premises that could be dangerous and to prevent accidents of any kind whenever the Goods and/or Services are being provided in proximity to any moving or operating machinery, equipment or facilities, whether such machinery, equipment or facilities are the property of or are being operated by, Supplier, its sub-suppliers, UC or other persons. To the extent compliance is required, Supplier will comply with all relevant UC safety rules and regulations when on UC premises. C. Tobacco-free Campus. UC is a tobacco-free institution. Use of cigarettes, cigars, oral tobacco, electronic cigarettes and all other tobacco products is prohibited on all UC owned or leased sites. ARTICLE 15 – LIABILITY FOR UC - FURNISHED PROPERTY Supplier assumes complete liability for any materials UC furnishes to Supplier in connection with the Agreement and Supplier agrees to pay for any UC materials Supplier damages or otherwise is not able to account for to UC's satisfaction. UC furnishing to Supplier any materials in connection with the Agreement will not, unless otherwise expressly provided in writing by UC, be construed to vest title thereto in Supplier. ARTICLE 16 – COOPERATION Supplier and its sub-suppliers, if any, will cooperate with UC and other suppliers and will so provide the Services that other cooperating suppliers will not be hindered, delayed or interfered with in the progress of their work, and so that all of such work will be a finished and complete job of its kind. ARTICLE 17 – ADDITIONAL TERMS APPLICABLE TO THE FURNISHING OF GOODS The terms in this Article have special application to the furnishing of Goods: A. Price Decreases. Supplier agrees immediately to notify UC of any price decreases from its suppliers, and to pass through to UC any price decreases. B. Declared Valuation of Shipments. Except as otherwise provided in the Agreement, all shipments by Supplier under the Agreement for UC's account will be made at the maximum declared value applicable to the lowest transportation rate or classification and the bill of lading will so note. C. Title. Title to the Goods purchased under the Agreement will pass directly from Supplier to UC at the f.o.b. point shown, or as otherwise specified in the Agreement, subject to UC’s right to reject upon inspection. 946 of 1132 951 ... [ i UNIVERSITY OF CALIFORNIA Page 9 of 16 Revised 2/27/2020 Terms and Conditions of Purchase D. Changes. Notwithstanding the terms in Article 34, Amendments, UC may make changes within the general scope of the Agreement in drawings and specifications for specially manufactured Goods, place of delivery, method of shipment or packing of the Agreement by giving notice to Supplier and subsequently confirming such changes in writing. If such changes affect the cost of or the time required for performance of the Agreement, UC and Supplier will agree upon an equitable adjustment in the price and/or delivery terms. Supplier may not make changes without UC’s written approval. Any claim of Supplier for an adjustment under the Agreement must be made in writing within thirty (30) days from the date Supplier receives notice of such change unless UC waives this condition in writing. Nothing in the Agreement will excuse Supplier from proceeding with performance of the Agreement as changed hereunder. Supplier may not alter or misbrand, within the meaning of the applicable Federal and State laws, the Goods furnished. E. Forced, Convict and Indentured Labor. Supplier warrants that no foreign-made Goods furnished to UC pursuant to the Agreement will be produced in whole or in part by forced labor, convict labor, or indentured labor under penal sanction. If UC determines that Supplier knew or should have known that it was breaching this warranty, UC may, in addition to terminating the Agreement, remove Supplier from consideration for UC contracts for a period not to exceed one year. This warranty is in addition to any applicable warranties in Articles 6 and 11. F. Export Control. Supplier agrees to provide UC (the contact listed on the Purchase Order) with written notification that identifies the export-controlled Goods and such Goods’ export classification if any of the Goods is export-controlled under the International Traffic in Arms Regulations (ITAR) (22 CFR §§ 120-130), the Export Administration Regulations (15 CFR §§ 730-774) 500 or 600 series, or controlled on a military strategic goods list. Supplier agrees to provide UC (the contact listed on the Purchase Order) with written notification if Supplier will be providing information necessary for the operation, installation (including on-site installation), maintenance (checking), repair, overhaul, and refurbishing of the Goods that is beyond a standard user manual (i.e. ”Use” technology as defined under the EAR 15 CFR § 772.1), or “Technical Data” (as defined under the ITAR 22 CFR § 120.10). ARTICLE 18 – CONFLICT OF INTEREST Supplier affirms that, to the best of Supplier’s knowledge, no UC employee who has participated in UC’s decision-making concerning the Agreement has an “economic interest” in the Agreement or Supplier. A UC employee’s “economic interest” means: A. An investment worth $2,000 or more in Supplier or its affiliate; B. A position as director, officer, partner, trustee, employee or manager of Supplier or its affiliate; C. Receipt during the past 12 months of $500 in income or $440 in gifts from Supplier or its affiliate; or D. A personal financial benefit from the Agreement in the amount of $250 or more. In the event of a change in these economic interests, Supplier will provide written notice to UC within thirty (30) days after such change, noting such changes. Supplier will not be in a reporting relationship to a UC employee who is a near relative, nor will a near relative be in a decision making position with respect to Supplier. ARTICLE 19 – AUDIT REQUIREMENTS The Agreement, and any pertinent records involving transactions relating to this Agreement, is subject to the examination and audit of the Auditor General of the State of California or Comptroller General of the United States or designated Federal authority for a period of up to five (5) years after final payment under the Agreement. UC, and if the underlying grant, cooperative agreement or federal contract so provides, the other contracting Party or grantor (and if that be the United States or an instrumentality thereof, then the Comptroller General of the United States) will have access to and the right to examine Supplier’s pertinent books, documents, papers, and records involving transactions and work related to the Agreement until the expiration of five (5) years after final payment under the Agreement. The examination and audit will be confined to those matters connected with the performance of the Agreement, including the costs of administering the Agreement. ARTICLE 20 – PROHIBITION ON UNAUTHORIZED USE OR DISCLOSURE OF INSTITUTIONAL INFORMATION A. Prohibition on Access, Use and Disclosure of Institutional In formation. Supplier will not access, use or disclose Institutional Information, other than to carry out the purposes for which UC disclosed the Institutional Information to Supplier, except as required by applicable law, or as otherwise authorized in writing by UC prior to Supplier’s disclosure. Supplier shall have the limited right to disclose Institutional Information to Supplier’s employees provided that: (i) Supplier shall disclose only such Institutional Information as is necessary for the Supplier to perform its obligations under this Agreement, and (ii) Supplier informs such employees of the obligations governing the access, use and disclosure of Institutional Information prior to Supplier’s disclosure. Supplier sha ll be liable 947 of 1132 952 ... [ i UNIVERSITY OF CALIFORNIA Page 10 of 16 Revised 2/27/2020 Terms and Conditions of Purchase for any breach of this Agreement by its employees. For avoidance of doubt, this provision prohibits Supplier from using for its own benefit Institutional Information and any information derived therefrom. For the avoidance of doubt, the sale of Institutional Information is expressly prohibited. B. Compliance with Applicable Laws and Industry Best Practices. Supplier agrees to comply with all applicable state, federal, and foreign laws, as well as industry best practices, governing the collection, access, use, disclosure, safeguarding and destruction of Institutional Information. Supplier agrees to protect the privacy and security of Institutional Information according to all applicable laws and industry best practices, and no less rigorously than it protects its own information, but in no case less than reasonable care. C. Confidential Institutional Information. Supplier agrees to hold UC’s Confidential Institutional Information, and any information derived therefrom, in strict confidence. Confidential Institutional Information shall be defined as any Institutional Information which is (i) marked as “Confidential” at the time of disclosure; (ii) if disclosed orally, identified at the time of such oral disclosure as confidential, and reduced to writing as “Confidential” within thirty (30) days of such oral disclosure; and (iii) if not marked as “Confidential,” information that would be considered by a reasonable person in the relevant field to be confidential given its content and the circumstances of its disclosure. Confidential Information will not be considered confidential to the extent that: (i) Supplier can demonstrate by written records was known to Supplier prior to the effective date of the Agreement; (ii) is currently in, or in the future enters, the public domain other than through a breach of the Agreement or through other acts or omissions of Supplier; (iii) is obtained lawfully from a third party; or (iv) is disclosed under the California Public Records Act or legal process. For the avoidance of doubt, as applicable to Supplier’s Services, Confidential Institutional Information may include any information that identifies or is capable of identifying a specific individual, including but not limited to: 1. Personally identifiable information, 2. Protected Health Information as defined by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the HIPAA regulations (including, but not limited to 45 C.F.R. § 160.103), 3. Medical information as defined by California Civil Code § 56.05, 4. Cardholder data, 5. Student records, or 6. Individual financial information that is subject to laws restricting the use and disclosure of such information, including but not limited to: a. Article 1, Section 1 of the California Constitution; the California Information Practices Act (Civil Code § 1798 et seq.); b. The federal Gramm-Leach-Bliley Act (15 U.S.C. §§ 6801(b) and 6805(b)(2)); c. The federal Family Educational Rights and Privacy Act (20 U.S.C. § 1232g); d. The federal Fair and Accurate Credit Transactions Act (15 U.S.C. § 1601 et seq.); e. The Fair Credit Reporting Act (15 U.S.C. § 1681 et seq), and f. Applicable international privacy laws, including, but not limited to the General Data Protection Regulation. D. Required Disclosures of Institutional Information. If Supplier is required by a court of competent jurisdiction or an administrative body to disclose Institutional Information, Supplier will notify UC in writing immediately upon receiving notice of such requirement and prior to any such disclosure (unless Supplier is prohibited by law from doing so), to give UC an opportunity to oppose or otherwise respond to such disclosure. To the extent Supplier still required to disclose Institutional Information, Supplier will furnish only that portion that is legally required and will exercise all reasonable efforts to obtain reliable assurance that confidential treatment will be afforded to any Confidential Institutional Information. E. No Offshoring. Supplier’s transmission, transportation or storage of Institutional Information outside the United States, or access of Institutional Information from outside the United States, is prohibited except with prior written authorization by UC. F. Conflict in Terms. UC’s Appendix – Data Security, Appendix – BAA, and/or Appendix GDPR will control in the event that one or more appendices is incorporated into the Agreement and conflicts with the provisions of this Article. G. Acknowledgement. Supplier acknowledges that remedies at law would be inadequate to protect UC against any actual or threaten ed breach of this Section by Supplier, and, without prejudice to any other rights and remedies otherwise available to UC, Supplier agrees to the granting of injunctive relief in UC’s favor without proof of actual damages. ARTICLE 21 – UC WHISTLEBLOWER POLICY UC is committed to conducting its affairs in compliance with the law, and has established a process for reporting and investigating suspected improper governmental activities. Please visit http://www.ucop.edu/uc-whistleblower/ for more information. 948 of 1132 953 ... [ i UNIVERSITY OF CALIFORNIA Page 11 of 16 Revised 2/27/2020 Terms and Conditions of Purchase ARTICLE 22 – SUSTAINABLE PROCUREMENT GUIDELINES Supplier will conduct business using environmentally, socially, and economically sustainable products and services (defined as products and services with a lesser or reduced effect on human health and the environment, and which generate benefits to the University as well as to society and the economy, while remaining within the carrying capacity of the environment), to the maximum possible extent consistent with the Agreement, and with the University of California Sustainable Practices Policy (https://policy.ucop.edu/doc/3100155) and the University of California Sustainable Procurement Guidelines: (https://www.ucop.edu/procurement-services/_files/sustainableprocurementguidelines.pdf). In accordance with the University of California Sustainable Practices Policy, Supplier will adhere to the following requirements and standards, as applicable. Supplier acknowledges that failure to comply with any of the sustainability standards and requirements in the Agreement will constitute a material breach of the Agreement and UC will have the right to terminate the Agreement without damage, penalty, cost or further obligation. A. Sustainability Marketing Standards. Supplier sustainability related claims, where applicable, must meet UC recognized certifications and standards set forth in the UC Sustainable Procurement Guidelines and/or meet the standards of Federal Trade Commission’s (FTC) Green Guides. B. Electronic Transfer of Supplier Information. Suppliers, when interacting with the UC, shall be prohibited from providing hard copies of presentations, marketing material, or other informational materials. Suppliers will be required to present all information in electronic format that is easily transferable to UC staff. Materials may be provided in hard copy or physical format if specifically required or requested by a UC representative. C. Packaging Requirements. All packaging must be compliant with the Toxics in Packaging Prevention Act (AB 455) and must meet all additional standards and requirements set forth in the UC Sustainable Practices Policy. In addition, UC requires that all pack aging meet at least one of the criteria listed below: 1. Uses bulk packaging; 2. Uses reusable packaging (e.g. totes reused by delivery service for next delivery); 3. Uses innovative packaging that reduces the weight of packaging, reduces packaging waste, or utilizes packaging that is a component of the product; 4. Maximizes recycled content and/or meets or exceeds the minimum post-consumer content level for packaging in the U.S. Environmental Protection Agency Comprehensive Procurement Guidelines; 5. Uses locally recyclable or certified compostable material. D. Foodservice Foam Ban. As of 2018, the University no longer allows packaging foam or expanded polystyrene (EPS) for takeaway containers or other food service items, in any University-owned or -operated food service facility. E. Product Packaging Foam Ban. Beginning January 1st, 2020, the University will prohibit all contracted and non-contracted suppliers from selling or distributing packaging foam (other than that utilized for laboratory supply or medical packaging) to UC campuses. Packaging foam is defined as any open or closed cell, solidified, polymeric foam used for cushioning or packaging, including but not limited to: low-density polyethylene foam, polypropylene foam, polystyrene foam (i.e. expanded polystyrene (EPS)), polyurethane foam, polyethylene foam, polyvinyl chloride (PVC) foam, and microcellular foam. Not included in this ban are easily biodegradable, plant-based foams such as those derived from corn or mushrooms. F. E-Waste Recycling Requirements. All recyclers of UC electronic equipment must be e-Steward certified by the Basel Action Network (BAN). G. Hosted and Punch-out Catalog Requirements. Suppliers enabled with eProcurement hosted catalog functionality must clearly identify products with UC-recognized certifications, as defined by the UC Sustainable Procurement Guidelines, in both hosted and punch-out catalog e-procurement environments. ARTICLE 23 – PATIENT PROTECTION AND AFFORDABLE CARE ACT (PPACA) EMPLOYER SHARED RESPONSIBILITY If the Services involve Supplier furnishing UC with temporary or supplementary staffing, Supplier warrants that: A. If Supplier is an Applicable Large Employer (as defined under Treasury Regulation Section 54.4980H-1(a)(4)): 1. Supplier offers health coverage to its full-time employees who are performing Services for UC; 2. Supplier’s cost of enrolling such employees in Supplier’s health plan is factored into the fees for the Services; and 3. The fees for the Services are higher than what the Services would cost if Supplier did not offer health coverage to such full-time employees. 949 of 1132 954 ... [ i UNIVERSITY OF CALIFORNIA Page 12 of 16 Revised 2/27/2020 Terms and Conditions of Purchase B. If Supplier is not an Applicable Large Employer (as defined above): 1. Supplier offers group health coverage to its full-time employees who are performing Services for UC and such coverage is considered Minimum Essential Coverage (as defined under Treasury Regulation Section 1-5000A-2) and is Affordable (as defined under Treasury Regulation Section 54.4980H-5(e)); or 2. Supplier’s full-time employees who are performing services for UC have individual coverage and such coverage satisfies the PPACA requirements for mandated individual coverage. Supplier acknowledges that UC is relying on these warranties to ensure UC’s compliance with the PPACA Employer Shared Responsibility provision. ARTICLE 24 - PREVAILING WAGES Unless UC notifies Supplier that the Services are not subject to prevailing wage requirements, Supplier will comply, and will ensure that all sub-suppliers comply, with California prevailing wage provisions, including but not limited to those set forth in Labor Code sections 1770, 1771, 1771.1, 1772, 1773, 1773.1, 1774, 1775, 1776, 1777.5, and 1777.6. For purposes of the Agreement, the term “sub-supplier” means a person or firm, of all tiers, that has a contract with Supplier or with a sub-supplier to provide a portion of the Services. The term sub- supplier will not include suppliers, manufacturers, or distributors. Specifically, and not by way of limitation, if apprenticable occupations are involved in providing the Services, Supplier will be responsible for ensuring that Supplier and any sub-suppliers comply with Labor Code Section 1777.5. Supplier and sub-supplier may not provide the Services unless currently registered and qualified to perform public work pursuant to Labor Code Section 1725.5 and 1771.1. Notwithstanding the foregoing provisions, Supplier will be solely responsible for tracking and ensuring proper payment of prevailing wages regardless if Services are partially or wholly subject to prevailing wage requirements. In every instance, Supplier will pay not less than the UC Fair Wage (defined as $13 per hour as of 10/1/15, $14 per hour as of 10/1/16, and $15 per hour as of 10/1/17) for Services being performed at a UC Location (defined as any location owned or leased by UC). The California Department of Industrial Relations (DIR) has ascertained the general prevailing per diem wage rates in the locality in which the Services are to be provided for each craft, classification, or type of worker required to provide the Services. A copy of the general prevailing per diem wage rates will be on file at each UC Location’s procurement office, and will be made available to any interested party upon request. Supplier will post at any job site: A. Notice of the general prevailing per diem wage rates, and B. Any other notices required by DIR rule or regulation. By this reference, such notices are made part of the Agreement. Supplier will pay not less than the prevailing wage rates, as specified in the schedule and any amendments thereto, to all workers employed by Supplier in providing the Services. Supplier will cause all subcontracts to include the provision that all sub-suppliers will pay not less than the prevailing rates to all workers employed by such sub- suppliers in providing the Services. The Services are subject to compliance monitoring and enforcement by the DIR. Supplier will forfeit, as a penalty, not more than $200 for each calendar day or portion thereof for each worker that is paid less than the prevailing rates as determined by the DIR for the work or craft in which the worker is employed for any portion of the Services provided by Supplier or any sub-supplier. The amount of this penalty will be determined pursuant to applicable law. Such forfeiture amounts may be deducted from the amounts due under the Agreement. If there are insufficient funds remaining in the amounts due under the Agreement, Supplier will be liable for any outstanding amount remaining due. Supplier will also pay to any worker who was paid less than the prevailing wage rate for the work or craft for which the worker was employed for any portion of the Services, for each day, or portion thereof, for which the worker was paid less than the specified prevailing per diem wage rate, an amount equal to the difference between the specified prevailing per diem wage rate and the amount which was paid to the worker. Review of any civil wage and penalty assessment will be made pursuant to California Labor Code section 1742. ARTICLE 25 – FAIR WAGE/FAIR WORK If the Agreement is for Services that will be performed at one or more UC Locations, does not solely involve furnishing Goods, and are not subject to extramural awards containing sponsor-mandated terms and conditions, Supplier warrants that it is in compliance with applicable federal, state and local working conditions requirements, including but not limited to those set forth in Articles 11, 12 and 14 herein, and that Supplier pays its employees performing the Services no less than the UC Fair Wage. Supplier agrees UC may conduct such UC Fair Wage/Fair Work interim compliance audits as UC reasonably requests, as determined in UC’s sole discretion. Supplier agrees to post UC 950 of 1132 955 ... [ i UNIVERSITY OF CALIFORNIA Page 13 of 16 Revised 2/27/2020 Terms and Conditions of Purchase Fair Wage/Fair Work notices, in the form supplied by UC, in public areas (such as break rooms and lunch rooms) frequented by Supplier employees who perform Services. For Services rendered (actual spend) not subject to prevailing wage requirements in excess of $100,000 in a year (under the Agreement or any combination of agreements for the same service), Supplier will (i) at Supplier’s expense, provide an annual independent verification (https://www.ucop.edu/procurement-services/for-suppliers/fwfw-resources-suppliers.html) performed by a licensed public accounting firm (independent accountant) or the Supplier’s independent internal audit department (http://na.theiia.org/standards- guidance/topics/Pages/Independence-and-Objectivity.aspx) in compliance with UC’s required verification standards and procedures (https://www.ucop.edu/procurement-services/for-suppliers/fwfw-resources-suppliers.html), concerning Supplier’s compliance with this provision, and (ii) ensure that in the case of a UC interim audit, its independent accountant/independent internal auditor makes available to UC its UC Fair Wage/Fair Work work papers for the most recent verification period. Supplier agrees to provide UC with a UC Fair Wage/Fair Work verification annually, in a form acceptable to UC, no later than ninety days after the end of the 12-month period in which $100,000 in spend is reached. The Fair Wage Fair Work annual independent verification requirement does not extend to contracts for professional services or consulting for which pre-certification has been provided to UC (https://www.ucop.edu/procurement-services/for-suppliers/fwfw-resources- suppliers.html). Please see the UC Procurement/Supply Chain Management Policy BUS-43 (https://www.ucop.edu/procurement- services/policies-forms/business-and-finance/index.html) for the definition of professional services and consulting. ARTICLE 26 – MEDICAL DEVICES This Article applies when the Goods and/or Services involve UC purchasing or leasing one or more medical devices from Supplier, or when Supplier uses one or more medical devices in providing Goods and/or Services to UC. Medical Device as used herein will have the meaning provided by the U.S. Food and Drug Administration (“FDA”) and means an instrument, apparatus, implement, machine, contrivance, implant, in vitro reagent, or other similar or related article, including a component part, or accessory which is: (i) recognized in the official National Formulary, or the United States Pharmacopoeia, or any supplement to them; (ii) intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment, or prevention of disease, in humans or other animals, or (iii) intended to affect the structure or any function of the body of humans or other animals, and which does not achieve any of its primary intended purposes through chemical action within or on the body of humans or other animals and which is not dependent upon being metabolized for the achievement of any of its primary intended purposes. Supplier warrants that prior to UC’s purchase or lease of any Medical Device or Supplier’s use of any Medical Device in providing Goods and/or Services hereunder, Supplier will: (i) perform security testing and validation for each such Goods and/or Services or Medical Device, as applicable; (ii) perform security scans to detect malware on any software embedded within any Goods and/or Services or Medical Device, as applicable, in order to verify that the software does not contain any known malware; (iii) conduct a vulnerability scan encompassing all ports and fuzz testing; and (iv) provide UC with reports for (i) – (iii). Supplier warrants that any Good or Medical Device is compliant with FDA’s most current guidance or regulation for the quality system related to the cybersecurity and the Management of Cybersecurity in Medical Devices, and that Supplier will maintain compliance with any updates to such guidance or regulations. Throughout Supplier’s performance of this Agreement, Supplier will provide UC with reasonably up-to-date patches, firmware and security updates for any Medical Device provided to UC, and any other Medical Device used in the course of providing Services, as applicable. All such patches and other security updates will be made available to UC within thirty (30) days of its commercial release or as otherwise recommended by Supplier or Supplier’s sub-supplier, whichever is earlier. Supplier warrants that all software and installation media not specifically required for any Medical Device used by Supplier or Goods and/or Services delivered to UC under this Agreement as well as files, scripts, messaging services and data will be removed from all such Goods and/or Services or Medical Device following installation, and that all hardware ports and drivers not required for use or operation of such Goods and/or Services or Medical Device will be disabled at time of installation. In addition, Medical Devices must be configured so that only Supplier-approved applications will run on such Medical Devices. 951 of 1132 956 ... [ i UNIVERSITY OF CALIFORNIA Page 14 of 16 Revised 2/27/2020 Terms and Conditions of Purchase Supplier agrees that UC may take any and all actions that it, in its sole discretion, deems necessary to address, mitigate and/or rectify any real or potential security threat, and that no such action, to the extent such action does not compromise device certification, will impact, limit, reduce or negate Supplier’s warranties or any of Supplier’s other obligations hereunder. Supplier warrants that any Medical Device provided to UC, and any other Medical Device used in the course of providing such Go ods and/or Services, meet and comply with all cyber-security guidance and similar standards promulgated by the FDA and any other applicable regulatory body. If the Goods and/or Services entail provision or use of a Medical Device, Supplier will provide UC with a completed Manufactur er Disclosure Statement for Medical Device Security (MDS2) form for each such Medical Device before UC is obligated to purchase or lease such Medical Device or prior to Supplier’s use of such device in its performance of Services. If Supplier provides an MDS2 form to UC concurrently with its provision of Goods and/or Services, UC will have a reasonable period of time to review such MDS2 form, and if the MDS2 form is unacceptable to UC, then UC in its sole discretion may return the Goods or terminate the Agreement with no further obligation to Supplier. ARTICLE 27 – FORCE MAJEURE Neither Party will be liable for delays due to causes beyond the Party’s control (including, but not restricted to, war, civil disturbances, earthquakes, fires, floods, epidemics, quarantine restrictions, freight embargoes, and unusually severe weather). ARTICLE 28 – ASSIGNMENT AND SUBCONTRACTING Except as to any payment due hereunder, Supplier may not assign or subcontract the Agreement without UC’s written consent. In case such consent is given, the assignee or subcontractor will be subject to all of the terms of the Agreement. ARTICLE 29 – NO THIRD-PARTY RIGHTS Nothing in the Agreement, express or implied, is intended to make any person or entity that is not a signer to the Agreement a third-party beneficiary of any right created by this Agreement or by operation of law. ARTICLE 30 – OTHER APPLICABLE LAWS Any provision required to be included in a contract of this type by any applicable and valid federal, state or local law, ordinance, rule or regulations will be deemed to be incorporated herein. ARTICLE 31 – NOTICES A Party must send any notice required to be given under the Agreement by overnight delivery or by certified mail with return receipt requested, to the other Party’s representative at the address specified by such Party. ARTICLE 32 – SEVERABILITY If a provision of the Agreement becomes, or is determined to be, illegal, invalid, or unenforceable, that will not affect the legality, validity or enforceability of any other provision of the Agreement or of any portion of the invalidated provision that remains legal, valid, or enforceable. ARTICLE 33 – WAIVER Waiver or non-enforcement by either Party of a provision of the Agreement will not constitute a waiver or non-enforcement of any other provision or of any subsequent breach of the same or similar provision. ARTICLE 34 – AMENDMENTS The Parties may make changes in the Goods and/or Services or otherwise amend the Agreement, but only by a writing signed by both Parties’ authorized representatives. In the event there is a Material Change to the Agreement, the parties agree to meet and confer in good faith in order to modify the terms of the Agreement. A Material Change as used herein refers to: 952 of 1132 957 ... [ i UNIVERSITY OF CALIFORNIA Page 15 of 16 Revised 2/27/2020 Terms and Conditions of Purchase A. A change to the scope of Goods and/or Services to be provided by Supplier, as agreed to by UC; B. A change in the Institutional Information Supplier is required to create, receive, maintain or transmit in performance of the Agreement, such that the Protection Level Classification of such Institutional Information changes; C. Changes in the status of the parties; D. Changes in flow down terms from external parties; and E. Changes in law or regulation applicable to this Agreement. Each party shall notify the other party upon the occurrence of a Material Change. ARTICLE 35 – GOVERNING LAW AND VENUE California law will control the Agreement and any document to which it is appended. The exclusive jurisdiction and venue for any and all actions arising out of or brought under the Agreement is in a state court of competent jurisdiction, situated in the county in the State of California in which the UC Location is located or, where the procurement covers more than one UC Location, the exclusive venue is Alameda County, California. ARTICLE 36 – ASSISTANCE IN LITIGATION OR ADMINISTRATIVE PROCEEDINGS Supplier will make itself and its employees, subcontractors, or agents assisting Supplier in the performance of its obligations reasonably available to UC at no cost to UC to testify as witnesses, or otherwise, in the event of investigations, or proceedings against UC, its directors, officers, agents, or employees relating to the Goods or Services. ARTICLE 37 – SUPPLIER TERMS Any additional terms that Supplier includes in an order form or similar document will be of no force and effect, unless UC expressly agrees in writing to such terms. ARTICLE 38 – SURVIVAL CLAUSE Upon expiration or termination of the Agreement, the following provisions will survive: WARRANTIES; INTELLECTUAL PROPERTY, COPYRIGHT, PATENTS, AND DATA RIGHTS; INDEMNITY AND LIABILITY; USE OF UC NAMES AND TRADEMARKS; LIABILITY FOR UC-FURNISHED PROPERTY; COOPERATION; TERMS APPLICABLE TO THE FURNISHING OF GOODS; AUDIT REQUIREMENTS; PROHIBITION ON UNAUTHORIZED USE OR DISCLOSURE OF INSTITUTIONAL INFORMATION; GOVERNING LAW AND VENUE, and, to the extent incorporated into the Agreement, the terms of the APPENDIX–DATA SECURITY, APPENDIX–BAA, and/or APPENDIX-GDPR. ARTICLE 39 – CONTRACTING FOR COVERED SERVICES Covered Services, for the purpose of this Agreement, are defined as work customarily performed by bargaining unit employees at the University in the categories of services described in Regents Policy 5402, and American Federation of State, County, and Municipal Employees (AFSCME) Collective Bargaining Agreement Article 5. Covered Services include, but are not necessarily limited to, the following services: cleaning, custodial, janitorial, or housekeeping services; food services; laundry services; grounds keeping; building maintenance (excluding skilled crafts); transportation and parking services; and security services. Unless UC notifies Supplier that the Services are not Covered Services, Supplier warrants that it is in compliance with applicable federal, state and local working conditions requirements, including but not limited to those set forth in in other Articles of the Agreement. In accordance with Regents Policy 5402 and AFSCME Collective Bargaining Agreement Article 5, Supplier also warrants that it pays its employees performing the Covered Services at UC locations the equivalent value of the wages and benefits – as determined in the Wage and Benefit Parity Appendix – received by UC employees providing similar services at the same, or nearest UC location. Supplier agrees UC may conduct such compliance audits as UC reasonably requests, and determined at UC’s sole discretion. Supplier agrees to post UC Contracting for Covered Services notices, in the template supplied by UC, in a prominent and accessible place (such as break rooms and lunch rooms) where it may be easily seen by workers who perform Covered Services. The term "Supplier" includes Supplier and its Sub-Suppliers at any tier. Supplier also agrees to: 953 of 1132 958 ... [ i UNIVERSITY OF CALIFORNIA Page 16 of 16 Revised 2/27/2020 Terms and Conditions of Purchase (a) upon UC’s request, provide verification of an independent audit performed by Supplier’s independent auditor or independent internal audit department (http://na.theiia.org/standards-guidance/topics/Pages/Independence-and-Objectivity.aspx) and at Supplier’s expense; and (b) ensure that, in the case of a UC interim audit, Supplier’s auditor makes available to UC its Contracting for Covered Services work papers for the most recently audited time period. Supplier agrees to provide UC requested verification, in a form acceptable to UC, no later than ninety days after receiving UC’s request. 954 of 1132 959 ... [ i UNIVERSITY OF CALIFORNIA BULLETINNO.: BUS-43 Rev. DATE: 12/15/94 PAGE: 74 Page 1 TERMS AND CONDITIONS OF EQUIPMENT LEASE ARTICLE 1 - GENERAL. For the purpose of these terms and conditions, the terms "University", "Lessor" and "Order" shall hereinafter be defined as follows: A. University: The Regents of the University of California. B. Lessor: The grantor of the use of personal property by lease. C. Order: A straight lease or rental agreement, with or without option to purchase, as indicated on the purchase order. The equipment, supplies and services covered by this order shall be furnished by Lessor subject to all the terms and conditions set forth in this order including the following, which Lessor, in accepting this order agrees to be bound by and to comply with in all particulars and no other terms or conditions shall be binding upon the parties unless hereafter accepted by them in writing. Written acceptance or shipment of all or any portion of the materials or supplies or the performance of all or any portion of the services covered by this order shall constitute unqualified acceptance of all its terms and conditions. The terms of any proposal referred to in this order are included and made a part of the order only to the extent it specifies the equipment, supplies and services ordered, the price therefor, and the delivery thereof, and then only to the extent that such terms are consistent with the terms and conditions of this order. ARTICLE 2 - INSPECTION. The equipment, supplies and services furnished shall be exactly as specified in this order, free from all defects in manufacturer's design, workmanship and materials, and, except as otherwise provided in this order, shall be subject to inspection and testing by University at all times and places. If, prior to final acceptance, any equipment, supplies or services are found to be defective or not as specified, University may reject them, require Lessor to correct them without charge, or require delivery of such equipment, supplies, or services at a reduction in price which is equitable under the circumstances. If Lessor is unable or refuses to correct such items within a time deemed reasonable to University, University may terminate the order in whole or in part. Lessor shall bear all risks as to rejected equipment, supplies and services and, in addition to any costs for which Lessor may become liable to University under other provisions of this order, shall reimburse University for all transportation costs, other related costs incurred, or payments to Lessor in accordance with the terms of this order for unaccepted equipment, supplies and services. Notwithstanding final acceptance and payment Lessor shall be liable for latent defects, fraud or such gross mistakes as amount to fraud. ARTICLE 3 - TERMS OF USE. Except as otherwise provided on the face of this order, the specified rental payments shall entitle University to unlimited use and operation of said equipment at any time and any place and for any period of time at the convenience of University (exclusive of the time required for preventive and remedial maintenance) and shall not be restricted to consecutive hours, length of personnel shifts, or any other restrictions. ARTICLE 4 - CHANGES. No change to the lease shall be allowed without written approval of University. Any claim of Lessor for an adjustment under this Article must be made in writing within thirty (30) days from the date of receipt notification of such change unless University waives this condition in writing. Nothing in the Article shall excuse Lessor from proceeding with performance of the order as changed hereunder. ARTICLE 5 - TERMINATION. University may at its option, by written notice stating the extent and effective date, terminate this order at the anniversary date of the lease or at the end of any fiscal year in whole or in part in the event the funding agency does not appropriate sufficient funds to continue the lease payments. University may by written notice terminate this order for Lessor's default, in whole or in part, at any time, if Lessor refuses or fails to comply with the provisions of this order, or so fails to make progress as to endanger performance and does not cure such failure within a reasonable period of time, or fails to make deliveries of said equipment or supplies or perform the services within the time specified or any written extension thereof. In the event University defaults in the payment of any amount due or to become due under the terms of the lease or defaults in the performance of any of the terms and conditions hereof, all the University's rights hereunder as to use and possession of the equipment shall, at the option of Lessor, terminate and Lessor shall become entitled to retain all rentals and to take possession of the property, provided however, that in such event neither Lessor nor University shall have the right to rent said equipment to any third party so long as it remains on the premises of University. ARTICLE 6 - TITLE. Lessor covenants that it is the sole owner of said property, and that no other person, party, firm or corporation has any right, title, interest in or to same and that during the term of this lease said Lessor will not sell or encumber said property, or any interest therein, except subject to the rights given University by virtue of the lease. Title to said property, including any accessories and devices furnished by Lessor except those subsequently purchased by University, vests in Lessor, and said property may be removed by Lessor at or after termination of this Agreement unless purchased by Universitypursuant to its Purchase Option, if any. ARTICLE 7 - PAYMENT. Unless otherwise provided for in this order, lease charges shall be invoiced in arrears and shall be payable thirty (30) days after the end of the period for which the charges accrue or thirty (30) days after University's receipt of invoice whichever is later. ARTICLE 8 - TAXES. Lessor alone shall pay any license fees, assessments, sales, use and other taxes lawfully imposed during the term hereof upon the equipment, supplies or services furnished pursuant to this order. ARTICLE 9 - PROPERTY TAX EXEMPTION. Lessor agrees to cooperate with University and do all acts reasonably necessary and appropriate to secure and maintain tax exemption of the property leased hereunder pursuant to Article 13, section 3 of the California Constitution. Lessor agrees to apply the amount of any reduction of tax resulting from such exemption as a credit against rental payments otherwise due by University to Lessor hereunder. ARTICLE 10 - WARRANTY. Lessor warrants that said equipment, including accessories, will be in good operating condition when installed and that any subsequent defects in design, materials or workmanship during the term of this Lease will be corrected by Lessor at its sole expense. Lessor will inform Universityof the terms and conditions of 955 of 1132 960 UNIVERSITY l i OF CALIFORNIA BULLETIN NO.: BUS-43 Rev. DATE: 12/15/94 PAGE: 74 Page 2 any manufacturer's warranty in effect on the commencement date of this lease. In the event of defect in design, material, or workmanship during the term of the lease, the Lessor will assert any Manufacturer's Warranty in effect between Lessor and the Manufacturer at the time the defect becomes apparent. ARTICLE 11 - PROPRIETARY RIGHTS INDEMNITY. Lessor shall indemnify, defend, and hold harmless University, its officers, agents, and employees against all losses, damages, liabilities, costs, and expenses (including but not limited to attorneys' fees) resulting from any judgment or proceeding in which it is determined, or any settlement agreement arising out of the allegation, that Lessor's furnishing or supplying University with parts, goods, components, programs, practices, or methods under this order or University's use of such parts, goods, components, programs, practices, or methods supplied by Lessor under this order constitutes an infringement of any patent, copyright, trademark, trade name, trade secret, or other proprietary or contractual right of any third party. The foregoing shall not apply unless University has informed Lessor as soon as practicable of the suit or action alleging such infringement. Lessor shall not settle such suit or action without the consent of University. University retains the right to participate in the defense against any such suit or action. ARTICLE 12 - TRANSPORTATION AND INSTALLATION. Unless otherwise provided for in this order, Lessor will be responsible for all transportation and handling costs related to the shipment to and from University of the leased equipment. Should the equipment require specialized installation, Lessor will provide the required technical assistance at no charge. ARTICLE 13 - ASSIGNMENT. This order is not assignable by Lessor, except as to any payment due hereunder, without the written approval of University. ARTICLE 14 - EQUAL OPPORTUNITY AFFIRMATIVE ACTION. Lessor shall not maintain or provide racially segregated facilities for employees at any establishment under its control. Lessor agrees to adhere to the requirements set forth in Executive Orders 11246 and 11375, and with respect to activities occurring in the State of California, to the California Fair Employment and Housing Act (Government Code section 12900 et seq.). Expressly, Lessor shall not discriminate against any employee or applicant for employment because of race, color, religion, sex, national origin, ancestry, medical condition (as defined by California Code section 12925[f]), marital status, age, physical and mental handicap in regard to any position for which the employee or applicant for employment is qualified, or because he or she is a disabled veteran or veteran of the Vietnam era. Lessor shall further specifically undertake affirmative action regarding the hiring, promotion and treatment of minority group persons, women, the handicapped, and disabled veterans and veterans of the Vietnam era. Lessor shall communicate this policy in both English and Spanish to all persons concerned within its company, with outside recruiting services, and the minority community at large. Lessor shall provide the University on request a breakdown of its labor force by groups, specifying the above characteristics within job categories, and shall discuss with the University its policies and practices relating to its affirmativeaction programs. ARTICLE 15 - SERVICE AND MAINTENANCE. In the event this order includes service and maintenance of said equipment, Lessorwill provide such service and maintenance required to keep said equipment in good working condition throughout the term of lease. The service and maintenance will consist of not less than: (1) periodic cleaning, and adjustments in the mechanisms and replacing unserviceable parts, and (2) emergency repair service, including replacement of unserviceable parts. In order to perform maintenance service hereunder Lessor shall have reasonable access to the leased equipment to the extent practical in consonance with operational requirements. Lessor agrees that its failure to provide service and maintenance to keep the equipment in good operating condition shall result on a credit of 1/30th of the monthly lease payments for every twenty-four (24) hour period or portion thereof following the first twenty-four (24) hours after notification to Lessor that the equipment is inoperative. ARTICLE 16 - ALTERATIONS. University or its authorized agents may make alterations or install attachments to the equipment and the Lessor shall be so notified. In the event that such changes substantially increase the cost of maintenance, mutually agreeable arrangements for additional maintenance service shall be made on an individual installation basis. Such alterations or attachments which are not the property of Lessor shall be removed immediately after discontinuation of lease (unless University elects to exercise its Purchase Option) and the equipment restored to the prior configuration (ordinary wear and tear only excluded) at University's expense. Lessor shall inform University of any provisions in the manufacturer's warranty which may cause the warranty to be affected by any such alterations or attachments. ARTICLE 17 - RISK OF LOSS. During the period of time that property covered by this order is in the possession of University, University (and its customers, if installed on University's customers' premises) shall take good care of the property and University shallbe responsible for any loss of or damage to the property caused by University while in its possession and control, unless such damage or loss is a consequence, directly or indirectly of intentional or negligent acts or omissions of Lessor or Lessor's agents. ARTICLE 18 - OPTION TO PURCHASE. University is hereby given the option (provided University is not in default in the performance of any of its obligations hereunder) to purchase any or all of said property at the times and for the amounts set forth in this order. As of the date of exercise of the option, University's Standard Terms and Conditions of Purchase shall be substituted for the terms and conditions applicable to this lease. Said terms and conditions of purchase shall be those ineffect as of the date the property was installed, provided that the period of manufacturer's warranty set forth therein shall be deemed to have commenced as of the date the Lease Terms commenced, and University shall be entitled to the remaining portion, if any, of said warranty period. University shall exercise such option to purchase said property by notifying Lessor in writing of its intention to do so. Such notice may be delivered to Lessor's office or may be mailed to Lessor at the address specified by Lessor. Such notice shall be given by University to Lessor not less than thirty (30) days before the expiration of the current year of the lease. Lessor shall keep University advised of any change of Lessor's address for the purpose of such notice. ARTICLE 19 - LESSOR'S LIABILITY AND INSURANCE REQUIREMENTS A. INDEMNIFICATION. Lessor shall defend, indemnify, and hold harmless University, its officers employees, and agents, from and against all losses, expenses (including attorney's fees), damages, and liabilities of any kind resulting from or arising out of this agreement and/or Lessor's performance hereunder, provided such losses, expenses, damages, and liabilities are due or claimed to be due to the negligent or willful acts or omissions of Lessor, its officers, employees, agents, subcontractors, or anyone directly or indirectly employed by them, or any person or persons under Lessor's direction and control. 956 of 1132 961 UNIVERSITY ( ) OF CALIFORNIA BULLETIN NO.: BUS-43 Rev. DATE: 12/15/94 PAGE: 74 Page 3 B. INSURANCE. In consideration of the above, Seller shall at its expense obtain, keep in force and maintain insurance to cover its performanceunder this order as follows: 1. Comprehensive or Commercial Form General Liability Insurance (Contractual LiabilityIncluded) Minimum Limits: 1.Each Occurrence $ 2. Products/Completed Operations $ If the above insurance is written on a claims made form, it shall continue for three years following termination of this agreement. The insurance shall have a retroactive date of placement prior to or coinciding with the effective date of this agreement. 2. Business Auto Liability: (Owned, Scheduled, Non-Owned, or Hired Automobiles) with a combined single limit of no less than $ per occurrence. 3. Workers' Compensation as required under California State law. Lessor, upon the execution of this agreement shall furnish University with Certificates of Insurance evidencing compliance with all requirements. Coverages referred to under B 1. and 2. above shall include The Regents of the University of California as an additional insured, but only with respect to the negligent acts or omissions of Seller, its officers, agents, employees, subcontractors or anyone directly or indirectly employed by them, or any other person or persons under its direction and control. The Certificates of Insurance shall obligate Lessor's insurers to notify University at least 30 days prior to cancellation of or change in any of said insurance. ARTICLE 20 - OTHER APPLICABLE LAWS. Any provisions required to be included in a contract of this type by any applicable and valid federal, state or local law, ordinance, rule or regulation shall be deemed to be incorporated herein. 957 of 1132 962 UNIVERSITY ~ 1 OF CALIFORNIA 958 of 1132 963 UNIVERSITY OF CALIFORNIA 959 of 1132 964 "Breach" "Illicit Code" "Institutional Information" "IT Resource" 960 of 1132 965 "Major Change" "Security Incident'' 961 of 1132 966 962 of 1132 967 963 of 1132 968 Reporting of Breach or Security Incident 964 of 1132 969 Coordination of Breach Response or Security Incident Activities: Breaches and Security Incidents-Corrective And Preventive Action 965 of 1132 970 Costs Grounds for Termination: 966 of 1132 971 "$$)') ##$ !%%) () !%%) () !%%) () ) !%%) ()) ( CI7A?*:S*//S/1I*7:S73S?11/1/S=*OS+1S-AL1F1/S7?S# ') %62S!GBJ2.J8B@S2M2;S02J2G>8@2HSJ62S*DD;8.*,;2S.P,2GSH2.KG8JPS8@HKG*@.2SG2EK8G2>2@JS8@S J62S%2G>HS*@0SB@08J8B@HS #$$&$)"$)$)$)#" $"# S@8>*;S"2H2*G.6S*J* SB@JGB;;20S%2.6@8.*;S@4BG>*J8B@S%R SB@JGB;;20S&@.;*HH84820S@4BG>*J8B@S&<R " S242@H2S2D*GJ>2@JSBM2G20S242@H2S@4BG>*J8B@SR S202G*;S.EK8H8J8B@S"25K;*J8B@HS"$ "SBJ62GSJ6*@S& S!"SD2GHB@*;S0*J* S!"SHD2.8*;S0*J* S2*;J6S0*J*SBJ62GS802@J848*,;2S>208.*;S0*J*S@BJS.BM2G20S,PS!S@.;K08@5 ,KJS@BJS;8>8J20SJBSB..KD*J8B@*;S62*;J6SHD2.8*;S*..B>>B0*J8B@SBGSH2GM8.2H EK*;848.*J8B@S2J. S2*;J6S"2.BG0HSHK,92.JSJBS!S!G8M*.PSBGS$2.KG8JPS"K;2S!R SK>*@S$K,92.JS"2H2*G.6S*J* 02@J84820 @B@P>8Q20 S@J2;;2.JK*;SDGBD2GJPS!RSHK.6S*HSD*J2@JHS.BDPG856JSBGSJG*02SH2.G2JH S%" ".B@JGB;;20S0*J* S!*P>2@JS.*G0S0*J*S!S!S$$R S!2GHB@*;;PS802@J848*,;2S8@4BG>*J8B@S! S$JK02@JS0*J*SN62J62GSBGS@BJSHK,92.JSJBS"! 967 of 1132 972 9.+7 9.+7 9.+7 !9.+7 %5@%%@0 8%5"+)3@+0@<50)%@+%" 5"+)3@5!5@--%=@5+@")+0'@@)@5!@8--%"0@+ +%" 5"+)3@0%5@5+@5!"3@--)"< 1#;>@#*#64@6@491#6>@1/9#1(*64@1@&4,@.14*6 @'1/,473/'@43,/*+39/'1/9=@4,@+*/)'1@3,472'9/43@)9@?@ @'1/,473/'@438:2+7@7/;')=@)9@ @'1/,473/'@3,472'9/43@7')9/)+8@)9@ @:745+'3@#3/43@+3+7'1@'9'@749+)9/43@ +-:1'9/43@ @'2/1=@*:)'9/43'1@ /-.98@'3*@7/;')=@)9@ @ @+*+7'1@41/)=@,47@9.+@749+)9/43@4,@:2'3@!:(0+)98@42243@ :1+ @+3+9/)@3,472'9/43@43*/8)7/2/3'9/43@)9@ @7'22+').1/1+=@)9@ @!9:*+39@/3'3)/'1@/* @+'19.@38:7'3)+@479'(/1/9=@'3*@))4:39'(/1/9=@)9 +'19.@3,472'9/43 "+).3414-=@,47@)4342/)@'3*@1/3/)'1@+'19.@)9@ "?@ @!:(89'3)+@(:8+@'3*@+39'1@+'19.@!+7;/)+8@*2/3/897'9/43@!!@ @ '79@ @".+@'/7@'3*@)):7'9+@7+*/9@"7'38')9/43@)9@" @".+@'/7@7+*/9@ +5479/3-@)9@ 7@:2$7?@ @.+2/)'1@')/1/9=@39/"+7747/82@!9'3*'7*8@"!? @+,+38+@+*+7'1@)6:/8/9/43@ +-:1'9/438@ ! @<5479@*2/3/897'9/43@ +-:1'9/438@ @+*+7'1@)6:/8/9/43@ +-:1'9/438@ !? @+*+7'1@3,472'9/43@!+):7/9=@4*+73/>'9/43@)9@! @39+73'9/43'1@"7',,/)@/3@728@ +-:1'9/438@" @'=2+39@)'7*@*'9'@@@!!? @"4</)@!:(89'3)+8@439741@)9@"!? 9.+7 @ @ @ @ @ !@ "@ #@ $@ %@ &@ 9.+79.+79.+7 @ @@+@@ 968 of 1132 973 969 of 1132 974 970 of 1132 975 { '=u"ia"'-"'-"' } ········ UNIVERSITY OF CALIFORNIA Appendix -Business Associate Agreement This Appendix -Business Associate Agreement ("Appendix BAA") supplements and is made a part of any and all agreements entered into by and between The Regents of the University of California, a California corporation ("UC"), on behalf of its University of California Health System and ____________ , Business Associate ("BA"). RECITALS A . UC is a "Covered Entity" as defined under 45 C.F.R. § 160.103 B. UC and BA are entering into or have entered into, and may in the future enter into, one or more agreements (each an "Underlying Agreement") under which BA performs functions or activities for or on behalf of, or provides services to UC ("Services") that involve receiving, creating, maintaining and/or transmitting Protected Health Information ("PHI") of UC as a "Business Associate" of UC as defined under 45 C.F.R. § 160.103 . This Appendix BAA shall only be operative in the event and to the extent this Appendix BAA is incorporated into an Underlying Agreement between UC and BA . C. UC and BA desire to protect the privacy and provide for the security of PHI used by or disclosed to BA in compliance with the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), the regulations promulgated thereunder by the U.S. Department of Health and Human Services (45 C.F .R. Parts 160, 162 and 164) (the "HIPAA Regulations"), the Health Information Technology for Economic and Clinical Health Act of 2009 (the "HITECH Act"), California Civil Code § 56 et seq., §§ 1798.82 and 1798.29, and other applicable laws and regulations. The purpose of this BA Agreement is to satisfy certain standards and requirements of HIP AA, the HIP AA Regulations, including 45 CFR § l 64.504(e ), the HITECH Act, including Subtitle D, part I, as they may be amended from time to time, and similar requirements under California law. D. UC has designated all of its HIPAA health care components as a single component of its hybrid entity and therefore this BA Agreement is binding on all other UC health care components (collectively, the Single Health Care Component or the SHCC). This BA Agreement is effective on the date of the Underlying Agreement under which BA provides Services to UC ("Effective Date"). 1. DEFINITIONS Except for PHI, all capitalized terms in this Appendix BAA shall have the same meaning as those terms in the HIPAA Regulations. PHI shall have the same meaning as "protected health information" in the HIPAA Regulations that is created, received, maintained, or transmitted by Business Associate or any Subcontractor on behalf of UC and shall also include "medical information" as defined at Cal. Civ. Code § 56.05. 1 8 .1.19 971 of 1132 976 2. OBLIGATIONS OF BA BA agrees to: A. Comply with the requirements of the Privacy Rule that apply to UC in carrying out such obligations, to the extent BA carries out any obligations of UC under the Privacy Rule. BA also agrees to comply with the requirements of California state privacy laws and regulations that apply to UC in carrying out such obligations, to the extent BA carries out any obligations of UC under California Civil Code § 1798 et seq., California Civil Code § 56 et seq., and California Health & Safety Code §§ 1280.15 and 1280.18, as applicable, unless otherwise mutually agreed to by BA and UC. B. Not Use or Disclose PHI other than as permitted or required by the Underlying Agreement or as required by law. C. Use appropriate safeguards, and comply, where applicable, with 45 C.F.R. § 164 Subpart C with respect to ePHI, to prevent the Use or Disclosure of PHI other than as provided for by the Underlying Agreement(s) and the Appendix BAA. D. Notify UC, orally and in writing, as soon as possible, but in no event more than five (5) calendar days, after BA becomes aware of any Use or Disclosure of the PHI not permitted or required by the Appendix BAA or Underlying Agreement(s), including Breaches of unsecured PHI as required by 45 C.F .R. § 164.410 and potential compromises of UC PHI, including potential inappropriate access, acquisition, use or disclosure of UC PHI (each, collectively an "Incident"). BA shall be deemed to be aware of any such Incident, as of the first day on which it becomes aware of it, or by exercising reasonable diligence, should have been known to its officers, employees, agents or sub-suppliers . The notification to UC shall include, to the extent possible, each individual whose unsecured PHI has been, or is reasonably believed by BA to have been, accessed, acquired, used or disclosed during such Incident. BA shall further provide UC with any other available information that UC is required to include in a notification to affected individuals at the time of the notification to UC, or promptly thereafter as information becomes available. BA shall take prompt corrective action to remedy any such Incident, and, as soon as possible, shall provide to UC in writing: (i) the actions initiated by the BA to mitigate, to the extent practicable, any harmful effect of such Incident; and (ii) the corrective action BA has initiated or plans to initiate to prevent future similar Incidents. E. Ensure that any Subcontractors that create, receive, maintain, or transmit PHI on behalf of the BA agree to the same restrictions, conditions, and requirements that apply to the BA with respect to such PHI. F. If BA maintains PHI in a Designated Record Set, BA shall make the PHI in the Designated Record Set available to UC, or if directed by UC to the Individual or the Individual's designee, as necessary to satisfy UC's obligations under 45 C.F.R. § 164.524. G . If BA maintains PHI in a Designated Record Set, BA shall make any amendments directed or agreed to by UC pursuant to 45 C.F.R. § 164 .526, or take other measures as necessary to satisfy UC's obligations under 45 C.F.R. § 164 .526 . 2 8.1.19 Xerox Corporation James B. Quantrille - Director of Operations 11/19/2020 972 of 1132 977 H. Maintain and make available the information required to provide an accounting of disclosures to UC, or if directed by UC to the Individual, as necessary to satisfy UC's obligations under 45 C.F.R. § 164.528. I. Make its internal practices, books, and records, relating to the Use and Disclosure of PHI available to UC, and to the Secretary for purposes of determining UC's compliance with HIP AA, HITECH and their implementing regulations. 3. PERMITTED USES AND DISCLOSURES BY BA BA may only Use or Disclose the Minimum Necessary PHI to perform the services set forth in the Underlying Agreement. 4. TERM AND TERMINATION A. Termination for Cause. UC may terminate this Appendix BAA and any Underlying Agreement(s), if UC determines BA has violated a material term of the Appendix BAA. B. Upon termination of this Appendix BAA for any reason, with respect to PHI received from UC, or created, maintained, or received by BA on behalf of UC, BA shall return to UC, or if agreed to by UC, destroy, all such PHI that BA still maintains in any form, and retain no copies of such PHI. To the extent return or destruction of UC PHI is not feasible, BA shall (I) retain only that PHI which is necessary for BA to continue its proper management and administration or to carry out its legal responsibilities; and (2) continue to use appropriate safeguards for such UC PHI and comply with Subpart C of 45 C.F.R. Part 164 with respect to ePHI to prevent Use or Disclosure of the PHI, other than as provided for in this Section, for as long as BA retains the PHI. C . Survival. The obligations of BA under this Section 4.B shall survive the termination of this Appendix BAA and any Underlying Agreement(s). The Appendix BAA is signed below by the parties' duly authorized representatives. THE REGENTS OF THE UNIVERSITY OF CALIFORNIA bV' ._c-, M-/l'\ /vi . (Printed Name, Title) 4-Vf> -1--CpO ?(1-(I? (Date) 8.1.19 BUSINESS ASSOCIATE (Supplier Name) ~1)~ (Signature) (Printed Name, Title) (Date) 3 973 of 1132 978 974 of 1132 979 975 of 1132 980 976 of 1132 981 977 of 1132 982 1 04/10/19 Addendum A: Scope of Processing Data This Addendum is part of the Appendix GDPR and includes details of the processing of Data as required by the Agreement. 1. Processor is processing Data on behalf of the Controller for purposes of the performance of Services described in this Agreement. Data shall be processed for the duration of the term of this Agreement, except as otherwise specifically set forth herein. 2. The purposes(s) of the processing of Data to be carried out by the Processor on behalf of the Controller includes: 3. The Data to be processed by the Processor on behalf of the Controller in the performance of Services includes the followingIf the Processor becomes aware that additional personal data not identified above has been received from the Controller, the Processor shall immediately notify the Controller. 4. The Data to be processed by the Processor on behalf of the Controller in the performance of Services relates to the following categories of data subjects 5. Controller authorizes the Processor to subcontract the following processing activities to the following Subprocessors: NONE 6. Other than to the United States as may be required for the pe rformance of Services, and for which the Controller has a lawful basis to transfer the Data to the United States pursuant to GDPR, the Processor may transfer Data to the following countries outside of the EEA: NONE 978 of 1132 983 1 04/10/19 Addendum B: Standard Contractual Clauses Commission Decision C(2004)5721 SET II Standard contractual clauses for the transfer of personal data from the Community to third countries (controller to controller transfers) Data transfer agreement between Xerox Corporation....................................................................................................(name) [ENTER ADDRESS] ...............................................................................................(address and country of establishment) hereinafter “data exporter” and The Regents of the University of California [ENTER ADDRESS] ...............................................................................................(address and country of establishment) hereinafter “data importer” each a “party”; together “the parties”. Definitions For the purposes of the clauses: a) “personal data”, “special categories of data/sensitive data”, “process/processing”, “controller”, “processor”, “data subject” and “supervisory authority/authority” shall have the same meaning as in Directive 95/46/EC of 24 October 1995 (whereby “the authority” shall mean the competent data protection authority in the territory in which the data exporter is established); b) “the data exporter” shall mean the controller who transfers the personal data; c) “the data importer” shall mean the controller who agrees to receive from the data exporter personal data for further processing in accordance with the terms of these clauses and who is not subject to a third country’s system ensuring adequate protection; d) “clauses” shall mean these contractual clauses, which are a free-standing document that does not incorporate commercial business terms established by the parties under separate commercial arrangements. The details of the transfer (as well as the personal data covered) are specified in Annex B, which forms an integral part of the clauses. 979 of 1132 984 2 04/10/19 I. Obligations of the data exporter The data exporter warrants and undertakes that: a) The personal data have been collected, processed and transferred in accordance with the laws applicable to the data exporter. b) It has used reasonable efforts to determine that the data importer is able to satisfy its legal obligations under these clauses. c) It will provide the data importer, when so requested, with copies of relevant data protection laws or references to them (where relevant, and not including legal advice) of the country in which the data exporter is established. d) It will respond to enquiries from data subjects and the authority concerning processing of the personal data by the data importer, unless the parties have agreed that the data importer will so respond, in which case the data exporter will still respond tothe extent reasonably possible and with the information reasonably available to it if the data importer is unwilling or unable to respond. Responses will be made within a reasonable time. e) It will make available, upon request, a copy of the clauses to data subjects who are third party beneficiaries under clause III, unless the clauses contain confidential information, in which case it may remove such information. Where information is removed, the data exporter shall inform data subjects in writing of the reason for removal and of their right to draw the removal to the attention of the authority. However, the data exporter shall abide by a decision of the authority regarding access to the full text of the clauses by data subjects, as long as data subjects have agreed to respect the confidentiality of the confidential information removed. The data exporter shall also provide a copy of the clauses to the authority where required. II. Obligations of the data importer The data importer warrants and undertakes that: a) It will have in place appropriate technical and organisational measures to protect the personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, and which provide a level of security appropriate to the risk represented by the processing and the nature of the data to be protected. b) It will have in place procedures so that any third party it a uthorises to have access to the personal data, including processors, will respect and maintain the confidentiality and security of the personal data. Any person acting under the authority of the data importer, including a data processor, shall be obligated to process the personal data only on instructions from the data importer. This provision does not apply to persons authorised or required by law or regulation to have access to the personal data. c) It has no reason to believe, at the time of entering into these clauses, in the existence of any local laws that would have a substantial adverse effect on the guarantees provided for under these clauses, and it will inform the data exporter (which will pass such notification on to the authority where required) if it becomes aware of any such laws. d) It will process the personal data for purposes described in Annex B, and has the legal authority to give the warranties and fulfil the undertakings set out in these clauses. e) It will identify to the data exporter a contact point within its organisation authorised to respond to enquiries concerning processing of the personal data, and will cooperate in good faith with the data exporter, the data subject and the authority concerning all such enquiries within a reasonable time. In case of legal dissolution of the data exporter, or if the parties have so agreed, the data importer will assume responsibility for compliance with the provisions of clause I(e). f) At the request of the data exporter, it will provide the data exporter with evidence of financial resources sufficient to fulfil its responsibilities under clause III (which may include insurance coverage). g) Upon reasonable request of the data exporter, it will submit its data processing facilities, data files and documentation needed for processing to reviewing, auditing and/or certifying by the data exporter (or any independent or impartial inspection agents or auditors, selected by the data exporter and not reasonably objected to by the data importer) to ascertain compliance with the warranties and undertakings in these clauses, with reasonable notice and during regular business hours. The request will be subject to any necessary consent or approval from a regulatory or supervisory authority within the country of the data importer, which consent or approval the data importer will attempt to obtain in a timely fashion. 980 of 1132 985 3 04/10/19 h) It will process the personal data, at its option, in accordance with: i. the data protection laws of the country in which the data exporter is established, or ii. the relevant provisions of any Commission decision pursuant to Article 25(6) of Directive 95/46/EC, where the data importer complies with the relevant provisions of such an authorisation or decision and is based in a country to which such an authorisation or decision pertains, but is not covered by such authorisation or decision for the purposes of the transfer(s) of the personal data, or iii. the data processing principles set forth in Annex A. Data importer to indicate which option it selects: Annex A.................................................................. Initials of data importer: [COMPLETE] ................................................................................................. ; i) It will not disclose or transfer the personal data to a third party data controller located outside the European Economic Area (EEA) unless it notifies the data exporter about the transfer and i. the third party data controller processes the personal data in accordance with a Commission decision finding that a third country provides adequate protection, or ii. the third party data controller becomes a signatory to these clauses or another data transfer agreement approved by a competent authority in the EU, or iii. data subjects have been given the opportunity to object, after having been informed of the purposes of the transfer, the categories of recipients and the fact that the countries to which data is exported may have different data protection standards, or iv. with regard to onward transfers of sensitive data, data subjects have given their unambiguous consent to the onward transfer III. Liability and third party rights a) Each party shall be liable to the other parties for damages it causes by any breach of these clauses. Liability as between the parties is limited to actual damage suffered. Punitive damages (i.e. damages intended to punish a party for its outrageous conduct) are specifically excluded. Each party shall be liable to data subjects for damages it causes by any breach of third party rights under these clauses. This does not affect the liability of the data exporter under its data protection law. b) The parties agree that a data subject shall have the right to enforce as a third party beneficiary this clause and clauses I(b), I(d), I(e), II(a), II(c), II(d), II(e), II(h), II(i), III(a), V, VI(d) and VII against the data importer or the data exporter, for their respective breach of their contractual obligations, with regard to his personal data, and accept jurisdiction for this purpose in the data exporter’s country of establishment. In cases involving allegations of breach by the data importer, the data subject must first request the data exporter to take appropriate action to enforce his rights against the data importer; if the data exporter does not take such action within a reasonable period (which under normal circumstances would be one month), the data subject may then enforce his rights against the data importer directly. A data subject is entitled to proceed directly against a data exporter that has failed to use reasonable efforts to determine that the data importer is able to satisfy its legal obligations under these clauses (the data exporter shall have the burden to prove that it took reasonable efforts). IV. Law applicable to the clauses These clauses shall be governed by the law of the country in which the data exporter is established, with the exception of the laws and regulations relating to processing of the personal data by the data importer under clause II(h), which shall apply only if so selected by the data importer under that clause. V. Resolution of disputes with data subjects or the authority a) In the event of a dispute or claim brought by a data subject or the authority concerning the processing of the personal data against either or both of the parties, the parties will inform each other about any such disputes or claims, and will cooperate with a view to settling them amicably in a timely fashion. 981 of 1132 986 4 04/10/19 b) The parties agree to respond to any generally available non-binding mediation procedure initiated by a data subject or by the authority. If they do participate in the proceedings, the parties may elect to do so remotely (such as by telephone or other electronic means). The parties also agree to consider participating in any other arbitration, mediation or other dispute resolution proceedings developed for data protection disputes. c) Each party shall abide by a decision of a competent court of the data exporter’s country of establishment or of the authority which is final and against which no further appeal is possible. VI. Termination a) In the event that the data importer is in breach of its obligations under these clauses, then the data exporter may temporarily suspend the transfer of personal data to the data importer until the breach is repaired or the contract is terminated. b) In the event that: i. the transfer of personal data to the data importer has been temporarily suspended by the data exporter for longer than one month pursuant to paragraph (a); ii. compliance by the data importer with these clauses would put it in breach of its legal or regulatory obligations in the country of import; iii. the data importer is in substantial or persistent breach of any warranties or undertakings given by it under these clauses; iv. a final decision against which no further appeal is possible of a competent court of the data exporter’s country of establishment or of the authority rules that there has been a breach of the clauses by the data importer or the data exporter; or v. a petition is presented for the administration or winding up of the data importer, whether in its personal or business capacity, which petition is not dismissed within the applicable period for such dismissal under applicable law; a winding up order is made; a receiver is appointed over any of its assets; a trustee in bankruptcy is appointed, if the data importer is an individual; a company voluntary arrangement is commenced by it; or any equivalent event in any jurisdiction occurs then the data exporter, without prejudice to any other rights which it may have against the data importer, shall be entitled to terminate these clauses, in which case the authority shall be informed where required. In cases covered by (i), (ii), or (iv) above the data importer may also terminate these clauses. c) Either party may terminate these clauses if (i) any Commission positive adequacy decision under Article 25(6) of Directive 95/46/EC (or any superseding text) is issued in relation to the country (or a sector thereof) to which the data is transferred and processed by the data importer, or (ii) Directive 95/46/EC (or any superseding text) becomes directly applicable in such country. d) The parties agree that the termination of these clauses at any time, in any circumstances and for whatever reason (except for termination under clause VI(c)) does not exempt them from the obligations and/or conditions under the clauses as regards the processing of the personal data transferred. VII. Variation of these clauses The parties may not modify these clauses except to update any information in Annex B, in which case they will inform the authority where required. This does not preclude the parties from adding additional commercial clauses where required. VIII. Description of the Transfer The details of the transfer and of the personal data are specified in Annex B. The parties agree that Annex B may contain confidential business information which they will not disclose to third parties, except as required by law or in response to a competent regulatory or government agency, or as required under clause I(e). The parties may execute additional annexes to cover additional transfers, which will be submitted to the authority where required. Annex B may, in the alternative, be drafted to cover multiple transfers. 982 of 1132 987 5 04/10/19 Dated: .......................................................... [FOR DATA IMPORTER [FOR DATA EXPORTER ..................................................................... ............................................................................... ..................................................................... ] ............................................................................... ] 983 of 1132 988 6 04/10/19 ANNEX A DATA PROCESSING PRINCIPLES 1. Purpose limitation: Personal data may be processed and subsequently used or further communicated only for purposes described in Annex B or subsequently authorised by the data subject. 2. Data quality and proportionality: Personal data must be accurate and, where necessary, kept up to date. The personal data must be adequate, relevant and not excessive in relation to the purposes for which they are transferred and further processed. 3. Transparency: Data subjects must be provided with information necessary to ensure fair processing (such as information about the purposes of processing and about the transfer), unless such information has already been given by the data exporter. 4. Security and confidentiality: Technical and organisational security measures must be taken by the data controller that are appropriate to the risks, such as against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, presented by the processing. Any person acting under the authority of the data controller, including a processor, must not process the data except on instructions from the data controller. 5. Rights of access, rectification, deletion and objection: As provided in Article 12 of Directive 95/46/EC, data subjects must, whether directly or via a third party, be provided with the personal information about them that an organisation holds, except for requests which are manifestly abusive, based on unreasonable intervals or their number or repetitive or systematic nature, or for which access need not be granted under the law of the country of the data exporter. Provided that the authority has given its prior approval, access need also not be granted when doing so would be likely to seriously harm the interests of the data importer or other organisations dealing with the data importer and such interests are not overridden by the interests for fundamental rights and freedoms of the data subject. The sources of the personal data need not be identified when this is not possible by reasonable efforts, or where the rights of persons other than the individual would be violated. Data subjects must be able to have the personal information about them rectified, amended, or deleted where it is inaccurate or processed against these principles. If there are compelling grounds to doubt the legitimacy of the request, the organisation may require further justifications before proceeding to rectification, amendment or deletion. Notification of any rectification, amendment or deletion to third parties to whom the data have been disclosed need not be made when this involves a disproportionate effort. A data subject must also be able to object to the processing of the personal data relating to him if there are compelling legitimate grounds relating to his particular situation. The burden of proof for any refusal rests on the data importer, and the data subject may always challenge a refusal before the authority. 6. Sensitive data: The data importer shall take such additional measures (e.g. relating to security) as are necessary to protect such sensitive data in accordance with its obligations under clause II. 7. Data used for marketing purposes: Where data are processed for the purposes of direct marketing, effective procedures should exist allowing the data subject at any time to “opt-out” from having his data used for such purposes. 8. Automated decisions: For purposes hereof “automated decision” shall mean a decision by the data exporter or the data importer which produces legal effects concerning a data subject or significantly affects a data subject and which is based solely on automated processing of personal data intended to evaluate certain personal aspects relating to him, such as his performance at work, creditworthiness, reliability, conduct, etc. The data importer shall not make any automated decisions concerning data subjects, except when: a) i. such decisions are made by the data importer in entering into or performing a contract with the data subject, and ii. the data subject is given an opportunity to discuss the results of a relevant automated decision with a representative of the parties making such decision or otherwise to make representations to that parties. or b) where otherwise provided by the law of the data exporter. 984 of 1132 989 7 04/10/19 ANNEX B DESCRIPTION OF THE TRANSFER (To be completed by the parties) Data subjects The personal data transferred concern the following categories of data subjects: See Addendum A: Scope of Processing Data, Section 4. Purposes of the transfer(s) The transfer is made for the following purposes: See Addendum A: Scope of Processing Data, Sections 1 and 2. Categories of data The personal data transferred concern the following categories of data: See Addendum A: Scope of Processing Data, Section 3. Recipients The personal data transferred may be disclosed only to the following recipients or categories of recipients: See Addendum A: Scope of Processing Data, Section 5. If applicable, Data importer may also transfer to the data to the following types of recipients:[TO BE COMPLETED BY BUYER] ………………………………………………………………………………………………………………………………………… ………………………………………………………………………………………………………………………………………… ………………………………………………………………………………………………………………………………………… ……………………………………………………………………………………… Sensitive data (if appropriate) The personal data transferred concern the following categories of sensitive data: See Addendum A: Scope of Processing Data, Section 3. … Data protection registration information of data exporter (where applicable) [TO BE COMPLETED BY SUPPLIER] ………………………………………………………………………………………………………………………………………… ………………………………………………………………………………………………………………………………………… ………………………………………………………………………………………………………………………………………… ……………………………………………………………………………………………… Additional useful information (storage limits and other relevant information) The data will be protected as set forth in the Agreement. [ADD ADDITIONAL TERMS AS REQUESTED BY SUPPLIER.] ………………………………………………………………………………………………………………………………………… ………………………………………………………………………………………………………………………………………… ………………………………………………………………………………………………………………………………………… ……………………………………………………………………………………………… Contact points for data protection enquiries Data importer Data exporter [ADD PRIVACY OFFICER CONTACT] [TO BE COMPLETED BY SUPPLIER] ………………………………………………………………………………………………… ………………………………………………………………………………………………… ………………………………………………………………………………………………… 985 of 1132 990 986 of 1132 991 987 of 1132 992 988 of 1132 993 989 of 1132 994 990 of 1132 995 991 of 1132 996 5HYLVHG3DJHRI dŚŝƐůĞĐƚƌŽŶŝĐŽŵŵĞƌĐĞƉƉĞŶĚŝǆƐƉĞĐŝĨŝĞƐƚŚĞĞůĞĐƚƌŽŶŝĐĐŽŵŵĞƌĐĞƌĞƋƵŝƌĞŵĞŶƚƐĂƉƉůŝĐĂďůĞƚŽ^ƵƉƉůŝĞƌŝŶ ƉƌŽǀŝĚŝŶŐƚŚĞ'ŽŽĚƐĂŶĚͬŽƌ^ĞƌǀŝĐĞƐ͘ ^d/KEϭͲ'EZ>dZD^ ĂĐŚh>ŽĐĂƚŝŽŶŽĨĨĞƌƐĂŶĞůĞĐƚƌŽŶŝĐǁĞďͲďĂƐĞĚƉƵƌĐŚĂƐŝŶŐĂŶĚĐĂƚĂůŽŐƐǇƐƚĞŵƚŽĨĂĐŝůŝƚĂƚĞƚŚĞƉƵƌĐŚĂƐĞŽĨ'ŽŽĚƐ ĂŶĚͬŽƌ^ĞƌǀŝĐĞƐĨƌŽŵhƐƵƉƉůŝĞƌƐ͘h>ŽĐĂƚŝŽŶƐ͛ĞWƌŽĐƵƌĞŵĞŶƚƐǇƐƚĞŵƐĐƵƌƌĞŶƚůǇĂƌĞƉƌŽǀŝĚĞĚďǇŵƵůƚŝƉůĞƐĞƌǀŝĐĞ ƉƌŽǀŝĚĞƌƐ͘ŝŐŚƚŽĨƚŚĞƚĞŶhĐĂŵƉƵƐĞƐƵƚŝůŝǌĞƚŚĞƐĂŵĞƉůĂƚĨŽ ƌŵďƵƚŵĂǇƌĞƋƵŝƌĞƐĞƉĂƌĂƚĞŝŵƉůĞŵĞŶƚĂƚŝŽŶƐ͕ĂƐǁŝůů ƚŚĞƌĞŵĂŝŶŝŶŐĐĂŵƉƵƐĞƐĂŶĚͬŽƌDĞĚŝĐĂůĞŶƚĞƌƐ͘dŚŝƐƉƉĞŶĚŝǆƐĞƚƐĨŽƌƚŚƚŚĞƚĞƌŵƐĂŶĚĐŽŶĚŝƚŝŽŶƐƚŚĂƚǁŝůůŐŽǀĞƌŶ ^ƵƉƉůŝĞƌ͛ƐƐĂůĞŽĨ'ŽŽĚƐĂŶĚͬŽƌ^ĞƌǀŝĐĞƐƚŚƌŽƵŐŚh͛ƐĞWƌŽĐƵƌĞŵĞŶƚƐǇƐƚĞŵƐ͘ ^d/KEϮͲ&/E/d/KE^ ĂƚĂůŽŐ;ƐͿƌĞĨĞƌƐƚŽƚŚĞůŝƐƚŽĨĚĞƚĂŝůĞĚƉƌŽĚƵĐƚŝŶĨŽƌŵĂƚŝŽŶ͕ĂŐƌĞĞŵĞŶƚƉƌŝĐŝŶŐ͕ŵĂŶƵĨĂĐƚƵƌĞƌƉĂƌƚŶƵŵďĞƌƐĂŶĚͬŽƌ ƐĞƌǀŝĐĞĚĞƐĐƌŝƉƚŝŽŶƐƌĞůĂƚŝŶŐƚŽƚŚĞ'ŽŽĚƐĂŶĚͬŽƌ^ĞƌǀŝĐĞƐƚŽďĞŽĨĨĞƌĞĚĞŝƚŚĞƌĂƐĂWƵŶĐŚͲŽƵƚĂƚĂůŽŐ͕Ă,ŽƐƚĞĚ ĂƚĂůŽŐŽƌŝŶĂĐŽŵďŝŶĂƚŝŽŶ͘dŚŝƐŵĂǇŝŶĐůƵĚĞƚŚĞĐƌĞĂƚŝŽŶŽĨŵƵůƚŝƉůĞ,ŽƐƚĞĚĂƚĂůŽŐƐ͘ ĞWƌŽĐƵƌĞŵĞŶƚĂŶĚĞŽŵŵĞƌĐĞĂƌĞƵƐĞĚŝŶƚĞƌĐŚĂŶŐĞĂďůǇƚŽŵĞĂŶh͛ƐĞůĞĐƚƌŽŶŝĐǁĞďͲďĂƐĞĚƉƵƌĐŚĂƐŝŶŐĂŶĚ ĐĂƚĂůŽŐƐǇƐƚĞŵƐ͘ĂĐŚhůŽĐĂƚŝŽŶŚĂƐĂďƌĂŶĚĞĚĞWƌŽĐƵƌĞŵĞŶƚƐŝƚĞ͘ 'Ž>ŝǀĞĂƚĞŵĞĂŶƐƚŚĞĚĂƚĞŽŶǁŚŝĐŚĂĂƚĂůŽŐǁŝůůďĞĂĐƚŝǀĞ͘ ,ŽƐƚĞĚĂƚĂůŽŐŵĞĂŶƐĂĂƚĂůŽŐƚŚĂƚŝƐĂƉƌŽƉĞƌůǇĨŽƌŵĂƚƚĞĚĐŽŵƉƵƚĞƌĨŝůĞƐƵƉƉůŝĞĚƚŽĂůůh>ŽĐĂƚŝŽŶƐƚŚƌŽƵŐŚƚŚĞ >ŽĐĂƚŝŽŶƐ͛ƌĞƐƉĞĐƚŝǀĞĞWƌŽĐƵƌĞŵĞŶƚƐǇƐƚĞŵƐ͘ KƌĚĞƌŵĞĂŶƐĂƉƵƌĐŚĂƐĞŽƌĚĞƌĨŽƌ'ŽŽĚƐĂŶĚͬŽƌ^ĞƌǀŝĐĞƐƉůĂĐĞĚďǇĂhƐĞƌƚŚƌŽƵŐŚĂŶĞWƌŽĐƵƌĞŵĞŶƚƐǇƐƚĞŵ͘ KƌĚĞƌĂƚĂŵĞĂŶƐĂůůĚĂƚĂĂŶĚŝŶĨŽƌŵĂƚŝŽŶƌĞůĂƚŝŶŐƚŽKƌĚĞƌƐ͕ŝŶĐůƵĚŝŶŐ͕ǁŝƚŚŽƵƚůŝŵŝƚĂƚŝŽŶ͕ƚŚĞƐƉĞĐŝĨŝĐƐŽĨĂŐŝǀĞŶ ƚƌĂŶƐĂĐƚŝŽŶ͘ WƵŶĐŚͲŽƵƚĂƚĂůŽŐŵĞĂŶƐĂĂƚĂůŽŐŚŽƐƚĞĚďǇ^ƵƉƉůŝĞƌŽŶ^ƵƉƉůŝĞƌ͛Ɛ^ŝƚĞ͘hƐĞƌƐŵĂǇĂĐĐĞƐƐƚŚŝƐWƵŶĐŚͲŽƵƚĂƚĂůŽŐ ǀŝĂĂŶ/ŶƚĞƌŶĞƚůŝŶŬƉƌŽǀŝĚĞĚďǇ^ƵƉƉůŝĞƌƚŽhƚŚĂƚƌĞĚŝƌĞĐƚƐĂhƐĞƌĨƌŽŵƚŚĞ>ŽĐĂƚŝŽŶ͛ƐĞWƌŽĐƵƌĞŵĞŶƚƐǇƐƚĞŵƚŽ ^ƵƉƉůŝĞƌ^ŝƚĞ͘ ^ƵƉƉůŝĞƌDĂƌŬŵĞĂŶƐ^ƵƉƉůŝĞƌ͛ƐŶĂŵĞ͕ƚƌĂĚĞŶĂŵĞĂŶĚͬŽƌƚƌĂĚĞŵĂƌŬƐ͕ƐĞƌǀŝĐĞŵĂƌŬ͕ŽƌĂŶǇĚĞƌŝǀĂƚŝŽŶƚŚĞƌĞŽĨ͘ ^ƵƉƉůŝĞƌ^ŝƚĞŵĞĂŶƐĂŶŝŶƚĞƌŶĞƚƐŝƚĞŽƉĞƌĂƚĞĚĂŶĚŵĂŝŶƚĂŝŶĞĚďǇ^ƵƉƉůŝĞƌƚŚĂƚŚĂƐďĞĞŶŵĂĚĞƐƵďũĞĐƚƚŽƚŚŝƐ ƉƉĞŶĚŝǆ͘ hDĂƌŬŵĞĂŶƐh͛ƐŶĂŵĞ͕ƚƌĂĚĞŶĂŵĞĂŶĚͬŽƌƚƌĂĚĞŵĂƌŬƐ͕ƐĞƌǀŝĐĞŵĂƌŬƐ͕ŽƌĂŶǇĚĞƌŝǀĂƚŝŽŶƚŚĞƌĞŽĨ͘ hƐĞƌŵĞĂŶƐĂŶŝŶĚŝǀŝĚƵĂůĂƵƚŚŽƌŝǌĞĚďǇĂhůŽĐĂƚŝŽŶƚŽƵƐĞĂŶĞWƌŽĐƵƌĞŵĞŶƚƐǇƐƚĞŵ͘ ^d/KEϯʹZ/',ddKh^ hŐƌĂŶƚƐƚŽ^ƵƉƉůŝĞƌƚŚĞƌŝŐŚƚƚŽƐĞůů'ŽŽĚƐĂŶĚͬŽƌ^ĞƌǀŝĐĞƐƚŽhƚŚƌŽƵŐŚƚŚĞĞWƌŽĐƵƌĞŵĞŶƚƐǇƐƚĞŵƐ͕ƐƵďũĞĐƚƚŽ ƚŚĞƚĞƌŵƐŽĨƚŚŝƐĂŐƌĞĞŵĞŶƚ͘^ƵƉƉůŝĞƌǁŝůůďĞƌĞƐƉŽŶƐŝďůĞĨŽƌĂŶǇĐŽƐƚŽĨŽƉĞƌĂƚŝŽŶŽƌĚŝƐƉƵƚĞǁŝƚŚƌĞŐĂƌĚƚŽŝƚƐ ŝŶƚĞƌĨĂĐĞǁŝƚŚh͛ƐĞWƌŽĐƵƌĞŵĞŶƚƐǇƐƚĞŵƐ͘ $SSHQGL[(OHFWURQLF&RPPHUFH 992 of 1132 997 UNIVERSITY OF CALIFORNIA 5HYLVHG3DJHRI ^d/KEϰʹĞͲWZKhZDEd^z^dDZ^WKE^//>/d/^͖D/EdEEK&d>K';^Ϳ͖>/E^ ;ĂͿĞͲWƌŽĐƵƌĞŵĞŶƚ^ǇƐƚĞŵZĞƐƉŽŶƐŝďŝůŝƚŝĞƐ͘ ǆĐĞƉƚĂƐŽƚŚĞƌǁŝƐĞƐĞƚĨŽƌƚŚŚĞƌĞŝŶ͕ĞĂĐŚƉĂƌƚǇǁŝůůďĞƌĞƐƉŽŶƐŝďůĞ͕ĂƚŝƚƐŽǁŶĞǆƉĞŶƐĞ͕ĨŽƌ͗;ŝͿĚĞǀĞůŽƉŝŶŐ͕ŽƉĞƌĂƚŝŶŐ ĂŶĚŵĂŝŶƚĂŝŶŝŶŐŝƚƐƌĞůĞǀĂŶƚƐǇƐƚĞŵ;ƐͿ͖;ŝŝͿĂĐƋƵŝƌŝŶŐĂŶĚŵĂŝŶƚĂŝŶŝŶŐŝƚƐƐĞƌǀĞƌŚĂƌĚǁĂƌĞĂŶĚƐŽĨƚǁĂƌĞ;ŽƌŽďƚĂŝŶŝŶŐ ƚŚŝƌĚͲƉĂƌƚǇŚŽƐƚŝŶŐƐĞƌǀŝĐĞƐͿĨŽƌŝƚƐƌĞůĞǀĂŶƚƐǇƐƚĞŵ;ƐͿ͖ĂŶĚ;ŝŝŝͿŵĂŝŶƚĂŝŶŝŶŐ/ŶƚĞƌŶĞƚĐŽŶŶĞĐƚŝǀŝƚǇ͘ dŚĞƐƵƉƉůŝĞƌǁŝůůĞŶĂďůĞŝƚƐĐĂƚĂůŽŐǁŝƚŚĂŶǇhůŽĐĂƚŝŽŶƚŚĂƚƌĞƋƵĞƐƚƐŽŶĞ͕ĂƐůŽŶŐĂƐŝƚŝƐŶŽƚŽƵƚŽĨƚŚĞƐĐŽƉĞŽĨƚŚĞ ƚĞƌŵƐŽĨƚŚĞĂŐƌĞĞŵĞŶƚŽƌƚŚŝƐĂƉƉĞŶĚŝǆ͘dŚĞƉĂƌƚŝĞƐĂŐƌĞĞƚŽĞůĞĐƚƌŽŶŝĐĂůůǇůŝŶŬƚŚĞĨƵŶĐƚŝŽŶĂůŝƚǇŽĨƚŚĞŝƌƌĞƐƉĞĐƚŝǀĞ ƐǇƐƚĞŵƐ͕ƵƐŝŶŐĐŽŵŵĞƌĐŝĂůůǇƌĞĂƐŽŶĂďůĞĞĨĨŽƌƚƐ͘ WƵƌĐŚĂƐĞ KƌĚĞƌ ĂŶĚ /ŶǀŽŝĐĞͬƌĞĚŝƚ DĞŵŽ ĂƚĂ ǁŝůů ďĞ ƚƌĂŶƐŵŝƚƚĞĚďĞƚǁĞĞŶƚŚĞƐǇƐƚĞŵƐĂĐĐŽƌĚŝŶŐƚŽƚŚĞ ĂƉƉƌŽƉƌŝĂƚĞŵĞƚŚŽĚĨŽƌĞĂĐŚhŶŝǀĞƌƐŝƚǇůŽĐĂƚŝŽŶ͕ĐyD>͕ǆ>Žƌ/ƐƚĂŶĚĂƌĚƐďĞŝŶŐƉƌĞĨĞƌƌĞĚ͘KƚŚĞƌŵĞƚŚŽĚƐŽĨ WKŽƌ/ŶǀŽŝĐĞͬƌĞĚŝƚDĞŵŽƚƌĂŶƐŵŝƐƐŝŽŶǁŝůůŽŶůǇďĞĂůůŽǁĞĚĂƚƚŚĞĚŝƐĐƌĞƚŝŽŶŽĨĞĂĐŚhŶŝǀĞƌƐŝƚǇůŽĐĂƚŝŽŶ͘ ƐƵƉƉůŝĞƌ͛ƐWƵŶĐŚͲŽƵƚƐŝƚĞ;ŝĨĂƉƉůŝĐĂďůĞͿǁŝůůƉĞƌŵŝƚ͗;ĂͿhƐĞƌƐƚŽĂĐĐĞƐƐƚŚĞ^ƵƉƉůŝĞƌ^ŝƚĞǁŚĞŶĂhƐĞƌƐĞůĞĐƚƐƚŚĞ WƵŶĐŚͲŽƵƚĂƚĂůŽŐ͖;ďͿ^ƵƉƉůŝĞƌƐŝƚĞƚŽƐĞŶĚďĂĐŬƵƐĞƌƐĞůĞĐƚĞĚŝƚĞŵƐƚŽ>ŽĐĂƚŝŽŶ͛ƐĞWƌŽĐƵƌĞŵĞŶƚƐǇƐƚĞŵ͖;ĐͿhƐĞƌƚŽ ĐƌĞĂƚĞĂŶKƌĚĞƌƚŚƌŽƵŐŚƚŚĞ>ŽĐĂƚŝŽŶ͛ƐĞWƌŽĐƵƌĞŵĞŶƚƐǇƐƚĞŵ͖ĂŶĚ;ĚͿhĞWƌŽĐƵƌĞŵĞŶƚƐǇƐƚĞŵƐƚŽĨŽƌǁĂƌĚĂŶ KƌĚĞƌƚŽ^ƵƉƉůŝĞƌĨŽƌĐŽŶĨŝƌŵĂƚŝŽŶĂŶĚKƌĚĞƌƉƌŽĐĞƐƐŝŶŐĂůŽŶŐǁŝƚŚKƌĚĞƌƐƚĂƚƵƐŝŶƋƵŝƌǇ͘ ^ƵƉƉůŝĞƌŵƵƐƚďĞĂďůĞƚŽĂĐĐŽŵŵŽĚĂƚĞŽƌĚĞƌƐĂŶĚŝŶǀŽŝĐĞƐĨŽƌŵƵůƚŝƉůĞhůŽĐĂƚŝŽŶƐƐŚĂƌŝŶŐĂƐŝŶŐůĞĞWƌŽĐƵƌĞŵĞŶƚ ƉůĂƚĨŽƌŵ͘^ƵƉƉůŝĞƌŵƵƐƚďĞĂďůĞƚŽŝĚĞŶƚŝĨǇƚŚĞWƵŶĐŚͲŽƵƚƐĞƐƐŝŽŶĂŶĚƚƌĂŶƐŵŝƚƚĞĚWKĂƐďĞŝŶŐĨƌŽŵƚŚĞŝŶĚŝǀŝĚƵĂů ůŽĐĂƚŝŽŶƐ͘/ĨƉƌŽǀŝĚŝŶŐĂWƵŶĐŚͲŽƵƚĐĂƚĂůŽŐ͕^ƵƉƉůŝĞƌŵƵƐƚďĞĂďůĞƚŽĂĐĐŽŵŵŽĚĂƚĞŵƵůƚŝƉůĞhůŽĐĂƚŝŽŶƐŽŶĂƐŝŶŐůĞ ƉůĂƚĨŽƌŵƵƐŝŶŐĂƐŝŶŐůĞWƵŶĐŚͲŽƵƚƐŝƚĞ͕ƵŶůĞƐƐƌĞƋƵĞƐƚĞĚŽƚŚĞƌǁŝƐĞďǇh͘ ;ďͿDĂŝŶƚĞŶĂŶĐĞŽĨ,ŽƐƚĞĚĂŶĚWƵŶĐŚͲŽƵƚĂƚĂůŽŐƐ͘ ^ƵƉƉůŝĞƌǁŝůůƉƌŽǀŝĚĞŝƚƐĂƚĂůŽŐ;ƐͿƚŽhŝŶĂĨŝůĞĨŽƌŵĂƚƚŚĂƚǁŝůůŝŶƚĞƌĨĂĐĞƐĞĂŵůĞƐƐůǇǁŝƚŚh͛ƐĞWƌŽĐƵƌĞŵĞŶƚ ƐǇƐƚĞŵƐ͘dŚĞƐĞĂƚĂůŽŐĨŝůĞƐǁŝůůďĞŝŶĐŽŵƉůŝĂŶĐĞǁŝƚŚĞĂĐŚh>ŽĐĂƚŝŽŶ͛ƐĞWƌŽĐƵƌĞŵĞŶƚƐǇƐƚĞŵ͘ hŵĂŬĞƐŶŽŐƵĂƌĂŶƚĞĞŽĨĂ'Ž>ŝǀĞ^ĐŚĞĚƵůĞĨŽƌĞƐƚĂďůŝƐŚŵĞŶƚŽĨĂŶĞǁĐĂƚĂůŽŐ^ǇƐƚĞŵǁŝĚĞ͕ĂƐĞĂĐŚ>ŽĐĂƚŝŽŶŝƐĂ ƐĞƉĂƌĂƚĞĞŶĂďůĞŵĞŶƚĂŶĚƐƵďũĞĐƚƚŽƌĞƐŽƵƌĐĞĂǀĂŝůĂďŝůŝƚǇ͘dŝŵĞůŝŶĞƐǁŝůůďĞĞƐƚŝŵĂƚĞĚĂŶĚĂĚũƵƐƚĞĚďǇhĂƐŶĞĞĚĞĚ ĨŽƌĐŽŶĐƵƌƌĞŶƚŝŵƉůĞŵĞŶƚĂƚŝŽŶƐ͘ &Žƌ,ŽƐƚĞĚĂƚĂůŽŐƐ͕^ƵƉƉůŝĞƌŵƵƐƚƉƌŽǀŝĚĞhǁŝƚŚƵƉĚĂƚĞĚǀĞƌƐŝŽŶƐŽĨƚŚĞĂƚĂůŽŐĨŝůĞǁŝƚŚ͕ĂƚĂŵŝŶŝŵƵŵ͕ĨƵůů ĚĞƐĐƌŝƉƚŝŽŶƐĂŶĚŝŵĂŐĞƐƚŚĂƚ^ƵƉƉůŝĞƌĐƵƌƌĞŶƚůǇƵƚŝůŝǌĞƐĨŽƌŝƚĞŵƐŽĨĨĞƌĞĚŝŶŝƚƐƉƌŽƉƌŝĞƚĂƌǇǁĞďƐŝƚĞƐĂŶĚWƵŶĐŚͲŽƵƚ ĂƚĂůŽŐƐ͘dŚĞƉĂƌƚŝĞƐǁŝůůƵƉĚĂƚĞĞĂĐŚŽƚŚĞƌƌĞŐĂƌĚŝŶŐĞŽŵŵĞƌĐĞƐƉĞĐŝĨŝĐĂƚŝŽŶƐĂƐŶĞĞĚĞĚĨƌŽŵƚŝŵĞƚŽƚŝŵĞ͘ ^ƵƉƉůŝĞƌŵƵƐƚŶŽƚŝĨǇh͛ƐŽŶƚƌĂĐƚĚŵŝŶŝƐƚƌĂƚŽƌĂƚůĞĂƐƚƚŚƌĞĞ;ϯͿǁĞĞŬƐŝŶĂĚǀĂŶĐĞŽĨƚŚĞƉƌŽƉŽƐĞĚ'Ž>ŝǀĞĂƚĞ ŝĨŝƚǁŝůůďĞƌĞƋƵĞƐƚŝŶŐĂĚĚŝƚŝŽŶƐ͕ĚĞůĞƚŝŽŶƐ͕ŽƌŵŽĚŝĨŝĐĂƚŝŽŶƐƚŽƚŚĞĂƚĂůŽŐƐ͘ĨƚĞƌƐƵĐŚĂĚǀĂŶĐĞŶŽƚŝĨŝĐĂƚŝŽŶ͕^ƵƉƉůŝĞƌ ŵƵƐƚƉƌŽǀŝĚĞhǁŝƚŚĂƚĂůŽŐĨŝůĞƐĐŽŶƚĂŝŶŝŶŐƚŚĞƌĞƋƵĞƐƚĞĚĂĚĚŝƚŝŽŶƐ͕ĚĞůĞƚŝŽŶƐ͕ŽƌŵŽĚŝĨŝĐĂƚŝŽŶƐǁŝƚŚŶŽůĞƐƐƚŚĂŶ ƚŚĞůĞĂĚƚŝŵĞƐƉĞĐŝĨŝĞĚŝŶ^ĞĐƚŝŽŶϭϬŽĨƚŚŝƐĂƉƉĞŶĚŝǆ͘/ŶĂĚĚŝƚŝŽŶ͕ĨŽƌƉƌŝĐĞĨŝůĞƵƉĚĂƚĞƐǁŝƚŚĂŵƵƚƵĂůůǇĂŐƌĞĞĚƵƉŽŶ ĂĐƚŝǀĂƚŝŽŶŽĨ:ĂŶƵĂƌǇϭ͕^ƵƉƉůŝĞƌŵƵƐƚƐƵďŵŝƚƉƌŽƉŽƐĞĚĨŝůĞƐĂƚůĞĂƐƚĨŝǀĞ;ϱͿǁĞĞŬƐƉƌŝŽƌƚŽƚŚĞĨŝƌƐƚǁŽƌŬŝŶŐĚĂǇŝŶ :ĂŶƵĂƌǇ͘hƉŽŶh͛ƐĂƉƉƌŽǀĂůŽĨƚŚĞŶĞǁĂƚĂůŽŐĨŝůĞ͕hĂŶĚ^ƵƉƉůŝĞƌǁŝůůĐŽŶĨŝƌŵƚŚĞ'Ž>ŝǀĞĂƚĞ͖ƚŚĞƵƉĚĂƚĞĚ ǀĞƌƐŝŽŶŽĨƚŚĞĂƚĂůŽŐĨŝůĞǁŝůůďĞŵĂĚĞĞĨĨĞĐƚŝǀĞŽŶƚŚĂƚ'Ž>ŝǀĞĚĂƚĞ͘/ĨhƌĞũĞĐƚƐĂĂƚĂůŽŐŵŽƌĞƚŚĂŶŽŶĐĞďĞĐĂƵƐĞ ŝƚĚŽĞƐŶŽƚŵĞĞƚh͛ƐĂĐĐĞƉƚĂŶĐĞĐƌŝƚĞƌŝĂ͕ƚŚĞŽŶƚƌĂĐƚĚŵŝŶŝƐƚƌĂƚŽƌǁŝůůƐƵƐƉĞŶĚ^ƵƉƉůŝĞƌ͛ƐƉƌŝĐĞͬĐŽŶƚĞŶƚĐŚĂŶŐĞ ƵŶƚŝůƚŚĞĚĂƚĞŽĨ^ƵƉƉůŝĞƌ͛ƐŶĞǆƚĂĐĐĞƉƚĂďůĞĐŽŶƚƌĂĐƚĞĚĐŚĂŶŐĞ͘ /ĨƚŚĞƌĞŝƐĂĐŽŶĨůŝĐƚďĞƚǁĞĞŶĂƉƌŝĐĞŝŶĂ,ŽƐƚĞĚĂƚĂůŽŐĂŶĚĂWƵŶĐŚͲŽƵƚĂƚĂůŽŐ͕hǁŝůůďĞŝŶǀŽŝĐĞĚĂƚƚŚĞůŽǁĞƌ ƉƌŝĐĞ͘^ƵƉƉůŝĞƌŵƵƐƚŶŽƚŝĨǇhŝŶĂĚǀĂŶĐĞǁŚĞŶƐƵďƐƚŝƚƵƚŝŶŐŝƚĞŵƐ͕ĐŚĂŶŐŝŶŐ^<hŶƵŵďĞƌƐŽƌĐŚĂŶŐŝŶŐƚŚĞŶƵŵďĞƌ ŽĨŝƚĞŵƐŝŶĂƉĂĐŬĂŐĞŝŶĂŶǇĂƚĂůŽŐ͘ 993 of 1132 998 5HYLVHG3DJHRI ŽŶƚĞŶƚŝŶ^ƵƉƉůŝĞƌĐĂƚĂůŽŐŝƐůŝŵŝƚĞĚƚŽƚŚĞĐĂƚĞŐŽƌŝĞƐƐƉĞĐŝĨŝĞĚŝŶƚŚŝƐĂŐƌĞĞŵĞŶƚ͕ǁŝƚŚĂĚĚŝƚŝŽŶĂůĐĂƚĞŐŽƌŝĞƐĂůůŽǁĞĚ Ăƚh͛ƐĚŝƐĐƌĞƚŝŽŶ͘^ƵƉƉůŝĞƌĂŐƌĞĞƐƚŚĂƚhŵĂǇďůŽĐŬĂƚĂůŽŐŝƚĞŵƐĂƚƚŚĞĐĂƚĞŐŽƌǇĂŶĚͬŽƌ^<hůĞǀĞů͘ dŚĞhŶŝǀĞƌƐŝƚǇǁŝůůƌĞƋƵŝƌĞ^ƵƉƉůŝĞƌƚŽĐůĞĂƌůǇŝĚĞŶƚŝĨǇƉƌŽĚƵĐƚƐĂƐ,ĂǌĂƌĚŽƵƐDĂƚĞƌŝĂůƐ͕ZĂĚŝŽĂĐƚŝǀĞ͕ĂŶĚŽŶƚƌŽůůĞĚ ^ƵďƐƚĂŶĐĞƐŝŶƚŚĞ^ƵƉƉůŝĞƌ͛ƐĐĂƚĂůŽŐ͕ǁŚĞƚŚĞƌ,ŽƐƚĞĚŽƌWƵŶĐŚͲŽƵƚ͘&ŽƌWƵŶĐŚͲŽƵƚƚŚĞŝĚĞŶƚŝĨŝĞƌǁŝůůďĞƌĞƚƵƌŶĞĚƚŽ ƚŚĞĐĂƌƚŽĨƚŚĞ>ŽĐĂƚŝŽŶ͛ƐĞWƌŽĐƵƌĞŵĞŶƚƐǇƐƚĞŵ͕ŝŶĂŵĂŶŶĞƌͬĨŝĞůĚĂĐĐĞƉƚĂďůĞƚŽƚŚĞ>ŽĐĂƚŝŽŶ͘ dŚĞhŶŝǀĞƌƐŝƚǇǁŝůůƌĞƋƵŝƌĞ^ƵƉƉůŝĞƌƚŽĐůĞĂƌůǇŝĚĞŶƚŝĨǇƉƌŽĚƵĐƚƐǁŝƚŚhͲƌĞĐŽŐŶŝǌĞĚƐƵƐƚĂŝŶĂďŝůŝƚǇͬŐƌĞĞŶĐĞƌƚŝĨŝĐĂƚŝŽŶƐ ŝŶďŽƚŚŚŽƐƚĞĚĂŶĚWƵŶĐŚͲŽƵƚĐĂƚĂůŽŐƐ͘h͛ƐŽŶƚƌĂĐƚĚŵŝŶŝƐƚƌĂƚŽƌǁŝůůǁŽƌŬǁŝƚŚ^ƵƉƉůŝĞƌƚŽĞŶƐƵƌĞƚŚĂƚĐŽŶƚƌĂĐƚ ŝƚĞŵƐƚŚĂƚŵĞĞƚƚŚĞhĐƌŝƚĞƌŝĂĨŽƌ'ƌĞĞŶͬ^ƵƐƚĂŝŶĂďůĞƉƌŽĚƵĐƚƐǁŝůůďĞƉƌŝŽƌŝƚŝǌĞĚŝŶĂůůƉƌŽĚƵĐƚƐĞĂƌĐŚĞƐ͘WƌŽĚƵĐƚƐ ƚŚĂƚĚŽŶŽƚŵĞĞƚh͛ƐŵŝŶŝŵƵŵĐƌŝƚĞƌŝĂƌĞƋƵŝƌĞŵĞŶƚƐŵĂǇďĞďůŽĐŬĞĚŝŶĂůůŚŽƐƚĞĚĐĂƚĂůŽŐƐĂŶĚWƵŶĐŚͲŽƵƚĐĂƚĂůŽŐƐ Ăƚh͛ƐĚŝƐĐƌĞƚŝŽŶ͘ ^ƵƉƉůŝĞƌŝƐƌĞƐƉŽŶƐŝďůĞĨŽƌƉƌŽǀŝĚŝŶŐhǁŝƚŚĂƚĂůŽŐƐƚŚĂƚĐŽŶƚĂŝŶĂĐĐƵƌĂƚĞƉƌŝĐŝŶŐĂŶĚĚĂƚĂŝŶĂĐĐŽƌĚĂŶĐĞǁŝƚŚƚŚĞ ŐƌĞĞŵĞŶƚ͘/ĨhĚĞƚĞƌŵŝŶĞƐƚŚĞƌĞĂƌĞĞƌƌŽƌƐŝŶƚŚĞƉƌŝĐŝŶŐŽƌĚĂƚĂĂƚƚƌŝďƵƚĞƐŽĨĂĂƚĂůŽŐ͕hǁŝůůŶŽƚŝĨǇ^ƵƉƉůŝĞƌŽĨ ƚŚŽƐĞĞƌƌŽƌƐŝŶǁƌŝƚŝŶŐĂŶĚƌĞũĞĐƚƚŚĞĂƚĂůŽŐ͘^ƵƉƉůŝĞƌǁŝůůŚĂǀĞŶŽŵŽƌĞƚŚĂŶƚĞŶ;ϭϬͿďƵƐŝŶĞƐƐĚĂǇƐƚŽƌĞǀŝĞǁĂŶĚ ĐŽƌƌĞĐƚƚŚĞĞƌƌŽƌƐ͘ ;ĐͿ>ŝĐĞŶƐĞ͘ ^ƵƉƉůŝĞƌŚĞƌĞďǇŐƌĂŶƚƐƚŽh͕ĂƚŶŽĂĚĚŝƚŝŽŶĂůĐŽƐƚ͕ĂůŝŵŝƚĞĚ͕ŶŽŶͲĞǆĐůƵƐŝǀĞ͕ƌŽǇĂůƚǇͲĨƌĞĞƌŝŐŚƚƚŽůŝŶŬƚŽĂŶĚĂĐĐĞƐƐ ƚŚĞ^ƵƉƉůŝĞƌ^ŝƚĞĨƌŽŵƚŚĞĞWƌŽĐƵƌĞŵĞŶƚƐŝƚĞƐ͕ƐƵďũĞĐƚƚŽƚŚĞƚĞƌŵƐĂŶĚĐŽŶĚŝƚŝŽŶƐŚĞƌĞŝŶĂŶĚƐŽůĞůǇĨŽƌƚŚĞƉƵƌƉŽƐĞ ŽĨƉĞƌŵŝƚƚŝŶŐhƐĞƌƐƚŽĂĐĐĞƐƐƚŚĞ^ĞƌǀŝĐĞƐ͘ůů^ƵƉƉůŝĞƌDĂƌŬƐǁŝůůƌĞŵĂŝŶƚŚĞƐŽůĞƉƌŽƉĞƌƚǇŽĨ^ƵƉƉůŝĞƌ͘ ;ĚͿĐĐĞƐƐŝďŝůŝƚǇZĞƋƵŝƌĞŵĞŶƚƐ͘ ^ƵƉƉůŝĞƌĂŐƌĞĞƐƚŚĂƚ^ƵƉƉůŝĞƌǁŝůůŵĂŬĞĂǀĂŝůĂďůĞ'ŽŽĚƐͬ^ĞƌǀŝĐĞƐĂĐĐĞƐƐŝďůĞƚŽƉĞŽƉůĞǁŝƚŚĚŝƐĂďŝůŝƚŝĞƐĂŶĚĐŽŶĨŽƌŵ ƚŽƚŚĞƚĞĐŚŶŝĐĂůƌĞƋƵŝƌĞŵĞŶƚƐŽĨƚŚĞƌĞůĞǀĂŶƚZĞǀŝƐĞĚ^ƚĂŶĚĂƌĚƐŽĨ^ĞĐƚŝŽŶϱϬϴŽĨƚŚĞĨĞĚĞƌĂůZĞŚĂďŝůŝƚĂƚŝŽŶĐƚ͘/Ŷ ĂĚĚŝƚŝŽŶ͕^ƵƉƉůŝĞƌǁĂƌƌĂŶƚƐƚŚĂƚ͗ ŝ͘ŶǇĐĂƚĂůŽŐĐŽŶƚĞŶƚƉƌŽǀŝĚĞĚƚŽhǁŝůůĐŽŵƉůǇǁŝƚŚƚŚĞĂĐĐĞƐƐŝďŝůŝƚǇƌĞƋƵŝƌĞŵĞŶƚƐŽĨt'Ϯ͘Ϭ͘ ŝŝ͘^ƵƉƉůŝĞƌǁŝůůƉƌŽŵƉƚůǇƌĞƐƉŽŶĚƚŽĂŶĚƌĞƐŽůǀĞĂŶǇĐŽŵƉůĂŝŶƚƌĞŐĂƌĚŝŶŐĂĐĐĞƐƐŝďŝůŝƚǇŽĨĂŶǇĐĂƚĂůŽŐ ĐŽŶƚĞŶƚƉƌŽǀŝĚĞĚƚŽh͘ ^d/KEϱʹh^Z^hWWKZd ;ĂͿhƵƚŝĞƐ͘ĂĐŚh>ŽĐĂƚŝŽŶǁŝůůƉƌŽǀŝĚĞŝƚƐhƐĞƌƐǁŝƚŚŝŶŝƚŝĂůĐŽŶƚĂĐƚĂŶĚƐǇƐƚĞŵƐƵƉƉŽƌƚĂƐƐŝƐƚĂŶĐĞŽŶĂůů ĨƵŶĐƚŝŽŶĂůŝƚǇĂŶĚƵƐĞŝƐƐƵĞƐĨŽƌĞWƌŽĐƵƌĞŵĞŶƚ;ŝŶĐůƵĚŝŶŐůŝŶŬƐƚŽƚŚĞ^ƵƉƉůŝĞƌ^ŝƚĞͿ͘tŚĞŶŬŶŽǁŶ͕hǁŝůůƉƌŽŵƉƚůǇ ŶŽƚŝĨǇ^ƵƉƉůŝĞƌŽĨĂŶǇƐƵĐŚŝƐƐƵĞƐƌĞůĂƚŝŶŐƚŽƚŚĞĂƚĂůŽŐ͕ƚŚĞ^ƵƉƉůŝĞƌ^ŝƚĞ͕ĂŶĚͬŽƌŽƚŚĞƌ^ƵƉƉůŝĞƌŵĂƚĞƌŝĂůƐͬƐǇƐƚĞŵƐ͘ ;ďͿ^ƵƉƉůŝĞƌƵƚŝĞƐ͘^ƵƉƉůŝĞƌǁŝůůƉƌŽǀŝĚĞĂůůĐƵƐƚŽŵĞƌƐƵƉƉŽƌƚƌĞůĂƚŝŶŐƚŽƚŚĞĂƚĂůŽŐ͕^ƵƉƉůŝĞƌ'ŽŽĚƐĂŶĚͬŽƌ^ĞƌǀŝĐĞƐ͕ /ŶǀŽŝĐŝŶŐͬWĂǇŵĞŶƚͬƌĞĚŝƚƐ͕ĂŶĚ^ƵƉƉůŝĞƌ^ŝƚĞƐŝŶĂŵĂŶŶĞƌĐŽŶƐŝƐƚĞŶƚǁŝƚŚƚŚĞĐƵƐƚŽŵĞƌƐƵƉƉŽƌƚƚŚĂƚ^ƵƉƉůŝĞƌ ƉƌŽǀŝĚĞƐƚŽŽƚŚĞƌĐƵƐƚŽŵĞƌƐ͕ĂŶĚĂƚůĞĂƐƚĂƐŐŽŽĚĂƐƚŚĞĐƵƐƚŽŵĞƌƐƵƉƉŽƌƚƚŚĂƚ^ƵƉƉůŝĞƌƉƌŽǀŝĚĞƐƚŽĐƵƐƚŽŵĞƌƐǁŚŽ ĂƌĞƉƵƌĐŚĂƐŝŶŐƚŚƌŽƵŐŚĂŶǇŽƚŚĞƌŵĞĂŶƐ͘ ^d/KEϲʹWZKWZ/dZzZ/',d^ h͛ƐdĞƌŵƐĂŶĚŽŶĚŝƚŝŽŶƐŽĨWƵƌĐŚĂƐĞĐŽŶƚĂŝŶƐƉƌŽǀŝƐŝŽŶƐƌĞŐĂƌĚŝŶŐƚŚĞƉĂƌƚŝĞƐ͛ƌŝŐŚƚƐĂŶĚƌĞƐƉŽŶƐŝďŝůŝƚŝĞƐǁŝƚŚ ƌĞƐƉĞĐƚƚŽŝŶƚĞůůĞĐƚƵĂůƉƌŽƉĞƌƚǇƌĞůĂƚŝŶŐƚŽƚŚĞ'ŽŽĚƐĂŶĚ^ĞƌǀŝĐĞƐ͘tŝƚŚŽƵƚĂůƚĞƌŝŶŐƚŚŽƐĞƉƌŽǀŝƐŝŽŶƐ͕ƚŚĞƉĂƌƚŝĞƐ ĂĚĚŝƚŝŽŶĂůůǇĂŐƌĞĞĂƐĨŽůůŽǁƐ͗hŵĂǇƌĞƋƵŝƌĞ^ƵƉƉůŝĞƌƚŽ͞ďƌĂŶĚ͟^ƵƉƉůŝĞƌ͛ƐWƵŶĐŚͲŽƵƚĂƚĂůŽŐǁŝƚŚŽŶĞŽƌŵŽƌĞh DĂƌŬƐ͘/ĨhƌĞƋƵŝƌĞƐ^ƵƉƉůŝĞƌƚŽƵƚŝůŝǌĞŽŶĞŽƌŵŽƌĞhDĂƌŬƐŽŶ^ƵƉƉůŝĞƌ͛ƐWƵŶĐŚͲŽƵƚĂƚĂůŽŐ͕hǁŝůůƉƌŽǀŝĚĞƚŚĞ ĂƉƉƌŽƉƌŝĂƚĞĂƌƚǁŽƌŬĂŶĚƐƵĐŚĂƌƚǁŽƌŬǁŝůůďĞĚĞĞŵĞĚƚŽŚĂǀĞďĞĞŶƉƌŽǀŝĚĞĚǁŝƚŚĂůŝŵŝƚĞĚ͕ŶŽŶͲĞǆĐůƵƐŝǀĞ͕ŶŽŶͲƐƵďͲ 994 of 1132 999 5HYLVHG3DJHRI ůŝĐĞŶƐĂďůĞƌŝŐŚƚĨŽƌ^ƵƉƉůŝĞƌƚŽƵƐĞŝƚƐŽůĞůǇĨŽƌƚŚĞƉƵƌƉŽƐĞŽĨĂhͲďƌĂŶĚĞĚWƵŶĐŚͲŽƵƚĂƚĂůŽŐŚŽƐƚĞĚďǇ^ƵƉƉůŝĞƌ ĂŶĚƐƵďũĞĐƚƚŽƚŚĞĨŽůůŽǁŝŶŐƚĞƌŵƐ͗ ;ŝͿ^ƵƉƉůŝĞƌŵĂǇŶŽƚŵĂŬĞĂŶǇĂĚĚŝƚŝŽŶĂůƵƐĞŽĨƚŚĞhDĂƌŬƐǁŝƚŚŽƵƚh͛ƐƉƌŝŽƌǁƌŝƚƚĞŶĂƉƉƌŽǀĂů͘ ^ƵƉƉůŝĞƌ͛ƐƵƐĞŽĨƚŚĞhDĂƌŬƐŝŶƚŚĞWƵŶĐŚͲŽƵƚĂƚĂůŽŐŵƵƐƚĂĐŬŶŽǁůĞĚŐĞhΖƐŽǁŶĞƌƐŚŝƉŽĨƚŚĞhDĂƌŬƐ͘^ƵƉƉůŝĞƌ ǁŝůůŝŶĐůƵĚĞĂůůŶŽƚŝĐĞƐĂŶĚůĞŐĞŶĚƐǁŝƚŚƌĞƐƉĞĐƚƚŽhƚƌĂĚĞŵĂƌŬƐ͕ƚƌĂĚĞŶĂŵĞƐ͕ŽƌĐŽƉǇƌŝŐŚƚƐĂƐŵĂǇďĞƌĞƋƵŝƌĞĚ ďǇĂƉƉůŝĐĂďůĞƚƌĂĚĞŵĂƌŬĂŶĚĐŽƉǇƌŝŐŚƚůĂǁƐŽƌǁŚŝĐŚŵĂǇďĞƌĞĂƐŽŶĂďůǇƌĞƋƵĞƐƚĞĚďǇh͘^ƵƉƉůŝĞƌĂŐƌĞĞƐŶŽƚƚŽ ĐůĂŝŵĂŶǇƚŝƚůĞƚŽhDĂƌŬƐŽƌĂŶǇƌŝŐŚƚƚŽƵƐĞhDĂƌŬƐĞǆĐĞƉƚĂƐƉĞƌŵŝƚƚĞĚďǇƚŚŝƐƉƉĞŶĚŝǆ͘hƉŽŶƚĞƌŵŝŶĂƚŝŽŶŽĨ ƚŚŝƐƉƉĞŶĚŝǆŽƌƚŚĞŐƌĞĞŵĞŶƚ͕ĂůůƌŝŐŚƚƐƚŽhDĂƌŬƐĐŽŶǀĞǇĞĚďǇhƚŽ^ƵƉƉůŝĞƌǁŝůůĐĞĂƐĞĂŶĚ^ƵƉƉůŝĞƌǁŝůů ĚĞƐƚƌŽǇŽƌƌĞƚƵƌŶƚŽhĂůůŵĞĚŝĂǁŝƚŚhDĂƌŬƐ͘hƐƉĞĐŝĨŝĐĂůůǇƌĞƐĞƌǀĞƐĂŶǇĂŶĚĂůůƌŝŐŚƚƐƚŽhDĂƌŬƐŶŽƚ ƐƉĞĐŝĨŝĐĂůůǇŐƌĂŶƚĞĚƚŽ^ƵƉƉůŝĞƌ͘ ^ƵƉƉůŝĞƌŐƌĂŶƚƐƚŽhƚŚĞƌŝŐŚƚƚŽƵƐĞ^ƵƉƉůŝĞƌΖƐƚƌĂĚĞŵĂƌŬƐ͕ůŽŐŽƐ͕ƚƌĂĚĞŶĂŵĞƐ͕ĂŶĚƐĞƌǀŝĐĞŵĂƌŬƐĨŽƌƚŚĞƉƵƌƉŽƐĞ ŽĨƉƌŽŵŽƚŝŶŐhĞWƌŽĐƵƌĞŵĞŶƚƐŝƚĞƐƚŽƚŚĞhĐŽŵŵƵŶŝƚǇ͘hĂĐŬŶŽǁůĞĚŐĞƐ^ƵƉƉůŝĞƌΖƐƌŝŐŚƚ͕ƚŝƚůĞ͕ĂŶĚŝŶƚĞƌĞƐƚŝŶ ĂŶĚƚŽ^ƵƉƉůŝĞƌ͛ƐDĂƌŬƐĂŶĚ^ƵƉƉůŝĞƌ͛ƐĞǆĐůƵƐŝǀĞƌŝŐŚƚƚŽƵƐĞĂŶĚůŝĐĞŶƐĞƚŚĞƵƐĞŽĨ^ƵƉƉůŝĞƌDĂƌŬƐĂŶĚĂŐƌĞĞƐŶŽƚƚŽ ĐůĂŝŵĂŶǇƚŝƚůĞƚŽ^ƵƉƉůŝĞƌDĂƌŬƐŽƌĂŶǇƌŝŐŚƚƚŽƵƐĞ^ƵƉƉůŝĞƌDĂƌŬƐĞǆĐĞƉƚĂƐƉĞƌŵŝƚƚĞĚďǇƚŚŝƐƉƉĞŶĚŝǆ͘hǁŝůů ŝŶĐůƵĚĞĂůůŶŽƚŝĐĞƐĂŶĚůĞŐĞŶĚƐǁŝƚŚƌĞƐƉĞĐƚƚŽ^ƵƉƉůŝĞƌƚƌĂĚĞŵĂƌŬƐ͕ƚƌĂĚĞŶĂŵĞƐ͕ŽƌĐŽƉǇƌŝŐŚƚƐĂƐŵĂǇďĞƌĞƋƵŝƌĞĚ ďǇĂƉƉůŝĐĂďůĞƚƌĂĚĞŵĂƌŬĂŶĚĐŽƉǇƌŝŐŚƚůĂǁƐŽƌǁŚŝĐŚŵĂǇďĞƌĞĂƐŽŶĂďůǇƌĞƋƵĞƐƚĞĚďǇ^ƵƉƉůŝĞƌ͘hƉŽŶƚĞƌŵŝŶĂƚŝŽŶ ŽĨƚŚŝƐƉƉĞŶĚŝǆ͕ĂůůƌŝŐŚƚƐƚŽ^ƵƉƉůŝĞƌDĂƌŬƐĐŽŶǀĞǇĞĚďǇ^ƵƉƉůŝĞƌƚŽhǁŝůůĐĞĂƐĞĂŶĚhǁŝůůĚĞƐƚƌŽǇŽƌƌĞƚƵƌŶƚŽ ^ƵƉƉůŝĞƌ Ăůů ŵĞĚŝĂ ǁŝƚŚ ^ƵƉƉůŝĞƌ DĂƌŬƐ͘ ^ƵƉƉůŝĞƌ ƐƉĞĐŝĨŝĐĂůůǇ ƌĞƐĞƌǀĞƐ ĂŶǇ ĂŶĚ Ăůů ƌŝŐŚƚ ƚŽ ^ƵƉƉůŝĞƌ DĂƌŬƐ ŶŽƚ ƐƉĞĐŝĨŝĐĂůůǇŐƌĂŶƚĞĚƚŽh͘ ;ŝŝͿdŚĞůŝĐĞŶƐĞƐŐƌĂŶƚĞĚŝŶƚŚĞƉƌĞǀŝŽƵƐƉĂƌĂŐƌĂƉŚƐƌĞŐĂƌĚŝŶŐhDĂƌŬƐĂŶĚ^ƵƉƉůŝĞƌDĂƌŬƐĂƌĞƐƵďũĞĐƚƚŽ ƚŚĞŽŶŐŽŝŶŐĂƉƉƌŽǀĂůŽĨƚŚĞƉĂƌƚǇŽǁŶŝŶŐƚŚĞƌĞƐƉĞĐƚŝǀĞƚƌĂĚĞŵĂƌŬƐ͕ůŽŐŽƐ͕ƚƌĂĚĞŶĂŵĞƐ͕ŽƌĐŽƉǇƌŝŐŚƚƐ͘ ^ƵĐŚŽŶŐŽŝŶŐĂƉƉƌŽǀĂůŝŶĐůƵĚĞƐƚŚĞĂďŝůŝƚǇƚŽƚĞƌŵŝŶĂƚĞʹĂƚĂŶǇƚŝŵĞ͕ĨŽƌĂŶǇƌĞĂƐŽŶ͕ĂŶĚŝŶƚŚĞƐŽůĞ ĚŝƐĐƌĞƚŝŽŶ ŽĨ ƚŚĞ ŽǁŶĞƌ ŽĨ ƚŚĞ ƌĞƐƉĞĐƚŝǀĞ ƚƌĂĚĞŵĂƌŬƐ͕ ůŽŐŽƐ͕ ƚƌĂĚĞŶĂŵĞƐ͕ŽƌĐŽƉǇƌŝŐŚƚƐʹƚŚĞ ƚƌĂĚĞŵĂƌŬůŝĐĞŶƐĞƐƉƌŽǀŝĚĞĚŝŶƚŚĞƉƌĞĐĞĚŝŶŐƉĂƌĂŐƌĂƉŚƐĨŽƌĂŶǇƉĂƌƚŝĐƵůĂƌƚƌĂĚĞŵĂƌŬ͕ůŽŐŽ͕ƚƌĂĚĞ ŶĂŵĞ͕ŽƌĐŽƉǇƌŝŐŚƚĞĚǁŽƌŬǁŝƚŚŽƵƚŶĞĐĞƐƐĂƌŝůǇƚĞƌŵŝŶĂƚŝŶŐƚŚŝƐƉƉĞŶĚŝǆ͘ĂĐŚƉĂƌƚǇĂŐƌĞĞƐŶŽƚƚŽ ƚĂŬĞĂŶǇĂĐƚŝŽŶƚŚĂƚǁŝůůĂĚǀĞƌƐĞůǇƌĞĨůĞĐƚƵƉŽŶŽƌĚĂŵĂŐĞƚŚĞŐŽŽĚǁŝůů͕ƌĞƉƵƚĂƚŝŽŶ͕ŽƌƚŚĞďƌĂŶĚǀĂůƵĞ ŽĨƚŚĞŽƚŚĞƌƉĂƌƚǇ͘ĂĐŚƉĂƌƚǇĨƵƌƚŚĞƌĂŐƌĞĞƐŶŽƚƚŽƚĂŬĞĂŶǇĂĐƚŝŽŶƚŚĂƚŝƐŝŶĐŽŶƐŝƐƚĞŶƚǁŝƚŚƚŚĞŽƚŚĞƌ ƉĂƌƚǇ͛ƐŽǁŶĞƌƐŚŝƉŽĨƚŚĞƌĞƐƉĞĐƚŝǀĞƚƌĂĚĞŵĂƌŬƐ͕ƚƌĂĚĞŶĂŵĞƐ͕ŽƌĐŽƉǇƌŝŐŚƚƐ͘ƚĂůůƚŝŵĞƐ;ŝŶĐůƵĚŝŶŐ ĨŽůůŽǁŝŶŐƚĞƌŵŝŶĂƚŝŽŶŽĨƚŚĞŐƌĞĞŵĞŶƚͿ͕^ƵƉƉůŝĞƌĂŐƌĞĞƐƚŽĐŽŵƉůǇǁŝƚŚ^ĞĐƚŝŽŶϵϮϬϬϬŽĨĂůŝĨŽƌŶŝĂ͛Ɛ ĚƵĐĂƚŝŽŶŽĚĞ͘ ;ĂͿ'ƌĂŶƚŽĨ>ŝĐĞŶƐĞ͘^ƵƉƉůŝĞƌŚĞƌĞďǇŐƌĂŶƚƐhĂŶŽŶͲĞǆĐůƵƐŝǀĞ͕ƌŽǇĂůƚǇͲĨƌĞĞ͗;ŝͿůŝĐĞŶƐĞƚŽƵƐĞ͕ĐŽƉǇ͕ƚƌĂŶƐŵŝƚ͕ĂŶĚ ĚŝƐƉůĂǇƚŚĞĂƚĂůŽŐ͕ĂŶǇŝŶĨŽƌŵĂƚŝŽŶĐŽŶƚĂŝŶĞĚƚŚĞƌĞŝŶĂŶĚƚŚĞ^ƵƉƉůŝĞƌDĂƌŬƐĨŽƌƚŚĞƉƵƌƉŽƐĞƐŽĨƉĞƌŵŝƚƚŝŶŐ ƵƐƚŽŵĞƌƐƚŽĂĐĐĞƐƐŝŶĨŽƌŵĂƚŝŽŶĂďŽƵƚĂŶĚŽƌĚĞƌ^ƵƉƉůŝĞƌ'ŽŽĚƐĂŶĚͬŽƌ^ĞƌǀŝĐĞƐĨƌŽŵĂĂƚĂůŽŐĂŶĚ;ŝŝͿŝĨ^ƵƉƉůŝĞƌ ŝƐƵƐŝŶŐĂWƵŶĐŚͲŽƵƚĂƚĂůŽŐ͕ƌŝŐŚƚƚŽůŝŶŬƚŽĂŶĚĂĐĐĞƐƐƚŚĞWƵŶĐŚͲŽƵƚĂƚĂůŽŐŽŶƚŚĞ^ƵƉƉůŝĞƌ^ŝƚĞ͕ĨŽƌƚŚĞƉƵƌƉŽƐĞƐ ŽĨƉĞƌŵŝƚƚŝŶŐƵƐƚŽŵĞƌƐƚŽĂĐĐĞƐƐƚŚĞ^ƵƉƉůŝĞƌtĞďƐŝƚĞĂŶĚƉĞƌŵŝƚƚŝŶŐƵƐƚŽŵĞƌƐƚŽŽƌĚĞƌ^ƵƉƉůŝĞƌ'ŽŽĚƐĂŶĚͬŽƌ ^ĞƌǀŝĐĞƐ͘ ;ďͿDŽĚŝĨŝĐĂƚŝŽŶƐ͘hǁŝůůŶŽƚŵŽĚŝĨǇŽƌƌĞŵŽǀĞĂŶǇŽĨƚŚĞƉƌŽƉƌŝĞƚĂƌǇƌŝŐŚƚƐŵĂƌŬŝŶŐƐŝŶƚŚĞĂƚĂůŽŐ͘hǁŝůůŶŽƚ ŵŽĚŝĨǇƚŚĞĐŽŶƚĞŶƚŽĨƚŚĞĂƚĂůŽŐ͕ĞǆĐĞƉƚĂƐŝŶĚŝĐĂƚĞĚďǇ^ƵƉƉůŝĞƌ͕ďƵƚŵĂǇƌĞƋƵŝƌĞ^ƵƉƉůŝĞƌƚŽŵĂŬĞĂŶĚƐƵďŵŝƚ ŵŽĚŝĨŝĐĂƚŝŽŶƐŝĨƌĞƋƵŝƌĞĚĂƐƉĂƌƚŽĨƚŚŝƐĂŐƌĞĞŵĞŶƚ͘,ŽǁĞǀĞƌ͕ĨŽƌŚŽƐƚĞĚĐĂƚĂůŽŐƐ͕hƌĞƐĞƌǀĞƐƚŚĞƌŝŐŚƚƚŽĂƚƚĂĐŚ ĨůĂŐƐƚŽĐĂƚĂůŽŐŝƚĞŵƐĂƐĂŶĂŝĚƚŽƐŚŽƉƉĞƌƐŝŶƐĞůĞĐƚŝŶŐƉƌĞĨĞƌƌĞĚŝƚĞŵƐ͕ƐƵĐŚĂƐŐƌĞĞŶŽƌƌĞĐǇĐůĞĚ͘hǁŝůůŶŽƚŵĂŬĞ ĂŶǇƌĞƉƌĞƐĞŶƚĂƚŝŽŶƐŽƌǁĂƌƌĂŶƚŝĞƐ͕ŽƌƉƌŽǀŝĚĞĂŶǇŝŶĨŽƌŵĂƚŝŽŶ͕ƚŽĂŶǇƚŚŝƌĚƉĂƌƚǇƌĞŐĂƌĚŝŶŐĂŶǇ^ƵƉƉůŝĞƌ'ŽŽĚƐ ĂŶĚͬŽƌ^ĞƌǀŝĐĞƐ;ŝŶĐůƵĚŝŶŐ͕ďƵƚŶŽƚůŝŵŝƚĞĚƚŽ͕ĂŶǇƌĞƉƌĞƐĞŶƚĂƚŝŽŶƐŽƌǁĂƌƌĂŶƚŝĞƐŽĨĂŶǇŝŶĨŽƌŵĂƚŝŽŶƌĞŐĂƌĚŝŶŐ ĂǀĂŝůĂďŝůŝƚǇ͕ĚĞůŝǀĞƌǇ͕ƉƌŝĐŝŶŐ͕ĐŚĂƌĂĐƚĞƌŝƐƚŝĐƐ͕ƋƵĂůŝĨŝĐĂƚŝŽŶƐŽƌƐƉĞĐŝĨŝĐĂƚŝŽŶƐƚŚĞƌĞŽĨͿ͘/ĨhďĞůŝĞǀĞƐŝŶŐŽŽĚĨĂŝƚŚƚŚĂƚ ĂŶǇ^ƵƉƉůŝĞƌŝŶĨŽƌŵĂƚŝŽŶĚŽĞƐŶŽƚĐŽŶĨŽƌŵƚŽƚŚĞƌĞƋƵŝƌĞŵĞŶƚƐŽĨƚŚĞĂƐƐŽĐŝĂƚĞĚhŐƌĞĞŵĞŶƚŽƌƚŚŝƐƉƉĞŶĚŝǆ͕ hǁŝůůďĞĞŶƚŝƚůĞĚƚŽǁŝƚŚĚƌĂǁƚŚĞĂƚĂůŽŐĨƌŽŵhĞWƌŽĐƵƌĞŵĞŶƚƐŝƚĞƐ͘/ŶƐƵĐŚĂĐĂƐĞ͕hǁŝůůƉƌŽŵƉƚůǇŶŽƚŝĨǇƚŚĞ ^ƵƉƉůŝĞƌŽĨƚŚĞĂĐƚŝŽŶƐŝƚŚĂƐƚĂŬĞŶĂŶĚǁŝůůǁŽƌŬǁŝƚŚƚŚĞ^ƵƉƉůŝĞƌƉƌŽŵƉƚůǇƚŽƌĞƐŽůǀĞh͛ƐĐŽŶĐĞƌŶƐ͘tŚĞŶh͛Ɛ 995 of 1132 1000 5HYLVHG3DJHRI ĐŽŶĐĞƌŶƐĂƌĞƐĂƚŝƐĨĂĐƚŽƌŝůǇƌĞƐŽůǀĞĚhǁŝůůƉƌŽŵƉƚůǇƌĞƐƚŽƌĞƚŚĞĂƚĂůŽŐ͕ŝĨĂƉƉƌŽƉƌŝĂƚĞ͘hǁŝůůŚĂǀĞŶŽůŝĂďŝůŝƚǇƚŽ ƚŚĞ^ƵƉƉůŝĞƌŽƌĂŶǇŽŶĞĞůƐĞĨŽƌĞǆĞƌĐŝƐŝŶŐƚŚĞƐĞƌŝŐŚƚƐ͘ ;ĐͿĐŬŶŽǁůĞĚŐŵĞŶƚ͘ĂĐŚƉĂƌƚǇĂĐŬŶŽǁůĞĚŐĞƐƚŚĂƚƚŚĞƚĞĐŚŶŽůŽŐǇĞŵďŽĚŝĞĚŝŶƚŚĞŽƚŚĞƌƉĂƌƚǇ͛Ɛ^ŝƚĞŵĂǇďĞďĂƐĞĚ ŽŶƉĂƚĞŶƚĞĚŽƌƉĂƚĞŶƚĂďůĞŝŶǀĞŶƚŝŽŶƐ͕ƚƌĂĚĞƐĞĐƌĞƚƐ͕ĐŽƉǇƌŝŐŚƚƐŽƌŽƚŚĞƌŝŶƚĞůůĞĐƚƵĂůƉƌŽƉĞƌƚǇŽƌƉƌŽƉƌŝĞƚĂƌǇƌŝŐŚƚƐ ;͞/ŶƚĞůůĞĐƚƵĂůWƌŽƉĞƌƚǇZŝŐŚƚƐ͟ͿŽǁŶĞĚďǇƚŚĞŽƚŚĞƌƉĂƌƚǇĂŶĚŝƚƐĂƉƉůŝĐĂďůĞůŝĐĞŶƐŽƌƐ͘ ;ĚͿhZŝŐŚƚƐ͘ƐďĞƚǁĞĞŶƚŚĞƉĂƌƚŝĞƐ͕hǁŝůůďĞƚŚĞƐŽůĞŽǁŶĞƌŽĨʹŽƌ͕ǁŝƚŚƌĞƐƉĞĐƚƚŽĂŶǇŝƚĞŵƐůŝĐĞŶƐĞĚďǇh͕ ǁŝůů ƌĞƚĂŝŶ Ăůů ƌŝŐŚƚƐ ƚŽ Ăůů /ŶƚĞůůĞĐƚƵĂů WƌŽƉĞƌƚǇ ZŝŐŚƚƐ ĂƐƐŽĐŝĂƚĞĚ ǁŝƚŚ h ĞWƌŽĐƵƌĞŵĞŶƚ ƐŝƚĞƐ͕ ŝŶĐůƵĚŝŶŐ ĂŶǇ ŵŽĚŝĨŝĐĂƚŝŽŶƐ͕ƵƉĚĂƚĞƐ͕ĞŶŚĂŶĐĞŵĞŶƚƐŽƌƵƉŐƌĂĚĞƐƚŽĂŶǇŽĨƚŚĞĨŽƌĞŐŽŝŶŐ͕ĂƐǁĞůůĂƐĂŶǇKƌĚĞƌĂƚĂŐĞŶĞƌĂƚĞĚŽƌ ĐŽůůĞĐƚĞĚŽŶƐƵĐŚƐŝƚĞ;ĐŽůůĞĐƚŝǀĞůǇ͕ƚŚĞ͞hDĂƚĞƌŝĂůƐ͟Ϳ͘ǆĐĞƉƚĂƐƉƌŽǀŝĚĞĚŚĞƌĞŝŶ͕^ƵƉƉůŝĞƌŵĂǇŶŽƚĐŽƉǇŽƌƵƐĞŝŶ ĂŶǇǁĂǇ͕ŝŶǁŚŽůĞŽƌŝŶƉĂƌƚ͕ĂŶǇhDĂƚĞƌŝĂůƐǁŝƚŚŽƵƚh͛ƐƉƌŝŽƌǁƌŝƚƚĞŶĂƉƉƌŽǀĂů͘ŶǇƉĞƌŵŝƚƚĞĚĐŽƉŝĞƐŽĨƐƵĐŚ ƉƌŽƉĞƌƚǇ͕ŝŶǁŚŽůĞŽƌŝŶƉĂƌƚ͕ĂůŽŶĞŽƌĂƐƉĂƌƚŽĨĂĚĞƌŝǀĂƚŝǀĞǁŽƌŬ͕ǁŝůůƌĞŵĂŝŶh͛ƐƐŽůĞƉƌŽƉĞƌƚǇ͘^ƵƉƉůŝĞƌĂŐƌĞĞƐƚŽ ƌĞƉƌŽĚƵĐĞĂŶĚŝŶĐůƵĚĞh͛ƐĐŽƉǇƌŝŐŚƚ͕ƚƌĂĚĞŵĂƌŬĂŶĚŽƚŚĞƌƉƌŽƉƌŝĞƚĂƌǇƌŝŐŚƚƐŶŽƚŝĐĞƐŽŶĂŶǇƉĞƌŵŝƚƚĞĚĐŽƉŝĞƐŽĨ hDĂƚĞƌŝĂůƐŝŶĐůƵĚŝŶŐ͕ǁŝƚŚŽƵƚůŝŵŝƚĂƚŝŽŶ͕ƉĂƌƚŝĂůĐŽƉŝĞƐĂŶĚĐŽƉŝĞĚŵĂƚĞƌŝĂůƐŝŶĚĞƌŝǀĂƚŝǀĞǁŽƌŬƐ͘^ƵƉƉůŝĞƌǁŝůůŶŽƚ ĐŽƉǇ Žƌ ƌĞƉƌŽĚƵĐĞ ĂŶǇ ƚŚŝƌĚͲƉĂƌƚǇ ĐŽƉǇƌŝŐŚƚĞĚ Žƌ ƚƌĂĚĞŵĂƌŬĞĚ ŵĂƚĞƌŝĂůƐ͕ǁŚŝĐŚĂƉƉĞĂƌŽŶŽƌĂƌĞŽƚŚĞƌǁŝƐĞ ĂƐƐŽĐŝĂƚĞĚǁŝƚŚĂŶǇhĞWƌŽĐƵƌĞŵĞŶƚƐŝƚĞǁŝƚŚŽƵƚh͛ƐƉƌŝŽƌǁƌŝƚƚĞŶĐŽŶƐĞŶƚ͘ ^d/KEϳʹDh>d/W>^hWW>/Z^ ^ƵƉƉůŝĞƌĂĐŬŶŽǁůĞĚŐĞƐƚŚĂƚĂůůhĞWƌŽĐƵƌĞŵĞŶƚƐŝƚĞƐĂƌĞŝŶƚĞŶĚĞĚƚŽĨĂĐŝůŝƚĂƚĞhƐĞƌƐ͛ĂďŝůŝƚǇƚŽŽďƚĂŝŶ'ŽŽĚƐĂŶĚͬŽƌ ^ĞƌǀŝĐĞƐĨƌŽŵŵŽƌĞƚŚĂŶŽŶĞƐƵƉƉůŝĞƌ͘EŽƚŚŝŶŐŝŶƚŚŝƐƉƉĞŶĚŝǆǁŝůůďĞĐŽŶƐƚƌƵĞĚƚŽƉƌĞǀĞŶƚhĨƌŽŵĞŶƚĞƌŝŶŐŝŶƚŽ ƐŝŵŝůĂƌĂŐƌĞĞŵĞŶƚƐǁŝƚŚĂŶǇƚŚŝƌĚƉĂƌƚŝĞƐŝŶĐůƵĚŝŶŐ͕ǁŝƚŚŽƵƚůŝŵŝƚĂƚŝŽŶ͕ƐƵƉƉůŝĞƌƐƚŚĂƚŵĂǇďĞŝŶĐŽŵƉĞƚŝƚŝŽŶǁŝƚŚ ^ƵƉƉůŝĞƌ͘ ^d/KEϴʹtZZEdz/^>/DZ hĚŽĞƐŶŽƚǁĂƌƌĂŶƚƚŚĂƚĂĐĐĞƐƐƚŽhĞWƌŽĐƵƌĞŵĞŶƚƐŝƚĞƐǁŝůůďĞƵŶŝŶƚĞƌƌƵƉƚĞĚŽƌƚŚĂƚƚŚĞƌĞƐƵůƚƐŽďƚĂŝŶĞĚďǇƵƐĞ ŽĨhĞWƌŽĐƵƌĞŵĞŶƚƐŝƚĞƐǁŝůůďĞĞƌƌŽƌͲĨƌĞĞ͘ ^d/KEϵʹ/^Whd^E,E'^/Ed,^Zs/^ ;ĂͿhĂŶĚ^ƵƉƉůŝĞƌĂŐƌĞĞƚŽŶĞŐŽƚŝĂƚĞŝŶŐŽŽĚĨĂŝƚŚƚŽƌĞƐŽůǀĞƉƌŽďůĞŵƐ͕ƋƵĞƐƚŝŽŶƐĂŶĚĚŝƐƉƵƚĞƐ͘ ;ďͿtŚĞƌĞŝŵƉƌŽǀĞŵĞŶƚƐĂŶĚĐůĂƌŝĨŝĐĂƚŝŽŶƐĐĂŶďĞŵĂĚĞŝŶƚŚĞďƵƐŝŶĞƐƐƉƌŽĐĞƐƐĞƐƌĞůĂƚĞĚƚŽĞWƌŽĐƵƌĞŵĞŶƚ͕ďŽƚŚ ƉĂƌƚŝĞƐĂŐƌĞĞƚŽŝŶĐŽƌƉŽƌĂƚĞƐƵĐŚĐŚĂŶŐĞƐĂƐůŽŶŐĂƐƚŚĞǇĂƌĞŵƵƚƵĂůůǇĂŐƌĞĞĚƵƉŽŶ͘ ^d/KEϭϬʹ/d/KE>KEdZdh>dZD^ /ŶĂĚĚŝƚŝŽŶƚŽƚŚĞƉƌŽǀŝƐŝŽŶƐŽĨ^ĞĐƚŝŽŶϰ͕^ĞĐƚŝŽŶϭϬƉƌŽǀŝƐŝŽŶƐǁŝůůŐŽǀĞƌŶƚŚĞĂƚĂůŽŐƐ͘/ĨƚŚĞƉƌŽǀŝƐŝŽŶƐŽĨ^ĞĐƚŝŽŶƐ ϰĂŶĚϭϬĐŽŶĨůŝĐƚ͕^ĞĐƚŝŽŶϭϬǁŝůůŐŽǀĞƌŶ͘ dǇƉĞ;ƐͿŽĨĂƚĂůŽŐ;ƐͿ͗ƚh͛ƐĐĂŵƉƵƐĚŝƐĐƌĞƚŝŽŶ͕^ƵƉƉůŝĞƌŝƐĂůůŽǁĞĚƚŽŝŵƉůĞŵĞŶƚĂ΀ƐƉĞĐŝĨǇŚŽƐƚĞĚ͕WƵŶĐŚͲŽƵƚ͕Žƌ ďŽƚŚ΁ĐĂƚĂůŽŐŝŶƚŚĞhĞWƌŽĐƵƌĞŵĞŶƚƐǇƐƚĞŵƐ͘^ƵƉƉůŝĞƌǁŝůůďĞƌĞƋƵŝƌĞĚƚŽĐŽŵƉůǇǁŝƚŚh>ŽĐĂƚŝŽŶĞͲĐŽŵŵĞƌĐĞ ƌĞƋƵŝƌĞŵĞŶƚƐŽŶĂůŽĐĂƚŝŽŶďǇůŽĐĂƚŝŽŶďĂƐŝƐ͕ǁŚŝĐŚŝŶĐůƵĚĞƐƚŚĞĚĞĐŝƐŝŽŶƚŽŵŽǀĞĨŽƌǁĂƌĚǁŝƚŚWƵŶĐŚͲŽƵƚŽƌ,ŽƐƚĞĚ͘ ŶǇĚĞǀŝĂƚŝŽŶĨƌŽŵƚŚĞƚǇƉĞ;ƐͿƐƉĞĐŝĨŝĞĚŚĞƌĞŝŶŵƵƐƚĨŝƌƐƚďĞĂŐƌĞĞĚƵƉŽŶďǇh͛ƐŽŶƚƌĂĐƚĚŵŝŶŝƐƚƌĂƚŽƌ͘ ŶŶƵĂůEƵŵďĞƌŽĨĂƚĂůŽŐƐ͗^ƵƉƉůŝĞƌŝƐĂůůŽǁĞĚƚŽƐƵďŵŝƚŶŽŵŽƌĞƚŚĂŶ΀ŶƵŵďĞƌ΁ĐĂƚĂůŽŐƐƉĞƌĐĂůĞŶĚĂƌǇĞĂƌ͕ǁŝƚŚ ĐŚĂŶŐĞƐĂƐĨŽůůŽǁƐ͗ xŽŶƚĞŶƚĚĚŝƚŝŽŶƐ͕ĞůĞƚŝŽŶƐĂŶĚKƚŚĞƌEŽŶͲƉƌŝĐŝŶŐĚŝƚƐ͗΀ŝŶƐĞƌƚŶƵŵďĞƌŽĨƚŝŵĞƐ^ƵƉƉůŝĞƌĐĂŶĐŚĂŶŐĞŝƚƐ ĐŽŶƚĞŶƚ͖ƋƵĂƌƚĞƌůǇŽƌďŝĂŶŶƵĂůůǇǁŽƵůĚďĞƌĞĐŽŵŵĞŶĚĞĚ΁ xWƌŝĐĞŚĂŶŐĞƐ͗΀ŝŶƐĞƌƚŶƵŵďĞƌŽĨƚŝŵĞƐ^ƵƉƉůŝĞƌĐĂŶĐŚĂŶŐĞŝƚƐƉƌŝĐĞ͖ŽŶĐĞƉĞƌǇĞĂƌǁŽƵůĚďĞƌĞĐŽŵŵĞŶĚĞĚ΁ 996 of 1132 1001 5HYLVHG3DJHRI oůůŽǁĂďůĞůĞǀĞůŽĨƉƌŝĐĞĐŚĂŶŐĞ;ΨͬйͿǁŝůůďĞŝŶĂĐĐŽƌĚĂŶĐĞǁŝƚŚƚŚĞƚĞƌŵƐŽĨƚŚŝƐĂŐƌĞĞŵĞŶƚ͘ o/ĨĂƉƌŝĐĞĨŝůĞŝŶĐůƵĚĞƐďŽƚŚĐŽŶƚĞŶƚĂŶĚƉƌŝĐŝŶŐĐŚĂŶŐĞƐ͕ŝƚǁŝůůĐŽƵŶƚƚŽǁĂƌĚƚŚĞƉƌŝĐŝŶŐĂůůŽĐĂƚŝŽŶ͘ >ĞĂĚƚŝŵĞ͗^ƵƉƉůŝĞƌŵƵƐƚůŽĂĚƚŚĞĂƚĂůŽŐƉƌŝĐĞĨŝůĞŝŶƚŽƚŚĞĞͲWƌŽĐƵƌĞŵĞŶƚƐǇƐƚĞŵ΀ŝŶƐĞƌƚŶƵŵďĞƌ͕ϭϬŝƐƚŚĞ ŵŝŶŝŵƵŵ΁ǁŽƌŬŝŶŐĚĂǇƐƉƌŝŽƌƚŽƚŚĞƉůĂŶŶĞĚŐŽͲůŝǀĞĚĂƚĞ͘;ǆĐĞƉƚŝŽŶʹĨŽƌ:ĂŶƵĂƌǇϭƵƉĚĂƚĞƐƚŽĞŶĂďůĞĚĐĂƚĂůŽŐƐ͕ ^ƵƉƉůŝĞƌŵƵƐƚƐƵďŵŝƚƚŚĞƉƌŝĐĞĨŝůĞŶŽůĂƚĞƌƚŚĂŶϱǁĞĞŬƐƉƌŝŽƌ͕ĂƐƐƉĞĐŝĨŝĞĚŝŶƐĞĐƚŝŽŶϰ͘Ϳ ƵǇĞƌʹ΀ŚŽŽƐĞƚŚŽƐĞƚŚĂƚĂƉƉůǇ΁͗ xEƵŵďĞƌŽĨĐĂƚĂůŽŐͬƉƌŝĐĞĨŝůĞǀĞƌƐŝŽŶƐƚŽďĞƐƵƉƉŽƌƚĞĚĨŽƌƚŚŝƐĂŐƌĞĞŵĞŶƚ͗΀ŝŶƐĞƌƚŶƵŵďĞƌ΁ x/ĨŵŽƌĞƚŚĂŶŽŶĞĐĂƚĂůŽŐͬƉƌŝĐĞĨŝůĞǀĞƌƐŝŽŶŝƐƐƵƉƉŽƌƚĞĚ͕ƉůĞĂƐĞŝŶĐůƵĚĞĂĚĞƐĐƌŝƉƚŝŽŶͬũƵƐƚŝĨŝĐĂƚŝŽŶ;Ğ͘Ő͕͘ƐƉĞĐŝĂů ƉƌŝĐŝŶŐĨŽƌĐŽƌĞƐͿ͗΀ŝŶƐĞƌƚĚĞƐĐƌŝƉƚŝŽŶ΁ xDĂǆŝŵƵŵEƵŵďĞƌŽĨ^<hƐĂůůŽǁĞĚ͗΀ŝŶƐĞƌƚŶƵŵďĞƌ΁;ŽƉƚŝŽŶĂůͿ xĂƚĞŐŽƌŝĞƐĂůůŽǁĞĚǁŝƚŚŝŶĂƚĂůŽŐ͗΀ůŝƐƚƐƉĞĐŝĨŝĐĐĂƚĞŐŽƌŝĞƐ΁Žƌ xĂƚĞŐŽƌŝĞƐďůŽĐŬĞĚǁŝƚŚŝŶĂƚĂůŽŐ͗΀ůŝƐƚƐƉĞĐŝĨŝĐĐĂƚĞŐŽƌŝĞƐ΁ 997 of 1132 1002 - Statement of Work Attachment A 1. General 1.1 Description of the Scope of Services: The purpose of this Statement of Work is for Supplier to sell and/or lease to University multifunction devices (MFDs) with copy, print, scan, and optional fax functionality, and/or Laser Printers, along with related products and support, in a cost effective and efficient manner, accompanied by high standards of quality and service, aligned with University’s needs as further detailed herein. 1.2 Participating Locations: Supplier shall make all terms of the Agreement available to all current and future locations of the University of California. 2. Program Requirements 2.1 Program Manager: Supplier shall assign a Program Manager who will have the overall account management responsibility, as well as a dedicated Account Manager per UC Location. 2.2 Supplier’s Program Manager is listed below, is subject to UC approval, and has overall responsibility for managing the UC/Supplier relationship: Name Doug Macphee, SVP Phone 562 977 7464 Email doug.macphee@xerox.com Address 5700 Warland Drive Cypress, CA 90630 Supplier’s Account Management Team is: Name Scott Reiber Phone 925 701 1657 Email scott.reiber2@xerox.com Address 5050 Hopyard Rd. Pleasanton, CA 94588 Name Martin Soto Phone 310 484 3799 Email martin.soto2@xerox.com Address 5700 Warland Drive Cypress, CA 90630 Name Daria Lewis Phone 714 565 1550 998 of 1132 1003 I I I I I I Statement of Work Attachment A Email daria.lewis@xerox.com Address 1851 E 1 st St. Santa Ana, CA 92705 Name William Bennett III Phone 916 825 0261 Email bill.bennettIII@xerox.com Address 1326 N. Market Blvd Sacramento, CA 95834 Name Marcia Quo Schmidt Phone 714 658 4943 Email marcia.quo-schmidt2@xerox.com Address 5700 Warland Drive Cypress, CA 90630 Name Jim Potts, VP Phone 949 241 6030 Email jim.potts@xerox.com Address 5657 Copley Drive San Diego, CA 92111 Supplier’s staff name may change upon mutual agreement of the parties. Supplier may update the name of its staff by written communication to UC. 2.3 Program Administration: Supplier must provide the necessary staff, infrastructure, and other resources at a level sufficient to ensure efficient, effective, and continually improving fulfillment of its obligations under this Agreement, and as further detailed in the RFP and Supplier’s Response, including, but not limited to: 2.3.1 All support to be available no less than Monday – Friday, 8:00am-5:00pm (Pacific), except holidays. 2.3.2 Provide a toll-free 800 number for Customer Service calls. 2.3.3 Coordinate contract/program implementation, including designating associated Project Manager. 2.3.4 Account management for on-going contract monitoring, maintenance and communication. 2.3.5 Account Representative(s) dedicated to UC Locations. 2.3.6 To insure customer service satisfaction, Supplier is required to call customer 3 days after equipment installation and training. Customer shall be defined as a designated user for that location. For UC Locations with MFD/Printer Fleet Management Programs, Customer shall be defined as the designated contacts for those Programs. 2.3.7 Supplier’s account representative must make frequent on-site visits sufficient to effectively address and resolve issues related to the fulfillment of Suppliers 999 of 1132 1004 I I I I I I Statement of Work Attachment A obligations under the Agreement including, but not limited to: customer orders, problems, and invoice disputes; increase sales activity; advise regarding cost reduction and process improvement opportunities; assist in resolving problems; demonstrate products; provide training; and other customer services as required for the efficient operation of the program. 2.3.8 Coordinate all the order/installation process, inquiries regarding order status, and pricing concerns. 2.3.9 Regular business review meetings (frequency to be determined by each location, though no less than quarterly) between Supplier’s account manager and other representatives as needed (specialists, local representatives, management) and UC Purchasing and/or MFD/Printer Fleet Management Program at each location to review and discuss agreement purchase activity, Supplier key performance indicators (KPIs) and metrics, outstanding issues, new products and services roadmaps, and other related issues. 2.3.10 Maintain a customer service satisfaction level of 98% or better as evidenced by the results of regular customer survey’s conducted by supplier. 2.3.11 A designated contact for billing/invoicing questions and issues. 2.3.12 Ensure that all Supplier support staff are oriented and trained on Supplier’s transaction systems and other infrastructure and processes at a level sufficient to meet University’s needs and comply with Supplier’s obligations under the Agreement. 2.4 Consistency: Supplier must provide and assure consistency across all UC Locations in the following areas: 2.4.1 Pricing on all Products 2.4.2 Discounts on all Products 2.4.3 Support offerings 2.4.4 New Support offerings 2.4.5 Customer Service 2.4.6 Quality Control 2.4.7 Ordering and Payment Processes and Systems 2.5 Partnering: Suppliers must establish and maintain a partner relationship with UC Location Purchasing and/or MFD/Printer Fleet Management Program with respect to MFDs and Laser Printers at each location to achieve objectives such as: 2.5.1 Improving Supplier performance 2.5.2 Improving product and service quality 2.5.3 Improving equipment utilization levels to reduce costs 2.5.4 Increasing sales through product show sponsorship and other marketing assistance 2.5.5 Reduction of paperwork and increased efficiency through consolidated invoicing and other methods 2.5.6 Competitive pricing strategies 1000 of 1132 1005 Statement of Work Attachment A 2.6 In the event of a problem, Supplier makes the following escalation process available to UC: Escalation Process and Chain of Command for Problem Resolution Area Level One Level Two Level Three Why / When to Call Who to Call Why / When to Call Who to Call Why / When to Call Who to Call Customer Issues Customer issues Xerox Customer Service Unit Customer issues beyond the control of or not resolved by Customer Service Client Manager Customer issues beyond the control of or not resolved by Client Manager Account General Manager Sales Requests for Sales related issues or support Xerox Customer Service Unit Requests for Sales related issues or support not being addressed by Customer Service Client Manager Requests for Sales related issues or support not being addressed by Client Manager Public Sector Sales Manager Technical Service Routine Service required Xerox Service Help Desk Technical Service issues not resolved in a timely fashion by Help Desk/Custome r Service Engineer Area Service Manager Technical Service issues not resolved in a timely fashion by Area Service Manager VP Technical Services 2.6.1 "Client Relationship Escalation Procedures”: To effectively manage the Client relationship, Xerox recommends implementation of a document transformational business model and strategy that demonstrates various ‘touch points' within both organizations that covers: x Management: Allows the effective Operational Management of the contract with respect to the provision of the service and delivery of the documented Key 1001 of 1132 1006 Statement of Work Attachment A Performance Indicators (KPIs) and Key Risk Indicators (KRIs) across all the business streams. x Innovation: Allows a continuous focus on innovation of existing contracted services plus a focus on new value-added propositions. x Review: Provides a regular Strategic review process at a senior corporate level that enables both parties to understand synergies between both organizations that will add value to the relationship through the contract period. 2.6.2 Issue Escalation Procedures: The effective management of risk and issues is an essential component of all successful programs. At the beginning of the implementation period Xerox will develop a risk and issue log that will be jointly managed with University of California on a regular basis. The risk and issue log will ensure accountability for risks and issues together with clear action to manage and, where possible, mitigate risk and resolve issues. Equally, Xerox will agree risk and issue thresholds with University of California to ensure the appropriate level of visibility and escalation. The escalation of risks and issues will be managed through an agreed management hierarchy based on their type and criticality. 2.6.3 Technical Service Escalation/Problem Resolution Process (see escalation process in Exhibit 3 Supplier UC Account Support Team. The steps for problem escalation are as follows: i. If the problem is not identified: Customer Service Engineer (CSE) contacts the Xerox Hotline to notify the Work Group Leader, who must respond within one hour. ii. If the problem remains unidentified and or unresolved: CSE re-contacts the Work Group Leader and the Xerox Field Manager for Customer Service to get further assistance and direction. This activity must transpire within 1-3 hours. iii. If Problem is still not identified or resolved: CSE contacts Work Group Leader, Customer Service Technical Specialist, and Field Manager for Customer Service to obtain further suggestions/information. This should occur within 3-4 hours. iv. If Problem is still not identified or resolved: CSE makes arrangements to receive site assistance from Work Group Leader/Customer Service Technical Specialist and notifies the customer’s decision maker on equipment status. This should occur within four to six hours. v. If Problem is still not identified or resolved: CSE, Work Group Leader and Customer Service Technical Specialist contact Field Manager Technical Service to seek assistance outside the immediate support team. This should occur within six to eight hours. 2.7 Disaster Recovery/Business Continuity Plan: Supplier must establish, test, and maintain a Disaster Recovery/Business Continuity Plan, and deploy other systems and processes 1002 of 1132 1007 Statement of Work Attachment A as necessary, in order to ensure efficient and timely fulfillment of its obligations under this Agreement in the event of a disaster or other service interrupting event. 2.8 Service Standards: During the term of this Agreement and any extension(s) of the Term, Supplier will provide the following minimum service standards: 2.9 During the term of this Agreement and any extension(s) of such term, Supplier shall provide after-hours services based on the following service standards. 2.9.1 Response time – Average 4 hours 2.9.2 Repair time – Average 2 hours 2.10 After hours Maintenance services requested and performed outside Supplier’s normal business hours will be charged to UC at the rates provided in the Exhibit 1 and Exhibit 2. Supplier shall not charge UC more than thirty (30) minutes travel time for the services performed after normal business hours. Description Commitment 1. Service/Guarantee a) Total uptime per device b) MFD warranty (parts & labor) a) 96% (not more than 8 hours of downtime per month based on the total number of working hours per month) b) 90 days - Total customer satisfaction guarantee 2.Response/Repair Time a)Response time per device b) Response times to areas beyond 20 miles from major UC Locations a) 4 business hours with 1 business hour acknowledging call back from technician or dispatch —starting from time of call placement Maximum 8 hours or upon mutually agreed time with field office or location administrators. 3.Delivery/Installation a) Delivery (new equipment) b) Delivery (replacement parts) c) Delivery (supplies) d) Installation 10 business days from vendor receipt of order; delivery between 8am and 12noon (Pacific), with one hour pre- delivery call, unless otherwise arranged b) Within 8 business hours from vendor receipt of order c) Within 2 business days from vendor receipt of order d) Installation upon delivery, unless otherwise arranged 4.Setup Within 4 business hours of delivery, unless otherwise arranged. 5.Training Initial Customer training and IT support Unlimited user training on features and functionality at no charge. Initial IT - support no charge. 6. Customer Service a) 800 Number b) Return customer calls a) At no cost b) Within 1 business hour 1003 of 1132 1008 Statement of Work Attachment A 2.11 Supplier agrees to provide to UC, during Supplier's normal business hours (Monday- Friday, 8:00am-5:00pm Pacific), the maintenance necessary to keep the Product in, or restore the Product to, good working order. This maintenance service includes maintenance, based upon the specific needs of individual Product, as determined by Supplier, and unscheduled, on-call remedial maintenance. Maintenance will include, but is not limited to, lubrication, adjustments, and the replacement of maintenance parts deemed necessary by Supplier. Maintenance parts will be furnished on an exchange basis, and the replaced parts become the property of Supplier. Maintenance services provided under this Agreement does not assure uninterrupted operation of the Product. Maintenance service requested and performed outside Supplier's normal business hours will be charged to UC at Supplier's applicable time and material rates and terms as provided in this Agreement. Maintenance costs must be fixed or lowered during the term of the contract. Maintenance costs cannot increase in price during the term of the Agreement. 2.12 Service Warranty: Supplier warrants that services will be performed in a good workmanlike manner in accordance with the applicable service description. Supplier will service during the warranty as well as during the Service Contract through its own Service Organization. It is understood and agreed by UC that Supplier retains exclusive ownership and control of any proprietary software diagnostics utilized in servicing the Products. Supplier to provide MFD and Laser Printer warranty (Parts and labor) 90 Days – Total Satisfaction Guarantee 2.13 Non-Performance Penalty: Supplier agrees to credit UC for not complying with the service standards specified in Section 2.8, as follows: 2.13.1 Maintenance credit - Up to one hundred (100) percent credit to individual UC Locations of monthly maintenance charge for individual MFD availability of less than ninety-six (96) percent calculated for each MFD as specified below: Uptime % Credit (off maintenance monthly charge) Uptime % Credit (off maintenance monthly charge) 100% - 96.0% 0 95.9% - 95.0% 1% 94.9% - 94.0% 2% 93.9% - 93.0% 4% 92.9% - 92.0% 6% 91.9% - 91.0% 8% 1004 of 1132 1009 Statement of Work Attachment A 90.9% - 90.0% 10% 89.9% - 89.0% 12% 88.9% - 88.0% 14% 87.9% - 87.0% 16% 86.9% - 86.0% 18% 85.9% - 85.0% 20% 84.9% - 84.0% 22% 83.9% - 82.0% 24% 82.9% - 82.0% 26% 81.9% - 81.0% 28% 81.9% - 80.0% 30% Less than 80.0% 100% For purposes of computing the effective performance lever, accumulated hours of failure downtime for any month will be adjusted to the nearest whole of half-hour. Credits to be calculated based on prorated share of maintenance charge to be calculated and prorated on a per equipment/unit basis. Uptime is defined as the number of hours that each MFD is available and in good working order during Principle Period of Maintenance coverage as follows: Uptime Percentage = PPM - FT x 100 PPM PPM - Principle Period of Maintenance (8:00am - 5:00pm, Monday through Friday, except holidays) FT - Failure Time For purpose of calculation, Failure Time is defined as any time during the Principle Period of Maintenance when a MFD is incapable of using any its features and functions, due to a failure of the machine mechanically or electronically. This Failure Time will be tracked and reported by Supplier. 1005 of 1132 1010 Statement of Work Attachment A 2.13.2 Delivery credit - Up to fifteen (15) percent of the UC net purchase price and/or monthly lease charge to be calculated on a per equipment unit basis for each device as specified below. The credit for late delivery will not apply in the event Supplier provides, within required delivery time, a loaner acceptable by UC ordering department. Delivery Schedule (Business Days) Credit (Off UC purchase/leaseprice) 10 days 0% 11 days 1.0% 12 days 2.0% 13 days 3.0% 14 days 4.0% 15 days 5.0% 16 days 6.0% 17 days 7.0% 18 days 8.0% 19 days20 daysMore than 20 days 9.0%10.0%15.0% Credits to be calculated based on the UC Net purchase price and/or monthly lease/rental charge to be calculated on a per device basis. 2.13.3 The minimum quality of service standards set forth above recognize that occasional errors are likely, however, the Supplier further agrees to use best efforts to achieve 100% of service level. Should the service levels fall below the minimum standards and the Supplier does not take corrective action within thirty (30) days following University written notification, the University reserves the right to terminate the Agreement immediately. 2.14 Delivery and Installation: Supplier shall provide delivery and installation of devices, including fulfillment process from UC Purchase Order submission to delivery, all at no separate or additional charges to University except as stated under Section 13(7) of the Agreement. UC has the option to accept or reject all Products delivered after promised delivery time, and in addition, may hold Supplier liable to an direct damages caused by late delivery as determined and documented by UC; provided, however, in no event shall the amount of such direct damages exceed UC documented replacement substitution cost for Products ordered. Supplier will report any delivery delay whatsoever to the ordering location, as well as its cause, within two (2) days after Supplier is able to reasonably determine there will be such a delay; such report will be provided to UC by telephone, email, or facsimile. Supplier shall keep UC fully informed if late delivery is due to causes beyond the 1006 of 1132 1011 Statement of Work Attachment A reasonable control and without the fault or negligence of Supplier, including but not limited to: acts of God, war, civil commotion, governmental action, fire, floods, unusually severe weather, explosions, earthquakes, strikes or walkouts against UC, quarantine restrictions, or other causes beyond reasonable control of Supplier. 2.14.1 Suppliers’ dedicated account representative must coordinate all the delivery, installation and training processes with designated representative(s) at each UC Location. 2.14.2 Supplier will provide a written acknowledgment of equipment delivery and installation. 2.15 Training: Supplier must provide training to UC authorized personnel sufficient to enable the proficient and productive use of Supplier’s devices, systems and processes including, but not limited to: • Initial Training (following installation) • Follow-up training • On-going training (existing and new users) 2.15.1 Training to be provided by Supplier at UC Locations at mutually agreed upon dates and times, at no charge to UC. 2.16 Sustainability: Suppliers shall comply with the University of California Sustainable Practices Policy which is the University’s standard for all sustainable practices including, but not limited to: 2.16.1 For each device covered under the Agreement, Supplier must provide that device’s EPEAT rating (Gold, Silver, Bronze) along with the EPEAT recorded options score. Each device must have achieved a minimum EPEAT rating of Bronze. 2.16.2 Provide a take back process for toner cartridges and other consumables at no additional cost to University. 2.16.3 Post Consumer Waste (PCW) Paper: x All devices shall be able to use recycled content paper up to and including 100% Post Consumer Waste (PCW) paper with high reliability, as long as the paper in use meets standard paper categories (e.g. copy, laser, or multi-purpose paper). x Full duplexing using up to and including 100% PCW paper shall be guaranteed by the manufacturer to reliably accomplish 100% duplexing. Recycled paper PCW content cannot be faulted by the Supplier’s service personnel for equipment malfunctions. 1007 of 1132 1012 Statement of Work Attachment A x Should a condition arise in which paper is suspect in underperformance in a significant number of devices using the same paper or same paper batch numbers, further testing may be coordinated by a UC designated official with Supplier to test and determine the appropriate resolution. 2.16.4 Environmentally Responsible Packaging: Supplier agrees to use good faith efforts to utilize minimal packaging, environmentally responsible packaging, recycling practices, and packaging take back for reuse, to minimize the adverse effects of packaging on the environment. 2.16.5 Provide a process by which devices can be taken back by the Supplier at the end of their useful life for remanufacturing, refurbishing, or recycling of parts. For MFDs, Supplier must take back devices at the end of their useful life at no cost, at University discretion. 2.16.6 Sustainable Transportation: Supplier agrees to work towards creating a delivery and transportation model which minimizes Green House Gas (GHG) emissions and has the least impact on the environment. The purchase of the cleanest and most efficient vehicles and tires will be a Supplier goal. The use of alternative fuels will be utilized where and when appropriate. 2.16.7 Sustainable Operations: Supplier agrees to implement a continuous improvement program related to sustainable operations of its facilities. 2.16.8 Reporting: Supplier will report to UC during the quarterly business reviews regarding the improvements that have been made in the previous quarter and planned improvements for the upcoming quarters. Supplier will provide UC quarterly summary reports as specified in the RFP detailing purchases, incentives and the purchase of sustainable products by UC systemwide and by location. 2.16.9 Supplier is required to register and participate in an assessment of their sustainability practices and procedures through the Ecovadis Corporate Social Responsibility (CSR) monitoring platform. For more information on the EcoVadis platform and costs associated with an assessment, please see the EcoVadis Supplier Solutions Website here: https://www.ecovadis.com/us/supplier-solutions-2/. 2.17 Accessibility: 2.17.1 Products will be accessible to people with disabilities and comply with California Building Code 2016 for "forward reach” (11B-308.2) and for “side reach” (11B- 308.3). 2.17.2 OCR will be available on all scanners at no additional cost to UC. 1008 of 1132 1013 Statement of Work Attachment A 2.17.3 On devices with scanning functionality, the installer or repair person will ensure that a one-page instructional flyer is posted at the device that (a) explains why OCR is critical to make PDFs accessible to people with disabilities, (b) instructs the user how to easily turn the OCR capability on/off, (c) provides information about the impact of the OCR process on file size or other document properties, emailing, uploading, and other functionality, and (d) advises that all floor-standing devices should have sufficient clearance for wheelchair access. 2.17.4 Accessibility features for each product will be identified in the supplier’s online form/ecatalog. 2.18 Technical Support: Supplier must provide the following technical support to UC Locations: 2.18.1 Initial installation and configuration of MFD hardware and software for network connectivity and full functionality of the MFD to UC Locations and their IT resources, as needed and/or requested. 2.18.2 Onsite equipment electrical and mechanical troubleshooting and repairs. 2.18.3 Dedicated technical support staff with a working knowledge of all aspects of network functionality across all platforms including, but not limited to: 2.18.4 Hardware installation (network cards, cabling, etc.) 2.18.5 LDAP 2.18.6 Network administration (equipment, software installation/configuration, printer driver installation/configuration/characteristics and security settings as needed and requested.) 2.18.7 Advice and assistance with user-settable options in display menus and submenus 2.18.8 Support for MFDs or Laser Printer issues with respect to 3rd party vendor software and hardware. 2.18.9 Full maintenance services for Laser Printers, including repair parts, software and firmware updates and labor. 2.18.10 Supplier’s employees that will be physically present at UC Locations (i.e. delivering copiers, providing service) must conform to the following: x Wear proper uniform x Carry badges with picture ID x Successfully passed the following pre-employment background security checks: • Social security trace • National criminal search (including national sex offender registry) • County criminal search • Prior employer screening • Highest level of education (exempt only) • Motor vehicle record (driving roles only) x Bonded, or appropriately equivalent Crime Insurance coverage 1009 of 1132 1014 Statement of Work Attachment A 2.18.11 Supplier must provide the following quantity of service technicians: x UC Davis/UCD Health – 13 Service Technicians x UC Merced – 8 Service Technicians x UC San Francisco/UC Hastings/UCSF Health – Service 20 Technicians x UC Berkeley/UC Office of President/Lawrence Berkeley National – Service 25 Technicians x UC Santa Cruz – Service 5 Technicians x UCLA/UCSB/UC Irvine/UCLA Health/UC Irvine Health – 61 Service Technicians x UC San Diego/UCSD Health/UC Riverside – 43 Service Technicians x Total – 175 Technicians There are 3 VP’s of Technical Service and 12 Local Service Managers. 2.18.11..1 It is understood that the quantity of technicians per UC Location may change over time based upon the Supplier product usage among the locations, but in no event will the quality of service diminish below the requirements of this Agreement. 2.18.11..2 Supplier will maintain a ratio of service technicians per MFD at a level sufficient to meet it’s obligations under the Agreement. 2.18.11..3 All technicians are trained and certified by Supplier for each product they serve. 2.18.11..4 Supplier will maintain an average field technician tenure of no less than 1 year. 3. Pricing: 3.1 Pricing on Exhibit 1 and Exhibit 2 is expressed as a discount from Manufacturer Suggested Retail Price) MSRP. MSRP must be available on a manufacturer’s published price list and be publicly available throughout the agreement term. 3.2 The prices of Supplier’s products included in this Agreement shall not increase for the duration of this Agreement for existing Models. 3.3 During the term of the Agreement, Supplier may add or delete contract devices introduced or removed from the market by the Supplier, provided the added device falls within the scope of the respective category. Supplier must update its dedicated contract websites and published catalogs and lists to reflect this change. New devices must be adequately described and the associated price list must be updated to reflect the new devices prices. Pricing must utilize the same pricing structure as was used for other devices falling into the same product category. The pricing structure will be dictated by the purchase price determined from the discount from Manufacturer Suggested Retail 1010 of 1132 1015 Statement of Work Attachment A Price (MSRP) and other specified discounts listed in this RFP. Lease pricing will be dictated by the quoted leasing rates applied to the purchase price. Such additions and deletions must be approved by the UC contract administrator or their designee. 3.4 Certain models of equipment can be configured to include a variety of data security features. There may be an additional cost associated with certain data security features. The selection, suitability and use of data security features are solely UC’s responsibility. Upon request, Supplier will provide additional information to UC regarding the security features available for particular equipment models 3.5 Supplier agrees to extend the pricing terms for maintenance services and supplies included in this Agreement to Supplier’s current population of Products placed at UC prior to the execution of this Agreement for models that are identical to the models in the bid. In the event that the current pricing for maintenance services and supplies is less compared to the pricing listed in Exhibit 1 and Exhibit 2, the current pricing shall not change. 3.6 Supplier will provide an additional 5% discount on the published UC equipment portion of the price list for Outright Sale/FMV and FPO Lease (equipment price only, excluding maintenance) for orders (order is defined as ordered at the same time on one order agreement) that includes revenue value that equals or exceeds $75,000 for any combination of office units (MFD/Printers) . Any/all discounts will be taken at the time of order. 3.7 MFD/Printer Fleet Management Programs: Some UC Locations (as identified in the RFP Campus Profiles) utilize established MFD/Printer Fleet Management Programs, or similar groups managing a large population of MFDs and/or Laser Printers for the UC Location. The value added services provided by these programs may vary, but generally include: x Institutional knowledge and understanding of UC Location hierarchy, policies & procedures, and local campus geography; x Onsite central point of contact at UC Location for first-tier service response and coordination, and centralized supplies and parts; x Consultation and equipment needs assessment for multiple departments within the UC Location; x Consolidation of multiple equipment orders onto single purchase orders (lease or purchase); x Coordination for volume deliveries of equipment; x Consolidated billing and meter reading reconciliation through a single contact at the UC Location; x Coordination of internal campus services for: delivery access, electrical upgrades, network access, copy/print control systems, help desk troubleshooting, and service call avoidance; 1011 of 1132 1016 Statement of Work Attachment A x Summary invoicing, and single-contact invoice reconciliation; x Managed mediation of customer equipment expectations and performance issues in lieu of the Supplier In recognition of these value-added services currently in place at the UC Locations identified, and their resulting reduction in Suppliers’ efforts, resources, and expenses, Supplier will provide MFD/Printer Fleet Management Programs an additional Five percent (5%) discount off all pricing on Exhibit 1. If, after the implementation of this contract, a UC Location not operating such a program as of the effective date of this Agreement determines that is in their best interest to deploy such a program, Supplier will be notified by that UC Location’s procurement office, after appropriate review and authorization. On authorization, such programs will be entitled to all benefits available to those programs currently established as detailed herein. MFD/Printer Fleet Management Programs reserve the right to negotiate further discounts on any of Suppliers’ products and/or services provided for under this RFP and its resulting contract. At UC Locations with MFD/Printer Fleet Management Programs, Supplier will partner with these programs and direct all potential campus customers at the UC Location to the program before selling or leasing an MFD/Printer to the campus customer. Additionally, Supplier will provide marketing expertise to further the program development at the UC Location. 4.Reporting: Supplier must provide electronic reports (in Microsoft Excel) or any other requested format to designated UC contacts providing a wide range of information, at both the system-wide and individual UC Location level, related to the Agreement including, but not limited to: 4.1 Quarterly Report Population of MFDs and Laser Printers reports including but not limited to the following data: x UC Location x UC department x UC purchase order number x Name, phone and email for department placing the purchase order x Equipment serial number x Name and Model of product(s) and/or service(s) Purchased x Quantity purchased x Price paid, per unit and total x Method of acquisition (lease, purchase, etc.) x Sustainable product purchases 1012 of 1132 1017 Statement of Work Attachment A 4.2 Monthly Reports: x Response time x Repair time x Uptime x Total service calls x Delivery time x Installation time x Open leases, remaining terms, etc. 4.3 Equipment inventory report that will provide a detail listing of all products and their locations at the particular UC Location. 4.4 Annual reports comparing UC contract pricing with Supplier’s other pricing available from in the higher education market. 4.5 Other reports as reasonably requested by UC. 4.6 Supplier must make a commercially reasonable effort to provide reports within five (5) business days. 5. Maintenance Service 5.1 Supplier agrees to provide to UC, during Supplier’s normal business hours, the maintenance service necessary to keep equipment in, or restore the equipment to, good working order in accordance with Supplier’s policies then in effect. This maintenance service includes maintenance based upon the specific needs of individual equipment, as determined by Supplier, and unscheduled, on-call remedial maintenance. 5.2 Maintenance will include lubrication, adjustments, and replacement of maintenance parts deemed necessary by Supplier. Maintenance parts will be furnished on an exchange basis, and the replaced parts become the property of Supplier. Maintenance services provided under this Agreement does not assure uninterrupted operation of the Product. 5.3 Supplier must coordinate all service calls through a centralized dispatch desk. All calls must be logged into a service system with a minimum of the following information: 5.3.1 All relevant customer information, location, phone number(s), contact name , caller name 5.3.2 A unique repair ticket number 5.3.3 Time of call placement from the customer 5.3.4 The customer’s reported equipment malfunction or issue 1013 of 1132 1018 Statement of Work Attachment A 5.3.5 The equipment id number, model and serial number 5.3.6 The equipment status operational status: operational, substandard, or inoperative 5.3.7 Dispatched agent name or id number, dispatched time, location, caller, make, model, serial # and problem 5.4 Suppliers must further log the following information upon call completion: 5.4.1 Service technician’s report of actual problem and troubleshooting & repair actions conducted. 5.4.2 Arrival time, End time, Total Repair time, service copies made, final call status i.e.: completed.- closed, open, pending , escalated. 5.4.3 Meter readings upon service completion (i.e. print, scan, color, b/w). 5.5 Locations with MFD/Printer Fleet Management programs may require that the call completion information be supplied from the Supplier’s repair technician to a designated MFD/Printer Fleet Management program administrator at the conclusion of the service call. 5.6 Repair Parts And Supplies: 5.6.1 Supplier must carry in stock all common parts for no greater than next-day access by Supplier’s service personnel. 5.6.2 Supplier must produce or make parts and supplies available for no less than five (5) years after a model has been discontinued. 5.6.3 Supplier must provide all UC Locations with the same discount for parts and supplies for the devices covered under this Agreement. 5.7 MFD Service and Parts: Supplier must offer full maintenance services for MFDs, including repair parts, software and firmware updates and labor based on the following options: i.Option 1: Cost Per Impression Charge – Zero Volume Base Supplier will provide full service maintenance with supplies, excluding paper. Supplier will invoice respective UC Location on a monthly basis using a cost per impression charge applied to the actual monthly impression volume in the covered period without any minimum and/or maximum volume restrictions. Volumes will not be estimated. These rates apply to purchased and leased MFDs. ii.Option 2: Monthly Minimum Charge Supplier will provide full service maintenance with supplies, excluding paper. Supplier will charge UC a fixed monthly minimum charge, which will include a monthly impression volume allowance, with a separate 1014 of 1132 1019 Statement of Work Attachment A cost per impression charge applied to the overage. These rates apply to purchased and leased MFDs. iii.Option 3: T&M - Fixed Charge per Occurrence Supplier will provide service repairs and maintenance using a Time and Material option. Supplier charges UC a fixed amount per occurrence and/or a fixed hourly fee, after expiration of standard or extended equipment warranties. 5.8 Lemon Clause: After the 90-day warranty period and until 36 months from the date of installation, or coterminous in the case of a longer lease, except due to operator error, for any device that fails to operate in accordance with the manufacturer's published performance specifications three times in any four week period and/or is subject to recurring related problems, Supplier shall replace that device with a new MFD or Laser Printer that meets the requirements of the same lot as the original equipment model, at no cost to the user. This will take precedence over any other warranty or service maintenance clauses associated with this contract. For purchased devices, customers must maintain an uninterrupted maintenance agreement, cost per copy, or lease agreement including parts and supplies with the contract vendor for the Lemon Clause to apply past the initial 90-day warranty period. The UC Location Purchasing and/or MFD/Printer Fleet Management Program will review user requests for the application of this clause and will make a determination regarding its use. If 25% or less of the device’s useful life has been used up, the device must be replaced with a “new device”. A “like for like” device may be used if 25% or more of the useful life of the device has been used up and the Customer agrees to the “like for like” exchange. Note: Prior to the lease or purchase of a device, awarded vendors must provide UC with the device’s “Useful Life”. 6. Data Security 6.1 For all MFDs/Laser Printers, Suppliers must: 6.1.1 Disclose all default accounts, access methods, and passwords on the device at delivery. 6.1.2 Certify that log-in credentials are not communicated in clear text by default, though clear text may be an option if cipher text is available as an option. 6.1.3 Deliver MFDs and/or Laser Printers with the latest, fully-patched software, firmware, or other OEM software as provided for device functionality as detailed on the “Specifications” tab of Exhibit 1 and Exhibit 2. 6.1.4 Notify all UC Locations of all known and reported vulnerabilities, and of planned updates or mitigations to software provided for device functionality as detailed on the “Specifications” tab of Exhibit 1 and Exhibit 2. 6.1.5 Disclose and describe shared accounts or service accounts that Supplier technicians may or will use, and the security procedures planned by Supplier. 1015 of 1132 1020 Statement of Work Attachment A 6.2 All devices must: 6.2.1 Provide secure login for administrator access (including username and password). Upon setup and configuration, all default device or interface passwords must be changed and communicated to the designated contacts(s). 6.2.2 Provide IP and MAC address filtering to limit users’ access to the device via the web interface; and 6.2.3 Provide on/off (switchable) provisions for other types of access, including but not limited to telnet, rsh, SNMP, FTP, IPSec, SSL/TLS, etc. Suppliers must list all on/off provisions for all types of access in their response. 6.3 All MFDs/Laser Printers that are equipped with hard drives must: 6.3.1 Possess an “always on” security feature that overwrites the sector(s) of the hard drive used for processing copy, print, or scan data using at least 3 passes, preventing the data from remaining on the hard drive of the MFD or Laser Printer after the copy, print, or scan job is finished. 6.3.2 Provide at least 128-bit AES encryption (or equivalent) as part of the storage process for any information held on the hard drive for long-term storage. 6.3.3 Provide secure login for administrator access (including username and password), allowing administrators to set access levels for users who perform tasks on the device (e.g., managing address books (fax or scan addresses), or printing print, fax, or copy/scan logs). Upon setup and configuration, all default device or interface passwords must be changed and communicated to the designated contacts(s). 6.3.4 Isolate any incoming FAX line from all hardware that has network access. MFDs must have no physical or data connection between the Page Memory (or Temporary Data Storage) and the FAX controller. 6.4 Provide on/off (switchable) control of read/write access to the device from portable media (e.g., SD cards, USB drives, etc.); and be able to have their hard drives removed by a Supplier technician and surrendered to UC at the end of a lease, cost-per-copy agreement, or at trade-in (or at any time, for any reason, an MFD and/or Laser Printer is removed from UC) at no additional cost to UC. 6.5 In addition to the above, certain models of equipment can be configured to include a variety of data security features. There may be an additional cost associated with certain data security features. The selection, suitability and use of data security features are solely UC’s responsibility. Upon request, Supplier will provide additional information to UC regarding the security features available for particular equipment models 1016 of 1132 1021 Statement of Work Attachment A 7.Technology Requirements: Suppliers’ devices must have the technological capability to fulfill specific requirements of the University including, but not limited to the following required device technologies: 7.1 100baseT or greater Ethernet connectivity 7.2 Connectivity to Supplier's MFDs and/or Laser Printers by devices using the following operating systems, including universal and device-specific PPDs. Include the expected timeframe for release of PPDs after operating system upgrades: 7.2.1 Windows (requirement is from Windows 10.0 and higher; Suppliers to specify versions) 7.2.2 Macintosh (Suppliers to specify versions; requirement is from OSX 10.13 and higher) 7.2.3 IOS (Suppliers to specify versions; requirement is from iOS 11.0 and higher) 7.2.4 Android (Suppliers to specify versions; requirement is from Android OS 8.0 and higher) 7.3 Connectivity to Supplier’s MFDs and/or Laser Printers by following communications protocols: 7.3.1 POP, IMAP 7.3.2 IPv4/IPv6/IPsec 7.3.3 LDAPv3 or higher 7.3.4 Kerberos – must include Kerberos for Windows and Macintosh Operating Systems listed in 2a-2b above 7.3.5 LPR/LPD/IPP 7.3.6 Bonjour 7.3.7 SMTP 7.3.8 SNMP v1 – v3 including authentication protocols 7.3.9 TCP port 9100 direct printing (bidirectional) 7.3.10 SSL/TLS 7.4 Printing to Supplier's MFDs and/or Laser Printers using the following printing protocols/output types: 7.4.1 PostScript Level 3 7.4.2 PCL 6e 7.4.3 PDF 7.5 Effective and successful installation and set-up of Supplier's MFDs and/or Laser Printers on University network. 7.6 Effective and successful installation and set-up of connectivity software (including, but not limited to, PPDs) to Supplier's MFDs/Laser Printers on customer computers as requested by the UC Location. 1017 of 1132 1022 Statement of Work Attachment A 7.7 All Proposers' devices must be able to interface with existing third-party access control and management systems at UC locations (Equitrac, ITC, Pharos, PaperCut, PCounter, or comparable), with the following requirements to achieve reliable and accurate transactions and transactional reporting: 7.7.1 Embedded software and/or external hardware to enable use of the third- party system; device-specific interface cables for external hardware must be provided and installed by Supplier at no cost to UC; 7.7.2 Network connectivity across a hard-wired and/or a wireless network; 7.7.3 Ability to use USB proximity and/or magnetic stripe card readers for user authentication and access to the third-party system. 8. Product Acquisition 8.1 Required MFD’s: During the term of the Agreement, Supplier must provide at least one model MFD that meets or exceeds UC’s requirements for each of the following categories. Suppliers must provide detailed specifications for each model of MFD fulfilling the category requirements below. x Category 1 - B/W Desktop 20+ pages per minute x Category 2 - B/W 20-30 pages per minute x Category 3 - B/W 31-40 pages per minute x Category 4A - B/W 41-50 pages per minute x Category 4B - B/W 51-60 pages per minute x Category 5 - B/W 61-90 pages per minute x Category 1 - Color Desktop 20+ pages per minute x Category 2 - Color 20-30 pages per minute x Category 3 - Color 31-40 pages per minute x Category 4A - Color 41-50 pages per minute x Category 4B - Color 51-60 pages per minute x Category 5 - Color 61-90 pages per minute 8.2 Required Laser Printers: During the term of the Agreement, Supplier must provide at least one model Laser Printer that meets or exceeds UC’s requirements for each of the following categories. Suppliers must provide detailed specifications for each model of Laser Printer fulfilling the category requirements below. Each model MUST have the ability to perform duplex printing and have ethernet connectivity: x Category 1 - Low Volume - B/W 25-40 pages per minute x Category 2 - Mid Volume - B/W 41-55 pages per minute x Category 3 - High Volume - B/W 56-70 pages per minute x Category 1 - Low Volume - Color 10-20 pages per minute 1018 of 1132 1023 Statement of Work Attachment A x Category 2 - Mid Volume - Color 21-35 pages per minute x Category 3 - High Volume - Color 36-50 pages per minute 8.3 Purchase Option: Supplier agrees to sell to UC the required devices listed herein and associated products and services, if requested by UC, in accordance with the requirements set forth in this Agreement. Supplier shall warrant that the Products are new and owned by Supplier. Supplier warrants that it will repair or replace defective Products and/or parts, including labor at no cost to UC for ninety (90) days after the installation date. The title for the purchased MFDs and/or Laser Printers will be transferred to UC. In conjunction with purchased MFDs, Suppliers must offer a cost per copy (CPC) rate for service and supplies. 8.4 Lease Option: Suppliers agrees to offer to UC the required MFDs listed herein and associated products and services based on the following Full Market Value (FMV) and $1 buyout terms: x 36 Months x 48 Months x 60 Months 8.4.2 In conjunction with leased MFDs, Supplier must offer a CPC rate for service and supplies. 8.4.3 In conjunction with leased MFDs, on both FMV and $1 buyout option, Supplier must offer a service and supply component. 8.5 Trial Units: Supplier must offer current models to UC Locations on a trial basis for thirty (30) days. UC Locations may opt to purchase or lease the trial model, request a different model for trial, or return the trial model(s) with no obligation to Supplier. 8.6 Product Certification: Supplier certifies and warrants that all products sold to UC under the Agreement: 8.6.1 Shall be new and genuine, except short term rentals or temporary replacements. Equipment provided under the Contract is currently manufactured by Xerox, though the equipment may contain recycled components that have been reprocessed to meet Xerox’ new parts performance standards. The University will be the first user of the equipment. 8.6.2 Shall be provided to UC in the manufacturer's original packaging unless otherwise requested by UC. 8.6.3 Shall be manufactured and sold or distributed to the Supplier for retail sale in the United States. 1019 of 1132 1024 Statement of Work Attachment A 8.6.4 Shall be sold to the Supplier from legal and reputable channels, which are understood to be the manufacturer or authorized representatives of the manufacturer. 8.6.5 Shall not be altered or misbranded within the meaning of the Federal and State laws applicable to such products. 8.7 Trade-ins: Supplier agrees to assist UC in obtaining the best trade-in values available for UC owned Products through Supplier’s recommended Equipment Brokers. Supplier shall provide the required administrative support, including removal of UC owned products, to UC to effectively manage the trade-in transaction(s) at no cost to UC. 1020 of 1132 1025 Exhibit 3 – Xerox Account Support Team* UC System-wide Contract 2020 Campus Support Contact Phone Email All, Vice President Doug Macphee 562-977-7464 doug.macphee@xerox.com UC San Diego Daria Lewis 714-565-1550 daria.lewis@xerox.com UC Irvine Daria Lewis 714-565-1550 daria.lewis@xerox.com UC Riverside Marcia Quo-Schmidt 714-565-1112 marcia.quo-schmidt2@xerox.com UC Los Angeles Martin Soto 310-484-3799 martin.soto2@xerox.com UC Santa Barbara Martin Soto 310-484-3799 martin.soto2@xerox.com UC Santa Cruz Scott Reiber 925-701-1657 scott.reiber2@xerox.com UC San Francisco Scott Reiber 925-701-1657 scott.reiber2@xerox.com UC Berkeley Scott Reiber 925-701-1657 scott.reiber2@xerox.com UCOP Scott Reiber 925-701-1657 scott.reiber2@xerox.com UC Davis Bill Bennett 916-928-0770 bill.bennettIII@xerox.com UC Merced Bill Bennett 916-928-0770 bill.bennettIII@xerox.com (*) Supplier’s staff name may change upon mutual agreement of the parties. Supplier may update the name of its staff by written communication to UC. 1021 of 1132 1026 ATTACHMENT B ADDITIONAL TERMS APPLICABLE TO ALL NON- UNIVERSITY OF CALIFORNIA ENTITIES The following terms (“Non-University Terms”) are in addition to the terms included in the University of California Master Agreement and shall only be available to Non-University of California entities to procure equipment and services under this Agreement. Xerox agrees to make resulting Non-University of California pricing and terms from this solicitation available to other public agencies nationally, including state and local governmental entities, public and private primary, secondary and higher education entities, non-profit entities, and agencies for the public benefit (“Public Agencies”) through OMNIA Partners’ Cooperative purchasing program so long as such Public Agency is a registered member at OMNIA. For clarity, it is the express intention of the parties that only the Non-University of California pricing and terms from this solicitation shall be made available to non-University of California entities under the University of California Master Agreement. Should there be a conflict between the Non-University Terms and the terms of the University of California Master Agreement, the Non-University Terms will control. General Terms and Conditions 1. SCOPE. The acquisition of Products and Maintenance Services by Non University of California entities is subject to the applicable terms and conditions of the University of California Master Agreement as modified by this Attachment B (the “Agreement”). In the event of a conflict among these documents, this Agreement will take precedence. “Products” means Xerox-brand equipment (“Equipment”), Software and Consumable Supplies ordered under this Agreement. 2. TERM. The initial term of this Agreement (“Initial Term”) will commence on the date it is accepted by Xerox, and it will expire on the last day of the 36th full calendar month thereafter, unless early terminated by either party upon not less than 90-days’ notice. Following the Initial Term, this Agreement may be renewed for two (2) additional one-year terms, under the same terms and conditions. Upon the expiration or termination of this Agreement, each IA (as defined in Section 3.a.) shall remain in full force and effect until the end of its term and shall be governed by the terms and conditions of this Agreement as if it were still in effect. 3. ORDER DOCUMENTS. a. Customer will issue documents that Customer or Xerox require for acquisitions hereunder, including purchase orders and individual standard form Xerox agreements (“Order Document(s)”) for order entry purposes only, specifying Customer’s requested shipment date, installation site, quantities, bill-to address and product description, including any Trade-In Equipment. Notwithstanding anything contained in any Order Document which is at variance with or additional to this Agreement, Order Documents will incorporate and be subject solely to the terms and conditions of this Agreement, except for standard Xerox agreement terms and conditions related to options selected by Customer at time of order. Xerox reserves the right to review and approve Customer’s credit prior to acceptance of an Order Document, and Customer authorizes Xerox or its agent to obtain credit reports from commercial credit reporting agencies. Upon acceptance by Xerox, the Order Document creates an individual agreement (“IA”) for the Products identified therein. An IA for “Standard Lease” or “Major Account Lease” may be referred to herein as a “Lease IA”. An IA for “Cash Purchase” or “Major Account Purchase” may be referred to herein as a “Purchase IA”. b. Order Documents may be submitted by hard copy or electronic means and those submitted electronically will be considered: (i) a “writing” or “in writing”; (ii) “signed” by Customer; (iii) an “original” when printed from electronic records established and maintained in the ordinary course of business; and, (iv) valid and enforceable. 4. ELIGIBLE AFFILIATES. Xerox will provide Products under this Agreement to Customer’s Members. If a Member submits an Order Document, it will be the “Customer” for purposes of the resulting IA. If Customer divests a Member, such divested entity is no longer eligible to submit Orders under this Agreement. 5. PRODUCTS. Customer represents that the Products: (i) will be used in Customer’s business in the United States, its territories and possessions (“U.S.”); (ii) are not being acquired for resale; and (iii) will not be used for personal, household or family purposes. Xerox may, for purposes of future order-taking, add Products to this Agreement or withdraw Products that become no longer generally commercially available. 6. EQUIPMENT STATUS. Except for Equipment identified in an IA as “Previously Installed”, Equipment will be (a) "Newly Manufactured", which may contain some reconditioned components; (b) "Factory Produced New Model", which is manufactured and newly serialized at a Xerox factory, adds functions and features to a product previously disassembled to a Xerox predetermined standard, and contains new and reconditioned components; or (c) "Remanufactured", which has been factory produced following disassembly to a Xerox predetermined standard and contains new and reconditioned components. 1022 of 1132 1027 ATTACHMENT B – Additional Terms applicable to all Non-University of California Entities Page 2 of 26 RT (11/2020) 7. EQUIPMENT COMMENCEMENT & INSTALLATION DATES.The initial Term of an IA that includes Equipment will commence on the “Installation Date”, which means: (a) for Equipment installed by Xerox, the date Xerox determines the Equipment to be operating satisfactorily and is available for Customer’s use, as demonstrated by successful completion of diagnostic routines; and (b) for Equipment designated as “Customer Installable”, the Equipment delivery date. 8. DATA SECURITY.Certain models of Equipment can be configured to include a variety of data security features. There may be an additional cost associated with certain data security features. The selection, suitability and use of data security features are solely Customer’s responsibility. Upon request, Xerox will provide additional information to Customer regarding the security features available for particular Equipment models. 9. MAINTENANCE SERVICES. Except for Equipment identified as "No Svc.", Xerox (or a designated servicer) will keep the Equipment in good working order (“Maintenance Services”). The provision of Maintenance Services is contingent upon Customer facilitating timely and efficient resolution of Equipment issues by: (a) utilizing Customer- implemented remedies provided by Xerox; (b) replacing Cartridges; and (c) providing information to and implementing recommendations provided by Xerox telephone support personnel. If an Equipment issue is not resolved after completion of (a) through (c) above, Xerox will provide on-site support as provided in the applicable IA. Maintenance Services are provided as a mandatory part of a Lease or Rental IA, or under a Maintenance IA. Maintenance Services will be provided during Xerox’s standard working hours in areas open for repair service for the Equipment. Maintenance Services excludes repairs due to: (a) misuse, neglect or abuse; (b) failure of the installation site or the PC or workstation used with the Equipment to comply with Xerox’s published specifications; (c) use of options, accessories or products not serviced by Xerox; (d) non-Xerox alterations, relocation, service or supplies; or (e) failure to perform operator maintenance procedures identified in operator manuals. Replacement parts may be new, reprocessed or recovered and all replaced parts become Xerox’s property. If Xerox is unable to repair the Equipment so that it performs consistently in accordance with its specifications, Xerox will replace the Equipment with an identical model or, at Xerox’s option, another model with comparable features and capabilities. There will be no additional charge for the replacement Equipment during the remainder of the initial Term. If meter reads are a component of a Maintenance Plan, Customer will provide them using the method and frequency identified by Xerox. If Customer does not provide a meter reading for Equipment not capable of Remote Data Access, or if Remote Data Access is interrupted, Xerox may reasonably estimate the reading and bill Customer accordingly. 10. CARTRIDGES.If Xerox is providing Maintenance Services for Equipment utilizing cartridges designated by Xerox as customer-replaceable units, including copy/print cartridges and xerographic modules or fuser modules (“Cartridges”), Customer agrees to use only unmodified Cartridges purchased directly from Xerox or its authorized resellers in the United States and the failure to use such Cartridges shall void any warranty applicable to such Equipment. Cartridges packed with Equipment and replacement Cartridges may be new, remanufactured, or reprocessed. Remanufactured and reprocessed Cartridges meet Xerox's new Cartridge performance standards and contain new and/or reprocessed components. To enhance print quality, Cartridge(s) for many models of Equipment have been designed to cease functioning at a predetermined point. In addition, many Equipment models are designed to function only with Cartridges that are newly manufactured original Xerox Cartridges or with Cartridges intended for use in the U.S. Equipment configuration that permits use of non-newly manufactured original Xerox Cartridges may be available from Xerox at an additional charge. 11. DELIVERY & REMOVAL. Equipment prices include standard delivery charges for all Equipment and, for Equipment for which Xerox retains ownership, standard removal charges. Non-standard delivery or removal will be at Customer’s expense. 12. PAYMENT & TAXES. a. If the invoice displays a due date, payment must be received by Xerox on or before the due date. If the invoice does not display a due date, payment must be received by Xerox in accordance with the state’s prompt payment statutes, or, if such statutes are not applicable, within 30 days after the invoice date. All invoice payments under this Agreement shall be made via check, Automated Clearing House debit, Electronic Funds Transfer, or direct debit from Customer’s bank account. Restrictive covenants on payment instruments will not reduce Customer’s obligations. b. Customer is responsible for all applicable taxes, fees or charges of any kind (including interest and penalties) assessed by any governmental entity on this Agreement or the amounts payable under this Agreement (“Taxes”), which will be included in Xerox’s invoice unless Customer timely provides proof of its tax exempt status. Taxes do not include taxes on Xerox’s income and, for Lease IAs, Taxes do not include personal property taxes in jurisdictions where Xerox is required to pay personal property taxes. Except for Equipment that includes a Bargain Purchase Option, a Lease IA is a lease for all income tax purposes and Customer will not claim any credit or deduction for depreciation of the Equipment or take any other action inconsistent with its role as lessee of the Equipment. 1023 of 1132 1028 ATTACHMENT B – Additional Terms applicable to all Non-University of California Entities Page 3 of 26 RT (11/2020) 13. LATE CHARGES & DEFAULT. If a payment is not received by Xerox within 10 days after the due date, Xerox may charge, and Customer will pay, a late charge equal to 5% of the amount due or $25, whichever is greater, or the amount allowed by applicable law, if less. Customer will be in default under an IA if Xerox does not receive any payment within 15 days after the date it is due or Customer breaches any other obligation under this Agreement, any IA hereunder, or any other agreement with Xerox. Customer will pay all reasonable costs, including attorneys’ fees, incurred by Xerox to enforce this Agreement or any IA. 14. NON-CANCELABLE AGREEMENT. LEASE AND INSTALLMENT PURCHASE IA’s CANNOT BE CANCELED OR TERMINATED EXCEPT AS EXPRESSLY PROVIDED HEREIN. CUSTOMER’S OBLIGATION TO MAKE ALL PAYMENTS, AND TO PAY ANY OTHER AMOUNTS DUE OR TO BECOME DUE, IS ABSOLUTE AND UNCONDITIONAL AND NOT SUBJECT TO DELAY, REDUCTION, SET-OFF, DEFENSE, COUNTERCLAIM OR RECOUPMENT FOR ANY REASON WHATSOEVER, IRRESPECTIVE OF XEROX'S PERFORMANCE OF ITS OBLIGATIONS HEREUNDER. ANY CLAIM AGAINST XEROX MAY BE ASSERTED IN A SEPARATE ACTION AND SOLELY AGAINST XEROX. 15. WARRANTY DISCLAIMER & WAIVERS.XEROX DISCLAIMS THE IMPLIED WARRANTIES OF NON- INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE. 16. LEASE OPTIONS FOR PURCHASE, RENEWAL, AND TERMINATION. The following options are available for Equipment under a Lease IA: a. If not in default hereunder, Customer may purchase the Equipment, “AS IS, WHERE-IS” and WITHOUT ANY WARRANTY AS TO CONDITION OR VALUE, at the end of the initial Term of a Lease IA for the purchase option indicated in such IA, plus all applicable Taxes. b. Unless either party provides notice of termination at least 30 days before the end of the initial Term of a Lease IA, it will renew automatically on a month-to-month basis on the same terms and conditions. During this renewal period, either party may terminate the Lease IA upon at least 30 days’ notice. Upon termination, Customer will make the Equipment available for removal by Xerox. At the time of removal, the Equipment will be in the same condition as when delivered (reasonable wear and tear excepted). 17. INTELLECTUAL PROPERTY INDEMNITY.Xerox will defend, and pay any settlement agreed to by Xerox or any final judgment for, any claim that a Xerox-brand Product infringes a third party’s U.S. intellectual property rights. Customer will promptly notify Xerox of any alleged infringement and permit Xerox to direct the defense. Xerox is not responsible for any non-Xerox litigation expenses or settlements unless Xerox pre-approves them in writing. To avoid infringement, Xerox may modify or substitute an equivalent Xerox-brand Product and, if purchased, refund the price paid for the Xerox-brand Product (less the reasonable rental value for the period it was available to Customer), or obtain any necessary licenses. Xerox is not liable for any infringement based upon a Xerox-brand Product being modified to Customer’s specifications or being used or sold with products not provided by Xerox. 18. LIMITATION OF LIABILITY.For claims arising out of or relating to this Agreement or any IA written hereunder, whether the claim alleges tortious conduct (including negligence) or any other legal theory, but excepting liability under the indemnification obligations set forth in this Agreement, Xerox will not be liable to Customer for any direct damages relating to this Agreement or any IA written hereunder in excess of the sum of the amounts paid and to be paid during the initial Term of the applicable IA and neither party will be liable to the other for any special, indirect, incidental, consequential or punitive damages. 19. ASSIGNMENT. Neither party may assign without the prior written consent of the other party. 20. NOTICES.Unless provided otherwise in this Agreement, notices under this Agreement or any IA must be sent in writing to the party’s address or facsimile number set forth below. Notices will be deemed given 5 days after mailing by first class mail, 2 days after sending by nationally recognized overnight courier, or on the date of electronic confirmation of receipt of a facsimile transmission, when followed by mailing of such notice as provided herein. Invoices are not considered notices under this Agreement and are governed by provisions relating specifically thereto. All payment related notices under an IA shall be sent: (a) to Customer at the “Bill to” address in the IA, and (b) to Xerox at the inquiry address on the most recent invoice. All other notices under this Agreement or an IA shall be sent to a party at its address or facsimile number below. Either party may change its address or facsimile number for receipt of notice by notifying the other party at its address or facsimile number below. To Customer:To Xerox: Office of General Counsel Xerox Corporation 45 Glover Avenue P. O. Box 4505 Norwalk, CT 06856-4505 1024 of 1132 1029 ATTACHMENT B – Additional Terms applicable to all Non-University of California Entities Page 4 of 26 RT (11/2020) Facsimile: Facsimile: 21. FORCE MAJEURE. Xerox will not be liable to Customer during any period in which its performance is delayed or prevented, in whole or in part, by a circumstance beyond its reasonable control. Xerox will notify Customer if such a circumstance occurs. 22. CONSUMABLE SUPPLIES.Consumable Supplies vary depending upon the Equipment model. If “Consumable Supplies” is identified in Maintenance Plan Features, Consumable Supplies include: (i) for black and white Equipment, standard black toner and/or dry ink, black developer, Copy Cartridges, and, if applicable, fuser agent required to make impressions; (ii) for full color Equipment, the items in (i) plus standard cyan, magenta, and yellow toners and dry inks (and their associated developers); and, (iii) for Equipment identified as “Phaser”, only, if applicable, black solid ink, color solid ink, imaging units, waste cartridges, transfer rolls, transfer belts, transfer units, belt cleaner, maintenance kits, print Cartridges, drum Cartridges, waste trays and cleaning kits. Xerox may charge a shipping and handling fee for Consumable Supplies. Consumable Supplies are Xerox's property until used by Customer, and Customer will use them only with the Equipment for which “Consumable Supplies” is identified in Maintenance Plan Features. If Consumables Supplies are furnished with recycling information, Customer will return the used item, at Xerox’s expense, for remanufacturing. Shipping information is available at Xerox.com/GWA. Upon expiration of this Agreement, Customer will include any unused Consumable Supplies with the Equipment for return to Xerox at the time of removal. If Customer’s use of Consumable Supplies exceeds Xerox's published yield by more than 10%, Xerox will notify Customer of such excess usage. If such excess usage does not cease within 30 days after such notice, Xerox may charge Customer for such excess usage. Upon request, Customer will provide current meter reads and/or an inventory of Consumable Supplies in its possession. 23. RELOCATION. Until Customer has paid in full under a Purchase IA or Installment Purchase IA, or while Equipment is subject to a Lease or Rental IA: (a) all Equipment relocations must be arranged (or approved in advance) by Xerox and will be at Customer’s expense; (b) while Equipment is being relocated, Customer remains responsible to make all payments under the applicable IA; and (c) Equipment cannot be relocated outside of the U.S. 24. SOFTWARE a. SOFTWARE LICENSE. Xerox grants Customer a non-exclusive, non-transferable license to use in the U.S.: (a) software and accompanying documentation provided with Xerox-brand Equipment ("Base Software”) only with the Xerox-brand Equipment with which it was delivered; and (b) software and accompanying documentation identified in an IA as "Application Software" only on any single unit of equipment for as long as Customer is current in the payment of all applicable software license fees. “Base Software” and “Application Software” are referred to collectively as “Software”. Customer has no other rights and may not: (1) distribute, copy, modify, create derivatives of, decompile, or reverse engineer Software; (2) activate Software delivered with the Equipment in an inactivated state; or (3) allow others to engage in same. Title to, and all intellectual property rights in, Software will reside solely with Xerox and/or its licensors (who will be considered third-party beneficiaries of this subsection a.). Software may contain code capable of automatically disabling the Equipment. Disabling code may be activated if: (x) Xerox is denied access to periodically reset such code; (y) Customer is notified of a default under an IA; or (z) Customer’s license is terminated or expires. The Base Software license will terminate: (i) if Customer no longer uses or possesses the Equipment; (ii) Customer is a lessor of the Equipment and its first lessee no longer uses or possesses it; or (iii) upon the expiration of any IA under which Customer has rented or leased the Equipment (unless Customer has exercised an option to purchase the Equipment). Neither Xerox nor its licensors warrant that Software will be free from errors or that its operation will be uninterrupted. The foregoing terms do not apply to Diagnostic Software or to software/documentation accompanied by a clickwrap or shrinkwrap license agreement or otherwise made subject to a separate license agreement. b. SOFTWARE SUPPORT. Xerox (or a designated servicer) will provide the software support set forth below (“Software Support”). For Base Software, Software Support will be provided during the initial Term of the applicable IA and any renewal period but in no event longer than 5 years after Xerox stops taking customer orders for the subject model of Equipment. For Application Software, Software Support will be provided as long as Customer is current in the payment of all applicable software license and support fees. Xerox will maintain a web-based or toll-free hotline during Xerox’s standard working hours to report Software problems and answer Software-related questions. Xerox, either directly or with its vendors, will make reasonable efforts to: (a) assure that Software performs in material conformity with its user documentation; (b) provide available workarounds or patches to resolve Software performance problems; and (c) resolve coding errors for (i) the current Release and (ii) the previous Release for a period of 6 months after the current Release is made available to Customer. Xerox will not be required to provide Software Support if Customer has modified the Software. New releases of Software that primarily incorporate compliance updates and coding error fixes are designated as "Maintenance Releases" or “Updates”. Maintenance Releases or Updates that Xerox may make available will be provided at no charge and must be implemented within 6 months. New releases of Software that include new content or functionality (“Feature Releases”) will be subject to additional license 1025 of 1132 1030 ATTACHMENT B – Additional Terms applicable to all Non-University of California Entities Page 5 of 26 RT (11/2020) fees at Xerox’s then-current pricing. Maintenance Releases, Updates, and Feature Releases are collectively referred to as “Releases”. Each Release will be considered Software governed by the SOFTWARE LICENSE and SOFTWARE SUPPORT provisions of this Agreement (unless otherwise noted). Implementation of a Release may require Customer to procure, at Customer’s expense, additional hardware and/or software from Xerox or another entity. Upon installation of a Release, Customer will return or destroy all prior Releases. Xerox may annually increase the Annual Renewal and Support-Only Fees for Application Software. For State and Local Government Customers, this adjustment will take place at the commencement of each of Customer’s annual contract cycles. c. DIAGNOSTIC SOFTWARE. Software used to evaluate or maintain the Equipment ("Diagnostic Software") is included with the Equipment. Diagnostic Software is a valuable trade secret of Xerox. Title to Diagnostic Software will remain with Xerox or its licensors. Xerox does not grant Customer any right to use Diagnostic Software, and Customer will not access, use, reproduce, distribute or disclose Diagnostic Software for any purpose (or allow third parties to do so). Customer will allow Xerox reasonable access to the Equipment to remove or disable Diagnostic Software if Customer is no longer receiving Maintenance Services from Xerox, provided that any on-site access to Customer’s facility will be during Customer’s normal business hours. 25. REMOTE SERVICES. a. Certain models of Equipment are supported and serviced using data that is automatically collected by Xerox or transmitted to or from Xerox by Equipment connected to Customer’s network (“Remote Data”) via electronic transmission to a secure off-site location (“Remote Data Access”). Remote Data Access also enables Xerox to transmit to Customer Releases for Software and to remotely diagnose and modify Equipment to repair and correct malfunctions. Examples of Remote Data include product registration, meter read, supply level, Equipment configuration and settings, software version, and problem/fault code data. Remote Data may be used by Xerox for billing, report generation, supplies replenishment, support services, recommending additional products and services, and product improvement/development purposes. Remote Data will be transmitted to and from Customer in a secure manner specified by Xerox. Remote Data Access will not allow Xerox to read, view or download the content of any Customer documents or other information residing on or passing through the Equipment or Customer’s information management systems. Customer grants the right to Xerox, without charge, to conduct Remote Data Access for the purposes described above. b. Upon Xerox’s request, Customer will provide contact information for Equipment such as name and address of Customer contact and IP and physical addresses/locations of Equipment. Customer will enable Remote Data Access via a method prescribed by Xerox, and Customer will provide reasonable assistance to allow Xerox to provide Remote Data Access. Unless Xerox deems Equipment incapable of Remote Data Access, Customer will ensure that Remote Data Access is maintained at all times Maintenance Services are being performed. 26. TRADE-IN EQUIPMENT.Customer warrants that Customer has the right to transfer title to the equipment Customer is trading in as part of an IA ("Trade-In Equipment"), and that the Trade-In Equipment is in good working order and has not been modified from its original configuration (other than by Xerox). Title and risk of loss to the Trade-In Equipment will pass to Xerox when Xerox removes it from Customer‘s premises. Customer will maintain the Trade-In Equipment at its present site and in substantially its present condition until removed by Xerox. Customer will pay all accrued charges for the Trade-In Equipment (up to and including payment of the final principal payment number) and all applicable maintenance, administrative, supply and finance charges until Xerox removes the Trade-In Equipment from Customer’s premises. 27. TOTAL SATISFACTION GUARANTEE. a. "SP Equipment" means any iGen3, iGen4, iGen150, iGen5 or Xerox Color 8250 Production Printer. If, during any 90 day period, the performance of SP Equipment delivered under this Agreement is not at least substantially consistent with the performance expectations outlined in the SP Equipment’s Customer Expectations Document ("Expectations Document"), Xerox will, at Customer’s request, replace the SP Equipment without charge with identical SP Equipment or, at Xerox’s option, with Equipment with comparable features and capabilities (the” SP Equipment Guarantee”). The SP Equipment Guarantee does not apply during the first 180 days after installation and will expire 3 years after the Installation Date, unless the SP Equipment is being financed under this Agreement for more than 3 years, in which event it expires at the end of the initial Term of the subject Installment Purchase, Rental or Lease IA; provided however, for SP Equipment identified as “Previously Installed”, this SP Equipment Guarantee expires 1 year after installation. This SP Equipment Guarantee applies only to SP Equipment that has been (i) continuously maintained by Xerox under a Xerox maintenance agreement, and (ii) operated at all times in accordance with the Expectations Document. b. "Non-SP Equipment" means any Equipment other than SP Equipment. If Customer is not completely satisfied with any Non-SP Equipment delivered under an IA under this Agreement, Xerox will, at Customer’s request, 1026 of 1132 1031 ATTACHMENT B – Additional Terms applicable to all Non-University of California Entities Page 6 of 26 RT (11/2020) replace it without charge with identical Non-SP Equipment or, at the option of Xerox, with Equipment with comparable features and capabilities (the” Non-SP Equipment Guarantee”). The Non-SP Equipment Guarantee applies only to Non-SP Equipment that has been continuously maintained by Xerox under a Xerox maintenance agreement. The Non-SP Equipment Guarantee is effective for 3 years after the Installation Date, unless the Non-SP Equipment is being acquired under an Installment Purchase, Rental or Lease IA with an initial Term of more than 3 years, in which event it will expire at the end of the initial Term of the subject IA; provided however, for Non-SP Equipment identified as “Previously Installed”, the Non-SP Equipment Guarantee expires 1 year after the Installation Date. The Non-SP Equipment Guarantee does not apply to a limited number of Non-SP Equipment models, which models are identified in the applicable Order Document. c. The SP Equipment Guarantee and Non-SP Equipment Guarantee replace and supersede any other guarantee from Xerox, whether made orally or in writing, styled a "Total Satisfaction Guarantee", "Satisfaction Guarantee" or otherwise covering the subject matter set forth above. 28. GOVERNMENT CUSTOMER TERMS:The following additional terms apply to Lease and Installment Purchase IA’s: a. REPRESENTATIONS & WARRANTIES, FUNDING, TAX TREATMENT & PAYMENTS: (i) REPRESENTATIONS & WARRANTIES. Customer represents and warrants, as of the date of this Agreement and of each IA hereunder, that: (1) Customer is a State or a fully constituted political subdivision or agency of the State in which Customer is located and is authorized to enter into, and carry out, Customer’s obligations under this Agreement, any IA hereunder and any other documents required to be delivered in connection with the Agreement or any IA hereunder (collectively, the “Documents”); (2) the Documents have been duly authorized, executed and delivered by Customer in accordance with all applicable laws, rules, ordinances and regulations (including all applicable laws governing open meetings, public bidding and appropriations required in connection with this Agreement or an IA hereunder and the acquisition of the Products) and are valid, legal, binding agreements, enforceable in accordance with their terms; (3) the person(s) signing the Documents have the authority to do so, are acting with the full authorization of Customer’s governing body and hold the offices indicated below their signatures, each of which are genuine; (4) the Products are essential to the immediate performance of a governmental or proprietary function by Customer within the scope of Customer’s authority and will be used only by Customer and only to perform such function; (5) Customer’s obligations to remit payments under this Agreement or any IA hereunder constitute a current expense and not a debt under applicable state law; and (6) no provision of this Agreement or any IA constitutes a pledge of Customer’s tax or general revenues and any provision that is so construed by a court of competent jurisdiction is void from the inception of this Agreement or the subject IA. (ii) FUNDING. Customer represents and warrants that all payments due and to become due during Customer’s current fiscal year are within the fiscal budget of such year and are included within an unrestricted and unencumbered appropriation currently available for the lease/purchase of the Products, and it is Customer’s intent to use the Products for the entire lease term and to make all payments required under this Agreement or an IA hereunder. If (1) through no action initiated by Customer, Customer’s legislative body does not appropriate funds for the continuation of this Agreement or an IA hereunder for any fiscal year after the first fiscal year and has no funds to do so from other sources, and (2) Customer has made a reasonable but unsuccessful effort to find a creditworthy assignee acceptable to Xerox in its sole discretion within Customer’s general organization who can continue this Agreement or an IA hereunder, this Agreement or an IA hereunder may be terminated. To effect this termination, Customer must, 30 days prior to the beginning of the fiscal year for which Customer’s legislative body does not appropriate funds for such upcoming fiscal year, notify Xerox that Customer’s legislative body failed to appropriate funds and that Customer has made the required effort to find an assignee. Customer’s notice must be accompanied by payment of all sums then owed through the current year under this Agreement or any IA hereunder and must certify that canceled Equipment is not being replaced by equipment performing similar functions during the ensuing fiscal year. Customer will return the Equipment, at Customer’s expense, to a location designated by Xerox and, when returned, the Equipment will be in good condition and free of all liens and encumbrances. Customer will then be released from any further payments obligations beyond those payments due for the current fiscal year (with Xerox retaining all sums paid to date). (iii) TAX TREATMENT. Xerox has accepted this Agreement and each IA hereunder based on Customer’s representation that Xerox may claim any interest paid by Customer as exempt from federal income tax under Section 103(c) of the Code. Customer will comply with the information reporting requirements of Section 149(e) of the Code. Such compliance includes the execution of 8038-G or 8038-GC Information Returns. Customer appoints Xerox as Customer’s agent to maintain, and Xerox will maintain, or cause to be maintained, a complete and accurate record of all assignments of this Agreement or an IA hereunder in form sufficient to comply with the book entry requirements of Section 149(a) of the Code and the 1027 of 1132 1032 ATTACHMENT B – Additional Terms applicable to all Non-University of California Entities Page 7 of 26 RT (11/2020) regulations prescribed thereunder from time to time. Should Xerox lose the benefit of this exemption as a result of Customer’s failure to comply with or be covered by Section 103(c) or its regulations, then, subject to the availability of funds and upon demand by Xerox, Customer will pay Xerox an amount equal to its loss in this regard. Customer will provide Xerox with a properly prepared and executed copy of US Treasury Form 8038 or 8038-GC. (iv) PAYMENTS. All payments are due within 30 days of the invoice date. 27. AMENDMENT. All changes to this Agreement or any IA hereunder must be made in a writing signed by both parties. The amendment of this Agreement or any IA shall not affect the obligations of either party under any other IA‘s under this Agreement. 28. REPRESENTATIONS. The individuals signing this Agreement are duly authorized to do so and all financial information Customer provides completely and accurately represents Customer’s financial condition. 29. MISCELLANEOUS.This Agreement is governed by the laws of the State of California (without regard to conflict- of-law principles). In any action to enforce this Agreement or any IA hereunder, the parties agree (a) to the jurisdiction and venue of the federal and state courts (i) for OMNIA Partners in Williamson County, Tennessee, and (ii) for Members, in the specific jurisdiction and venue of the Member and (b) to waive their right to a jury trial. If a court finds any term of this Agreement or any IA unenforceable, the remaining terms will remain in effect. The failure by either party to exercise any right or remedy will not constitute a waiver of such right or remedy. Customer authorizes Xerox or its agents to communicate with Customer by any electronic means (including cellular phone, email, automatic dialing and recorded messages) using any phone number (including cellular) or electronic address Customer provides to Xerox. Each party may retain a reproduction (e.g., electronic image, photocopy, facsimile) of this Agreement and each IA hereunder which will be admissible in any action to enforce it, but only the Agreement or IA held by Xerox will be considered an original. Xerox may accept this Agreement or any IA hereunder either by signature or by commencing performance. Administrative and contract support functions hereunder may be performed, inside or outside the U.S., by one or more of Xerox’s subsidiaries or affiliates and/or third parties. The following four sentences control over every other part of this Agreement and any IA hereunder. Both parties will comply with applicable laws. Xerox will not charge or collect any amounts in excess of those allowed by applicable law. Any part of this Agreement or any IA that would, but for the last four sentences of this Section, be read under any circumstances to allow for a charge higher than that allowed under any applicable legal limit, is modified by this Section to limit the amounts chargeable under this Agreement or any IA to the maximum amount allowed under the legal limit. If, in any circumstances, any amount in excess of that allowed by law is charged or received, any such charge will be deemed limited by the amount legally allowed and any amount received by Xerox in excess of that legally allowed will be applied by Xerox to the payment of amounts legally owed under this Agreement or the subject IA, or refunded to Customer. 30. ENTIRE AGREEMENT.The following are attached hereto and made part hereof: x ARTICLE I: RESERVED x ARTICLE II: MAJOR ACCOUNT LEASE AND PURCHASE TERMS AND CONDITIONS x ARTICLE III: RESERVED x ARTICLE IV: MAINTENANCE TERMS AND CONDITIONS x ARTICLE V: RESERVED x ARTICLE VI: SERVICES MASTER AGREEMENT 1028 of 1132 1033 ATTACHMENT B – Additional Terms applicable to all Non-University of California Entities Page 8 of 26 RT (11/2020) ARTICLE II: MAJOR ACCOUNT LEASE TERMS AND CONDITIONS Customer’s acquisition of Equipment by Major Account Lease is governed by the terms and conditions of the Agreement and this Article. 1. PRICING. The Minimum Payment and Print Charges will not increase during the initial Term of a Major Account Lease IA. 2. TERM.The initial Term for any Major Account Lease IA will be the number of full calendar months stated in such IA. The Minimum Payment for any partial month following the Installation Date will be billed on a pro rata basis, based on a 30-day month. 3. TITLE AND RISK.Title to the Equipment remains with Xerox until Customer exercises its Purchase Option. Risk of loss or damage to the Products passes to Customer upon delivery. Customer will insure the Products against loss or damage and the policy will name Xerox as Loss Payee. 4. PROTECTION OF XEROX’S RIGHTS.Customer authorizes Xerox or its agent to file financing statements necessary to protect Xerox’s rights as lessor of the Equipment. Until Customer has paid in full pursuant to the Purchase Option under a Major Account Lease IA, Equipment will remain personal property and Customer will not: (a) attach it as a fixture to any real estate; (b) pledge, sub-lease or part with possession of it; (c) file or permit to be filed any lien against it; or (d) make any permanent alterations to it. Customer will promptly notify Xerox if Customer relocates its principal place of business or changes the name of its business. 5. REMEDIES.If Customer defaults under the Agreement or any Major Account Lease IA, Xerox may, in addition to its other remedies (including cessation of Maintenance Services), remove the Equipment at Customer’s expense and require immediate payment, as liquidated damages for loss of bargain and not as a penalty, of: (a) all amounts then due, plus interest from the due date until paid at the rate of 1.5% per month; (b) the Minimum Payments (less the Maintenance Services and Consumable Supplies components thereof, as reflected on Xerox's books and records) remaining in the initial Term of the Major Account Lease IA, discounted at 4% per annum; (c) the applicable Purchase Option; and (d) all applicable Taxes. You will pay all reasonable costs, including attorneys' fees, incurred by Xerox to enforce this Agreement. If Customer notifies Xerox and makes the Equipment available for removal by Xerox in the same condition as when delivered (reasonable wear and tear excepted) within 30 days after notice of default, Customer, upon recovery of the Equipment by Xerox, will receive a credit for the fair market value of the Equipment (as determined by Xerox), less any costs incurred by Xerox. 6. FINANCE LEASE.A MAJOR ACCOUNT LEASE IA IS A “FINANCE LEASE” UNDER ARTICLE 2A OF THE UNIFORM COMMERCIAL CODE AND, EXCEPT TO THE EXTENT EXPRESSLY PROVIDED HEREIN, AND TO THE EXTENT PERMITTED BY APPLICABLE LAW, CUSTOMER WAIVES ALL RIGHTS AND REMEDIES CONFERRED UPON A LESSEE BY ARTICLE 2A. END OF ARTICLE 1029 of 1132 1034 ATTACHMENT B – Additional Terms applicable to all Non-University of California Entities Page 9 of 26 RT (11/2020) ARTICLE IV : MAINTENANCE TERMS AND CONDITIONS Customer’s acquisition of Maintenance Services by a Maintenance IA or under a Lease or Rental IA is governed by the terms and conditions of the Agreement and this Article. 1. MAINTENANCE TERM.The initial Term of a Maintenance IA will commence: (a) for newly installed Equipment, on the Installation Date; (b) for all other Equipment, on the date Xerox accepts the Maintenance IA. The initial Term of a Maintenance IA will expire on the last day of the final calendar month of the initial Term, unless Customer chooses to renew the Maintenance IA for an equivalent term. 2. INDIVIDUAL AGREEMENT PRICING. Except as otherwise provided in a Maintenance IA, Xerox may annually increase the Minimum Payment and Print Charges under a Maintenance IA upon 30 days’ notice. 3. REMEDIES.If Customer defaults under this Agreement or a Maintenance IA, Xerox, in addition to its other remedies (including the cessation of Maintenance Services), may require immediate payment, as liquidated damages for loss of bargain and not as a penalty, of: (a) all amounts then due, plus interest on all amounts due from the due date until paid at the rate of one and one-half percent (1.5%) per month (b) the lesser of (i) the remaining Minimum Payments in the initial term of the Maintenance IA, or (ii) six (6) such payments for one year agreements or twelve (12) such payments for multi-year agreements; and, (c) all applicable Taxes. 4. RELOCATION. If notified by Customer, Xerox will continue to provide Maintenance Services on Equipment relocated by Customer, provided that such relocation is to an area where Xerox offers Maintenance Services for the affected Equipment. END OF ARTICLE 1030 of 1132 1035 ATTACHMENT B – Additional Terms applicable to all Non-University of California Entities Page 10 of 26 RT (11/2020) ARTICLE VI: SERVICES MASTER AGREEMENT The following Service Master Agreement will be used by Non- UC University Customers when procuring managed print services, including maintenance services, Products (Software, Equipment, Third Party Products and/or Consumable Supplies supplied by Xerox and provided to Customer pursuant to an Order. THIS SERVICES MASTER AGREEMENT NO. << Enter 7 Digit Contract Number >>> is between Xerox Corporation (“Xerox”), a New York corporation with offices at 45 Glover Ave. Norwalk, CT 06856 and << Enter Customer's Legal Name >>> (“Customer”). AGREEMENT STRUCTURE This Agreement serves as a master agreement to enable Xerox and Customer to contract with each other for a range of products and services to be provided to the Customer over time. This Agreement is grouped into Modules. However, it is the intent of the parties that the Products and Services acquired hereunder be acquired under the applicable terms of the University of California Master Agreement # ____________executed between University of California and Xerox as well as the terms for included in Attachment B to the University of California Master Agreement. Therefore, the terms and conditions for OMNIA customers are incorporated by reference into this Agreement. Any conflict between the terms and conditions on Attachment B or the terms of the University of California Master Agreement and this Agreement will be resolved in favor of this Agreement. The “GEN” Module applies to all products and services provided hereunder, while the other Modules apply as appropriate to what Xerox is providing to Customer under the applicable Order. DEFINITIONS MODULE DEF 1. – DEFINITIONS The following definitions (and those found elsewhere in this Agreement) apply unless otherwise specified in an Order. a.Affiliate means a legal entity that directly or indirectly controls, is controlled by, or is under common control with either party. An entity is considered to control another entity if it owns, directly or indirectly, more than 50% of the total voting securities or other such similar voting rights. b.Agreement means this Services Master Agreement. This Agreement may also be referred to in ordering and contracting documents as a “Services and Solutions Agreement” or “SSA.” c.Amortized Services means certain services such as consulting and training, the Charges for which are amortized over the term of an Order. d.Application Software means Xerox-brand software that allows Equipment or Third Party Hardware to perform functions beyond those enabled by its Base Software. e.Base Software means software embedded, installed, or resident in Equipment that is necessary for operation of the Equipment in accordance with published specifications. f.Cartridges means copy/print cartridges and xerographic modules or fuser modules designated by Xerox as customer-replaceable units for the Equipment. g.Charges mean the fees payable by Customer for Services, Maintenance Services and/or Products as specified in this Agreement. h.Confidential Information means information identified as confidential and provided by the disclosing party to the receiving party. i.Consumable Supplies.Consumable Supplies vary depending upon the Equipment model, and include: (i) for black and white Equipment, standard black toner and/or dry ink, black developer, Copy Cartridges, and, if applicable, fuser agent required to make impressions; (ii) for full color Equipment, the items in (i) plus standard cyan, magenta, and yellow toners and dry inks (and their associated developers); and, (iii) for Equipment identified as “Phaser”, only, if applicable, black solid ink, color solid ink, imaging units, waste cartridges, transfer rolls, transfer belts, transfer units, belt cleaner, maintenance kits, print Cartridges, drum Cartridges, waste trays and cleaning kits. Unless otherwise set forth in an Order, Consumable Supplies excludes paper and staples. j.Customer Assets means all hardware, equipment, fixtures, software, assets, networks, work space, facilities, services and other assets owned, leased, rented, licensed or controlled by Customer (including Existing Equipment and Existing Software) that Customer makes available to Xerox to enable Xerox to fulfill its obligations under an Order. 1031 of 1132 1036 ATTACHMENT B – Additional Terms applicable to all Non-University of California Entities Page 11 of 26 RT (11/2020) k.Customer Confidential Information means Confidential Information belonging to Customer and includes, without limitation, Customer Content and Private Information. l.Customer Content means documents, materials, or information that Customer provides in hard copy or electronic format to Xerox, containing information about Customer or its clients, in order for Xerox to provide Services, Maintenance Services, or Products. m.Customer Facilities means those facilities controlled by Customer where Xerox performs Services or provides Products. n.Customer Intellectual Property means all intellectual property and associated intellectual property rights including patent, trademark, service mark, copyright, trade dress, logo and trade secret rights which exist and belong to Customer as of the Effective Date or that may be created by Customer after the Effective Date, excluding Xerox Confidential Information. o.Data means data that the Xerox Tools and Xerox Client Tools automatically collect from all Equipment and Third Party Hardware that appears on Customer’s network, or that are locally connected to another device on Customer’s network, when such Tools are installed on Customer’s network. Examples of Data include product registration, meter read, supply level, device configuration and settings, software version, and problem/fault code data. p.Date of Installation means: (a) for Equipment (or Third Party Hardware) installed by Xerox, the date Xerox determines the Equipment (or Third Party Hardware) to be operating satisfactorily as demonstrated by successful completion of diagnostic routines and is available for Customer’s use; and (b) for Equipment (or Third Party Hardware) designated as “Customer Installable,” the Equipment (or Third Party Hardware) delivery date. q.Description of Services or DOS means a document attached to an Order which references the applicable Services Contract number and specifies the Products and/or Services provided under such Order. r.Diagnostic Software means Xerox-proprietary software embedded in or loaded onto Equipment and used by Xerox to evaluate or maintain the Equipment. s.Documentation means all manuals, brochures, specifications, information and software descriptions, and related materials customarily provided by Xerox to customers for use with certain Products or Services. t.Effective Date means the date this Agreement is signed by Xerox. u.Equipment means Xerox-brand equipment. v.Excluded Taxes means (i) taxes on Xerox’s income, capital, and employment, (ii) taxes for the privilege of doing business, and (iii) personal property tax on Equipment rented or leased to Customer under this Agreement. w.Existing Equipment means devices which are leased, rented or owned by the Customer outside of this Agreement, which are used to provide Services, and which remain subject to the terms and conditions of the agreements under which they were originally acquired. x.Existing Software means software licensed by the Customer outside of this Agreement and which is used to provide the Services and which remains subject to the terms and conditions of the agreements under which it was originally acquired. y.Feature Releases means new releases of Software that include new content or functionality. z.Force Majeure Event means a circumstance beyond a party’s reasonable control, which circumstances include, but are not limited to, the following: act of God (e.g., flood, earthquake, wind); fire; war; act of a public enemy or terrorist; act of sabotage; strike or other labor dispute; riot; misadventure of the sea; inability to secure materials and/or transportation; or a restriction imposed by legislation, an order or a rule or regulation of a governmental entity. aa.Funds means collectively Amortized Services and Third Party Funds. bb.Maintenance Releases or Updates means new releases of Software that primarily incorporate coding compliance updates and error fixes and are designated as “Maintenance Releases” or “Updates.” cc.Maintenance Services means required maintenance of Equipment to keep the Equipment in good working order. dd.Module means a specific set of terms and conditions contained in this Agreement that is identified as a “Module.” The Modules under this Agreement are the DEF, GEN, SVC, EQP, EP, MS and SW Modules. ee.Monthly Minimum Charge or MMC means the regular recurring Charge that is identified in an Order and which, along with any additional print/impression charges, covers the cost for the Services, Maintenance Services, and/or Products. The MMC may also include lease buyout funds, Funds, monthly equipment component amounts, remaining Customer obligations from previous contracts, and amounts being financed or refinanced. One-time items are billed separately from the MMC. 1032 of 1132 1037 ATTACHMENT B – Additional Terms applicable to all Non-University of California Entities Page 12 of 26 RT (11/2020) ff.Order means a document that Xerox requires for processing of orders for Services, Maintenance Services and/or Products hereunder, which may specify the contracting parties and location(s) where the foregoing will be provided; Customer’s requested shipment date; the Products that Customer will purchase, lease, rent or license; the Services and/or Maintenance Services that Xerox will provide; the applicable Charges and expenses; the term during which the Services, Maintenance Services and/or Products described therein shall be provided; the Xerox-provided contract number; and any applicable SLAs. An Order must reference the applicable Services Contract number, and may also be in the form of a Services and Solutions Order (“SSO”), a Xerox Order Agreement (“XOA”) (which is used solely for an outright purchase by Customer under the EP module of this Agreement) or a Customer-issued PO. A Statement of Work may be part of an Order but cannot function as a stand-alone ordering document. gg.Output of Services means electronic images created by scanning tangible documents containing Customer Content, all full or partial copies (tangible and intangible) of Customer Content, and all reports and other documentation, photographs, images, impressions, and other materials (tangible and intangible) created by Xerox and delivered to Customer under an Order, but shall not include Third Party Software, or Xerox Intellectual Property. hh.Privacy Laws means laws relating to data privacy and data protection as applicable to Xerox’s performance of the Services. ii.Private Information means Protected Health Information (“PHI”) as defined by the Health Insurance Portability and Accountability Act (“HIPAA”), Non-Public Personal Information (“NPI”) as defined by the Gramm-Leach Bliley Act (“GLBA”) and equivalent categories of protected health and financial information under applicable state Privacy Laws. jj.Products means Software, Equipment, Third Party Products and/or Consumable Supplies supplied by Xerox and provided to Customer pursuant to an Order. kk.Purchase Order or PO means a document containing the applicable Services Contract number that is issued by Customer to Xerox for Order entry purposes only. Any terms in a PO are not binding and are of no force or effect. ll.Purchased Equipment means Equipment or Third Party Hardware that Xerox sells outright to Customer under the EP Module. mm.Remote Data means data that is automatically collected by Xerox or transmitted to or from Xerox by Equipment or Third Party Products connected to Customer’s network. Examples of Remote Data include product registration, meter read, supply level, equipment configuration and settings, software version, and problem/fault code data. nn.Remote Data Access means electronic transmission of Remote Data to or from a secure offsite location. oo.Residuals means general ideas, concepts, know-how, methods, processes, technologies, algorithms or techniques related to the Services, which are in non-tangible form and retained in the unaided memory of persons who have had access to Confidential Information. pp.Service Level Agreements or SLAs means the levels of performance for the Services, if applicable, as set out in the applicable Order. qq.Services means managed services (e.g. copy center and mailroom services), consultative services, and/or professional services, including, but not limited to, assessment, document management, and managed and centralized print services, as more fully described in the applicable Order. Standard back-office administrative and contract support functions, such as billing, contract management and order processing, are not Services, but are included in the pricing provided for the Services hereunder. rr.Services Contract means the applicable terms and conditions of this Agreement, the first Order having a particular assigned Services Contract number, and each additional Order, if any, with the same Services Contract number. ss.Software means Base Software and Application Software. tt.Statement of Work or SOW means a document which references the applicable Services Contract number and specifies the details of a particular transaction where Customer wishes to acquire Services, Maintenance Services and/or Products from Xerox under this Agreement. uu.Supplier Equipment means devices which are supplied by Xerox to the Customer during the term of an Order. Supplier Equipment may be Equipment or Third Party Hardware. vv.Taxes means any and all taxes of any kind or nature, however denominated, imposed or collected by any governmental entity, including but not limited to federal, state, provincial, or local net income, gross income, sales, use, transfer, registration, business and occupation, value added, excise, severance, stamp, premium, windfall profit, customs, duties, real property, personal property, capital stock, social security, unemployment, disability, payroll, license, employee or other withholding, or other tax, of any kind 1033 of 1132 1038 ATTACHMENT B – Additional Terms applicable to all Non-University of California Entities Page 13 of 26 RT (11/2020) whatsoever, including any interest, penalties or additions to tax or additional amounts in respect of the foregoing. ww.Third Party Funds means funds Xerox provides to Customer to acquire Third Party Hardware or to license Third Party Software and/or to retire debt on existing Third Party Hardware. xx.Third Party Hardware means non-Xerox brand equipment. yy.Third Party Products means, collectively, Third Party Hardware and Third Party Software. zz.Third Party Software means non-Xerox brand software. aaa.Transaction Taxes means any and all Taxes that are required to be paid in respect of any transaction and resulting Charges under this Agreement and any transaction documents, including but not limited to sales, use, services, rental, excise, transaction-based gross receipts, and privilege Taxes. bbb.XDM Customer Views means a limited set of features such as printer error messages, basic printer status, troubleshoot (e.g., access printer web page, submit test page, reboot printer, retrieve audit logs) and upgrade printer (e.g., add upgrade file, delete upgrade file, run upgrade, delete upgrade task, restart upgrade task) that are available through the Xerox Tool known as Xerox Device Manager. ccc.Xerox Confidential Information means Confidential Information belonging to Xerox and includes, without limitation, whether marked as such or not, any services procedures manuals, Xerox Tools, Xerox Client Tools, and Xerox Intellectual Property. ddd.Xerox Client Tools means certain proprietary software used to provide certain Services, and any modifications, enhancements, improvements thereto and derivative works thereof that are licensed to Customer in accordance with GEN 1.8(d). eee.Xerox Intellectual Property means all intellectual property and associated intellectual property rights including patent, trademark, service mark, copyright, trade dress, logo and trade secret rights which exist and belong to Xerox as of the Effective Date or that may be created by Xerox after the Effective Date, including without limitation, Software, Data, Remote Data, Xerox Tools and Xerox Client Tools, and excluding Customer Confidential Information and Output of Services. fff.Xerox Products means Equipment, Software, and Consumable Supplies acquired pursuant to this Agreement. ggg.Xerox Tools means certain proprietary tools used by Xerox to provide certain Services, and any modifications, enhancements, improvements thereto and derivative works thereof. GENERAL MODULE GEN 1. – GENERAL The terms and conditions in this General (GEN) Module apply to all Services, Maintenance Services, and Products acquired by Customer under this Agreement. GEN 1.1– AGREEMENT STRUCTURE a.General Contract Structure.The parties intend for this Agreement to serve as a master agreement stating the terms and conditions governing separate transactions between (i) Xerox and Customer, and (ii) Xerox and Customer Affiliates. Xerox will provide, and Customer will procure, Services, Maintenance Services and/or Products in accordance with the terms and conditions stated in this Agreement, any Services Contract(s), and any applicable Orders. b.Orders and Services Contracts. i. Xerox may accept Orders either by its signature or by commencing performance. Xerox reserves the right to review and approve Customer’s credit, or in the case of an Order by a Customer Affiliate, such Affiliate’s credit, prior to acceptance of an Order and the entity placing the Order hereby authorizes Xerox or its agent to obtain credit reports from commercial credit reporting agencies for this purpose. If a Customer Affiliate establishes a Services Contract by placing an Order hereunder, it will be the “Customer” for the purposes of such Services Contract. ii. Orders for Services, Maintenance Services, and/or Products are grouped into Services Contracts. Each separate Services Contract will be established when the first Order is placed that bears a new Services Contract number assigned by Xerox and Xerox accepts that Order. Each Services Contract will be assigned its own Services Contract number that will consist of this Agreement’s number followed by a three digit extension. Each Services Contract constitutes a separate contract under this Agreement. Customer may add Services, Maintenance Services, or Products to an existing Services Contract by submitting additional Orders referencing the applicable Services Contract number. Each Services Contract will consist of the terms and 1034 of 1132 1039 ATTACHMENT B – Additional Terms applicable to all Non-University of California Entities Page 14 of 26 RT (11/2020) conditions of this Agreement, the first Order under the Services Contract number and each additional Order with the same Services Contract number. iii. Unless Customer provides notice in writing at least thirty (30) days before the end of the term of an Order of its intention not to renew, the Order will renew automatically on a month-to-month basis on the same terms and at the same price. iv. Orders may be submitted by hard copy or electronic means and those submitted electronically will be considered: (a) a “writing” or “in writing;” (b) “signed” by the Customer; (c) an “original” when printed from electronic records established and maintained in the ordinary course of business; and (d) valid and enforceable. GEN 1.2 – CHARGES, PAYMENT AND DEFAULT a.Charges.Charges for the particular Services, Maintenance Services, and/or Products will be set forth in an Order and are exclusive of any and all Transaction Taxes. Xerox’s then current overtime rates will apply to Services requested and performed outside Customer’s standard working hours. b.Payment. Customer agrees to pay Xerox all undisputed amounts due under each invoice via check, Automated Clearing House debit, Electronic Funds Transfer, or direct debit from Customer’s bank account within thirty (30) days after the invoice date. Restrictive covenants submitted for or with payment to indicate that it is in full satisfaction of an invoice will not operate as an accord and satisfaction to reduce Customer’s payment obligations if it is not, in fact, full payment. For any payment not received by Xerox within ten (10) days after the due date, Xerox may charge, and Customer agrees to pay, a late charge of the greater of $25 or five percent (5.0%) of the amount overdue (not to exceed the maximum amount permitted by applicable law) as reasonable collection costs. If Customer disputes any amount included in an invoice, then (i) Customer must notify Xerox of the dispute in writing, (ii) such notice shall include a description of the items Customer is disputing and the reason such items are being disputed; and (iii) Customer shall promptly exercise its best efforts to work with Xerox to resolve such dispute. Pending resolution of such disputed amount, Customer shall pay any and all undisputed amounts within thirty (30) days of invoice date, including the MMC which Customer agrees shall not be subject to dispute at any time. c.Default. Customer will be in default if Xerox does not receive any payment within fifteen (15) days after the date it is due, or if Customer breaches any other obligation under this Agreement, any Services Contract, or any other agreement with Xerox. If Customer, defaults, Xerox, in addition to its other remedies (including cessation of Services, Maintenance Services and/ or Consumable Supplies), may require immediate payment of (1) all amounts then due, plus interest on all amounts due from the due date until paid at the rate of 1.5% per month, and (2) any early termination charges set forth in this Agreement or in the applicable Services Contract and/or Order(s). Customer will pay all reasonable costs, including attorneys’ fees, incurred by Xerox to enforce any Services Contract. GEN 1.3 – TAXES a. Customer will be responsible for all Transaction Taxes. Transaction Taxes will be included in Xerox’s invoice unless Xerox receives proof of Customer’s tax-exempt status. Customer shall not be responsible for Excluded Taxes. GEN 1.4 – RESERVED. GEN 1.5 – RESERVED. GEN 1.6 – CUSTOMER RESPONSIBILITIES Customer agrees to perform its responsibilities under this Agreement in support of the Services, Maintenance Services, or Products in a timely manner. Customer agrees: a. that Products acquired hereunder are ordered for Customer’s (or its Affiliates’) own internal business use (rather than resale, license and/or distribution outside of Customer’s organization) and will not be used for personal, household or family purposes; b. to (1) provide Xerox and its agents with timely and sufficient access, without charge, to Customer Facilities required by Xerox to perform Services and Maintenance Services and/or provide Products, and (2) ensure that Customer Facilities are suitable for the Services, Maintenance Services and/or Products, safe for Xerox personnel, and fully comply with all applicable laws and regulations, including without limitation any federal, state and local building, fire and safety codes; c. to provide Xerox and its agents with timely and sufficient use of and access, without charge, to Customer Assets required by Xerox to perform Services and Maintenance Services and/or provide Products, and to grant Xerox and its agents sufficient rights to use, access and, if agreed, modify the same; d. to acquire or continue maintenance, repair and software support services, without charge to Xerox, for all Customer Assets that Customer permits Xerox to use or access; 1035 of 1132 1040 ATTACHMENT B – Additional Terms applicable to all Non-University of California Entities Page 15 of 26 RT (11/2020) e. to maintain the manufacturer’s maintenance agreement for any Third Party Products; f. to provide Xerox with access to appropriate members of Customer personnel, as reasonably requested by Xerox, in order for Xerox to perform the Services and Maintenance Services and/or provide Products; g. to respond to and provide such documentation, data and other information as Xerox reasonably requests in order for Xerox to perform the Services and Maintenance Services and/or provide Products; h. to contract for the minimum types and quantities of Equipment and Consumable Supplies required by Xerox to perform the Services and Maintenance Services; i. that, as between Xerox and Customer, Customer alone is responsible for backing up its Customer Content and Xerox shall not be responsible for Customer’s failure to do so; j. that as between Xerox and Customer, Customer alone is responsible for determining whether Customer Content provided to Xerox (i) is libelous, defamatory or obscene, or (ii) may be duplicated, scanned or imaged without violating a third party’s intellectual property rights; and k. to provide contact information for Equipment such as name and address of Customer contact. GEN 1.7– WARRANTIES a.Mutual Warranties. Each party represents and warrants to the other, as an essential part of this Agreement, that: i. it is duly organized and validly existing and in good standing under the laws of the state or country of its incorporation or formation; ii. this Agreement and the Orders hereunder have been duly authorized by all appropriate corporate action for signature; and iii. the individual signing this Agreement, and all Orders (where applicable), is duly authorized to do so. b.Xerox Warranties. i. Services Warranty. Xerox warrants to the Customer that the Services will be performed in a professional and workmanlike manner by Xerox personnel with appropriate training, experience and skills in accordance with the applicable Order. If the Services do not comply with the SLAs or other requirements set forth in the applicable Order, Customer will notify Xerox in writing detailing its concerns and, within 10 days following Xerox’s receipt of such notice, Xerox and Customer will meet, clarify the Customer’s concern(s), and begin to develop a corrective action plan. As Customer’s exclusive remedy under this warranty for Xerox’s non-compliance with this warranty, Xerox will either modify the Services to comply with the applicable SLAs or other requirements or re-do the work at no additional charge within 60 days of finalizing the plan or another time period agreed to in writing by the parties. ii. Equipment Warranty. Any Equipment warranty to which Customer is entitled shall commence upon the Date of Installation. Use by Customer of consumables not approved by Xerox that affect the performance of the Equipment may invalidate any applicable warranty. iii. Third Party Product Warranty. Where Xerox in its sole discretion selects and supplies Third Party Products, Xerox warrants they will operate substantially in conformance with applicable SLAs or other requirements in the Order. Customer’s sole remedy for breach of this warranty is to return the Third Party Product to Xerox and then receive a refund of any fees paid for such non-conforming Third Party Product, less a reasonable usage fee. If Customer requests a specific Third Party Product, Xerox will pass-through as permitted any third party warranties. iv. Exclusions. Xerox shall not be responsible for any delay or failure to perform the Services or provide Products, including achieving any associated SLAs or other requirements in the applicable SOWs, DOSs or Orders, to the extent that such delay or failure is caused by: (a) Customer’s failure or delay in performing its responsibilities under this Agreement; (b) reasons outside Xerox’s reasonable control, including Customer Assets, Customer Content, or delays or failures by Customer’s agents, suppliers or providers of maintenance and repair services for Customer Assets; or (c) unauthorized modifications to Equipment, Third Party Hardware or the Output of Services. c.Disclaimer. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THE EXPRESS WARRANTIES SET FORTH IN THIS AGREEMENT ARE IN LIEU OF ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, AND XEROX DISCLAIMS AND CUSTOMER WAIVES ALL OTHER WARRANTIES INCLUDING ANY WARRANTY OF MERCHANTABILITY, NON-INFRINGEMENT, OR FITNESS FOR A PARTICULAR PURPOSE. EXCEPT AS EXPRESSLY PROVIDED HEREIN AND AS 1036 of 1132 1041 ATTACHMENT B – Additional Terms applicable to all Non-University of California Entities Page 16 of 26 RT (11/2020) PERMITTED BY APPLICABLE LAW, CUSTOMER WAIVES ALL RIGHTS AND REMEDIES CONFERRED UPON A LESSEE BY ARTICLE 2A OF THE UNIFORM COMMERCIAL CODE. d. The warranties set forth in this Agreement are expressly conditioned upon the use of the Services, Products and Output of Services for their intended purposes in the systems environment for which they were designed and shall not apply to any Services, Products or Output of Services which have been subject to misuse, accident or alteration or modification by Customer or any third party. GEN 1.8 – INTELLECTUAL PROPERTY OWNERSHIP a.Customer Intellectual Property. Customer grants to Xerox a non-exclusive, royalty-free, fully-paid up, worldwide license to use Customer Intellectual Property, Customer Content and Output of Services only for purposes of, and only to the extent required for, providing Services, Maintenance Services or Products under this Agreement. Xerox agrees not to decompile or reverse engineer any Customer Intellectual Property. Except as expressly set forth in this Agreement, no rights to any Customer Intellectual Property are granted to Xerox. b.Ownership of Output of Services and License to Xerox Intellectual Property. Except to the extent that the Output of Services may incorporate any Xerox Intellectual Property, the Output of Services shall be the sole and exclusive property of Customer. To the foregoing extent, Xerox hereby assigns, grants, conveys, and transfers to Customer all rights in and to the Output of Services for the applicable Order. To the extent that the Output of Services may incorporate any Xerox Intellectual Property, Xerox grants Customer a non- exclusive, perpetual, fully paid-up, worldwide right to use, display, and reproduce the Xerox Intellectual Property only as required for use of the Output of Services for Customer’s customary business purposes and not for resale, license or distribution outside of Customer’s organization. If XDM Customer Views are to be provided under a SOW, Xerox grants Customer a limited license to access and use the XDM Customer Views only for the purpose of receiving Services under the SOW. Customer agrees not to decompile or reverse engineer any Xerox Intellectual Property. Except as expressly set forth in this Agreement, no rights to any Xerox Intellectual Property are granted to Customer. c.Xerox Tools. Xerox Tools may be used by Xerox to provide certain Services. Xerox and its licensors will at all times retain all right, title and interest in and to Xerox Tools including without limitation, all intellectual property rights therein, and, except as expressly set forth herein, no rights to use, access or operate the Xerox Tools are granted to Customer. Xerox Tools will be installed and operated only by Xerox or its authorized agents. Customer will not decompile or reverse engineer any Xerox Tools, or allow others to engage in same. Customer will have access to Data and reports generated by the Xerox Tools and stored in a provided database as set forth in the applicable SOW. Xerox may remove Xerox Tools at any time in Xerox’s sole discretion, provided that the removal of Xerox Tools will not affect Xerox’s obligations to perform Services, and Customer shall reasonably facilitate such removal. d.Xerox Client Tools.Xerox grants to Customer a non-exclusive, non-transferable, non-assignable (by operation of law or otherwise) license to install, use and access the Xerox Client Tools only for the purpose of receiving the Services for which they were provided. Customer may not: (i) distribute, copy, modify, create derivatives of, decompile, or reverse engineer the Xerox Client Tools, except as permitted by applicable law; or, (ii) allow others to engage in same. Title to the Xerox Client Tools and all intellectual property rights therein shall, at all times, reside solely with Xerox and its licensors. Certain Xerox Client Tools may be subject to mandatory third party flow-down terms and conditions, which will be provided separately. e.Data Collection and Use. Data collected by the Xerox Tools is transmitted by a Xerox Tool to a remotely hosted server that hosts other Xerox Tools. The automatic data transmission capability will not allow Xerox to read, view or download any Customer documents or other information residing on or passing through the Equipment or Third Party Hardware or Customer’s information management systems. GEN 1.9 – INDEMNIFICATION a.General Indemnification.Xerox, if promptly notified and given the right to control the defense, shall indemnify, defend and hold harmless the Customer, its Affiliates, and their respective officers, directors, employees, agents, successors and assigns, from and against all claims by a third party for losses, damages, costs or liability of any kind (including expenses and reasonable legal fees) that a court finally awards such party (“Claims”) for bodily injury (including death) and damage to real or tangible property, to the extent proximately caused by Xerox’s negligent acts or omissions, or willful misconduct in connection with this Agreement. b.Xerox Indemnification.Xerox shall, if promptly notified by Customer (or its Affiliate(s)) and given the right to control the defense, indemnify, defend and hold harmless Customer, its Affiliates and their respective officers, directors, employees, agents successors and assigns, for all Claims that Xerox Products or Customer’s use of the Services provided by Xerox under this Agreement infringe a U.S. patent, copyright or other intellectual property right. Notwithstanding anything to the contrary herein, Xerox shall have no 1037 of 1132 1042 ATTACHMENT B – Additional Terms applicable to all Non-University of California Entities Page 17 of 26 RT (11/2020) obligation under this Section GEN 1.9(b)to the extent any Claim is based on or arises out of any (i) Services performed using Customer Assets, Customer Content or other materials provided to Xerox by Customer for which Customer failed to provide sufficient rights to Xerox; (ii) infringement by Services resulting from Customer’s direction, specification or design, (iii) modification or alteration to such Xerox Products or Services not approved in writing by Xerox; (iv) any combination or use of the Xerox Products or Services not approved in writing by Xerox; (v) use of the Xerox Products or Services not in accordance with the applicable Documentation; or (vi) Customer’s failure to use corrections or enhancements to the Xerox Products provided by Xerox. If a Claim is made or appears likely to be made pursuant to this Section GEN 1.9(b), Customer agrees to permit Xerox, at Xerox’s sole option and expense, to obtain the right to enable Customer to continue to use such Xerox Products, to make them non-infringing or to replace them with items that are at least functionally equivalent. If Xerox determines that none of these alternatives is reasonably available, Customer agrees to return such Xerox Products to Xerox upon Xerox’s written request. Xerox will then give Customer a refund equal to the amount Customer paid Xerox for such Xerox Products less a reasonable usage fee. c. Xerox is not responsible for any litigation expenses of the Customer or any settlements unless it pre- approves them in writing. GEN 1.10 – LIMITATION OF LIABILITY Except as prohibited by law, the following limitations apply: a.NO CONSEQUENTIAL DAMAGES. SUBJECT TO SECTION GEN 1.10(c), IN NO EVENT WILL EITHER PARTY OR ITS AFFILIATES OR THEIR RESPECTIVE OFFICERS, DIRECTORS, EMPLOYEES OR AGENTS BE LIABLE TO THE OTHER PARTY OR ITS AFFILIATES OR THEIR RESPECTIVE OFFICERS, DIRECTORS, EMPLOYEES OR AGENTS FOR ANY INDIRECT, INCIDENTAL, EXEMPLARY, PUNITIVE, SPECIAL OR CONSEQUENTIAL DAMAGES, INCLUDING WITHOUT LIMITATION, DAMAGES FOR LOST PROFITS, REGARDLESS OF THE FORM OF ACTION, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE) OR OTHERWISE, AND EVEN IF SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. b.LIMITATION ON RECOVERY. SUBJECT TO SECTION GEN 1.10(c), THE TOTAL AGGREGATE LIABILITY OF EITHER PARTY (AND ITS AFFILIATES AND THEIR RESPECTIVE OFFICERS, DIRECTORS, EMPLOYEES OR AGENTS) FOR DIRECT DAMAGES ARISING OUT OF OR IN ANY WAY CONNECTED TO THIS AGREEMENT, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), OR OTHERWISE, WILL BE LIMITED TO AN AMOUNT EQUAL TO THE AMOUNT OF ALL CHARGES PAID BY CUSTOMER TO XEROX UNDER THE ORDER UNDER WHICH THE CLAIM AROSE (LESS PASS THROUGH EXPENSES SUCH AS, WITHOUT LIMITATION, POSTAGE) IN THE TWELVE (12) MONTHS PRIOR TO THE DATE UPON WHICH THE CLAIM AROSE.THE EXISTENCE OF MULTIPLE CLAIMS OR SUITS UNDER OR RELATED TO THIS AGREEMENT AND ANY ORDERS HEREUNDER WILL NOT ENLARGE OR EXTEND THIS LIMITATION OF DAMAGES. NOTWITHSTANDING THE FOREGOING, NOTHING SET FORTH IN THIS SECTION GEN 1.10(b) SHALL LIMIT CUSTOMER’S OBLIGATION TO PAY XEROX ALL CHARGES AND EXPENSES FOR PRODUCTS AND SERVICES PROVIDED UNDER THIS AGREEMENT. c.EXCEPTIONS.THE LIMITATIONS SET FORTH IN SECTION GEN 1.10 SHALL NOT APPLY WITH RESPECT TO: i. THE SPECIFIC INDEMNITY OBLIGATIONS SET OUT IN THIS AGREEMENT; ii. EITHER PARTY’S WILLFUL MISCONDUCT, GROSS NEGLIGENCE OR FRAUD; iii. BODILY INJURY OR DEATH CAUSED BY A PARTY’S NEGLIGENCE OR WILLFUL MISCONDUCT OR THAT OF ITS EMPLOYEES, AGENTS OR SUBCONTRACTORS; OR iv. A PARTY EXCEEDING ITS RIGHTS, IF ANY, TO THE OTHER PARTY’S INTELLECTUAL PROPERTY OR MISAPPROPRIATING OR INFRINGING THE OTHER PARTY’S INTELLECTUAL PROPERTY RIGHTS AS GRANTED UNDER THIS AGREEMENT. GEN 1.11 – TERM AND TERMINATION This Agreement shall commence on the Effective Date and shall continue for a term of months, and continue on a month-to-month basis thereafter until expressly renewed by mutual written agreement or terminated by either party upon thirty (30) days’ written notice. Upon termination, Customer shall permit Xerox to enter Customer Facilities for purposes of removing the Products, Xerox Tools, and/or Xerox Client Tools. Each Order hereunder shall have its own term, which shall be stated in the Order. In the event that the University of California Master Agreement expires or is terminated, this Agreement and all Services Contracts and Orders thereunder that are in effect at that time shall remain in full force and effect until their expiration or termination, and continue under the same terms and conditions as if the University of California Master Agreement Contract were still in effect. In the event this Agreement expires or is terminated, each Services Contract in effect at that time shall remain in full force and effect until the expiration or 1038 of 1132 1043 ATTACHMENT B – Additional Terms applicable to all Non-University of California Entities Page 18 of 26 RT (11/2020) termination of all Orders constituting such Services Contract (including any extensions or renewals thereof) and shall at all times be governed by, and be subject to, the terms and conditions of this Agreement as if this Agreement were still in effect. Termination of any Order shall not affect this Agreement or any other Orders then in effect. Notwithstanding any other provision in the Agreement to the contrary, should an Order be terminated prior to expiration for any reason or a unit of Third Party Hardware or any Third Party Software for which Third Party Funds have been provided is removed or replaced prior to expiration, Customer agrees to pay to Xerox, in addition to any other amounts owed under said Order, an amount equal to the remaining principal balance of the Funds together with a 15% disengagement fee, for loss of bargain and not as a penalty. GEN 1.12– CONFIDENTIALITY a.Obligation. Customer and Xerox acknowledge that, during the term of this Agreement and any Order hereunder, each party (or its Affiliates) may be provided with or have access to, certain Confidential Information belonging to the other party (or its Affiliates). The parties will ensure that their employees comply with their respective corporate policies and procedures regarding the disclosure of Confidential Information. The parties agree to use the Confidential Information provided under this Agreement only for purposes directly related to the performance of obligations and use of rights granted under this Agreement. The receiving party may not disclose Confidential Information to third parties unless such third party has a need to know such Confidential Information in order to perform under this Agreement and has agreed in writing to be bound by terms no less restrictive than those set forth herein. Each party shall be responsible for any breaches of the obligations in this Section by its employees and such third parties. The receiving party shall protect the disclosing party’s Confidential Information with the same degree of care that it uses to protect its own confidential information of like importance, but not less than reasonable care. Each party agrees not to disclose the terms and conditions of this Agreement, all Services Contracts and Orders, and any attachments and exhibits thereto, without the other party’s prior written consent. Xerox may use Customer as a reference with other customers, including in marketing materials. Xerox may disclose the identity and address of Customer to Xerox’s third party licensors if contractually required for royalty reporting purposes. b.Exclusions. The obligations of confidentiality will not apply to any Confidential Information that: (1) was in the public domain prior to, at the time of, or subsequent to the date of disclosure through no fault of the receiving party; (2) was rightfully in the receiving party’s possession or the possession of any third party free of any obligation of confidentiality; or (3) was developed by the receiving party’s employees independently of and without reference to any of the other party’s Confidential Information. c.Return of Information. Upon termination or expiration of this Agreement or an Order, except as otherwise set forth hereunder, each party shall cease use of the other party’s Confidential Information and other data and, upon request, shall (1) return all such Confidential Information and any copies thereof, or (2) permanently destroy such Confidential Information and certify that such Confidential Information has been so destroyed; provided, however, that any obligations regarding removal of Customer Confidential Information stored on hard drives on Equipment owned by Xerox and any costs associated with such removal will be set forth in the applicable Order. d.Disclosure under Legal Requirement. If the recipient of Confidential Information is required to disclose Confidential Information pursuant to a court order or by law or regulation, that party will (1) notify the disclosing party of the obligation to make such disclosure, and (2) reasonably cooperate with the disclosing party if the disclosing party seeks a protective order, but any costs incurred by the receiving party will be reimbursed by the disclosing party, except for costs of the receiving party’s employees. e.Duration of Confidentiality Obligation. Except for Private Information and Xerox Intellectual Property, the obligations set forth in this Section shall continue for one (1) year after termination or expiration of this Agreement or the Order under which such Confidential Information was disclosed, whichever occurs later. The duration of confidentiality obligations with respect to Private Information shall be governed by applicable Privacy Laws. Confidentiality obligations with respect to Xerox Intellectual Property shall continue so long as it continues to be Xerox trade secrets. f.Residual Rights. Each party understands that the other party shall be free to use for any purpose the Residuals resulting from access to Confidential Information as a result of the performance of its obligations under an Order, provided that such party shall maintain the confidentiality of such Confidential Information as provided herein. Neither party shall pay royalties for the use of Residuals. However, the foregoing shall not be deemed to grant either party a license under the other party’s copyrights or patents. GEN 1.13– DATA PROTECTION/PRIVACY a. To the extent that Privacy Laws are applicable to Customer and Xerox in connection with the performance of Services, each party agrees to comply with the applicable provisions of such Privacy Laws. b. Xerox has adopted reasonable physical, technical, and organizational safeguards designed to prevent accidental, unauthorized, or unlawful loss, disclosure, access, transfer or use of Private Information. Xerox 1039 of 1132 1044 ATTACHMENT B – Additional Terms applicable to all Non-University of California Entities Page 19 of 26 RT (11/2020) will promptly notify Customer in the event of any known unauthorized or unlawful loss, disclosure, access, transfer, or use of Private Information. GEN 1.14 – GOVERNING LAW AND JURISDICTION This Agreement, each respective Order, and any dispute or claim arising out of or in connection with this Agreement or such Order, shall be governed by and construed in accordance with the laws of California without regard to its conflict of laws provisions and submitted to the exclusive jurisdiction of the federal and state courts of California. GEN 1.15 – RESERVED. GEN 1.16– FORCE MAJEURE Except for Customer’s absolute and unconditional obligation to make all required payments of any amounts not properly disputed under this Agreement, neither Customer nor Xerox shall be liable to the other party during any period in which its performance is delayed or prevented, in whole or in part, by a Force Majeure Event. If such a circumstance occurs, the party whose performance is delayed or prevented shall undertake reasonable action to notify the other party thereof. GEN 1.17 – INSURANCE COVERAGE Xerox shall maintain the following limits of insurance coverage during the term of this Agreement: 1. Where required by law, Workers Compensation, at statutory limits; 2. Employers Liability, with $1,000,000 USD limit of liability or at statutory limits, whichever is greater; 3. Commercial General Liability, including Products - Completed Operations coverage and Broad Form Contractual, with $2,000,000 USD limit of liability per occurrence for Bodily Injury and Property Damage; and, 4. Where applicable, Automobile Liability, with a combined single limit of liability of $2,000,000 USD per accident or at statutory limits, whichever is greater. GEN 1.18 – FUNDING (this provision applies to state & local government Customers only) Customer represents and warrants that all payments due and to become due during Customer’s current fiscal year are within the fiscal budget of such year and are included within an unrestricted and unencumbered appropriation currently available for the acquisition of the Products, and it is Customer’s intent to use the Products for the entire initial term and to make all payments required under the Agreement or an Order. If (i) through no action initiated by Customer, Customer’s governing body does not appropriate funds for the continuation of the Agreement or an Order for any fiscal year after the first fiscal year and has no funds to do so from other sources, and (ii) Customer has made a reasonable but unsuccessful effort to find an assignee within Customer’s general organization who can continue the Agreement or an Order, the Agreement or the Order may be terminated. To effect this termination, Customer must, 30 days prior to the beginning of the fiscal year for which Customer’s governing body does not appropriate funds for the upcoming fiscal year, notify Xerox that Customer’s governing body failed to appropriate funds and that Customer has made the required effort to find an assignee. Customer’s notice must certify that canceled Equipment is not being replaced by equipment performing similar functions during the ensuing fiscal year. Customer agrees to release the Equipment to Xerox and, when returned, the Equipment will be in good condition and free of all liens and encumbrances. Customer will then be released from any further payments obligations beyond those payments due for the current fiscal year. GEN 1.19– COMPLIANCE WITH LAWS AND POLICIES Xerox and Customer shall comply with all applicable laws and regulations in the performance of their respective obligations under this Agreement. Xerox agrees to comply with Customer’s internal policies regarding security and safety at Customer Facilities that are reasonable and customary under the circumstances and which do not conflict with the terms of this Agreement. Customer agrees to provide Xerox with reasonable prior written notice of such policies and any changes to such policies. If a change in Customer policy results in incremental costs to Xerox, Xerox may, upon providing notice to Customer, pass such costs on to Customer. GEN 1.20 – MISCELLANEOUS a.Copies of Agreement. Except as required by law, both parties agree that any reproduction of this Agreement made by reliable means (for example, photocopy or facsimile) shall be considered an original. Xerox may retain a hardcopy, electronic image, photocopy, or facsimile of this Agreement and each Order hereunder, which shall be considered an original and shall be admissible in any action to enforce said Agreement or Order. b.Amendment. All changes to this Agreement must be made in a writing signed by Customer and Xerox. Any amendment of this Agreement shall not affect the obligations of either party under any then-existing Orders, which shall continue in effect unless the amendment expressly states that it applies to such existing Orders. An amendment to a Services Contract shall reference the number of the Services Contract that it amends. 1040 of 1132 1045 ATTACHMENT B – Additional Terms applicable to all Non-University of California Entities Page 20 of 26 RT (11/2020) c.No Waiver; Severability; Survival. The failure by Customer or Xerox to insist upon strict performance of any of the terms and conditions in this Agreement or to exercise any rights or remedies will not be construed as a waiver of the right to assert those rights or to rely on that term or condition at any time thereafter. If any provision is held invalid by any arbitrator or any court under applicable law, such provision shall be deemed to be restated as nearly as possible to reflect the original intention of the parties in accordance with applicable law. The remainder of this Agreement shall remain in full force and effect. Any terms and conditions of this Agreement or any Order which by their nature extend beyond the termination or expiration of the Agreement or Order will survive such termination or expiration. d.Independent Contractors. Xerox shall perform all Services hereunder in the capacity of independent contractor and not as Customer's employee, agent, or representative. Xerox employees shall not be entitled to privileges of employment that Customer may provide to Customer's employees, and Xerox shall be responsible for payment of all unemployment, social security, federal (state and local, as necessary) and other payroll taxes in regard to its employees involved in the performance of the Services. Neither of the parties, nor their respective employees or Affiliates, shall be authorized to conclude contracts in the name of the other party, or to act or appear as a representative of the other, whether in performing the Services or otherwise. e.No Hiring.During the term of an Order under which Xerox is providing Services and for a period of one (1) year thereafter, Customer and Xerox each agree not to hire, solicit, or employ any of the other’s personnel who have been engaged in the provision of services or the performance of this Agreement, unless prior written consent is obtained from the other party. Such prohibition shall not apply to hiring as a result of general public solicitations of employment. Should one of the parties hire the other party’s personnel in violation of this Agreement, the violating party shall immediately pay to the other, as liquidated damages and as the sole remedy for such violation, an amount equal to such personnel’s then current annual compensation (or the amount paid to such person during the previous twelve (12) months in the case of an independent contractor). f.Assignment. Except for Xerox’s assignment to an Affiliate or to a third party for the purposes of securitizing or factoring, neither party may assign this Agreement and any Order(s) hereunder without the prior written consent of the other party. In the event of a permitted assignment by Xerox, each successive assignee of Xerox will have all of the rights but none of the obligations of Xerox pursuant to this Agreement. Customer will continue to look to Xerox for performance of Xerox’s obligations hereunder and Customer hereby waives and releases any assignees of Xerox from any such claim. Customer will not assert any defense, counterclaim, or setoff that Customer may have or claim against Xerox against any assignee of Xerox. g.Communication Authorization.Customer authorizes Xerox or its agents to communicate with Customer by any electronic means (including cellular phone, email, automatic dialing, and recorded messages) using any phone number (including cellular) or electronic address that Customer provides to Xerox. h.Limitation on Charges.In no event will Xerox charge or collect any amounts in excess of those allowed by applicable law. Any part of an Order that would, but for this Section, be construed to allow for a charge higher than that allowed under any applicable law, is limited and modified by this Section to limit the amounts chargeable under such Order to the maximum amount allowed by law. If, in any circumstances, an amount in excess of that allowed by law is charged or received, such charge will be deemed limited to the amount legally allowed and the amount received by Xerox in excess of that legally allowed will be applied to the payment of amounts owed or will be refunded to Customer. i.Order of Precedence; Entire Agreement. This Agreement, including all schedules, attachments, exhibits and amendments hereto and the Services Contract(s) hereunder, constitutes the entire agreement between the parties as to the subject matter and supersedes all prior and contemporaneous oral and written agreements regarding the subject matter hereof and neither party has relied on or is relying on any other information, representation, discussion or understanding in entering into and completing the transactions contemplated in this Agreement. The parties agree that except as expressly set forth in this Agreement, in the event of any conflict between terms and conditions, the order of precedence shall be this Agreement, the applicable Orders under the Services Contract (excluding Customer POs), and the SOW or DOS, as applicable. If a term in this Agreement expressly provides for a term in an Order to take precedence, such provision in the Order shall prevail to the extent of any conflict. Notwithstanding the foregoing, provisions in the General Module of this Agreement related to: (1) Section GEN 1.8 (Intellectual Property Ownership); (2) Section GEN 1.9 (Indemnification); (3) Section GEN 1.10 (Limitation of Liability); (4) Section GEN 1.12 (Confidentiality); and (5) Section GEN 1.3 (Taxes), will prevail over conflicting provisions in any other contractual document. 1041 of 1132 1046 ATTACHMENT B – Additional Terms applicable to all Non-University of California Entities Page 21 of 26 RT (11/2020) SERVICES MODULE SVC 1 – TERMS AND CONDITIONS SPECIFIC TO SERVICES In addition to the terms and conditions in the General (GEN) Module, the following terms and conditions apply to Xerox’s performance of Services. SVC 1.1 – SCOPE OF SERVICES Subject to the terms and conditions of this Agreement, Services will be performed by Xerox and/or its Affiliates in accordance with the requirements set forth in an Order. If Customer fails to perform or is delayed in performing any of its responsibilities under this Agreement, such failure or delay may prevent Xerox from being able to perform any part of the Services or Xerox-related activities. Xerox shall be entitled to an extension or revision of the applicable term of the Order (which may include setting a new expected date for commencement of Services) or to an equitable adjustment in performance metrics associated with such failure or delay. SVC 1.2 –CHARGES FOR SERVICES Charges for Services are set forth in the applicable Order. Charges are based upon information exchanged between Customer and Xerox, which is assumed to be complete and accurate, and also depend upon other factors such as the timely performance by Customer of its responsibilities. If: (a) such information should prove to be incomplete or inaccurate in any material respect; or (b) there is a failure or delay by the Customer in performing its responsibilities under this Agreement or an Order which results in Xerox incurring a loss or additional cost or expense, then the charges shall be adjusted to reflect proportionately the impact of such materially incomplete or inaccurate information or such failure or delay. Charges that are indicated in an Order as being fixed are not subject to an annual percentage escalation for the initial term of such Order. If Xerox provides Services partially or early (for example, prior to the start of the initial term of an Order), Xerox will bill Customer on a pro rata basis, based on a thirty (30) day month, and the terms and conditions of this Agreement will apply. SVC 1.3 – USE OF SUBCONTRACTORS Xerox may, when it reasonably deems it appropriate to do so, subcontract any portion of the Services. Xerox shall remain responsible for any Services performed by subcontractors retained by Xerox to the same extent as if such Services were performed by Xerox. SVC 1.4 – SERVICES SCOPE CHANGES Except as otherwise set forth in an Order, either party may propose to modify the then-existing Services that are described in an Order, or to add new Services under a Services Contract. If Xerox determines such changes are feasible, Xerox will prepare and propose to Customer an Order incorporating the requested changes and any related impact to the Charges or terms. Once Customer executes and Xerox accepts the Order, Xerox will promptly proceed with the new and/or revised Services in accordance with the terms of the Order and this Agreement. SVC 1.5 – EARLY TERMINATION OF SERVICES AND LABOR Except as otherwise set forth in a Services Contract, upon ninety (90) days prior written notice, Customer may terminate or reduce any Services or labor provided pursuant to an Order without incurring early termination charges except as set forth in the next sentence. Notwithstanding the foregoing, if any such Services or labor provided under an Order are terminated (a) by Xerox due to Customer’s default or (b) by Customer and Customer acquires similar services from another supplier within six (6) months of the termination of such Services or labor, Customer shall pay all amounts due as of the termination date, together with the early termination charges, for loss of bargain and not as a penalty, stated in the Order or, if not specifically stated therein, an amount equal to the then current MMC for said terminated or reduced Services or labor multiplied by the number of months remaining in the term of the related Order, not to exceed six (6) months. EQUIPMENT MODULE EQP 1 –TERMS AND CONDITIONS SPECIFIC TO EQUIPMENT & THIRD PARTY HARDWARE In addition to the terms and conditions in the General (GEN) Module, the following terms and conditions apply to Equipment and Third Party Hardware provided to Customer. EQP 1.1 – TERM AND DATE OF INSTALLATION The term for each unit of Equipment shall be the term stated on the applicable Order, with the commencement date based upon the actual Date of Installation. If the Date of Installation for a unit of Equipment is prior to the applicable Order start date, Xerox will bill the Customer for such Equipment on a pro rata basis, based on a thirty (30) day month, and the terms and conditions of this Agreement and the applicable Services Contract will apply as of the Date of Installation. EQP 1.2 – DELIVERY AND REMOVAL AND SUITABILITY OF CUSTOMER FACILITIES 1042 of 1132 1047 ATTACHMENT B – Additional Terms applicable to all Non-University of California Entities Page 22 of 26 RT (11/2020) Xerox will be responsible for all standard delivery charges for Equipment and Third Party Hardware and, for Equipment or Third Party Hardware for which Xerox holds title, standard removal charges. Non-standard delivery or removal charges (including removal prior to the end of the term for any Equipment) will be at Customer’s expense. The suitability of Customer Facilities for installation of Equipment or Third Party Hardware, including compliance with state and local building, fire and safety codes and any non-standard state or local installation requirements, is Customer’s responsibility. EQP 1.3 – EQUIPMENT STATUS Unless Customer is acquiring previously installed equipment, Equipment will be either: (a) “Newly Manufactured,” which may contain some recycled components that are reconditioned; (b) “Factory Produced New Model” which is manufacturedand newly serialized at a Xerox factory, adds functions and features to a product previously disassembled to a Xerox predetermined standard, and contains new components and recycled components that are reconditioned; or (c) “Remanufactured,” which has been factory produced following disassembly to a Xerox predetermined standard and contains both new components and recycled components that are reconditioned. Xerox makes no representations as to the status of any Third Party Hardware that Xerox may provide under any Order. EQP 1.4 – CONSUMABLE SUPPLIES If specified in an Order, Xerox will provide Consumable Supplies for related Equipment. Consumable Supplies are Xerox’s property until used in the Equipment for which they are provided. Upon expiration or termination of the applicable Order, Customer will either return any unused Consumable Supplies to Xerox at Xerox’s expense when using Xerox-supplied shipping labels, or destroy them in a manner permitted by applicable law. Xerox reserves the right to charge Customer for any Consumable Supplies usage that exceeds Xerox’s published yields by more than ten percent (10%). In such a case, Xerox will notify Customer of the excess usage. If such excess usage does not cease within thirty (30) days after notice, Xerox may charge Customer for the excess usage. If Xerox provides paper under a Services Contract, upon thirty (30) days’ notice, Xerox may adjust paper pricing or either party may terminate the provision of paper. EQP 1.5 – USE AND RELOCATION For any Equipment or Third Party Hardware provided by Xerox, with the exception of Purchased Equipment for which Customer has paid in full, Customer agrees that: (a) the Equipment or Third Party Hardware shall remain personal property; (b) Customer will not attach any of the Equipment or Third Party Hardware as a fixture to any real estate; (c) Customer will not pledge, sub-lease or part with possession of the Equipment or Third Party Hardware or file or permit to be filed any lien against the Equipment or Third Party Hardware; and (d) Customer will not make any permanent alterations to the Equipment or Third Party Hardware. While Equipment or Third Party Hardware is subject to an Order, Customer must provide Xerox prior written notice of all Equipment or Third Party Hardware relocations and Xerox may arrange to relocate the Equipment or Third Party Hardware at Customer’s expense. While Equipment or Third Party Hardware is being relocated, Customer remains responsible for making all payments to Xerox required under the applicable Order. All parts or materials replaced, including as part of an upgrade, will become Xerox’s property. Equipment or Third Party Hardware cannot be relocated outside of the U.S. until Customer has paid in full for the Equipment or Third Party Hardware and has received title thereto. Notwithstanding anything to the contrary in the foregoing, to the extent the Equipment contains any Software, any relocation of such Equipment is subject to the terms and conditions set forth in the Software License Module of this Agreement. EQP 1.6 – SUPPLIER EQUIPMENT PROVIDED In the event Xerox provides Supplier Equipment to Customer, the following terms shall apply unless otherwise specified in an Order: a. Unless Supplier Equipment is purchased by Customer, Xerox (or the applicable third party vendor) shall at all times retain title to the Supplier Equipment. Customer hereby authorizes Xerox or its agents to file financing statements necessary to protect Xerox’s rights to Supplier Equipment. Each party will promptly notify the other, in writing, of any change in ownership, or if it relocates its principal place of business, or changes the name of its business. The risk of loss for the Supplier Equipment shall pass to Customer upon delivery to the applicable Customer Facilities. Customer will insure the Supplier Equipment against loss or damage and the policy will name Xerox as loss payee. b. Customer agrees to use the Supplier Equipment in accordance with, and to perform, all operator maintenance procedures for the Supplier Equipment described in the applicable Documentation made available or provided by Xerox. The Customer shall not (unless the Supplier Equipment is Purchased Equipment, and then only with Xerox’s prior consent): i. sell, charge, let or part with possession of the Supplier Equipment; ii. remove the Supplier Equipment from Customer Facilities in which it is installed; or iii. make any changes or additions to the Supplier Equipment. 1043 of 1132 1048 ATTACHMENT B – Additional Terms applicable to all Non-University of California Entities Page 23 of 26 RT (11/2020) c.Early Termination.Equipment is provided for a minimum order term (as specified in the applicable Order per EQP 1.1 above). If Equipment is terminated for any reason before the end of its minimum order term, the termination charges set forth in the applicable Order or Services Contract for such Equipment shall apply. EQP 1.7 – DATA SECURITY Certain models of Equipment can be configured to include a variety of data security features. There may be an additional cost associated with certain data security features. The selection, suitability and use of data security features are solely Customer’s responsibility. Upon request, Xerox will provide additional information to Customer regarding the security features available for particular Equipment models. EQP 1.8 – REMOTE SERVICES FOR EQUIPMENT Certain models of Equipment are supported and serviced using Remote Data Access. Remote Data Access also enables Xerox to transmit to the Customer Maintenance Releases or Updates for software or firmware and to remotely diagnose and modify Equipment to repair or correct malfunctions. Remote Data will be transmitted to and from Customer in a secure manner specified by Xerox. Remote Data Access will not allow Xerox to read, view or download any Customer data, documents or other information residing on or passing through the Equipment, Third Party Hardware or Customer’s information management systems. Customer grants the right to Xerox, without charge, to establish and maintain Remote Data Access for the purposes described above. Upon Xerox’s request, Customer will provide contact information for Equipment such as name and address of Customer contact and IP and physical addresses/locations of Equipment. Customer will enable Remote Data Access via a method prescribed by Xerox and Customer will provide Xerox with reasonable assistance to allow Xerox to have Remote Data Access. Unless Xerox deems Equipment incapable of Remote Data Access, Customer will ensure that Remote Data Access is maintained at all times Maintenance Services are being performed. EQP 1.9 - TOTAL SATISFACTION GUARANTEE. a. "SP Equipment" means any iGen3, iGen4, iGen150, iGen5 or Xerox Color 8250 Production Printer. If, during any 90 day period, the performance of SP Equipment delivered under this Agreement is not at least substantially consistent with the performance expectations outlined in the SP Equipment’s Customer Expectations Document ("Expectations Document"), Xerox will, at Customer’s request, replace the SP Equipment without charge with identical SP Equipment or, at Xerox’s option, with Equipment with comparable features and capabilities (the” SP Equipment Guarantee”). The SP Equipment Guarantee does not apply during the first 180 days after installation and will expire at the end of the initial term of the Order; provided however, for SP Equipment identified as “Previously Installed”, this SP Equipment Guarantee expires 1 year after installation. This SP Equipment Guarantee applies only to SP Equipment that has been (i) continuously maintained by Xerox through the provision of Xerox Maintenance Services, and (ii) operated at all times in accordance with the Expectations Document. b. "Non-SP Equipment" means any Equipment other than SP Equipment. If Customer is not completely satisfied with any Non-SP Equipment delivered under an Order under this Agreement, Xerox will, at Customer’s request, replace it without charge with identical Non-SP Equipment or, at the option of Xerox, with Equipment with comparable features and capabilities (the” Non-SP Equipment Guarantee”). The Non- SP Equipment Guarantee applies only to Non-SP Equipment that has been continuously maintained by Xerox through the provision of Xerox Maintenance Services. The Non-SP Equipment Guarantee will expire at the end of the initial term of the subject Order; provided however, for Non-SP Equipment identified as “Previously Installed”, the Non-SP Equipment Guarantee expires 1 year after the Installation Date. The Non-SP Equipment Guarantee does not apply to a limited number of Non-SP Equipment models, which models are identified in the applicable Order Document. c.The SP Equipment Guarantee and Non-SP Equipment Guarantee replace and supersede any other guarantee from Xerox, whether made orally or in writing, styled a "Total Satisfaction Guarantee", "Satisfaction Guarantee" or otherwise covering the subject matter set forth above. EQP 1.10 – REMOVAL OF HAZARDOUS WASTE Customer agrees to take responsibility for legally disposing of all hazardous wastes generated from the use of Third Party Hardware or supplies. EQUIPMENT PURCHASE MODULE EP 1 –TERMS AND CONDITIONS SPECIFIC TO EQUIPMENT PURCHASE In addition to the terms and conditions in the General (GEN) Module, the following terms and conditions apply to the acquisition of Purchased Equipment: EP 1.1 – ORDER 1044 of 1132 1049 ATTACHMENT B – Additional Terms applicable to all Non-University of California Entities Page 24 of 26 RT (11/2020) Orders for an outright purchase of Equipment shall include the unique Xerox-provided contract number and the number of this Agreement on all applicable ordering documents. EP 1.2 – TITLE Title to Purchased Equipment will pass to Customer upon delivery to the applicable Customer Facilities. EP 1.3 – DEFAULT If Customer defaults under a XOA for Purchased Equipment, Xerox, in addition to its other remedies (including the cessation of Maintenance Services if applicable), may require immediate payment of all amounts then due, plus all Transaction Taxes and applicable interest on all amounts due from the due date until paid. Customer shall also pay all reasonable costs, including attorney’s fees, incurred by Xerox to enforce this Agreement. EP 1.4 – MAINTENANCE SERVICES FOR PURCHASED EQUIPMENT If Customer elects to receive Maintenance Services for Purchased Equipment, Customer shall do so under a separate Order under the Agreement for such Maintenance Services. EP 1.5 – AGREEMENT PROVISION EXCLUSIONS The following Agreement provisions do not apply to Orders for an outright purchase of Equipment: GEN 1.1 c.ii – iii; GEN 1.6 b – j; GEN 1.7 b.1; GEN 1.11; EQP 1.4; EQP 1.6. MAINTENANCE SERVICES MODULE MS 1 –TERMS AND CONDITIONS SPECIFIC TO MAINTENANCE SERVICES In addition to the terms and conditions in the General (GEN) Module, and except as otherwise set forth in an Order, the following terms and conditions apply to provision of Maintenance Services. MS 1.1 – MAINTENANCE SERVICES As part of an Order for (a) stand-alone Maintenance Services related to Purchased Equipment, or (b) Maintenance Services related to Equipment to which Xerox does not hold title, or as a mandatory part of an Order for Equipment (other than Purchased Equipment) that includes Maintenance Services, Xerox or a designated service provider will provide the following Maintenance Services for Equipment. If Customer is acquiring Equipment for which Xerox does not offer Maintenance Services, such Equipment will be designated as “No Svc.” This Module does not apply to maintenance of Third Party Hardware. Maintenance that Xerox provides on Third Party Hardware will be provided in accordance with the terms of the applicable Order. The provision of Maintenance Services is contingent upon Customer facilitating timely and efficient resolution of Equipment issues by: (i) utilizing Customer-implemented remedies provided by Xerox; (ii) replacing Cartridges; and (iii) providing information to and implementing recommendations provided by Xerox telephone support personnel in those instances where Xerox is not providing on-site Equipment support personnel. If an Equipment issue is not resolved after completion of (i) through (iii) above, Xerox will provide on-site support as provided in the applicable Order. MS 1.2 – REPAIRS AND PARTS a. Xerox will make repairs and adjustments necessary to keep the Equipment in good working order and operating in accordance with its written specifications (including such repairs or adjustments required during initial installation). Maintenance Services shall cover repairs and adjustments required as a result of normal wear and tear or defects in materials or workmanship. Parts required for repair may be new, reconditioned, reprocessed or recovered. b. If Xerox is providing Maintenance Services for Equipment that uses Cartridges, Customer will use only unmodified Cartridges purchased directly from Xerox or its authorized resellers. Failure to use such Cartridges will void any warranty applicable to such Equipment. Cartridges packed with Equipment or furnished by Xerox as Consumable Supplies will meet Xerox’s new Cartridge performance standards and may be new, remanufactured or reprocessed and contain new and/or reprocessed components. To enhance print quality, Cartridges for many models of Equipment have been designed to cease functioning at a predetermined point. Many Equipment models are designed to function only with Cartridges that are newly manufactured original Xerox Cartridges or with Cartridges intended for use in the U.S. MS 1.3 – HOURS AND EXCLUSIONS Unless otherwise set forth in an Order, Maintenance Services will be provided in areas accessible for repair services during Xerox’s standard working hours. Maintenance Services excludes repairs due to: (a) misuse, neglect or abuse; (b) failure of the installation site or the PC or workstation used with the Equipment to comply with Xerox’s published specifications; (c) use of options, accessories, or other products not serviced by Xerox; (d) non-Xerox alterations, relocation, service or supplies; and (e) failure to perform operator maintenance procedures identified in operator 1045 of 1132 1050 ATTACHMENT B – Additional Terms applicable to all Non-University of California Entities Page 25 of 26 RT (11/2020) manuals. Customer agrees to furnish all referenced parts, tools, and supplies needed to perform those procedures that are described in the applicable manuals and instructions. MS 1.4 – INSTALLATION SITE AND METER READINGS In order to receive Maintenance Services for Equipment requiring connection to a PC or workstation, Customer must utilize a PC or workstation that either (a) has been provided by Xerox or (b) meets Xerox’s published specifications. The Equipment installation site must conform to Xerox’s published requirements. If applicable, unless otherwise set forth in an Order, Customer agrees to provide meter readings in the manner prescribed by Xerox. If Customer does not provide Xerox with meter readings as required, for Equipment not capable of Remote Data Access, or if Remote Data Access is interrupted, Xerox may estimate them and bill Customer accordingly. MS 1.5– REMEDY If Xerox is unable to maintain the Equipment as described above, Xerox will, as Customer’s exclusive remedy for Xerox’s failure to provide Maintenance Services, replace the Equipment with an identical product or, at Xerox’s option, another model with comparable features and capabilities. If replacement Equipment is provided pursuant to this Section, there shall be no additional charge for its provision by Xerox during the initial term of the Order and it shall be subject to the terms and conditions of this Agreement and the applicable Order(s). Customer’s use of non-Xerox approved consumables that affect the performance of the Equipment may invalidate this remedy. MS 1.6– END OF SERVICE Xerox has no obligation to maintain or replace Equipment beyond the “End of Service” for that particular model of Equipment. End of Service (“EOS”) means the date announced by Xerox after which Xerox will no longer offer Maintenance Services for a particular Equipment model. An EOS Equipment List is available upon request. SOFTWARE LICENSE MODULE SW 1 –TERMS AND CONDITIONS SPECIFIC TO SOFTWARE In addition to the terms and conditions in the General (GEN) Module the following terms and conditions apply to the license and use of Software and its associated Documentation. SW 1.1– SOFTWARE LICENSE Xerox may provide Software to Customer pursuant to an Order hereunder. The following license applies to Software provided hereunder, unless such Software is accompanied by a click-wrap or shrink-wrap license agreement or otherwise provided subject to a separate license agreement. a. Xerox grants Customer a non-exclusive, non-transferable, non-assignable (by operation of law or otherwise) license to use in the U.S.: (i) Base Software only on or with the Equipment with which (or within which) it was delivered; and (ii) Application Software only on any single unit of Equipment, subject to Customer remaining current in the payment of any indicated applicable Software license fees (including any annual renewal fees). Customer has no other rights to the Software. Customer will not and will not allow its employees, agents, contractors or vendors to: (i) distribute, copy, modify, create derivatives of, decompile, or reverse engineer Software except as permitted by applicable law; (ii) activate Software delivered with or within the Equipment in an un-activated state; or, (iii) access or disclose Diagnostic Software for any purpose. Title to Software and all copyrights and other intellectual property rights in Software will reside solely with Xerox and its licensors (who will be considered third party beneficiaries of this Agreement’s software and limitation of liability provisions). b. The Base Software license will terminate: (i) if Customer no longer uses or possesses the Equipment with which the Base Software was provided; or (ii) upon the expiration or termination of any Order under which Customer has acquired the Equipment with which the Base Software was provided (unless Customer has exercised an option to purchase the Equipment, where available). c. Software may contain code to prevent its unlicensed use and/or transfer. If you do not permit Xerox periodic access to such Software, this code may impair the Equipment’s and/or Software’s functionality. d. Xerox does not warrant that the Software will be free from errors or that its operation will be uninterrupted. SW 1.2– SOFTWARE SUPPORT Software support will be provided by Xerox or a designated service provider as follows. For Base Software, Software support will be provided during the initial term of the applicable Order and any renewal period, but not longer than five (5) years after Xerox stops taking orders for the subject model of Equipment. For Application Software, Software support will be provided as long as Customer is current in the payment of all applicable software license, annual renewal and “support only” fees. a. Xerox will maintain a web-based or toll-free hotline during Xerox’s standard working hours to report Software problems and answer Software-related questions. Xerox, either directly or with its vendors, will make 1046 of 1132 1051 ATTACHMENT B – Additional Terms applicable to all Non-University of California Entities Page 26 of 26 RT (11/2020) reasonable efforts to: (i) assure that Software performs in material conformity with its Documentation; (ii) provide available workarounds or patches to resolve Software performance problems; and (iii) resolve coding errors for (1) the current release and (2) the previous release for a period of six (6) months after the current release is made available to Customer. Xerox will not be required to provide Software support if Customer has modified the Software. b. Xerox may make available new releases of the Software that are designated as “Maintenance Releases” or “Updates.” Maintenance Releases or Updates are provided at no charge and must be implemented within six (6) months after being made available to Customer. Each Maintenance Release or Update shall be considered Software governed by these terms. Feature Releases will be subject to additional license fees at Xerox’s then-current pricing and shall be considered Software governed by these terms and conditions (unless otherwise noted in an Order). Implementation of a Maintenance Release, Update or Feature Release may require Customer to procure, at its expense, additional hardware and/or software from Xerox or another entity. Upon installation of a Maintenance Release, Update or Feature Release, Customer will return or destroy all prior Maintenance Releases, Updates or Feature Releases. c. Xerox may annually increase Software license fees and support fees for Application Software. SW 1.3– DIAGNOSTIC SOFTWARE Diagnostic Software and method of entry or access to it constitute valuable trade secrets of Xerox. Title to the Diagnostic Software shall at all times remain solely with Xerox and Xerox’s licensors. Xerox does not grant Customer a license or right to use the Diagnostic Software. Customer will not use, reproduce, distribute, or disclose the Diagnostic Software for any purpose (or allow third parties to do so). Customer will allow Xerox reasonable access to the Equipment during Customer’s normal business hours to remove or disable Diagnostic Software if Customer is no longer receiving Maintenance Services from Xerox. SW 1.4 – THIRD PARTY SOFTWARE Third Party Software is subject to license and support terms provided by the applicable Third Party Software vendor. IN WITNESSWHEREOF,the parties have executed this Agreement on the dates set forth below intending it to become effective on the Effective Date and thereby agreeing to its terms. ENTER CUSTOMER NAME XEROX CORPORATION Signature Signature Name (please print)Name Title Title Address Address Date Date 1047 of 1132 1052 3.1 Company A. Brief history and description of Supplier. History: The roots of Xerox Corporation go back over 100 years to our humble beginnings as the Haloid Company, established in 1906. In that time, we pioneered and brought to market many of the technologies and solutions used by office workers every day. From the first xerographic image made in 1938 to breakthroughs in home and business computing during the 1970’s and our influence and leadership in shaping the current Managed Print Services (MPS ) offering; to delivering our “game changing” ConnectKey® Technology, which enables modern workers to leverage Xerox® Multifunction Devices (MFDs) to simplify the way work gets done in the office and on the go. Xerox Today: With annual revenues of $9.8 billion we are a leading global provider of digital print technology and related solutions; we operate in a core market estimated at approximately $67 billion. Our primary offerings span three main areas: Intelligent Workplace Services (formerly Managed Document Services (MDS)), Workplace Solutions and Production Solutions (formerly Graphic Communications). Our Intelligent Workplace Services offerings help customers, ranging from small businesses to global enterprises, optimize their printing and related docum ent workflow and business processes. Xerox led the establishment of this expanding market and continues as the industry leader. Our Workplace Solutions and Production Solutions offerings support the work processes of our customers by providing them with solutions built upon our broad portfolio of industry-leading printing and workflow offerings. We also have digital solutions and software assets to compete in an approximately $31 billion adjacent Software and Services market. Our main offerings for this market are focused on industry-specific Digital Solutions, Personalization & Communication Software and Content Management Software. Headquartered in Norwalk, Connecticut, with 32,400 employees, Xerox serves customers in approximately 160 countries providing advanced document technology, services, software and genuine Xerox supplies for a range of customers including small and mid-size businesses ("SMB"), large enterprises, governments and graphic communications providers, and for our partners who serve them. To learn more, visit us on Xerox.com, Xerox Innovation History and Xerox Today. Xerox Research and Innovation We believe that a critical role of our research is to identify new competency areas with attractive addressable markets for the future. Our expertise in technology and printing uniquely positions us to discover those areas and leverage our innovation to move into adjacencies beyond our current core technology. Accordingly, we have prioritized investments in four key areas: Digital Packaging and Print, AI Workflow Assistants for Knowledge Workers, 3D Printing / Digital Manufacturing, and Sensors and Services for the Internet of Things. We also see opportunity in our core coming from our ability to deliver physical devices that connect with the digital world as well as purely digital offerings that improve our customers’ outcomes. As a result, we direct our research and development (R&D) investments to areas such as workflow automation, color printing and customized communication, as well as to improving the quality and reducing the environmental impact of digital printing. We invest in bringing new capabilities to the market such as our ConnectKey™ software to enable our devices to integrate into digital workflows, as well as in technologies to improve the security of o ur devices and offerings. We will continue to invest in innovations to improve the reliability, IQ and cost of our printing devices, as well as in new services and software that improve our customers’ ability to manage their document-oriented workflows. 1048 of 1132 1053 Xerox Values Keeping connected to our core values helps us to execute our priorities and strategies and fulfil our mission of delivering excellence to our customers, our shareholders and each other. They are a part of our heritage and are a part of our future. Since our inception, we have operated under the guidance of six core values: • We succeed through satisfied customers. • We deliver quality and excellence in all we do. • We require premium return on assets. • We use technology to develop market leadership. • We value and empower employees. • We behave responsibly as a corporate citizen B. Total number and location of sales persons employed by Supplier . Xerox has a nationwide sales organization that is aligned to a geographic focus and is primarily aligned on the basis of go-to-market sales channels, which are structured to serve a range of customer for our products and services. We employ 1450 sales resources across the United States, covering virtually every metropolitan area. There are three primary sales channels that cover public sector agencies nationally. • Xerox Direct Enterprise: Under the leadership of regional Vice Presidents, Xerox has Sales Professionals across the United States that focus on providing Xerox’s innovative product and services portfolio to large State Government agencies. • Xerox Business Solutions (XBS): A wholly owned unit of Xerox Corporation, XBS is comprised of a nationwide network of companies (all wholly owned by Xerox) that provide Xerox Sales and Services throughout the US. • Authorized Xerox Sales Agencies: Independent Sales Agents that exclusively represent Xerox with access to Xerox products and services for small and medium businesses. Please refer to Attachment A for a complete list of all U.S. Sales offices. C. Number and location of support centers (if applicable) and location of corporate office. Support Centers Customers enjoy unlimited access to the Xerox Welcome Center for technical issues, supplies or billing Inquiries. The Welcome Center provides online support and phone access to our multi-lingual support team. You can contact the Xerox Welcome Center at 1-800-821-2797 (US only). For more assistance, please visit www.support.xerox.com. Our Customer Business Center is another point of contact for customers to call for technical service/repair, make a payment, self-service options (receive copy of an invoice, account balance, Address change form, contract date, status of supply order), billing, obtaining quotes, etc. Our Customer Care and Support team can be reached at 1-888-771-5225. Corporate Office Our registered corporate office address for company headquarters is: Xerox Corporation, 201 Merritt 7, Norwalk, Connecticut 06851. 1049 of 1132 1054 D. Annual sales for the three previous fiscal years. • 2017 Annual Gross Sales: $ 9,991 billion • 2018 Annual Gross Sales: $ 9,662 billion • 2019 Annual Gross Sales: $ 9,066 billion E. Submit FEIN and Dunn & Bradstreet report. FEIN Xerox FEIN: 16-0468020. Dunn & Bradstreet Report Please refer to Attachment B for Xerox’ s Dun and Bradstreet report. D&B Supplier Qualifier Report- Xerox. F. Describe any green or environmental initiatives or policies. The Xerox Business Code of Conduct for Corporate Social Responsibility is Xerox’s overarching policy from which policies covering social, environmental and economic dimensions are referenced as shown below. For expansive detail on Xerox CSR, please see https://www.xerox.com/en-us/about/corporate- social-responsibility Environmental Policies: • EHS 100 Environment, Health, Safety & Sustainability • EHS 101: Environment, Health and Safety Policy for Xerox Workplaces, • EHS 102: Environment, Health & Safety Policy for Products and Materials Social Policies: • POL 002: Business Ethics • OGC 020: Relationships with Government Customers & Officials and Political Contributions • InfoPriv 001: Personal Information Privacy • InfoPriv 003: Requirements for Commercial E-mail Messaging • SEC 003: Physical Security– General Policy • InfoSec 001: Information Security • HR 101-1: Outside Business Interests and Conflict of Interest • HR 107.1: Employee Communications – Open Door/Internal Escalation Process • HR 201.0: Employment, Placement, & Separations: Non-Discrimination • HR 201.3: Equal Opportunity, Non- Discrimination, & Harassment • HR 503: Alcohol and Drug Misuse • HR 105: Recognition, Recreation and Social Activities • SEC 009: Violence-Free Environment • InfoPriv 001: Personal Information Privacy • POL 007: Human Rights • HR102: Civic and Political Activities • HR 103: Solicitation of Employees • OGC 022: Global Corporate Philanthropy Policy • OGC 023: Global Volunteer Policy 1050 of 1132 1055 Economic Policies: • ACC 208: Code of Conduct Finance Personnel • ACC 1207: Revenue Recognition • PUR 001: Purchasing Policy • SRY 001: Purchasing and Selling Xerox Securities By Employees, Officers and Directors • OGC 019: Compliance with Antibribery Laws Please describe Environmental Initiatives: Our various environmental initiatives extend across our supply chain, product lifecycle and operations and are described at https://www.xerox.com/en-us/about/ehs. These include: • Commitment to the Responsible Business Alliance (RBA) Code of Conduct for our Operations and Suppliers. Our suppliers must meet Xerox's strict standards to control the chemical content of our products. Xerox is a member of the Responsible Business Alliance (RBA) which has developed a standards-based approach for monitoring suppliers' compliance across several areas of social responsibility, including labor, health, safety and environmental activity. • Design for Sustainability- A cornerstone of our design is meeting the certification of premier eco labels including EPA Energy Star, Electronic Product Environmental Assessment Tool (EPEAT) and the German Blue Angel. Our Cleantech plank will use Xerox technologies to deliver environmental, social and economic benefits to current industrial processes. • Corporate-wide science-based energy and GHG goals to reduce energy consumption and GHG emissions by 85 percent by 2030 (from a 2002 baseline). • Through our partnership with PrintReleaf. Xerox customers have the opportunity to contribute to the reforestation of global forests and reduce their overall sustainability footprint. Based on a theme of “You print one, we’ll plant one,” paper usage reporting is used to equate the number of trees that are reforested into geographic areas of need. • Software products such as DocuShare® and FreeFlow® Digital Workflow Collection help Xerox customers reduce paper consumption by facilitating electronic data management, scan-to-e-mail, print-on-demand and distribute-then-print workflows. Office software solutions › Production software solutions › • The Xerox Green World Alliance collection and reuse / recycling program in partnership with our customers, results in millions of cartridges and toner containers returned for reuse or recycling each year. • Xerox joined the Sustainable Electronic Recycling International coalition as a founding member of the "R2 Leader Program". SERI is a non-profit organization devoted to advancing sustainable electronics reuse and recycling globally. R2 Leaders commit to supporting responsible and sustainable electronics repair and recycling as described in the R2 Standard. Additionally, R2 Leaders, including Xerox are taking leadership roles in projects for responsible reuse and recycling around the globe. 1051 of 1132 1056 G. Describe any diversity programs or partners supplier does business with and how Participating Agencies may use diverse partners through the Master Agreement. Indicate how, if at all, pricing changes when using the diversity program. As a global leader in business process and document management, Xerox recognizes that having a diverse supplier pool is a major competitive advantage and a powerful business tool. Xerox’s Supplier Diversity Program’s mission is to proactively identify, build relationships with, and purchase goods and services from certified small businesses as well as enterprises owned by minorities, women, veterans, gays and lesbians, and disabled persons that can help Xerox achieve its corporate objectives as suppliers to Xerox. Also, though Xerox’s dedicated Divers Alliance Program, we are committed to understanding and supporting our customer’s supplier diversity goals and objectives. Specifically, Xerox in connection with the University of California Master Agreement will support OMNIA Members by offering solutions which include certified HUBs or other certified diverse subcontractors as part of our offer where applicable and practical. While Xerox is not a certified diverse company, we believe s electing Xerox would give OMNIA Members the best of both worlds by working with the leading global document management company which is committed to having practical and useful diverse certified subcontractors directly supporting our contract with you. H. Describe any historically underutilized business certifications supplier holds and the certifying agency. This may include business enterprise such as minority and women owned, small or disadvantaged, disable veterans, etc. Xerox is not a certified diverse company; however, we do work with certified diverse companies to provide direct and indirect spend as part of our offer to our customers. I. Describe how supplier differentiates itself from its competitors. Today’s Xerox is a leader in print technology and intelligent work solutions using the advantages of our people, our approach, and industry leading technology to solidify our stronghold in a number of competitive markets. Our Approach • We have deep industry knowledge and take the time to understand our clients’ business and how they work, to build and create solutions – to help them achieve their goals. • We work with clients to innovate, incubate and explore new solutions to critical business challenges. • Using user centric design, we study how people work in order to make it better. • We know every workflow is different, so we strive to create solutions that match each need. Our Market Position • MPS Market share leader and thought leader according to leading Industry Analyst Firms. • Xerox is the most decorated and experienced vendor in the Managed Print Services Landscape. All three major industry analysts, (Quocirca, IDC, InfoTrends) have placed Xerox as the top provider in the MPS landscape in their most recent market reports. • We maintain our No. 1 position in worldwide equipment sales revenue and No. 1 marketshare in production color. • Managing billions of printed pages per year with unparalleled global delivery. • Tight integration with technologies used by today’s workforce enabling access to cloud-hosted services, exceptional customized experiences, and maximum productivity. 1052 of 1132 1057 Our People • We never give up – whether it is providing support to customers, developing a better way to help customers work better, or pushing the limits of technology and software innovation. • We believe collaboration and teamwork are the only way to achieve success. • We attract, hire and retain the top talent with the best skills. • Named one of the World’s Most Ethical companies by Ethisphere Magazine, for 12 consecutive years. • Listed as one of the World’s Most Admired Companies by Fortune Magazine. Our Technology and Innovation • World-renowned innovation and expertise – including printing, advanced color science, digital and video imaging, workflow automation, connectivity, and analytics. • We are innovators and inventors and our people have over 10,307 active patents. Xerox is one of the top 20 patent producing companies in the world. • Over $1 billion is invested in R&D and engineering each year. • Xerox has been the force behind many major technology breakthroughs – such as the ConnectKey interface and the adaptive color technology – which have transformed how work gets done. Security Protocols Providing the Upmost Protection for our Customers • Multifunction devices are sophisticated, multiple sub-system network platforms, and Xerox offers the broadest range of security functionality on the market, including encryption, authentication, authorization per user and auditing. • ISO 15408 Common Criteria for Information Technology Security Evaluation is the only internationally recognized standard for security certification. Xerox was the first manufacturer to seek and obtain certifications for “complete” MFP devices. Because each element of the multifunction platform is a potential point of entry, meaningful security certification must comprehend all elements, including the operating systems, network interface, disk drive(s), Web server, PDL interpreter(s), MFP user interface, local hardware ports and fax system. • Users of Xerox® ConnectKey® Technology-enabled ‘i-Series’ Smart MFPs also now have the option to encrypt PDF files with a password when using the Scan to Email service allowing only authorized users to see documents. • From the introduction of the first digital products, Xerox has recognized the risk of retained data being inappropriately recovered from non-volatile storage and built features and countermeasures into our devices to help customers safeguard their data. • Many Xerox® devices include features to protect the printer or MFP from unauthorized remote access, protect the confidentiality of data transmitted to the device via the network, control which devices can access the MFPs and control the ports, protocols and services that can be accessed on the device. J. Describe any present or past litigation, bankruptcy or reorganization involving supplier. Xerox is a large, global enterprise with thousands of contracts with vendors, customers, business partners and other parties. At any given time, there may be issues that could possibly result in lawsuits or other legal actions. Producing a detail list of such activity would be onerous in the context of responding to this RFQ. However, any material litigation or judgments against Xerox can be found at www//Xerox.com at Investor Relations. Xerox has not been part of any bankruptcy procedures. 1053 of 1132 1058 K. Felony Conviction Notice: Indicate if the supplier a. is a publicly held corporation and this reporting requirement is not applicable; Xerox is a publicly held corporation. b. is not owned or operated by anyone who has been convicted of a felony; or Xerox is not owned or operated by anyone who has been convicted of a felony. c. is owned or operated by and individual(s) who has been convicted of a felony and provide the names and convictions. Xerox is not owned or operated by anyone who has been convicted of a felony. L. Describe any debarment or suspension actions taken against supplier. Xerox is a large, global enterprise with thousands of contracts with vendors, customers, business partners and other parties. These contracts are amended, renewed, and terminated on a regular basis for a variety of reasons and Xerox does not maintain records regarding the reasons for such routine contract administration matters. However, the termination of any material agreement is disclosed in the periodic reports filed by Xerox with the U.S. Securities and Exchange Commission (“SEC”). These reports are available at www.sec.gov/edgar.shtml. Xerox has not been disbarred, suspended or otherwise disqualified from doing business with the federal government. 3.2 Distribution, Logistics A. Describe the full line of products and services offered by supplier. We provide the industry’s broadest portfolio of document technology and software. Through our innovation and market leadership, we have developed a strong industry reputation and recognizable brand with trusted competencies in bridging the physical and digital printing and communications, both in the office and productions markets. Our core capabilities and offerings consist of technologies, solutions and services that simplify workflows, grow revenue and transform the customer experience, as described below. Xerox Technology and Software – Workplace Solutions Entry Desktop Monochrome and Color Printers Entry Desktop Monochrome and Color Printers range from small devices to workgroup printers and MFPs that serve the needs of office workgroups. These products help build a platform to effectively manage document workflow. Mid Range Our Mid-Range products offer advanced features with the ability to handle higher print volumes as well as varying paper sizes. Entry and Mid-Range products share common technology, manufacturing and product platforms enabling ease of use and complete office integration. Software Platform What makes Xerox Printer/Multifunction Printer (MFP) unique is that they are built on the Xerox ConnectKey Technology platform. This platform enables a Process for Workflow improvement. It operates with an intuitive-like touchscreen user interface. The platform is an open embedded platform that allows the device to be programmed to address specific workflows. This new capability is driven by embedded or server-based software inside the firewall or in the cloud. As such, the smart Printer/MFP incorporates an ecosystem of hardware, software, and services to address public agency’s document and inform ation processing requirements. 1054 of 1132 1059 Managed Print Services MPS is at the core of what Xerox is today. It is a service that combines traditional document output technology with a services backbone that allows customers to focus on their core competencies while helping clients to cut cost, increase productivity and meet their environmental sustainability goals. As a leader in MPS, Xerox offers a full range of Managed Print Services to embrace all elements of an organization’s print infrastructure–from the networked office to the in-house print center to the virtual worker. Founded on rigorous, data-driven Lean Six Sigma-based methodologies, the Xerox Managed Print Services portfolio extends from global enterprises to small and mid -sized businesses. Xerox has several different approaches to Managed Print Services. All Xerox Managed Print Solutions incorporate an assessment of the current state of the environment and then recommendations for a proposed future state. The assessment typically gathers data on the customer’s current fleet which may include current costs, application requirements and other pertinent information to the clients environment as agreed upon. The data gathered from the current state will be used to develop a proposed future st ate with proposed costs of an MPS solution and any potential cost savings. The proposed future state typically includes the customer’s output fleet of devices under an umbrella management contract which includes break/fix, help desk services, supplies, management reporting, pro- active problem resolution, etc. Xerox also offers additional optional services as outlined within the response. Xerox Managed Print Services solutions can be contracted for at a fixed price per unit or a per page cost depending upon the size and scope of the engagement. These services are configured based on individual customer requirements, therefore, we do not have list prices for these services. The attached price list provides a not to exceed price for the range of s ervices associated with Managed Print. There are two discreet price lists for two discreet offerings, Xerox Print Services (XPS) and Enterprise Print Services (EPS). XPS is an entry level Managed Print offering that can utilized to manage an in -place multi-vendor printer environment. It can also be used to managed mixed environments of Xerox MFPs/Xerox printers and non-Xerox printers. XPS would be used where the customer intends to acquire Xerox MFPs from the University of California contract using Region 4 ESC contract pricing and terms and then incorporate the Xerox MFPs into a multi-vendor Managed Print Solution. EPS is a more advanced Managed Print offering that is designed to support larger enterprise fleets and offers greater flexibility with respect to pricing options and contract terms. EPS also provides additional services offerings related to Managed Print such as onsite DocuCare Associates, Xerox Print Awareness Tool , etc. EPS can be offered on a fixed price basis or a cost per page basis. In most cases, actual customer prices will be lower than the prices offered on the following XPS and EPS not to exceed price list. The initial assessment is used to develop actual data on current printer models and costs, actual volumes, potential savings and final pricing. Xerox MPS Solution Deliverables Outsourcing MPS requires a very specific, complex and customized approach involving people, process and technology tailored to each company and its unique requirements. Consequently, the process does not lend itself to a one-size-fits-all solution. It requires an experienced business partner like Xerox to manage the components in a simplified manner. 1055 of 1132 1060 The Xerox MPS solution will deliver the following: • Assessment: An MPS print assessment is the first step to help customers gain control, drive down print costs and improve productivity. The Assess and Optimize stage of Xerox® Managed Print Services leverages our award-winning managed print services assessment processes and tools. Xerox® Asset DB and CompleteView™ Pro turn print data into actionable knowledge to control and drive down costs, while reducing your environmental impact. With a complete and secure analysis of print usage and costs, we help customers understand the total cost of ownership and a more efficient print environment. Xerox® CompleteView™ Pro can significantly reduce the time and effort it takes to gain valuable, comprehensive and accurate knowledge about your print environment. • Device Maintenance: Including normal break-fix management services and the parts that are required to maintain devices in accordance with Original Equipment Manufacturer (OEM) specifications. Services include dispatching Xerox and/or third- party vendors, tracking all service calls through call resolution and reporting all associated maintenance services. • Asset Management: Xerox has developed a centralized database of currently installed Xerox output devices to track the physical location and costs associated with each device . The services require an integrated approach focusing on the Client and Xerox working together to maintain the information. With the support of the Client IT, Xerox will implemented technology to monitor the installed Xerox network-attached SNMP-Level 3 devices, and have integrated this monitoring technology with an SQL-based asset management database. • Consumables Management: Xerox and the Client will agree on those processes for end users to order appropriate consumables. With these mutually agreed processes, Xerox will be able to consistently evaluate and provide the appropriate level of quantities of consumables at each of the Client's location to minimize end-user disruption. • Help Desk Support: The client and Xerox will develop workflow processes that allow for help desk services and consumables for all in- scope devices as well as any services agreed upon by both parties. Utilizing the Xerox technology, we will proactively monitor in-scope devices. The Xerox Helpdesk agents will take the necessary action to ensure end-users have access to the full capability of the installed output devices. Those actions include dispatching appropriate break/fix resources to repair hardware, ordering and shipment of consumables and also contacting the Clients Service desk for application or network issues. The services above will be documented in a formal Statement of Work (SOW) and will be managed to Service Level Agreements (SLA's) governing all key aspects of the program • Xerox Tool Suite The heart of the Xerox MPS solution is the Xerox Tool Suite — a set of Xerox proprietary software tools that provide comprehensive asset management, service support, reporting and problem management tracking services. The Xerox Tool Suite will integrate with Xerox people, process and technology to keep the Client's MFP's and printers running at peak performance, lowering costs as it improves productivity. Getting timely and accurate reporting on fleet performance is a critical enabler to ensure that Xerox meets its agreed financial objectives and SLAs. With the Xerox Tool Suite, users can access real- time data to track how well we are responding when devices run out of supplies or machines jam or need service. The Xerox Tool Suite tracks how long the devices are down and when they are restored. When calls come in to the Help Desk, incident records are generated and tracked through resolution. The Xerox Tool Suite continuously monitors the fleet and provides device status and device alerts. Xerox often proactively resolves service issues before the client even know there is a problem, allowing employees to focus on business, not on device-related issues. 1056 of 1132 1061 Additional MPS options include: Optimization of the Print Environment is an optional component under the Xerox MPS offer. Optimization of the print environment Includes floor analysis to map out current devices and volumes on the floors, identification of any physical departmental constraints, determination of specific application devices as reported by end users and client management, and identification of the specific move/add/change processes currently supported. Through our analysis, we provide the recommended future state optimized floor plans, which reposition devices to support end user requirements and reduce non - required devices from the floors. On-site Support / DocuCare is an optional component under the Xerox MPS offer. Xerox on-site support, or DocuCare, serves as the primary contact for equipment support and service. They coordinate Move/Add/Change/Delete process and may compliment the primary web based training for end users. In addition, the resource serves as the first point of contact for Help Desk issues, provides basic cleaning and replacement of operator accessible parts and consumables, and first level br eak fix activities. Basic equipment problem diagnosis, IP address support, and the triage focal with Xerox help desk and technical support. Xerox Services Portal (XSP) is an optional MPS component. The Xerox Services Portal (XSP) provides a customer interface to the Xerox Services information and reporting. It provides a secure website portal enabling customers to request supplies, service or MACD for their devices. XSP also allows end-users to access device training and feature information, find printers, submit meter reads, and deliver feedback on their equipment or MPS experience. Xerox Consulting Services are optional Xerox MPS components. Xerox Consulting Services provide two levels of support: • Sr. Consultant Level - This is to provide senior, strategic and/or management level services associated with delivery of Managed Print Solutions. These include project management, transition management, change management, implementation management and services management. • Consultant Level - This is to provide first line services including data collection, transition services, asset coordination, and implementation execution. Xerox Print Security Audit Service (XPSAS) is an optional MPS component. is a comprehensive device security solution that incorporates risk mitigation services into an automated software tool. XPSAS brings automated remote configuration to device security. Xerox Print Security Audit Service automates setting device configurations remotely, monitors for compliance and remediates any violators in 3 key areas – firmware upgrades, password management and device settings configuration and management. Automation enables installation and delivery teams to reduce errors, save time and provide higher security levels to clients. Teams can demonstrate alignment to compliance standards using interactive dashboards – a unique advantage that comes only with Xerox. User Analytics Service is an optional Xerox MPS component. As Managed Print Services (MPS) environments mature, calculating the return on your investment is more complicated, and analytics become critical. Through analytics, organizations can capture and analyze data from various Print Management Solutions to make key decisions in the MPS environment. Furthermore, as employees continue to drive the usage of smartphones and tablets, user analytics can inform an organization on how to respond to an increasingly digital workforce in your organization. Understanding how users drive document output is the starting point for optimizing and automating the processes behind volumes. Customers uncover specific opportunities to capture savings, improve fleet efficiency and sustainability, tighten information security, increase productivity and drive digital transformation. 1057 of 1132 1062 A few of the key benefits are the ability to identify areas of MPS competency and opportunities for improvement, obtain a plan and roadmap with Xerox to achieve your goals and gain insight into the value of MPS services available. B. Describe how supplier proposes to distribute the products/service nationwide. Include any states where products and services will not be offered under the Master Agreement, including U.S. Territories and Outlying Areas. Xerox sells our products and services directly to public agencies nationally through our national sales force, our authorized independent agents and our wholly-owned subsidiary, Xerox Business Solutions (XBS), formerly Global Imaging Systems (GIS), an office technology dealer comprise d of regional core companies in the U.S. Our products and services can be offered in all 50 States, the District of Columbia as well as Guam, Puerto Rico and the Northern Marina Islands. C. Describe how Participating Agencies are ensure they will receive the Master Agreement pricing; include all distribution channels such as direct ordering; retail or in-store locations, through distributors, etc. Describe how Participating Agencies verify and audit pricing to ensure its compliance with the Master Agreement. Xerox Corporation utilizes multiple sales channels to market our products and services. This includes Xerox Direct Enterprise sales force, Authorized Xerox Agents and all XBS, a wholly owned subsidiary of Xerox Corporation. All orders and PO’s under the UC Procurement Services contract will be processed through the Xerox centralized contracting system no matter which sales channel is making the sale. This ensures both consistency across all sales processes throughout the US and that all orders placed are compliant with the terms and conditions and negotiated pricing agreed to by Xerox and the University of California. As per the University of California’s requirements, Xerox will provide quarterly reports including billed revenue. D. Identify all other companies that will be involved in processing, handling or shipping the products/service to the end user. As an integral part of the Xerox Supply Chain Network, Ryder Solutions is our largest 3rd party logistics partner involved in delivering equipment, parts and supplies. The Ryder relationship with Xerox has evolved over the past few decades in response to a changing transportation environment and Xerox’s process requirements. Today, Ryder operates 5 distinct supply chain functions in the process: Several Carrier Logistics Centers, District Parts Center, Truckload (over the road) Transportation, Drayage of ocean containers and management of our LTL network. The Carrier Logistics Center (CLC) network, made up of 51 locations and 17 different third party carriers (10 continental US and 7 offshore) involves the delivery, installation and removal of more than 100,000 imaging machines per year, where CLC drivers are trained in product installation, testing and removal. Flawless, seamless execution are essential to deliver outstanding service to Xerox customers. CLC “Final mile” companies potentially involved in this business in addition to Ryder would include Fidelitone, All Points, Apex, Monarch/NET, Nationwide Electronics, Redman Van & Storage, Safeway/Unigroup, Sullivan Moving, WDS as our “onshore” or continental locations, as well as Reliable Transfer and Carlile Transportation in Alaska. We have delivery partners in Hawaii, Guam, Saipan, Puerto and the US Virgin Islands. 1058 of 1132 1063 E. Provide the number, size and location of Supplier’s distribution facilities, warehouses and retail network as applicable. Within the America’s Equipment Supply Chain, our primary distribution warehouse is in Indianapolis, IN. We have an additional six locations within the US where we hold inventory in our XBS facilities under centralized stock. Below is a listing of the locations and size of these distribution sites. Address Size 3747 Plainfield Road - Suite 198, Indianapolis, IN 46321 770k sf 5700 WARLAND DRIVE, CYPRESS, CA, 90603 29k sf 10 Capitol St, Nashua, NH 03063 20.5k sf 17280 Green MTN Road, Ste. 130, San Antonio, TX 78247 48k sf 3 Territorial Court Bolingbrook, IL 60440 65k sf 10690 John Knight Close Montgomery AL 36117 20k sf 3.3 Marketing and Sales A. Provide a detailed ninety-day plan beginning from award date of the Master Agreement describing the strategy to immediately implement the Master Agreement as supplier’s primary go to market strategy for Public Agencies to supplier’s teams nationwide, to include but not limited to: i. Executive leadership endorsement and sponsorship of the award as the public sector go-to market strategy within first 10 days ii. Training and education of Supplier’s national sales force with participation from the Supplier’s executive leadership, along with the OMNIA Partners team within first 9 0 days As a continued partner of OMNIA Partners, Xerox’s objective is to s uccessfully implement the contract to ensure continued contract awareness, adoption and contract revenue growth. To achieve these goals, Xerox has developed a comprehensive 90-day action plan detailing how we will implement the contract upon award. Within 30 days of award: • Implement contract in the Xerox contract management system to enable order taking • Create and distribute Press Release Announcement of Award • Distribute Executive Sponsored Contract Award Announcement Communique to the Xerox Executive Leadership Teams and their respective sales and sales support resources, to include contract details, pricing and contract resource support • Meet with OMNIA Partners Marketing team to develop specific co-marketing strategies to support the contract • Created OMNIA Partners portal on Xerox.com 1059 of 1132 1064 Within 60 days of award: • Conduct contract training with all sales to highlight the benefits of our OMNIA Partners partner relationship, the scope of the contract, pricing, marketing strategies and available resources to support day to day sales activities • Create co-marketing collaterals Within 90 days of award: • Assess success of contract launch and make adjustment as needed B. Provide a detailed ninety-day plan beginning from award date of the Master Agreement describing the strategy to market the Master Agreement to current Participating Public Agencies, existing Public Agency customers of Supplier, as well as to prospective Public Agencies nationwide immediately upon award, to include, but not limited to: i. Creation and distribution of a co-branded press release to trade publications Xerox will work collaboratively with OMNIA Partners to create a press release to trade publications announcing the contract and highlighting the benefits of our continued partner ship. We will amplify the great news through posts on Xerox’s corporate social channels. ii. Announcement, Master Agreements details and contact information published on the Supplier’s website within first 90 days Xerox Elite eCommerce Solutions can enable an OMNIA Partners’ microsite for the online viewing of Xerox equipment, contract details, Xerox account team contact information and direct links to the OMNIA Partner’s website. Xerox Elite eCommerce solutions can typically be launched within 30 days of contract award. iii. Design, publication and distribution of co-branded marketing materials within first 90 days Xerox will work in partnership with OMNIA Partners Marketing team to design and distribute co -branded marketing collateral for distribution to Xerox Sales, OMNIA Partner Region Managers and on-line retrieval. iv. Commitment to attendance and participation with OMNIA Partners, Public Sector at national (i.e. NIGP Annual Forum, NPI Conference, etc.), regional (i.e. Regional NIG P Chapter Meetings, Regional Cooperative Summits, etc.) and supplier-specific trade shows, conferences and meetings throughout the term of the Master Agreement Xerox attends and participates in many national, state and regional conferences throughout the y ear, such as NIGP, NAEP, CAPPO and more. Exhibit participation is dependent on current national, regional and local marketing funds. v. Commitment to attend, exhibit and participate at the NIGP Annual Forum in an area reserved by OMNIA Partners, Public Sector for partner suppliers. Booth space will be purchased and staffed by Supplier. In addition, Supplier commits to provide reasonable assistance to the overall promotion and marketing efforts for the NIGP Annual Forum, as directed by OMNIA Partners, Public Sector. Xerox understands the importance of attending and partnering with OMNIA Partners at the Public Sector NIGP Annual Forum. Xerox historically attends the NIGP Annual Form. Exhibit participation is dependent on current available marketing funds. vi. Design and publication of national and regional advertising in trade publications throughout the term of the Master Agreement 1060 of 1132 1065 Xerox does design and publish national/regional advertisements in trade publications. Participation is dependent upon current marketing funds and priorities. vii. Ongoing marketing and promotion of the Master Agreement throughout its term (case studies, collateral pieces, presentations, promotions, etc.) Xerox will work collaboratively with OMNIA Partners to develop a marketing plan to promote the use of the Master Agreement which may include case studies, co-branded collaterals, campaigns, etc. viii. Dedicated OMNIA Partners internet web-based homepage on Supplier’s website with: • OMNIA Partners, Public Sector standard logo; • Copy of original Request for Proposal; • Copy of Master Agreement and amendments between Principal Procurement Agency and Supplier; • Summary of Products and pricing; • Marketing Materials • Electronic link to OMNIA Partners, Public Sector’s website including the online registration page; • A dedicated toll-free number and email address for OMNIA Partners, Public Sector Offered as a value added service to our clients, upon contract award, Xerox will provide OMNIA Partners with a dedicated private and custom web portal, branded with the OMNIA Partners standard logo, which will include the following information: • Original RFP • Master Agreement and amendments • Summary of Products and pricing • Xerox product documentation and marketing materials (specification sheets, brochures, YouTube videos) • The OMNIA Partners, Public Sector toll-free number and email address • Link to the OMNIA Partners, Public Sector website • Xerox account team contact information C. Describe how Supplier will transition any existing Public Agency customers’ accounts to the Master Agreement available nationally through OMNIA Partners, Public Sector. Include a list of current cooperative contracts (regional and national) Supplier hold and describe how the Master Agreement will be positioned among other cooperative agreements. Xerox has hundreds of state and local government contracts within the US which, per state law, allow for cooperative purchasing. Listed below are the actual national cooperative group purchasing contracts that Xerox is currently awarded on. Within an active procurement cycle, we provide the contract based on the needs, requirements and requests of the procurement agency. Within every procurement order, Xerox provides an implementation plan to allow for transparent transition from one contract to another. Cooperative contracts include: • OMNIA Partners • GSA Schedule 70 • NASPO ValuePoint • E&I • PEPPM • Sourcewell 1061 of 1132 1066 D. Acknowledge Supplier agrees to provide its (logo(s) to OMNIA Partners and agrees to provide permission for reproduction of such logo in marketing communications and promotions. Acknowledge that use of OMNIA Partners logo will require permission for reproduction, as well. Because of the tremendous value associated with our brand, Xerox provides our company logo after the review of the use of our logo by the Xerox brand team, prior to the release of any marketing communications. Xerox Corporation shall have ten business days to approve such use prior to publication. Any use of OMNIA Partners Public Sector name and logo or any form of publicity, inclusive of press releases will have prior approval from OMNIA Partner. E. Confirm Supplier will be proactive in direct sales of Supplier’s goods and services to Public Agencies nationwide and the timely follow up to leads established by OMNIA Partners, Public Sector. All sales materials are to use the OMNIA Partners, Public Sector logo. At a minimum, the Supplier’s sales initiatives should communicate: i Master Agreement was competitively solicited and publicly awarded by a Principal Procurement Agency ii Best government pricing iii No cost to participate iv Non-exclusive Xerox acknowledges and agrees. F. Confirm Supplier will train its national sales force on the Master Agreement. At a minimum, sales training should include: i. Key features of Master Agreement ii. Working knowledge of the solicitation process iii. Awareness of the range of Public Agencies that can utilize the Master Agreement through OMNIA Partners, Public Sector iv. Knowledge of benefits of the use of cooperative contracts Xerox acknowledges and agrees. G. Provide the name, title, email and phone number for the person(s), who will be responsible for: i. Executive Support Mark Browning | Vice President Public Sector / Healthcare Center of Excellence Sales Enablement Americas Operations mark.browning@xerox.com Phone: 717-777-6624 ii. Marketing Staci McKee | Global Integrated Marketing Government | Healthcare | Education Staci.mckee@xerox.com Phone: 303-881-3718 iii. Sales Rachael Jones Turner | SLED Cooperative Contracts Manager Public Sector / Healthcare Center of Excellence Sales Enablement Americas Operations Rachael.Jones@Xerox.com 1062 of 1132 1067 Phone: 310-258-6266 iv. Sales Support Jennifer Melgar | S&L Cooperative Contract Support Administrator NAO – SE Xerox Sales Support Center Jennifer.Melgar@Xerox.com Phone: 503-685-2239 v. Financial Reporting Kathlene M. Andris | Rebate Analyst US Customer Business Operations Kathlene.Andris@Xerox.com Phone: 847-928-2543 vi. Accounts Payable Kevin Rowland | Accounts Payable Manager | Systems Support Manager CFO Global Operations Kevin.Rowland@xerox.com Phone: 585-427-3974 vii. Contracts Rachael Jones Turner | SLED Cooperative Contracts Manager Public Sector / Healthcare Center of Excellence Sales Enablement Americas Operations Rachael.Jones@Xerox.com Phone: 310-258-6266 H. Describe in detail how Supplier’s national sales force is structured, including contact information for the highest-level executive in charge of the sales team. Go To Market Teams Xerox is organized from a sales perspective on the basis of “go-to-market” sales channels. These sales channels are structured to serve a range of customers for our products and services. • Mike Feldman, President of the Americas Operations for Xerox Corporation, leads the company’s go-to- market teams in the U.S., Canada, Mexico, Central and South America. Our sales go-to- market teams are focused on bringing our full portfolio or product offerings to current and new customers and partners, while maximizing and expanding coverage through direct and indirect channels. • Jim Wallace leads both the U.S. Commercial Named Accounts and the Government, Healthcare & Education (GHE) sales teams. • Wilson Vega leads the U.S. Agents, Xerox authorized independent agents. • Joanne Collins Smee, the Xerox Chief Commercial Officer, is the Interim XBS President leading our wholly owned subsidiary, Xerox Business Services (XBS) - formerly known as Global Imaging Systems), an office technology dealer comprised of regional companies in the U.S. 1063 of 1132 1068 1064 of 1132 1069 US Ent erprise Drga iz at io n Chart March 202 ~l im Wd!ie-e 380iea'\',;e PrE<;~ IJS Erbpn~ Ka'lh•lln 31111 J1c001 c .·-.- : ll'Dllt!llll ' s : Jol"nHDWe: ar ctm~en ! -Mile Pla~.;.r . US Agent Operations Organization Chart Wilson Vega Vice President Diane Miller, Wilsonville Admm. A ssistant Catherine Brun Nat'/ Sales Ops Manager Da nielle Fletcher Office I Production Sales Ops Manager Maggie Hoo-Kim Agent Rep Recrwtmg & Services Support • • • • Stephanie Wosm ansky, Admm Assistant • -~-~-Milagros Vergara , PR BRP & Gov't Affairs Extended Resources Include: .. _ ------ -- -- -- -- -- --_ _. : I l'll:lil1 Dill □ I l'tilbm. ' M i11I1 Ccm!III Clula~ H,ml,;or,u,1 □rilkllII PA~.1,,IUillll'J' SillMI \l,IIM ~ Wltl'!ll:flBl!.11'.im t .i..uri vu, ___________ , xerox Senior Managed Print Services Consultants (Jim Joyce's Org.) Virtual Managed Print Service Specialists (XOS) Production Specialists (Sean Hickey's Org.) Contract Administration (Kevin Zielinski's Org .) Coverage,ScottKent BuyfSell Pricing (Ken Altfather's Org.) BinHassett,Controller John Hassokl,Finance Jim Williams , OGC Michael Calomino, HR BP ~ M#i·MMM#i·MMM#i,.MMM#i·MMM2Mf·MMM2Mi·MMMMl·MMMWMl·MM Richard Kier, Dale Ventling , Sa ul Soto, Sau l Soto, Mike Haines , Robert Rodriguez, 0 0 d CBM Jon Stitt, CBM CBM CBM CBM CBM CBM ewon ar en , CBM An a Ruiz, IWSC Carmen Soler, IWSC James Morton, Sales Manager, XDS, East Region Deno Kotsabasakis , VCBM Christine Craft, VCBM Paul Alleyne, VCBM Katelin Craig , VCBM Lewis Simard, Sales Manager, XDS , West Region Pa m O'Connor, VCBM Maureen Holditch , covering VCBM Mary Stevenson, VCBM Cory Nickerson, coveri ng VCBM Mandy Morrissey, VIWSC Peter Quinn, VPSE Stephanie Simard, VPSE Ron Brideau, VPSE Cory Nickerson, VSAS TBA, VSE Ch ristian Goldie, VPSE Jeff Cam pbell, VPSE John Currie, VPSE Christin Grattan, VPSE Tara Abbott, VSAS Christine Shannon, VSE Jeff Schell, VPSE xerox ·· Public Sector / Healthcare Center of Excellence On January 1, 2014, Xerox established a Public Sector Center of Excellence (COE), led by Mark Browning. The COE is responsible for the successful implementation and results stemming from the implementation of Federal, State & Local, Education and Healthc are contracts. The COE is focused on all aspects of contract support: • Enabling the contracting for Federal, State, Local, Education and Healthcare contracts. • Fostering high level executive relationships across the Federal and SLED markets. • Drive strategic opportunities in both Technology and Managed Print Services to accelerate revenue growth. • Provide consistent support across all Xerox sales channels. • Contract Management to provide timely contract reports/fees payment. • Manage contract compliance issues and audit readiness. 1065 of 1132 1070 X s SL i Cirect R ports ;J<.M!M'f[l,loll.tJellOOf'~ ~ ~-!e;~ ■f!.w:alnl J ,Oi!li'i liUt Co n:!ii Smt:t:, Xuro:x Ch If Com murc 0 et1 r Interim XSS Pre-siden · Rachael Jones Turner is the US Director, SLED Cooperative Contract, providing strategic direction and deployment of Cooperative contracts in all Xerox Sales Channels across North America. She provides ongoing support, training and national implementation. I Explain in detail how the sales teams will work with the OMNIA Partners team to implement, grow and service the national program. We have found positive results in taking a collaborative approach with OMNIA Partners to market our contract to public agencies to drive both awareness and adoption. We depend on our partner’s willingness and support to help carry our message and promote our technology and we have learned that taking a joint approach for these initiatives often yields higher rates of success in the long -term. We encourage sales integration to strategize on account specific opportunities, bridge relationships between the member and Xerox and support customer eligibility questions. During the training and launch of the contract, Xerox will reinforce the role of the OMNIA Partner’s Region Managers and will encourage integration during Xerox sales team meetings and one-on-one interaction for account specific opportunities. J. Explain in detail how Supplier will manage the overall national program throughout the term of the Master Agreement, including ongoing coordination of marketing and sales efforts, timely new Participating Public Agency account set-up, timely contract administration, etc. Xerox will continue managing the national program throughout the term of the contract by leveraging our superior national infrastructure solely responsible for all aspects of government contracting. The Xerox Public Sector Center of Excellence (COE) ensures contract education nationally, consistency of pricing and controls, compliance to the terms and conditions of the contract, sales reporting and marketing and sales efforts. Within the COE, we have dedicated resources who are responsible for managing each core competency. Throughout the term of the master agreement, this team will lead the efforts to coordinate all aspects of the management of the contract. 1066 of 1132 1071 Public Sector Center of Excellence Mark Browning P ublic Sector Center of Excellence Cary Frey Federal Contracts a nd Pricing Dave Goins W illiam Johnson Pete Lechner Dan Sch iffiett ,------------------ ' Geri Pomerantz Major Accou nt Cont racting Tony lannitelli FED / S LED Major Acct. Operation Gerald B ri tt Cla ire Browning- Beardsley Re becka Slade Lin Eunpu Yvonne Hickey He rb Jenkins Cheryl Land Lew ~ Chris Bantha m Joanne Levy Lisa Perkins A nn Russo Li nda White CA Open Rachael Jones Turner SLED Cooperative Contracts Ed Buckson Director, Diverse A lliances Jason Rovey Director, Federal System Integrators Xeroi,; Internal Use Only Yetta Toliver FED / S LED Contract Compliance Office Michelle ~ N icole Chav is Sharon ~ M ichael Parker Denise Stark Chris McPherson D irector , US Government C han ne ls xerox™ K. State the amount of Supplier’s Public Agency sales for the previous fiscal year. Provide a list of Supplier’s top 10 Public Agency customers, the total purchases for each for the previous fiscal year along with a key contact for each. Xerox does not make this information publicly available. A significant portion of our revenues is derived from contracts with U.S. state and local governments and their agencies. L. Describe Supplier’s information systems capabilities and limitations regarding order management through receipt of payment, including description of multiple platforms that m ay be used for any of these functions. Orders are entered into a centralized ordering system which is accessible to only authorized Sales Representatives and the Order Processing Representatives. Editing of the order is completed and the request for equipment or service is passed to distribution in the equipment procurement system to establish a delivery date and time. Additionally, any special requirements are noted, and the appropriate departments are automatically notified if their involvement is necessary at the time of installation. Once successfully installed and accepted a notification is sent to the billing system to start the invoicing of the equipment or service. Invoices are generated and delivered to the customer and are due upon receipt. Generally, any equipment ordered or invoiced can be tracked and any needed reporting can be pulled from a centralized database. M. If the Supplier wants to guarantee sales, provide the Contract Sales (as defined in Section 10 of the National Intergovernmental Purchasing Alliance Company Administration Agreement) that Supplier will guarantee each year under the Master Agreement for the initial three years of the Master Agreement (“Guaranteed Contract Sales”). $_______.00 in year one $_______.00 in year two $_______.00 in year three To the extent Supplier guarantees minimum Contract Sales, the administration fee shall be calculated based on the greater of the actual Contract Sales and the Guaranteed Contract Sales. 1067 of 1132 1072 N. Even though it is anticipated many Public Agencies will be able to utilize the Master Agreement without further formal solicitation, there may be circumstances where Public Agencies will issue their own solicitations. The following options are available when responding to a solicitation for Products covered under the Master Agreement. i. Respond with Master Agreement pricing (Contract Sales reported to OMNIA Partners). ii. If competitive conditions require pricing lower than the standard Master Agreement not-to-exceed pricing, Supplier may respond with lower pricing through the Master Agreement. If Supplier is awarded the contract, the sales are reported as Contract Sales to OMNIA Partners under the Master Agreement. iii. Respond with pricing higher than Master Agreement only in the unlikely event that the Public Agency refuses to utilize Master Agreement (Contract Sales are not reported to OMNIA Partners). iv. If alternative or multiple proposals are permitted, respond with pricing higher than Master Agreement, and include Master Agreement as the alternate or additional proposal. Detail Supplier’s strategies under these options when responding to a solicitation. Applicable to all four of these situations, whether a formal solicitation or not, as Xerox is requested to participate in a procurement cycle with an OMNIA Partner member, we will provide unique pricing equal to or below the not to exceed pricing based on bulk buy provisions per the terms and conditions of the University of California Master Agreement. If the individual procuring agency requires us to amend those terms and conditions to meet their specific state laws or requirements, we will provide an addendum in conjunction with the master terms and all revenue will be reported under OMNIA Partners. 1068 of 1132 1073 Region VP Sales Email Southeast Steve Pitts Steve.Pitts@Xerox.com Mid America Jorge Galindez Jorge.Galindez@Xerox.com Northeast Chris Goodwin Chris.Goodwin@Xerox.com Texas/Oklahoma Kelly Grotheer Kelly.Grotheere@Xerox.com West Michelle Yoshino Michelle.Yoshino@Xerox.com Xerox US Enterprise Operations Xerox Government, Healthcare and Education 1069 of 1132 1074 Establishment Owner_First Owner_Last Address1 City State Zip ADVANCED XEROGRAPHICS RAYMOND BURT 307 S. MAIN STREET UKIAH CA 95482 SMART DOCUMENT SOLUTIONS - (LAKE HAVASU)TRACEY ARVIEUX 4045 E. PALM LANE PHOENIX AZ 85008 COPIERS PLUS INC KRIS SMITH 218 NORTH MAIN, SUITE 1 MONTICELLO IN 47960 NORTHEAST OFFICE EQUIPMENT JIM CHIACCHIERO 1520 W. 13TH STREET ASHTABULA OH 44004 PENDRED OFFICE MACHINES MICHAEL PENDRED 1233 N. MISSION MT. PLEASANT MI 48858 DIGITAL DOCUMENT SOLUTIONS LANNY LEONARD 324 NO. MCPHERSON CHURCH ROAD - 2ND FL FAYETTEVILLE NC 28303 AMERICAN BUSINESS CENTER MPS, INC.RICHARD YEATS PO BOX 20128 PANAMA CITY FL 32417 DOCUGRAPHICS, LLC THOMAS FIMIAN 6624-C GORDON ROAD WILMINGTON NC 28411 COPIERS ETC.PEGGY ANN BRANNON 148 SOUTH DOROUGH ROAD CORDELE GA 31015 XDOS, INC.HAROLD NIXON 18 EAST LIBERTY STREET SUMTER SC 29150 ADVANTAGE BUSINESS PRODUCTS RANDY KIDWELL 2064 S. WESTERN AVENUE SPRINGFIELD MO 65807 PROFESSIONAL OFFICE PRODUCTS, INC. (II)JASON MONTET 441 N. MAIN JENNINGS LA 70546 JUSTTECH, LLC (VI)JOSHUA JUSTICE 101 CATALPA DR STE #102 LA PLATA MD 20646 QUALITY QUICKLY BRIAN MARSHALL 945 3rd AVE SE SUITE 103 HICKORY NC 28602 RYDER BROTHERS STATIONERY RANDY DODSON 1735 MAIN STREET BAKER CITY OR 97814 BUSINESS EQUIPMENT LLC MARK DURBIN PO BOX 7948 PADUCAH KY 42003 BUSINESS IMPRESSIONS JEFF BASSETT PO BOX 959 AUBURN IN 46706 BUTLER’S OFFICE EQUIPMENT & SUPPLY (EAST)PATRICK BUTLER 1900 E. HISTORIC HWY 66, SUITE C GALLUP NM 87301 BENCHMARK BUSINESS SOLUTIONS, INC. (NEW MEXICO)JEFF HORN 1607 BROADWAY LUBBOCK TX 79401 XEROGRAPHIC EQUIPMENT SYSTEMS MICHAEL MCKENNA PO BOX 794 CHEYENNE WY 82003 METRO CENTRE, LP KARLA METZLER 679 COUNTY ROAD 404 GAINESVILLE TX 76240 BEST OFFICE SOLUTIONS BOB VALENTA PO BOX 849 ATLANTA TX 75551 COMPUTERS911, LLC (II)BILLY TINGLE 403 N. MAIN MARKSVILLE LA 71351 COMPUTERS911, LLC BILLY TINGLE 403 N. MAIN MARKSVILLE LA 71351 X WEST INC.RANDALL BERNHARDT 12136 W. BAYAUD AVE., STE 125 LAKEWOOD CO 80228 PROFESSIONAL OFFICE PRODUCTS, INC. (III)JASON MONTET 441 N. MAIN JENNINGS LA 70546 SOUTH TEXAS SALES SONNY HOELSCHER 1901 EAST MAIN STREET ALICE TX 78332 ALABAMA OFFICE SUPPLY HARRIS ASBURY PO BOX 467 OPELIKA AL 36801 COLONY OFFICE PRODUCTS DAN WILSON 121 EAST WASHINGTON STREET DEMOPOLIS AL 36732 LOW COUNTRY OFFICE SOLUTIONS DON NESBITT 802 EAST MARTINTOWN RD, SUITE 162 NO. AUGUSTA SC 29841 SOUTHERN OFFICE EQUIPMENT, LLC TIMOTH TODD PO BOX 636 DAPHNE AL 36526 NO MISSISSIPPI BUS PRODUCTS MARK FOSTER 223 SHARKEY AVE., SUITE 104 CLARKSDALE MS 38614 MICKEY MAYS OFFICE SOLUTIONS MICKEY MAYS 600 MONROVIA DR RUSTON LA 71270 PREFERRED OFFICE MACHINES JOHN MILAN 215 NORTH MICHIGAN BIG RAPIDS MI 49307 DIGITAL OFFICE CENTRE TOM ROSTVEDT 515 20TH AVENUE SE, STE 11 MINOT ND 58701 JUSTTECH, LLC (V)JOSHUA JUSTICE 101 CATALPA DR STE #102 LA PLATA MD 20646 IMAGE MAKERS INC LAURA NYQUIST 3588 VETERANS DRIVE, SUITE 3 TRAVERSE CITY MI 49684 VALLEY OFFICE PRODUCTS LARRY CANTINE 110 SOUTH MAIN STREET MILBANK SD 57252 THE BUSINESS CONNECTION JAMES PUCHNER 214 MAIN CHADRON NE 69337 PROFESSIONAL BUS PRODUCTS KEN MCBRIDE PO BOX 1154 CRAB ORCHARD WV 25827 ATLAS REPRODUCTION, INC.MICHAEL MCKENNA PO BOX 2901 CASPER WY 82601 XEROGRAPHIX EAST TEXAS SCOTT WALLER 424 NORTH STREET NACOGDOCHES TX 75961 SOUTHWEST OFFICE SOLUTIONS, INC. (BELEN)TRACY ASHTON 1789 CENTRAL AVENUE, SUITE 4 LOS ALAMOS NM 87544 SUPERIOR OFFICE PRODUCTS RANDY POCHE 533 HIGHLANDIA DRIVE, STE K BATON ROUGE LA 70810 DOCUMENT SOLUTIONS (II)LOREN MAUK 1540 RICE ROAD, SUITE 100 TYLER TX 75703 BUTLER’S OFFICE EQUIPMENT & SUPPLY (NORTH)PATRICK BUTLER 1900 E. HISTORIC HWY 66, SUITE C GALLUP NM 87301 PROFESSIONAL OFFICE PRODUCTS, INC.JASON MONTET 441 N. MAIN JENNINGS LA 70546 NORMAN ORR OFFICE SUPPLY, LLC REID GRIGSBY 202 WEST MAIN WEST PLAINS MO 65775 MERRIFIELD OFFICE SUPPLY, LLC DARRELL MERRIFIELD 224 SOUTH MAIN ELK CITY OK 73644 OFFICE EQUIPMENT SOURCE, INC. (II)MIKE MITCHELL 227 W. WATER STREET ELMIRA NY 14901 JUSTTECH, LLC (III)JOSHUA JUSTICE 101 CATALPA DR STE #102 LA PLATA MD 20646 JUSTTECH, LLC (IV)JOSHUA JUSTICE 101 CATALPA DR STE #102 LA PLATA MD 20646 WYTHEVILLE OFFICE SUPPLY KENNETH WAYNE ROOP 146 WEST MAIN STREET WYTHEVILLE VA 24382 COMPLETE DOCUMENT SOLUTIONS CENTRAL PENN LLC II JOHN HAND 19 GLORIA LANE FAIRFIELD NJ 07004 KYLE OFFICE SUPPLY CHRIS KYLE 1020 21ST AVENUE TUSCALOOSA AL 35401 COMPLETE DOCUMENT SOLUTIONS, MARYLAND LLC (IV)JOHN HAND 19 GLORIA LANE FAIRFIELD NJ 07004 HUGHES OFFICE EQUIPMENT, LLC JOHN TURZIANO PO BOX 278 BELLAIRE OH 43906 SIERRA OFFICE SOLUTIONS TODD ALLRED 23811 WASHINGTON AVE STE C110-230 MURIETTA CA 92562 PRINT 'N COPY CENTER REECE KEENER 565 W. SILVER ST.ELKO NV 89801 D-TECH NORTH, LLC FRANK DEFRANCESCO 1095 MILITARY TRL, UNIT 1447 JUPITER FL 33458 BUDDE'S OFFICE SUPPLY BERT BUDDE 3210 FLAGLER AVENUE KEY WEST FL 33040 OFFICE AUTOMATION DANIEL PATRICK CURRIE 851 NW 250 TERRACE NEWBERRY FL 32669 PRECISION OFFICE SYSTEMS ROBERT DEMARCO 8817 NW 40th CIRCLE GAINESVILLE FL 32653 DOCUMENT SYSTEMS, INC. (II)CRAIG BRAME 89 MARKET STREET HENDERSON NC 27537 BUERGER OFFICE SYSTEMS CAMERON BUERGER 1670 WARREN ROAD INDIANA PA 15701 OFFICE EQUIPMENT SOURCE, INC. (I)MIKE MITCHELL 227 W. WATER STREET ELMIRA NY 14901 XEROGRAPHICS OF FLAGSTAFF, INC.TRACEY ARVIEUX 4045 E. PALM LANE PHOENIX AZ 85008 ADVANCED DOCUMENT SYSTEMS, INC.HECTOR LIZARDI 19226 66th AVE. S., SUITE L-100 KENT WA 98032 DOCUMENT CONSULTING SERVICES TED SWICK 880 APOLLO STREET, SUITE 353 EL SEGUNDO CA 90245 LAS AMERICAS OFFICE EQUIPMENT, INC.FELIX RIVERA PO BOX 90 MERCEDITA PR 00715 EXECUTIVE OFFICE EQUIPMENT LAURANCE BONELLI PO BOX 6217 ST THOMAS VI 00804 OFFITEK FELIX RIVERA 2980 EMILIO FAGOT AVENUE SUITE 2 PONCE PR 00716 DOCUMENT COMPANY JORGE CANALS AVE. LAUREL #GA11, CALLE 49, SANTA JUANITA BAYAMON PR 00956 C & M DOCUMENT COMPANY, INC.JORGE CANALS MSC 848, AVENIDA WINSTON CHURHILL #138 SAN JUAN PR 00926 COMPLETE DOCUMENT SOLUTIONS LLC (III)JOHN HAND 19 GLORIA LANE FAIRFIELD NJ 07004 JUSTTECH, LLC (VII)JOSHUA JUSTICE 101 CATALPA DR STE #102 LA PLATA MD 20646 ANNAPOLIS OFFICE PRODUCTS JIM SCHALGE 8258 VETERANS HIGHWAY, SUITE 3A MILLERSVILLE MD 21108 MARITIME BUSINESS CONCEPTS SCOTT WILLIAMS 1306 N. HERRITAGE ST KINSTON NC 28501 AMERICAN BUSINESS CENTER MPS INC. (II)RICHARD YEATS PO BOX 20128 PANAMA CITY FL 32417 OFFICE AUTOMATION (EAST-WEST)DANIEL PATRICK CURRIE PO BOX 9 NEWBERRY FL 32669 IMAGE SOURCE IV BRAD CRAFT 650 EAST HOSPITALITY LANE, STE 540 SAN BERNARDINO CA 92408 XEROGRAPHIC BUSINESS SYS LARRY GLEASON 819 WATER ST, SUITE 110.KERRVILLE TX 78028 XMC OF ARKANSAS BOB HAMILTON 7585 AE BEATY DRIVE, SUITE 101 BARTLETT TN 38133 TALLAHASSEE TECHNOLOGY GROUP, INC.RICHARD MAUS 1949 RAYMOND DIEHL ROAD STE B TALLAHASSEE FL 32308 KIMBRELL'S DIGITAL SOLUTIONS SCOTT KIMBRELL 520 MAIN STREET NATCHEZ MS 39120 DOCUMENT SOLUTIONS EAST, INC.DARRELL HARRISON PO BOX 4006 GREENVILLE NC 27858 THE OFFICE ADVANTAGE MARK VAN DEN HOEK 318 N. MAIN MITCHELL SD 57301 FLYNN'S INC.BRIAN CANTOR 115 W 30th ST., RM 411 NEW YORK NY 10001 T.E.C DOCUMENT SOLUTIONS ANTHONY GARCIA 231 WEST 29TH STREET SUITE 905 NEW YORK NY 10001 DELMARVA DOCUMENT SOLUTIONS, INC.JENNIFER ATCHISON 112 SOUTH BOULEVARD SALISBURY MD 21804 DOCUMENT TECHNOLOGIES, INC.JANICE DUPLISEA 23 CROSBY DRIVE BEDFORD MA 01730 CSRA DOCUMENT SOLUTIONS DON NESBITT 802 EAST MARTINTOWN RD, SUITE 162 NO. AUGUSTA SC 29841 IMAGE SOURCE BRAD CRAFT 650 EAST HOSPITALITY LANE, STE 500 SAN BERNARDINO CA 92408 PROFESSIONAL DOCUMENT SOLUTIONS, INC. (PDS - GJ)TROY TAFOYA 4114 TIMBERLINE ROAD FORT COLLINS CO 80525 UTOPIAN IQ SERVICES INC.SEBASTIAN MARTINEZ 6095 NW 82 AVE MIAMI FL 33166 IMPRESSIONS OF ASPEN, INC.NANCY TORINUS P.O. BOX 295 CARBONDALE CO 81623 ADVANCED DOCUMENT SOLUTIONS, INC. (II)SCOTT HAMILTON 819 S. FLOYD STREET LOUISVILLE KY 40203 TOTAL DOCUMENT SOLUTIONS, INC.TIMOTHY STANLEY 2515 NORTH SHILOH DRIVE FAYETTEVILLE AR 72704 COMPLETE DOCUMENT SOLUTIONS, NY LLC JOHN HAND 19 GLORIA LANE FAIRFIELD NJ 07004 XRX BUSINESS CONSULTANTS DAVID CAVAZOS 708 NORTH MCCOLL MCALLEN TX 78501 XMC OF MEMPHIS BOB HAMILTON 7585 AE BEATY DRIVE, SUITE 101 BARTLETT TN 38133 XCEL OFFICE SOLUTIONS MICHAEL REID 304 N MERIDIAN AVE STE 18 OKLAHOMA CITY OK 73107 DIXIE DIGITAL IMAGING, INC.KELLY SMITH 1401 COMMERCE COURT FORT SMITH AR 72908 Xerox Authorized Sales Agents 1070 of 1132 1075 Establishment Owner_First Owner_Last Address1 City State Zip Xerox Authorized Sales Agents SHAMROCK OFFICE SUPPLY MIKE FORMELLER 219 E. VEROT SCHOOL ROAD LAFAYETTE LA 70508 DOCUMENT SOLUTIONS OF SPRINGFIELD GREG TIGGES 1736 E. SUNSHINE STREET, SUITE 100 SPRINGFIELD MO 65804 DOCUMENT SOLUTIONS, INC.ROBERT BIGHAM JR.4401 N. MAIN ST., SUITE A VICTORIA TX 77904 BENCHMARK BUSINESS SOLUTIONS JEFF HORN 1607 BROADWAY LUBBOCK TX 79401 COMPLETE OFFICE SOURCE INC.GLEN DUNN 429 CURWOOD DRIVE OWOSSO MI 48867 INDIANA BUSINESS SOLUTIONS TIMOTHY SLOPSEMA 8227 NORTHWEST BLVD., #200 INDIANAPOLIS IN 46278 COPY SOLUTIONS, INC.ROGER ZHAO 919 S. FREMONT AVE, SUITE 398 ALHAMBRA CA 91803 MORRIS COUNTY STATIONERS RICHARD FLETCHER PO BOX 279 FLANDERS NJ 07836 BENCHMARK BUSINESS SOLUTIONS, INC.-ABILENE JEFF HORN 1607 BROADWAY LUBBOCK TX 79401 EDGE OFFICE PRODUCTS LESTER KILPATRICK 1909 JUDSON RD.LONGVIEW TX 75605 DOCUMENT SOLUTIONS LOREN MAUK 1540 RICE ROAD, SUITE 100 TYLER TX 75703 COPIER CONNECTION BONNIE DOOLEY 10425 WESLEY GREENVILLE TX 75402 EXCEL OFFICE SERVICES BRETT BUTLER 12031 JEFFERSON BLVD CULVER CITY CA 90232 RAY BLOCK STATIONERY GEORGE GARCIA 3 PLAINFIELD AVE.FLORAL PARK NY 11001 XCL BUSINESS PRODUCTS MICHAEL DAVID 1767-46 VETERANS MEMORIAL HWY ISLANDIA NY 11749 OFFICE EVOLUTIONS, INC.JOHN GILLON 1808 WHEELER AVE STE #2 HOUSTON TX 77004 ALASKA ENTERPRISE SOLUTIONS, INC. (FAIRBANKS)MICHAEL FERRIS 557 E FIREWEED LANE SUITE A ANCHORAGE AK 99503 HIGH COUNTRY COPIERS, INC.TROY TAFOYA 4114 TIMBERLINE ROAD FORT COLLINS CO 80525 KYLE OFFICE PRODUCTS TOM KYLE 418 TARROW COLLEGE STATION TX 77840 DOCUMENT SOLUTIONS (V)LOREN MAUK 1540 RICE ROAD, SUITE 100 TYLER TX 75703 PREMIER OFFICE SYSTEMS COLIN MCTERNAN 500 N. RAINBOW BLVD. STE 312 LAS VEGAS NV 89107 QUALITY BUSINESS EDGARDO RODRIGUEZ 1142 FD ROOSEVELT AVENUE HATO REY PR 00920 OFFICE EQUIPMENT SOURCE, INC. (VI)MIKE MITCHELL 227 W. WATER STREET ELMIRA NY 14901 PROFESSIONAL DOCUMENT SOLUTIONS (PDS)TROY TAFOYA 4114 TIMBERLINE ROAD FORT COLLINS CO 80525 IMAGE SOURCE - METRO BRAD CRAFT 650 EAST HOSPITALITY LANE, STE 540 SAN BERNARDINO CA 92408 IMAGE SOURCE - TEMECULA BRAD CRAFT 650 EAST HOSPITALITY LANE, STE 540 SAN BERNARDINO CA 92408 BENCHMARK OFFICE SYSTEMS INC.MICHELLE MCMANUS 75 GILCREAST RD., STE. 311 LONDONDERRY NH 03053 ADVANCED DOCUMENT SOLUTIONS, INC. (III)SCOTT HAMILTON 819 S. FLOYD STREET LOUISVILLE KY 40203 DOCUMENT SOLUTIONS - TENNESSEE KAREN MCGINNIS 256 AVIGNON WAY CLARKSVILLE TN 37043 CONVERGING TECHNOLOGIES - SANTA ROSA GENE IRTENKAUF 4331 FISTOR DR SANTA ROSA CA 95409 ITECH MICHAEL WILLIAMS 326 5TH STREET PARKERSBURG WV 26101 NETWORK ENHANCEMENT SYSTEMS, INC.EDGAR SILKEY 10827 EAST MARSHALL STREET TULSA OK 74116 COMPLETE DOCUMENT SOLUTIONS JOHN HAND 19 GLORIA LANE FAIRFIELD NJ 07004 XCEL OFFICE SOLUTIONS, LLC MICHAEL REID 304 N MERIDIAN AVE STE 18 OKLAHOMA CITY OK 73107 Q DOCUMENT SOLUTIONS JOEL HACKETT 3030 OLD RANCH PARKWAY, SUITE 190 SEAL BEACH CA 90740 OFFICE TECH B.K.POWELL 3709 SPENARD ROAD SUITE 200 ANCHORAGE AK 99503 TOTAL OFFICE SOLUTION OF WEST TEXAS TOMMY MCCRURY 1601 N. LEE AVENUE ODESSA TX 79761 DOCUMENT SYSTEMS CRAIG BRAME 89 MARKET STREET HENDERSON NC 27537 GREAT NORTHERN EQUIPMENT KIM BROWN 104 NE 3RD STREET, SUITE 200C GRAND RAPIDS MN 55744 COMPLETE DOCUMENT SOLUTIONS, NY LLC JOHN HAND 19 GLORIA LANE FAIRFIELD NJ 07004 WEST KENTUCKY XEROGRAPHICS LLC JAMES DEMA PO BOX 124 BENTON KY 42025 SOUTHERN DIGITAL LLC ALBERT HENRICKS 330 N JEFFERSON DAVIS PARKWAY NEW ORLEANS LA 70119 CONNEX SYSTEMS INC.GREGORY WALTER 2033 CHENAULT DR STE 150 CARROLLTON TX 75006 IMAGE SOURCE (LA)BRAD CRAFT 650 EAST HOSPITALITY LANE, STE 540 SAN BERNARDINO CA 92408 PROFESSIONAL DOCUMENT SOLUTIONS, INC. (PDS – GJ II)TROY TAFOYA 4114 TIMBERLINE ROAD FORT COLLINS CO 80525 COPY CONNECTION RAJAT GANDHI 201 W. HILLSIDE, SUITE 24 LAREDO TX 78041 ADVANCED XEROGRAPHY DEREK BARNES 1823 N. YELLOWOOD BROKEN ARROW OK 74012 ADVANCED DIGITAL SOLUTIONS, INC BILL NORTHAM 1512 BROADWAY AVENUE MATTOON IL 61938 MOUNTAIN WEST OFFICE SOLUTIONS BRUCE PORCH 1205-B KENSINGTON AVENUE MISSOULA MT 59801 XDOS, INC.HAROLD NIXON 20 EAST LIBERTY STREET SUMTER SC 29150 DOCUMENT TECHNOLOGIES, INC. (SOUTH SHORE)JANICE DUPLISEA 23 CROSBY DRIVE BEDFORD MA 01730 AMBIZ SOLUTIONS, INC.RICHARD YEATS PO BOX 20128 PANAMA CITY FL 32417 SOUTHWEST OFFICE SOLUTIONS, INC. (LOS ALAMOS)TRACY ASHTON 1789 CENTRAL AVENUE, SUITE 4 LOS ALAMOS NM 87544 WASATCH DOCUMENT SOLUTIONS INC.CASEY BECK 373 EDGEHILL DRIVE PROVIDENCE UT 84332 OFFICE SYSTEMS OF FAYETTE & GREENE CAMERON BUERGER 1670 WARREN ROAD INDIANA PA 15701 PDS DENVER TECH CENTER TROY TAFOYA 4114 TIMBERLINE ROAD FORT COLLINS CO 80525 DIGITAL OFFICE SOLUTIONS V ROBERT WEBB 4125 N. 124TH STREET, SUITE J BROOKFIELD WI 53005 MARCOTEK DIGITAL OFFICE SOLUTIONS II KEITH NORRIS 100 NORTH PATTERSON STREET VALDOSTA GA 31601 OFFICETECH NORTHWEST B.K.POWELL 6310 E. SPRAGUE AVENUE SPOKANE WA 99212 XEROGRAPHIC EQUIPMENT SYSTEMS - LARAMIE MICHAEL MCKENNA PO BOX 794 CHEYENNE WY 82003 IT BUSINESS SOLUTIONS ROBERT HAY 2698 CASSELMAN ROAD ROCKWOOD PA 15557 HEARTLAND DIGITAL IMAGING INC.RYAN VERCELLINO 6004 WILLOW SPRINGS MARION IL 62959 XMC OF LITTLE ROCK, INC.BOB HAMILTON 7585 AE BEATY DRIVE, SUITE 101 BARTLETT TN 38133 OFFICE TECH - WENATCHEE B.K.POWELL 6310 E. SPRAGUE AVENUE SPOKANE WA 99212 DIGITAL OFFICE SOLUTIONS ROBERT WEBB 4125 N. 124TH STREET, SUITE J BROOKFIELD WI 53005 DOCUGRAPHICS, LLC THOMAS FIMIAN 2408A ASHLEY RIVER ROAD, SUITE 6-B CHARLESTON SC 29407 POTOMAC BUSINESS SOLUTIONS LLC KRISTIN JAQUETTE 13800 COPPERMINE ROAD, STE 273 HERNDON VA 20171 DIGITAL OFFICE SOLUTIONS II ROBERT WEBB 4125 N. 124TH STREET, SUITE J BROOKFIELD WI 53005 RBI RICK BOWLING 1113B N. CASTLE HEIGHTS AVE LEBANON TN 37087 XCEL OFFICE SOLUTIONS MICHAEL REID 304 N MERIDIAN AVE STE 18 OKLAHOMA CITY OK 73107 QUALITY PRINT SOLUTIONS GENE AYALA 220 N. GETTY STREET UVALDE TX 78801 IMAGE XCELLENCE, LLC JENNIFER CAMBIO 2123 KING STREET LA CROSSE WI 54601 CENTRAL OREGON OFFICE SOLUTIONS RHONDA ROGERS PO BOX 2185 BEND OR 97709 MAINE DOCUMENT SOLUTIONS, LLC GABE POLCHIES 59 SANFORD DRIVE, UNIT 1 GORHAM ME 04038 OFFICE EQUIPMENT SOURCE, INC. (IV)MIKE MITCHELL 227 W. WATER STREET ELMIRA NY 14901 GULF SUPERIOR OFFICE PRODUCTS, INC. – SUPERIOR VI RANDY POCHE 533 HIGHLANDIA DRIVE, STE K BATON ROUGE LA 70810 ADVANCED DOCUMENT SOLUTIONS, INC. (IV)SCOTT HAMILTON 819 S. FLOYD STREET LOUISVILLE KY 40203 DOCUMENT TECHNOLOGIES, INC.JANICE DUPLISEA 23 CROSBY DRIVE BEDFORD MA 01730 METRO CENTRE, LP KARLA METZLER 679 COUNTY ROAD 404 GAINESVILLE TX 76240 BENCHMARK BUSINESS SOLUTIONS, INC. (AMARILLO II)JEFF HORN 1607 BROADWAY LUBBOCK TX 79401 DIGITAL OFFICE CENTRE, INC. (II)TOM ROSTVEDT 515 20TH AVENUE SE, STE 11 MINOT ND 58701 XMC OF WEST TENNESSEE, INC.BOB HAMILTON 7585 AE BEATY DRIVE, SUITE 101 BARTLETT TN 38133 NORTH COUNTRY DIGITAL SOLUTIONS DAN MCALOON 2 CRESTWOOD DRIVE ALEXANDRIA BAY NY 13607 SOLUTIONS FOR DOCUMENTS MARVIN HAMONS 3310 WOODVILLE RD, STE. C NORTHWOOD OH 43619 EAST-PENN BUSINESS MACHINES, INC.HEMAN PATEL 2980 LINDEN STREET BETHLEHEM PA 18017 YAKIMA DOCUMENT SOLUTIONS LEE HARTUNG 6799 N WENAS RD SELAH WA 98942 DOCUGRAPHICS, LLC THOMAS FIMIAN 2015 BOUNDARY ST, STE 232 BEAUFORT SC 29902 MORRIS BUSINESS SOLUTIONS, LLC RICHARD MORRIS P.O. BOX 15090 GREENVILLE SC 29610 XMC OF NORTH ALABAMA, INC.BOB HAMILTON 7585 AE BEATY DRIVE, SUITE 101 BARTLETT TN 38133 DOCUMENT CONSULTING SERVICES II TED SWICK 880 APOLLO STREET, SUITE 353 EL SEGUNDO CA 90245 DIGITAL OFFICE SOLUTIONS, INC.VIC KALIA 311 3RD AVE, SE CEDAR RAPIDS IA 52401 CAPE COD BUSINESS SOLUTIONS, INC.KEVIN DONAHUE PO BOX 323 SANDWICH MA 02563 MARITIME BUSINESS CONCEPTS, INC. (II)SCOTT WILLIAMS 1306 N. HERRITAGE ST KINSTON NC 28501 SUPERIOR OFFICE PRODUCTS II RANDY POCHE 533 HIGHLANDIA DRIVE, STE K BATON ROUGE LA 70810 MAINE DOCUMENT SOLUTIONS OF CENTRAL MAINE GABE POLCHIES 59 SANFORD DRIVE, UNIT 1 GORHAM ME 04038 TALLAHASSEE TECHNOLOGY GROUP, INC. (COLUMBUS)RICHARD MAUS 1949 RAYMOND DIEHL ROAD STE B TALLAHASSEE FL 32308 BUSINESS IMPRESSIONS OF MICHIGAN JEFF BASSETT PO BOX 959 AUBURN IN 46706 DOCUGRAPHICS, LLC THOMAS FIMIAN 2408 ASHLEY RIVER RD, UNIT A CHARLESTON SC 29414 DIGITAL OFFICE SOLUTIONS IV ROBERT WEBB 4125 N. 124TH STREET, SUITE J BROOKFIELD WI 53005 ASTRATECH, INC.CHARLLEE HOLMES 81 EAST GROVE STREET GALESBURG IL 61401 BENCHMARK BUSINESS SOLUTIONS, INC. (MARBLE FALLS)JEFF HORN 1607 BROADWAY LUBBOCK TX 79401 BENCHMARK BUSINESS SOLUTIONS-WICHITA FALLS JEFF HORN 1607 BROADWAY LUBBOCK TX 79401 JUSTTECH, LLC JOSHUA JUSTICE 101 CATALPA DR STE #102 LA PLATA MD 20646 1071 of 1132 1076 Establishment Owner_First Owner_Last Address1 City State Zip Xerox Authorized Sales Agents COMPLETE OFFICE SOLUTIONS JOHN COOPER 2627 RIDGEWOOD ROAD JACKSON MS 39216 ADVANCED DOCUMENT SOLUTIONS, INC.SCOTT HAMILTON 819 S. FLOYD STREET LOUISVILLE KY 40203 XMC OF MIDDLE TENNESSEE BOB HAMILTON 7585 AE BEATY DRIVE, SUITE 101 BARTLETT TN 38133 XMC OF FLORENCE BOB HAMILTON 7585 AE BEATY DRIVE, SUITE 101 BARTLETT TN 38133 COMPLETE DOCUMENT SOLUTIONS - MD LLC JOHN HAND 19 GLORIA LANE FAIRFIELD NJ 07004 SOUTHWEST OFFICE SOLUTIONS, INC. (TAOS)TRACY ASHTON 1789 CENTRAL AVENUE, SUITE 4 LOS ALAMOS NM 87544 ELITE BUSINESS SYSTEMS, LLC WILLIAM ARNETT P.O. BOX 737 GADSDEN AL 35901 IMAGE MAKERS INC II LAURA NYQUIST 3588 VETERANS DRIVE, SUITE 3 TRAVERSE CITY MI 49684 DOCUGRAPHICS, LLC THOMAS FIMIAN 454 ANDERSON RD. S, STE 152 BTC 571 ROCK HILL SC 29730 MORRIS BUSINESS SOLUTIONS LLC (IV)RICHARD MORRIS P.O. BOX 15090 GREENVILLE SC 29610 SUPERIOR OFFICE PRODUCTS III RANDY POCHE 533 HIGHLANDIA DRIVE, STE K BATON ROUGE LA 70810 BENCHMARK BUSINESS SOLUTIONS-EL PASO JEFF HORN 1607 BROADWAY LUBBOCK TX 79401 OFFICE EXPERTS, INC KATHLEEN SALIMBENE 520 HIGHRIDGE ROAD LEXINGTON OH 44904 PREFERRED DOCUMENT SOLUTIONS, LLC CHRISTOPHER SPAHN 2395 BRIARGATE BLVD, STE 120 COLORADO SPRINGS CO 80920 ADVANTAGE BUSINESS SYSTEMS, INC.MEIR HOLTZBERG 370 STATE ST., SUITE 2 NORTH HAVEN CT 06473 MIDWEST DATA SYSTEMS, INC.KRISTIN PORTER 10124 HUTTON ROAD KANSAS CITY KS 66109 DOCUGRAPHICS, LLC THOMAS FIMIAN 1201 MAIN STREET SUITE 1100 COLUMBIA SC 29201 COPY SOLUTIONS, INC. (WEST)ROGER ZHAO 919 S. FREMONT AVE, SUITE 398 ALHAMBRA CA 91803 BUTLER’S OFFICE EQUIPMENT & SUPPLY (WEST)PATRICK BUTLER 1900 E. HISTORIC HWY 66, SUITE C GALLUP NM 87301 REPRO PRODUCTS MFD, LLC (NORTH)ROBERT FELDBERG 4485 S ATLANTA RD SMYRNA GA 30080 REPRO PRODUCTS MFD, LLC (EAST)ROBERT FELDBERG 4485 S ATLANTA RD SMYRNA GA 30080 REPRO PRODUCTS MFD, LLC (SOUTH)ROBERT FELDBERG 4485 S ATLANTA RD SMYRNA GA 30080 BENCHMARK BUSINESS SOLUTIONS-SAN ANTONIO JEFF HORN 1607 BROADWAY LUBBOCK TX 79401 SUPERIOR PRINT SOLUTIONS, INC.BETHANY SCHRIEVER 202 1st STREET SE, STE 103 MASON CITY IA 50401 MORRIS BUSINESS SOLUTIONS, LLC (II)RICHARD MORRIS P.O. BOX 15090 GREENVILLE SC 29610 DOCUGRAPHICS, LLC THOMAS FIMIAN 2408 ASHLEY RIVER ROAD, SUITE 6-B CHARLESTON SC 29407 JUSTTECH, LLC (II)JOSHUA JUSTICE 101 CATALPA DR STE #102 LA PLATA MD 20646 HAMILTON DIGITAL, INC. (CINCINNATI)FRED HAMILTON 2165 CENTRAL PARKWAY CINCINNATI OH 45219 GEYER'S OFFICE SUPPLY (II)RON GEYER 169 W. MAIN STREET XENIA OH 45385 IMAGE SOURCE - ORANGE COUNTY BRAD CRAFT 650 EAST HOSPITALITY LANE, STE 540 SAN BERNARDINO CA 92408 ITECH MICHAEL WILLIAMS 326 5TH STREET PARKERSBURG WV 26101 OFFICE EQUIPMENT SOURCE, INC. (III)MIKE MITCHELL 227 W. WATER STREET ELMIRA NY 14901 QUALITY QUICKLY (II)BRIAN MARSHALL 945 3rd AVE SE SUITE 103 HICKORY NC 28602 RAY BLOCK STATIONERY II GEORGE GARCIA 3 PLAINFIELD AVE.FLORAL PARK NY 11001 MCGARITY'S BUSINESS PRODUCTS SCOTT MCGARITY 870 GROVE STREET GAINSVILLE GA 30501 IMAGE SOURCE - ORANGE COUNTY II BRAD CRAFT 650 EAST HOSPITALITY LANE, STE 540 SAN BERNARDINO CA 92408 DOCUMENT SOLUTIONS (III)LOREN MAUK 1540 RICE ROAD, SUITE 100 TYLER TX 75703 XMC OF EAST TENNESSEE, INC.BOB HAMILTON 7585 AE BEATY DRIVE, SUITE 101 BARTLETT TN 38133 SOUTHWEST OFFICE SOLUTIONS, INC. (SANTE FE)TRACY ASHTON 1789 CENTRAL AVENUE, SUITE 4 LOS ALAMOS NM 87544 THE RAY-BLOCK STATIONERY CO. INC. (EAST)GEORGE GARCIA 3 PLAINFIELD AVE.FLORAL PARK NY 11001 COMPLETE DOCUMENT SOLUTIONS PA, LLC (S JERSEY I)JOHN HAND 19 GLORIA LANE FAIRFIELD NJ 07004 COMPLETE DOCUMENT SOLUTIONS PA, LLC (S JERSEY II) JOHN HAND 19 GLORIA LANE FAIRFIELD NJ 07004 COMPLETE DOCUMENT SOLUTIONS PA, LLC (PHL)JOHN HAND 19 GLORIA LANE FAIRFIELD NJ 07004 COMPLETE DOCUMENT SOLUTIONS PA, LLC (PHL II)JOHN HAND 19 GLORIA LANE FAIRFIELD NJ 07004 COMPLETE DOCUMENT SOLUTIONS, LLC (II)JOHN HAND 19 GLORIA LANE FAIRFIELD NJ 07004 ALASKA ENTERPRISE SOLUTIONS, INC.MICHAEL FERRIS 557 E FIREWEED LN, SUITE A ANCHORAGE AK 99503 DOCUMENT SOLUTIONS (IV)LOREN MAUK 1540 RICE ROAD, SUITE 100 TYLER TX 75703 BENCHMARK BUSINESS SOLUTIONS, INC. (AUSTIN)JEFF HORN 1607 BROADWAY LUBBOCK TX 79401 DMC2, INC.KEVIN FITZPATRICK 42 WORTHINGTON ACCESS DR MARYLAND HEIGHTS MO 63043 DMC2, INC. (II)KEVIN FITZPATRICK 42 WORTHINGTON ACCESS DR MARYLAND HEIGHTS MO 63043 SUPERIOR OFFICE PRODUCTS - BEAUMONT RANDY POCHE 533 HIGHLANDIA DRIVE, STE K BATON ROUGE LA 70810 D-TECH BUSINESS SOLUTIONS, LLC FRANK DEFRANCESCO 1095 MILITARY TRL, UNIT 1447 JUPITER FL 33458 DIGITAL DOCUMENT SOLUTIONS, LLC BRIDGET EVANS 901 LAKE ROAD MOUNTAIN TOP PA 18707 IMAGE SOURCE (SAN DIEGO)BRAD CRAFT 650 EAST HOSPITALITY LANE, STE 540 SAN BERNARDINO CA 92408 NAPLES OFFICE SOLUTIONS, LLC CHRIS DEICHMAN 3449 TECHNOLOGY DRIVE STE 108 NORTH VENICE FL 34275 ADVANCED OFFICE SOLUTIONS, LLC JOHN BARROW 4124 KESTEVEN DRIVE BIRMINGHAM AL 35242 AMERICAN BUSINESS CENTER, INC.RICHARD YEATS PO BOX 20128 PANAMA CITY FL 32417 OFFICE EQUIPMENT SOURCE, INC. (V)MIKE MITCHELL 227 W. WATER STREET ELMIRA NY 14901 BENCHMARK OFFICE SYSTEMS INC. (WEST)MICHELLE MCMANUS 75 GILCREAST RD., STE. 311 LONDONDERRY NH 03053 COMPLETE DOCUMENT SOLUTIONS, WC-CT, LLC (I)JOHN HAND 19 GLORIA LANE FAIRFIELD NJ 07004 COMPLETE DOCUMENT SOLUTIONS, MARYLAND LLC (II)JOHN HAND 19 GLORIA LANE FAIRFIELD NJ 07004 COASTAL OREGON OFFICE SOLUTIONS RHONDA ROGERS PO BOX 2185 BEND OR 97709 SOUTHWEST OFFICE SOLUTIONS, INC. (ALBUQUERQUE)TRACY ASHTON 1789 CENTRAL AVENUE, SUITE 4 LOS ALAMOS NM 87544 XMC, INC. (SOUTH ARKANSAS)BOB HAMILTON 7585 AE BEATY DRIVE, SUITE 101 BARTLETT TN 38133 MORRIS BUSINESS SOLUTIONS, LLC (III)RICHARD MORRIS P.O. BOX 15090 GREENVILLE SC 29610 COMPLETE DOCUMENT SOLUTIONS, MARYLAND LLC (III)JOHN HAND 19 GLORIA LANE FAIRFIELD NJ 07004 IMAGE SOURCE (SACRAMENTO)BRAD CRAFT 650 EAST HOSPITALITY LANE, STE 540 SAN BERNARDINO CA 92408 SMART DOCUMENT SOLUTIONS - (PHOENIX)TRACEY ARVIEUX 4045 E. PALM LANE PHOENIX AZ 85008 TINLOF TECHNOLOGIES, INC.FERNANDO MARTINEZ 21011 JOHNSON STREET SUITE #124 PEMBROKE PINES FL 33029 ROCKY MOUNTAIN COMPETITIVE SOLUTIONS, LLC ANDY COON 2413 GRANT AVENUE OGDEN UT 84404 IMAGE SOURCE (OAKLAND)BRAD CRAFT 650 EAST HOSPITALITY LANE, STE 500 SAN BERNARDINO CA 92408 SARASOTA OFF SOL (ORLANDO)CHRIS DEICHMAN 3449 TECHNOLOGY DRIVE STE 108 NORTH VENICE FL 34275 IMAGE SOURCE (STOCKTON)BRAD CRAFT 650 EAST HOSPITALITY LANE, STE 540 SAN BERNARDINO CA 92408 INNOVATIVE DOC TECH INC JULIO DIAZ 2770 AVE HOSTOS, SUITE 303, SVS PLAZA II MAYAGUEZ PR 00682 IMAGE SOURCE (WOODLAND HILLS)BRAD CRAFT 650 EAST HOSPITALITY LANE, STE 540 SAN BERNARDINO CA 92408 COMPLETE DOCUMENT SOLUTIONS WC-CT LLC II JOHN HAND 19 GLORIA LANE FAIRFIELD NJ 07004 COMPLETE DOCUMENT SOLUTIONS PA, LLC JOHN HAND 19 GLORIA LANE FAIRFIELD NJ 07004 COMPLETE DOCUMENT SOLUTIONS CENTRAL PENN LLC JOHN HAND 2209 FOREST HILLS DRIVE HARRISBURG PA 17112 INDIANA BUSINESS SOLUTIONS LLC (SOUTH)TIMOTHY SLOPSEMA 8227 NORTHWEST BLVD., #200 INDIANAPOLIS IN 46278 IMAGE SOURCE (MONT)BRAD CRAFT 650 EAST HOSPITALITY LANE, STE 500 SAN BERNARDINO CA 92408 IMAGE SOURCE (FNO)BRAD CRAFT 650 EAST HOSPITALITY LANE, STE 500 SAN BERNARDINO CA 92408 AMBIZ SOLUTIONS, INC. (EAST)RICHARD YEATS PO BOX 20128 PANAMA CITY FL 32417 IMAGE SOURCE (SAN FRANCISCO)BRAD CRAFT 650 EAST HOSPITALITY LANE, STE 500 SAN BERNARDINO CA 92408 GULF SUPERIOR OFFICE PRODUCTS, INC.RANDY POCHE 533 HIGHLANDIA DRIVE, STE K BATON ROUGE LA 70810 CONNEX SYSTEMS INC. II GREGORY WALTER 2033 CHENAULT DR STE 150 CARROLLTON TX 75006 SHOFNER BUSINESS SOLUTIONS OF EASTERN KY L.L.C.CHARLES SHOFNER 200 PORTA VERDE NICHOLASVILLE KY 40356 SUPERIOR OFFICE SYSTEMS HECTOR LIZARDI 19226 66th AVE. S., SUITE L-100 KENT WA 98032 ADVANCED DOCUMENT SOLUTIONS, INC. (V)SCOTT HAMILTON 819 S. FLOYD STREET LOUISVILLE KY 40203 COMPLETE DOCUMENT SOLUTIONS NORTH, LLC JOHN HAND 19 GLORIA LANE FAIRFIELD NJ 07004 1072 of 1132 1077 COMPANY / GROUP STREET ADDRESS CITY/STATE/ZIP WEB ADDRESS SALES MGR/VP Xerox Business Solutions, Inc.8701 Florida Mining Blvd Tampa, FL 33634 www.xeroxbusinesssolutions.com Sylvia Carrizosa Amcom Office - AMC 3600 McClaren Woods Drive Coraopolis, PA 15108 www.teamamcom.com David Saber Arizona Office Technologies - AOT 4320 E. Cotton Center Blvd #100 Phoenix, AZ 85040 www.aot-xerox.com David Hague Berney Office Solutions - BER 10690 John Knight Close Montgomery, AL 36117 www.berney.com David Washington Berney Office Solutions - BER 780 Lakeside Drive W., Ste B Mobile, AL 36693 www.berney.com David Washington Berney Office Solutions - BER 4970 Corporate Drive, Ste 125H Huntsville, AL 35805 www.berney.com David Washington Stewart of Alabama, Inc. - STO 4000 Colonnade Parkway Birmingham, AL 35243 www.berney.com Matt Fulmer Carr Business Systems - CAR 500 Commack Road, Ste 110 Commack, NY 11725 www.carrxerox.com Joe Savino Carr Business Systems - CAR 485 Lexington Ave FL25 New York, NY 10017 www.carrxerox.com Joe Savino Connecticut Bus. Systems - CBS 100 Great Meadow Rd Wethersfield, CT 06109 www.cbs-gisx.com Steve Velardi Connecticut Bus. Systems - CBS (Warehouse)240 Pane Rd Newington, CT 06111 www.cbs-gisx.com Steve Velardi Connecticut Bus. Systems - CBS 134 Capital Drive West Springfield, MA 01089 www.cbs-gisx.com Joe Cunningham Connecticut Bus. Systems - CBS 465 Taylor Street Springfield, MA 01105 www.cbs-gisx.com Joe Cunningham Connecticut Bus. Systems - CBS 931 Jefferson Blvd Warwick, RI 02886 www.cbs-gisx.com Joe Cunningham Integrity One Technologies, Inc.- IOT 2920 Fortune Circle W, Suite C Indianapolis, IN 46241 www.iot-xerox.com Steve Shank Integrity One Technologies, Inc.- IOT 801 N Capitol Avenue Indianapolis, IN 46204 www.iot-xerox.com Steve Shank Integrity One Technologies, Inc.- IOT 2120 High Wickham Place Louisville, KY 40245 www.iot-xerox.com Stephanie Maloney ComDoc, Inc. - COM 8247 Pittsburg Avenue NW North Canton, OH 44720 www.comdoc.com Keith Hanawalt ComDoc, Inc. - COM 9100 South Hills Blvd. (Cleveland)Broadview Hgts, OH 44147 www.comdoc.com Tony Rugar ComDoc, Inc. - COM 9999 Carver Road, Ste 100 Blue Ash, OH 45242 www.comdoc.com Tim Combs ComDoc, Inc. - COM 330 West Spring St, Ste 100 & 140 Columbus, OH 43215 www.comdoc.com David Cathers ComDoc, Inc. - COM (Warehouse)711-713 Hadley Drive (WH)Columbus, OH 43228 www.comdoc.com David Cathers ComDoc, Inc. - COM 55 Amherst Villa Rd Buffalo, NY 14225 www.comdoc.com Eric Smith Capital Busines Systems, Inc.- CBU 2708 Commerce Drive, Unit A Harrisburg, PA 17110 www.capitalbusinessinc.com David Schlomer Conway Technolodgy Group LLC - COP 10 Capitol Street Nashua, NH 03063 www.conwayoffice.com Carl Tourigny Conway Tech Group LLC - COP d/b/a Transco 34 Leighton Road Augusta, ME 04330 www.transcobusiness.com David Palmer Conway Tech Group LLC - COP d/b/a BEU 275 Read Street Portland, ME 04103 www.beu.net David Palmer Capitol Office Solutions, LLC - COS 9065 Guilford Road Columbia, MD 21046 www.cosxs.com MIF Specialist Chicago Office Technology Group, Inc. - COTG 3 Territorial Court Bolingbrook, IL 60440 www.cotg.com Brian McCullough Chicago Office Technology Group, Inc. - COTG 1 East Wacker Dr, #1305 Chicago, IL 60601 www.cotg.com Brian McCullough Chicago Office Technology Group, Inc. - COTG Two Pierce Pl, Ste 12th Floor Itasca, IL 60143 www.cotg.com Brian McCullough Carolina Office Systems - CSS 10506 Bryton Corp Center Dr, Ste 400 Huntersville, NC 28078 www.carolinaos.com Brad Kikendall Carolina Office Systems - CSS 2265 Clements Ferry Rd, Ste 203 Charleston, SC 29492 www.carolinaos.com Brad Kikendall G-Five, Inc. - GFI 297 Garlington Rd, Suite H Greenville, SC 29615 www.gfive.net Justin Wagner Dahill Office Technology Corp-DAH d/b/a Xerox Business Solutions Southwest 8200 IH 10 W, Suite 400 San Antonio, TX 78230 www.dahill.com Bonnie Garza Dahill Office Technology Corp-DAH d/b/a Xerox Business Solutions Southwest 17280 Green Mtn Road, Ste. 130 San Antonio, TX 78247 www.dahill.com Bonnie Garza Dahill Office Technology Corp-DAH d/b/a Xerox Business Solutions Southwest 2100 West Loop South, Ste 1300 Houston, TX 77027 (Galleria)www.dahill.com Bonnie Garza Dahill Office Technology Corp-DAH d/b/a Xerox Business Solutions Southwest 5747 Brittmoore Rd, Suite 100 Houston, TX 77041 (WH)www.dahill.com Bonnie Garza Dahill Office Technology Corp-DAH d/b/a Xerox Business Solutions Southwest 901 S. Mopac Expwy, Ste 595 Austin, TX 78746 www.dahill.com Bonnie Garza Dahill Office Technology Corp-DAH d/b/a Xerox Business Solutions Southwest 11831 Miriam, Unit A-9 (Serv Wh)El Paso, TX 79936 Bonnie Garza Denitech Corporation - DEN 820 W Sandy Lake Rd, Ste 100 Coppell, TX 75019 www.denitech.com Bonnie Garza Dahill Office Technology Corp-DAH d/b/a Xerox Business Solutions Southwest 100 North Mustang Rd. Dock 1 Yukon, OK 73099 www.youronesource.com Thomas Meagher 1073 of 1132 1078 COMPANY / GROUP STREET ADDRESS CITY/STATE/ZIP WEB ADDRESS SALES MGR/VP Eastern Managed Print Network - ECP 1224 W. Genessee St.Syracuse, NY 13204 www.easternmpn.com Steve Wilmarth Eastern Managed Print Network - ECP 111 Grant Avenue Endicott, NY 13760 www.easternmpn.com Steve Wilmarth Eastern Managed Print Network 8 Access Road Colonie (Albany), NY 12205 www.easternmpn.com Steve Wilmarth Elan Marketing, Inc. d/b/a Elan Office Systems 6760 Surrey Street Las Vegas, NV 89119 www.elanoffice.com John Gallegos Electronic Systems - ESI 369 Edwin Drive (Building 1)Virginia Beach, VA 23462 www.esi.net Steve Pitts Electronic Systems - ESI 365 Edwin Dr (Bldg. 2-not publishd)Virginia Beach, VA 23462 www.esi.net Steve Pitts Electronic Systems - ESI 4417 Expressway Dr Virginia Beach, VA 23452 www.esi.net Steve Pitts Electronic Systems - ESI 3727 Challenger Avenue Roanoke, VA 24012 www.esi.net Steve Pitts Electronic Systems - ESI 10406 Lakeridge Parkwy, Ste 1000 Ashland, VA 23055 www.esi.net Steve Pitts TML Enterprises, Inc. - TML 4151 Lafayette Center Dr, Ste 100 Chantilly, VA 20151 www.tml-xerox.com Steve Pitts GDP Technologies, Inc. - GDP 1180 Eisenhower Parkway Macon, GA 31206 www.gadup.com Keith Harper GDP Technologies, Inc. - GDP 4350 Rivergreen Parkway, Ste 100 Duluth, GA 30096 www.gadup.com Keith Harper imageQuest - IQI 11021 E 26th Street N Wichita, KS 67226 www.imagequestks.com Paul Morton imageQuest - IQI 11106 Strang Line Rd, Bldg K Lenexa, KS 66213 www.imagequestks.com Paul Morton Image Technology Specialists, Inc. - ITS 70 Shawmut Road Canton, MA 02021 www.its-xrx.com Randy Baril Lewan & Associates - LEW 1400 South Colorado Blvd.Denver, CO 80222 www.lewan.com Michael Carroll Lewan & Associates - LEW (Warehouse)8530 Concord Center Dr, #400 Englewood, CO 80112 www.lewan.com Michael Carroll Lewan & Associates - LEW 1551-D Mercantile Avenue NE Albuquerque, NM 87107 www.lewan.com Michael Carroll LRI, LLC 1601 SE Gateway Drive, Ste 130 Grimes, Iowa 50111 www.laserresources.com Paul Bronke Merizon Group, Inc - MBM d/b/a Modern Business Machines 620 N. Lynndale Drive Appleton, WI 54914 www.mbm360.com Jason Loker Michigan Office Solutions - MOS 2859 Walkent Drive NW Grand Rapids, MI 49544 www.mos-xerox.com Keith Stewart Michigan Office Solutions - MOS 3101 Technology Blvd, Ste J Lansing, MI 48910 www.mos-xerox.com Keith Stewart Michigan Office Solutions - MOS 40000 Grand River, Ste 500 Novi, MI 48375 www.mos-xerox.com Walter Reynolds Minnesota Office Technology Group - MOTG 5600 Rowland Rd, Ste 205 Minnetonka, MN 55343 www.motg-xerox.com Christopher Reeves Mr. Copy, Inc. - MRC, d/b/a MRC Smart Technology Solutions 5657 Copley Dr.San Diego, CA 92111 www.mrc360.com Charlie Sinnen Mr. Copy, Inc. (Warehouse)5625-5629 Copley Dr San Diego, CA 92111 www.mrc360.com Charlie Sinnen Mr. Copy, Inc. - MRC, d/b/a MRC Smart Technology Solutions 5050 Hopyard Road, Ste 100 Pleasonton, CA 94588 www.mrc360.com Charlie Sinnen Mr. Copy, Inc. - MRC, d/b/a MRC Smart Technology Solutions (Warehouse)21343 Cabot Blvd, Bldg A Hayward, CA 94545 www.mrc360.com Charlie Sinnen Rabbit Office Automation (ROA)904 Weddell Court Sunnyvale, CA 94089 www.roa-usa.com Charlie Sinnen Inland Business Systems, Inc. - IBS 1326 N. Market Blvd, Sacramento, CA 95834 www.igoinland.com Bill Mello Inland Business Systems, Inc. - IBS aka Sierra Office Solutions - SIO 4710 Longley Lane Reno, NV 89502 www.sierraoffice.com Bill Mello Inland Business Systems, Inc. - IBS aka Lucas Business Systems, Inc. - LUC 627 Bitritto Court Modesto, CA 95351 www.lucassystems.com Bill Mello Inland Business Systems, Inc. - IBS aka Lucas Business Systems, Inc. - LUC 2592 Notre Dame Blv Chico, CA 95928 www.lucassystems.com Bill Mello SoCal Office Technologies f/d/b/a MWB Copy Products. - SOC 5700 Warland Drive Cypress, CA 90630 www.socal-office.com Stephanie Bannon Zoom Imaging Solutions - ZIS 4603 W. Jennifer Ave.Fresno, CA 93722 www.zoomcopiers.com Charlie Sinnen Xerox Hawaii - XHI 700 Bishop Street, Ste 1200 Honolulu, HI www.xerox.com Ian Yee MT Business Technologies, Inc. - MTB 1150 National Parkway Mansfield, OH 44906 www.mtbt.com Mark Oswald MT Business Technologies, Inc. - MTB 1205 Corporate Drive Holland, OH 43528 www.mtbt.com Mark Oswald Quality Business Systems - QBS 14432 SE Eastgate Way, Ste 300 Bellevue, WA 98007 www.qbsi-xerox.com Paul Franetovich Quality Business Systems - QBS (Warehouse)7112 S. 212th Street Kent, WA 98032 www.qbsi-xerox.com Paul Franetovich CTX Business Solutions d/b/a Copytronix - CTX 16640 SW 72nd Ave, Bldg 10 Portland, OR 97224 www.ctx-xerox.com Kyle Marvin Boise Office Equipment, Inc. - BOE 330 North Ancestor Place Boise, ID 83704 www.boeweb.com Rob Davis R.K. Dixon Company - RDK 5700 Utica Ridge Road Davenport, IA 52807 www.rkdixon.com Paul Bronke R.K. Dixon Company - RDK 8630 North Allen Road Peoria, IL 61615 www.rkdixon.com Nick Barnes Premier Office Equipment, Inc. - POE 1510 East Olive Street Marshalltown, IA 50158 www.premierofficeequipment.com Nick Barnes 1074 of 1132 1079 COMPANY / GROUP STREET ADDRESS CITY/STATE/ZIP WEB ADDRESS SALES MGR/VP Saxon Business Systems - SAX 14025 NW 60th Avenue Miami Lakes, FL 33014 www.saxon.net Bert LaCalle Saxon Business Systems - SAX 1395 NW 17th Avenue, #107 Delray Beach, FL 33445 www.saxon.net Bert LaCalle Saxon Business Systems - SAX 9150 Phillips Highway, Ste 2 Jacksonville, FL 32256 www.saxon.net Bert LaCalle Stewart Business Systems - STW 6000 Irwin Road, Suite A Mt. Laurel, NJ 08054 www.stewartxerox.com Kathy DiMaggio Stewart Business Systems - STW (Warehouse)3001 Irwin Road, Suite B&C Mt. Laurel, NJ 08054 www.stewartxerox.com Kathy DiMaggio Stewart Business Systems - STW 365 W. Passaic St, Ste 585 Rochelle Park, PA 07662 www.stewartxerox.com Kathy DiMaggio Zeno Office Solutions - ZOS 8701 Florida Mining Blvd Tampa, FL 33634 www.zenosolutions.com Bill Batrow Zeno Office Solutions - ZOS 4525 Vineland Road, Ste 203-204 Orlando, FL 32811 www.zenosolutions.com Bill Batrow 1075 of 1132 1080 1076 of 1132 1081 OMNIA PARTNERS EXHIBITS EXHIBIT F -FEDERAL FUNDS CERTIFICATIONS FEDERAL CERTIFICATIONS ADDENDUM FOR AGREEMENT FUNDED BY U.S. FEDERAL GRANT TO WHOM IT MAY CONCERN: Participating Agencies may elect to use federal funds to purchase under the Master Agreement. This form should be completed and returned. DEFINITIONS Contract means a legal instrument by which a non-Federal entity purchases property or services needed to carry out the project or program under a Federal award. The term as used in this part does not include a legal instrument, even if the non-Federal entity considers it a contract , when the substance of the transaction meets the definition of a Federal award or subaward Contractor means an entity that receives a contract as defined in Contrac t. Cooperative agreement means a legal instrument of financial assistance between a Federal awarding agency or pass-through entity and a non-Federal entity that , consistent with 31 U.S.C. 6302-6305 : (a) Is used to enter into a relationship the principal purpose of which is to transfer anything of value from the Federal awarding agency or pass-through entity to the non-Federal entity to carry out a public purpose authorized by a law of the United States (see 31 U.S.C. 6101(3)); and not to acquire property or services for the Federal government or pass-through entity's direct benefit or use; (b) Is distinguished from a grant in that it provides for substantial involvement between the Federal awarding agency or pass-through entity and the non-Federal entity in carrying out the activity contemplated by the Federal award. (c) The term does not include : (1) A cooperative research and development agreement as defined in 15 U.S.C. 371 0a ; or (2) An agreement that provides only : (i) Direc t United States Government cash assistance to an individual ; (ii) A subsidy ; (iii) A loan ; (iv) A loan guarantee ; or (v) Ins urance . Federal awarding agency means the Federal agency that provides a Federal award directly to a non-Federal entity Federal award has the meaning, depending on the context, in either paragraph (a) or (b) of this section: (a)(1) The Federal financ ial assistance that a non-Federal entity receives directly from a Federal awarding agency or indirectly from a pass-through entity , as described in § 200 .101 App licability ; or (2) The cost-reimbursement contract under the Federal Acquisition Regulations that a non-Federal entity receives directly from a Federal award ing agency or indirectly from a pass-through entity , as described in § 200 .101 Applicability. (b) The ins trume nt setting forth the te rms and conditions. The instrument is the grant agreement , cooperative agreement, other agreement for assistance covered in paragraph (b) of§ 200.40 Federal financial assistance , or the cost-reimbursement contract awarded under the Federal Acquisition Regulations. (c) Federal award does not include other co ntracts that a Federal agency uses to buy goods or services from a contractor or a contract to operate Federal government owned , contractor operated facilities (GOCOs ). (d) See also definitions of Federal fina nc ia l assistance , grant agreement , and cooperative agreement. Non-Federal entity means a state , loca l government, Indian tribe , institution of higher education (IHE), or nonprofit organization that carries out a Federal award as a recipient or subrecipient. Nonprofit organization means any corporation , trust , association , cooperative, or other organization , not including IHEs, that: (a) Is operated primarily for scientific , educational, service , charitable , or similar purposes in the public interest; (b) Is not organized primarily for profit; and Requirements for National Cooperative Contract Page 21 of 44 1077 of 1132 1082 OMNIA PARTNERS EXHIBITS EXHIBIT F -FEDERAL FUNDS CERTIFICATIONS (c) Uses net proceeds to maintain , improve, or expand the operations of the organization . Obligations means, when used in connection with a non-Federal entity 's utilization of funds under a Federal award, orders placed for property and services , contracts and subawards made, and similar transactions during a given period that require payment by the non-Federal entity during the same or a future period . Pass-through entity means a non-Federal entity that provides a subaward to a subrecipient to carry out part of a Federal program. Recipient means a non-Federal entity that receives a Federal award directly from a Federal awarding agency to carry out an activity under a Federal program. The term recipient does not include subrecipients. Simplified acquisition threshold means the dollar amount below which a non-Federal entity may purchase property or services using small purchase methods. Non-Federal entities adopt small purchase procedures in order to expedite the purchase of items costing less than the simplified acquisition threshold. The simplified acquisition threshold is set by the Federal Acquisition Regulation at 48 CFR Subpart 2.1 (Definitions) and in accordance with 41 U.S.C. 1908. As of the publication of this part , the simplified acquisition threshold is $150 ,000 , but this threshold is periodically adjusted for inflation. (Also see definition of§ 200 .67 Micro -pur chase.) Subaward means an award provided by a pass-through entity to a subrecipient for the subrecipient to carry out part of a Federal award received by the pass -thro ugh entity . It does not include payments to a contractor or payments to an individual that is a beneficiary of a Federal program. A subaward may be provided through any form of legal agreement , including an agreement that the pass-through entity considers a contract. Subrecipient means a non-Federal entity that receives a subaward from a pass-through entity to carry out part of a Federal program; but does not include an individual that is a beneficiary of such program. A subrecipient may also be a recipient of other Federal awards directly from a Federal awarding agency . Termination means the ending of a Federal award, in whole or in part at any time pr ior to the planned end of period of performance. The following certifications and provisions may be required and apply when Participating Agency expends federal funds for any purchase resulting from this procurement process . Pursuant to 2 C.F.R. § 200 .326 , all contracts, including smal l purchases , awarded by the Participating Agency and the Participating Agency's subcontractors shall contain the procurement provisions of Appendix II to Part 200 , as applicable . APPENDIX II TO 2 CFR PART 200 (A) Contracts for more than the simplified acquisition threshold currently set at $150,000, which is the inflation adjusted amount determined by the Civilian Agency Acquisition Council and the Defense Acquisition Regulations Council (Councils) as authorized by 41 U.S.C. 1908, must address administrative, contractual, or legal remedies in instances where contractors violate or breach contract terms, and provide for such sanctions and penalties as appropriate. Pursuant to Federal Rule (A) above, when a Participating Agency expends federal funds , the Participating Agency reserves all rights and privileges under the app licable laws and regulations with respect to this procurement in the event of breach of contract by either party . ~ Does offeror agree? YES __ cp_-n-:'----------------lnitials of Authorized Representative of offeror (B) Termination for cause and for convenience by the grantee or subgrantee including the manner by which it will be effected and the basis for settlement. (All contracts in excess of $10,000) Pursuant to Federal Rule (B) above , when a Participating Agency expends federal funds , the Participating Agency reserves the right to ~y. terminate any agreement in excess of $10 ,000 resulting from this procurement process in the event of a breach or default of the agreeme t y ror as detailed in the terms of the contract. Does offeror agree? YES --+---+-~------------Initials of Authorized Representative of Requirements for National Cooperative Contract Page 22 of 44 1078 of 1132 1083 offeror OMNIA PARTNERS EXHIBITS EXHIBIT F -FEDERAL FUNDS CERTIFICATIONS (C) Equal Employment Opportunity. Except as otherwise provided under 41 CFR Part 60, all contracts that meet the definition of "federally assisted construction contract" in 41 CFR Part 60-1.3 must include the equal opportunity clause provided under 41 CFR 60-1.4(b), in accordance with Executive Order 11246, "Equal Employment Opportunity" (30 CFR 12319, 12935, 3 CFR Part, 1964-1965 Comp., p. 339), as amended by Executive Order 11375, "Amending Executive Order 11246 Relating to Equal Employment Opportunity," and implementing regulations at 41 CFR part 60, "Office of Federal Contract Compliance Programs, Equal Employment Opportunity, Department of Labor." Pursuant to Federal Rule (C} above , when a Participating Agency expends federal funds on any federally assisted construction contract , the equa l opportunity clause is incorporated by r~~re~ herein. Does offeror agree to abide by the above? YES t1_1 Initials of Authorized Representative of offerer (D) Davis-Bacon Act, as amended (40 U.S.C. 3141-3148). When required by Federal program legislation, all prime construction contracts in excess of $2,000 awarded by non-Federal entities must include a provision for compliance with the Davis-Bacon Act (40 U.S.C. 3141-3144, and 3146-3148) as supplemented by Department of Labor regulations (29 CFR Part 5, "Labor Standards Provisions Applicable to Contracts Covering Federally Financed and Assisted Construction"). In accordance with the statute, contractors must be required to pay wages to laborers and mechanics at a rate not less than the prevailing wages specified in a wage determination made by the Secretary of Labor. In addition, contractors must be required to pay wages not less than once a week. The non-Federal entity must place a copy of the current prevailing wage determination issued by the Department of Labor in each solicitation. The decision to award a contract or subcontract must be conditioned upon the acceptance of the wage determination. The non • Federal entity must report all suspected or reported violations to the Federal awarding agency. The contracts must also include a provision for compliance with the Copeland "Anti-Kickback" Act (40 U.S.C. 3145), as supplemented by Department of Labor regulations (29 CFR Part 3, "Contractors and Subcontractors on Public Building or Public Work Financed in Whole or in Part by Loans or Grants from the United States"). The Act provides that each contractor or subrecipient must be prohibited from inducing, by any means, any person employed in the construction, completion , or repair of public work, to give up any part of the compensation to which he or she is otherwise entitled. The non-Federal entity must report all suspected or reported violations to the Federal awarding agency. Pursuant to Federal Rule (D) above , when a Participating Agency expends federal funds during the term of an award for all contracts and subgrants for construction or repair , offeror will be in compliance with all applicable Davis-Bacon Act provisions. Does offeror agree? YES fP{(' In itials of Authorized Representative of offeror (E) Contract Work Hours and Safety Standards Act (40 U.S.C. 3701-3708). Where applicable, all contracts awarded by the non-Federal entity in excess of $100,000 that involve the employment of mechanics or laborers must include a provision for compliance with 40 U.S.C. 3702 and 3704, as supplemented by Department of Labor regulations (29 CFR Part 5). Under 40 U.S.C. 3702 of the Act, each contractor must be required to compute the wages of every mechanic and laborer on the basis of a standard work week of 40 hours. Work in excess of the standard work week is permissible provided that the worker is compensated at a rate of not less than one and a half times the basic rate of pay for all hours worked in excess of 40 hours in the work week. The requirements of 40 U.S.C. 3704 are applicable to construction work and provide that no laborer or mechanic must be required to work in surroundings or under working conditions which are unsanitary, hazardous or dangerous. These requirements do not apply to the purchases of supplies or materials or articles ordinarily available on the open market, or contracts for transportation or transmission of intelligence. Pursuant to Federal Rule (E) above , when a Participating Agency expends federal funds , offerer certifies that offeror will be in compliance with all applicable provisions of the Contract Work Hours and Safety Standards Act during the term of an award for all contracts by Participating Agency res lting from this procu remen t process. Does offerer agree? YES ___ _..,;f--"'lf-+-------------lnitials of Authorized Representative of offeror (F) Rights to Inventions Made Under a Contract or Agreement. If the Federal award meets the definition of "funding agreement" under 37 CFR §401.2 (a) and the recipient or subrecipient wishes to enter into a contract with a small business firm or nonprofit organization regarding the substitution of parties, assignment or performance of experimental, developmental, or research work under that "funding agreement," the recipient or subrecipient must comply with the requirements of 37 CFR Part 401, "Rights to Inventions Made by Nonprofit Organizations and Small Requirements for National Cooperative Contract Page 23 of 44 1079 of 1132 1084 OMNIA PARTNERS EXHIBITS EXHIBIT F -FEDERAL FUNDS CERTIFICATIONS Business Firms Under Government Grants, Contracts and Cooperative Agreements," and any implementing regulations issued by the awarding agency. Pursuant to Federal Rule (F} above, when federal funds are expended by Participating Agency , the offeror certifies that during the term of an award for all contracts by Participating Agency resulting from this procurement process , the offeror agrees to comply with all applicable requirements !-?:need in Federal Rule (F) above . Does offeror agree? YES C!!/1-Initials of Authorized Representative of offeror (G) Clean Air Act (42 U.S.C. 7401-7671q.) and the Federal Water Pollution Control Act (33 U.S.C. 1251-1387), as amended-Contracts and subgrants of amounts in excess of $150,000 must contain a provision that requires the non- Federal award to agree to comply with all applicable standards, orders or regulations issued pursuant to the Clean Air Act (42 U.S.C. 7401-7671q) and the Federal Water Pollution Control Act as amended (33 U.S.C. 1251-1387). Violations must be reported to the Federal awarding agency and the Regional Office of the Environmental Protection Agency (EPA) Pursuant to Fede ral Rule (G} above , when federal funds are expended by Participating Agency, the offeror certifies that during the term of an award for all contracts by Participating Agency member resulting from this procurement process , the offerer agrees to comply with all applicable requirements as referenced in Federal Rule (G} above . Does offerer agree? YES ~ Initials of Authorized Representative of offerer (H} Debarment and Suspension (Executive Orders 12549 and 12689)-A contract award (see 2 CFR 180.220) must not be made to parties listed on the government wide exclusions in the System for Award Management (SAM), in accordance with the Executive Office of the President Office of Management and Budget (0MB) guidelines at 2 CFR 180 that implement Executive Orders 12549 (3 CFR part 1986 Comp., p. 189) and 12689 (3 CFR part 1989 Comp., p. 235), "Debarment and Suspension." SAM Exclusions contains the names of parties debarred, suspended, or otherwise excluded by agencies, as well as parties declared ineligible under statutory or regulatory authority other than Executive Order 12549. Pursuant to Federal Rule (H) above , when federal funds are expended by Participating Agency, the offeror certifies that during the term of an award for all contracts by Participating Agency resulting from this procurement process , the offeror certifies that neither it nor its principals is presently debarred, suspended , proposed for debarment , declared ineligible , or voluntarily excluded from participa ti on by any federa l department or agency . If at any time during the term of an award the offerer or its principals becomes debarred , suspended , proposed for debarment, declared inelig ible, or voluntar ily excluded from participation by any federal department or agency , the offeror will notify the Participating Agency . Does offerer agree? YES ~ Initials of Authorized Representative of offerer (I) Byrd Anti-Lobbying Amendment (31 U.S.C. 1352)-Contractors that apply or bid for an award exceeding $100,000 must file the required certification. Each tier certifies to the tier above that it will not and has not used Federal appropriated funds to pay any person or organization for influencing or attempting to influence an officer or employee of any agency, a member of Congress, officer or employee of Congress, or an employee of a member of Congress in connection with obtaining any Federal contract, grant or any other award covered by 31 U.S.C. 1352. Each tier must also disclose any lobbying with non-Federal funds that takes place in connection with obtaining any Federal award. Such disclosures are forwarded from tier to tier up to the non-Federal award. Pursuant to Federal Rule (1) above, when federal funds are expended by Participating Agency , the offeror cer tifies that during the term and after the awarded term of an award for all contracts by Participating Agency resu lting from this procurement process, the offerer cer tifies that it is in compliance with all app licable provisions of the Byrd Anti-Lobbying Amendment (31 U.S.C. 1352}. The undersigned further certifies tha t (1} No Federa l appropriated funds have been pa id or will be paid for on beha lf of the undersigned , to any person for influencing or attempting to influence an officer or employee of any agency , a Member of Congress , an officer or employee of congress , or an employee of a Member of Congress in connection with the awarding of a Federa l contract , the making of a Federal gran t, the mak ing of a Federal loan, the entering into a cooperative agreement , and the extension , continuation , renewal , amendmen t, or modifica tion of a Federa l contract , grant, loan , or cooperative agreement. (2) If any funds other than Federal appropriated funds have been pa id or will be paid to any person for influencing or attempting to influence an officer or employee of any agency , a Member of Congress, an officer or employee of congress , or an employee of a Member of Congress in connection with this Federal grant or cooperative agreement , the undersigned shall Requirements for National Cooperativ e Contract Page 24 of 44 1080 of 1132 1085 OMNIA PARTNERS EXHIBITS EXHIBIT F-FEDERAL FUNDS CERTIFICATIONS complete and submit Standard Form-LLL, "Disclosure Form to Report Lobbying", in accordance with its inst ructions . (3) The undersigned shall require that the language of this certification be included in the award documents for all covered sub-awards exceeding $100 ,000 in Federal funds at all appropriate tiers and that all subrecipients shall certify and disclose accordingly. ~ Does offeror agree? YES ___ ~~·~ _____________ Initials of Authorized Representative of offeror RECORD RETENTION REQUIREMENTS FOR CONTRACTS INVOLVING FEDERAL FUNDS When federal funds are expended by Participating Agency for any contract resulting from this procurement process, offeror certifies that it will comply with the record retention requirements detailed in 2 CFR § 200.333 . The offeror further certifies that offeror will retain all records as required by 2 CFR § 200.333 for a period of three years after grantees or subgrantees submit final expenditure reports or quarterly or annual financial reports, as applicable , and all other pending matters are closed . Does offeror agree? YES _____ _,,_,,__ __________ Initia ls of Authorized Representative of offeror CERTIFICATION OF COMPLIANCE WITH THE ENERGY POLICY AND CONSERVATION ACT When Pa rticipa ting Agency expends federal funds for any contract resulting from this procurement process , offeror ce rtifi es that it will comply with the mandatory standards and policies relating to energy efficiency which are contained in the state energy conservation plan issued in compliance wit he Energy Policy and Conservation Act (42 U.S.C . 6321 et seq .; 49 C.F.R. Part 18). Does offeror agree? YES _________________ Initia ls of Authorized Representative of offeror CERTIFICATION OF COMPLIANCE WITH BUY AMERICA PROVISIONS To the extent purchases are made with Federal Highway Administration , Federal Railroad Administration , or Federa l Transit Administration funds, offeror certifies that its products comp ly with all applicable provisions of the Buy America Act and agrees to provide such certification or applicable wa iver with respect to specific products to any Participating Agency upon request. Purchases made in accordance with the Buy America Act must still follow the applicable procurement rules calling for free and open competition . ~ Does offeror agree? YES _~Lf-!--'--+ ______________ lnitials of Author ized Representative of offeror CERTIFICATION OF ACCESS TO RECORDS-2 C.F.R. § 200.336 Offeror agrees that the Inspector General of the Agency or any of their du ly authorized representatives shall have access to any documents, papers , or other records of offeror that are pertinent to offeror 's discharge of its obligations under the Contract for the purpose of maKing audits , examinations, excerpts , and transcriptions . The right also includes timely and reasonable access to offeror 's personnel for the purp e o · terview and discussion relating to such documents. Does offero r agree? YES __ 1---11-+--------------lnitials of Authorized Representative of offeror CERTIFICATION OF APPLICABILITY TO SUBCONTRACTORS Offeror agrees that all contracts it a rsuant to the Contract shall be bound by the foregoing terms and conditions . Does offeror agree? YES __ -+---+-+--------------Initials of Authorized Representative of offeror Offeror agrees to comply with all federal, state, and local laws, rules, regulations and ordinances, as applicable. It is further acknowledged that offeror certifies compliance with all provisions, laws, acts , regulations, etc. as specifically noted above. Offeror's Name : Address, City , State, and Zip Code: 1-, Requirements for National Cooperative Contract Page 25 of 44 1081 of 1132 1086 OMNIA PARTNERS EXHIBITS EXHIBIT F -FEDERAL FUNDS CERTIFICATIONS Phone Number : __ 1__.f...::...{)_--_i-,_~_f_-_.:r:_t_:_·-;,__~_(; __ Fax Number: Printed Name and Title of Autho!:,if~d , _ ; ,/('_ ./,"' , , r; /J _ . 1 · A-• -h if-/41#/'->r_pt.. Representative : J:,lfCA11t'-,e,,, Jov,<-.5 / vl!-A-e t'-1 ~[) ~'M f-f.UJ'I vz.t-, ~11, V?.Lr-,r Email Address : I 1rvfi 1t,,vl, :;-;~ _s €> 'KR yZ X . eo YY"- Signature of Authorized Representative: ~ ~ ~ Date : ~ ~/vz.,o /~ r -Y1c...=...+,---- Requirements for National Cooperative Contract Page 26 of 44 1082 of 1132 1087 XEROX CORPORATION Certificate of Secretary I, Douglas H. Marshall, Secretary of Xerox Corporation , a New York corporation (the "Company"), DO HEREBY CERTIFY that: 1. The following is a true and correct copy of an excerpt from a reso lution duly adopted at a meeting of the Board of Directors of the Company duly held and convened on December 7 , 2011 , at which meeting a duly constituted quor-um of the Board of Directors was present and acting throughout and that such resolu t ion has not been modi f ied , rescinded or revoked and is at present in full force and effect: RESOLVED: that ... the President , any Vice President, the Treasurer, the Controller and any Manager or Director of any group , division or depart-ment of th e Co mpany , be , and each of them severally is , empowered to (i) execute and deliver in the name and on behalf of the Company all agree-men ts, contracts , bids , instruments of conveyance or encumbrance , leas-es , bonds , consents, certificates (including any non-col lusion ce rtificates requ ired by any governmental entity, departm e nt , agency or official), re-leases , powers of attorney and other docume nts which may be necessary or desirable in and relating to the ordi nary conduct of the bus iness of the g roup , division o r department which he serves in that capacity (all of the foregoi ng co llecti vely referre d to as "Ag reements") (ii) perform under agreements or cause to be performed , the Com pany 's obligations under all such Agreements ; and (ii i) from time to t ime deleg ate their authority under th is resolution to such employees of the Comp any and subject to s uch terms , conditions and limitations as they det ermine to be advisable , the execut ion and delivery of any such de legation to be conclusive evi-dence of such determination. 2 . Jo a nn e Lev y is as of th e date he reof Accou nt Gene ra l Ma nager, New York City, New Je rsey and Pen nsy lva ni a, in t he Publ ic Sect o r Cen ter of Exce l-lence , North America Operations , of the Company and is authorized to act under the above resolution. IN WI T NESS WHEREOF , the undersigned has executed this Certificate and af-fixed the corpo rate seal of the Company hereto as of the 20 th day of May, 2019 . .... •··· '' . .' .. ' .. ''' •' vv: .·"'_.()', C . (), ... V .J I .-·_.,"'-l[SF AL] ·•--,~, -.... r - ······· Douglas H . Marshall Secretary 1083 of 1132 1088 OMNIA PARTNERS EXHIBITS EXHlBIT G-NEW JERSEY BUSINESS COMPLIANCE NEW JERSEY BUSINESS COMPLIANCE Suppliers intending to do business in the State of New Jersey must comply with policies and procedures required under New Jersey statues. All offerors submitting proposals must complete the following forms specific to the State of New Jersey. Completed forms should be submitted with the offeror's response to the RFP. Failure to complete the New Jersey packet will impact OMNIA Partners's ability to promote the Master Agreement in the State of New Jersey. DOC#l DOC #2 DOC#3 DOC#4 DOC#5 DOC#6 DOC#7 Ownership Disclosure Form Non-Collusion Affidavit Affirmative Action Affidavit Political Contribution Disclosure Form Stockholder Disclosure Cetiification Certification of Non -Involvement in Prohibited Activities in Iran New Jersey Business Registration Ce1iificate New Jersey suppliers are required to comply with the following New Jersey statutes when applicable : • all anti-discrim ination laws, including those contained in N.J.S.A. I 0:2-1 through N.J.S.A. I 0:2 -14 , N.J .S .A. 10:5-1 , and N.J.S.A. 10:5-31 through 10:5 -38; • Prevailing Wage Act, N.J .S.A . 34: 11-56.26, for all contracts within the contemplation of the Act; • Public Works Contractor Registration Act, N .J .S.A. 34: 11-56.26; and • Bid and Performance Security, as required by the applicable municipal or state statutes. Requirements for National Cooperative Contract 1084 of 1132 1089 DOC #1 OMNIA PARTNERS EXHIBITS EXHIBIT G-NEW JERSEY BUSINESS COMPLIANCE OWNERSHIP DISCLOSURE FORM (N.J.S. 52:25-24.2) Pw-suant to the requirements of P.L. 1999 , Chapter 440 effective April l 7, 2000 (Local Public Contracts Law), the offeror shall complete the form attached to these specifications listing the persons owning I 0 percent (10%) or more of the finn presenting the proposal. Company Name: Xerox Corporation Street: 201 Merritt 7 City, State, Zip Code: Norwalk, CT 06851 Complete as appropriate: I , certify that I am the sole owner of ________________ ____,, that there are no partners and th e business is not incorporated, and the provisions of N.JS. 52:25-24.2 do not apply. OR: I , a partner in ____________ ~• do hereby certify that the following is a list of all individual partners who own a 10% or greater interest therein. I further certify that if one (1) or more of the partners is itself a corporation or partnership, there is also set forth the names and addresses of the stockholders holding I 0% or more of that corporation's stock or the individual partners owning 10% or greater interest in that partnership. OR: I, Douglas H. Marshall, an authorized r epresentative of Xerox Corporation, a corporation, do hereby certify that th e following is a list of th e names and addresses of all stockholders in th e corporation who own 10% or more of its stock of any class. !further certify that if one (1) or more of such stockholders is itself a corporation or partnership, that th e re is also set forth the names and addresses of the stock- holders holding I 0% or more of the corporation's stock or the individual partners owning a 10% or greater interest in that partnership. (Note : iriformation is as of December 31 , 2019) (Note: If there are no partners or stockholders owning 10% or more interest, indicate none.) Name Address Interest Carl C. Icahn The Vanguard Group, Inc. c/o Icahn Capital LP 767 Fifth Avenue, Suite 4700 New York, NY 10153 100 Vanguard Blvd. Malvern, PA 19355 10.99% 10.32% Ifitrther certify that the statements and iriformation contained herein, are complete and correct to th e best of my knowledge and be li ef May 8, 2020 Date Authorized Signature and Title Requirements for National Cooperative Contract Secretwy 1085 of 1132 1090 OMNIA PARTNERS EXHIBITS EXHIBIT G-NEW JERSEY BUSINESS COMPLIANCE DOC#2 NON-COLLUSION AFFIDAVIT Company Name: ---'~----'---------L/_,___&_71-...,_,_:_· GIV14}_,_}j_lZJ_}IV ___ _ Street: d-PI #/.err ; ff 7- City, State, Zip Code: /J1JYt,11!lif-, Lt ()~ fO j ~ , State of _ ___,_/J.-----,.,,·_:'Vvv=----_ --~-~---~--/----1---------~ County of bu de/kw L Jo ~n~ )._0v y ofthe_M_· _tlo_J_k_~-+-fe_. ______ _ Name T City in the County of /11 t j c( /e_s ~ , State of -(--"-~------9'------o f full age, being duly sworn according to law on my oath depose and say that: lam the &~ ~«.~~fthefirmof~J@~~--·t:_~_7 -+rJ_Q/}_~_-t/1,.:-....__· __ _ fule Y CJlnpany Name the Ojferor making the Proposal for the goods, services or public work spec[fied under the attached proposal, and that I executed the said proposal with full authority to do so; that said Offeror has not directly or indirectly entered into any agreement, participated in any collusion, or otherwise taken any action in restraint of free, competitive bidding in connection with the above proposal, and that all statements contained in said proposal and in this affidavit are true and correct; and made with full knowledge that relies upon the truth of the statements contained in said proposal and in the statements contained in this affidavit in awarding the contract for the said goods, services or public work. I further warrant that no person or selling agency has been employed or retained to solicit or secure such contract upon an agreement or understanding for a commission , percentage, brokerage or contingent fee , except bona fide employees or bona fide established commercial or selling agencies maintain ed by , ~✓ 4:7,,,~ bh \/i2tjµ::T,' Company Name Subscribed and sworn before me II ' ·t-1,,, this ~ day of~-------' 20 2-_o TERRENCE HORSLEY NOTARY PUB LIC STAT E OF NEW JERSEY ID# 22 29180 MY COMM ISSI ON EXPIRES SEPTEMBER 2, 2024 Requirements for National Cooperative Contract 1086 of 1132 1091 DOC#3 Company Name: Street: City, State, Zip Code: Proposal Certification: OMNIA PARTNERS EXHIBITS EXHIBIT G-NEW JERSEY BUSINESS COMPLIANCE AFFIRMATIVE ACTION AFFIDAVIT (P.L. 1975, C.127) SEAL Indicate below company's compliance with New Jersey Affirmative Action regulations. Company's proposal will be accepted even if company is not in compliance at this time. No contract and /or purchase order may be issued, however, until all Affirmative Action requirements are met. Required Affirmative Action Evidence: Procurement, Professional & Service Contracts (Exhibit A) Vendors must submit with proposal: 1. A photo copy of their Federal Letter of A ffirmative Action Plan Approval OR G photo copy of their Certificate of E mployee Information Report OR 3. A complete Affirmative Action E mployee Information Report (AA302) Public Work -Over $50,000 Total Project Cost: A . No approved Federal or New Jersey Affirmative Action Plan. We will complete Report Form AA201-A upon receipt from the B. Approved Federal or New Jersey Plan -ce1tificate enclosed I.further certify that the statements and information contained herein , are complete and correct to the best of my knowledg e and belief .5/1, /2oto 1Date itle Requirements for National C ooperative Contract 1087 of 1132 1092 DOC #3, continued OMNIA PARTNERS EXHIBITS EXHIBIT G-NEW JERSEY BUSINESS COMPLIANCE P.L. 1995, c. 127 (N.J.A.C. 17:27) MANDATORY AFFIRMATIVE ACTION LANGUAGE PROCUREMENT, PROFESSIONAL AND SERVICE CONTRACTS During the performance of this contract, the contractor agrees as follows: The contractor or subcontractor, where applicable, will not discriminate against any employee or applicant for employment because of age, race , creed , color, nationa l origin, ancestry , marital status, sex, affectional or sexual orientation. The contractor will take affirmative action to ensure that such applicants are recruited and employed, and that employees are treated during emp loyment, without regard to their age, race, creed, color, national origin, ancestry, marital status, sex, affectional or sexual or ientation. Such action shall include, but not be limited to the following: employment, upgrading, demotion , or transfer; recruitment or recruitment advertising; layoff or termination; rates of pay or other forms of compensation; and selection for training, including apprenticeship. The contractor agrees to post in conspicuous places, available to employees and applicants for emp loyment, notices to be provided by the Public Agency Compliance Officer setting forth provisions of this non-discrimination clause. The contractor or subcontractor, where applicab le will , in all solicitations or advertisement for employees placed by or on behalf of the contractor, state that all qualified app licants will receive consideration for employment without regard to age , race , creed, color, national origin, ancestry, marital status, sex, affectional or sexual orientation. The contractor or subcontractor, where applicable , will send to each labor union or representative of workers with which it has a collective bargaining agreement or other contract or understanding, a notice, to be provided by the agency contracting officer advising the labor union or workers' representative of the contractor's commitments under this act and shall post copies of the notice in conspicuous pl aces available to employees and applicants for employment. The contractor or subcontractor, where applicable, agrees to comply with any regulation s promulgated by the Treasurer pursuant to P.L. 1975 , c . 127, as amended and s upplemented from time to time and the Americans with Disabilities Act. The contractor or subcontracto r agrees to attempt in good faith to employ minority and female workers trade consistent with the applicable county employment goal prescribed by N .J.A.C. 17 :27 -5 .2 promulgated by the Treasurer pursuant to P.L. 1975, C .127, as amended and supplemented from time to time or in accordance with a binding determination of the applicable county employment goals determined by the Affirmative Action Office pursuant to N.J .A.C. 17:27-5.2 promulgated by the Treasurer pursuant to P.L. 19 75, C.127 , as amended an d supplemented from time to time. The contractor or subcontractor agrees to inform in writ ing appropriate recruitment agencies in the area, including employment agencies, placement bureaus , colleges , univers ities , labor unions , that it does not discriminate on the basi s of age, creed , color, national origin, ancestry , marital status , sex, affectional or sexual orientation, and that it will discontinue the use of any recruitment agency which engages in direct or indirect discriminatory practices. The contractor or subcontractor agrees to revise any of it testing procedures , if necessary, to assure that all personnel testing conforms with the principl es of job-related testing, as established by the statutes and court decisions of the state of New Jersey and as established by applicable Federal law and applicable Federal court decisions. The contractor or subcontractor agrees to review all procedures relating to transfer , upgrading, downgrading and lay-off to ensure that all such actions are taken without regard to age, creed, color, national origin, ancestry, marital status, sex, affectional or sexual orientation , a nd conform with the applicable employment goals, consistent with the statutes and court deci sions of the State of New Jersey , and applicable Federal law and applicable Federal court decisions . The contractor and it s subcontractors shall furnish such reports or other documents to the Affirmative Action Office as may be requested by the office from t im e to time in order to carry out the purposes of these regulations, and public agencies shall furnish such information as may be requested by the Affirmative Action Office for conducting a compliance investigation pursuant to Subchapter 10 of the Admi nistrative Code (NJAC 17:27). Requirements for National Cooperative Contract 1088 of 1132 1093>, -Certification 1160 • ',.. z , . ii.._ ' .,, CERTIFl&ftlfiAPf EMPLOYE~ INFORMATION REPORT .,,,,~~ -~ This is to certify that the contractor liste Q1MhJtt~m~Jd~·~1oyee lnfonnation Report pursuant to N.J.A.C. 17:27-1.1 et. seq. and th_:_ erteasure./:,.haSj! Pfr~11e-a-'~'q~~ort. This approval will remain in effect for the period of 15 201_? ... • _ to 15~ 2022 f ' ~-·. ~~--••• ) (-.. -~.--'-.": "I . I l .. ~ • ~ l\... -i 1,.,. . . \ _,. ' I'-:'\ • . r • ({ • .._ • ·, c: . -..,. ';'...:. • - . w ' .. , ✓ ~, l. J ~ ~, ,;\I .. 41 · -• t .r ~ '·'If ,, • •• 1" ,. • 1,i ..... ,, •~. ~ ;:::; l.;:·,..A•~ .~ i..•J I;) ~ , .. ,~\f ~,,. !:t,· XEROX CORPORATION \~-r;1(':'. .. , --17 '. : 1~ 10 WOODBRIDGE CENTER DR.~~-.?_t','. ~ . .1 • r • WOODBRIDGE NJ 07~·ri~~~f'.II~ •• ::;~ ' '"="-'~ ~ -t • ,,.,. ~~ ~.~ I .:s u ' ' H:; ' ~ ..,. , .. _ ' . 1.·...--~· ~.~ Ji .. ' '' " . . i .•,._.-ti.-'.n .;11 .. t ":· ""' f ~. ,'7 •:· ~ ' -,,,,/', ~ ~ ~-~ ELIZABETH MAHER MUOIO State Treasurer :..f .:. . ' 1089 of 1132 1094 DOC#4 OMNIA PARTNERS EXHIBITS EXHIBIT G-NEW JERSEY BUSINESS COMPLIANCE C. 271 POLITICAL CONTRIBUTION DISCLOSURE FORM Public Agency Instructions This page provides guidance to pub lic agencies entering into contracts with bus i ness entities that are required to fi le Political Contribution D isclosure forms with the agency. It is not intended to be provided to contractors . What fol lows are instructions on the use of form local un its can provide to contractors that are required to disc lose political contributions pursuant to N.J.S.A. l 9:44A-20 .26 (P.L. 2005 , c. 271 , s.2). Additional information on the process is available in Local F inance Notice 2006-1 (http ://www.nj .gov/dca/divisions/dlgs/resources/lfns 2006.htm l). P lease refer back to these instructions for the appropriate links , as the Loca l Finance Notices inc lude links that are no longer operational. 1. The disclosure is required for al l contracts in excess o f $ I 7,500 that are not awarded pursuant to a "fair and open" process (N.J .S.A. 19:44A-20.7). 2. Due to the potential length of some contractor submissions , the public agency should consider allowing data to be s ubmitted in electronic form (i .e., spreadsheet, pdffile, etc.). Submissions must be kept with the contract documents or in an appropriate computer file and be availab le for public access. The form is worded to accept this alternate submission. The text s hould be amended if e lectronic submission w ill not be allowed . 3. The submiss ion must be received from the contractor and on file at least IO days prior to award of the contract. Resolut ions of award should reflect that the disclosure has been received and is on fi le . 4. The contractor must di sc lo se contribut ions made to candidate and party committees covering a wide range of public agencies, including all public agencies that have elected official s in the county of the public agency, state legislative positions , and various state entities . The Division of Local Government Services recommends that contractors be provided a list of the affected agencies. This will assist contractors in determining the campaign and political committees of the officials and candidates affected by the di s closure. a. The Division has prepared model disc losure forms for each county. They can be downloaded from the "County PCD Forms" link on the Pay-to-Play web site at http ://www.nj.gov/dca/divisions/dlgs/programs/lpc1.html #12 . T hey will be updated from time-to-time a s necessary. b . A pub lic agency using these form s should edit them to properly reflect the correct legislative district(s). As the forms are county-based , they list all legislative districts in each county. Districts that do not represent the public agency should be removed from the lists . c. Some contractors may find it eas ier to provide a single list that covers all contributions, regardle s s of the county . These submission s are appropriate and should be accepted . d . The form may be used "as-i s", s ubject to edits as described herein . e . The "Contractor Instructions" sheet is intended to be provided with the form. It is recommended that the Instructions and the form be printed on the sa me piece of paper. The form notes that the Instruct ions are printed on the back of the form ; where that is not the case, the text should be edited accordingly. f. The form is a \Vord document and can be edited to meet loc a l need s, and posted for download on web sites, used as an e-mail attachment, or provided as a printed document. 5. It is recommended that the contractor al so complete a "Stockholder Disclosure Certification." This will assist the local unit in its ob ligation to ensure that contractor did not make any prohibited contributions to the committees listed on the Business Entity Disclosure Certification in the 12 months prior to the contract (See Local Finance Notice 2006 -7 for additional information on this obligation at http ://www.nj .gov/dca/divisions/dlgs/resources/lfns 2006 .html ). A sample Certification form is part o f this package and the instruction to complete it is inc luded in t he Contractor Instructions . N OTE: T his section is not applicable to Boards of Education. Requirements for National Cooperative Contract 1090 of 1132 1095 OMNIA PARTNERS EXHIBITS EXHIBIT G-NEW JERSEY BUSINESS COMPLIANCE Doc #4, continued C. 271 POLITICAL CONTRIBUTION DISCLOSURE FORM Contractor Instructions Business entities (contractors) receiving contracts from a public agency that are NOT awarded pursuant to a "fair and open" process ( defined at N.J.S.A. 19:44A-20.7) are subject to the provisions of P .L. 2005, c. 271, s.2 (N.J.S.A. 19:44A- 20.26). This law provides that 10 days prior to the award of such a contract, the contractor shall disclose contributions to: • any State, county, or municipal committee of a po litical party • any legislative leadership committee • • any continuing political committee (a.k.a., political action committee) • any candidate committee of a candidate for, or ho lder of, an elective office: o of the pub lic entity awarding the contract o of that county in which that public entity is located o of another public entity within that county o or ofa legislative district in which that public entity is located or, when the public entity is a county, of any legislative district which includes all or part of the county The disclosure must list reportable contributions to any of the committees that exceed $300 per election cycle that were made during the 12 months prior to award of the contract. See N.J.S.A. l 9:44A-8 and 19:44A-J 6 for more details on reportable contributions. N.J.S.A. 19:44A-20.26 itemizes the parties from whom contributions must be disclosed when a business entity is not a natural person. This includes the following: • individuals with an "interest" ownership or control of more than I 0% of the profits or assets of a business entity or 10% of the stock in the case of a business entity that is a corporation for profit • all principals, partners, officers, or directors of the business entity or their spouses • any subsidiaries directly or indirectly controlled by the business entity • [RS Code Section 527 New Jersey based organizations, directly or indirectly controlled by the business entity and filing as continuing political committees , (PACs). When the business entity is a natural person , "a contribution by that person's spouse or child, residing therewith, shall be deemed to be a contribution by the business entity." 11-J:.J.S.A. 19:44A-20 .26(b )] The contributor must be listed on the disclosure. Any business entity that fail s to comply with the disclosure provisions shall be subject to a fine imposed by ELEC in an amount to be determined by the Commission which may be based upon the amount that the business entity failed to report. The enclosed list o f agencies is provided to assist the contractor in identifying those public agencies whose elected official and/or candidate campaign committees are affected by the disclosure requirement. It is the contractor's responsibility to identify the specific committees to which contributions may have been made and need to be disclosed. The disclosed information may exceed the minimum requirement. The enclosed form, a content-consistent facsimile , or an electronic data file containing the required details (along with a signed cover sheet) may be used as the contractor's submission and is disclosable to the public under the Open Public Records Act. The contractor must also complete the attached Stockholder Disclosure Ce1tification . This will assist the agency in meeting its obligations under the law. NOTE: This section does not apply to Board of Education contracts. • N.J .S.A. 19:44A-3(s): 'The term "legislative leaders hip committee" means a committee established , authorized to be established , or designated by the President of the Senate, the Minority Leader of the Senate , the Speaker of the General Assembly or the Minority Leader of the General Assembly pursuant to section 16 of P.L.1993 , c.65 (C. l 9:44A-10 .1) for the purpose ofreceiving contributions and making ex penditures ." Requirements for National Cooperative Contract 1091 of 1132 1096 Doc #4, continued OMNIA PARTNERS EXHIBITS EXHJBIT G-NEW JERSEY BUSINESS COMPLIANCE C. 271 POLITICAL CONTRIBUTION DISCLOSURE FORM Required Pursuant to N.J.S.A . 19:44A-20.26 This form or its permitted facsimile must be submitted to the local unit no later than 10 days prior to the award of the contract. Vendor Name: Address: C it : The undersigned being authorized to certify, hereby certifies that the submission provided herein represents comp li ance with the provisions ofN.J.S.A. 19:44A-20 .26 and as represented by the lnstructions accompanyi ng tl1is form . Printed Naml Part II -Contribution Disclosure Disclosure requirement: Pursuant to N.J.S .A. 19 :44A -20.26 th is disclosure must include all reportable political contributions (more than $300 per election cycle) over the 12 months prior to submission to the committees of the government entities listed on the form provided by the local unit. D Check here if disclosure is provided in e lectronic form Contri butor Name Recipient Name Date D Check here if the information is continued on subsequent page(s) Requirements for National Cooperative Contract Dollar Amount $ 1092 of 1132 1097 Doc #4, continued OMNIA PARTNERS EXHIBITS EXHIBIT G-NEW JERSEY BUSINESS COMPLIANCE List of Agencies with Elected Officials Required for Political Contribution Disclosure N.J.S.A. 19:44A-20.26 County Name: State: Governor, and Legis lative Leadership Committees Legislative District #s: County: State Senator and two members of the General Assembly per district. Freeholders { Co unty Executive} County Clerk Surrogate Sheriff Municipalities (Mayor and members of governing body , regardless of title): USERS SHOULD CREATE THEIR OWN FORM, OR DOWNLOAD FROM THE PAY TO PLAY SECTION OF THE DLGS WEBSITE A COUNTY-BASED, CUSTOMIZABLE FORM. Requirements for National Cooperative Contract 1093 of 1132 1098 OMNIA PARTNERS EXHIBITS EXHIBIT G-NEW JERSEY BUSINESS COMPLIANCE DOC#5 STOCKHOLDER DISCLOSURE CERTIFICATION Name of Business: C I certify that the list below contains the names and home addresses of all stockholders holding 10% or more of the issued and outstanding stock of the undersigned. OR C I certify that no one stockholder owns 10 % or more of the issued and outstanding stock of the undersigned. Check the box that represents the type of business organization: □ Partnership a Corporation □ Sole Proprietorship D Limited Paitnership D L imited Liability Corporation DLimited Liabi li ty Partnership D Subchapter S Corporation Sign and notarize the form below, and, if necessary, complete the stockholder list below. Stockholders · Name : Carl C Icahn Home Address: Business Address: C /o I cahn Capi t al L P 767 5th Ave NY 10153 Name: Home Address : Name : H ome Address: Subscr ibed and swo rn befo re me t hi s~ay o f ff\ A_) 26:-Z..0 (Notary Public) l -l~ My Co mmi ss ion expires : '4 j 2_ / 2...o "2-'-{ Name : The Vanguard Group Home Address: 100 Vanguard Bvd . Business Address Malv ern, Pa 19355 Name: Horne Addres s: Name : Home Address : J ,:)0 n ~ /_e,u , · /1-1 · (Print nam e & titl e f a ffia nt) (C or orate Seal) TERRENCE HORSLEY Requirements::{oi-National Coopet:ative Contract NOTARY PUBLI C STATE OF NEW JERSEY ID# 2229180 MY COMM1SSION EXP IRES SEPTEMBER 2. 20 24 1094 of 1132 1099 DOC#6 OMNIA PARTNERS EXHIBITS EXHIBIT G-NEW JERSEY BU SINESS COMPLIANCE Certification of Non-Involvement in Prohibited Activities in Iran Pursuant to N.J .S .A. 52:32-58 , Offerors must certify that neither the Offeror, nor any of its parents, subsidiaries , and/or affiliates (as defined in N.J .S.A. 52:32 -56(e) (3)), is listed on the Department of the Treasury 's List of Persons or Entities Engaging in Prohibited Investment Activities in Iran and that neither is involved in any of the investment activities set fotih in N.J .S.A. 52:32 -56(£). Offerors wishing to do business in New Jersey through this contract must fill out the Certification of Non-Involvement in Prohibited Activities in Iran here: http://www.state .n j . us /humanservices/dfd /info/standard/fdc /d i sclosure investmentact.pdf. Offerors should submit the above form completed with their proposal. Requirements for National Cooperative Contract 1095 of 1132 1100,-- STATE OF NEW JERSEY•· DIVISION OF PURCHASE AND PROPERTY DISCLOSURE OF INVESTMENT ACTIVITIES IN IRAN Quote Number: Bidder/Offeror: Xerox Corporation PART 1: CERTIFICATION BIDDERS MUST COMPLETE PART 1 BY CHECKING EITHER BOX. FAILURE TO CHECK ONE OF THE BOXES WILL RENDER THE PROPOSAL NON-RESPONSIVE. Pursuant to Public Law 2012 , c. 25, any person or entity that submits a bid or proposal or otherwise proposes to enter into or renew a contract must complete the certification below to attest, under penalty of perjury, that neither the person or entity, nor any of its parents, subs idiaries, or affiliates, is identified on the Department of Treasury's Chapter 25 list as a person or entity engag ing in investment activities in Iran. The Chapter 25 list is found on the Division's website at b1t11:JL,www.state.nj.us/treasury/pu rchase/Qdf/Chapter25Listpdf. Bidders must review th is list prior to comp leting the below certification . Failure to complete the certification will render a bidder's proposal non-responsive. If the Director finds a person or entity to be in violation of law, s/he shall take action as may be appropriate and provided by law, rule or contract, including but not limited to, imposing sanctions, seeking compliance, recovering damages, declaring the party in default and seeking debarment or suspension of the party PLEASE CHECK THE APPROPRIAI~J:!QX: [Z] □ I certify, pursuant to Public Law 2012, c. 25, that neither the bidder listed above nor any of the bidder's parents, subsidiaries, or affiliates is listed on the N.J. Department of the Treasury"s list of entities determined to be engaged in prohibited activities in Iran pursuant to P.L. 2012, c. 25 ("C hapter 25 List"). I further certify that I am the person listed above, or I am an office r or representative of the entity listed above and am authorized to make this certification on its behalf. I will skip Part 2 and sign and complete the Certification below. OR I am unable to certify as above because the bidder and/or one or more of its parents, subsidiaries, or affiliates is listed on the Department's Chapter 25 list. I will provide a detailed, accurate and precise description of the activities in Part 2 below and sign and complete the Certification below. Failure to provide such will result in the PI.QPQ.Sal being rendered as non- responsive and appropriate penalties , fines and/or sanctions will be assessed as provided by law. PART 2: PLEASE PROVIDE FURTHER INFORMATION RELATED TO INVESTMENT ACTIVITIES IN IRAN You must provide a detailed , accurate and precise description of the activities of the bidding person/entity , or one of its parents, subsidiaries or affiliates , engaging in the investment activities in Iran outlined above by completing the boxes below. EACH BOX WILL PROMPT YOU TO PROVIDE INFORMATION RELATIVE TO THE ABOVE QUESTIONS. PLEASE PROVIDE THOROUGH ANSWERS TO EACH QUESTION. IF YOU NEED TO MAKE ADDITIONAL ENTRIES, CLICK THE "ADD AN ADDITIONAL ACTIVITIES ENTRY" BUTTON. Name ___________________ Relationship to Bidder/Offerer _______ _ Description of Activities ----------------------------------- Duration of Engagement __________ Anticipated Cessation Date ____________ _ Bidder/Offerer Contact Name Contact Phone Number ------------ ADD AN ADDITIONAL ACTIVITIES ENTRY Certification: I, being duly sworn upon my oath, hereby represent and state that the foregoing information and any attachments thereto to the best of my knowledge are true and complete. I attest that I am authorized to execute this certification on behalf of the above-referenced person or entity. I acknowledge that the State of New Jersey is relying on the information contained herein and thereby acknowledge that I am under a continuing obligation from the date of this certification through the completion of any contracts with the State to notify the State in writing of any changes to the answers of information contained herein. I acknowledge that I am aware that it is a criminal offense to make a false statement or misrepresentati on in this certification, and if I do so, I recognize that I am subject t o criminal prosecution under the law and that it wil onsti e a material breach of my agreement(s) with the State of New Jersey and that the State at its option may declare any con ) r is certification void and unenforceable. Full Name (Print): Joanne Levy Signature: Title: General Manager , State of New Jersey OPP Standard Forms Packet 11/2013 1096 of 1132 1101 DOC#7 OMNIA PARTNERS EXHIBITS EXHIBIT G-NEW JERSEY BUSINESS COMPLIANCE NEW JERSEY BUSINESS REGISTRATION CERTIFICATE (N.J.S.A. 52:32 -44) Offerors wishing to do business in New Jersey must submit their State Division of Revenue issued Business Registration Certificate with their proposal here . Failure to do so will disqualify the Offeror from offering products or services in New Jersey through any resulting contract. http://www .state .nj .us /treasury/revenue/forms /njreg .pdf Requirements for National Cooperative Contract 1097 of 1132 1102 STAT E OF NEW JERSEY BUSINESS REGISTRATION CERTIFICATE Taxpayer Name: Trade Name: Address: Certificate Number: Effective Date: Date of Issuance: For Office Use Only: 20180716081443468 XEROX CORPORATION 201 MERRJTT 7 NORWALK, CT 06851 0061020 November 07, 1960 July 16, 2018 END OF SECTION 1098 of 1132 1103 1099 of 1132 1104BtiSiness The business resource Gazette PNI-Arizona Business Gazette PHASE:3 109 WESTPARK DRIVE, SUITE 360 BRENTWOOD, TN 37027 Order# 0004153810 P.O# Published Date(s): 04/23/20 # of Affidavits 1 STATE OF WISCONSIN COUNTY OF BROWN } ss. I, being first duly swam, upon oath deposes and says: That I am the legal clerk of the Arizona Republic, a newspaper of general circulation in the counties of Maricopa, Coconino, Pima and Pinal, in the State of Arizona, published weekly at Phoenix, Arizona, and that the copy hereto attached is a true copy of the advertisement published in the said paper on the dates indicated. '~ Sworn to before me this 23 RD day of APRIL2020 Notary Public tl Cf My Commission expires: r'J/) POBOX194 Phoenix, Arizona 85001-0194 (602) 444-7315 FAX (602) 444-5901 AFFIDAVIT OF PUBLICATION The University of California is request-ing proPOsals from qualified and experi-enced firms to provide Print Goods and Services -UC Systemwide (RFP No. 001811-FEB2020). In order to be consid-ered, the Offerer must complete and submit a proposal to the University of California in accordance with the solici-tation documentation available at https: //smart.gep.com/publicRFx/ucal?oloc=2 15#/ PRE-PROPOSAL CONFERENCE: Monday, April 27, 2020, 1pm PST PROPOSAL DUE DATE: Friday, June 5, 2020 before Noon PST CONTACT: Mkhoel Wegmann, Sr. IT Commodity Manager, IT Strategic Sourcing, University of California Of-fice of the President at 510.987.0428 or michael.wegmann@ucop.edu Pub: April 23, 2020 \\\I I I l 11111111 I I/ ,,,,,, ¥-. '{ F £ l11/,/ ~ ,\. C . . . . . .. . . l r;-,✓-, ~ '-l •• ·•' ••••• ~ ..... . ·. ,,, f / ~OTARr-\ '% ~ f ar,.v-@ i ~ ~ 1n \ ~UBL\C / <' 2 ~ .,;.,..._ •■-,.";::-~ ~ ~ '•, •. • _s:.1;:: ~,. ;-~ ·• .......... •· O' ~ "✓,,:1 OF·w1sC ,,,, 111 \\\ l/////111\1111\\ 1100 of 1132 1105 C USDUR 1CE -C. 'be. ILv . Of Ure E-~ PUBLIC BID S]TE ACTIVE EVENTS (23) ClOSED EVE TS (479) < @li RFP • Print Goods and Services • UC Systemw ide Contact: Michael Wegmann I Email: Michael.Wegmann@ucop.edu I Start: 4/21/2020 Pacific Standard Time I End : 6/5/2020 Pacific Standard Time 1101 of 1132 1106 4770 S. 5600 W. WEST VALLEY C IT Y, UT AH 84 11 8 FED.TAX I.D.# 87 -0217663 801-204-69 10 Descret News PROOF OF PUBLICATION C USTOM ER'S CO PY I CUSTOMER NAME AND ADDRESS ACCOUNT NUMBER P HASE 3, 9001501174 ACCOUNTS P A Y A B LE 109 W ESTPARK DR STE 3 60 DATE BRENTWOOD TN 370 27 4 /28/2020 I ACCOUNT NAM E PHASE 3 , I TELEPH ONE I ORD ER # INVO ICE NUMB ER 6 1 55674 070 000 1287724 IO I 287724-04212020 I P UB LI CATION SCH EDULE STAR T 0 4 /2 1/2 0 2 0 EN D 04/2 1/2020 I CUSTO MER REFERENCE NUMBER RFP 00181 -Feb 2020 I CAPTION REQUEST FOR PROPOSALS The University of Ca li forn ia is request ing proposals from o S IZE 37 LINES 1 COLUMN (S) I TIMES I TOTAL COST 2 63.46 AFF ID AVIT OF PUBLICATION RQ/EST FOR PROPOSALS The University of Califor- nia is requestit_l9 proposals fr~uo(ified and expe- P1rint ~~a~ G:~~ {RFP No. 0018 1 1- R'B2020). In order to be =id=lete~nd°=~ o pr9POSO I to 1he Universi- ty of California in aa:ord- ance wifh fhe solicitation , PRE-PROPOSAL CONFfRBslCE, Monday April 27, 2020, 1 pm PST PROPOSAL DUE DA TE, ~~~~a~"'l,"sf 2020 be- CONTACT, Michael Wegmam, Sr. IT Comnod- ity Manager, IT Strategic; Sourcing, University of California Office of fhe President at 510.987. 0428 or michael .wegmann ~ IA'AXU' AS NEWSPAPER AGENCY COMPANY, LLC dba UTAH MEDIA GROUP LEGAL BOO KER, I CERTIFY THAT TH E ATTAC HED ADVERT ISEMENT OF R E Q UEST FOR PROPOSA LS T he Univers ity o f California is r equesting proposals from qu a lified a nd ex peri e nc ed firm s to provide Print Good s and Services (RFP N o. 00 FOR PHA SE 3, WAS P U BLISHED BY THE NEWSPAPER AGENCY COMPANY , LLC dba UTAH MED IA GROUP, AGENT FOR DESERET NEWS AND THE SALT LAKE T RIBUNE, DAILY NEWSPAPERS P R fNTED IN Tl-I E ENGLISH LANGUAGE WITH GENERAL C IRCULATION IN UTAH. AND PUB LI SHED IN SALT LAKE C ITY, SALT LAKE COUNTY IN THE STATE OF UTAH . NOTICE IS ALSO POSTED ON UTAHLEGALS .COM ON THE SAME DAY AS THE FIRST NEWSPAPER P UBLICATION DA TE AND REMA INS ON UTAHLEGALS.COM INDEFINITELY. COM PLIES W IT H UTAH DIGITAL S IGNATURE ACT UTAH CODE 46 -2-1 01: 46-3 -104 . P UBLISHED ON S t a rt 0 4 /2 I /20 20 E n d 0 4 /21 /2 0 20 DATE 4 /28/2020 STATE OF UTAH COUNTY OF -"""""SAc.:.L::.a.T.a...aaL:...:AK==E __ SUBSC RI BE D AND SWO RN TO BEFORE ME ON TH IS BY LENEA T AP USOA . 28TH /(·::;·;;;;>· ·. --. - SIGNATURE ___________ _ DAY OF APRI L IN THE YEA R 2020 NOT ARY PUBLIC SIGNATURE 1102 of 1132 1107AFFIDAVIT OF PUBLICATION DJC OFFICIAL 921 S.W. Washington St. Suite 210 / Portland, OR 97205-2810 (503) 226-1311 STATE OF OREGON, COUNTY OF MULTNOMAH--ss. I, Nick Bjork , being first duly sworn, depose and say that I am a Publisher of the Daily Journal of Commerce , a newspaper of general circulation in the counties of CLACKAMAS, MULTNOMAH, and WASHINGTON as defined by ORS 193.010 and 193.020; published at Portland in the aforesaid County and State; that I know from my personal knowledge that the Goods and Services notice described as Case Number: NOT PROVIDED Print Goods and Services (RFP No. 001811-FEB2020) University of California Office of the President; Bid Location San Diego, CA, San Diego County; Due 06/05/2020 at 12:00 PM a printed copy of which is hereto annexed, was published in the entire issue of said newspaper for 1 time(s) in the following issues: 4/22/2020 State of Oregon County of Multnomah SIGNED OR ATTESTED BEFORE ME ON THE 23rd DAY OF April, 2020 :Vt;\ {\tJ Nick Bjork -~~9 ~ .,,,.,,,...,.. ---~o / Notary Public-State'Ot1 --OFFICIAL STAMP MICHELLE ANNE ROPP NOTARY PUBLIC· OREGON COMMISSION NO. 981091 MY COMMISSION EXPIRES NOVEMBER 05, 2022 Rich Melin National lpa 1 09 W estpark Dr Ste 360 Brentwood, TN 37027-5062 UNIVERSITY OF CALIFORNIA PRINT GOODS AND SERVICES Proposals due 12:0(fpm, June 5, 2020 REQUEST FOR PROPOSALS The University of California is re_qu~sling proposals fr9m qucilified and experienced firms to provide Print' Goods and Servic·es (RFP No. \ 001811-FEBg0ZO). In order to be. consid-ered, lhe Off!!ror must complete and submit a proposval to. llJ~ . Uni\((!rsity of :, .Callfomla In ciccordimee will) the i solicitation documentation available at hllps://sma.rt.gep com/puptlcRFx/ uca1?010C=245#t PRE-PROPOSAL C'ONFERENCE: Morii;lay1 April 27,,2020, 1pm PST PROROSAL lll.UE DATE: Friday, June . 5, 2'020 befoR!, N®n PST CONTACT; Mlc;ha:el Wegmann, Sr'. IT Commodity, Maf!ager, IT Slral!i!glc Sourcing, _University .61, Callforlila Offiee of the President af 510.987.0428 or michael,wagmarah@ucbo edu Publlshed·Ap_r. 22, 2020. 11878716 Order No.: 11878716 Client Reference No: 1103 of 1132 1108 Page 1 of 1 20470791 04/15/2020 14:20:16 Ad Number Ad Key Salesperson 11034805 Order Number PO Number Customer Contact Address1 Address2 Publication 60036285 Phase 3 Marketing & CommunicaSection Legal -Legals -Helena Independent Record Class Section Sydney Rubin Sub Section Legal 109 Westpark Drive Category 9999 Legals 04/22/2020-04/22/2020 1 Suite 360 Dates Run City St Zip Phone Brnntwood TN 37027 Days Fax Printed By Entered By Crystal Gray Crystal Gray Size Words Ad Rate Ad Price Amount Paid Amount Due 1 x 3.77, 34 lines 91 Legal Line 65.26 65.26 -0.00 Keywords Notes The University of California is requesting proposa Zones The University of California is requesting proposals from qualified and experienced firms to provide Print Goods and Services (RFP No. 001811-FEB2020). In order to be considered, the Offeror must complete and submit a proposal to the University of California in accordance with the solicitation documentation available at https://smart.gep.com/publicRF x/ucal ?oloc=215#/ PRE-PROPOSAL CONFER-ENCE: Monday, April 27, 2020, 1 pm PST PROPOSAL DUE DATE: Fri-day, June 5, 2020 before Noon PST CONTACT: Michael Wegmann, Sr. IT Commodity Manager, IT Strategic Sourc-ing, University of California Of-fice of the President at 510.987.0428 or michael. wegmann@ucop.edu April 22, 2020 MNAXLP AFFIDAVIT OF PUBLICATION STATE OF MONTANA, County of Lewis & Clark Crystal Gray Being duly sworn, deposes and says; That she is the principal derk of the Independent Record, a newspaper of general circulation published daily in the City of Helena, in the County of Lewis & Clark, State of Montana, and has charge of the advertisement therof: That the Public Notice a true copy of which is hearto annexed, was published in said newspaper on the following dates: viz.: April 22, 2020 mak;og'" all_>_ p,bllra"oo[>I Q-kQ s,b,crlbed a,d ,-om w me<M> ,e ,.::;"..,oi~ ww. ~ (Notary Seal) ---...,. ~~=-----2ii,,lf': ~~ r~ Printed Name: Billie Jo Wlll!ams Residing at Clancy, Montana 59634 My commission expires August 31, 2022 BILLIE JO WILLIAMS NOTARY PUBLIC for the Stiba of Mor.~11a Residing at Clancy, Montana My Commission Expi,es Augusi 31, 2022 1104 of 1132 1109AFFIDAVIT OF PUBLICATION IN THE MATTER OF (RFP No. 00 l8 l l-FEB2020) Print Goods and Services STATE OF HAWAII City and County of Honolulu } ss. } Doc. Date; APR 21 2020 Notary Name:coLLEEN E. soRANAKA Doc. Description: Affidavit of APR 21 2020 Notary Signature Date # Pages: 1 Rrst Judicial Circuit \,,. ""'',, ,,,' ~ E.. So ',, ,' «.,,,;;;, ········· -?-1_ .......... '~.--····· ···-.... " ...... : 0/ NOTARY \'1-:. : (J f PUBLIC -y : : k\ *: \ \_ No. 90-263 j .... ,. ... , ~·-....... . ... ···· ........... ,, ;,.,,_ ········· . "'~ ·' I I I • &..: Uf-nr ~ \ ~ Lisa Sakakida being duly sworn, deposes and says that she is a clerk, duly auiho!if.til I I I 11 '\ to execute this affidavit of Oahu Publications, Inc. publisher of The Honolulu Star-Advertiser, MidWeek, The Garden Island, West Hawaii Today, and Hawaii Tribune-Herald, that said newspapers are newspapers of general circulation in the State of Hawaii, and that the attached notice is true notice as was published in the Honolulu Star-Advertiser 1 times on: 04/21/2020 MidWeek 0 times on: --The Garden Island 0 times on: Hawaii Tribune-Herald 0 times on: West Hawaii Today 0 times on: Other Publications: 0 times on: And that affiant is not a party to or in any way interested in the above entitled matter. LisaS~ --:::,<this 21 dayof April A.0.20'20 Colleen E. Soranaka, Notary Public of the First Judicial Circuit, S1:11-,te10t i"tfiJ' '1,, My commission clCpires: Jan 06 2024 ,,' ~~ · O.i9. '1,, ~-' ~ ... ···· ..... ··· .. :-11,, ', -The-· Unlveis!1f of Caltt:0111l a , ~ raq~~!!f proposals /rom qualified an'd ·e:iperienced ff~ to, provide Print Goods and se-rvtces (RfP No: 00181JfEB2020). In order to be considered, Ifie Offeror must complete and submit a ~posal to' lhii U~lveis!I)' of Callfomlil In, acconlance llillrtlie.sollcilatlon doctlriienooon. available a1 l!!!es:l/5inart.tep.com/publid1Fyucal10Joc.2.1s,/; PRE-Pf!O'POSAL CONFERENCE: Monday; April 27, 2020, 1pm PST PROPOSAL DUE DATE: Friday, June 5, 2020 before Noo~ PST (;ONTACT: }'rl(chael W.eg111atm, Sr. IT C~mmodll)' Mansger1 IT Str:alpgtc Sourcing; Unlvl!rslty ol_tatifomla Office of tile Presld_erit' .at 510,987.0428 or mlchael,wegniann@ucop.edu (S,U276655 4/~1/20) .. -;:y . ...-·· .. 'ji'. ,_ Ad# 0001276655 : 0 / NOTARY \'1-·-;. ICSP NO.: : O: PUBLIC : 7 : :1q !*: ~ \ No. 90-263 / : ---.~·-... . .... ~ .. / ',,,v~:;.;_:: ........ ···~"r' ,,' '',, ' c: OF \-\~,,, '' ,,,,,,,, _.,, --------- 1105 of 11321110I 0000213819 PHASE 3 MARKETING AND COMMUN ...... , M DIA GROUP AFFIDAVIT OF PUBLICATION STATE OF TEXAS: Page 1 of 3 Houston Chronicle l ClA l(OS Before me, the undersigned authority, a Notary Public in and for the State of Texas, on this day personall: appeared, the Newspaper Representative at the HOUSTON CHRONICLE, a daily newspaper published i Harris County, Texas, and generally circulated in the Counties of: HARRIS, TRINITY, WALKER, GRIMES POLK, SAN JACINTO, WASHINGTON. MONTGOMERY, LIBERTY, AUSTIN, WALLER, CHAMBERS, COLORADO, BRAZORIA, FORT BEND, GALVESTON, WHARTON, JACKSON, and MATAGORDA and that the publication, of which the annexed herein, or attached to, is a true and correct copy, was publishec to-wit: PHASE 3 MARKETING AND COMMUN RAN A LEGAL NOTICE 0000213819 HC004901326 SIZE BEING: 2 x13 L Product Date CNCY-Cypress Creek Mirror (Cypress/Cy-F. Apr 22 2020 CNCH-Cypress Creek Mirror (Champions/Kl Apr 22 2020 CNPM-Magnolia Potpourri Apr 22 2020 CNPO-Tomball Potpourri Apr 22 2020 CNCY-Cypress Creek Mirror (Cypress/Cy-F, Apr 29 2020 CNCH-Cypress Creek Mirror (Champions/Kl Apr 29 2020 CNPM-Ma nolia Pot ourri A r 29 2020 Class Bids-Proposals Bids-Proposals Bids-Proposals Bids-Proposals Bids-Proposals Bids-Proposals Bids-Pro osals Page 1106 of 11321111I 0000213819 PHASE 3 MARKETING AND COMMUN Page 2 of 3 Houston chronicle I c....-~o• Product Date Class Pae CNPO-Tomball Potpourri Apr 29 2020 Bids-Proposals ---=------"""'~~---~ ~--'---,,-~--------------'I:. -----lo.,~~~--=-;;¢_______:.__~-<:_ NEWSPAPER REPRESENTATIVE Sworn and subscribed to before me, this 29th Day of April A.D. 2020 1107 of 11321112I 0000213819 PHASE 3 MARKETING AND COMMUN The University of Callfomi& is requesting proposals from quahf1ed and experie,ieed fitms to provid" Prifif GOOds and Services -UG Systemwlde (RFP No. 0018ll-FE82020). In order to be considered, the Olferor must complete and submit a· proposal to the-University of California in accordance with the sollcitatlon documerrtatlon avallable-at hllps://smarl.gep.com/publtcRFu'ucal?oloc~21s#/ PRE-PROPOSAL CONFERENCE: Monday. Aprd 27, 2020, 1pm PST PROPOSAL DUE DATE: Friday. June 5, 2020 belore Noon PST CONTACT: M1chael Wegmann. Sr. IT Cornm0d1ty Manager. IT Strategic Sourcing. Un,versrty of California Office of the President at 510.987.0428 or rrw:haeLWl!gIT!ann1i•U£0j'.Uldu Page 3 of3 Houston chronicle CI.AUFll!IIII 1108 of 1132 1113County of Kennebec City of AUGUSTA STATE OF MAINE Being duly sworn, says he/she is_Donna Dusty ~ t2' ½ Of the Kennebec Journal/Morning Sentinel, daily newspapers in theCity ~gusta / Waterville, State of MAINE: Public Notice: The University of California Xis requesting proposals from qualified and experienced firms to provide Print Goods and Services (RFP No. 001811-FEB2020). In order to be considered, the Offerer must complete and submit a proposal to the University of California in accordance with the solicitation documentation available at https://smart.gep.com/publi cRFx/ucal?oloc=215#/ Has been published in the said Kennebec Journal: 04/21/20 Has been published in the said Morning Sentinel: 04/21/20 Subscribed and sworn before me this: 05/18/20 My Commission Expires Name: Phase 3 Caption: REQUESTS FOR PROPOSALS Ad Number: 0179450 Wendy Lee Clement '!JA!t 1109 of 1132 1114AFFIDAVIT OF PUBLICATION STATE OF NEVADA) COUNTY OF CLARK) SS: PHASE 3 MARKETING & COMM STE 360 109 WESTPARK DR BRENTWOOD TN 37027 Account# Ad Number 170430 0001101734 Leslie McCormick, being 1st duly sworn, deposes and says: That she is the Legal Clerk for the Las Vegas Review-Journal and the Las Vegas Sun, daily newspapers regularly issued, published and circulated in the City of Las Vegas, County of Clark, State of Nevada, and that the advertisement, a true copy attached for, was continuously published in said Las Vegas Review-Journal and / or Las Vegas Sun in 1 edition(s) of said newspaper issued from 04/21/2020 to 04/21/2020, on the following days: 04 / 21 / 20 I~ LEGAL REQU~TING PROPOSALS The University of California Is requesting prop0sals 'from guallfleo and e)!J?erienc~d firms, to provide Print Goods and Service$ (RW Ho. 001811· FEB2020). In order· to be considered, the Offe~or must complete . and submit a pr6Rosal to tlie University of Callforrila In accordance with toe s_ollcitatron ~ocunient'atlc>fl avallable at httt>s:tlsmart.gep.com/piJbllc RFxtucal?oloc=215#/ PRE-PROPOSAL CONFIRENCE: t,fondav,-APrll>27, 2020, . lpmPST PROPOSAL DUE D.ATE: Friday, Jur;te.5, 2020 b_efore Noon PST .• CONTACT: Michael· Wegmann, Sr. IT Commodlfr Manasfer, IT Strategfcf sourcing,, Urilv~rslty of Callfornla Office of the President" at 510.987,.0428 or mlcha~l.wegmann@Lic~p.edu PUB: April 21, 2020 LV Review-Journal Subscribed and sworn to before me on this 21st day of April, 2020 LINDA ESPINOZA Notary Public. State of Nevada . • ~; Appointment No. 00-64106-1 'f....~ · My Appl. Expires Jul 17, 2020 1110 of 1132 1115PHASE 3 MARKETING AND COMMUNICATIONS 109 WESTPARK DRIVE, SUITE 360 BRENTWOOD, TN 37027 Acct Number Ad Number Insertions Total 65600 0000900555 1 $18.60 AFFIDAVIT OF PUBLICATION, NEW JERSEY, SUSSEX COUNTY, ss Cristy Carlson, of full age being duly sworn, did depose and say that the notice hereto attached was published in THE NEW JERSEY HERALD and/or NEW JERSEY SUNDAY HERALD a newspaper printed and circulated in said county on: ADNUMBER Publication 0000900555-01 NJH Herald < ~ Notary: > ,n:m # 2457972 Page 85 · , ~, ,,,.,, ;:.:,linires 6/22/2023. Date 04/21/2020 04/21/2020 NOTICE NOTICE The University of Cali-fornia is requesting pro-posals from qualified and experienced firms to provide Print Goads and Services (RFP No. 001811-FEB202Q). In or-der to be considered, the Offeror must complete and submit a proposal to the University of Cali-fornia in accordance with the solicitation doc-umentation available at https :/Is ma rt.ge p. com/publicRFx/ ucal?ol OC=215#/ PRE-PROPOSAL CON-FERENCE: Monday, April 27, 2020, 1pm PST PROPOSAL DUE DATE: Friday, June 5, 2020 before Noon PST CONTACT: Michael Wegmann, Sr. IT Com-modity Manager, IT Strategic Sourcing, Uni-versity of California Of-fice of the President at 5 10.987.0428 or michael. wesmann@ucop.edu April 21, 2020 pf$1 l.10 0000900555 NJ H 0000900555 1111 of 1132 1116 866~75-3299 I Contact Us I Back to omniapartners.com f in 'I ii @ Q.~N ~~I Pub lic Sector Power. Access. Trust. ldiH:fai CONTRACTS I SOLICITAT IONS I WHO WE ARE I WHAT WE DO I WHO WE SERVE I EVENTS I RESOURCES I CONTACT US SUPPLIER INFORMATION Review the OM N IA Pa rt ne rs co ntracting process here: LEAD AGENCY PROCESS Solicitations Hom e , Solicitation s , V iew Solicitations Current Solicitations 1:11 Print Goods and Services -UC Systemwide UNIVERSITY Lead Agency: [+ll CALIFORNIA Un ive rsity of Ca liforn ia Responses Due : June 5, 2020 be fore 12 :00 p .m PST C lick here for add it ional informati on from CalUSo urce (Scro ll down to locate spec ifi c RFP ) 1112 of 1132 1117IR.iclJmDnb <!times-JllispattlJ Advertising Affidavit OMNIA 109 WESTPARK DRIVE SUITE360 BREN1WOOD, TN 37027 Date Category 04/30/2020 Propes-Sid Bids-RFP The University of California Is requesting proposals from quaITfied and experienced firms to provide Print Goods and Services (RFP No. OOl811-FEB2020). In order to be cOMldeied, the Offeror must complete and sub-mit a proposal to the University of California In acrordance wimi the SO· licita~on documentation avall;ible at !l!!Jlj;{/smart.gep.conVp litRFld ~~-i°ilo~l¾'&,HFER£NCE: Monday, April 27, 2020, 1pm PST PROPOSAL DUE DATE: Friday, /line S. 2020 before Noon PST CONTACT: Mlthael Wegmann, Sr. IT Ctlmmodity Manager, IT Strategic Sourcing, University of California Office of the President at 510,987.0428 or michael.wegm;ion®ucoo.edu Account Number 6067881 Date 300 E. Franklin Street Richmond, Virginia 23219 (804) 649-6208 April 21, 2020 Description Ad Size The University of California is requesting proposals from qualifiE 2 x O L Publisher of the Richmond Times-Dispatch This is to certify that the attached The University of Califor was published by the Richmond Times-Dispatch, Inc. in the City of Richmond, State of Virginia, on the following dates: 04/21/2020 The First insertion being given... 04/21/2020 Newspaper reference: 0001084633 Sworn to and subscribed before me this Tuesday, April 21, 2020 Total Cost 96.40 --:11\\x(~ ~G'.':J ;2D7D JC. f_ {l ~~ (;\ ~;,_'I.\ V,\)lJ-'>BI\\ Notary Public St-,'lron R Carsten ,1DTARY PUBLIC State of Virginia r...:rnrnonwealth of Virginia City of Richmond · '": "\ -=ic~1stration Number 329549 . . . ·, .,ri:r,,,;s,on E.>:'.;.•es July 31 2021 My Comm1ss1on expires -----------THIS IS NOT A BILL. PLEASE PAY FROM INVOICE. THANK YOU This space for filing stamp only OR #: O R A N G E C O U N T Y R E P O R T E R ~ SINCE 1921 ~ 600 W. Santa Ana Blvd., Suite 205, Santa Ana, California 92701-4542 Telephone (714) 543-2027 / Fax (714) 542-6841 PROOF OF PUBLICATION (2015.5 C.C.P.) State of Calif ornia ) County of Orange ) ss Notice Type: Ad Description: I am a citizen of the United States and a resident of the State of California; I am over the age of eighteen years, and not a party to or interested in the above entitled matter. I am the principal clerk of the printer and publisher of the ORANGE COUNTY REPORTER, a newspaper published in the English language in the City of Santa Ana, and adjudged a newspaper of general circulation as defined by the laws of the State of California by the Superior Court of the County of Orange, State of California, under date of June 2, 1922, Case No. 13,421. That the notice, of which the annexed is a printed copy, has been published in each regular and entire issue of said newspaper and not in any supplement thereof on the following dates, to-wit: Executed on: 10/10/2004 At Riverside, California I certify (or declare) under penalty of perjury that the foregoing is true and correct. Signature SAN BERNARDINO COUNTY SUN 473 E CARNEGIE DR #200, SAN BERNARDINO, CA 92408 (909) 889-9666 (909) 884-2536 SB 3360267 RICH MELIN PHASE 3 MARKETING & COMMUNICATIONS/NIPA 109 WESTPARK DRIVE SUITE 360 BRENTWOOD, TN - 37027 RFP - REQUEST FOR PROPOSALS RFP No. 001811-FEB2020 I am a citizen of the United States and a resident of the State of California; I am over the age of eighteen years, and not a party to or interested in the above entitled matter. I am the principal clerk of the printer and publisher of the SAN BERNARDINO COUNTY SUN, a newspaper published in the English language in the city of SAN BERNARDINO, county of SAN BERNARDINO, and adjudged a newspaper of general circulation as defined by the laws of the State of California by the Superior Court of the County of SAN BERNARDINO, State of California, under date 06/27/1952, Case No. 73081. That the notice, of which the annexed is a printed copy, has been published in each regular and entire issue of said newspaper and not in any supplement thereof on the following dates, to-wit: 04/21/2020, 04/28/2020 04/29/2020 SAN BERNARDINO !A000005409008! Email The University of California is requesting proposals from qualified and experienced firms to provide Print Goods and Services ---UC Systemwide (RFP No.001811- FEB2020).In order to be considered, the Offeror must complete and submit a proposal to the University of California in accordance with the solicitation documentation available at https://smart.gep.com/publicRFx/uc al?oloc=215#/ PRE-PROPOSAL CONFERENCE: Monday, April 27,2020,1pm PST PROPOSAL DUE DATE:Friday, June 5,2020 before Noon PST CONTACT:Michael Wegmann,Sr. IT Commodity Manager,IT Strategic Sourcing,University of California Office of the President at 510.987.0428 or michael.wegmann@ucop.edu 4/21,4/28/20 SBS-3360267# 1113 of 1132 1118 1114 of 1132 1119 STATE OF WASHINGTON --KING COUNTY --ss. 383905 No. PHASE 3 MARKETING & COMM. Affidavit of Publication The undersigned, on oath states that he is an authorized representative of The Daily Journal of Commerce, a daily newspaper, which newspaper is a legal newspaper of general circulation and it is now and has been for more than six months prior to the date of publication hereinafter referred to, published in the English language continuously as a daily newspaper in Seattle, King County, Washington, and it is now and during all of said time was printed in an office maintained at the aforesaid place of publication of this newspaper. The Daily Journal of Commerce was on the Ith day of June, 1941, approved as a legal newspaper by the Superior Court of King County. The notice in the exact form annexed, was published in regular issues of The Daily Journal of Commerce, which was regularly distributed to its subscribers during the below stated period. The annexed notice, a BCSB:U OF C PRINT GOODS was published on 04/21/20 The amount of the fee charged for the Date: 04/14/2020 Adnum: 383905 Custid: 69764 ADVERTISING PROOF Customer: PHASE 3 MARKETING & COMM. Ad Title: Print Goods and Services Lines: 32 ^STARTAD^383905^University of California Print Goods and Services Submittal date: June 5 The University of California is requesting proposals from quali-fied and experienced firms to pro -vide Print Goods and Services (RFP No. 001811-FEB2020). In order to be considered, the Offeror must complete and sub-mit a proposal to the University of California in accordance with the solicitation documentation available at https:/ / smart.gep.com/ publicRFx/ ucal?oloc=215#/ PRE-PROPOSAL CONFERENCE: Monday,April 27, 2020, 1pm PSTPROPOSAL DUE DATE: Friday, June 5, 2020 before Noon PSTCONTACT: Michael Wegmann, Sr. IT Commodity Manager, IT Strategic Sourcing, University of California Office of the President at 510.987.0428 or michael.weg-mann@ucop.eduDate of publication in the Seattle Daily Journal of Commerce, April 21, 2020.4/21(383905)^ENDAD^383905^ ^THE-END^ State of Washington, King County 1115 of 1132 1120 1116 of 1132 1121CAPITAL CITY PRESS Publisher of THE ADVOCATE PROOF OF PUBLICATION The hereto attached notice was published in THE ADVOCATE, a daily newspaper of general circulation published in Baton Rouge, Louisiana, and the Official Journal of the State of Louisiana, City of Baton Rouge, and Parish of East Baton Rouge or published daily in THE TIMES-PICAYUNE/ THE NEW ORLEANS ADVOCATE, in New Orleans Louisiana, or published daily in THE ACADIANA ADVOCATE in 04/21/2020 ~~/_ Britta~Public Notices Representative Sworn and subscribed before me by the person whose signature appears above 4/22/2020 ~~Qa,-~· ~:~,'--) M. Monie McChristian, Notary Public ID# 88293 State of Louisiana My Commission Expires: Indefinite PHASE 3 MARKETING & COMM SYDNEY RUBIN 109 WESTPARK DR STE 360 BREN1WOOD, TN 37027 431089-01 ,,,111,,,, ,,,\ ,c MccH 1111 ' 0~ ······· -?1o' / _:::. '-~:_..~;~y P(i;;-.. ~ _,~ ...... ~. 0 . <✓.•.~.-,-::: .. -~ ,<} r' C'l\ :::. -: ,,..,, .~ ; : 1)1' '1(r : :z ~ ,.,: ---·. 0 ,_ Q).. .... _,. c.P, •• ~ • --o..'v •• ......... ✓ " •• ·7-9 ~s, .• -~ ..._ ,,,, "'9>:"·· .. 1-NO:,··· ?-~"' /// I; oj;•L··o·u,~' ,,' I; \\ 1111111\\\ 1117 of 1132 1122PUBLIC NOTICE The University of' California Is requesting proposals from qualified and exp.erl-enced firms to provide Print Goods and Services {RFP No. 0018ll·FEB2020). In order to be considered, the Offerer must complete ~f U5n~~:~\J Jn~fi~~f~ In accordance with the so-ilcltatlon documentation available at P/IE·PROPOSAL CONFERENCE: Monday, April 27, 2020,-1pm PST PROPOSAL DUE DATE: Friday, June 5,2020 befote Noon PST CONTACT: Michael Wegmann, Sr. IT commodi-ty Manager, IT stra.tegic Sourcing, University of Cal-ifornia Office ot the Pres!· dentat 510.ll87.0418ormrc hae~nn@ ui:o __ .u_ 4:UQ89-apr 21-lt ' ~- 1118 of 1132 1123Certificate of the Publisher The Herald-News Description:00181-FEB 2020 1772246 00181-FEB 2020 PHASE 3 MARKETING & COMMUNICATIONS P O BOX 680758 MARIETTA GA 30068 Shaw Media certifies that it is the publisher of The Herald-News. The Herald-News is a secular newspaper, has been continuously published daily for more than fifty (50) weeks prior to the first publication of the attached notice, is published in the City of Joliet, County of · Will, State of Illinois, is of general circulation throughout that county and surrounding area, and is a newspaper as defined by 715 ILCS 5/5. A notice, a true copy of which is attached, was published 1 time(s) in The Herald-News, namely one time per week for one successive week(s). Publication of the notice was made in the newspaper, dated and published on 04/21/2020 This. notice was also placed on a statewide public notice website as required by 5 ILCS 5/2.1. In witness, Shaw Media has signed this certificate by J. Tom Shaw, its publisher, at Joliet, Illinois, on 21st day of April, .A.D. 2020 Shaw Media By: Account Number 10174037 ?~-J. Tom Shaw, Publisher Amount $72. 92 PUIUC NOTICE the Unlvelslly of ~cmlo Js r uesft -·roposo1s 1iam 11l1111et1ng a~ expeilenced ftrms to_ IJIOVide P.Jiiil Goods ana Servlee,s. (Rf P No. 00181 l-FEB2020). In order to be considered, the Ollaror must ccmplele and subrrit a proposal 10 lhe UnlWISIIY. of Corrtarnlo In ac-cordance' wHh the.sollclfatton documenllllion available at ·11ps:11smart:aep.com1 ubUcRFx/ucol7oloe=215#/ PRE-PROPOSAL CONFERENCE: Monday, Apdl ,27i 2020, l pm PST PROPOSAL DUE DATE: 11idoy, June 5, 2020 befol8 Noon PST CONTACT: Mlch<fel weg·mann. Sr. lT Commoii!Y Monoger~ lT Sf!olegli; SoW'cjng, Un~ or ca1ilOJT(\o Offiefl ,of ll!O Presklenl at 510.987.0428 or michael.wegmonn@ .!l!,!!P.d!!!! . (l'ubllshed In Htlllld-News Apdl'2l, 2020)\772,246 1119 of 1132 1124Account# Ad Number 580372 0004625015 Attention: Rich Melin PHASE 3 MARKETING PO BOX 680758 MARIETTA, GA 30068 REQUEST FOR PROPOSALS The University of California Is re-questing proposals from qualified and experienced firms to provide Print Goods and Services (RFP No. 001811-FEB2020). In order lo be considered, the Offeror must compJete and submit a proposal to the University of Califomla in ac-cordance with the solicitation documentation available at https://s mart.gep.com/publicRFx/ucal?oloc =215#/ PRE-PROPOSAL CONFERENCE: Monday, April 27, 2020, 1pm PST PROPOSAL DUE DATE: Friday, June 5, 2020 before Noon PST CONTACT: Michael Wegmann, Sr. IT Commodity Manager, IT Strate-gic Sourcing, University of Califor-nia Office of the President at 510.987.0428 or michael.wegmann @ucop.edu 4625015 THE STATE MEDIA CO., INC. Columbia, South Carolina publisher of c!6et~tau The State Media Company NEWSPAPER • DIGrTAL • IIMlAZINES • DIRfCTMAlL AFFIDAVIT OF PUBLICATION Identification REQUEST FOR PROPOSALS The University of California is requesting State of South Carolina County of Richland I, Michelle Long, makes oath that the advertisment, was published in The State, a newspaper published in the City of Columbia, State and County aforesaid, in the issue(s) of ____ lnsertion(s) Published On: April 21, 2020 vUff• Michelle Long Inside Classified Accounts Representative Subscribed and sworn to before me on this 30th day of April in the year of 2020 ~-Notary Public for South Carolina My Commission Expires: November 27, 2022 "Errors-the liability of the publisher on account of errors in or omissions from any advertisement will in no way exceed the amount of the charge for the space occupied by the item in error, and then only for the first incorrect insertion." 1120 of 1132 1125liMES UNION timesunion.com Albany Times Union News Plaza Box 15000 Albany, New York 12212 PHASE 3 MARKETING AND COMMUNICATION~ccount Number: 600120168 109 WESTPARK DRIVE, SUITE 360 Order Number: 0004106915 ATTN: SYDNEY RUBIN Order Invoice Text: Omnia -RFP 00181-Feb BRENTWOOD, TN 37027 R Bernard I T Duquette / C Finnegan / P Sheehan / A Rubel of the city of Albany, being duly sworn, says that he/she is principal Clerk of THE TIMES UNION, a daily newspaper printed in the county of Albany, Town of Colonie, and Published in the County of Albany, Town of Colonie and the city of Albany, aforesaid and that notice of which a printed copy is annexed has been regulary published in the said ALBANY TIMES UNION on the following dates 04-21-2020 (1 ~ l-\-)-).-J<l;,o ~ I s;,.e I I & ¼,,/ ____ wJCR.-L.t,,/ Sworn to before me, this c5l3': day of~ SUSAN R WRIGHT NOTARY PUBLIC, STATE OF NEW YORK Registration No. 01WR4793115 Qualified in Albany Coun1 k ! My Commission Expires ) :> l ~ Y 20~ Notary Public Albany County 1121 of 1132 1126The University of Galifomla Is requesUng proposals from quali-fied and experienced firms lo provide Print Goods and Services (RFP No. 001811-FEB2020). In order lo be considered, lhe Offeror must.complete and submit a proposal to the University of California In accordance wilh the sollci!alion documentation available at https://smart.gep.com/publicRFx/ucal?oloc=215#/ PRE-PROPOSAL CONFERENCE: Monday, April 27, 2020.1pm PST PROPOSAL DUE DATE: Friday, June 5, 2020 be fore Noon PST CONTACT: Mlch"ael Wegmann, Sr. IT Commodity Manager, IT Strategic Sourcing, University of Gallfomla Office of the Presideril st 510.987.0428 or mlchael.weqmann@ucop.edu TU1t 4106915 1122 of 1132 1127 MCA To Whom It May Concern : russell johns May 18th 2020 I am a duly authorized representative of MCA Russell Johns Associates LLC , company handling the advertising matters for USA Today , a daily newspaper distributed within the United States. The University of California RFP was published within said newspaper in the Public Notice Section of the on the following date(s): 4/21/2020 On this the 18th day of May 2020, I attest that the attached documents are true, exact , complete , and unaltered tearsheets . State of Florida County of Pinellas CAMIKA C. WINTER Notary Public, State of Florida My comm. Expires Apr . 16, 2022 No . GG 208003 Russell Johns Associates 1711 O Gunn Hwy Odessa Florida 33556 2 C ❚TUESDAY, APRIL 21, 2020 ❚USA TODAY SPORTS GET NOTICED! Place your advertisement in USA TODAY’s Marketplace! Call:1-800-397-0070 ONE CALL DOES IT ALL! Advertise in USA TODAY’s Marketplace! Call:1-800-397-0070 To view more Classified listings, visit:classifieds.usatoday.com BUSINESS OPPORTUNITIES BUSINESS MARKETPLACE FOR THE HOME HEALTH/FITNESS HEALTH/FITNESS Have you gained weight during the Lockdown? Call/Contact Dr. Kostow Wellness and Weight Loss 717-533-2100 www.kostowwellness.com 15 days FREE! Invest $300,000.00 into 10 Medical Offices $80,000.00 monthly ROI Text Denis: 612-695-4040 NOTICES PUBLIC NOTICE The University of California is requesting proposals from qualified and experienced firms to provide Print Goods and Services (RFP No. 001811-FEB2020). In order to be considered, the Offeror must complete and submit a proposal to the University of California in accordance with the solicitation documentation available at https://smart.gep.com/publicRFx/ucal?oloc=215#/ PRE-PROPOSAL CONFERENCE: Monday, April 27, 2020, 1pm PST PROPOSAL DUE DATE: Friday, June 5, 2020 before Noon PST CONTACT: Michael Wegmann, Sr. IT Commodity Manager, IT Strategic Sourcing, University of California Office of the President at 510.987.0428 or michael.wegmann@ucop.edu Don't let social distancing keep you from staying fit and healthy! Join our group to get daily tips and tricks to make sure you get your workout in! https://www.facebook.com/ groups/legendlabz/ NOTICES ANNOUNCEMENTS HAVE YOU BEEN CLASSIFIED AS A HIGH RISK DRIVER DUE TO DUI, DWI OR TICKETS FOR AGGRESSIVE DRIVING? THE CALL & QUOTE ARE FREE. 800-509-9315 Serenity is here to help by making SR-22 insurance easy to get and affordable for everyone. FINANCIAL ELIMINATE your overwhelming debt We can help if your total debt is $10,000 or more! Avoid bankruptcy today and start over completely debt-free. 800-825-1306 THE CALL IS FREE. CREDIT CARD DEBT MEDICAL DEBT PERSONAL LOANS IMPROVE YOUR CREDIT SCORE Are you getting hit with high interest rates because of a low credit score? Improve it today! 800-852-4931 FREEConsultation FREECreditEvaluation HEALTH/FITNESS Ifyouoralovedonehas beendiagnosedwith ovariancancerafterusing talcumbasedproducts youmaybeentitledto significantcompensation 800-208-3526 TALCUM POWDER SETTLEMENT ATTENTION Ifyou’vehadHerniaSurgery andhaveexperiencedany 800-478-7176800-478-7176 CALL THE HERNIA MESH HELPLINE NOW AT you may be entitled to COMPLICATIONS SIGNIFICANT CASH COMPENSATION. To place your ad in USA TODAY Marketplace, call:1-800-397-0070 Montgmery and Whitney are not cur- rently projected as draft picks. For the first time in Calipari’s tenure, a Kentucky player was not selected in the first 10 picks of the NBA draft last year. ESPN projects that trend to con- tinue in 2020, with Maxey the first Wildcat selected at No. 12, according to its most recent mock draft. But as the average draft selection of Kentucky’s underclassmen has dropped – 19.5 from 2010 to 2015 to 27.6 in the last four drafts – the number of departures has increased, with at least six players leaving each of Kentucky’s last five teams via the draft or transfer. Many would argue Kentucky’s suc- cess with Calipari as coach more than justifies the challenges presented by the annual exodus. After all, the Hall of Fame coach won a national champion- ship, reached four Final Fours and made it to the second weekend of the NCAA Tournament in eight of his first 10 years in Lexington. But is that success enough to justify Kentucky being placed in a league of its own when it comes to roster turnover? To gain a better understanding of how Calipari’s system compares to the Wildcats’ top competitors, The Courier Journal analyzed each signing class from 2009 to 2018 from each of the other 12 programs to either reach multiple Fi- nal Fours or win a national champion- ship during Calipari’s tenure in Lexing- ton: Butler, Connecticut, Duke, Kansas, Louisville, Michigan, Michigan State, North Carolina, Syracuse, Villanova, Virginia and Wisconsin. Success has varied within that group. For instance, Connecticut won two na- tional titles in that span and beat Ken- tucky in the Final Four in both its title years but made the NCAA Tournament just two other times. However, five of those programs (Duke, Villanova, North Carolina, Louisville and Connecticut) boast multiple Final Fours and a nation- al championship during that time frame like Kentucky. The breakdown reveals a stark con- trast between Kentucky and every other program on the list. A league of its own Of the 55 high school or junior college recruits signed by Calipari at UK be- tween 2009 and 2018, only five (9.1%) completed their eligibility in Lexington. Two of the five Wildcats who did were junior college transfers with only two years of eligibility remaining when they signed with Kentucky. At least 36% of the signees at the oth- er 12 programs exhausted their eligibil- ity for that school or remain on the team’s 2020-21 roster. Kentucky is the only team in that group without a single player from its 2017 or 2018 signing class set to return to school next season, including Louis- ville, which did not even sign a high school or junior college player in the 2018 class. The Wildcats’ annual roster churn means Calipari has signed 11 more recruits than any other program on the list. Of his first 55 signees at Kentucky, 41 have entered the NBA draft as under- classmen, more than twice as many as the program with the second most early entrants on the list (Duke, at 20). Of the Blue Devils’ 20 underclassmen to declare for the NBA draft in the 2009 to 2018 signing classes, 17 signed with the program in the second half of that 10-year period. While Mike Krzyzew- ski’s roster turnover has begun to re- semble Kentucky’s, Duke still has two signees from the 2017 and 2018 classes projected to return next season. Searching for experience To be clear, Calipari’s program still finds itself in an enviable position com- pared to the vast majority of college bas- ketball due to a No. 1-ranked 2020 sign- ing class. Once a vocal critic of the NCAA’s graduate transfer rule, Calipari has overcome his reservations to join most other coaches in taking advantage of the ability for graduates to transfer and play right away. This summer the NCAA is expected to allow all players to transfer once without sitting out, adding another avenue for adding experience. Calipari has already signed Creighton graduate transfer Davion Mintz for next season. Rhode Island freshman Jacob Toppin announced he would transfer to Kentucky on Thursday. But the track record of graduate transfers at Kentucky is mixed. None of Calipari’s three UK teams with a graduate transfer reached a Final Four, and one went to the NIT. We’ll nev- er know how the 2020 team might have fared if the NCAA Tournament were played, but it is unlikely role player graduate transfer Nate Sestina would have been the difference in an extended run. Although Calipari is best known for coaching one-and-done players, his biggest problem is less about the instant stars than the players who stick around for two years then leave regardless of their draft stock. His best hope for slowing the annual roster turnover would be to persuade borderline draft prospects like Montgo- mery and Whitney to return to school. The trend of underclassmen leaving despite not being projected as draft picks is not limited to Kentucky. Between 2010 and 2015, between 42 and 50 college underclassmen kept their names in the NBA draft. That num- ber has increased in each of the next four years, all the way to 84 in 2019. With only 60 selections in the two-round draft each year, a growing number of college underclassmen are guaranteed to go undrafted. UK ranks third in the Calipari era in undrafted underclassmen with four, be- hind Louisville and Kansas with six each. Both Louisville and Kansas had at least one undrafted underclassmen on the list who had been dismissed from the team or was ineligible to return due to NCAA investigations, and Kentucky had two other sophomores initially transfer before starting a professional career overseas without ever playing again in college. The vast majority of the other schools’ undrafted early entrants came after three years on campus. All of Ken- tucky’s were sophomores. The four teams with the fewest un- derclassmen to declare for the NBA draft in that group (Butler, Wisconsin, Virginia and Connecticut) actually rank in the top five of most transfers, show- ing roster turnover is not only reserved to NBA factories like Kentucky and Duke. But while those programs generally have enough returning experience to weather a transfer or two each year, Kentucky can ill afford to lose more con- tributors given how many players leave for the draft each year. New challenges ahead If the draft and transfers were not enough concern for Calipari, he was handed a new consideration last week with the news that the NBA’s G League is set to offer elite high school prospects $500,000 or more to skip college all to- gether. Five-star 2020 recruits Jalen Green and Isaiah Todd, both one-time UK tar- gets, became the first players to report- edly accept those deals. UK signee Ter- rence Clarke was among the other 2020 recruits rumored to be considering the G League’s pitch, but he tweeted on Wednesday that he would attend col- lege as planned. Even with Clarke turning down the G League, if Green and Todd thrive in the developmental program before be- coming eligible for the 2021 draft, more of Calipari’s top-end recruiting targets are likely to consider that option. And without top-10 recruits like Clarke or 2020 signee B.J. Boston arriv- ing, replacing six-plus players a year would become all the more difficult. Calipari has proved again and again that assembling the most talent possi- ble – even young talent – tends to keep his teams in the hunt for a national title each year, but even he acknowledges the importance of experience. “The anxiety a freshman has … that a sophomore does not have in this pro- gram is incredible,” Calipari said before the latest round of departures. “Know- ing that each game is the other team’s Super Bowl, that every practice matters, you’re not going through the motions. You don’t take a day off.” Success at Kentucky has never been judged by reaching Sweet 16s and Elite Eights. It comes with Final Fours and national championships. Calipari reached those goals better than any coach for his first six years in Lexington. Now, there is reason to wonder if his system has become too unstable to keep Kentucky in a tier alone among college basketball’s elite. A Final Four run next season would allow Calipari to silence many of his doubters, but another earlier-than- expected exit might be the final proof needed to show the roster turnover is unsustainable. Even with multiple transfers, the 2020-21 Wildcats will have less experi- ence than any of Calipari’s previous teams. For Kentucky to remain the “gold standard” of college basketball, the Hall of Fame coach needs to hurdle his big- gest challenge yet. Kentucky Continued from Page 1C Kentucky players, from left, EJ Montgomery, Tyrese Maxey, Nick Richards and Immanuel Quickley will be early entrants into this year’s NBA draft.MATT STONE/THE (LOUISVILLE) COURIER JOURNAL Ad Number:Insertion Number:Size:Color Type:USA0055818-01N/A0.263BWAdvertiser:Agency:Section-Page-Zone(s):Description:USA TodayN/AC-2-AllMkpl Today cls Apr21Tuesday, April 21, 20201123 of 1132 1128 KENTUCKY 23 MARKETPLACE TODAY For advertising information: 1.800.397.0070 www.russelljohns.com/usat 6uilt on this Side Of the wall. END OF SECTION 1124 of 1132 1129 Page 1 of 2 Print Good and Services UC Systemwide Executive Summary Lead Agency: University of California Solicitation: # 001811-FEB2020 RFP Issued: April 21, 2020 Pre-Proposal Date: April 27, 2020 Response Due Date: September 13, 2019 Proposals Received: # 6 Awarded to: Agreement No. 2020002686 The University of California, Office of the President (UC) issued RFP # 00811-FEB2020 on April 21, 2020 to establish a national cooperative contract to assist UC and national participating agencies, in obtaining the best, most cost-effective and efficient procurement program for MFDs, Laser Printers, related goods, services and supplies. The Regents of the University of California partnered with OMNIA Partners to include a national cooperative purchasing opportunity: The purpose of this Request for Proposal (the “RFP”) is to invite qualified Printer Manufacturers (“Supplier(s)”) to prepare and submit proposals to the University of California (“UC”) to provide multifunction devices (“MFDs”) with copy, print, scan and optional fax functionality, and/or Laser Printers, along with products and support (“Print Goods and Services”) all in accordance with Federal and State of California laws and the requirements of the UC as further detailed in this RFP. The UC has partnered with OMNIA Partners to make the resultant agreement a national cooperative agreement which public agencies, across the country, will be able to utilize. The overall objective of this RFP is to select a Supplier, or multiple Suppliers, to assist UC, and national participating agencies, in obtaining the best, most cost-effective and efficient procurement program for MFDs, Laser Printers, related goods, services and supplies. In addition, Qualified proposers are invited to submit proposals, based on the information provided in this RFP with the intent to establish a business alliance with UC and OMNIA Partners, that will maximize the resources of both organizations to most effectively meet national participating agencies’, and the UC’s, needs. Notice of the solicitation was sent to potential offerors, as well as advertised in the following: • CalUSource website • OMNIA Partners, Public Sector website • USA Today, nationwide • Arizona Business Gazette, AZ • San Bernardino Sun, CA • Honolulu Star-Advertiser, HI • The Advocate – New Orleans, LA • New Jersey Herald, IL • Times Union, NY • Daily Journal of Commerce, OR • The State, SC • Houston Community Newspapers, Cy Creek Mirror, TX • Deseret News, UT • Richmond Times, VA • Seattle Daily Journal of Commerce, WA • Helena Independent Record, MT • Las Vegas Review Journal, NV • The Herald-News, IL 1125 of 1132 1130 OMNIA® P A R T N E R S I US COMMUNITIES" xerox ® Page 2 of 2 On June 5, 2020 proposals were received from the following offerors: • Canon Solutions America • Hewlett Packard (HP) • Konica Minolta Business Solutions • Ricoh Americas Corporation • Toshiba America Business Solutions • Xerox Corporation The proposals were evaluated by an evaluation committee. Using the evaluation criteria established in the RFP, the committee determined that Xerox demonstrated the ability to provide the products and services outlined in the solicitation while offering competitive pricing to members. UC executed a purchasing agreement on November 20 , 2020. Contract Highlights: Provide a broad scope of products and a wide variety of solutions for the past 20 years, and has provided world- class technology, service and support. Xerox is committed to helping Participating Public Agencies by providing innovative technology and solutions to customers of all sizes, regardless of complexity or number of customer locations. Contract includes: • Xerox Technology and Software – Workplace Solutions • Entry Desktop Monochrome and Color Printers • MPS for Non-UC Participating Agencies Term: Initial five (5) year agreement from November 25, 2020 through November 17, 2025 with the option to renew for five (5) additional one-year periods through November 17, 2030. Pricing/Discount: Provided a discounted price list for the most common components of product offerings such as equipment, software, services, and solutions in a not-to-exceed model. All products and services provided by Xerox will be bundled into one monthly price for the OMNIA Partners member. Contact Xerox for details. OMNIA Partners, Public Sector Web Landing Page: https://www.omniapartners.com/publicsector/contract/supplier-contracts/xerox-corporation 1126 of 1132 1131 END OF SECTION 1127 of 1132 1132 CONTRACT FOR PRINT GOODS AND SERVICES ATTACHMENT B • CONTRACT PRICE: https://southmiamiflgov- my.sharepoint.com/:f:/g/personal/skulick_southmiamifl_gov/EmFY5SpWT9dGne- ev17rITkBQTFNmPM7u2mW0h8ZqZG-fA?e=KQEIqt • CITY OF SOUTH MIAMI QUOTATION 1128 of 1132 1133 Lease Pricing PROPOSAL WS Z37126 12/5/2022 08:51:24 Confidential - Copyright© 2008 XEROX CORPORATION. All rights reserved.Page 1 of 4 Presented to City of South Miami By Saxon Bus Sys Sax On 12/5/2022 Omnia contract 2020002686 Negotiated Contract : 072822100 All information in this proposal is considered confidential and is for the sole use of City of South Miami. If you would like to acquire the solution described in this proposal, we would be happy to offer a Xerox order agreement. Pricing is subject to credit approval and is valid until 1/4/2023. For any questions, please contact me at (305)362-0100 Solution Product Description Item Agreement Information Requested Install Date 1. B8155H (XEROX B8155H) - Office Finisher - 2/3 Hole Punch - Customer Ed - Analyst Services Lease Term: 60 months Purchase Option: FMV 11/29/2022 2. B8155H (XEROX B8155H) - Office Finisher - 2/3 Hole Punch - Customer Ed - Analyst Services Lease Term: 60 months Purchase Option: FMV 11/29/2022 3. C8145H (XEROX C8145H) - Int Office Finisher - Customer Ed - Analyst Services Lease Term: 60 months Purchase Option: FMV 11/29/2022 4. B7135H (XEROX B7135 TTRAY) - Integratd Off Finshr - No Post Script - Customer Ed - Analyst Services Lease Term: 60 months Purchase Option: FMV 11/29/2022 5. B7135H (XEROX B7135 TTRAY) - Integratd Off Finshr - No Post Script - Customer Ed - Analyst Services Lease Term: 60 months Purchase Option: FMV 11/29/2022 1129 of 1132 1134 I Lease Pricing PROPOSAL WS Z37126 12/5/2022 08:51:24 Confidential - Copyright© 2008 XEROX CORPORATION. All rights reserved.Page 2 of 4 Solution (Cont’d) Product Description Item Agreement Information Requested Install Date 6. B7135H (XEROX B7135 TTRAY) - Integratd Off Finshr - No Post Script - Customer Ed - Analyst Services Lease Term: 60 months Purchase Option: FMV 11/29/2022 7. C8170H (XEROX C8170H) - Br Finisher C/z Fold - High Capacity Feeder - Br Finisher-2/3 Hp - Customer Ed - Analyst Services Lease Term: 60 months Purchase Option: FMV 11/29/2022 8. C8170H (XEROX C8170H) - Br Finisher C/z Fold - High Capacity Feeder - Br Finisher-2/3 Hp - Customer Ed - Analyst Services Lease Term: 60 months Purchase Option: FMV 11/29/2022 9. C505X (XEROX C505X) - 550 Sheet Feeder Qty:2 - Stand With Storage Lease Term: 60 months Purchase Option: FMV 11/29/2022 10. C505X (XEROX C505X) - 550 Sheet Feeder Qty:2 - Stand With Storage Lease Term: 60 months Purchase Option: FMV 11/29/2022 11. C505X (XEROX C505X) - 550 Sheet Feeder Qty:2 - Stand With Storage Lease Term: 60 months Purchase Option: FMV 11/29/2022 12. B7135H (XEROX B7135 TTRAY) - No Post Script - Customer Ed - Analyst Services Lease Term: 60 months Purchase Option: FMV 11/29/2022 Monthly Pricing Item Lease Minimum Payment Print Charges Meter Volume Band Per Print Rate Maintenance Plan Features 1. B8155H $135.75 1: Black and White Impressions All Prints $0.0065 - Consumable Supplies Included for all prints - Pricing Fixed for Term 1130 of 1132 1135 Lease Pricing PROPOSAL WS Z37126 12/5/2022 08:51:25 Confidential - Copyright© 2008 XEROX CORPORATION. All rights reserved.Page 3 of 4 Monthly Pricing (Cont’d) Item Lease Minimum Payment Print Charges Meter Volume Band Per Print Rate Maintenance Plan Features 2. B8155H $135.75 1: Black and White Impressions All Prints $0.0065 - Consumable Supplies Included for all prints - Pricing Fixed for Term 3. C8145H $128.88 1: Black and White Impressions All Prints $0.0069 2: Color Impressions All Prints $0.0506 - Consumable Supplies Included for all prints - Pricing Fixed for Term 4. B7135H $88.24 1: Black and White Impressions All Prints $0.0071 - Consumable Supplies Included for all prints - Pricing Fixed for Term 5. B7135H $88.24 1: Black and White Impressions All Prints $0.0071 - Consumable Supplies Included for all prints - Pricing Fixed for Term 6. B7135H $88.24 1: Black and White Impressions All Prints $0.0071 - Consumable Supplies Included for all prints - Pricing Fixed for Term 7. C8170H $252.51 1: Black and White Impressions All Prints $0.0059 2: Color Impressions All Prints $0.0506 - Consumable Supplies Included for all prints - Pricing Fixed for Term 8. C8170H $252.51 1: Black and White Impressions All Prints $0.0059 2: Color Impressions All Prints $0.0506 - Consumable Supplies Included for all prints - Pricing Fixed for Term 9. C505X $60.27 1: Black and White Impressions All Prints $0.0160 2: Color Impressions All Prints $0.0890 - Consumable Supplies Included for all prints - Pricing Fixed for Term 1131 of 1132 1136 Lease Pricing PROPOSAL WS Z37126 12/5/2022 08:51:25 Confidential - Copyright© 2008 XEROX CORPORATION. All rights reserved.Page 4 of 4 Monthly Pricing (Cont’d) Item Lease Minimum Payment Print Charges Meter Volume Band Per Print Rate Maintenance Plan Features 10. C505X $60.27 1: Black and White Impressions All Prints $0.0160 2: Color Impressions All Prints $0.0890 - Consumable Supplies Included for all prints - Pricing Fixed for Term 11. C505X $60.27 1: Black and White Impressions All Prints $0.0160 2: Color Impressions All Prints $0.0890 - Consumable Supplies Included for all prints - Pricing Fixed for Term 12. B7135H $75.86 1: Black and White Impressions All Prints $0.0071 - Consumable Supplies Included for all prints - Pricing Fixed for Term Total $1,426.79 Minimum Payments (Excluding Applicable Taxes) 1132 of 1132 1137 END OF DOCUMENT 1138 Lease Pricing PROPOSAL WS Z37126 12/5/2022 08:51:24 Confidential - Copyright© 2008 XEROX CORPORATION. All rights reserved.Page 1 of 4 Presented to City of South Miami By Saxon Bus Sys Sax On 12/5/2022 Omnia contract 2020002686 Negotiated Contract : 072822100 All information in this proposal is considered confidential and is for the sole use of City of South Miami. If you would like to acquire the solution described in this proposal, we would be happy to offer a Xerox order agreement. Pricing is subject to credit approval and is valid until 1/4/2023. For any questions, please contact me at (305)362-0100 Solution Product Description Item Agreement Information Requested Install Date 1. B8155H (XEROX B8155H) - Office Finisher - 2/3 Hole Punch - Customer Ed - Analyst Services Lease Term: 60 months Purchase Option: FMV 11/29/2022 2. B8155H (XEROX B8155H) - Office Finisher - 2/3 Hole Punch - Customer Ed - Analyst Services Lease Term: 60 months Purchase Option: FMV 11/29/2022 3. C8145H (XEROX C8145H) - Int Office Finisher - Customer Ed - Analyst Services Lease Term: 60 months Purchase Option: FMV 11/29/2022 4. B7135H (XEROX B7135 TTRAY) - Integratd Off Finshr - No Post Script - Customer Ed - Analyst Services Lease Term: 60 months Purchase Option: FMV 11/29/2022 5. B7135H (XEROX B7135 TTRAY) - Integratd Off Finshr - No Post Script - Customer Ed - Analyst Services Lease Term: 60 months Purchase Option: FMV 11/29/2022 1139 I Lease Pricing PROPOSAL WS Z37126 12/5/2022 08:51:24 Confidential - Copyright© 2008 XEROX CORPORATION. All rights reserved. Page 2 of 4 Solution (Cont’d) Product Description Item Agreement Information Requested Install Date 6. B7135H (XEROX B7135 TTRAY) - Integratd Off Finshr - No Post Script - Customer Ed - Analyst Services Lease Term: 60 months Purchase Option: FMV 11/29/2022 7. C8170H (XEROX C8170H) - Br Finisher C/z Fold - High Capacity Feeder - Br Finisher-2/3 Hp - Customer Ed - Analyst Services Lease Term: 60 months Purchase Option: FMV 11/29/2022 8. C8170H (XEROX C8170H) - Br Finisher C/z Fold - High Capacity Feeder - Br Finisher-2/3 Hp - Customer Ed - Analyst Services Lease Term: 60 months Purchase Option: FMV 11/29/2022 9. C505X (XEROX C505X) - 550 Sheet Feeder Qty:2 - Stand With Storage Lease Term: 60 months Purchase Option: FMV 11/29/2022 10. C505X (XEROX C505X) - 550 Sheet Feeder Qty:2 - Stand With Storage Lease Term: 60 months Purchase Option: FMV 11/29/2022 11. C505X (XEROX C505X) - 550 Sheet Feeder Qty:2 - Stand With Storage Lease Term: 60 months Purchase Option: FMV 11/29/2022 12. B7135H (XEROX B7135 TTRAY) - No Post Script - Customer Ed - Analyst Services Lease Term: 60 months Purchase Option: FMV 11/29/2022 Monthly Pricing Item Lease Minimum Payment Print Charges Meter Volume Band Per Print Rate Maintenance Plan Features 1. B8155H $135.75 1: Black and White Impressions All Prints $0.0065 - Consumable Supplies Included for all prints - Pricing Fixed for Term 1140 Lease Pricing PROPOSAL WS Z37126 12/5/2022 08:51:25 Confidential - Copyright© 2008 XEROX CORPORATION. All rights reserved. Page 3 of 4 Monthly Pricing (Cont’d) Item Lease Minimum Payment Print Charges Meter Volume Band Per Print Rate Maintenance Plan Features 2. B8155H $135.75 1: Black and White Impressions All Prints $0.0065 - Consumable Supplies Included for all prints - Pricing Fixed for Term 3. C8145H $128.88 1: Black and White Impressions All Prints $0.0069 2: Color Impressions All Prints $0.0506 - Consumable Supplies Included for all prints - Pricing Fixed for Term 4. B7135H $88.24 1: Black and White Impressions All Prints $0.0071 - Consumable Supplies Included for all prints - Pricing Fixed for Term 5. B7135H $88.24 1: Black and White Impressions All Prints $0.0071 - Consumable Supplies Included for all prints - Pricing Fixed for Term 6. B7135H $88.24 1: Black and White Impressions All Prints $0.0071 - Consumable Supplies Included for all prints - Pricing Fixed for Term 7. C8170H $252.51 1: Black and White Impressions All Prints $0.0059 2: Color Impressions All Prints $0.0506 - Consumable Supplies Included for all prints - Pricing Fixed for Term 8. C8170H $252.51 1: Black and White Impressions All Prints $0.0059 2: Color Impressions All Prints $0.0506 - Consumable Supplies Included for all prints - Pricing Fixed for Term 9. C505X $60.27 1: Black and White Impressions All Prints $0.0160 2: Color Impressions All Prints $0.0890 - Consumable Supplies Included for all prints - Pricing Fixed for Term 1141 Lease Pricing PROPOSAL WS Z37126 12/5/2022 08:51:25 Confidential - Copyright© 2008 XEROX CORPORATION. All rights reserved. Page 4 of 4 Monthly Pricing (Cont’d) Item Lease Minimum Payment Print Charges Meter Volume Band Per Print Rate Maintenance Plan Features 10. C505X $60.27 1: Black and White Impressions All Prints $0.0160 2: Color Impressions All Prints $0.0890 - Consumable Supplies Included for all prints - Pricing Fixed for Term 11. C505X $60.27 1: Black and White Impressions All Prints $0.0160 2: Color Impressions All Prints $0.0890 - Consumable Supplies Included for all prints - Pricing Fixed for Term 12. B7135H $75.86 1: Black and White Impressions All Prints $0.0071 - Consumable Supplies Included for all prints - Pricing Fixed for Term Total $1,426.79 Minimum Payments (Excluding Applicable Taxes) 1142 UNIVERSITY OF CALIFORNIA STRATEGIC SOURCING OFFICE OF THE PRESIDENT 1111 Franklin Street. 10th Floor Oakland, California 94607-5200 DATE: 9/26/20 TO: Whom It May Concern FROM: Michael Wegmann Sr. IT Commodity Manager University of California SUBJECT: RFP The Evaluation Committee reviewed the responses and recommended the following companies be awarded: • Canon Solutions America • Ricoh USA, Inc. • Xerox Corporation The recommended vendors submitted offers that were determined to be most advantageous to the University of California Office of the President, based upon the evaluation criteria stated in the RFP. All the recommended respondents were determined to be competitively priced and best suited to provide the specified services outlined in the RFP. We believe all recommended vendors demonstrate the ability to provide and perform the services requested in the proposal. We will monitor their performance and determine at the end of each term if they are eligible for renewal with each new term. This multiple award is most advantageous as it limits contract awards to the least number of suppliers necessary to meet the requirements of end-users. Sincerely, Michael Wegmann Senior Commodity Manager, IT Strategic Sourcing Center of Excellence University of California Office of the President Phone 510.987.0428 michael.wegmann@UCOP.edu BERKELEY • DAVIS • IRVINE • LOS ANGELES • MERCED • RIVERSIDE • SAN DIEGO • SAN FRANCISCO SANTA BARBARA • SANTA CRUZ 1143 - OMNIA CANON XEROX RICHO Config Qty Line Qty Item Code Current Description 5 year lease 5 year lease 5 year lease Config Qty Line Qty Item Code Description 2 1 IMAGERUNNER ADVANCE DX 6855I $91.03 1 2/3 HOLE PUNCHER UNIT-A1 $7.76 1 HIGH CAPACITY CASSETTE FEEDING UNIT-C1 $16.96 1 BUFFER PASS UNIT-P2 $4.02 1 STAPLE FINISHER-AB2 $25.20 1 MID VOLUME CONNECTIVITY 30+PPM UP TO 79PPM $0.00 1 INSTALL PAK DX 6855I $0.00 1 ESP NEXT GEN PCS POWER FILTER 120VOLTS 15 AMP XG-PCS-15D $2.36 TOTAL $147.33 $135.75 $141.71 Config Qty Line Qty Item Code Description 1 1 IMAGERUNNER ADVANCE DX C5840I $133.27 1 CASSETTE FEEDING UNIT-AQ1 $10.15 1 INNER FINISHER-L1 $11.25 1 ESP NEXT GEN PCS POWER FILTER 120VOLTS 15 AMP XG-PCS-15D $2.36 1 MID VOLUME CONNECTIVITY 30+PPM UP TO 79PPM $0.00 1 INSTALL PAK DX C5870I/C5860i/C5850i/C5840i $0.00 TOTAL $157.03 $128.88 $151.25 Config Qty Line Qty Item Code Description 3 1 IMAGERUNNER ADVANCE DX 4835I $60.18 1 INNER FINISHER-L1 $11.25 1 CABINET TYPE-W $1.88 1 DADF-BA1 $6.61 1 ESP NEXT GEN PCS POWER FILTER 120VOLTS 15 AMP XG-PCS-15D $2.36 1 IMAGERUNNER ADVANCE DX 4845I/ 4835I/ 4825I INSTALL PAK $0.00 1 MID VOLUME CONNECTIVITY 30+PPM UP TO 79PPM $0.00 TOTAL $82.28 $88.24 $95.68 Config Qty Line Qty Item Code Description 1 1 IMAGERUNNER ADVANCE DX 4835I $60.18 1 CABINET TYPE-W $1.88 1 DADF-BA1 $6.61 1 ESP NEXT GEN PCS POWER FILTER 120VOLTS 15 AMP XG-PCS-15D $2.36 1 IMAGERUNNER ADVANCE DX 4845I/ 4835I/ 4825I INSTALL PAK $0.00 1 MID VOLUME CONNECTIVITY 30+PPM UP TO 79PPM$0.00 TOTAL $71.03 $75.86 $80.46 Config Qty Line Qty Item Code Description 2 1 IMAGERUNNER ADVANCE DX C5870I $224.47 1 PAPER DECK UNIT-F1 $23.75 1 2/3 HOLE PUNCHER UNIT-A1 $7.76 1 HIGH CAPACITY CASSETTE FEEDING UNIT-C1 $16.96 1 BUFFER PASS UNIT-P2 $3.50 1 STAPLE FINISHER-AB2 $25.20 1 ESP NEXT GEN PCS POWER FILTER 120VOLTS 15 AMP XG-PCS-15D $2.36 1 MID VOLUME CONNECTIVITY 30+PPM UP TO 79PPM $0.00 1 INSTALL PAK DX C5870I/C5860i/C5850i/C5840i $0.00 TOTAL $304.00 $252.51 $295.52 Config Qty Line Qty Item Code Description 3 1 IMAGERUNNER ADVANCE DX C357IF $62.00 1 CASSETTE FEEDING UNIT-AJ1 $5.67 1 ESP NEXT GEN PCS POWER FILTER 120VOLTS 15 AMP XG-PCS-15D $2.36 1 MID VOLUME CONNECTIVITY 30+PPM UP TO 79PPM $0.00 1 INSTALL PAK IRA DX C357IF / C257IF $0.00 TOTAL $70.03 $60.27 $57.95 MONTHLY $1,587.65 $1,426.79 $1,567.06 Using E UC OMNIA National Using E UC OMNIA National Using E UC OMNIA National Using E UC OMNIA National Using E UC OMNIA National Using E UC OMNIA National Using E UC OMNIA National 1144 I I 1145 MIAMI-DADE STATE OF FLORIDA COUNTY OF MIAMI-DADE: Before the undersigned au thority perso nally appeared GUILLERMO GARCIA , who on oath says that he or she is th e DIRECTOR OF OPERATIONS , Leg al Notices of the Miami Daily Business Re vi ew f/k/a Miami Review , a da il y (except Saturday , Sunday and Lega l Holidays) newspaper, publ ished al Miami in Miami-Dade County, Florid a; that th e attached copy of advertisement , be ing a Legal Advertisement of Notice in the matter of CITY OF SOUTH MIAMI -PUBLIC HEARINGS -DEC . 20 , 2022 in the XXXX Court , was published in said newspaper by print in the issues of and/or by publication on the newspaper's website , if authorized, on 12/09/2022 Affian\ fu rthe r says that the newspaper complies with all legal require ments for publication in chapter 50, Flori da Sta tute s. Swor and subscribed before me this 9 day of DECEMBER , A.D. 2022 GU ILL ERMO GARCIA persona lly known to me ,../~-~Y.~~---ROSANA SALGADO t_;(&)~} Commission # HH 336987 ·-~~,:;,·;1i.o.~~_.. Expires November 30 2026 ....... , . CITY OF SOUTH MIAMI, FLORIDA CITY COMMISSION NOTICE OF PUBLIC HEARINGS In order to balance the need for the City of South Miami to function and conduct vital business during the COVID 19 pandemic and, at the same time , to protect the health , safety and welfare of its citizens, officers, officials and admin istrative staff, and pursuant City of South Miam i Code , Chapter 286 .011 , Fla. Stat, the City's Home Rule Powers, and City Manager's declaration of a state of emergency due to the Coronavirus, the City will be holding its City Commission Meeti ng live in chambers and VIRTUALLY through communicat ions med ia technology (CMl) until the state of emergency has ended or social distancing is no longer requ ired by any relevant Executive Orders. All Commission members will participate in Chambers or by video conferencing through the Zoom platform and members of the public may join the meeting via Zoom at (htt s:/ zoom.usr/3056636338 and participate. At a minimum, at least three members of the City Commission will be physical ly present in the City Commission Chambers 1 and they will be broadcast on the Zoom platform along with all other members of the Commission, City Staff and the public who may attend remotely from the Commission Chambers and from other locations . 1146 Ci+'/ of Sol)-\-v\ Miam\ Public Heav,ngs The meeting is scheduled to begin on Tuesda December 20 2 ....fil 7:00 .m. to consider the following public hearing item(s): A Resolution by the Mayor and City Commissioners of the City of South Miami authorizing the Mayor to negotiate and execute a multi-year emplo~ent contract with the City Manager In substantially the attached form. A Resolution authorizing the City Manager to enter into a multi-year lease agreement for City copiers onto a piggyback agreement with OMNIA Partners, a purchasing cooperative: A Resolution authorizing the City Manager to purchase and enter into a multi-year maintenance and service agreement with ADS Technology for the South Miami Par1clng Garage security system. Resolution relating to a Flnal Plat application ..to....Q!lo w.._a replat of a 0.954-acre property, comprised of three contiguous, vacant parcels bound by SW 64th Terrace to the north and SW 61st Court to the west of the three parcels, and as legally described herein. An Ordinance amending the City of South Miami, Florida, Code of Ordinances, Chapter 2, Article I, Section. 2-2.1 regarding rules of procedure of City Commission to conform to the November 8, 2022, Charter referendum concerning the number of required Commission meetings. An Ordinance amending the C i ty of South Miami Code of Ordinances, Chapter 2, Article Ill, and repealing Section 2-26.7 - Commercial Development Board and amending Section 2-26. 10 and converting the Par1clng Board Into the "Hometown District Advisory Board." An Ordinance of the City of South Miami, Florida, abandoning the north 5 feet of the right of way described as the South 10 feet of Lot 37 W. A. Larkins Subdivision as recorded at Plat Book 3 at Page 198 of the public records of Miami-Dade County, Florida. If you d esi re to present evidence or you are unable to use Zoom, there are procedures to follow and other options available including a dedicated phone line to listen and participate in the meeting and limited public attendance, all of which is set forth in the meeting notice posted at City Hall and at httP.://www.sout mia 'fl. ov/580/Public-Meetin s-Noti ces. Anyon e who wishes to rev iew pend ing application, supporting documen ta tion or who desi re to have documents made available for viewing by everyone during th e mee ting must contact the City Clerk by calling 305-663-6340 . Note tha pu uant to Florida Statutes 286.0105, a person who decides-to appeal any decis ion made by a Board , Agency or Commiss ion with respect to any matter considered at its meeting or hearing, a record of the proceedings will be required for sai d appeal and such person will be required to have a verbatim transcript of the proceedings Inc lu ding the testimony and evidence upon which the appeal is to be based . ADA: To request a modification to a policy, practice or procedure or to re- quest an auxiliary aide or service in order to participate in a City program , activity or event, you must on or before 4:00 p.m. 3 business days before the meeting (not counting the day of the meeting) deliver your request to the City Clerk by telephone: 305-663-6340, by mail at 6130 Sunset Drive , South Miami, Florida or email at npayne@southmiamifl .gov. NkengaA. Payne, CMG, FCRM City Clerk 1 The minimum standards for adopting a ll:Solution or enacting an ordinance are set forth in 166.041(4) ... A majority ol the members of the governing body shall constitute a quorum . An affirmativa vote of a maprity of a quorum present is necessary to enact any ord inance or adopt any resolution . •- 12/9 22-57l0000635324M SUNDAY DECEMBER 11 2022 NEIGHBORS ...................................................................................................19SE 1147 MIAMI-~ C o m m u n i t y C o u. n c i I I cmmmiiiil' B o a rd Va c a n c I e s I Several Community Councils are accepting applications for appointments to the following subareas: Community Council 2 (Northeast) Subarea-23 Subarea-24 Subarea-26 Community Council 5 (Country Club of Miami) Subarea-53 Community Council 7 (Biscayne Shores) Subarea -71(a) Subarea -71(b) Subarea -72(a) Subarea -72(b) Subarea -73(a) Subarea -73(b) Community Council 8 (North Central) Subarea-81 Subarea -85 Subarea -At-Large Community Council 10 (Westchester) Subarea -101 Subarea -103 Subarea -105 Community Council 11 (West Kendall) Subarea -112 Subarea -113 Subarea -115 Subarea -116 Subarea -At-Large Community Council 12 (Kendall) Subarea -124 Community Council 14 (Red land) Subarea -141 Community Council 15 (South Bay) Subarea -155 Subarea -156 Community Council 16 (Fisher Island) Subarea -161-(b) Subarea-161-(f) Applicants must be registered voters and reside within the physical boundaries of the Council area for at least six (6) months prior to appointment, and for at least three (3) years as a resident elector of Miami-Dade County. An appointment to the vacancy will expire upon the certification of the 2024 primary election. For more information, interested candidates should contact the Zoning Agenda Coordinator's Office of the Miami-Dade County Department of Regulatory and Economic Resources (RER) at 305-375-1244. Candidates will be required to submit a copy of their voter registration card, photo ID and an updated resume to the Zoning Agenda Coordinator's Office at Stephen P. Clark Center, 111 NW 1st Street, 11th Floor, Miami, Florida 33128. Miami-Dade County employees are not eligible. For legal ads online, go to~ CITY OF SOUTH MIAMI, FLORIDA CITY COMMISSION NOTICE OF PUBLIC HEARINGS In order to balance the need for the City of South Miami to function and conduct vital business during the COVID 19 pandemic and, at the same time, to protect the health, safety and welfare of its citizens, officers, officials and administrative staff, and pursuant City of South Miami Code, Chapter 286.011, Fla . Stat, the City's Home Rule Powers , and City Manager's declaration of a state of emergency due to the Coronavirus, the City will be holding its City Commission Meeting live in chambers and VIRTUALLY through communications media technology (CMT) until the state of emergency has ended or social distancing is no longer required by any relevant Executive Orders . All Commission members will participate in Chambers or by video conferencing through the Zoom platform and members of the public may join the meeting via Zoom at (https ://zoom.us/j/3056636338) and participate. At a minimum, at least three members of the City Commission will be physically present in the City Commission Chambers' and they will be broadcast on the Zoom platform along with all other members of the Commission, City Staff and the public who may attend remotely from the Commission Chambers and from other locations. The meeting is scheduled to begin on Tuesday, December 20, 2022, at 7:00 p.m. to consider the following public hearing item(s): A Resolution by the Mayor and City Commissioners of the City of South Miami authorizing the Mayor to negotiate and execute a multi-year employment contract with the City Manager in substantially the attached form. A Resolution authorizing the City Manager to enter into a multi-year lease agreement for City copiers onto a piggyback agreement with OMNIA Partners, a purchasing cooperative. A Resolution authorizing the City Manager to purchase and enter Into a multi-year maintenance and service agreement with ADS Technology for the South Miami Parking Garage security system. A Resolution relating to a Final Plat application to allow a replat of a 0.954-acre property, comprised of three contiguous, vacant parcels bound by SW 64th Terrace to the north and SW 61 st Court to the west of the three parcels, and as legally described herein. An Ordinance amending the City of South Miami, Florida, Code of Ordinances, Chapter 2, Article I, Section. 2-2.1 regarding rules of procedure of City Commission to conform to the November 8, 2022, Charter referendum concerning the number of required Commission meetings. An Ordinance amending the City of South Miami Code of Ordinances, Chapter 2, Article Ill, and repealing Section 2-26.7 -Commercial Development Board and amending Section 2-26.10 and converting the Parking Board into the "Hometown District Advisory Board." An Ordinance of the City of South Miami, Florida, abandoning the north 5 feet of the right of way described as the South 10 feet of Lot 37 W. A. Larkins Subdivision as recorded at Plat Book 3 at Page 198 of the public records of Miami-Dade County, Florida. If you desire to present evidence or you are unable to use Zoom, there are procedures to follow and other options available including a dedicated phone line to listen and participate in the meeting and limited public attendance, all of which is set forth in the meeting notice posted at City Hall and at http://www.southmiamifl.gov/580/Public-Meetings-Notices. Anyone who wishes to review pending application , supporting documentation or who desire to have documents made available for viewing by everyone during the meeting must contact the City Clerk by calling 305-663-6340. Note that pursuant to Florida Statutes 286.0105, a person who decides to appeal any decision made by a Board , Agency or Commission with respect to any matter considered at its meeting or hearing, a record of the proceedings will be required for said appeal and such person will be required to have a verbatim transcript of the proceedings including the testimony and evidence upon which the appeal is to be based. ADA: To request a modification to a policy, practice or procedure or to request an auxiliary aide or service in order to participate in a City program , activity or event, you must on or before 4:00 p.m. 3 business days before the meeting (not counting the day of the meeting) deliver your request to the City Clerk by telephone: 305-663-6340, by mail at 6130 Sunset Drive, South Miami, Florida or email at npayne@southmiamifl.gov. Nkenga A. Payne, CMC, FCRM City Clerk 'The minimum standards for adopting a resolution or enacting an ordinance are set forth in 166.041(4) -A majority of the members of the governing body shall constitute a quorum. An affirmative vote of a majority of a quorum present is necessary to enact any ordinance or adopt any resolution.•-- CONTRACT FOR PRINT GOODS AND SERVICES THIS AGREEMENT made and entered into this 20th day of December, 2022 by and between the City of South Miami, a Florida municipal Corporation by and through its City Manager (hereinafter referred to as "City") and Xerox Corporation (hereinafter referred to as "Contractor"), an authorized dealer for the OMNIA Partners Program ("Cooperative Purchasing Program") which utilizes the University of California, CA (the "University") Contract Number: 2020002686 effective November 25, 2020 ("Master Contract"), whose address is 14025 NW 60 Ave., Miami FL 33014 and a vendor on the Cooperative Purchasing Program Contract. Unless specifically defined herein, capitalized terms shall have the same meaning as in the Master Contract. WITNESSETH: WHEREAS, the University solicited bids pursuant to a public solicitation for Print Goods and Servicesi and WHEREAS, the University after completing a competitive bidding process, awarded a contract to Contractor; and WHEREAS, the City of South Miami desires to utilize the Master Contract with Contractor as a Participating Public Agency pursuant to its agreement with OMNIA; and WHEREAS, the City is authorized, pursuant to the City of South Miami's Charter, to piggyback off of contracts, such as the Master Contract, that were entered into in accordance with a solicitation process that is at least as vigorous as that of the City of South Miami; and NOW, THEREFORE, the City and the Contractor, each through their authorized representative/official, agree as follows: 1. The City desires to enter into a contract, under the same provisions as set forth in the Master Contract, as modified by this Agreement. 2. The City has reviewed the Master Contract and agrees to the provisions of that contract which shall be applicable to a purchase order to be issued by the City and further agrees to the fair and reasonableness of the pricing. Contractor hereby agrees to provide such goods and/or services, pursuant to the City's purchase order made during the term of this Agreement, under the same price(s), terms and conditions as found in the Master Contract, pertinent copies of which are attached hereto as Attachment A and made a part hereof by reference. 3. All references in the Master Contract, shall be assumed to pertain to, and are binding upon Contractor and the City of South Miami. All decisions that are to be made on behalf of the University as set forth in the Master Contract shall all be made by the City Manager for the City of South Miami. Notwithstanding anything contained in the Master Contract to the contrary, this Agreement shall be governed by the laws of the State of Florida and venue for all dispute resolutions or litigation shall be in Miami-Dade County, Florida. I of 1132 4. Term. The term of the Agreement, including all extensions authorized by the Agreement shall not exceed consecutive five years. 5. Scope of Goods and Services. The scope of goods and services (which may hereinafter be referred to as the "Work") are set forth in the attached Attachment A and any attachments thereto and the City's purchase order. Notwithstanding any provision of the purchase order to the contrary, the use of the purchase order shall be for the City's administrative convenience and any terms and conditions on the purchase order which conflict with or vary from the terms of the Master Agreement (as modified by this Agreement) shall be deemed null and void. The City's purchase order shall include information reasonably required by Contractor to process a transaction. The Contractor has agreed to deliver the goods, if any, and perform the services, if any, in a workman like manner and in accordance with all applicable state, county and City laws, at the locations, if any, designated by the City. The Contractor shall obtain and pay for all permits required for the goods and services rendered, if any, with the exception of permits fees charged by the City, said fees shall be waived. 6. Contract Price. The contract price for the good and services is set forth in Attachment A or B. If not otherwise set forth in the Master Contract, , the Contractor shall be paid upon delivery of all the goods, if any, the completion of all the services, if any, and after final inspection and approval, by the City, that approves of the goods delivered, if any, and the services performed, if any. 7. Precedence. The term, provisions and conditions of this Agreement shall take precedence over the terms, provisions and conditions of the contract between Contractor and the University.:. 8. Public Records: CONTRACTOR and all of its subcontractors are required to comply with the public records law (s.119.0701) while providing goods and/or services on behalf of the CITY and the CONTRACTOR, under such conditions, shall incorporate this paragraph in all of its subcontracts for this Project and shall: (a) Keep and maintain public records required by the public agency to perform the service; (b) Upon request from the public agency's custodian of public records, provide the public agency with a copy of the requested records or allow the records to be inspected or copied within a reasonable time at a cost that does not exceed the cost provided in this chapter or as otherwise provided by law; ( c) Ensure that public records that are exempt or confidential and exempt from public records disclosure requirements are not disclosed except as authorized by law for the duration of the contract term and following completion of the contract if the contractor does not transfer the records to the public agency; and ( d) Upon completion of the contract, transfer, at no cost, to the public agency all public records in possession of the contractor or keep and maintain public records required by the public agency to perform the service. If the contractor transfers all public records to the public agency upon completion of the contract, the contractor shall destroy any duplicate public records that are exempt or confidential and exempt from public records disclosure requirements. If the contractor keeps and maintains public records upon completion of the contract, the contractor shall meet all applicable requirements for retaining public records. All records stored electronically must be provided to the public agency, upon request from the public agency's custodian of public records, in a format that is compatible with 2 of 1132 the infonnation technology syste ms of the public agency. IF THE CONTRACTOR HAS QUESTIONS REGARDING THE APPLICATION OF CHAPTER 119, FLORIDA STATUTES, TO THE CONTRACTOR'S DUTY TO PROVIDE PUBLIC RECORDS RELATING TO THIS CONTRACT, CONTACT THE CUSTODIAN OF PUBLIC RECORDS AT 305-663 -6340; E -mail: npayne@ southmiamifl.gov ; 6130 Sunset Drive, South Miami, FL 33143 . 9. Waiver Jury Trial: C ity and Co ntractor knowing ly, irrevocably vo lunt ari ly and int entionally wa iv e any right e ither may ha ve to a tri al by jury in State or Fe deral Court proceed ings in re spect to any action , proceeding, or laws uit arising o ut of the Co ntract Docum en ts or the performance of the Work the reunder o r a ny countercl aim , cross-c la im or third party claim filed in the same pro ceeding. 10. Notices: Whenever notice shal l be required or permitted herein , it shall be delivered by hand de livery, e-mail (or s imilar electronic tran s mi ss ion), or certified mail with return receipt requested and s hall be deemed delivered on the date shown on the e-mail or delivery confirmat ion for any facs imil e transmission or, if by cert ified mail , the date on the return receipt or the date s hown as the date same was refused or un claimed. Tf hand delivered to the CITY, a copy must be stampe d with th e official CITY receipt stamp showing the date of delive1y , otherwise the document shall not be considered to have been hand del ivered. Notices s hall be de livered to the following individuals or entities at th e addresses (including e-mai l) set forth below or in the introductory paragraph to this co ntract: To CITY: With co pie s to: City Manager, 6130 Sunset Dr. South Miami , FL 33143 Tel: (305) 668-25 I 0 Fax: (305) 663 -6 345 E-mail: ska ma I i@southm iam i fl.gov City Attorney 6130 Su nset Dr. South M iami , FL 33 143 T e l: (305) 793-3546 E-ma il: tpepe @so uthmiamifl.go v TO CONTRACTOR: Xerox Co 1poration 14025 NW 60 Ave., Miami FL 33014 E-mail: marilynn.vallori @ xerox.com With copies to : Xerox Corporation. 1800 M Street NW, Washington , DC 20036 Attn: Sharon Steele Em a il sharon.stee le@xerox.com 3 of 11 32 11. Validity of Executed Copies: This Agreement may be executed in several counterparts, each of which may be construed as an original. 12. Attorneys' Fees and Costs: In the event of any litigation between the parties arising out of or relating in any way to this Agreement or a breach thereof, each party shall bear its own costs and legal fees. Nothing contained herein shall prevent or prohibit the right to be indemnified for any attorney fees incurred in the defense of an action by a person or entity who is not a party to this Agreement. 13. Indemnification: Notwithstanding anything contained in the Master Contract, the City does not waive its sovereign immunity granted by Florida Statutes, Section 768.28, and the City's tort liability shall be limited to the waiver of sovereign immunity provided for in Section 768.28. 14. Severability: If any term or provision of this Agreement or the application thereof to any person or circumstance shall, to any extent, be invalid or unenforceable, the remainder of this Agreement, or the application of such term or provision to persons or circumstances other than those to which it is held invalid or unenforceable, shall not be affected thereby and each term and provision of this Agreement shall be valid and enforceable to the fullest extent permitted by law. 15. E-VERIFY: As a condition precedent to entering into this Agreement, and in compliance with Section 448.095, Fla. Stat., Contractor and its subcontractors must register with and use the E-Verify system to verify work authorization status of all employees hired after January 1, 2021. a) Contractor must require each of its subcontractors to provide Contractor with an affidavit stating that the subcontractor does not employ, contract with, or subcontract with an unauthorized alien. b) Contractor must maintain a copy of the subcontractor's affidavit as part of and pursuant to the records retention requirements of this Agreement. c) The City, Contractor, or any subcontractor who has a good faith belief that a person or entity with which it is contracting has knowingly violated Section 448.09( 1 ), Fla. Stat. or the provisions of this section must terminate the contract with the person or entity. d) The City, upon good faith belief that a subcontractor knowingly violated the provisions of this section, but that the Contractor otherwise complied, must promptly notify Contractor and Contractor must immediately terminate the contract with the subcontractor. e) A contract terminated under the provisions of this Section is not a breach of contract and may not be considered such. 4 of 1132 f) Any contract termination under the pro\'1s1ons of this Section may be challenged no later than 20 calendar days alte r the date on which th is Agrccme111 is terminated pursuant to paragraph b. or c. above. g) Contractor acknowledges that upon termination of this Agreement by the City for a violation of this Section by Contrac tor. Contractor may not be awarded a public contract for at kast one (I) year. Contractor further acknowledges thar Contractor is liable ror any additional cos ts incurred by the City as a result of termination of any con tract for a vio lation of this Section. h) Subcontracts. Contractor or subcontractor must insen in any subcomracts the clauses sci forth in this Section including this Subsection. requiring the subcontractors to include these clauses in any lower tier subcontracts. Contractor is responsible for compliance by any subcontractor or lo\\'cr tier subcontractor with the clauses set forth in this Section and Contractor's failure to enforce compliance is a substamial and material breach of this Agreement. 17. ANTT-DISCRL\11NTION. Contractor and all of its employees. subcontractors and subconsultants. whi le performing work for the City. including the hiring: and retention of employees for th e performance of Work. arc prohibited from discriminating against anyone on the basis of race. color. religion . and family status. ~ex (including sexual orientation. gender identity and intcrscxuality). height. weight. domestic partnership status, lab or organization membership. political affiliation. national origin. age . disability or any other classilication that is tc<lcrally <lelined as a ··protected class .. and Contractor must take all steps necessary to p reven t such discrimination by all of its employees. subcontractors and subconsultants who arc performing work for the City and must ensure nondiscrimination in all programs. services and activities that arc part of the Scope of Services. A ,·iolation of this paragraph is a substantial. material breach of this Conrract. I~ WIT~ESS WHEREOF, and as the duly authori?ed act of the parties, the undersigned representatives of the parties hereto hm·e caused this instrument to be signed in their respecti,·c names by their proper officials on or before the day and year first abo,·c written . Lisa A. Perkins. Account General Manager (type name an d title of signato ry above) 5 of 1132 A T TEST : By : N~ ~~ Nkeni: Payne, Ci0C City Clerk By:_.....-::-=-'"-+--......:..~:___ __ S h a C ity Read a nd Approved as to Form, Language, Legality and Execution T h e reof. -A ✓~ By: >7v ~ ~ T~as F. Pe p e City Attorney 6 of 11 32