Loading...
HomeMy WebLinkAboutCAG2020-221 - Original - OMNIA - Workday/HCMA Intigration & Background Check Services - 11/01/2020ApprovalOriginator:Department: Date Sent:Date Required: Authorized to Sign: †Director or Designee † Mayor Date of Council Approval: Budget? † Yes † No Grant? † Yes † No Type:Review/Signatures/RoutingDate Received by City Attorney:Comments: Date Routed to the Mayor’s Office: Date Routed to the City Clerk’s Office:Agreement InformationVendor Name:Category: Vendor Number:Sub-Category: Project Name: Project Details: Agreement Amount: Start Date: Basis for Selection of Contractor: Termination Date: Local Business? † Yes † No* *If meets requirements per KCC 3.70.100, please complete “Vendor Purchase-Local Exceptions” form on Cityspace. Notice required prior to disclosure? † Yes † No Contract Number: Agreement Routing Form For Approvals, Signatures and Records Management This form combines & replaces the Request for Mayor’s Signature and Contract Cover Sheet forms. (Print on pink or cherry colored paper) Visit Documents.KentWA.gov to obtain copies of all agreementsadccW22373_1_20 Budget Account Number: Teri Smith ✔ ✔ 10001420.64190.1630 ✔ OMNIA/Sterling Contract Original Workday/HCM Contract for background check services and a one-time integration fee for the Workday integration. $ 20,900.00 Other ✔ ✔ 07/09/2020 07/16/2020 11/01/2020 Human Resources 7/10/2020 Mayor - There are several pages to sign--pages 4, 19, & 28 of the electronic document. CAG2020-221 Page 1 of 23 OMNIA PUBLIC SECTOR PARTICIPATION SERVICE AGREEMENT This OMNIA Participation Service Agreement (“Agreement”), effective as of the date of Sterling’s signature (“Effective Date”), is made by and between Sterling Infosystems, Inc. d/b/a Sterling with offices located at 1 State Street Plaza, 24th Floor, New York, NY 10004 (“Sterling”) and City of Kent with offices located at 220 Fourth Avenue South, Kent, WA 98032 ("Client"). The purpose of this Agreement is to allow Client to purchase services from Sterling at the discounted pricing set forth in the Region 4 Education Service Center Contract #R191303 (“Region 4 Agreement”). Except as this Agreement provides otherwise, the terms of the Region 4 Agreement shall control. The representative that executes this Agreement on behalf of Client is authorized to contract with Sterling for the purchase of the services described herein in accordance with the terms of the Region 4 Agreement and this Agreement. In consideration of the mutual obligations set forth in this Agreement, each party agrees to the terms and conditions below and represents that this Agreement is executed by its duly authorized representative. 1.Services 1.1 Sterling shall make available to Client the services listed on Attachment 1, attached hereto, (“Services”) through the applicable Sterling service platform listed on Attachment 1 (“Platform”). Sterling and Client agree that Client’s orders for Services are expected to commence on or about November 1, 2020 (the “Commencement Date”). Any twelve (12) month period starting on the Commencement Date or anniversary thereof is referred to as a “Contract Year”. 1.2 The initial term of this Agreement shall commence on the Commencement Date and continue for a term of twenty- four (24) months (“Initial Term”). Thereafter this Agreement shall automatically renew for successive one month terms (each a “Renewal Term”) unless either party gives notice of its intent not to renew at least thirty (30) days prior to the end of the then current term. The Initial Term and any Renewal Terms constitute the “Term” of this Agreement. Sterling will not provide Services to Client until (i) Client has executed the Background Screening Requirements Addendum (the terms of which are incorporated by reference herein) and (ii) Sterling has approved Client’s Credentialing Application. Client’s affiliates and subsidiaries may use Sterling’s Services under this Agreement, provided that (a) each such affiliate and subsidiary execute a separate Background Screening Requirement Addendum and Credentialing Application, as may be required by Sterling; and (b) Client is responsible for such affiliates’ and subsidiaries’ acts, omissions and compliance with this Agreement. 1.3 During the Term Sterling shall be Client’s preferred provider of non-civil service employee screening services, including without limitation verifications, drug testing, criminal background searches, corporate due diligence. Sterling is not the City’s exclusive provider of screening services. 2.Invoicing and Payment 2.1 Sterling will invoice Client monthly at the prices set forth on Attachment 1 and payment shall be due within thirty (30) days of the date of invoice. A late payment charge of the lesser of 1 ½% per month or the highest lawful rate may be applied to any undisputed outstanding balances until paid. Client shall also reimburse Sterling for all costs incurred in collecting any late payments, including, without limitation, reasonable attorneys’ fees. 2.2 Pricing is exclusive of, and Client will pay, any taxes relating to this Agreement applicable to Client. 3.Restrictions on Use 3.1 Client will obtain and use any background check report, including any consumer report or investigative consumer report, as those terms are defined in the federal and state Fair Credit Reporting Act, as amended (“FCRA”) (collectively “Screening Reports”), solely for the permissible purpose(s) designated by the Client in the Credentialing Application and in accordance with the requirements in the Background Screening Requirements Addendum. Client is responsible for ensuring that its use of the Services and Screening Reports complies with all applicable local, state, federal and international laws, rules, regulations or requirements, including, but not limited to the FCRA. 3.2 Client will not provide any part of the Services or Screening Reports to others, whether directly or indirectly, through incorporation in a database, report or otherwise. 4.Confidentiality 4.1 Client shall not disclose any Screening Reports, or any portion thereof, provided to it by Sterling hereunder except as permitted by this Agreement, required by law, or to the subject of the report. 4.2 Each party (“Recipient”) will treat, and take all reasonable and necessary steps to prevent the disclosure of, all information provided by the other party (“Discloser”) that Discloser designates in writing to be confidential (or that would be understood to be confidential by a reasonable person) in the same manner as Recipient treats its own confidential information (which shall be no less than a reasonable degree of care). Discloser represents and warrants that it has all neces sary legal rights, title, consents and authority to disclose such confidential information to Recipient. Confidential information shall not include information that (i) is or becomes a part of the public domain through no act or omission of Recipient; (ii) was in Recipient’s lawful possession prior to Discloser’s disclosure to                Page 2 of 23 Recipient; (iii) is lawfully disclosed to Recipient by a third-party with the right to disclose such information and without restriction on such disclosure; or (iv) is independently developed by Recipient without use of or reference to the confidential information. Client shall not disclose the negotiated pricing or terms of this Agreement to any third party, except as required by applicable law. The provisions of this section shall not apply to any disclosures that are required by law, subpoena, or court order. 5.Platform 5.1 Sterling will make the Platform available for access and use by Client through a modern web-browser. The Platform and Services may be provided to Client by Sterling and/or Sterling’s subsidiary and affiliate companies (“Sterling Affiliates”). 5.2 Sterling will maintain reasonable safeguards for the Platform designed to protect the security, confidentiality and integrity of the information, data and other content, in any fo rm, that is provided, entered or uploaded by Client to the Platform (“Client Data”). The parties agree to the Data Processing Agreement set out in Attachment 2, attached hereto. 5.3 Client shall not, and shall ensure that its authorized users do not: (i) use the Platform to upload, transmit, or otherwise distribute any content that is threatening, defamatory, fraudulent, infringing, or otherwise unlawful; (ii) store, submit, or distribute viruses, worms, time bombs, malicious code, or any other items of a harmful nature; (iii) use the Platform for any unlawful purpose or to engage in any activity that violates applicable law or the rights of others; (iv) engage in any activity that interferes with or disrupts the Platform or third party data contained therein; (v) attempt to gain unauthorized access to the Platform or its related systems or networks; or (vi) make derivative works of, disassemble, or attempt to reverse compile or reverse engineer any part of the Platform or Services, or access the Platform in order to build a similar or competitive product or service (or contract with a third party to do so). 6.Ownership 6.1 Except for the rights expressly granted to Sterling in this Agreement, Client shall retain all right, title and interest to the Client Data. Notwithstanding the foregoing, Sterling may compile, extract or anonymize data from Client Data in connection with its performance of the Services in aggregate statistical form in such a way that neither the individual(s) being screened nor Client can reasonably be identified, and Sterling will own all right, title and interest in such compiled, extracted or anonymized data. Sterling shall retain all right, title and interest in and to the Platform and all technology and software used to provide it, including all modifications and/or enhancements to the Platform, regardless of the source of inspiration. 7. Disclaimers 7.1 Client acknowledges (a) that the depth of information collected by Sterling varies among sources and Sterling cannot act as an insurer or guarantor of the accuracy, reliability or completeness of the data, and (b) that the information that Sterling discovers with respect to the subject of a background check report is subject to the reporting limitations of the FCRA and other applicable law. 7.2 Sterling may from time to time offer information, guidance, forms, materials, and/or other content (including sample documents) for informational purposes (“Content”), which is not intended to and shall not constitute legal or professional advice, either express or implied. Client agrees not to rely on Sterling for (nor shall Sterling render) legal or professional advice. Client acknowledges and agrees that it is solely responsible for its legal and employment related decisions and will consult with its own legal counsel (at Client’s discretion) regarding all employment law related matters, including but not limited to its legal obligations with respect to its procurement and use of the Services and Screening Reports. 7.3 EXCEPT AS EXPLICITLY SET FORTH IN THIS AGREEMENT, (A) THE PLATFORM, CONTENT AND ALL SERVICES ARE PROVIDED ON AN "AS IS," "AS AVAILABLE" BASIS, (B) STERLING DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING ANY WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, AND (C) STERLING DOES NOT WARRANT THAT THE PLATFORM, CONTENT OR SERVICES WILL BE UNINTERRUPTED OR ERROR-FREE AND DISCLAIMS ANY WARRANTY OR REPRESENTATION REGARDING AVAILABILITY OF THE PLATFORM, SERVICES, SERVICE LEVELS OR PERFORMANCE. 8.Indemnification 8.1 Sterling (“Indemnitor”) shall indemnify, defend and hold Client harmless from and against any and all third party claims arising out of (i) Indemnitor’s negligence or willful misconduct, or (ii) alleged infringement of any third party intellectual property rights while performing under this Agreement. 8.2 Client shall indemnify, defend and hold Sterling harmless from and against any and all third party claims arising out of Client’s failure to comply with its obligations under applicable law relative to its use of the Screening Reports. 9.Limitation of Liability 9.1 NEITHER PARTY WILL BE LIABLE FOR ANY INCIDENTAL, SPECIAL, PUNITIVE, EXEMPLARY, INDIRECT, OR CONSEQUENTIAL DAMAGES OF ANY KIND (INCLUDING LOSS OF PROFITS), REGARDLESS OF WHETHER OR NOT THE OTHER PARTY WAS AWARE OR SHOULD HAVE BEEN AWARE OF THE POSSIBILITY OF SUCH DAMAGES. 9.2. EXCLUDING STERLING’S INDEMNIFICATION OF CLIENT UNDER SECTION 8.1 ABOVE OR FEES AND COSTS AWARDED UNDER SECTION 11.7 EACH PARTY’S MAXIMUM LIABILITY TO EACH OTHER ARISING OUT OF OR RELATING TO THIS AGREEMENT, REGARDLESS OF THE CAUSE OF ACTION (WHETHER IN CONTRACT, TORT, BREACH OF WARRANTY OR OTHERWISE), WILL NOT EXCEED $750,000. 9.3. The foregoing limitations shall not apply to the extent not permitted by applicable law or with respect to breach of Sections 1.2, 1.3, 2.1, 3 or 4.1. 10.Termination 10.1 As provided for in Section 1.2, after the Initial Term, this Agreement can be terminated with thirty (30) days’ notice. 10.2 If a party materially breaches this Agreement, the non-                Page 3 of 23 breaching party may terminate this Agreement if such breach is not cured within sixty (60) days after written notice of such breach. 10.3 Sterling may immediately suspend Services or terminate this Agreement, in whole or in part, upon notice if (i) Client fails to pay amounts when due, (ii) Client files bankruptcy or reorganization or fails to discharge an involuntary petition within sixty (60) days after filing date, or (iii) Sterling reasonably believes that its provision, or Client’s use, of the Services v iolates the FCRA or other applicable law. 10.4 All provisions that by their nature are intended to survive, including but not limited to payment obligations, disclaimers of warranties, confidentiality and limitations of liability, shall survive the termination of this Agreement. 11 Choice of Law; Disputes 11.1 This Agreement is governed by and construed in accordance with the laws of the State of Washington, without regard to choice of law provisions. The parties shall file in federal court when possible. 12. Miscellaneous 12.1 This Agreement along with the Region 4 Agreement, addenda, attachments, exhibits and/or schedules (including the Background Screening Requirements Addendum and Credentialing Application), constitute the entire agreement between Sterling and Client regarding the Services. All prior agreements, both oral and written, between the parties on the matters contained in this Agreement are expressly cancelled and superseded by this Agreement. In no event shall any terms or conditions included on any form of Client purchase order apply to the relationship between Sterling and Client hereunder. In the event of any conflict between this Agreement and any addenda, attachments, exhibits and/or schedules, this Agreement shall control. Any amendments of or waivers relating to this Agreement must be in writing signed by the party, or parties, to be charged therewith. Except for Client’s payment obligations hereunder, neither Party shall be responsible for any events or circumstances beyond its control including but not limited to war, riots, terrorism, embargoes, strikes and/or Acts of God) that prevent it from meeting its obligations under this Agreement. This Agreement may be executed in any number of counterparts, each of which will be deemed to be an original, and all of which taken together will be deemed to constitute one and the same instrument. Delivery of an executed signature page to this Agreement by any party by electronic transmission will be as effective as delivery of a manually executed copy of the Agreement by that party. 12.2 Except as otherwise set forth in this Agreement, all notices related to this Agreement shall be in writing and delivered to the party’s address specified in this Agreement. Notices related to billing may be sent via electronic mail to the billing contact designated by Client. 12.3 Sterling shall provide notice (an alert via the Platform is sufficient) with respect to any change to or discontinuation of any Services and/or the Platform as necessary to comply with applicable law or vendor requirements. 12.4 Sterling may use Client’s brands, logos, service marks, trade name, and other source identifiers for the purpose of representing to third parties that Sterling is providing Services to Client. 12.5 Neither party may assign this Agreement without the prior written consent of the other party; however, Sterling may assign this Agreement without prior written consent (i) to any of its affiliated companies, (ii) pursuant to a corporate reorganization, merger or consolidation of its business, or (iii) pursuant to the sale of all or substantially all of its assets. 12.6 Client acknowledges that Sterling’s vendors, and/or partners may require Client to execute additional terms and conditions and/or documentation as a condition precedent to Sterling providing certain services. If such need arises, Sterling will promptly advise Client to ensure no interruption in service occurs. 12.7 If either party must enforce its rights under this Agreement against the other party, the successful party shall be entitled to recover all costs incurred, including reasonable attorneys’ fees, in addition to any other relief to which it is entitled. The foregoing shall not be subject to the limitations set forth in Section 9 above. STERLING INFOSYSTEMS, INC. Client: City of Kent Signature: \s2\ Signature: \s1\ Print Name: \n2\ Print Name: \n1\ Title: \t2\ Title: \t1\ Date: \d2\ Date: \d1\                          Dana Ralph Mayor 07/13/2020 Page 4 of 23 ATTACHMENT 1 - PRODUCTS AND PRICING PLATFORM: Screening Direct Expected Annual Volume (in number of applicants/employees searched) per Contract Year: 400 Services Price single name not to exceed Price for all names/ aliases Average Turnaround Time (in business days) Comments Data Confirmation Searches Social Security Number verification (CBSV) $ 4.00 2-3 business days Social Security Number search/trace (Address History Report) $ 1.00 instant Criminal History Searches County criminal search in a single county $ 6.00 $ 10.50 1 day Plus county fees where applicable County criminal search in all counties where the Consumer lived in the past 5 years based on the Social Security Number search $ 9.50 $ 16.50 1 day Plus county fees where applicable County criminal search in all counties where the Consumer lived in the past 7 years based on the Social Security Number search $ 10.50 $ 18.25 1 day Plus county fees where applicable County criminal search in all counties where the Consumer lived in the past 10 years based on the Social Security Number search $ 13.50 $ 23.50 2 days Plus county fees where applicable County criminal search in all counties where the Consumer lived in the past 15 years based on the Social Security Number search $ 30.00 $ 52.50 2 days Plus county fees where applicable County criminal search in all counties where the Consumer lived - UNLIMITED $ 45.00 $ 78.75 2 days Plus county fees where applicable State criminal search - single state $ 6.00 $ 10.00 2 days Plus state fees State criminal search in all states where the Consumer lived in the past 7 years based on the Social Security Number search $ 10.00 $ 17.00 2 days Plus state fees State criminal search in all states where the Consumer lived in the past 10 years $ 12.50 $ 21.25 2 days Plus state fees                Page 5 of 23 based on the Social Security Number search Federal district criminal court search for a single federal district $ 2.75 $ 4.25 1 day Plus fees where applicable Federal district criminal court search for all federal districts where the Consumer lived in the past 7 years based on the social security number search $ 4.50 $ 7.75 1 day Federal criminal search in all federal districts where the Consumer lived in the past 10 years based on the Social Security Number search $ 6.50 $ 11.25 1 day Add criminal for jurisdictions off education and employment locations $ 6.00 $ 10.50 1 day Per county/state/district price National Criminal Database check with validations included in price $ 4.00 $ 7.00 1 day Validations included but county fees passed through if necessary Locator Select (formerly ArrestDirect) with county validations included $ 4.00 $ 7.00 1 day Validations included but county fees passed through if necessary DOJ 50-State Sex Offender Search $ 2.50 $ 4.25 1 day Office of Financial Assets Control (OFAC) search $ 2.00 $ 3.50 1 day Civil Searches Driving record search from a single state DMV (Department of Motor Vehicles) $ 2.00 1 day Plus state fees Credit report for employment purposes $ 4.00 1 day Site Inspection for Credit Reports $ 85.00 One time third party vendor pass thru fee. Subject to increase if vendor raises fees Upper county civil courts search in a single county $ 14.00 $ 24.50 3 days Plus fees where applicable Upper county civil courts search in all counties where the consumer has lived in the past 7 years based on the social security number search $ 30.00 $ 52.50 3 days Plus fees where applicable Upper and Lower county civil courts search in a single county $ 29.00 $ 50.75 4 days Plus fees where applicable Upper and Lower county civil courts search in all counties where the consumer $ 60.00 $ 105.00 4 days Plus fees where applicable                Page 6 of 23 has lived in the past 7 years based on the social security number search Healthcare Profession Searches Fraud and Abuse Control Information System - Level I $ 4.00 2 days Fraud and Abuse Control Information System - Level II $ 5.00 2 days Fraud and Abuse Control Information System - Level III $ 6.00 2 days Office of Inspector General (OIG) excluded persons list search $ 3.00 1 day General Services Administration (GSA) excluded parties list search $ 2.00 1 day OIG (Office of Inspector General) /GSA (Government Services Administration) Check (Combined) $ 4.75 1 day National Practitioners Data Bank (NPDB) $ 3.50 1 day Neglect/Abuse Databases $ 5.50 1 day Verifications Employment verification for one employer $ 6.00 2 days For one employer - plus verification fees when applicable Employment verification for all employers in past 7 years $ 14.00 2 days Plus verification fees where applicable Employment verification for all employers in past 10 years $ 20.00 3 days Enhanced Employment/Education verification (3 calls to employer/school, 2 calls to candidate to obtain proof, then close) - per school/employer $ 9.00 3 days Per verification - plus verification fees when applicable Enhanced Employment verification (3 calls to employer, 2 calls to candidate to obtain proof, then close) - all employers, last 7 years $ 20.00 3 days Per verification - plus verification fees when applicable Enhanced Employment verification (3 calls to employer, 2 calls to candidate to obtain proof, then close) - all employers, last 10 years $ 27.50 3 days Per verification - plus verification fees when applicable                Page 7 of 23 Enhanced Employment/Education verification (3 calls to employer/school, 2 calls to candidate to obtain more info, 2 calls to additional entity, obtain proof from candidate, then close) - per school/employer $ 12.50 3 days Per verification - plus verification fees when applicable Education verification with one educational institution for highest degree granted $ 6.00 2 days Plus Verification fees where applicable Education verification for all completed educational institutions $ 15.00 3 days Plus Verification fees where applicable Professional license verification with one licensing agency $ 6.00 1 day Plus fees where applicable Professional/Personal Reference $ 9.00 2 days Military Verification $ 7.50 Varies Plus fees where applicable Department of Transportation (DOT) Verification $ 7.50 3 days plus fees where applicable Other Applicant Tracking System (ATS) or Human Resources Information System (HRIS) Integration Fee see notes Integration fees waived if standard integration. Custom integrations - prices vary based on complexity. See Details Below Educational Offerings see notes Free webinars and trainings on Sterling's services and technology as available. Additional notifications and updates through Member notifications and newsletters all at no charge to Member Pre-adverse/adverse letters $ 5.50 Per candidate Client Matrix Application (CMA) – Report Ratings based on client criteria $ 1.75 Per report Patriot Act Check $ 6.00 1 day Combines EPLS, OFAC, FDA, and OIG Checks Excluded Parties List System (EPLS) $ 3.50 1 day Federal Financial Institutions Check $ 7.00 1 day                Page 8 of 23 Limited Denial of Participation (HUD Programs) $ 7.00 1 day Denied Persons List $ 7.00 1 day Globex Report (Extended Global Sanctions) $ 6.50 1 day Bishops Services varies Varies based on client need Commercial Driver’s License Information System (CDLIS) Check (price includes fees) $ 3.75 1 day Notifies user where applicant has had license and can trigger MVR for each state – includes fees Alias / Maiden Name checks - for any other services where price may not specifically be listed 1.75x single name price Global Screening varies varies All global screening quotes will be based on 10,000 check volume in Sterling Global Toolkit (lowest possible pricing at any given time). International searches are available in 200 countries. Fingerprint Check (FINRA) $24.00 Fingerprint Check (FBI) $24.00 Plus FBI Fees Social Media Check $30.00 Department of Transportation PSP Crash & Inspection Records (DOTFMCSA) $ 15.50 2 days Plus fees Managed Compliance (Sterling sends out FCRA documents upon candidate requests) $ 4.00 Per candidate Resume Comparison $ 13.50 3 days Per candidate Order Entry Fee $ 7.50 Drug Screening Non-DOT Urine 5, 9, 10 Panel (collection in network includes collection, lab, and medical review officer) $ 26.00 1-2 days on negatives, 2-4 days on non-negatives Plus third-party collection fees if necessary Non-DOT Urine Panel w/ MDMA (Ecstasy) (collection in network includes collection, lab, and medical review officer) $ 26.00 1-2 days on negatives, 2-4 days on non-negatives Non-DOT Medical Professional 19 Panel (collection in network includes collection, lab, and medical review officer) $ 75.00 1-2 days on negatives, 2-4 days on non-negatives                Page 9 of 23 Non-DOT Urine Panel w/ Expanded Opiate (collection in network includes collection, lab, and medical review officer) $ 33.00 1-2 days on negatives, 2-4 days on non-negatives DOT 5 Panel Urine Drug Test (collection in network includes collection, lab, and medical review officer) $ 28.00 1-2 days on negatives, 2-4 days on non-negatives E-Screen (OHN) Urine 5, 7, 9 Panel (collection out of network includes collection, lab, and medical review officer) $ 38.00 1-2 days on negatives, 2-4 days on non-negatives Non-DOT Urine 4 Panel (removal of marijuana panel, collection in network includes collection, lab, and medical review officer) $ 26.00 1-2 days on negatives, 2-4 days on non-negatives Plus third-party collection fees if necessary 10 panel Urine Drug Screen with Expanded Opiate, Oxy+ua (12 Panel) $ 32.85 5 Panel eCup Rapid Test $ 8.75 Oxycodone Add-On $ 7.00 Urine: 10 Panel Instant Device (iCup) $ 150.00 Per box of 25 tests ($6 per test) Urine: 10P POCT Instant Result $ 26.60 Plus out-of-network collection fees if necessary Oral: 5P Lab Self Collect (Intercept) $ 21.50 Plus out-of-network collection fees if necessary Oral: 4P Lab Self Collect (Intercept) $ 21.50 Plus out-of-network collection fees if necessary Oral: Oral Fluid Device (Intercept) $ 107.25 Kits are sold and priced in bundles of 25. Shipping charges will apply. Oral: 6 Panel Instant Device (OralTox) $ 200.00 Kits are sold and priced in bundles of 25. Shipping charges will apply. Hair Drug Testing (5-panel) $ 67.00 Plus out-of-network collection fees if necessary Random Screening Management $ - No additional charge Additional Services Clinical:Pulmonary Function+OSHA Quest. $ 60.25 In Network Pricing. Clinial: OSHA Medical Questionnaire $ 50.00 In Network Pricing.                Page 10 of 23 Physical: OSHA Medical Opinion Letter $ 37.25 In Network Pricing. Audiogram $ 41.25 In Network Pricing. Clinical: Ishihara (Color) Vision $ 35.75 In Network Pricing. Clinical: Snellan (Wall Chart) Vision $ 43.00 In Network Pricing. Onsite Collections Varies Will vary based on exact needs Physical: DOT Examination - FAA or USCG $ 132.00 In Network Pricing. Physical: DOT Examination - FMCSA, FRA, FTA, or PHMSA $ 102.50 In Network Pricing. Physical: Examination $ 78.00 In Network Pricing. Breath Alcohol Testing $ 46.75 In Network Pricing. Blood Alcohol $ 34.00 In Network Pricing. 5 Panel Blood with Expanded Opiates $ 302.50 In Network Pricing. Unless otherwise noted in a product description, the Services reflected herein may incur additional fees, including, without limitation, court access fees, employment/education third party database costs, out of network drug testing fees, and state Department of Motor Vehicle fees (“Fees”). Fees, if any, will be included on monthly invoices and are subject to change without notice.                Page 11 of 23 I-9 E-Verify Services: Service/Product Price Note FI9/eVerify $2.95 - Online Form I9 and Submission to eVerify Location Setup - Per Client $750 - Initial account setup, administration- includes 1 location Additional Locations Setup $35 - Per additional location. Up to $5,000 maximum Annual I9 Solution Maintenance $350 Data Migration - Setup $1,250 - SOW required prior to implementation Data Migration - Per Record $0.15 - Electronic upload/storage of I9 data. - SOW mandatory prior to implementation - Document storage required- see below for cost Remote Hire - Setup $750 - Used for non-system user I9 access and processing Remote Hire - FI9/eVerify Less than 250: $ 14.00 - Completion Form I9, and submission to eVerify 251- 2,000: $ 11.25 - Used for non-system user I9 access and processing 2,001 - 5,000+: $ 8.00 Remote Hire - Notary Setup $450 - Access to 12k Notary Network Remote Hire - Notary "Standard" $75 - 1-3 day TAT Remote Hire - Notary "Rush" $200 - 24hr TAT Remediation Software Setup $6,200 - SOW required prior to bid Remediation - Monthly Software Charge $1,050 - Document storage required - see below for cost Remediation - Per Paper I9 Record $11 - Scan, convert, audit, and present for remediation Document Storage (Monthly Fee) $ 100.00 First 1GB - Applies to Data Migration and Remediation services $ 15.00 per additional 1GB                Page 12 of 23 Licensing Pricing (Only for clients requiring setup on SterlingONE platform) ESSENTIALS ESSENTIALS PLUS ULTIMATE VOLUME OF ANNUAL NEW HIRES Standard Background/Drug Screening Services For Unlimited annual I-9 E-Verify For Unlimited I-9 E- Verify plus Onboarding Up to 100 Fee Waived $550.00 $2,800.00 101-250 Fee Waived $1,000.00 $6,750.00 251-500 Fee Waived $1,750.00 $13,250.00 501-750 Fee Waived $2,437.50 $18,000.00 751-1000 Fee Waived $2,800.00 $20,000.00 1001-1500 Fee Waived $4,125.00 $26,250.00 1501-2000 Fee Waived $5,400.00 $31,000.00 2001-3000 Fee Waived $7,950.00 $44,250.00 3001-4000 Fee Waived $10,600.00 $55,000.00 4001-5000 Fee Waived $13,250.00 $65,000.00 5001-6000 Fee Waived $15,000.00 $72,000.00 6001-8000 Fee Waived $20,000.00 $88,000.00 8001-10,000 Fee Waived $23,500.00 $105,000.00 10,001-15,000 Fee Waived $30,000.00 $150,000.00 15,001-20,000 Fee Waived $40,000.00 $195,000.00 20,001-25,000 Fee Waived $50,000.00 $237,500.00 25,001-30,000 Fee Waived $60,000.00 $270,000.00 30,001-35,000 Fee Waived $70,000.00 $315,000.00 35,001-40,000 Fee Waived $80,000.00 $360,000.00 40,001-45,000 Fee Waived $90,000.00 $395,437.50 45,001-50,000 Fee Waived $100,000.00 $427,500.00 50,001-60,000 Fee Waived $120,000.00 $501,600.00 60,001-70,000 Fee Waived $140,000.00 $571,900.00 70,001-80,000 Fee Waived $160,000.00 $638,400.00 80,001-90,000 Fee Waived $180,000.00 $701,100.00 90,001-100,000 Fee Waived $200,000.00 $760,000.00 ATS INTEGRATION FEES Product Description OMNIA Member Price Integration Fee (Standard) - Avature Waived Integration Fee (Standard) - Bond-Adapt Waived Integration Fee (Standard) - Bond-eEmpact Waived Integration Fee (Standard) - Bond-StaffSuite Waived Integration Fee (Standard) - Bullhorn Waived Integration Fee (Standard) - Compas Waived Integration Fee (Standard) - CredentialSmart Waived                Page 13 of 23 Integration Fee (Standard) - Fast Recruiting Waived Integration Fee (Standard) - Greenhouse Waived Integration Fee (Standard) - HealthCare Source Waived Integration Fee (Standard) - Hirebridge Waived Integration Fee (Standard) - iCIMS Waived Integration Fee (Standard) - Interview Exchange Waived Integration Fee (Standard) - Jazz Waived Integration Fee (Standard) - Jobaline Waived Integration Fee (Standard) - Jobvite Waived Integration Fee (Standard) - MaxHire Waived Integration Fee (Standard) - MDStaff Waived Integration Fee (Standard) - Micron-BizCruit Waived Integration Fee (Standard) - Micron-LawCruit Waived Integration Fee (Standard) - MyStaffingPro Waived Integration Fee (Standard) - Newton Waived Integration Fee (Standard) - Infor-PeopleAnswers Waived Integration Fee (Standard) - Pereless Waived Integration Fee (Standard) - SmartRecruiters Waived Integration Fee (Standard) - SmartSearch Waived Integration Fee (Standard) - Snagajob Waived Integration Fee (Standard) - talentReef Waived Integration Fee (Standard) - Taleo Business Edition Waived Integration Fee (Standard) - TribeHR Waived Integration Fee (Premium) - Custom Web Services $ 5,000.00 Integration Fee (Premium) - Custom Batch $ 5,000.00 Integration Fee (Premium) - Kenexa $ 5,000.00 Integration Fee (Premium) - OpenHire (HRNX) $ 5,000.00 Integration Fee (Premium) - Peoplefluent - RMS/TM $ 5,000.00 Integration Fee (Premium) - SuccessFactors $ 5,000.00 Integration Fee (Premium) - Taleo Enterprise $ 5,000.00 Integration Fee (Premium) - Ultimate Software $ 5,000.00 Integration Fee (Premium) - Workday Recruiting $ 5,000.00 Integration Fee (Premium) - Other $ 5,000.00 Basic Integration - Additional Project Management Support (Per Hour) $ 200.00 Premium Integration - Additional Project Management Support (Per Hour) $ 200.00                DD A T A P ROC E SSI N G A GRE E ME N T Page 14 of 23 ATTACHMENT 2 This Data Processing Addendum (“DDPA”), is hereby attached to the Service Agreement between Sterling Infosystems Inc. (“Sterling”) and the company named below (“CClient”). This DPA is effective as of January 1, 2020 1 and supersedes and cancels any prior data processing agreement between the parties. Each party represents and warrants that the execution of the DPA is duly authorized and that this DPA is a valid and legal agreement binding on the parties and enforceable in accordance with its terms. 1.Definitions “AAgreement” means the service agreement to which this DPA is attached. “AApplicable Law” means enactments that apply to the Processing of Client PI, including without limitation laws and regulations about privacy, data protection, police and court records, employment, and consumer reporting. “AAuthority” means a court, regulatory or supervisory body, law enforcement agency or other government entity. “BBCRs” means binding corporate rules, as defined in the GDPR, which have been approved by the relevant Authority and apply to the Processing of Client PI by Sterling or a Subprocessor. “CCCPA” means the California Consumer Privacy Act (Cal. Civ. Code § 1798.100 et seq.). “CClient Personal Information” or “Client PI” means information about identified or identifiable individuals (“PPersonal Information” or “PPI”) Processed by Sterling under the Agreement. “DData Incident” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Client PI in the custody of Sterling or a Subprocessor.2 “DData Subject” means an identified or identifiable individual. “EEuropean Adequate Protection Area ” means: (a) European Jurisdictions; (b) countries, or sectors within a specified country, that the European Commission (or other relevant Authority in a European Jurisdiction) recognizes as having an adequate level of protection for PI. “EEuropean Jurisdiction” means any one of: (a) the European Economic Area (“EEA”); (b) Switzerland; or (c) the United Kingdom. 3 “EEuropean Law” means the laws applicable in European Jurisdictions, including without limitation the General Data Protection Regulation (EU) 2016/679 (“GDPR”). “FFCRA” means the state and federal Fair Credit Reporting Acts (Ch. 19.182 RCW and 15 U.S.C. § 1681 et seq., respectively). “GGDPR Compensation Claim” means a claim for compensation against a party under Article 82 GDPR and all compensation, legal fees and other expenses arising directly from that claim. “GGDPR Fine” means an administrative fine imposed against a party under Article 83 GDPR. “PProcess” means to perform any operation on information, including without limitation collection, use, access, communication, disclosure, storage, destruction and Anonymization. “PPrograms” means documented information security, privacy, disaster recovery and business continuity programs that include without limitation policies, procedures, training, testing, monitoring, and enforcement. “RRetention Obligation” means Sterling’s obligation to retain Client PI under Applicable Law or a contract with a third-party source of Client PI. If Sterling is a data processor under European Law, then Retention Obligations are limited to those imposed by European Law.4 “SSCCs” means the standard contractual clauses issued under European Commission Decision 2010/87/EU, or the relevant clauses issued to replace them. “SServices” means background screening or other services performed by Sterling under the Agreement.                DD A T A P ROC E SSI N G A GRE E ME N T Page 15 of 23 “SSubprocessor” means an entity that Processes Client PI on behalf of Sterling. “TThird-Party Request” means a request, complaint, demand, notice or other communication Sterling receives from a Data Subject, Authority or other third party relating to Client’s obligations under, or compliance with, Applicable law, other than communications that are necessary to provide the Services. 2.Compliance 2.1. The terms of this DPA will apply as long as Sterling or a Subprocessor has Client PI in its custody. 2.2. Sterling shall not authorize any person to Process Client PI unless that person is subject to appropriate confidentiality obligations. 2.3. Except as otherwise stated in this DPA, Sterling is responsible for Sterling personnel’s and Subprocessors’ compliance, and liable for their non-compliance, with this DPA and Applicable Law. 2.4. On Client’s request and subject to any limitations set out in this DPA,5 Sterling shall provide reasonable assistance to Client in meeting its data protection obligations under Applicable Law, taking into account the nature of the Processing and the information available to Sterling. This may include, without limitation, participation in security or data protection impact assessments, audits, and interactions with Data Subjects or Authorities. 2.5. Client shall not instruct Sterling to Process Client PI in violation of Applicable Law. If European Law applies, Sterling shall inform Client if Sterling believes any instruction from Client violates European Law. 2.6. Notwithstanding anything to the contrary in the Agreement or elsewhere, Sterling may deliver notice contemplated in this DPA by email or through its online platform.6 3.Roles of the Parties 3.1. For the purposes of European Law, the parties consider that Client is a controller and Sterling is a processor of Client PI, except as otherwise stated in this DPA or determined by an Authority.7 For the purposes of federal or provincial privacy laws in Canada, the parties consider that Client has control of Client PI and Sterling has custody but not control of Client PI. 3.2. If Sterling is a responsible person or umbrella body for the purposes of criminal record disclosure carried out by the Disclosure and Barring Service, Disclosure Scotland or Access NI, then the parties consider that Sterling is a controller of Client PI Processed for these purposes.8 3.3. The parties acknowledge that Sterling’s performance, and Client’s use, of the Services are exempt from the CCPA to the extent they constitute the collection, maintenance, disclosure, sale, communication, or use of any personal information bearing on a consumer’s credit worthiness, credit standing, credit capacity, character, general reputation, personal characteristics, or mode of living by a ‘consumer reporting agency’ or by a ‘user’ of a ‘consumer report’, as each of those terms is defined or used in the FCRA. If Sterling Processes Client PI relating to Data Subjects who are California consumers (as defined in the CCPA) outside the context of this exemption (“NNon-FCRA Client PI”), then the parties acknowledge that Sterling acts as a service provider for the purposes of the CCPA.9 3.4. Except as otherwise stated in this DPA or required by Applicable Law, Sterling shall: (a) notify Client of all Third-Party Requests without undue delay; (b) provide information and assistance to Client as Client reasonably requests to allow Client to respond to Third-Party Requests; and (c) not respond directly to Third-Party Requests except as directed by Client or required by Applicable Law. 4.Processing 4.1. This DPA applies to all Client PI that Sterling Processes. The types of Client PI that Sterling Processes that are subject to European Law, if applicable, are listed in Annex 2.10 4.2. The nature, purpose and subject matter of the Processing of Client PI are as documented in the Agreement. 4.3. The Data Subjects are Client’s prospective or current employees, volunteers, tenants, students, members, directors, registrants, contractual partners or others as documented in the Agreement or a credentialing application completed by Client. 4.4. The duration of the Processing is the duration of the Agreement and thereafter according to any further documented agreement between the parties. 4.5. Client acknowledges that the nature of the Services may require disclosure of Client PI to, and collection of Client PI from, third parties that are not Subprocessors, including without limitation Authorities or the                DD A T A P ROC E SSI N G A GRE E ME N T Page 16 of 23 Data Subject’s current and past employers or educational institutions. Client’s request for Services will be deemed to be Client’s instruction to Sterling to disclose Client PI to, and collect Client PI from, third parties that are not Subprocessors as necessary to perform those Services.11 4.6. Sterling shall not Process Client PI except as necessary to: (a) provide the Services as documented in the Agreement; (b) comply with Client’s otherwise documented instructions, subject to the terms of the Agreement; or (c) comply with Applicable Law, provided Sterling has notified Client in advance of that Processing unless that notification is prohibited by Applicable Law. 4.7. Notwithstanding anything to the contrary in this DPA or the Agreement, if Sterling Processes Non-FCRA Client PI, then Sterling shall neither: (a) sell non-FCRA Client PI to any party other than Client; nor (b) retain, use or disclose Non-FCRA Client PI for any purpose other than for the specific purpose of performing the Services, or as otherwise permitted by the CCPA, including retaining, using or disclosing the Non-FCRA Client PI for a commercial purpose other than providing the Services.12 5.Subprocessing 5.1. Client hereby authorizes Sterling to use Subprocessors,13 provided that: (a) Sterling shall maintain a complete and up-to-date list of Subprocessors at www.sterlingcheck.com/subprocessors14 or another location as communicated by Sterling to Client from time to time; (b) Sterling shall sign a written agreement with each Subprocessor that imposes obligations on that Subprocessor that are no less stringent than those required of Sterling under Applicable Law, this DPA and Sterling’s BCRs; and (c) Sterling will not be relieved of any of its obligations under this DPA or its BCRs by engaging Subprocessors. 5.2. The following only apply when Sterling uses Subprocessors to Process Client PI that is subject to European Law: (a) if Client notifies Sterling of an objection to Processing by a Subprocessor, Sterling shall not permit further Processing of Client PI by that Subprocessor; (b) Client’s objection to Processing by a Subprocessor will be deemed to be Client’s waiver of Sterling’s obligation to perform Services that Sterling would ordinarily perform using that Subprocessor;15 (c) if Sterling adds or replaces a Subprocessor, Sterling shall notify Client (subject to Client’s subscription to those notifications at the form co-located with the list of Subprocessors) of the addition or replacement at least 30 calendar days before the new Subprocessor begins Processing Client PI; and (d) notwithstanding the other provisions in this section, Sterling may add or replace a Subprocessor immediately upon notice to Client if it is necessary to ensure business continuity and recovery in case of emergency, except as prohibited by Applicable Law. 6.Cross-Border Data Transfers 6.1. Sterling and Client shall cooperate to ensure that appropriate notice to Data Subjects and safeguards or other legal mechanisms for cross-border data transfers are in place as required by Applicable Law.16 6.2. If Sterling Processes Client PI that is subject to European Law and transfers that Client PI to a Subprocessor outside the European Adequate Protection Area, then Sterling shall either: (a) ensure that BCRs apply to that transfer; or (b) sign SCCs with that Subprocessor for Client’s benefit.17 6.3. If the nature of the Services require Sterling to transfer Client PI that is subject to European Law to a third party that is not a Subprocessor outside of the European Adequate Protection Area, then Sterling shall only transfer that Client PI upon Client’s documented instruction. Client’s request for Services that require such a transfer, for example to collect or verify information about a Data Subject’s current or past residence, education or professional activities outside of the European Adequate Protection Area, will be deemed to be Client’s documented instruction for that transfer. Unless Client determines that another mechanism or derogation under European Law applies, Sterling and Client shall cooperate to obtain the Data Subject’s prior explicit and informed consent for transfers described in this section.18 7.Security Controls 7.1. Sterling shall implement, maintain and enforce Programs that contain appropriate administrative, technical and physical measures designed to protect the security, integrity, confidentiality and availability of Client PI and protect Client PI against a Data Incident, considering the likelihood and severity of a potential Data Incident. Sterling shall review and, if appropriate, update these measures periodically to comply with Applicable Law. Sterling shall regularly test these measures for effectiveness.                DD A T A P ROC E SSI N G A GRE E ME N T Page 17 of 23 7.2. General information about the Programs at the Effective Date is in Annex 1. Sterling shall provide detailed documentation of the Programs to Client on request and shall not materially degrade the level of protection set out in the Programs. 8.Data Incidents 8.1. Sterling shall implement and maintain a Data Incident response protocol and provide documentation of that protocol to Client on request. 8.2. In the event of a Data Incident, Sterling shall notify Client without undue delay, and in any event within a timeline that permits Client to comply with its legal obligations,19 and take all reasonable steps to investigate and resolve the Data Incident and provide a comprehensive report to Client on that investigation and resolution. 8.3. If Applicable Law requires notification of a Data Incident to Authorities or Data Subjects, or provision of any remediation services including without limitation credit or identity monitoring, then Sterling shall, where permitted by Applicable Law, carry out that notification or provide those services if either of the following is true: (a) Client instructs Sterling to do so; or (b) Sterling notifies Client that it intends to do so, gives Client a reasonable opportunity to object, and Client does not object.20 8.4. Sterling shall bear the costs of investigation, notification and remediation services that Sterling carries out, procures or provides, except to the extent that the Data Incident is caused or aggravated by Client’s act or omission. 9.Data Retention and Destruction 9.1. Client hereby instructs Sterling to retain Client PI as necessary to comply with its Retention Obligations. Sterling shall provide details of its Retention Obligations to Client on request.21 9.2. Once Retention Obligations are met, subject to the delay required to comply with section 9.4, Sterling shall delete Client PI upon the earlier of either: (a) Client’s instruction; or (b) termination or expiration of the Agreement. On Client’s request, Sterling shall certify in writing to Client that it has deleted Client PI. 9.3. Notwithstanding anything to the contrary in this DPA or the Agreement, the parties agree that Sterling does not intend, and makes no guarantee, to retain Client PI for more than seven years after the date Sterling received it. Client hereby authorizes Sterling to delete Client PI after that time has passed.22 9.4. Upon termination or expiration of the Agreement or before Sterling deletes Client PI, whichever is earlier, Sterling shall, either: (a) give Client a reasonable opportunity to retrieve Client PI from Sterling’s systems; or (b) provide Client PI to Client in a machine-readable format, subject to additional charge at Sterling’s discretion if permitted by law. 10.Audit and Inspection 10.1. On Client’s request, Sterling shall make available to Client all information reasonably necessary to demonstrate Sterling’s compliance with this DPA, the Programs and Applicable Law. 10.2. Client or another party of Client’s choosing may conduct an audit of Sterling’s compliance with this DPA, the Programs and Applicable Law, provided that: (a) Client shall not request more than one audit per calendar year, except as otherwise stated in this DPA; (b) Client shall give Sterling reasonable notice of an audit, shall ensure that the audit is conducted at a mutually agreeable time, and shall ensure that the audit does not unreasonably interfere with Sterling’s operations; and (c) access to Sterling’s facilities and confidential information will be subject to Sterling’s policies and reasonable confidentiality provisions. 10.3. If, during an audit, Client discovers non-compliance with this DPA, the Programs or Applicable Law, Client and Sterling shall work in good faith to agree on a remediation plan, which Sterling shall carry out. 10.4. Subject to the requirements and limitations in 10.2(b) and 10.2(c), Client may conduct: (a) one additional audit in each calendar year in response to each Data Incident; and (b) additional audits as may be reasonably necessary to comply with Applicable Law or the order of an Authority. 10.5. Each party shall bear its own expenses in conducting or participating in an audit.                DD A T A P ROC E SSI N G A GRE E ME N T Page 18 of 23 11.Data Subjects’ Rights 11.1. Client shall provide a notice or disclosure to, and, if necessary, collect consent or authorization from Data Subjects for the transfer of Client PI to Sterling and the Processing of Client PI by Sterling as required by Applicable Law.23 Sterling may make available to Client its systems or sample text for these purposes. Client acknowledges that its use of Sterling’s systems or sample text does not relieve Client of its responsibility for compliance with notice, disclosure, authorization and consent provisions in Applicable Law. 11.2. Sterling shall respond to Data Subjects who communicate with Sterling directly or are referred to Sterling by Client to: (a) inquire about PI in Sterling’s custody; (b) inquire about Sterling’s Processing of PI; or (c) exercise the Data Subject’s rights to access or rectify PI in Sterling’s custody. Sterling shall respond to these communications in accordance with Applicable Law. Sterling shall inform Client of the existence, content, and handling of these communications on Client’s request. 12.GDPR Liability24 12.1. Notwithstanding any limitation of liability provisions in the Agreement,25 each party shall indemnify the other party against a GDPR Compensation Claim in accordance with the indemnifying party’s part of responsibility for the damage giving rise to the GDPR Compensation Claim,26 subject to the following: (a) the party seeking indemnification must notify the indemnifying party without undue delay upon becoming aware that a GDPR Compensation Claim has been or may be made; (b) the party seeking indemnification must take all reasonable measures to minimize the risk, and amount, of a GDPR Compensation Claim; and (c) the party seeking indemnification must reasonably cooperate with the indemnifying party to defend against or otherwise respond to the GDPR Compensation Claim in a mutually acceptable way. 12.2. If either party is held liable, individually or jointly with a third party, for a GDPR Fine, then that party shall ensure that fine is paid and shall not seek, and will not be entitled to recover, indemnity from the other party, notwithstanding any provision to the contrary in the Agreement or this DPA.27 Sterling Infosystems Inc. City of Kent Signature:Signature: Print Name: Print Name: Title:Title: Date:Date:                         Dana Ralph Mayor 07/13/2020 DD A T A P ROC E SSI N G A GRE E ME N T Page 19 of 23 ANNEX 1 – INFORMATION SECURITY, PRIVACY, DISASTER RECOVERY AND BUSINESS CONTINUITY PROGRAMS Sterling shall, as a minimum, implement the following types of security measures, and shall update those measures in accordance with industry best practice. Access control to premises and facilities Measures in place to prevent unauthorized physical access to premises and facilities holding Personal Information: - Locked doors; - Access control system using electronic access, biometric access or physical key; - Alarm system; - Video surveillance; - Logging of facility exits/entries. Access control to systems Measures in place to prevent unauthorized access to IT systems: - Password procedures (including minimum length and complexity, and forced change of password); - No access for guest users or anonymous accounts; - Central management of system access; - Access to IT systems subject to approval from HR management and IT system administrators; - Full suite of firewall controls monitoring inbound and outbound traffic against a pre-established set of permissible traffic flows; - Intrusion detection and prevention capabilities monitoring inbound traffic for malicious patterns and traffic anomalies; - Ability to detect and respond to direct and distributed denial of service attacks through network routing and DNS controls; - All application deployments subject to automated security testing against Open Web Application Security Project (OWASP) Top-Ten list to ensure adequate protection against common web application attacks; - All hosts run anti-malware solutions with advanced persistent threat detection capabilities performing real-time behavior analysis of machine and network behavior. The presence of this software is required to join the network through network access control; - All end-user devices participate in a network access control mechanism which requires hosts to be pre- authorized and authenticated to the network and ensures that hosts are running the minimum set of information security controls prior to be granted access. Access control to data Measures in place to prevent authorized users from accessing data beyond their authorized access rights and prevent the unauthorized input, reading, copying, removal, modification or disclosure of data: - Differentiated access rights; - Access rights defined according to duties; - Automated log of user access via IT systems; - Measures to prevent the use of automated data-processing systems by unauthorized persons using data communication equipment; - All remote access to internal corporate network and consoles requires multi-factor authentication through a VPN tunnel from a pre-authorized machine; - All hosts are running host-based data loss prevention software monitoring for the movement of sensitive data to and from the host. The presence of this software is required to join the network through network access control; - All databases containing sensitive information are required to be encrypted to protect against theft or loss of database files. Disclosure control Measures in place to prevent the unauthorized access, alteration or removal of data during transfer, and to ensure that all transfers are secure and are logged: - Compulsory use of a wholly-owned private network for all data transfers within the corporate group;                DD A T A P ROC E SSI N G A GRE E ME N T Page 20 of 23 - All end-user devices are required to be full-disk encrypted to protect against data incidents through theft or loss. The presence of this software is required to join the network through network access control; - Prohibition of portable media; - Creating an audit trail of all data transfers. Input control - Measures in place to ensure all data management and maintenance is logged, and an audit trail of whether data have been entered, changed or removed (deleted) and by whom must be maintained: - Logging user activities on IT systems; - Ensuring that it is possible to verify and establish to which bodies personal data have been or may be transmitted or made available using data communication equipment; - Ensuring that it is possible to verify and establish which personal data have been entered into automated data-processing systems and when and by whom the data have been entered. Job control Measures in place to ensure that data is processed strictly in compliance with the controller’s instructions: - Unambiguous wording of contractual instructions; - Monitoring of contract performance. Availability control Measures in place to ensure that data are protected against accidental destruction or loss: - Ensuring that installed systems may, in the case of interruption, be restored; - Ensuring systems are functioning, and that faults are reported; - Ensuring stored personal data cannot be corrupted by means of a malfunctioning of the system; - Uninterruptible power supply (UPS); - Business Continuity procedures; - Remote storage; - Anti-virus/firewall systems. Segregation control Measures in place to allow data collected for different purposes to be processed separately: - Restriction of access to data stored for different purposes according to staff duties; - Segregation of business IT systems; - Segregation of IT testing and production environments. Audit Measures in place to ensure proper functioning of controls: - Audited and certified each year to the ISO 27001:2013 standard in multiple locations throughout the world; - Audited and certified by the National Association of Professional Background Screeners (NAPBS) for compliance, quality, and security; - Has submitted documentation and obtained certification to the UK Cyber Essentials standard; - Audited multiple times throughout the year by external clients as part of their own internal risk management processes; - Audited multiple times each year through internal risk management processes by internal audit teams for application security, vulnerability assessments, and network security.                DD A T A P ROC E SSI N G A GRE E ME N T Page 21 of 23 ANNEX 2 – TYPES OF CLIENT PERSONAL INFORMATION Sterling may Process the following types of Client Personal Information under the Agreement: - Identification information - Copies of identity documents - Phone and email contact information - Current and past addresses and proof of address - Right to work, immigration status and work permit information - Education history and qualifications - Employment or volunteering history, including, where applicable, fiduciary or directorship responsibilities - Gap or travel activities - Personal and Professional references - Professional qualifications and registrations with professional bodies - Publicly sourced information (e.g. media or online information) - Driver’s license and status, including driver history and expiration date - Opinions about Data Subjects from references they have provided - Civil court records - Government-issued or financial identification numbers - Date of birth - Sanctions with professional bodies - Financial information such as credit history, bankruptcy, financial judgments or tax information Sterling may also Process the following types of Client Personal Information that may be considered “sensitive” or “special categories” under European Law: - Place of birth - Sex - Criminal history - Appearance on global sanctions or terrorist watch lists - Driving records, penalties and restrictions                DD A T A P ROC E SSI N G A GRE E ME N T Page 22 of 23 EXPLANATORY NOTES 1 This date reflects the effective date of the CCPA and ensures that appropriate CCPA provisions were in place from that point forward. It can be amended if necessary. 2 The GDPR definition of “personal data breach” is used here, as it is commonly accepted in many jurisdictions and covers the circumstances that would trigger an incident response around the world. 3 These jurisdictions are grouped together because they have very similar data protection regimes which generally require similar steps to be taken when data is exported from the jurisdiction. The term is used to ensure that data leaving any one of the three discrete areas (the EEA, Switzerland, or the UK) will be treated in accordance with the rules of the exporting jurisdiction. 4 In many jurisdictions, Sterling is independently obligated, by law or by contract, to retain personal information for a certain period to allow for audits or the exercise of data subject rights. Where Sterling is a data processor in Europe, Sterling is generally only entitled to retain personal information to comply with European law (and not with a contract or foreign law), so this definition is limited accordingly. 5 See most notably section 10, which sets out certain limitations on audit rights. 6 The notices contemplated in the DPA are limited to Subprocessor updates (which are based on subscription and cannot comply with a formal notice procedure), and incident notifications, which are urgent and must be sent by email to the current business contact(s) who are most likely to be able to respond. 7 Under the GDPR, a controller “establishes the purposes and means” for processing. Sterling does not establish the purposes for processing; we simply process data at our client’s instruction. While our clients do generally delegate the detailed means of processing to Sterling, the essential means, namely: the selection of the service provider, the selection of the services, and the configuration of the services, is all done by our client. Several European data protection authorities have confirmed that this arrangement fits within the definition of a “processor”, but the validity of the agreement would not be affected (and the way data is processed would not change) if a different authority decided otherwise. 8 This is unique to Sterling’s relationship with the criminal record disclosure authorities in the UK. Even if we are technically a ‘controller’ in these circumstances, the DPA still applies in its entirety and the way we process data remains the same. Note that these authorities are third-party controllers which set rules for access and use of information, and do not process data on behalf of Sterling or its clients. 9 This exemption applies to all of Sterling’s background screening services. The relevant provision of the CCPA can be found at subdivision 1798.145(d). 10 The list at Annex 2 is intended to be exhaustive but can be amended as needed to reflect the intended use of our services. 11 This is a factual statement of the nature of Sterling’s services. Sterling acts as an intermediary between our client and third parties with which we have no relationship, but which have relationships with or otherwise may hold information about specific data subjects. 12 This text comes directly from the CCPA and ensures that this contract is a valid “service provider” contract as set out in that law. 13 Due to the large number of Subprocessors that Sterling uses, and the frequency with which they change, it is not possible to seek case-by-case approval for the use of Subprocessors. 14 This site is password protected, but the password can be obtained at any time by emailing privacy@sterlingcheck.com.                DD A T A P ROC E SSI N G A GRE E ME N T Page 23 of 23 15 In many instances, only one subprocessor can be used to conduct a service, especially when a local presence or specialized skill is required. For that reason, an objection to a subprocessor in many cases will render the services impossible to perform. As Sterling generally bills for services after they are rendered, the waiver of Sterling’s obligation necessarily means that no payment obligation will arise. 16 Where notice to a data subject is required for a cross-border transfer, Sterling cannot independently guarantee that this will be carried out, as we do not always have an interaction with the data subject. However, we will cooperate to achieve this by making sample notices available and providing necessary information to our client. Note that in many jurisdictions, including the United States, there are few or no formalities required for cross- border data transfers. 17 Certain subprocessors (like Salesforce.com) have received regulatory approval for their own intra-group data transfer mechanism, known as BCRs. Sterling has also applied for BCR approval within its own corporate group. In all other cases where data is transferred to a subprocessor (either a Sterling affiliate or an unaffiliated third party) outside of a European jurisdiction and there is no applicable adequacy decision, Sterling will sign SCCs with that subprocessor. 18 Sterling’s services involve interactions with third parties with which we have no relationship, as they are associated with the data subject, not with Sterling. In such cases, there is no reasonable way to ensure there are safeguards for cross-border data transfers as set out in European data protection laws. This is usually the case when an applicant for work in Europe has past residence, work or education history outside of Europe. In these cases, our clients generally rely on the consent of the data subject for the transfer. 19 While we understand that some of our clients prefer to put in place a specific timeline for incident notification, in reality it is impossible to guarantee we will meet such a timeline due to the number of clients we have and the complexity of our business. For that reason, we can only commit to notification without undue delay (the standard set by the GDPR) and in any event we guarantee that any delay in notification on our side will not interfere with our client’s ability to comply with the law. 20 As a large-scale incident is likely to affect more than one of Sterling’s clients, Sterling must be able to conduct a centralized incident response and notification effort. However, we engage our client before notifying individuals. 21 Retention obligations are dependent on services ordered and can change; for that reason, they are not listed here. They generally exist in North America only and do not exceed six years. 22 Sterling does not offer long-term data storage services. For that reason, we cap data retention at seven years. 23 While Sterling can assist in some cases with the administrative service of providing notice or collecting consent, use of those administrative services is optional and the legal obligation to provide notice and collect consent remains with our client. 24 Liability in case of data incident expenses is covered at section 8.4. Liability under articles 82 and 83 of the GDPR is unique, and is treated so here. All other liability related to privacy or data protection is covered under the service agreement. 25 European regulators recommend against any contractual provision which would have the effect of limiting liability towards a data subject. 26 Article 82 of the GDPR states that multiple parties involved in data processing may be held jointly and severally liable to the data subject, regardless of fault; it is then incumbent on the parties to work out responsibility among themselves. 27 Fines under Article 83 of the GDPR can only be issued against a party based on its own infringement of the law. Sterling cannot assume responsibility for its client’s infringement of the law, nor do we ask for our clients to assume responsibility for ours.                BACKGROUND SCREENING REQUIREMENTS ADDENDUM (FCRA) In connection with the Service Agreement (“Agreement”) by and between Sterling Infosystems, Inc. dba Sterling (“Sterling”) and City of Kent (“End User” or “Client“), Sterling will furnish End User with Screening Reports conditioned upon End User’s compliance with its obligations set forth below (and in the Agreement). This Background Screening Requirements Addendum (this “Addendum”) is incorporated into and made part of the Agreement. Capitalized terms used but not defined in this Addendum shall have the meanings ascribed to them in the Agreement. 1. FCRA Certification. To the extent that End User is located in the United States and/or End User’s procurement and/or use of Screening Reports is subject to the FCRA, End User certifies that it will do the following: 1.1. Permissible Purpose. End User hereby certifies that all of its orders for Screening Reports from Sterling shall be made, and the resulting reports shall be used for employment purposes, as defined in the FCRA, including evaluating a consumer for employment, promotion, reassignment or retention as an employee, where the consumer has given prior written permission. 1.2. Compliance with Laws. End User shall comply with all federal (including, without limitation, the FCRA), state, local, and international laws and regulations applicable to End User in connection with its procurement and use of Screening Reports furnished by Sterling. 1.3. Receipt of Required Notices. End User acknowledges that it has received and reviewed a copy of the notices titled (i) Notice to Users of Consumer Reports: Obligations of Users Under the Fair Credit Reporting Act (“Notice to Users”), which explains End User’s obligations under the FCRA as a user of consumer information and a copy of which is attached hereto as Exhibit A-1, and (ii) A Summary of Your Rights Under the Fair Credit Reporting Act, a copy of which is attached hereto as Exhibit A- 2.End User certifies that it will comply with all applicable provisions of Notice to Users. 1.4. Disclosure and Authorization. End User agrees and certifies that prior to procurement or causing the procurement of a consumer report for employment purposes: (a) A clear and conspicuous disclosure has been made in writing to the consumer, in a document that consists of only the disclosure, explaining that a consumer report may be obtained for employment purposes and such disclosure satisfied all of the requirements of the FCRA as well as any applicable state or local laws; and (b) The consumer has authorized in writing the procurement of the report by End User. 1.5. Investigative Consumer Reports. In addition to the disclosure and authorization requirements in Section 1.4 above, End User agrees and certifies that prior to procurement or causing the procurement of an investigative consumer report for employment purposes: (a) It has been clearly and accurately disclosed to the consumer that an investigative consumer report including information as to the consumer’s character, general reputation, personal characteristics and/or mode of living may be made; and (b) Such disclosure (i) is made in a writing mailed, or otherwise delivered, to the consumer, not later than three days after the date on which the report was first requested, (ii) contains a statement informing the consumer of his/her right to request a complete and accurate disclosure of the nature and scope of the requested investigation and his/her right to request a copy of the rights of the consumer under the FCRA titled A Summary of Your Rights Under the Fair Credit Reporting Act, and (iii) satisfied all of the requirements of the FCRA as well as any applicable state or local laws. If the consumer makes a request within a reasonable time after his/her receipt of the required disclosure, End User certifies that it shall make a complete and accurate disclosure of the investigation requested. Such disclosure shall be made in a writing mailed, or otherwise delivered, to the consumer not later than five (5) days after the date on which the request for such disclosure was received from the consumer or such report was first requested, whichever is the later. 1.6. Adverse Action. Pursuant to the FCRA and, where applicable, state and local laws and regulations, before taking any adverse action based in whole or in part on a Screening Report, End User must adhere to certain obligations. At a minimum, in using a Screening Report for employment purposes, before taking any adverse action based in whole or in part on the Screening Report, End User shall provide to the consumer to whom the Screening Report relates: (a) A pre-adverse action notice/letter stating that End User is considering taking adverse action; (b) A copy of the full and complete Screening Report; (c) A copy of the notice titled A Summary of Your Rights Under the Fair Credit Reporting Act and any applicable state summary of rights; (d) A reasonable opportunity of time to correct any erroneous information contained in the Screening Report; and (e) Contact information for Sterling. If End User thereafter takes adverse action, End User shall also provide a final adverse action notice to the consumer to whom the Screening Report relates. Such notice shall comply with all applicable laws, and shall include the name, address, and phone number of Sterling; a statement that Sterling did not make the decision to take the unfavorable action and cannot give specific reasons for it; and a notice of the person's right to dispute the accuracy or completeness of any information Sterling furnished, and to get an additional free report from Sterling if the person asks for it within 60 days. 1.7. Equal Employment Opportunity. End User further certifies that information from any Screening Report will not be used in violation of any applicable federal or state equal opportunity law or regulation. 1.8. Continuing Certification. End User certifies that each and every time it requests a Screening Report regardless of ordering mechanism, it is at the time that the order is place reaffirming its certifications herein, including without limitation, Section 1.4 above. 1.9. Required Certification Updates. If Sterling determines, in Sterling’s sole discretion, that regulatory or industry changes require updates to the Employer Certification in this Section 1, Sterling retains the right to request and require additional documentation and certifications from End User. End User understands that any failure to cooperate with reasonable requests for such documentation and certifications may constitute grounds for immediate suspension of the Services and termination of the Agreement. 2. State Certifications. 2.1. California Certification. End User hereby certifies that, under the Investigative Consumer Reporting Agencies Act (“ICRAA”), California Civil Code Sections 1786 et seq., and the Consumer Credit Reporting Agencies Act (“CCRAA”), California Civil Code Sections 1785.1 et seq., to the extent End User is located in the State of California, and/or End User’s request for and/or use of Screening Reports pertains to a California resident or worker, End User will do the following: 2.1.1. Request and use Screening Reports solely for permissible purpose(s) identified under California Civil Code Sections 1785.11 and 1786.12. 2.1.2. When, at any time, a Screening Report is sought for employment purposes other than suspicion of wrongdoing or misconduct by the consumer who is the subject of the investigation, provide a clear and conspicuous disclosure in writing to the consumer, which solely discloses: (i) that an investigative Screening Report may be obtained; (ii) the permissible purpose of the investigative Screening Report; (iii) that information on the consumer’s character, general reputation, personal characteristics and mode of living may be disclosed; (iv) the name, address, and telephone number of Sterling; and (v) the nature and scope of the investigation requested, including a summary of the provisions of California Civil Code Section 1786.22. 2.1.3. When, at any time, a Screening Report is sought for employment purposes other than suspicion of wrongdoing or misconduct by the consumer who is the subject of the investigation, only request a Screening Report if the applicable consumer has authorized in writing the procurement of the Screening Report. 2.1.4. Provide the consumer a means by which he/she may indicate on a written form, by means of a box to check, that the consumer wishes to receive a copy of any Screening Report that is prepared. 2.1.5. If the consumer wishes to receive a copy of the Screening Report, send (or contract with another entity to send) a copy of the Screening Report to the consumer within three business days of the date that the Screening Report is provided to End User. The copy of the Screening Report shall contain the name, address, and telephone number of the person who issued the report and how to contact him/her. 2.1.6. Under all applicable circumstances, comply with California Civil Code Sections 1785.20 and 1786.40 if the taking of adverse action is a consideration, which shall include, but may not be limited to, advising the consumer against whom an adverse action has been taken that the adverse action was based in whole or in part upon information contained in the Screening Report, informing the consumer in writing of Sterling’s name, address, and telephone number, and provide the consumer with a written notice of his/her rights under the ICRAA and the CCRAA. 2.1.7. Comply with all other requirements under applicable California law, including, but not limited to any statutes, regulations and rules governing the procurement, use and/or disclosure of any Screening Reports, including, but not limited to, the ICRAA and the CCRAA. 2.2. Vermont Certification. In addition to the Notice to Users, if End User is a user of Vermont Screening Reports, End User certifies that it will comply with the applicable provisions of Vermont law, including, without limitation, Section 2480e of the Vermont Fair Credit Reporting Statute. End User further certifies that it has received a copy of Section 2480e of the Vermont Fair Credit Reporting Statute, attached hereto as Exhibit A-3. 3. General Use Requirements. End User further certifies that: 3.1. It will use each Screening Report only for a one-time use and will request Screening Reports only for End User’s exclusive use, except to the extent that disclosure to others is required by law. 3.2. It shall provide access to Screening Reports provided by Sterling only to employees, agents and representatives of End User who fully review and understand End User’s obligations under the FCRA and the Agreement and who agree to comply with those obligations. 3.3. It shall ensure that its users do not request and/or obtain Screening Reports on themselves, coworkers, employees, family members or friends unless it is in connection with a legitimate business transaction and procured in accordance with the terms of this Addendum. 3.4. It shall hold the Screening Reports in strict confidence. End User shall maintain all Screening Reports in a secure and confidential manner and shall follow all applicable laws relating to storage and dissemination of information. Furthermore, End User shall dispose of any Screening Reports and any other documentation containing personally identifiable information received from Sterling in accordance with applicable law, including without limitation, the FACTA Disposal Rules. 3.5. End User shall implement and maintain a comprehensive information security program that contains administrative, technical, and physical safeguards that are appropriate to the End User’s size and complexity, the nature and scope of its activities, and the sensitivity of the information provided to End User by Sterling; and that such safeguards shall be reasonably designed to (i) ensure the security and confidentiality of the information provided by Sterling, (ii) protect against any anticipated threats or hazards to the security or integrity of such information, and (iii) protect against unauthorized access to or use of such information that could result in substantial harm or inconvenience to any consumer. Such safeguards shall include, at a minimum, the requirements contained in Exhibit B to this Agreement (“Access Security Requirements”). 3.6. It shall retain copies of all written authorizations and disclosures and any reports it receives from Sterling for a period of five (5) years and will make such reports available to Sterling upon request. 3.7. It shall not resell, sublicense, deliver, display, use for marketing purposes or otherwise distribute any Screening Reports provided by Sterling to any third party. ANY PERSON WHO WILLFULLY AND KNOWINGLY OBTAINS, RESELLS, TRANSFERS, OR USES INFORMATION IN VIOLATION OF LAW MAY BE SUBJECT TO CRIMINAL CHARGES AND/OR LIABLE TO ANY INJURED PARTY FOR TREBLE DAMAGES, REASONABLE ATTORNEY’S FEES AND COSTS. OTHER CIVIL AND CRIMINAL LAWS MAY ALSO APPLY 3.8. It understands that THE FCRA PROVIDES THAT ANY PERSON WHO KNOWINGLY AND WILLFULLY OBTAINS INFORMATION ON A CONSUMER FROM A CONSUMER REPORTING AGENCY UNDER FALSE PRETENSES SHALL BE FINED UNDER TITLE 18 OF THE UNITED STATES CODE OR IMPRISONED NOT MORE THAN TWO YEARS, OR BOTH. 4.Product-Specific Requirements. 4.1. SSN Trace. If Screening Reports include Social Security Number Trace (“SSN Trace”), End User shall not use Social Security Number trace results in any way, directly or indirectly, for the purpose of making employment decisions. End User also confirms that it will not use Social Security Number trace information in any way that would violate the privacy obligations or any other terms and provisions of the Gramm–Leach-Bliley Act (15 U.S.C 6801 et seq.) or the Federal Drivers Privacy Protection Act (18.U.S.C. Section 2721 et seq.) or any other similar U.S. state or local statute, rule or regulation. 4.2. U.S. MVRs. If Screening Reports include United States motor vehicle reports (“MVRs”), End User: 4.2.1. Shall comply with the Drivers Privacy Protection Act (“DPPA”) and any applicable state laws. 4.2.2. Shall be responsible for understanding and for staying current with all specific state forms, certificates of use or other documents or agreements including any changes, supplements or amendments thereto imposed by the states (collectively referred to as “Specific State Forms”) from which it will order MVRs. End User certifies that it will file all applicable Specific State Forms required by individual states. 4.2.3. Certifies that no MVRs shall be ordered without first obtaining the written consent of the data subject to obtain “driving records,” evidence of which shall be transmitted to Sterling in the form of the data subject’s signed release authorization form. End User also certifies that it will use this information only in the normal course of business (i) to obtain lawful information relating to the holder of a commercial driver’s license, or (ii) to verify information provided by a candidate or employee. End User shall protect the privacy of the information of the data subject in an MVR and shall not transmit any data contained in the resulting MVR via any unsecured means. 4.3. Massachusetts iCORI. To the extent End User is requesting Sterling to provide Massachusetts iCORI information: (i) End User notified the consumer in writing of, and received permission via a separate authorization for Sterling to obtain and provide CORI information to End User; (ii) End User is in compliance with all federal and state credit reporting statutes; (iii) End User will not misuse any CORI information provided in violation of federal or state equal employment opportunity laws or regulations; and (iv) End User will provide Sterling with a statement of the annual salary of the position for which the subject is screened. 4.4. Credit Reports. If Screening Reports include credit reports, End User: 4.4.1. Certifies that it will promptly notify Sterling of any change in its location, structure, ownership or control, including but not limited to the addition of any branch(es) that will be requesting and/or accessing credit reports. 4.4.2. Acknowledges and understands that credit bureaus may prohibit the following persons, entities and/or businesses from obtaining credit reports: adult entertainment service of any kind; asset location service; attorney or law firm engaged in the practice of law (unless engaged in collection or using the report in connection with a consumer bankruptcy pursuant to the written authorization of the consumer); bail bondsman (unless licensed by the state in which they are operating); child location service – company that locates missing children; credit counseling (except not-for-profit credit counselors); credit repair clinic; dating service; financial counseling (except a registered securities broker dealer or a certified financial planner); with respect to U.S. credit reports, foreign company or agency of a foreign government; genealogical or heir research firm; law enforcement agency; massage service; news agency or journalist; pawn shop; private detective, detective agency or investigative company; repossession company; subscriptions (magazines, book clubs, record clubs, etc.); tattoo service; time shares - company seeking information in connection with time shares (exception: financers of time shares); weapons dealer, seller or distributor. 5. Right to Audit. End User agrees to cooperate with any reasonable audit request by Sterling and/or a third-party data supplier of Sterling to assure compliance with the terms of this Addendum; provided that (i) Sterling shall give End User reasonable prior notice of any such audit; (ii) any such audit shall be subject to End User’s security policies and third-party confidentiality obligations, and (iii) Sterling shall conduct or cause to be conducted such audit in a manner designed to minimize disruption of End User's normal business operations. End User understands that any failure to cooperate with reasonable requests regarding an audit constitutes grounds for immediate suspension of the Services and termination of the Agreement. Client: City of Kent Signature: \s1\ Print Name: \n1\ Title: \t1\ Date: \d1\ Dana Ralph Mayor 07/13/2020 EXHIBIT A-1 All users of consumer reports must comply with all applicable regulations. Information about applicable regulations currently in effect can be found at the Consumer Financial Protection Bureau’s website, www.consumerfinance.gov/learnmore. NOTICE TO USERS OF CONSUMER REPORTS: OBLIGATIONS OF USERS UNDER THE FCRA The Fair Credit Reporting Act (FCRA), 15 U.S.C. §1681-1681y, requires that this notice be provided to inform users of consumer reports of their legal obligations. State law may impose additional requirements. The text of the FCRA is set forth in full at the Consumer Financial Protection Bureau’s (CFPB) website at www.consumerfinance.gov/learnmore. At the end of this document is a list of United States Code citations for the FCRA. Other information about user duties is also available at CFPB’s website. Users must consult the relevant provisions of the FCRA for details about their obligations under the FCRA. The first section of this summary sets forth the responsibilities imposed by the FCRA on all users of consumer reports. The subsequent sections discuss the duties of users of reports that contain specific types of information, or that are used for certain purposes, and the legal consequences of violations. If you are a furnisher of information to a consumer reporting agency (CRA), you have additional obligations and will receive a separate notice from the CRA describing your duties as a furnisher. I. OBLIGATIONS OF ALL USERS OF CONSUMER REPORTS A. Users Must Have a Permissible Purpose Congress has limited the use of consumer reports to protect consumers’ privacy. All users must have a permissible purpose under the FCRA to obtain a consumer report. Section 604 contains a list of the permissible purposes under the law. These are: As ordered by a court or a federal grand jury subpoena. Section 604(a)(1) As instructed by the consumer in writing. Section 604(a)(2) For the extension of credit as a result of an application from a consumer, or the review or collection of a consumer’s account. Section 604(a)(3)(A) For employment purposes, including hiring and promotion decisions, where the consumer has given written permission. Sections 604(a)(3)(B) and 604(b) For the underwriting of insurance as a result of an application from a consumer. Section 604(a)(3)(C) When there is a legitimate business need, in connection with a business transaction that is initiated by the consumer. Section 604(a)(3)(F)(i) To review a consumer’s account to determine whether the consumer continues to meet the terms of the account. Section 604(a)(3)(F)(ii) To determine a consumer’s eligibility for a license or other benefit granted by a governmental instrumentality required by law to consider an applicant’s financial responsibility or status. Section 604(a)(3)(D) For use by a potential investor or servicer, or current insurer, in a valuation or assessment of the credit or prepayment risks associated with an existing credit obligation. Section 604(a)(3)(E) For use by state and local officials in connection with the determination of child support payments, or modifications and enforcement thereof. Sections 604(a)(4) and 604(a)(5) In addition, creditors and insurers may obtain certain consumer report information for the purpose of making “prescreened” unsolicited offers of credit or insurance. Section 604(c). The particular obligations of users of “prescreened” information are described in Section VII below. B. Users Must Provide Certifications Section 604(f) prohibits any person from obtaining a consumer report from a consumer reporting agency (CRA) unless the person has certified to the CRA the permissible purpose(s) for which the report is being obtained and certifies that the report will not be used for any other purpose. C. Users Must Notify Consumers When Adverse Actions Are Taken The term “adverse action” is defined very broadly by Section 603. “Adverse actions” include all business, credit, and employment actions affecting consumers that can be considered to have a negative impact as defined by Section 603(k) of the FCRA – such as denying or canceling credit or insurance, or denying employment or promotion. No adverse action occurs in a credit transaction where the creditor makes a counteroffer that is accepted by the consumer. 1. Adverse Actions Based on Information Obtained From a CRA If a user takes any type of adverse action as defined by the FCRA that is based at least in part on information contained in a consumer report, Section 615(a) requires the user to notify the consumer. The notification may be done in writing, orally, or by electronic means. It must include the following: The name, address, and telephone number of the CRA (including a toll-free telephone number, if it is a nationwide CRA) that provided the report. A statement that the CRA did not make the adverse decision and is not able to explain why the decision was made. A statement setting forth the consumer’s right to obtain a free disclosure of the consumer’s file from the CRA if the consumer makes a request within 60 days. A statement setting forth the consumer’s right to dispute directly with the CRA the accuracy or completeness of any information provided by the CRA. 2.Adverse Actions Based on Information Obtained From Third Parties Who Are Not Consumer Reporting Agencies If a person denies (or increases the charge for) credit for personal, family, or household purposes based either wholly or partly upon information from a person other than a CRA, and the information is the type of consumer information covered by the FCRA, Section 615(b)(1) requires that the user clearly and accurately disclose to the consumer his or her right to be told the nature of the information that was relied upon if the consumer makes a written request within 60 days of notification. The user must provide the disclosure within a reasonable period of time following the consumer’s written request. 3. Adverse Actions Based on Information Obtained From Affiliates If a person takes an adverse action involving insurance, employment, or a credit transaction initiated by the consumer, based on information of the type covered by the FCRA, and this information was obtained from an entity affiliated with the user of the information by common ownership or control, Section 615(b)(2) requires the user to notify the consumer of the adverse action. The notice must inform the consumer that he or she may obtain a disclosure of the nature of the information relied upon by making a written request within 60 days of receiving the adverse action notice. If the consumer makes such a request, the user must disclose the nature of the information not later than 30 days after receiving the request. If consumer report information is shared among affiliates and then used for an adverse action, the user must make an adverse action disclosure as set forth in I.C.1 above. D. Users Have Obligations When Fraud and Active Duty Military Alerts are in Files When a consumer has placed a fraud alert, including one relating to identify theft, or an active duty military alert with a nationwide consumer reporting agency as defined in Section 603(p) and resellers, Section 605A(h) imposes limitations on users of reports obtained from the consumer reporting agency in certain circumstances, including the establishment of a new credit plan and the issuance of additional credit cards. For initial fraud alerts and active duty alerts, the user must have reasonable policies and procedures in place to form a belief that the user knows the identity of the applicant or contact the consumer at a telephone number specified by the consumer; in the case of extended fraud alerts, the user must contact the consumer in accordance with the contact information provided in the consumer’s alert. E. Users Have Obligations When Notified of an Address Discrepancy Section 605(h) requires nationwide CRAs, as defined in Section 603(p), to notify users that request reports when the address for a consumer provided by the user in requesting the report is substantially different from the addresses in the consumer’s file. When this occurs, users must comply with regulations specifying the procedures to be followed. Federal regulations are available at www.consumerfinance.gov/learnmore. F. Users Have Obligations When Disposing of Records Section 628 requires that all users of consumer report information have in place procedures to properly dispose of records containing this information. Federal regulations have been issued that cover disposal. II. CREDITORS MUST MAKE ADDITIONAL DISCLOSURES If a person uses a consumer report in connection with an application for, or a grant, extension, or provision of, credit to a consumer on material terms that are materially less favorable than the most favorable terms available to a substantial proportion of consumers from or through that person, based in whole or in part on a consumer report, the person must provide a risk-based pricing notice to the consumer in accordance with regulations prescribed by the CFPB. Section 609(g) requires a disclosure by all persons that make or arrange loans secured by residential real property (one to four units) and that use credit scores. These persons must provide credit scores and other information about credit scores to applicants, including the disclosure set forth in Section 609(g)(1)(D) (“Notice to the Home Loan Applicant”). III. OBLIGATIONS OF USERS WHEN CONSUMER REPORTS ARE OBTAINED FOR EMPLOYMENT PURPOSES A. Employment Other Than in the Trucking Industry If the information from a CRA is used for employment purposes, the user has specific duties, which are set forth in Section 604(b) of the FCRA. The user must: Make a clear and conspicuous written disclosure to the consumer before the report is obtained, in a document that consists solely of the disclosure, that a consumer report may be obtained. Obtain from the consumer prior written authorization. Authorization to access reports during the term of employment may be obtained at the time of employment. Certify to the CRA that the above steps have been followed, that the information being obtained will not be used in violation of any federal or state equal opportunity law or regulation, and that, if any adverse action is to be taken based on the consumer report, a copy of the report and a summary of the consumer’s rights will be provided to the consumer. Before taking an adverse action, the user must provide a copy of the report to the consumer as well as the summary of consumer’s rights (The user should receive this summary from the CRA.) A Section 615(a) adverse action notice should be sent after the adverse action is taken. An adverse action notice also is required in employment situations if credit information (other than transactions and experience data) obtained from an affiliate is used to deny employment. Section 615(b)(2). The procedures for investigative consumer reports and employee misconduct investigations are set forth below. B. Employment in the Trucking Industry Special rules apply for truck drivers where the only interaction between the consumer and the potential employer is by mail, telephone, or computer. In this case, the consumer may provide consent orally or electronically, and an adverse action may be made orally, in writing, or electronically. The consumer may obtain a copy of any report relied upon by the trucking company by contacting the company. IV. OBLIGATIONS WHEN INVESTIGATIVE CONSUMER REPORTS ARE USED Investigative consumer reports are a special type of consumer report in which information about a consumer’s character, general reputation, personal characteristics, and mode of living is obtained through personal interviews by an entity or person that is a consumer reporting agency. Consumers who are the subjects of such reports are given special rights under the FCRA. If a user intends to obtain an investigative consumer report, Section 606 requires the following: The user must disclose to the consumer that an investigative consumer report may be obtained. This must be done in a written disclosure that is mailed, or otherwise delivered, to the consumer at some time before or not later than three days after the date on which the report was first requested. The disclosure must include a statement informing the consumer of his or her right to request additional disclosures of the nature and scope of the investigation as described below, and the summary of consumer rights required by Section 609 of the FCRA. (The summary of consumer rights will be provided by the CRA that conducts the investigation.) The user must certify to the CRA that the disclosures set forth above have been made and that the user will make the disclosure described below. Upon the written request of a consumer made within a reasonable period of time after the disclosures required above, the user must make a complete disclosure of the nature and scope of the investigation. This must be made in a written statement that is mailed or otherwise delivered, to the consumer no later than five days after the date on which the request was received from the consumer or the report was first requested, whichever is later in time. V. SPECIAL PROCEDURES FOR EMPLOYEE INVESTIGATIONS Section 603(x) provides special procedures for investigations of suspected misconduct by an employee or for compliance with Federal, state or local laws and regulations or the rules of a self-regulatory organization, and compliance with written policies of the employer. These investigations are not treated as consumer reports so long as the employer or its agent complies with the procedures set forth in Section 603(x), and a summary describing the nature and scope of the inquiry is made to the employee if an adverse action is taken based on the investigation. VI.OBLIGATIONS OF USERS OF MEDICAL INFORMATION Section 604(g) limits the use of medical information obtained from consumer reporting agencies (other than payment information that appears in a coded form that does not identify the medical provider). If the information is to be used for an insurance transaction, the consumer must give consent to the user of the report or the information must be coded. If the report is to be used for employment purposes – or in connection with a credit transaction (except as provided in federal regulations) – the consumer must provide specific written consent and the medical information must be relevant. Any user who receives medical information shall not disclose the information to any other person (except where necessary to carry out the purpose for which the information was disclosed, or a permitted by statute, regulation, or order). VII.OBLIGATIONS OF USERS OF “PRESCREENED” LISTS The FCRA permits creditors and insurers to obtain limited consumer report information for use in connection with unsolicited offers of credit or insurance under certain circumstances. Sections 603(1), 604(c), 604(e), and 615(d). This practice is known as “prescreening” and typically involves obtaining from a CRA a list of consumers who meet certain preestablished criteria. If any person intends to use prescreened lists, that person must (1) before the offer is made, establish the criteria that will be relied upon to make the offer and grant credit or insurance, and (2) maintain such criteria on file for a three-year period beginning on the date on which the offer is made to each consumer. In addition, any user must provide with each written solicitation a clear and conspicuous statement that: Information contained in a consumer’s CRA file was used in connection with the transaction. The consumer received the offer because he or she satisfied the criteria for credit worthiness or insurability used to screen for the offer. Credit or insurance may not be extended if, after the consumer responds, it is determined that the consumer does not meet the criteria used for screening or any applicable criteria bearing on credit worthiness or insurability, or the consumer does not furnish required collateral. The consumer may prohibit the use of information in his or her file in connection with future prescreened offers of credit or insurance by contacting the notification system established by the CRA that provided the report. The statement must include the address and toll-free telephone number of the appropriate notification system. In addition, the CFPB has established the format, type size, and manner of the disclosure required by Section 615(d), with which users must comply. The relevant regulation is 12 CFR 1022.54. VIII. OBLIGATIONS OF RESELLERS A. Disclosure and Certification Requirements Section 607(e) requires any person who obtains a consumer report for resale to take the following steps: Disclose the identity of the end-user to the source CRA. Identify to the source CRA each permissible purpose for which the report will be furnished to the end-user. Establish and follow reasonable procedures to ensure that reports are resold only for permissible purposes, including procedures to obtain: (1) the identify of all end-users; (2) certifications from all users of each purpose for which reports will be used; and (3) certifications that reports will not be used for any purpose other than the purpose(s) specified to the reseller. Resellers must make reasonable efforts to verify this information before selling the report. B. Reinvestigations by Resellers Under Section 611(f), if a consumer disputes the accuracy or completeness of information in a report prepared by a reseller, the reseller must determine whether this is a result of an action or omission on its part and, if so, correct or delete the information. If not, the reseller must send the dispute to the source CRA for reinvestigation. When any CRA notifies the reseller of the results of an investigation, the reseller must immediately convey the information to the consumer. C. Fraud Alerts and Resellers Section 605A(f) requires resellers who receive fraud alerts or active duty alerts from another consumer reporting agency to include these in their reports. IX. LIABILITY FOR VIOLATIONS OF THE FCRA Failure to comply with the FCRA can result in state government or federal government enforcement actions, as well as private lawsuits. Sections 616, 617, and 621. In addition, any person who knowingly and willfully obtains a consumer report under false pretenses may face criminal prosecution. Section 619. _____________________________________________________________________________________________________________________________ The CFPB’s website, www.consumerfinance.gov/learnmore, has more information about the FCRA, including publications for businesses and the full text of the FCRA. Citations for FCRA sections in the U.S. Code, 15 U.S.C. § 1618 et seq.: Section 602 15 U.S.C. 1681 Section 603 15 U.S.C. 1681a Section 604 15 U.S.C. 1681b Section 605 15 U.S.C. 1681c Section 605A 15 U.S.C. 1681cA Section 605B 15 U.S.C. 1681cB Section 606 15 U.S.C. 1681d Section 607 15 U.S.C. 1681e Section 608 15 U.S.C. 1681f Section 609 15 U.S.C. 1681g Section 610 15 U.S.C. 1681h Section 611 15 U.S.C. 1681i Section 612 15 U.S.C. 1681j Section 613 15 U.S.C. 1681k Section 614 15 U.S.C. 1681l Section 615 15 U.S.C. 1681m Section 616 15 U.S.C. 1681n Section 617 15 U.S.C. 1681o Section 618 15 U.S.C. 1681p Section 619 15 U.S.C. 1681q Section 620 15 U.S.C. 1681r Section 621 15 U.S.C. 1681s Section 622 15 U.S.C. 1681s-1 Section 623 15 U.S.C. 1681s-2 Section 624 15 U.S.C. 1681t Section 625 15 U.S.C. 1681u Section 626 15 U.S.C. 1681v Section 627 15 U.S.C. 1681w Section 628 15 U.S.C. 1681x Section 629 15 U.S.C. 1681y EXHIBIT A-2 Para información en español, visite www.consumerfinance.gov/learnmore o escribe a la Consumer Financial Protection Bureau, 1700 G Street N.W., Washington, DC 20552. A Summary of Your Rights Under the Fair Credit Reporting Act The federal Fair Credit Reporting Act (FCRA) promotes the accuracy, fairness, and privacy of information in the files of consumer reporting agencies. There are many types of consumer reporting agencies, including credit bureaus and specialty agencies (such as agencies that sell information about check writing histories, medical records, and rental history records). Here is a summary of your major rights under FCRA. For more information, including information about additional rights, go to www.consumerfinance.gov/learnmore or write to: Consumer Financial Protection Bureau, 1700 G Street N.W., Washington, DC 20552. You must be told if information in your file has been used against you. Anyone who uses a credit report or another type of consumer report to deny your application for credit, insurance, or employment – or to take another adverse action against you – must tell you, and must give you the name, address, and phone number of the agency that provided the information. You have the right to know what is in your file. You may request and obtain all the information about you in the files of a consumer reporting agency (your “file disclosure”). You will be required to provide proper identification, which may include your Social Security number. In many cases, the disclosure will be free. You are entitled to a free file disclosure if: o a person has taken adverse action against you because of information in your credit report; o you are the victim of identity theft and place a fraud alert in your file; o your file contains inaccurate information as a result of fraud; o you are on public assistance; o you are unemployed but expect to apply for employment within 60 days. In addition, all consumers are entitled to one free disclosure every 12 months upon request from each nationwide credit bureau and from nationwide specialty consumer reporting agencies. See www.consumerfinance.gov/learnmore for additional information. You have the right to ask for a credit score. Credit scores are numerical summaries of your credit-worthiness based on information from credit bureaus. You may request a credit score from consumer reporting agencies that create scores or distribute scores used in residential real property loans, but you will have to pay for it. In some mortgage transactions, you will receive credit score information for free from the mortgage lender. You have the right to dispute incomplete or inaccurate information. If you identify information in your file that is incomplete or inaccurate, and report it to the consumer reporting agency, the agency must investigate unless your dispute is frivolous. See www.consumerfinance.gov/learnmore for an explanation of dispute procedures. Consumer reporting agencies must correct or delete inaccurate, incomplete, or unverifiable information. Inaccurate, incomplete, or unverifiable information must be removed or corrected, usually within 30 days. However, a consumer reporting agency may continue to report information it has verified as accurate. Consumer reporting agencies may not report outdated negative information. In most cases, a consumer reporting agency may not report negative information that is more than seven years old, or bankruptcies that are more than 10 years old. Access to your file is limited. A consumer reporting agency may provide information about you only to people with a valid need – usually to consider an application with a creditor, insurer, employer, landlord, or other business. The FCRA specifies those with a valid need for access. You must give your consent for reports to be provided to employers. A consumer reporting agency may not give out information about you to your employer, or a potential employer, without your written consent given to the employer. Written consent generally is not required in the trucking industry. For more information, go to www.consumerfinance.gov/learnmore. You may limit “prescreened” offers of credit and insurance you get based on information in your credit report. Unsolicited “prescreened” offers for credit and insurance must include a toll-free phone number you can call if you choose to remove your name and address form the lists these offers are based on. You may opt out with the nationwide credit bureaus at 1-888-5-OPTOUT (1-888-567-8688). The following FCRA right applies with respect to nationwide consumer reporting agencies: CONSUMERS HAVE THE RIGHT TO OBTAIN A SECURITY FREEZE You have a right to place a “security freeze” on your credit report, which will prohibit a consumer reporting agency from releasing information in your credit report without your express authorization. The security freeze is designed to prevent credit, loans, and services from being approved in your name without your consent. However, you should be aware that using a security freeze to take control over who gets access to the personal and financial information in your credit report may delay, interfere with, or prohibit the timely approval of any subsequent request or application you make regarding a new loan, credit, mortgage, or any other account involving the extension of credit. As an alternative to a security freeze, you have the right to place an initial or extended fraud alert on your credit file at no cost. An initial fraud alert is a 1-year alert that is placed on a consumer’s credit file. Upon seeing a fraud alert display on a consumer’s credit file, a business is required to take steps to verify the consumer’s identity before extending new credit. If you are a victim of identity theft, you are entitled to an extended fraud alert, which is a fraud alert lasting 7 years. A security freeze does not apply to a person or entity, or its affiliates, or collection agencies acting on behalf of the person or entity, with which you have an existing account that requests information in your credit report for the purposes of reviewing or collecting the account. Reviewing the account includes activities related to account maintenance, monitoring, credit line increases, and account upgrades and enhancements. You may seek damages from violators. If a consumer reporting agency, or, in some cases, a user of consumer reports or a furnisher of information to a consumer reporting agency violates the FCRA, you may be able to sue in state or federal court. Identity theft victims and active duty military personnel have additional rights. For more information, visit www.consumerfinance.gov/learnmore. States may enforce the FCRA, and many states have their own consumer reporting laws. In some cases, you may have more rights under state law. For more information, contact your state or local consumer protection agency or your state Attorney General. For information about your federal rights, contact: TYPE OF BUSINESS: CONTACT: 1.a. Banks, savings associations, and credit unions with total assets of over $10 billion and their affiliates b. Such affiliates that are not banks, savings associations, or credit unions also should list, in addition to the CFPB: a. Consumer Financial Protection Bureau 1700 G Street, N.W. Washington, DC 20552 b. Federal Trade Commission Consumer Response Center 600 Pennsylvania Avenue, N.W. Washington, DC 20580 (877) 382-4357 2. To the extent not included in item 1 above: a. National banks, federal savings associations, and federal branches and federal agencies of foreign banks b. State member banks, branches and agencies of foreign banks (other than federal branches, federal agencies, and Insured State Branches of Foreign Banks), commercial lending companies owned or controlled by foreign banks, and organizations operating under section 25 or 25A of the Federal Reserve Act. c. Nonmember Insured Banks, Insured State Branches of Foreign Banks, and insured state savings associations d. Federal Credit Unions a. Office of the Comptroller of the Currency Customer Assistance Group 1301 McKinney Street, Suite 3450 Houston, TX 77010-9050 b. Federal Reserve Consumer Help Center P.O. Box 1200 Minneapolis, MN 55480 c. FDIC Consumer Response Center 1100 Walnut Street, Box #11 Kansas City, MO 64106 d. National Credit Union Administration Office of Consumer Financial Protection (OCFP) Division of Consumer Compliance Policy and Outreach 1775 Duke Street Alexandria, VA 22314 3. Air carriers Asst. General Counsel for Aviation Enforcement & Proceedings Aviation Consumer Protection Division Department of Transportation 1200 New Jersey Avenue, S.E. Washington, DC 20590 4. Creditors Subject to the Surface Transportation Board Office of Proceedings, Surface Transportation Board Department of Transportation 395 E Street, S.W. Washington, DC 20423 5. Creditors Subject to the Packers and Stockyards Act, 1921 Nearest Packers and Stockyards Administration area supervisor 6. Small Business Investment Companies Associate Deputy Administrator for Capital Access United States Small Business Administration 409 Third Street, S.W., Suite 8200 Washington, DC 20416 7. Brokers and Dealers Securities and Exchange Commission 100 F Street, N.E. Washington, DC 20549 8. Federal Land Banks, Federal Land Bank Associations, Federal Intermediate Credit Banks, and Production Credit Associations Farm Credit Administration 1501 Farm Credit Drive McLean, VA 22102-5090 9. Retailers, Finance Companies, and All Other Creditors Not Listed Above Federal Trade Commission Consumer Response Center 600 Pennsylvania Avenue, N.W. Washington, DC 20580 (877) 382-4357 EXHIBIT A-3 Vermont Fair Credit Reporting Statute, 9 V.S.A. § 2480e (1999) § 2480e. Consumer consent (a) A person shall not obtain the credit report of a consumer unless: (1) the report is obtained in response to the order of a court having jurisdiction to issue such an order; or (2) the person has secured the consent of the consumer, and the report is used for the purpose consented to by the consumer. (b) Credit reporting agencies shall adopt reasonable procedures to assure maximum possible compliance with subsection (a) of this section. (c) Nothing in this section shall be construed to affect: (1) the ability of a person who has secured the consent of the consumer pursuant to subdivision (a)(2) of this section to include in his or her request to the consumer permission to also obtain credit reports, in connection with the same transaction or extension of credit, for the purpose of reviewing the account, increasing the credit line on the account, for the purpose of taking collection action on the account, or for other legitimate purposes associated with the account; and (2) the use of credit information for the purpose of prescreening, as defined and permitted from time to time by the Federal Trade Commission. ________________________________________________________________________________________________________________________________ VERMONT RULES *** CURRENT THROUGH JUNE 1999 *** AGENCY 06. OFFICE OF THE ATTORNEY GENERAL SUB-AGENCY 031. CONSUMER PROTECTION DIVISION CHAPTER 012. Consumer Fraud--Fair Credit Reporting RULE CF 112 FAIR CREDIT REPORTING CVR 06-031-012, CF 112.03 (1999) CF 112.03 CONSUMER CONSENT (a) A person required to obtain consumer consent pursuant to 9 V.S.A. §§ 2480e and 2480g shall obtain said consent in writing if the consumer has made a written application or written request for credit, insurance, employment, housing or governmental benefit. If the consumer has applied for or requested credit, insurance, employment, housing or governmental benefit in a manner other than in writing, then the person required to obtain consumer consent pursuant to 9 V.S.A. §§ 2480e and 2480g shall obtain said consent in writing or in the same manner in which the consumer made the application or request. The terms of this rule apply whether the consumer or the person required to obtain consumer consent initiates the transaction. (b) Consumer consent required pursuant to 9 V.S.A. §§ 2480e and 2480g shall be deemed to have been obtained in writing if, after a clear and adequate written disclosure of the circumstances under which a credit report or credit reports may be obtained and the purposes for which the credit report or credit reports may be obtained, the consumer indicates his or her consent by providing his or her signature. (c) The fact that a clear and adequate written consent form is signed by the consumer after the consumer's credit report has been obtained pursuant to some other form of consent shall not affect the validity of the earlier consent. EXHIBIT B ACCESS SECURITY REQUIREMENTS The parties acknowledge they must work together to protect the privacy of consumers. The following measures are designed to reduce unauthorized access of consumer reports. In accessing consumer information, End User agrees to implement and maintain the following measures: 1. All credentials such as user names/identifiers (user IDs) and user passwords must be kept confidential and must not be disclosed to an unauthorized party. End User agrees it will not discuss its Sterling credentials by telephone with any unknown caller, even if the caller claims to be an employee of End User or Sterling. 2. IT resources owned by the End User but used to access Sterling systems (“system access software”), whether developed by it or purchased from a third party vendor, will have End User’s Sterling account username and password information “hidden” or embedded and be known only by authorized personnel. End User will assign each user of any system access software a unique logon password to access the End User’s systems or networks. If such system access software is replaced by different access software and therefore no longer is in use or, alternatively, the hardware upon which such system access software resides is no longer being used or is being disposed of, or if the password has been compromised or believed to be compromised in any way, End User will change its password immediately. 3. Create a unique user ID for each user to enable individual authentication and accountability for access to Sterling’s infrastructure. Each use of the system access software must also have a unique logon password. 4. User IDs and passwords shall only be assigned to authorized individuals based on least privilege necessary to perform job responsibilities. 5. User IDs and passwords must not be shared, posted, or otherwise divulged in any manner. 6. Develop strong passwords that (i) contain a minimum of eight (8) alphanumeric characters for standard user accounts, and (ii) for interactive sessions (i.e. non system-to-system) ensure that passwords are changed periodically (every 90 days is recommended). 7. Passwords (e.g. subscriber code passwords, user password) must be changed immediately when (i) any system access software is replace by another system access software or is no longer used, and/or (ii) any suspicion of password being disclosed to an unauthorized party 8. Protect all passwords using, for example, encryption or a cryptographic hashing algorithm also known as “one-way” encryption. When using encryption, ensure that strong encryption algorithm are utilized (e.g. AES 256 or above). 9. Implement password protected screensavers with a maximum thirty (30) minute timeout to protect unattended workstations. Systems should be manually locked before being left unattended. 10. Terminate access rights immediately for users who access consumer information when those users are terminated or when they have a change in their job tasks an no longer require access to that consumer information. Region 4 Education Service Center (ESC) Contract # R191303 for Pre-Employment Background Screening, Related Products and Services with Sterling Infosystems, Inc. dba Sterling Effective: January 1, 2020 The following documents comprise the executed contract between the Region 4 Education Service Center and Sterling Infosystems, Inc. dba Sterling, effective January 1, 2020: I. Vendor Contract and Signature Form II.Supplier’s Response to the RFP, incorporated by reference Confidential & Proprietary This material prepared for Region 4 Education Service Center constitutes confidential and proprietary information of Sterling and its reproduction, publication or disclosure to others without the express authorization of the President, or the General Counsel, of Sterling is strictly prohibited. Pre-Employment Background Screening, Related Products and Services August 15, 2019 Presented By: Cecilia Green Regional Director, Industrial, Government & Education O: 214.387.8552 M: 425.219.0865 E: cecilia.green@sterlingcheck.com Sterling 1 State Street Plaza, 24th Floor New York, New York 10004 United States sterlingcheck.com Sterling’s Response to Request for Proposal: R egion 4 Education Service Center Pre-Employment Background Screening, Related Products and Services Solicitation Number 19-13 PRE-EMPLOYMENT BACKGROUND SCREENING, RELATED PRODUCTS AND SERVICES | AUGUST 15, 2019 i Proprietary and Confidential © 2019 Sterling | www.sterlingcheck.com Cover Letter August 15, 2019 Crystal Wallace, Business Operations Specialist Region 4 Education Service Center 7145 West Tidwell Road Houston, TX, 77092 Hello, Thank you for the opportunity to respond to Region 4 Education Service Center’s (ESC) Request for Proposal for Pre-Employment Background Screening, Related Products and Services. Our proposal is valid and irrevocable for one-hundred twenty (120) days after the proposal due date and time. We understand that for ESC, finding reliable, talented professionals to work with goes right to the heart of your values—a relentless focus on safety and an uncompromising standard of quality. Organizations like ESC select Sterling as their background screening partner because they benefit from the scale, accuracy, and efficiency of the industry’s leading provider of background and identity services. We work with over 25,000 clients worldwide, including 25% of the Fortune 100. Through its Industrials, Government & Education practice, Sterling focuses on the unique and vital roles of these critical sectors that impact people’s lives every day. A common theme across the public sector is sensitivity to safety and efficiency while being mindful of reputation and community relationships We’re uniquely positioned to provide ESC with: o The industry’s highest “hit rates” and fastest turnaround times with the lowest defect rates. Sterling will find more criminal information on your candidates in less time and with fewer errors. How? Technology and automation. As a result, 66% of criminal checks close in less than an hour. o Peace of mind in keeping up with highly complex, rapidly changing regulatory requirements. When it comes to federal, state, and international compliance, Sterling will keep you ahead of the curve. We’ll make sure you are always in line with today’s requirements and best practices. Sterling understands the varied compliance landscape across all states to help ensure that your program is effective while abiding by applicable laws and regulations. o Support and fulfillment personnel dedicated to government and educational services. Every person interacting with ESC’s account will be part of an industry- aligned team—from your Client Success Partner to the employees fulfilling your background checks. As a result, you’ll receive more tailored service from a team that knows the unique needs of government and or education across the full range of background screening services, including fingerprinting and emerging solutions to validate the identity of those that are hired. o Identity Solutions. Sterling’s forward thinking allows us to deliver fingerprinting solutions supported in over 750 UPS locations across the US that can capture and deliver fingerprints through numerous channeling agents. Sterling is also innovating in ID verification solutions through advanced facial recognition and image technologies. ƒ One provider to manage all your global background checks. Sterling provides background check services in 249 geographies, performing over 1,500,000 screens outside the US PRE-EMPLOYMENT BACKGROUND SCREENING, RELATED PRODUCTS AND SERVICES | AUGUST 15, 2019 ii Proprietary and Confidential © 2019 Sterling | www.sterlingcheck.com annually. Sterling prides itself on the role it has played, for more than 44 years, in making workplaces and educational environments safer. This is particularly critical for vulnerable populations, like children, supported by our comprehensive solutions that help ensure that you know relevant information about your applicants and employees. We have built our reputation on delivering efficient, high-quality end-to-end solutions while cultivating strong, sustainable relationships. We look forward to forming a long-term strategic partnership with ESC—and to becoming your trusted advisor in the employment screening space. If you have any questions, feel free to reach out to me. Regards, Cecilia Green Cecilia Green Regional Director, Industrial, Government & Education O: 214.387.8552 M: 425.219.0865 E: cecilia.green@sterlingcheck.com PRE-EMPLOYMENT BACKGROUND SCREENING, RELATED PRODUCTS AND SERVICES | AUGUST 15, 2019 iii Proprietary and Confidential © 2019 Sterling | www.sterlingcheck.com Table of Contents Cover Letter ............................................................................................................................................ i Tab 1 – Draft Contract and Offer and Contract Signature Form (Appendix A) ........................... 1 Tab 2 – Products/Pricing .................................................................................................................... 2 Tab 3 – Performance Capability ........................................................................................................ 3 Tab 4 – Qualification and Experience ............................................................................................... 4 Tab 5 – Value Add RFP ........................................................................................................................ 7 Tab 6 – Additional Required Documents (Appendix C) ............................................................... 65 Sterling attachments Business Continuity Plan Dun and Bradstreet Report Program Reports and Analytics Sample Service Level Agreement 2 Memory sticks – non redacted proposal 2 Memory sticks – redacted proposal Appendices DDocument Location in Proposal Appendix A - Draft Contract and Offer and Contract Signature Form Tab 1 Appendix B - Terms and Conditions Acceptance Form Tab 1 Appendix C - Additional Required Documents Tab 6 x Acknowledgment and Acceptance of Region 4 ESC’s Open Records Policy (Appendix C, Doc #1) Tab 6 x Antitrust Certification Statement (Tex. Government Code § 2155.005) (Appendix C, Doc #2) Tab 6 x Implementation of House Bill 1295 Certificate of Interested Parties (Form 1295) (Appendix C, Doc #3) Tab 6 x Texas Government Code 2270 Verification Form (Appendix C, Doc #4) Tab 6 PRE-EMPLOYMENT BACKGROUND SCREENING, RELATED PRODUCTS AND SERVICES | AUGUST 15, 2019 iv Proprietary and Confidential © 2019 Sterling | www.sterlingcheck.com x Any additional agreements Offeror will require Participating Agencies to sign Tab 6 Appendix D, Exhibit A – Price Proposal ƒ Sample Adverse Action Letter ƒ Sample PreAdverse Action Letter Tab 2 Appendix E – Price Proposal (see: Requirements for National Cooperative Contract) Tab 3 Exhibit A – RESPONSE FOR NATIONAL COOPERATIVE CONTRACT Tab 3 Exhibit B – ADMINISTRATION AGREEMENT, EXAMPLE prior to contract Tab 3 Exhibit C – MASTER INTERGOVERNMENTAL COOPERATIVE PURCHASING AGREEMENT, EXAMPLE Tab 3 (Not required) Exhibit D – PRINCIPAL PROCUREMENT AGENCY CERTIFICATE, EXAMPLE Tab 3 (Not required) Exhibit E – CONTRACT SALES REPORTING TEMPLATE Tab 3 Exhibit F – FEDERAL FUNDS CERTIFICATIONS Tab 3 Exhibit G – NEW JERSEY BUSINESS COMPLIANCE DOC #1 Ownership Disclosure Form DOC #2 Non-Collusion Affidavit DOC #3 Affirmative Action Affidavit ƒ Affirmative Action Affidavit - Sterling EEO Report DOC #4 Political Contribution Disclosure Form DOC #5 Stockholder Disclosure Certification DOC #6 Certification of Non-Involvement in Prohibited Activities in Iran DOC #7 New Jersey Business Registration Certificate ƒ Sterling NJ Business Registration Certificate Tab 3 Exhibit H – ADVERTISING COMPLIANCE REQUIREMENT Tab 3 APPENDIX A DRAFT CONTRACT This Contract (“Contract”) is made as of October 22, 2019 by and between Sterling Infosystems, Inc. d/b/a Sterling (“Contractor”) and Region 4 Education Service Center (“Region 4 ESC”) for the purchase of pre-employment background screening, related products and services s(“the products and services”). RECITALS WHEREAS, Region 4 ESC issued Request for Proposals Number RFP #19-13 for Pre-Employment Background Screening, Related Products and Services (“RFP”), to which Contractor provided a response (“Proposal”); and WHEREAS, Region 4 ESC selected Contractor’s Proposal and wishes to engage Contractor in providing the services/materials described in the RFP and Proposal; WHEREAS, both parties agree and understand the following pages will constitute the Contract between the Contractor and Region 4 ESC, having its principal place of business at 7145 West Tidwell Road, Houston, TX 77092. WHEREAS, Contractor included, in writing, any required exceptions or deviations from these terms, conditions, and specifications; and it is further understood that, if agreed to by Region 4 ESC, said exceptions or deviations are incorporated into the Contract. WHEREAS, this Contract consists of the provisions set forth below, including provisions of all attachments referenced herein. In the event of a conflict between the provisions set forth below and those contained in any attachment, the provisions set forth below shall control. WHEREAS, the Contract will provide that any state and local governmental entities, public and private primary, secondary and higher education entities, non-profit entities, and agencies for the public benefit (“Public Agencies”) may purchase products and services at prices indicated in the Contract upon the Public Agency’s registration with OMNIA Partners. 1) Term of agreement. The Contract is for a period of three (3) years. Region 4 ESC shall have the right to renew the Contract for two (2) additional one-year periods or portions thereof. Region 4 ESC shall review the Contract prior to the renewal date and notify the Contractor of Region 4 ESC’s intent renew the Contract. Contractor may elect not to renew by providing three hundred sixty-five days’ notice to Region 4 ESC. 2) Scope: Contractor shall perform all duties, responsibilities and obligations, set forth in this agreement, and described in the RFP, incorporated herein by reference as though fully set forth herein. 3) Form of Contract. The form of Contract shall be the RFP, the Offeror’s proposal and Best and Final Offer(s). 4) Order of Precedence. In the event of a conflict in the provisions of the Contract as accepted by Region 4 ESC, the following order of precedence shall prevail: i. This Contract ii. Offeror’s Best and Final Offer iii. Offeror’s proposal iv. RFP and any addenda 5) Commencement of Work. The Contractor is cautioned not to commence any billable work or provide any material or service under this Contract until Contractor receives a purchase order for such work or is otherwise directed to do so in writing by Region 4 ESC. 6) Entire Agreement (Parol evidence). The Contract, as specified above, represents the final written expression of agreement. All agreements are contained herein and no other agreements or representations that materially alter it are acceptable. 7) Assignment of Contract. No assignment of Contract may be made without the prior written approval of Region 4 ESC. Contractor is required to notify Region 4 ESC when any material change in operations is made (i.e. bankruptcy, change of ownership, merger, etc.). 8) Novation. If Contractor sells or transfers all assets or the entire portion of the assets used to perform this Contract, a successor in interest must guarantee to perform all obligations under this Contract. Region 4 ESC reserves the right to accept or reject any new party. A change of name agreement will not change the contractual obligations of Contractor. 9) Contract Alterations. No alterations to the terms of this Contract shall be valid or binding unless authorized and signed by Region 4 ESC. 10) Adding Authorized Distributors/Dealers. Contractor is prohibited from authorizing additional distributors or dealers, other than those identified at the time of submitting their proposal, to sell under the Contract without notification and prior written approval from Region 4 ESC. Contractor must notify Region 4 ESC each time it wishes to add an authorized distributor or dealer. Purchase orders and payment can only be made to the Contractor unless otherwise approved by Region 4 ESC. Pricing provided to members by added distributors or dealers must also be less than or equal to the Contractor’s pricing. 11) TERMINATION OF CONTRACT a) Cancellation for Non-Performance or Contractor Deficiency. Region 4 ESC may terminate the Contract if purchase volume is determined to be low volume in any 12-month period. Region 4 ESC reserves the right to cancel the whole or any part of this Contract due to failure by Contractor to carry out any obligation, term or condition of the contract. Region 4 ESC may issue a written deficiency notice to Contractor for acting or failing to act in any of the following: i. Providing material that does not meet the specifications of the Contract; ii. Providing work or material was not awarded under the Contract; iii. Failing to adequately perform the services set forth in the scope of work and specifications; iv. Failing to complete required work or furnish required materials within a reasonable amount of time; v. Failing to make progress in performance of the Contract or giving Region 4 ESC reason to believe Contractor will not or cannot perform the requirements of the Contract; or vi. Performing work or providing services under the Contract prior to receiving an authorized purchase order. Upon receipt of a written deficiency notice, Contractor shall have thirty (30) days to provide a satisfactory response to Region 4 ESC. Failure to adequately address all issues of concern may result in Contract cancellation. Upon cancellation under this paragraph, all goods, materials, work, documents, data and reports prepared by Contractor under the Contract shall immediately become the property of Region 4 ESC. b) Termination for Cause. If, for any reason, Contractor fails to fulfill its obligation in a timely manner, or Contractor violates any of the covenants, agreements, or stipulations of this Contract Region 4 ESC reserves the right to terminate the Contract immediately and pursue all other applicable remedies afforded by law. Such termination shall be effective by delivery of notice, to the Contractor, specifying the effective date of termination. In such event, all documents, data, studies, surveys, drawings, maps, models and reports prepared by Contractor will become the property of the Region 4 ESC. If such event does occur, Contractor will be entitled to receive just and equitable compensation for the satisfactory work completed on such documents. c) Delivery/Service Failures. Failure to deliver goods or services within the time specified, or within a reasonable time period as interpreted by the purchasing agent or failure to make replacements or corrections of rejected articles/services when so requested shall constitute grounds for the Contract to be terminated. In the event Region 4 ESC must purchase in an open market, Contractor agrees to reimburse Region 4 ESC, within a reasonable time period, for all expenses incurred. d) Force Majeure. If by reason of Force Majeure, either party hereto shall be rendered unable wholly or in part to carry out its obligations under this Contract then such party shall give notice and full particulars of Force Majeure in writing to the other party within a reasonable time after occurrence of the event or cause relied upon, and the obligation of the party giving such notice, so far as it is affected by such Force Majeure, shall be suspended during the continuance of the inability then claimed, except as hereinafter provided, but for no longer period, and such party shall endeavor to remove or overcome such inability with all reasonable dispatch. The term Force Majeure as employed herein, shall mean acts of God, strikes, lockouts, or other industrial disturbances, act of public enemy, orders of any kind of government of the United States or the State of Texas or any civil or military authority; insurrections; riots; epidemics; landslides; lighting; earthquake; fires; hurricanes; storms; floods; washouts; droughts; arrests; restraint of government and people; civil disturbances; explosions, breakage or accidents to machinery, pipelines or canals, or other causes not reasonably within the control of the party claiming such inability. It is understood and agreed that the settlement of strikes and lockouts shall be entirely within the discretion of the party having the difficulty, and that the above requirement that any Force Majeure shall be remedied with all reasonable dispatch shall not require the settlement of strikes and lockouts by acceding to the demands of the opposing party or parties when such settlement is unfavorable in the judgment of the party having the difficulty. e) Standard Cancellation. Region 4 ESC may cancel this Contract in whole or in part by providing written notice. The cancellation will take effect 30 business days after the other party receives the notice of cancellation. After the 30th business day all work will cease following completion of final purchase order. 12) Licenses. Contractor shall maintain in current status all federal, state and local licenses, bonds and permits required for the operation of the business conducted by Contractor. Contractor shall remain fully informed of and in compliance with all ordinances and regulations pertaining to the lawful provision of services under the Contract. Region 4 ESC reserves the right to stop work and/or cancel the Contract if Contractor’s license(s) expire, lapse, are suspended or terminated. 13) Survival Clause. All applicable software license agreements, warranties or service agreements that are entered into between Contractor and Region 4 ESC under the terms and conditions of the Contract shall survive the expiration or termination of the Contract. All Purchase Orders issued and accepted by Contractor shall survive expiration or termination of the Contract. 14) Payments. Payment shall be made after satisfactory performance, in accordance with all provisions thereof, and upon receipt of a properly completed invoice. 15) Price Adjustments. Should it become necessary or proper during the term of this Contract to make any change in design or any alterations that will increase price, Region 4 ESC must be notified immediately. Price increases must be approved by Region 4 ESC and no payment for additional materials or services, beyond the amount stipulated in the Contract shall be paid without prior approval. All price increases must be supported by manufacturer documentation, or a formal cost justification letter. Contractor must honor previous prices for thirty (30) days after approval and written notification from Region 4 ESC. It is the Contractor’s responsibility to keep all pricing up to date and on file with Region 4 ESC. All price changes must be provided to Region 4 ESC, using the same format as was provided and accepted in the Contractor’s proposal. Price reductions may be offered at any time during Contract. Special, time-limited reductions are permissible under the following conditions: 1) reduction is available to all users equally; 2) reduction is for a specific period, normally not less than thirty (30) days; and 3) original price is not exceeded after the time-limit. Contractor shall offer Region 4 ESC any published price reduction during the Contract term. 16) Audit Rights. Contractor shall, at its sole expense, maintain appropriate due diligence of all purchases made by Region 4 ESC and any entity that utilizes this Contract. Region 4 ESC reserves the right to audit the accounting for a period of three (3) years from the time such purchases are made. This audit right shall survive termination of this Agreement for a period of one (1) year from the effective date of termination. Region 4 ESC shall have the authority to conduct random audits of Contractor’s pricing at Region 4 ESC's sole cost and expense. Notwithstanding the foregoing, in the event that Region 4 ESC is made aware of any pricing being offered that is materially inconsistent with the pricing under this agreement, Region 4 ESC shall have the ability to conduct an extensive audit of Contractor’s pricing at Contractor’s sole cost and expense. Region 4 ESC may conduct the audit internally or may engage a third-party auditing firm. In the event of an audit, the requested materials shall be provided in the format and at the location designated by Region 4 ESC. 17) New Products/Services. New products and/or services that meet the scope of work may be added to the Contract. Pricing shall be equivalent to the percentage discount for other products. Contractor may replace or add product lines if the line is replacing or supplementing products, is equal or superior to the original products, is discounted similarly or greater than the original discount, and if the products meet the requirements of the Contract. No products and/or services may be added to avoid competitive procurement requirements. Region 4 ESC may require additions to be submitted with documentation from Members demonstrating an interest in, or a potential requirement for, the new product or service. Region 4 ESC may reject any additions without cause. 18) Options. Optional equipment for products under Contract may be added to the Contract at the time they become available under the following conditions: 1) the option is priced at a discount similar to other options; 2) the option is an enhancement to the unit that improves performance or reliability. 19) Registered Sex Offender Restrictions. For work to be performed at schools, Contractor agrees no employee or employee of a subcontractor who has been adjudicated to be a registered sex offender will perform work at any time when students are or are reasonably expected to be present. Contractor agrees a violation of this condition shall be considered a material breach and may result in the cancellation of the purchase order at Region 4 ESC’s discretion. Contractor must identify any additional costs associated with compliance of this term. If no costs are specified, compliance with this term will be provided at no additional charge. 20) Funding Out Clause. A Contract for the acquisition, including lease, of real or personal property is a commitment of Region 4 ESC’s current revenue only. Region 4 ESC retains the right to terminate the Contract at the expiration of each budget period during the term of the Contract and is conditioned on a best effort attempt by Region 4 ESC to obtain appropriate funds for payment of the contract. 21) Indemnity. Contractor shall protect, indemnify, and hold harmless both Region 4 ESC and its administrators, employees and agents against all claims, damages, losses and expenses arising out of or resulting from the actions of the Contractor, Contractor employees or subcontractors in the preparation of the solicitation and the later execution of the Contract. Any litigation involving either Region 4 ESC, its administrators and employees and agents will be in Harris County, Texas. 22) Marketing. Contractor agrees to allow Region 4 ESC to use their name and logo within website, marketing materials and advertisement. Any use of Region 4 ESC name and logo or any form of publicity, inclusive of press releases, regarding this Contract by Contractor must have prior approval from Region 4 ESC. 23) Certificates of Insurance. Certificates of insurance shall be delivered to the Region 4 ESC prior to commencement of work or upon request. The Contractor shall give Region 4 ESC a minimum of ten (10) days’ notice prior to any modifications or cancellation of policies. The Contractor shall require all subcontractors performing any work to maintain coverage as specified. 24) Legal Obligations. It is Contractor’s responsibility to be aware of and comply with all local, state, and federal laws governing the sale of products/services and shall comply with all laws while fulfilling the Contract. Applicable laws and regulation must be followed even if not specifically identified herein. i s■ 11 iG ■—A VINA MW91Vl1 The undersigned hereby offers and, if awarded, agrees to furnish goods and/or services in strict compliance with the terms, specifications and conditions at the prices proposed within response unless noted in writing. Company Name Sterling infos stems Inc. dba Sterling Address 1 State St.Piaza, 24th Floor City/State/Zip New York NY 10004 Telephone No. Email Address Printed Name Title Authorized signature Accepted by Region 4 ESC: Contract No. II�t43u3 Initial Contract Term 30-nwuLr'A 1 ?_-� �, _ to _ DEC Er") ber 31. ?_U Z Regiorf 4 ESC Auth ed Board Member Prine Nam e- Region 4 ESC Auto ed Board Member Print Name � qa Date J d Date Appendix B TERMS & CONDITIONS ACCEPTANCE FORM Signature on the Offer and Contract Signature form certifies complete acceptance of the terms and conditions in this solicitation and draft Contract except as noted below with proposed substitute language (additional pages may be attached, if necessary). The provisions of the RFP cannot be modified without the express written approval of Region 4 ESC. If a proposal is returned with modifications to the draft Contract provisions that are not expressly approved in writing by Region 4 ESC, the Contract provisions contained in the RFP shall prevail. Check one of the following responses: Offeror takes no exceptions to the terms and conditions of the RFP and draft Contract. (Note: If none are listed below, it is understood that no exceptions/deviations are taken.) Sterling requests that a comprehensive review of the terms and conditions be deferred until the point in time if/when Sterling has been down-selected. Please note that as a consumer reporting agency, Sterling must comply with the Fair Credit Reporting Act, as amended ("FCRA"). The FCRA establishes specific obligations with respect to employment screening that apply to both employers and consumer reporting agencies. Sterling is required to include these obligations in the agreement between the parties. As such, Sterling requests that Participating Public Agencies review and execute Sterling’s standard Service Agreement. (Sterling Exhibit 1 - US Master Service Agreement with BSRA Sample). Offeror takes the following exceptions to the RFP and draft Contract. All exceptions must beclearlyexplained,referencethecorrespondingtermtowhichOfferoristaking exception and clearly state any proposed modified language, proposed additional terms to the RFP and draft Contract must be included: (Note: Unacceptable exceptions may remove Offeror’s proposal from consideration for award. Region 4 ESC shall be the sole judge on the acceptance of exceptions and modifications and the decision shall be final. If an offer is made with modifications to the contract provisions that are not expressly approved in writing, the contract provisions contained in the RFP shall prevail.) Section/Page Term, Condition, or Specification Exception/Proposed Modification Accepted (For Region 4 ESC’s use) Page 1 of 13 SERVICE AGREEMENT This Service Agreement (“Agreement”), effective as of the date of Sterling’s signature (“Effective Date”), is made by and between Sterling Infosystems, Inc. d/b/a Sterling with offices located at 1 State Street Plaza, 24th Floor, New York, NY 10004 (“Sterling”) and with offices located at ("Client"). In consideration of the mutual obligations set forth in this Agreement, each party agrees to the terms and conditions below and represents that this Agreement is executed by its duly authorized representative. 1. Services 1.1 Sterling shall make available to Client the services listed on Attachment 1, attached hereto, (“Services”) through the applicable Sterling service platform listed on Attachment 1 (“Platform”). Sterling and Client agree that Client’s orders for Services are expected to commence on or about (the “Commencement Date”). Any twelve (12) month period starting on the Commencement Date or anniversary thereof is referred to as a “Contract Year”. 1.2 The initial term of this Agreement shall commence on the Commencement Date and continue for a term of thirty-six (36) months (“Initial Term”). Thereafter this Agreement shall automatically renew for successive terms equal in length to the Initial Term (each a “Renewal Term”) unless either party gives notice of its intent not to renew at least seventy five (75) days prior to the end of the then current term. The Initial Term and any Renewal Terms constitute the “Term” of this Agreement. Sterling will not provide Services to Client until (i) Client has executed the Background Screening Requirements Addendum (the terms of which are incorporated by reference herein) and (ii) Sterling has approved Client’s Credentialing Application. Client’s affiliates and subsidiaries may use Sterling’s Services under this Agreement, provided that (a) each such affiliate and subsidiary executes a separate Background Screening Requirement Addendum and Credentialing Application, as may be required by Sterling; and (b) Client is responsible for such affiliates’ and subsidiaries’ acts, omissions and compliance with this Agreement. 1.3 During the Term Sterling shall be Client’s exclusive provider of employee screening services, including without limitation verifications, drug testing, criminal background searches and corporate due diligence. 2. Invoicing and Payment 2.1 Sterling will invoice Client monthly at the prices set forth on Attachment 1 and payment shall be due within thirty (30) days of the date of invoice. A late payment charge of the lesser of 1 ½% per month or the highest lawful rate may be applied to any outstanding balances until paid. Client shall also reimburse Sterling for all costs incurred in collecting any late payments, including, without limitation, reasonable attorneys’ fees. 2.2 After the initial Contract Year, Sterling may revise pricing for Services upon thirty (30) days written notice. Client agrees that the pricing on Attachment 1 is based on Client’s projected annual volume as set forth on Attachment 1. If Client’s actual volume, by one or more measure on Attachment 1, as of the end of a Contract Year is less than 90% of such projected volume, Sterling may revise its pricing upon written notice to Client. 2.3 Pricing is exclusive of, and Client will pay, any taxes relating to this Agreement applicable to Client. 3. Restrictions on Use 3.1 Client will obtain and use any background check report, including any consumer report or investigative consumer report, as those terms are defined in the Fair Credit Reporting Act, as amended (“FCRA”) (collectively “Screening Reports”), solely for the permissible purpose(s) designated by the Client in the Credentialing Application and in accordance with the requirements in the Background Screening Requirements Addendum. Client is responsible for ensuring that its use of the Services and Screening Reports complies with all applicable local, state, federal and international laws, rules, regulations or requirements, including, but not limited to the FCRA. 3.2 Client will not provide any part of the Services or Screening Reports to others, whether directly or indirectly, through incorporation in a database, report or otherwise. 4. Confidentiality 4.1 Client shall not disclose any Screening Reports, or any portion thereof, provided to it by Sterling hereunder except as permitted by this Agreement, required by law, or to the subject of the report. 4.2 Each party (“Recipient”) will treat, and take all reasonable and necessary steps to prevent the disclosure of, all information provided by the other party (“Discloser”) that Discloser designates in writing to be confidential (or that would be understood to be confidential by a reasonable person) in the same manner as Recipient treats its own confidential information (which shall be no less than a reasonable degree of care). Discloser represents and warrants that it has all necessary legal rights, title, consents and authority to disclose such confidential information to Recipient. Confidential information shall not include information that (i) is or becomes a part of the public domain through no act or omission of Recipient; (ii) was in Recipient’s lawful possession prior to Discloser’s disclosure to Recipient; (iii) is lawfully disclosed to Recipient by a third-party with the right to disclose such information and without restriction on such disclosure; or (iv) is independently developed by Recipient without use of or reference to the confidential information. Client shall not disclose the negotiated pricing or terms of this Agreement to any third party, except as required by applicable law. 5. Platform 5.1 Sterling will make the Platform available for access and use by Client through a modern web-browser. The Platform and Services may be provided to Client by Sterling and/or Sterling’s subsidiary and affiliate companies (“Sterling Affiliates”). 5.2 Sterling will maintain reasonable safeguards for the Platform designed to protect the security, confidentiality and Page 2 of 13 integrity of the information, data and other content, in any fo rm, that is provided, entered or uploaded by Client to the Platform (“Client Data”). The parties agree to the Data Processing Agreement set out in Attachment 2, attached hereto. 5.3 Client shall not, and shall ensure that its authorized users do not: (i) use the Platform to upload, transmit, or otherwise distribute any content that is threatening, defamatory, fraudulent, infringing, or otherwise unlawful; (ii) store, submit, or distribute viruses, worms, time bombs, malicious code, or any other items of a harmful nature; (iii) use the Platform for any unlawful purpose or to engage in any activity that violates applicable law or the rights of others; (iv) engage in any activity that interferes with or disrupts the Platform or third party data contained therein; (v) attempt to gain unauthorized access to the Platform or its related systems or networks; or (vi) make derivative works of, disassemble, or attempt to reverse compile or reverse engineer any part of the Platform or Services, or access the Platform in order to build a similar or competitive product or service (or contract with a third party to do so). 6. Ownership 6.1 Except for the rights expressly granted to Sterling in this Agreement, Client shall retain all right, title and interest to the Client Data. Notwithstanding the foregoing, Sterling may compile, extract or anonymize data from Client Data in connection with its performance of the Services in aggregate statistical form in such a way that neither the individual(s) being screened nor Client can reasonably be identified, and Sterling will own all right, title and interest in such compiled, extracted or anonymized data. Sterling shall retain all right, title and interest in and to the Platform and all technology and software used to provide it, including all modifications and/or enhancements to the Platform, regardless of the source of inspiration. 7. Disclaimers 7.1 Client acknowledges (a) that the depth of information collected by Sterling varies among sources and Sterling cannot act as an insurer or guarantor of the accuracy, reliability or completeness of the data, and (b) that the information that Sterling discovers with respect to the subject of a background check report is subject to the reporting limitations of the FCRA and other applicable law. 7.2 Sterling may from time to time offer information, guidance, forms, materials, and/or other content (including sample documents) for informational purposes (“Content”), which is not intended to and shall not constitute legal or professional advice, either express or implied. Client agrees not to rely on Sterling for (nor shall Sterling render) legal or professional advice. Client acknowledges and agrees that it is solely responsible for its legal and employment related decisions and will consult with its own legal counsel (at Client’s discretion) regarding all employment law related matters, including but not limited to its legal obligations with respect to its procurement and use of the Services and Screening Reports. 7.3 EXCEPT AS EXPLICITLY SET FORTH IN THIS AGREEMENT, (A) THE PLATFORM, CONTENT AND ALL SERVICES ARE PROVIDED ON AN "AS IS," "AS AVAILABLE" BASIS, (B) STERLING DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING ANY WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, AND (C) STERLING DOES NOT WARRANT THAT THE PLATFORM, CONTENT OR SERVICES WILL BE UNINTERRUPTED OR ERROR-FREE AND DISCLAIMS ANY WARRANTY OR REPRESENTATION REGARDING AVAILABILITY OF THE PLATFORM, SERVICES, SERVICE LEVELS OR PERFORMANCE. 8. Limitation of Liability 8.1 NEITHER PARTY WILL BE LIABLE FOR ANY INCIDENTAL, SPECIAL, PUNITIVE, EXEMPLARY, INDIRECT, OR CONSEQUENTIAL DAMAGES OF ANY KIND (INCLUDING LOSS OF PROFITS), REGARDLESS OF WHETHER OR NOT THE OTHER PARTY WAS AWARE OR SHOULD HAVE BEEN AWARE OF THE POSSIBILITY OF SUCH DAMAGES. 8.2. EACH PARTY’S MAXIMUM LIABILITY ARISING OUT OF OR RELATING TO THIS AGREEMENT, REGARDLESS OF THE CAUSE OF ACTION (WHETHER IN CONTRACT, TORT, BREACH OF WARRANTY OR OTHERWISE), WILL NOT EXCEED THE TOTAL AMOUNT PAID AND PAYABLE BY CLIENT HEREUNDER DURING THE 12-MONTH PERIOD IMMEDIATELY PRECEDING THE DATE ON WHICH SUCH LOSS, DAMAGE, INJURY, CLAIM, COST OR EXPENSE OCCURRED. 8.3. The foregoing limitations shall not apply to the extent not permitted by applicable law or with respect to breach of Section 2.1, 3 or 4.1. 9. Termination 9.1 If a party materially breaches this Agreement, the non- breaching party may terminate this Agreement if such breach is not cured within sixty (60) days after written notice of such breach. 9.2 Sterling may immediately suspend Services or terminate this Agreement, in whole or in part, upon notice if (i) Client fails to pay amounts when due, (ii) Client files bankruptcy or reorganization or fails to discharge an involuntary petition within sixty (60) days after filing date, or (iii) Sterling reasonably believes that its provision, or Client’s use, of the Services v iolates the FCRA or other applicable law. 9.3 All provisions that by their nature are intended to survive, including but not limited to payment obligations, disclaimers of warranties, confidentiality and limitations of liability, shall survive the termination of this Agreement. 10. Choice of Law; Disputes 10.1 This Agreement is governed by and construed in accordance with the laws of the State of New York, without regard to choice of law provisions. Any disputes arising out of this Agreement that cannot be resolved by the parties will be brought in state or federal court located in New York County, New York. The parties shall file in federal court when possible. 11. Miscellaneous 11.1 This Agreement, addenda, attachments, exhibits and/or schedules (including the Background Screening Requirements Addendum and Credentialing Application), Page 3 of 13 constitute the entire agreement between Sterling and Client regarding the Services. All prior agreements, both oral and written, between the parties on the matters contained in this Agreement are expressly cancelled and superseded by this Agreement. In no event shall any terms or conditions included on any form of Client purchase order apply to the relationship between Sterling and Client hereunder. In the event of any conflict between this Agreement and any addenda, attachments, exhibits and/or schedules, this Agreement shall control. Any amendments of or waivers relating to this Agreement must be in writing signed by the party, or parties, to be charged therewith. Except for Client’s payment obligations hereunder, neither Party shall be responsible for any events or circumstances beyond its control including but not limited to war, riots, terrorism, embargoes, strikes and/or Acts of God) that prevent it from meeting its obligations under this Agreement. This Agreement may be executed in any number of counterparts, each of which will be deemed to be an original, and all of which taken together will be deemed to constitute one and the same instrument. Delivery of an executed signature page to this Agreement by any party by electronic transmission will be as effective as delivery of a manually executed copy of the Agreement by that party. 11.2 Except as otherwise set forth in this Agreement, all notices related to this Agreement shall be in writing and delivered to the party’s address specified in this Agreement. Notices related to billing may be sent via electronic mail to the billing contact designated by Client. 11.3 Sterling shall provide notice (an alert via the Platform is sufficient) with respect to any change to or discontinuation of any Services and/or the Platform as necessary to comply with applicable law or vendor requirements. 11.4 Sterling may use Client’s brands, logos, service marks, trade name, and other source identifiers for the purpose of representing to third parties that Sterling is providing Services to Client. 11.5 Neither party may assign this Agreement without the prior written consent of the other party; however, Sterling may assign this Agreement without prior written consent (i) to any of its affiliated companies, (ii) pursuant to a corporate reorganization, merger or consolidation of its business, or (iii) pursuant to the sale of all or substantially all of its assets. 11.6 Client acknowledges that Sterling’s suppliers, vendors, and/or partners may require Client to execute additional terms and conditions and/or documentation as a condition precedent to Sterling providing certain services. STERLING INFOSYSTEMS, INC. Client: Signature: \s2\ Signature: \s1\ Print Name: \n2\ Print Name: \n1\ Title: \t2\ Title: \t1\ Date: \d2\ Date: \d1\ Page 4 of 13 ATTACHMENT 1 – PRODUCTS AND PRICING PLATFORM: Expected Annual Volume (in number of applicants/employees searched) per Contract Year: Unless otherwise noted in a product description, Client understands and acknowledges that the Services reflected herein may incur additional fees in accordance with the then-current Fee Schedule (available upon request and subject to change), including, without limitation, court access fees, employment/education third party database costs, out of network drug testing fees, and state Department of Motor Vehicle fees (“Fees”). Fees, if any, will be included on monthly invoices and are subject to change without notice. Additional Services: The Platform includes an a la carte menu of select Sterling services (“Additional Services”). Unless already contracted for an Additional Service herein, all Additional Services will be available for Client to add to orders on a one-off basis at Sterling’s then-current list price. The available Additional Services are subject to change without notice. Client initial: \i1\ Page 5 of 13 ATTACHMENT 2 – DATA PROCESSING AGREEMENT 1. Definitions. Capitalized terms used but not defined herein shall have the meanings ascribed to them in the Agreement. 1.1. “Agreement” means the service agreement to which this Data Processing Agreement (“DPA”) is attached. 1.2. “Anonymize” means to make identifying information permanently unreadable and unrecoverable so that any remaining information can no longer be associated with a Data Subject or Client, taking into account all means reasonably likely to be used to reidentify the information. 1.3. “Applicable Law” means enactments that apply to the Processing of Client PI, including without limitation laws and regulations about privacy, data protection, police and court records, employment, and consumer reporting. 1.4. “Authority” means a court, regulatory or supervisory body, law enforcement agency or other government entity. 1.5. “BCRs” means binding corporate rules as defined in the GDPR. 1.6. “Client Personal Information ” or “Client PI” means information about identified or identifiable individuals (“Personal Information” or “PI”) Processed by Sterling under the Agreement. 1.7. “Data Incident” means the accidental, unauthorized or unlawful destruction, loss or disclosure of, or access to, Client PI in the custody of Sterling or a Sub-Processor, except if Client PI is accessed by or disclosed to: (a) an employee or agent of Sterling or a Sub-Processor; and (b) the Client PI is not misused or subject to further unauthorized disclosure. 1.8. “Data Subject” means an identified or identifiable individual. 1.9. “European Adequate Protection Area” means: (a) countries in the European Union (“EU”), the European Economic Area (“EEA”) and Switzerland; (b) countries that the European Commission recognizes as having an adequate level of protection for PI; and (c) entities located in the United States that have and maintain certification with the U.S. Department of Commerce that they comply with the Privacy Shield framework(s), and whose Privacy Shield certification applies to Client PI. 1.10. “EU Law” means the laws of the EU and EEA and its member states, including without limitation the General Data Protection Regulation (EU) 2016/679 (“GDPR”). 1.11. “GDPR Compensation Claim” means a claim for compensation against a party under Article 82 GDPR and all compensation, legal fees and other expenses arising directly from that claim. 1.12. “GDPR Fine” means an administrative fine imposed against a party under Article 83 GPDR. 1.13. “Process” means to perform any operation on information, including without limitation collection, use, access, communication, disclosure, storage, destruction and Anonymization. 1.14. “Programs” means documented information security, privacy, disaster recovery and business continuity programs that include without limitation policies, procedures, training, testing, monitoring, and enforcement. 1.15. “Retention Obligation” means Sterling’s obligation to retain Client PI under Applicable Law or a contract with a third-party source of Client PI. If EU Law applies, then Retention Obligations are limited to those imposed by EU Law. 1.16. “SCCs” means the standard contractual clauses issued under European Commission Decision 2010/87/EU. 1.17. “Sterling” means Sterling and all Sterling Affiliates, except RISQ Group Pty Ltd. and its subsidiaries (“RISQ”), which for the purposes of this DPA are Sub-Processors. Sterling may redefine RISQ as a Sterling Affiliate upon notice to Client. 1.18. “Sub-Processor” means an entity that Processes Client PI on behalf of Sterling. 1.19. “Third-Party Request” means a request, complaint, demand, notice or other communication Sterling receives from a Data Subject, Authority or other third party relating to Client PI, other than communications that are necessary to provide the Services. 1.20. If the United Kingdom withdraws from the European Union, then: (a) EU Law will be interpreted to mean the laws of the United Kingdom, the laws of the European Union and its member states, or both, whichever is most appropriate in the context; (b) GDPR will be interpreted to mean the GDPR, legislation enacted in the United Kingdom to replace the GDPR, or both, whichever is most appropriate in the context; (c) European Adequate Protection Area will be interpreted to mean the countries or entities recognized as providing adequate protection for PI by the European Commission as stated in section 1.9, the equivalent for the United Kingdom, or both, whichever is most appropriate in the context; and (d) the parties shall cooperate to amend or replace this DPA if necessary to comply with Applicable Law. 2. Compliance 2.1. The terms of this DPA will apply as long as Sterling has Client PI in its custody. 2.2. Sterling shall not authorize any person to Process Client PI unless that person is subject to appropriate confidentiality obligations. 2.3. Except as otherwise stated in this DPA, the Sterling Signer is responsible for Sterling Affiliates’ and Sterling personnel’s compliance, and liable for their non-compliance, with this DPA. 2.4. On Client’s request and at Client’s expense, Sterling shall provide reasonable assistance to Client in meeting its data protection obligations under EU Law. This may include, without limitation, participation in security or data protection impact assessments, audits, and interactions with Data Subjects or Authorities. Page 6 of 13 2.5. Client shall not instruct Sterling to Process Client PI in violation of Applicable Law. If EU Law applies, Sterling shall inform Client if Sterling believes any instruction from Client violates EU Law. 2.6. If there is a conflict between this DPA and the Agreement or any other contractual document between Sterling and the Client, this DPA will prevail, except: (a) if there is a conflict between this DPA and the Background Screening Requirements Addendum and United States federal, state, territorial or municipal law applies, then the Background Screening Requirements Addendum will prevail; or (b) if there is a conflict between this DPA and the SCCs and EU Law applies, then the SCCs will prevail. 2.7. Notwithstanding anything to the contrary in the Agreement or elsewhere, Sterling may deliver notice contemplated in this DPA by email or through its online platform. 3. Ownership and Control 3.1. Client owns and controls all Client PI. 3.2. For the purposes of EU Law, the parties consider that Client is a controller and Sterling is a processor of Client PI, except as otherwise stated in this DPA. For the purposes of federal or provincial privacy laws in Canada, the parties consider that Client has control of Client PI and Sterling has custody but not control of Client PI. 3.3. If Sterling is a responsible person or umbrella body for the purposes of criminal record disclosure carried out by the Disclosure and Barring Service, Disclosure Scotland or Access NI, then the parties consider that Sterling is a controller of Client PI Processed for these purposes. 3.4. Except as otherwise stated in this DPA or required by Applicable Law, Sterling shall: (a) notify Client of all Third-Party Requests without undue delay; (b) provide information and assistance to Client as Client reasonably requests to allow Client to respond to Third-Party Requests; and (c) not respond directly to Third-Party Requests except as directed by Client or required by Applicable Law. For the purposes of this section, where EU Law applies, Applicable Law is limited to EU Law. 4. Processing 4.1. This DPA applies to all Client PI that Sterling Processes. The types of Client PI that Sterling Processes that are subject to EU Law, if applicable, are listed in Annex 2. 4.2. The nature, purpose and subject matter of the Processing of Client PI are as documented in the Agreement. 4.3. The Data Subjects are Client’s prospective or current employees, volunteers, tenants, students, members, directors, registrants, contractual partners or others as documented in the Agreement or a credentialing application completed by Client. 4.4. The duration of the Processing is the duration of the Agreement and thereafter according to any further documented agreement between the parties. 4.5. Client acknowledges that the nature of the Services may require disclosure of Client PI to, and collection of Client PI from, third parties that are not Sub-Processors, including without limitation Authorities or the Data Subject’s current and past employers or educational institutions. Client’s request for Services will be deemed to be Client’s instruction to Sterling to disclose Client PI to, and collect Client PI from, third parties that are not Sub-Processors as necessary to perform those Services. 4.6. Sterling shall not Process Client PI except as necessary to: (a) provide the Services as documented in the Agreement; (b) comply with Client’s otherwise documented instructions, subject to the terms of the Agreement; or (c) comply with Applicable Law, provided Sterling has notified Client in advance of that Processing unless that notification is prohibited by Applicable Law. For the purposes of this section, where EU Law applies, Applicable Law is limited to EU Law. 4.7. Sterling shall maintain records of its Processing of Client PI in accordance with Applicable Law and Client instructions. Client acknowledges that once Client PI is Anonymized, Sterling can no longer maintain records of Processing activities. 5. Sub-Processing 5.1. Client hereby authorizes Sterling to use Sub-Processors, provided that: (a) Sterling shall provide the names of all Sub- Processors to Client on request; (b) Sterling shall sign a written agreement with each Sub-Processor that imposes obligations on that Sub-Processor that are no less stringent than those required of Sterling under Applicable Law, this DPA and Sterling’s BCRs; and (c) Sterling will not be relieved of any of its obligations under this DPA or its BCRs by engaging Sub-Processors. Page 7 of 13 5.2. The following only apply when Sterling uses Sub-Processors to Process Client PI that is subject to EU Law: (a) if Client notifies Sterling of an objection to Processing by a Sub-Processor, Sterling shall not permit further Processing by that Sub-Processor; (b) Client’s objection to Processing by a Sub-Processor will be deemed to be Client’s waiver of Sterling’s obligation to perform Services that Sterling would ordinarily perform using that Sub-Processor; (c) if Client has not explicitly objected to a Sub- Processor, Client’s request for Services that Sterling ordinarily performs using that Sub-Processor will be deemed to be Client’s approval of that Sub-Processor; (d) if Sterling adds or replaces a Sub-Processor, Sterling shall notify Client of the addition or replacement at least 30 calendar days before the new Sub-Processor begins Processing Client PI; (e) Client’s failure to object to a new Sub-Processor within 30 calendar days of Sterling’s notification will be deemed to be Client’s authorization for Sterling to use that Sub-Processor; and (f) notwithstanding the other provisions in this section, Sterling may add or replace a Sub-Processor immediately upon notice to Client if it is necessary to ensure business continuity and recovery in case of emergency, except as prohibited by Applicable Law. 6. Cross-Border Data Transfers 6.1. Client acknowledges and authorizes the following: (a) Sterling stores Client PI in United States, Canada and Ireland; (b) Sterling operates in, and may acce ss Client PI from Canada, India, the Philippines, the United Kingdom, and the United States; (c) Sterling may add additional locations for storage or Processing of Client PI after giving reasonable advance notice to Client; (d) the nature of the Services may require Sterling to transfer data to third parties or Sub-Processors located in other countries; and (d) notwithstanding any restriction to these cross-border data transfers to which the parties have agreed, Sterling may transfer data across borders if it is necessary to ensure business continuity and recovery in case of emergency, except as prohibited by Applicable Law. 6.2. Sterling and Client shall cooperate to ensure that appropriate notice to Data Subjects and safeguards or other legal mechanisms for cross-border data transfers are in place as required by Applicable Law. 6.3. If Sterling Processes Client PI that is subject to EU Law and transfers that Client PI outside the European Adequate Protection Area, then Client may opt for the application of Sterling’s BCRs to that Client PI, in which case: (a) Client may enforce the BCRs against the Sterling Signer, any Sterling Affiliate, or, where permitted under Applicable Law, a Sub-Processor; (b) Sterling UK Limited (or another Sterling Affiliate, at Sterling’s discretion and upon notice to Client) is responsible for Sterling Affiliates’ and Sub-Processors’ compliance, and liable for their non-compliance, with the BCRs; (c) Client shall notify Data Subjects if Client PI that is designated as sensitive or a special category of data under EU Law is transferred under the BCRs, and that the Client PI is transferred to Sterling as a data processor under the BCRs. 6.4. If Sterling Processes Client PI that is subject to EU Law, transfers that Client PI outside the European Adequate Protection Area, and Sterling’s BCRs do not apply, then Client: (a) shall sign SCCs between Client and all Sterling Affiliates located outside of the European Adequate Protection Area; and (b) hereby waives any provision of the Agreement that excludes or prohibits an agency relationship between the parties and appoints Sterlin g as its agent to sign SCCs between Client and Sub-Processors outside of the European Adequate Protection Area that Process Client PI. If Sterling executes SCCs on Client’s behalf, Sterling shall include language similar to the following in those SCCs: “The EU Standard Contractual Clauses are entered into between Sterling’s customers, which have authorized Sterling to enter into these Clauses in their name and on their behalf, as data exporters, and [name of Sub-Processor], as data importer.” Sterling shall promptly provide copies of SCCs signed under this section to Client for approval and notification to Authorities, where applicable. 6.5. If Sterling transfers Client PI that is subject to EU Law outside of the European Adequate Protection Area and that transfer is not safeguarded by BCRs or SCCs, then Sterling shall only transfer that Client PI outside of the European Adequate Protection Area with Client’s prior written consent. 6.6. If EU Law applies, Client’s request for Services that require the transfer of Client PI to collect or verify information about a Data Subject’s current or past residence, education or professional activities outside of the European Adequate Protection Area will be deemed to be Client’s prior written consent for that transfer. Unless Client determines that another mechanism or derogation under EU Law applies, Sterling and Client shall cooperate to obtain the Data Subject’s prior explicit and informed consent for transfers described in this section. 7. Security Controls 7.1. Sterling shall implement, maintain and enforce Programs that contain appropriate administrative, technical and physical measures designed to protect the security, integrity, confidentiality and availability of Client PI and protect Client PI against a Data Incident, considering the likelihood and severity of a potential Data Incident. Sterling shall review and, if appropriate, update these measures periodically to comply with Applicable Law. Sterling shall regularly test these measures for effectiveness. 7.2. General information about the Programs at the Effective Date is in Annex 1. Sterling shall provide detailed documentation of the Programs to Client on request and shall notify Client in advance before degrading the level of protection set out in the Programs. Information Sterling provides to Client about the Programs, including the text of Annex 1, does not create rights or obligations between the parties. 8. Data Incidents Page 8 of 13 8.1. Sterling shall implement and maintain a Data Incident response protocol and provide documentation of that protocol to Client on request. 8.2. In the event of a Data Incident, Sterling shall notify Client without undue delay and take all reasonable steps to investigate and resolve the Data Incident and provide a comprehensive report to Client on that investigation and resolution. 8.3. If Applicable Law requires notification of a Data Incident to Authorities or Data Subjects, or provision of any remediation services including without limitation credit or identity monitoring, then Sterling shall, where permitted by Applicable Law, carry out that notification or provide those services if either of the following is true: (a) Client instructs Sterling to do so; or (b) the Data Incident affects both Client PI and PI that does not belong to Client, and Sterlin g has notified Client that it intends to do so. 8.4. Sterling shall bear the costs of investigation, notification and remediation services that Sterling carries out, procures or provides, except to the extent that the Data Incident is caused or aggravated by Client’s act or omission. 9. Data Retention and Destruction 9.1. Client hereby instructs Sterling to retain Client PI as necessary to comply with its Retention Obligations. Sterling shall provide details of its Retention Obligations to Client on request. 9.2. Once Retention Obligations are met, subject to the delay required to comply with section 9.4, Sterling shall Anonymize Client PI upon the earlier of either: (a) Client’s instruction; or (b) termination or expiration of the Agreement. On Client’s request, Sterling shall certify in writing to Client that it has Anonymized Client PI. 9.3. Notwithstanding anything to the contrary in this DPA or the Agreement, the parties agree that Sterling does not intend, and makes no guarantee, to retain Client PI for more than seven yea rs after the date Sterling received it. Client hereby authorizes Sterling to Anonymize Client PI after that time has passed. 9.4. Upon termination or expiration of the Agreement or before Sterling Anonymizes Client PI, whichever is earlier, Sterling shall either: (a) give Client a reasonable opportunity to retrieve Client PI from Sterling’s systems; or (b) provide Client PI to Client in a machine-readable format, subject to additional charge at Sterling’s discretion if permitted by law. 10. Audit and Inspection 10.1. On Client’s request, Sterling shall make available to Client all information reasonably necessary to demonstrate Sterling’s compliance with this DPA, the Programs and Applicable Law. 10.2. At Client’s sole expense, Client or another party of Client’s choosing may conduct an audit of Sterling’s compliance with this DPA, the Programs and Applicable Law, provided that: (a) Client shall not request more than one audit per calendar year, except as otherwise stated in this DPA; (b) Client shall give Sterling reasonable notice of an audit, shall ensure that the audit is conducted at a mutually agreeable time, and shall ensure that the audit does not unreasonably interfere with Sterling’s operations; and (c) Access to Sterling’s facilities and confidential information will be subject to Sterling’s policies and reasonable confidentiality provisions. 10.3. If, during an audit, Client discovers non-compliance with this DPA, the Programs or Applicable Law, Client and Sterling shall work in good faith to agree on a remediation plan, which Sterling shall carry out. 10.4. Subject to the requirements and limitations in 10.2(b) and 10.2(c), Client may conduct: (a) one additional audit in each calendar year in response to each Data Incident; and (b) additional audits as may be reasonably necessary to comply with Article 28(3)(h) GDPR, where applicable. 10.5. Notwithstanding anything to the contrary in this DPA or the Agreement, audits of Amazon Web Services’ Processing of Client PI will be subject to Sterling’s agreement with Amazon Web Services and will not be subject to this DPA or the Agreement. Sterling shall provide to Client the audit terms in Sterling’s agreement with Amazon Web Services upon Client’s request. 11. Data Subjects’ Rights 11.1. Client shall provide a notice or disclosure to, and, if necessary, collect consent or authorization from Data Subjects for the transfer of Client PI to Sterling and the Processing of Client PI by Sterling as required by Applicable Law. Sterling may make available to Client its systems or sample text for these purposes. Client acknowledges that its use of Sterling’s systems or sample text does not relieve Client of its responsibility for compliance with notice, disclosure, authorization and consent provisions in Applicable Law. 11.2. Client hereby instructs Sterling to respond on Client’s behalf to Data Subjects who communicate with Sterling directly or are referred to Sterling by Client to: (a) inquire about PI in Sterling’s custody; (b) inquire about Sterling’s Processing of PI; or (c) exercise the Data Subject’s rights to access or rectify PI in Sterling’s custody. Sterling shall respond to these communications in accordance with Applicable Law. Notwithstanding anything to the contrary in this DPA or the Agreement, Sterling is not required to notify Client of these communications but may do so at its discretion and shall inform Client of the existence, content, and handling of these communications on Client’s request. Page 9 of 13 12. GDPR Liability 12.1. Notwithstanding any limitation of liability provisions in the Agreement, each party shall indemnify the other party against a GDPR Compensation Claim in accordance with the indemnifying party’s part of responsibility for the damage giving rise to the GDPR Compensation Claim, subject to the following: (a) the party seeking indemnification must notify the indemnifying party without undue delay upon becoming aware that a GDPR Compensation Claim has been or may be made; (b) the party seeking indemnification must take all reasonable measures to minimize the risk, and amount, of a GDPR Compensation Claim; and (c) the party seeking indemnification must reasonably cooperate with the indemnifying party to defend against or otherwise respond to the GDPR Compensation Claim in a mutually acceptable way. 12.2. If either party is held liable, individually or jointly with a third party, for a GDPR Fine, then that party shall ensure that fine is paid and shall not seek, and will not be entitled to recover, indemnity from the other party, notwithstanding any provision to the contrary in the Agreement or this DPA. Page 10 of 13 ANNEX 1 – PROGRAM INFORMATION I. Introduction Sterling takes significant measures to ensure the security and privacy of data in our custody. From encrypted databases and communication links, to regular review of information handling processes through Privacy Impact Assessments and ongoing security monitoring, Sterling takes all appropriate technical and organizational measures to safely and responsibly store, transmit, and process information. A world-class, comprehensive privacy policy that applies to all personal information, as well as a layered security strategy that includes technical, procedural, and quality controls, ensures that all data is handled in the way our clients and their applicants expect. II. Privacy Privacy Mission Statement Sterling is committed to the protection of individual privacy rights. We hold ourselves to the highest legal and ethical standard for compliance, and strive to be a privacy champion in the background screening industry. We value the trust placed in us by clients, colleagues and suppliers, and work to maintain that trust by building privacy protection into everything we do. Core Privacy Principles Accountability We are accountable for our privacy practices. We are responsible for safeguarding the personal information entrusted to us. Sterling has appointed a team of privacy professionals to ensure we comply with our Privacy Policy, the law, our contractual obligations and the rights of individuals. This team provides training and guidance on privacy matters and investigates concerns and complaints from colleagues, clients, individuals or government agencies. We take privacy concerns and complaints seriously and investigate and respond to them in good faith. Fairness and Transparency We handle personal information in line with individuals’ expectations and the law. We only collect and use personal information with the consent of the individual or where there is a legitimate purpose to do so. Individuals may withdraw consent for use of their personal information at any time. Proportionality We ensure that we collect, use and retain only the personal information we need for a specified purpose. We do this by observing a number of more specific principles: - Limiting Purposes: We do not use personal information for purposes that are incompatible with those that were identified when the information was first collected, unless the individual has consented to the new purpose or it is required by law. - Limiting Collection, Use and Disclosure: We avoid the collection, use and disclosure of personal information that is not necessary for the purposes we have identified, unless required by law. - Retention: We retain personal information long enough to fulfill the purpose for which it was originally collected, to fulfill our legal obligations, and to allow individuals to exercise their rights under the law. We securely destroy or anonymize personal information that we are no longer required to retain. Quality and Accuracy We take reasonable steps to ensure that personal information is accurate, complete and, where necessary, kept up to date. We collect personal information directly from individuals, through intermediaries such as our clients, and from third parties. While we are not responsible for the accuracy of information held or provided by others, we have robust procedures in place to ensure personal information is recorded faithfully in our system and any errors are corrected promptly. Security We ensure personal information in our custody is kept secure. We take the necessary technical and organizational measures to ensure personal information is secured against accidental access, destruction, loss, modification or disclosure, and take appropriate steps to reduce or eliminate harm in case of a breach. We do not transfer personal information to third parties or overseas when it is prohibited by law. When it is permitted to transfer personal information, we ensure that it continues to benefit from the protections afforded by our Privacy Policy and the laws that apply where it was collected. Page 11 of 13 Individual Participation We help individuals understand and exercise their legal rights with respect to the personal information entrusted to us. All individuals have the right to know whether we hold personal information about them and, if we do, how it has been or will be used and disclosed. They have a right to access personal information about themselves upon request, with reasonable limitations as provided by law. Individuals have the right to dispute the accuracy of their personal information and, if their dispute is successful, have their information updated as appropriate. We inform individuals about their rights upon request and as required by law, and take reasonable steps to assist them in exercising those rights. Privacy by Design We build privacy into everything we do. We subscribe to the concept of Privacy by Design. This means that we take a proactive approach to privacy. Rather than trying to fix privacy problems as they come up, we aim to prevent them entirely. Before a new system, product or procedure is developed, or an existing one is modified, we carefully review any effect it may have on personal information to ensure these Core Privacy Principles are upheld. Privacy Audits All Sterling business units and functional areas that collect, use, disclose or store personal information are subject to annual internal audits for compliance with our Core Privacy Principles, as well as occasional spot checks in case of complaints or incidents. Privacy audit results and evidence documentation are centrally managed by our privacy team. III. Information Security: SterlingONE and Screening Direct Platforms External Infrastructure Security in all aspects of its operations, focusing not only on external systems but internal systems as well. Sterling employs industry best practices in our software development processes, change management processes and infrastructure management processes The Sterling application infrastructure follows best practice designs in ensuring the security of the web application environment. After authentication to access the Sterling application, all transactions are carried over a 128-bit encrypted connection to the web server, and application communications take place over a secure VLAN on the internal network. All data is stored in an encrypted database on fault tolerant storage. This design allows for full confidentiality of all data by ensuring encryption while in transit between systems, as well as while it is at rest in our secured data center. Internal Infrastructure Sterling is committed to Information. Maintaining the integrity of the production operational environments is one of the primary focuses. To achieve that goal, the development, quality, and production environments are segregated from each other using both firewall and network segmentation technologies. This ensures that application developers can neither impact, nor access, the data and applications contained within the secured production segments. Technology Operations In the customer operations environment, Sterling has implemented a robust and secure architecture that ensures continuing security and confidentiality of all data. By leveraging virtualization technology, secure application environments and strong physical security controls, Sterling has built an environment that protects all of the data under our control from loss. When the time comes to return data to our clients, Sterling takes the same measure of care that we take in protecting the data while under our control. Sterling employs desktop protection that prevents copying of protected information, and uses data loss prevention technology on outbound systems that is able to ensure that sensitive data is encrypted when being returned to our customers. This same technology monitors the transmission of sensitive data, and allows us to monitor abnormal behavior. Disaster Recovery To ensure maximum availability for Sterling’s applications, Sterling maintains multiple data centers in an active/ standby relationship. The primary data center is responsible for normal operations, and in the event of a disaster, the alternate data center is on hot standby and ready to assume processing within a matter of hours. Security Audits To complement and verify our set of security controls, Sterling undergoes three different audits with external auditors each year. External auditors perform a network perimeter security assessment, an application penetration test and a physical security assessment at our key facilities. The results of these audits are then fed back into our Information Security Management System (ISMS). The Sterling ISMS is the set of processes used when assessing our compliance with the ISO 27001/27002 set of controls. Sterling is an ISO 27001 certified organization. This means that an independent auditor, who has been accredited by the International Organization for Standardization (ISO), audits our compliance with our documented ISMS in conjunction with the ISO 27001/27002 controls and certifies our compliance with that standard. Page 12 of 13 IV. Information Security: BackCheck Platform External Infrastructure The Sterling application infrastructure follows best practice designs in ensuring the security of the web application environment. After authentication to access the Sterling application, all transactions are carried over a 128-bit encrypted connection to the Web server, and application communications take place over a secure VLAN on the internal network. All data is stored in an encrypted database on fault tolerant storage. This design allows for full confidentiality of all data by ensuring encryption while in transit between systems, as well as while it is at rest in our secured data centre. Internal Infrastructure Sterling is committed to Information Security in all aspects of its operations, focusing not only on external systems but internal systems as well. Sterling employs industry best practices in our software development processes, change management processes, and infrastructure management processes. Maintaining the integrity of the production operational environments is one of the primary focuses. To achieve that goal, the development, quality, and production environments are segregated from each other using both firewall and network segmentation technologies. This ensures that application developers can neither impact nor access the data and applications contained within the secured production segments. Technology Operations In the customer operations environment, Sterling has implemented a robust and secure architecture that ensures continuing security and confidentiality of all data. By leveraging virtualization technology, secure application environments, and strong physical security controls, Sterling has built an environment that protects all of the data under our control from loss. When the time comes to return data to our clients, Sterling takes the same measure of care that we take in protecting the data while under our control. Sterling employs desktop protection that prevents copying of protected information, and uses data loss prevention technology on outbound systems that is able to ensure that sensitive data is encrypted when being returned to our customers. This same technology monitors for the transmission of sensitive data and allows us to monitor for abnormal behaviour. Disaster Recovery Sterling has a continuity plan in case of interruption of service for any uncontrollable event that would render our primary operations centre ineffective. We are confident in the seamless continuity of operations in the event of any emergency situation. Sterling’s data is maintained by TELUS in a state-of-the-art facility that is designed to preserve and protect data in the event of any potential disaster. By harnessing industry leading technology, Sterling ensures optimal disaster recovery coordination. Security Audits To complement and verify our set of security controls, Sterling undergoes two different audits with external auditors each year: a network perimeter security assessment and an application penetration test. The results of these audits are then fed back into our Information Security Management System (ISMS). V. Privacy and Security Training and Enforcement All Sterling employees are required to complete several Privacy and Information Security training modules at the beginning of employment and annually thereafter. Training programs are tailored to job function and explain the importance and application of information security controls, the Core Privacy Principles and how to recognize and respond to incidents of non-compliance or potential breach. Each training module is followed by a short quiz to ensure understanding. Non-compliance with privacy and security policies results in disciplinary action and retraining or, in some cases, termination of employment. VI. Incident Response While privacy or data security incidents are rare, Sterling takes any report or suspicion of an incident seriously. A privacy incident is the unauthorized access, use or disclosure of personal information; an information security incident is a threat to the secure and effective operations of our network or IT infrastructure. We have a detailed incident response protocol that ensures rapid containment and analysis of an incident, appropriate notification to clients and affected individuals, risk mitigation measures where personal information has been compromised, and compliance with any legal obligations that may arise as a result of the incident. In the wake of any privacy or security incident, we will conduct and document a full evaluation of the causes and contributing factors and implement appropriate changes to systems and processes to avoid a reoccurrence. VII. Legal Compliance Sterling systems, policies and procedures are designed to meet or exceed all requirements set out in data protection, privacy and consumer reporting laws in all jurisdictions in which we operate. Some examples include the Personal Information Protection an d Electronic Documents Act (PIPEDA) and similar provincial legislation in Canada, the General Data Protection Regulation (GDPR) and related member state laws in the European Union, and the Fair Credit Reporting Act (FCRA) and similar state laws in the United States. Page 13 of 13 ANNEX 2 – TYPES OF CLIENT PERSONAL INFORMATION Sterling may Process the following types of Client Personal Information under the Agreement: ƒ Identification information ƒ Copies of identity documents ƒ Phone and email contact information ƒ Current and past addresses and proof of address ƒ Right to work, immigration status and work permit information ƒ Education history and qualifications ƒ Employment or volunteering history, including, where applicable, fiduciary or directorship responsibilities ƒ Gap or travel activities ƒ Personal and Professional references ƒ Professional qualifications and registrations with professional bodies ƒ Publicly sourced information (e.g. media or online information) ƒ Driver’s license and status, including driver history and expiration date ƒ Opinions about Data Subjects from references they have provided ƒ Civil court records Sterling may also Process the following types of Client Personal Information that may be considered “sensitive” or “special categories” under Applicable Law: ƒ Government-issued or financial identification numbers ƒ Date of birth ƒ Place of birth ƒ Sex ƒ Sanctions with professional bodies ƒ Criminal history ƒ Financial information such as credit history, bankruptcy, financial judgments or tax information ƒ Appearance on global sanctions or terrorist watch lists ƒ Driving records, penalties and restrictions BACKGROUND SCREENING REQUIREMENTS ADDENDUM (FCRA) In connection with the Service Agreement (“Agreement”) by and between Sterling Infosystems, Inc. dba Sterling (“Sterling”) and _________________ (“End User” or “Client“), Sterling will furnish End User with Screening Reports conditioned upon End User’s compliance with its obligations set forth below (and in the Agreement). This Background Screening Requirements Addendum (this “Addendum”) is incorporated into and made part of the Agreement. Capitalized terms used but not defined in this Addendum shall have the meanings ascribed to them in the Agreement. 1. FCRA Certification. To the extent that End User is located in the United States and/or End User’s procurement and/or use of Screening Reports is subject to the FCRA, End User certifies that it will do the following: 1.1. Permissible Purpose. End User hereby certifies that all of its orders for Screening Reports from Sterling shall be made, and the resulting reports shall be used for employment purposes, as defined in the FCRA, including evaluating a consumer for employment, promotion, reassignment or retention as an employee, where the consumer has given prior written permission. 1.2. Compliance with Laws. End User shall comply with all federal (including, without limitation, the FCRA), state, local, and international laws and regulations applicable to End User in connection with its procurement and use of Screening Reports furnished by Sterling. 1.3. Receipt of Required Notices. End User acknowledges that it has received and reviewed a copy of the notices titled (i) Notice to Users of Consumer Reports: Obligations of Users Under the Fair Credit Reporting Act (“Notice to Users”), which explains End User’s obligations under the FCRA as a user of consumer information and a copy of which is attached hereto as Exhibit A-1, and (ii) A Summary of Your Rights Under the Fair Credit Reporting Act , a copy of which is attached hereto as Exhibit A- 2. End User certifies that it will comply with all applicable provisions of Notice to Users. 1.4. Disclosure and Authorization. End User agrees and certifies that prior to procurement or causing the procurement of a consumer report for employment purposes: (a) A clear and conspicuous disclosure has been made in writing to the consumer, in a document that consists of only the disclosure, explaining that a consumer report may be obtained for employment purposes and such disclosure satisfied all of the requirements of the FCRA as well as any applicable state or local laws; and (b) The consumer has authorized in writing the procurement of the report by End User. 1.5. Investigative Consumer Reports. In addition to the disclosure and authorization requirements in Section 1.4 above, End User agrees and certifies that prior to procurement or causing the procurement of an investigative consumer report for employment purposes: (a) It has been clearly and accurately disclosed to the consumer that an investigative consumer report including information as to the consumer’s character, general reputation, personal characteristics and/or mode of living may be made; and (b) Such disclosure (i) is made in a writing mailed, or otherwise delivered, to the consumer, not later than three days after the date on which the report was first requested, (ii) contains a statement informing the consumer of his/her right to request a complete and accurate disclosure of the nature and scope of the requested investigation and his/her right to request a copy of the rights of the consumer under the FCRA titled A Summary of Your Rights Under the Fair Credit Reporting Act, and (iii) satisfied all of the requirements of the FCRA as well as any applicable state or local laws. If the consumer makes a request within a reasonable time after his/her receipt of the required disclosure, End User certifies that it shall make a complete and accurate disclosure of the investigation requested. Such disclosure shall be made in a writing mailed, or otherwise delivered, to the consumer not later than five (5) days after the date on which the request for such disclosure was received from the consumer or such report was first requested, whichever is the later. 1.6. Adverse Action. Pursuant to the FCRA and, where applicable, state and local laws and regulations, before taking any adverse action based in whole or in part on a Screening Report, End User must adhere to certain obligations. At a minimum, in using a Screening Report for employment purposes, before taking any adverse action based in whole or in part on the Screening Report, End User shall provide to the consumer to whom the Screening Report relates: (a) A pre-adverse action notice/letter stating that End User is considering taking adverse action; (b) A copy of the full and complete Screening Report; (c) A copy of the notice titled A Summary of Your Rights Under the Fair Credit Reporting Act and any applicable state summary of rights; (d) A reasonable opportunity of time to correct any erroneous information contained in the Screening Report; and (e) Contact information for Sterling. If End User thereafter takes adverse action, End User shall also provide a final adverse action notice to the consumer to whom the Screening Report relates. Such notice shall comply with all applicable laws, and shall include the name, address, and phone number of Sterling; a statement that Sterling did not make the decision to take the unfavorable action and cannot give specific reasons for it; and a notice of the person's right to dispute the accuracy or completeness of any information Sterling furnished, and to get an additional free report from Sterling if the person asks for it within 60 days. 1.7. Equal Employment Opportunity. End User further certifies that information from any Screening Report will not be used in violation of any applicable federal or state equal opportunity law or regulation. 1.8. Continuing Certification. End User certifies that each and every time it requests a Screening Report regardless of ordering mechanism, it is at the time that the order is place reaffirming its certifications herein, including without limitation, Section 1.4 above. 1.9. Required Certification Updates. If Sterling determines, in Sterling’s sole discretion, that regulatory or industry changes require updates to the Employer Certification in this Section 1, Sterling retains the right to request and require additional documentation and certifications from End User. End User understands that any failure to cooperate with reasonable requests for such documentation and certifications may constitute grounds for immediate suspension of the Services and termination of the Agreement. 2. State Certifications. 2.1. California Certification. End User hereby certifies that, under the Investigative Consumer Reporting Agencies Act (“ICRAA”), California Civil Code Sections 1786 et seq., and the Consumer Credit Reporting Agencies Act (“CCRAA”), California Civil Code Sections 1785.1 et seq., to the extent End User is located in the State of California, and/or End User’s request for and/or use of Screening Reports pertains to a California resident or worker, End User will do the following: 2.1.1. Request and use Screening Reports solely for permissible purpose(s) identified under California Civil Code Sections 1785.11 and 1786.12. 2.1.2. When, at any time, a Screening Report is sought for employment purposes other than suspicion of wrongdoing or misconduct by the consumer who is the subject of the investigation, provide a clear and conspicuous disclosure in writing to the consumer, which solely discloses: (i) that an investigative Screening Report may be obtained; (ii) the permissible purpose of the investigative Screening Report; (iii) that information on the consumer’s character, general reputation, personal characteristics and mode of living may be disclosed; (iv) the name, address, and telephone number of Sterling; and (v) the nature and scope of the investigation requested, including a summary of the provisions of California Civil Code Section 1786.22. 2.1.3. When, at any time, a Screening Report is sought for employment purposes other than suspicion of wrongdoing or misconduct by the consumer who is the subject of the investigat ion, only request a Screening Report if the applicable consumer has authorized in writing the procurement of the Screening Report. 2.1.4. Provide the consumer a means by which he/she may indicate on a written form, by means of a box to check, that the consumer wishes to receive a copy of any Screening Report that is prepared. 2.1.5. If the consumer wishes to receive a copy of the Screening Report, send (or contract with another entity to send) a copy of the Screening Report to the consumer within three business days of the date that the Screening Report is provided to End User. The copy of the Screening Report shall contain the name, address, and telephone number of the person who issued the report and how to contact him/her. 2.1.6. Under all applicable circumstances, comply with California Civil Code Sections 1785.20 and 1786.40 if the taking of adverse action is a consideration, which shall include, but may not be limited to, advising the consumer against whom an adverse action has been taken that the adverse action was based in whole or in part upon information contained in the Screening Report, informing the consumer in writing of Sterling’s name, address, and telephone number, and provide the consumer with a written notice of his/her rights under the ICRAA and the CCRAA. 2.1.7. Comply with all other requirements under applicable California law, including, but not limited to any statutes, regulations and rules governing the procurement, use and/or disclosure of any Screening Reports, including, but not limited to, the ICRAA and the CCRAA. 2.2. Vermont Certification. In addition to the Notice to Users, if End User is a user of Vermont Screening Reports, End User certifies that it will comply with the applicable provisions of Vermont law, including, without limitation, Section 2480e of the Vermont Fair Credit Reporting Statute. End User further certifies that it has received a copy of Section 2480e of the Vermont Fair Credit Reporting Statute, attached hereto as Exhibit A-3. 3. General Use Requirements. End User further certifies that: 3.1. It will use each Screening Report only for a one-time use and will request Screening Reports only for End User’s exclusive use, except to the extent that disclosure to others is required by law. 3.2. It shall provide access to Screening Reports provided by Sterling only to employees, agents and representatives of End User who fully review and understand End User’s obligations under the FCRA and the Agreement and who agree to comply with those obligations. 3.3. It shall ensure that its users do not request and/or obtain Screening Reports on themselves, coworkers, employees, family members or friends unless it is in connection with a legitimate business transaction and procured in accordance with the terms of this Addendum. 3.4. It shall hold the Screening Reports in strict confidence. End User shall maintain all Screening Reports in a secure and confidential manner and shall follow all applicable laws relating to storage and dissemination of information. Furthermore, End User shall dispose of any Screening Reports and any other documentation containing personally identifiable information received from Sterling in accordance with applicable law, including without limitation, the FACTA Disposal Rules. 3.5. End User shall implement and maintain a comprehensive information security program that contains administrative, technical, and physical safeguards that are appropriate to the End User’s size and complexity, the nature and scope of its activities, and the sensitivity of the information provided to End User by Sterling; and that such safeguards shall be reasonably designed to (i) ensure the security and confidentiality of the information provided by Sterling, (ii) protect against any anticipated threats or hazards to the security or integrity of such information, and (iii) protect against unauthorized access to or use of such information that could result in substantial harm or inconvenience to any consumer. Such safeguards shall include, at a minimum, the requirements contained in Exhibit B to this Agreement (“Access Security Requirements”). 3.6. It shall retain copies of all written authorizations and disclosures and any reports it receives from Sterling for a period of five (5) years and will make such reports available to Sterling upon request. 3.7. It shall not resell, sublicense, deliver, display, use for marketing purposes or otherwise distribute any Screening Reports provided by Sterling to any third party. ANY PERSON WHO WILLFULLY AND KNOWINGLY OBTAINS, RESELLS, TRANSFERS, OR USES INFORMATION IN VIOLATION OF LAW MAY BE SUBJECT TO CRIMINAL CHARGES AND/OR LIABLE TO ANY INJURED PARTY FOR TREBLE DAMAGES, REASONABLE ATTORNEY’S FEES AND COSTS. OTHER CIVIL AND CRIMINAL LAWS MAY ALSO APPLY 3.8. It understands that THE FCRA PROVIDES THAT ANY PERSON WHO KNOWINGLY AND WILLFULLY OBTAINS INFORMATION ON A CONSUMER FROM A CONSUMER REPORTING AGENCY UNDER FALSE PRETENSES SHALL BE FINED UNDER TITLE 18 OF THE UNITED STATES CODE OR IMPRISONED NOT MORE THAN TWO YEARS, OR BOTH. 4. Product-Specific Requirements. 4.1. SSN Trace. If Screening Reports include Social Security Number Trace (“SSN Trace”), End User shall not use Social Security Number trace results in any way, directly or indirectly, for the purpose of making employment decisions. End User also confirms that it will not use Social Security Number trace information in any way that would violate the privacy obligations or any other terms and provisions of the Gramm–Leach-Bliley Act (15 U.S.C 6801 et seq.) or the Federal Drivers Privacy Protection Act (18.U.S.C. Section 2721 et seq.) or any other similar U.S. state or local statute, rule or regulation. 4.2. U.S. MVRs. If Screening Reports include United States motor vehicle reports (“MVRs”), End User: 4.2.1. Shall comply with the Drivers Privacy Protection Act (“DPPA”) and any applicable state laws. 4.2.2. Shall be responsible for understanding and for staying current with all specific state forms, certificates of use or other documents or agreements including any changes, supplements or amendments thereto imposed by the states (collectively referred to as “Specific State Forms”) from which it will order MVRs. End User certifies that it will file all applicable Specific State Forms required by individual states. 4.2.3. Certifies that no MVRs shall be ordered without first obtaining the written consent of the data subject to obtain “driving records,” evidence of which shall be transmitted to Sterling in the form of the data subject’s signed release authorization form. End User also certifies that it will use this information only in the normal course of business (i) to obtain lawful information relating to the holder of a commercial driver’s license, or (ii) to verify information provided by a candidate or employee. End User shall protect the privacy of the information of the data subject in an MVR and shall not transmit any data contained in the resulting MVR via any unsecured means. 4.3. Massachusetts iCORI. To the extent End User is requesting Sterling to provide Massachusetts iCORI information: (i) End User notified the consumer in writing of, and received permission via a separate authorization for Sterling to obtain and provide CORI information to End User; (ii) End User is in compliance with all federal and state credit reporting statutes; (iii) End User will not misuse any CORI information provided in violation of federal or state equal employment opportunity laws or regulations; and (iv) End User will provide Sterling with a statement of the annual salary of the position for which the subject is screened. 4.4. Credit Reports. If Screening Reports include credit reports, End User: 4.4.1. Certifies that it will promptly notify Sterling of any change in its location, structure, ownership or control, including but not limited to the addition of any branch(es) that will be requesting and/or accessing credit reports. 4.4.2. Acknowledges and understands that credit bureaus may prohibit the following persons, entities and/or businesses from obtaining credit reports: adult entertainment service of any kind; asset location service; attorney or law firm engaged in the practice of law (unless engaged in collection or using the report in connection with a consumer bankruptcy pursuant to the written authorization of the consumer); bail bondsman (unless licensed by the state in which they are operating); child location service – company that locates missing children; credit counseling (except not-for-profit credit counselors); credit repair clinic; dating service; financial counseling (except a registered securities broker dealer or a certified financial planner); with respect to U.S. credit reports, foreign company or agency of a foreign government; genealogical or heir research firm; law enforcement agency; massage service; news agency or journalist; pawn shop; private detective, detective agency or investigative company; repossession company; subscriptions (magazines, book clubs, record clubs, etc.); tattoo service; time shares - company seeking information in connection with time shares (exception: financers of time shares); weapons dealer, seller or distributor. 5. Right to Audit. End User agrees to cooperate with any reasonable audit request by Sterling and/or a third-party data supplier of Sterling to assure compliance with the terms of this Addendum; provided that (i) Sterling shall give End User reasonable prior notice of any such audit; (ii) any such audit shall be subject to End User’s security policies and third-party confidentiality obligations, and (iii) Sterling shall conduct or cause to be conducted such audit in a manner designed to minimize disruption of End User's normal business operations. End User understands that any failure to cooperate with reasonable requests regarding an audit constitutes grounds for immediate suspension of the Services and termination of the Agreement. 6. Hold Harmless. End User agrees to indemnify and hold harmless Sterling, its suppliers, and their successors and assigns, and their current and former officers, directors, employees, and agents, both individually and in their official capacities from any liability and attorneys’ fees incurred due to End User’s violation of any of the terms of this Addendum or failure to comply with applicable law. Client: Signature: \s1\ Print Name: \n1\ Title: \t1\ Date: \d1\ EXHIBIT A-1 All users of consumer reports must comply with all applicable regulations. Information about applicable regulations currently in effect can be found at the Consumer Financial Protection Bureau’s website, www.consumerfinance.gov/learnmore. NOTICE TO USERS OF CONSUMER REPORTS: OBLIGATIONS OF USERS UNDER THE FCRA The Fair Credit Reporting Act (FCRA), 15 U.S.C. §1681-1681y, requires that this notice be provided to inform users of consumer reports of their legal obligations. State law may impose additional requirements. The text of the FCRA is set forth in full at the Consumer Financial Protection Bureau’s (CFPB) website at www.consumerfinance.gov/learnmore. At the end of this document is a list of United States Code citations for the FCRA. Other information about user duties is also available at CFPB’s website. Users must consult the relevant provisions of the FCRA for details about their obligations under the FCRA. The first section of this summary sets forth the responsibilities imposed by the FCRA on all users of consumer reports. The subsequent sections discuss the duties of users of reports that contain specific types of information, or that are used for certain purposes, and the legal consequences of violations. If you are a furnisher of information to a consumer reporting agency (CRA), you have additional obligations and will receive a separate notice from the CRA describing your duties as a furnisher. I. OBLIGATIONS OF ALL USERS OF CONSUMER REPORTS A. Users Must Have a Permissible Purpose Congress has limited the use of consumer reports to protect consumers’ privacy. All users must have a permissible purpose under the FCRA to obtain a consumer report. Section 604 contains a list of the permissible purposes under the law. These are: x As ordered by a court or a federal grand jury subpoena. Section 604(a)(1) x As instructed by the consumer in writing. Section 604(a)(2) x For the extension of credit as a result of an application from a consumer, or the review or collection of a consumer’s account. Section 604(a)(3)(A) x For employment purposes, including hiring and promotion decisions, where the consumer has given written permission. Sections 604(a)(3)(B) and 604(b) x For the underwriting of insurance as a result of an application from a consumer. Section 604(a)(3)(C) x When there is a legitimate business need, in connection with a business transaction that is initiated by the consumer. Section 604(a)(3)(F)(i) x To review a consumer’s account to determine whether the consumer continues to meet the terms of the account. Section 604(a)(3)(F)(ii) x To determine a consumer’s eligibility for a license or other benefit granted by a governmental instrumentality required by law to consider an applicant’s financial responsibility or status. Section 604(a)(3)(D) x For use by a potential investor or servicer, or current insurer, in a valuation or assessment of the credit or prepayment risks associated with an existing credit obligation. Section 604(a)(3)(E) x For use by state and local officials in connection with the determination of child support payments, or modifications and enforcement thereof. Sections 604(a)(4) and 604(a)(5) In addition, creditors and insurers may obtain certain consumer report information for the purpose of making “prescreened” unsolicited offers of credit or insurance. Section 604(c). The particular obligations of users of “prescreened” information are described in Section VII below. B. Users Must Provide Certifications Section 604(f) prohibits any person from obtaining a consumer report from a consumer reporting agency (CRA) unless the person has certified to the CRA the permissible purpose(s) for which the report is being obtained and certifies that the report will not be used for any other purpose. C. Users Must Notify Consumers When Adverse Actions Are Taken The term “adverse action” is defined very broadly by Section 603. “Adverse actions” include all business, credit, and employment actions affecting consumers that can be considered to have a negative impact as defined by Section 603(k) of the FCRA – such as denying or canceling credit or insurance, or denying employment or promotion. No adverse action occurs in a credit transaction where the creditor makes a counteroffer that is accepted by the consumer. 1. Adverse Actions Based on Information Obtained From a CRA If a user takes any type of adverse action as defined by the FCRA that is based at least in part on information contained in a consumer report, Section 615(a) requires the user to notify the consumer. The notification may be done in writing, orally, or by electronic means. It must include the following: x The name, address, and telephone number of the CRA (including a toll-free telephone number, if it is a nationwide CRA) that provided the report. x A statement that the CRA did not make the adverse decision and is not able to explain why the decision was made. x A statement setting forth the consumer’s right to obtain a free disclosure of the consumer’s file from the CRA if the consumer makes a request within 60 days. x A statement setting forth the consumer’s right to dispute directly with the CRA the accuracy or completeness of any information provided by the CRA. 2. Adverse Actions Based on Information Obtained From Third Parties Who Are Not Consumer Reporting Agencies If a person denies (or increases the charge for) credit for personal, family, or household purposes based either wholly or partly upon information from a person other than a CRA, and the information is the type of consumer information covered by the FCRA, Section 615(b)(1) requires that the user clearly and accurately disclose to the consumer his or her right to be told the nature of the information that was relied upon if the consumer makes a written request within 60 days of notification. The user must provide the disclosure within a reasonable period of time following the consumer’s written request. 3. Adverse Actions Based on Information Obtained From Affiliates If a person takes an adverse action involving insurance, employment, or a credit transaction initiated by the consumer, based on information of the type covered by the FCRA, and this information was obtained from an entity affiliated with the user of the information by common ownership or control, Section 615(b)(2) requires the user to notify the consumer of the adverse action. The notice must inform the consumer that he or she may obtain a disclosure of the nature of the information relied upon by making a written request within 60 days of receiving the adverse action notice. If the consumer makes such a request, the user must disclose the nature of the information not later than 30 days after receiving the request. If consumer report information is shared among affiliates and then used for an adverse action, the user must make an adverse action disclosure as set forth in I.C.1 above. D. Users Have Obligations When Fraud and Active Duty Military Alerts are in Files When a consumer has placed a fraud alert, including one relating to identify theft, or an active duty military alert with a nationwide consumer reporting agency as defined in Section 603(p) and resellers, Section 605A(h) imposes limitations on users of reports obtained from the consumer reporting agency in certain circumstances, including the establishment of a new credit plan and the issuance of additional credit cards. For initial fraud alerts and active duty alerts, the user must have reasonable policies and procedures in place to form a belief that the user knows the identity of the applicant or contact the consumer at a telephone number specified by the consumer; in the case of extended fraud alerts, the user must contact the consumer in accordance with the contact information provided in the consumer’s alert. E. Users Have Obligations When Notified of an Address Discrepancy Section 605(h) requires nationwide CRAs, as defined in Section 603(p), to notify users that request reports when the address for a consumer provided by the user in requesting the report is substantially different from the addresses in the consumer’s file. When this occurs, users must comply with regulations specifying the procedures to be followed. Federal regulations are available at www.consumerfinance.gov/learnmore. F. Users Have Obligations When Disposing of Records Section 628 requires that all users of consumer report information have in place procedures to properly dispose of records containing this information. Federal regulations have been issued that cover disposal. II. CREDITORS MUST MAKE ADDITIONAL DISCLOSURES If a person uses a consumer report in connection with an application for, or a grant, extension, or provision of, credit to a consumer on material terms that are materially less favorable than the most favorable terms available to a substantial proportion of consumers from or through that person, based in whole or in part on a consumer report, the person must provide a risk-based pricing notice to the consumer in accordance with regulations prescribed by the CFPB. Section 609(g) requires a disclosure by all persons that make or arrange loans secured by residential real property (one to four units) and that use credit scores. These persons must provide credit scores and other information about credit scores to applicants, including the disclosure set forth in Section 609(g)(1)(D) (“Notice to the Home Loan Applicant”). III. OBLIGATIONS OF USERS WHEN CONSUMER REPORTS ARE OBTAINED FOR EMPLOYMENT PURPOSES A. Employment Other Than in the Trucking Industry If the information from a CRA is used for employment purposes, the user has specific duties, which are set forth in Section 604(b) of the FCRA. The user must: x Make a clear and conspicuous written disclosure to the consumer before the report is obtained, in a document that consists solely of the disclosure, that a consumer report may be obtained. x Obtain from the consumer prior written authorization. Authorization to access reports during the term of employment may be obtained at the time of employment. x Certify to the CRA that the above steps have been followed, that the information being obtained will not be used in violation of any federal or state equal opportunity law or regulation, and that, if any adverse action is to be taken based on the consumer report, a copy of the report and a summary of the consumer’s rights will be provided to the consumer. x Before taking an adverse action, the user must provide a copy of the report to the consumer as well as the summary of consumer’s rights (The user should receive this summary from the CRA.) A Section 615(a) adverse action notice should be sent after the adverse action is taken. An adverse action notice also is required in employment situations if credit information (other than transactions and experience data) obtained from an affiliate is used to deny employment. Section 615(b)(2). The procedures for investigative consumer reports and employee misconduct investigations are set forth below. B. Employment in the Trucking Industry Special rules apply for truck drivers where the only interaction between the consumer and the potential employer is by mail, telephone, or computer. In this case, the consumer may provide consent orally or electronically, and an adverse action may be made orally, in writing, or electronically. The consumer may obtain a copy of any report relied upon by the trucking company by contacting the company. IV. OBLIGATIONS WHEN INVESTIGATIVE CONSUMER REPORTS ARE USED Investigative consumer reports are a special type of consumer report in which information about a consumer’s character, general reputation, personal characteristics, and mode of living is obtained through personal interviews by an entity or person that is a consumer reporting agency. Consumers who are the subjects of such reports are given special rights under the FCRA. If a user intends to obtain an investigative consumer report, Section 606 requires the following: x The user must disclose to the consumer that an investigative consumer report may be obtained. This must be done in a written disclosure that is mailed, or otherwise delivered, to the consumer at some time before or not later than three days after the date on which the report was first requested. The disclosure must include a statement informing the consumer of his or her right to request additional disclosures of the nature and scope of the investigation as described below, and the summary of consumer rights required by Section 609 of the FCRA. (The summary of consumer rights will be provided by the CRA that conducts the investigation.) x The user must certify to the CRA that the disclosures set forth above have been made and that the user will make the disclosure described below. x Upon the written request of a consumer made within a reasonable period of time after the disclosures required above, the user must make a complete disclosure of the nature and scope of the investigation. This must be made in a written statement that is mailed or otherwise delivered, to the consumer no later than five days after the date on which the request was received from the consumer or the report was first requested, whichever is later in time. V. SPECIAL PROCEDURES FOR EMPLOYEE INVESTIGATIONS Section 603(x) provides special procedures for investigations of suspected misconduct by an employee or for compliance with Federal, state or local laws and regulations or the rules of a self-regulatory organization, and compliance with written policies of the employer. These investigations are not treated as consumer reports so long as the employer or its agent complies with the procedures set forth in Section 603(x), and a summary describing the nature and scope of the inquiry is made to the employee if an adverse action is taken based on the investigation. VI. OBLIGATIONS OF USERS OF MEDICAL INFORMATION Section 604(g) limits the use of medical information obtained from consumer reporting agencies (other than payment information that appears in a coded form that does not identify the medical provider). If the information is to be used for an insurance transaction, the consumer must give consent to the user of the report or the information must be coded. If the report is to be used for employment purposes – or in connection with a credit transaction (except as provided in federal regulations) – the consumer must provide specific written consent and the medical information must be relevant. Any user who receives medical information shall not disclose the information to any other person (except where necessary to carry out the purpose for which the information was disclosed, or a permitted by statute, regulation, or order). VII. OBLIGATIONS OF USERS OF “PRESCREENED” LISTS The FCRA permits creditors and insurers to obtain limited consumer report information for use in connection with unsolicited offers of credit or insurance under certain circumstances. Sections 603(1), 604(c), 604(e), and 615(d). This practice is known as “prescreening” and typically involves obtaining from a CRA a list of consumers who meet certain preestablished criteria. If any person intends to use prescreened lists, that person must (1) before the offer is made, establish the criteria that will be relied upon to make the offer and grant credit or insurance, and (2) maintain such criteria on file for a three-year period beginning on the date on which the offer is made to each consumer. In addition, any user must provide with each written solicitation a clear and conspicuous statement that: x Information contained in a consumer’s CRA file was used in connection with the transaction. x The consumer received the offer because he or she satisfied the criteria for credit worthiness or insurability used to screen for the offer. x Credit or insurance may not be extended if, after the consumer responds, it is determined that the consumer does not meet the criteria used for screening or any applicable criteria bearing on credit worthiness or insurability, or the consumer does not furnish required collateral. x The consumer may prohibit the use of information in his or her file in connection with future prescreened offers of credit or insurance by contacting the notification system established by the CRA that provided the report. The statement must include the address and toll-free telephone number of the appropriate notification system. In addition, the CFPB has established the format, type size, and manner of the disclosure required by Section 615(d), with which users must comply. The relevant regulation is 12 CFR 1022.54. VIII. OBLIGATIONS OF RESELLERS A. Disclosure and Certification Requirements Section 607(e) requires any person who obtains a consumer report for resale to take the following steps: x Disclose the identity of the end-user to the source CRA. x Identify to the source CRA each permissible purpose for which the report will be furnished to the end-user. x Establish and follow reasonable procedures to ensure that reports are resold only for permissible purposes, including procedures to obtain: (1) the identify of all end-users; (2) certifications from all users of each purpose for which reports will be used; and (3) certifications that reports will not be used for any purpose other than the purpose(s) specified to the reseller. Resellers must make reasonable efforts to verify this information before selling the report. B. Reinvestigations by Resellers Under Section 611(f), if a consumer disputes the accuracy or completeness of information in a report prepared by a reseller, the reseller must determine whether this is a result of an action or omission on its part and, if so, correct or delete the information. If not, the reseller must send the dispute to the source CRA for reinvestigation. When any CRA notifies the reseller of the results of an investigation, the reseller must immediately convey the information to the consumer. C. Fraud Alerts and Resellers Section 605A(f) requires resellers who receive fraud alerts or active duty alerts from another consumer reporting agency to include these in their reports. IX. LIABILITY FOR VIOLATIONS OF THE FCRA Failure to comply with the FCRA can result in state government or federal government enforcement actions, as well as private lawsuits. Sections 616, 617, and 621. In addition, any person who knowingly and willfully obtains a consumer report under false pretenses may face criminal prosecution. Section 619. _____________________________________________________________________________________________________________________________ The CFPB’s website, www.consumerfinance.gov/learnmore, has more information about the FCRA, including publications for businesses and the full text of the FCRA. Citations for FCRA sections in the U.S. Code, 15 U.S.C. § 1618 et seq.: Section 602 15 U.S.C. 1681 Section 603 15 U.S.C. 1681a Section 604 15 U.S.C. 1681b Section 605 15 U.S.C. 1681c Section 605A 15 U.S.C. 1681cA Section 605B 15 U.S.C. 1681cB Section 606 15 U.S.C. 1681d Section 607 15 U.S.C. 1681e Section 608 15 U.S.C. 1681f Section 609 15 U.S.C. 1681g Section 610 15 U.S.C. 1681h Section 611 15 U.S.C. 1681i Section 612 15 U.S.C. 1681j Section 613 15 U.S.C. 1681k Section 614 15 U.S.C. 1681l Section 615 15 U.S.C. 1681m Section 616 15 U.S.C. 1681n Section 617 15 U.S.C. 1681o Section 618 15 U.S.C. 1681p Section 619 15 U.S.C. 1681q Section 620 15 U.S.C. 1681r Section 621 15 U.S.C. 1681s Section 622 15 U.S.C. 1681s-1 Section 623 15 U.S.C. 1681s-2 Section 624 15 U.S.C. 1681t Section 625 15 U.S.C. 1681u Section 626 15 U.S.C. 1681v Section 627 15 U.S.C. 1681w Section 628 15 U.S.C. 1681x Section 629 15 U.S.C. 1681y EXHIBIT A-2 Para información en español, visite www.consumerfinance.gov/learnmore o escribe a la Consumer Financial Protection Bureau, 1700 G Street N.W., Washington, DC 20552. A Summary of Your Rights Under the Fair Credit Reporting Act The federal Fair Credit Reporting Act (FCRA) promotes the accuracy, fairness, and privacy of information in the files of consumer reporting agencies. There are many types of consumer reporting agencies, including credit bureaus and specialty agencies (such as agencies that sell information about check writing histories, medical records, and rental history records). Here is a summary of your major rights under FCRA. For more information, including information about additional rights, go to www.consumerfinance.gov/learnmore or write to: Consumer Financial Protection Bureau, 1700 G Street N.W., Washington, DC 20552. x You must be told if information in your file has been used against you. Anyone who uses a credit report or another type of consumer report to deny your application for credit, insurance, or employment – or to take another adverse action against you – must tell you, and must give you the name, address, and phone number of the agency that provided the information. x You have the right to know what is in your file. You may request and obtain all the information about you in the files of a consumer reporting agency (your “file disclosure”). You will be required to provide proper identification, which may include your Social Security number. In many cases, the disclosure will be free. You are entitled to a free file disclosure if: o a person has taken adverse action against you because of information in your credit report; o you are the victim of identity theft and place a fraud alert in your file; o your file contains inaccurate information as a result of fraud; o you are on public assistance; o you are unemployed but expect to apply for employment within 60 days. In addition, all consumers are entitled to one free disclosure every 12 months upon request from each nationwide credit bureau and from nationwide specialty consumer reporting agencies. See www.consumerfinance.gov/learnmore for additional information. x You have the right to ask for a credit score. Credit scores are numerical summaries of your credit-worthiness based on information from credit bureaus. You may request a credit score from consumer reporting agencies that create scores or distribute scores used in residential real property loans, but you will have to pay for it. In some mortgage transactions, you will receive credit score information for free from the mortgage lender. x You have the right to dispute incomplete or inaccurate information. If you identify information in your file that is incomplete or inaccurate, and report it to the consumer reporting agency, the agency must investigate unless your dispute is frivolous. See www.consumerfinance.gov/learnmore for an explanation of dispute procedures. x Consumer reporting agencies must correct or delete inaccurate, incomplete, or unverifiable information. Inaccurate, incomplete, or unverifiable information must be removed or corrected, usually within 30 days. However, a consumer reporting agency may continue to report information it has verified as accurate. x Consumer reporting agencies may not report outdated negative information. In most cases, a consumer reporting agency may not report negative information that is more than seven years old, or bankruptcies that are more than 10 years old. x Access to your file is limited. A consumer reporting agency may provide information about you only to people with a valid need – usually to consider an application with a creditor, insurer, employer, landlord, or other business. The FCRA specifies those with a valid need for access. x You must give your consent for reports to be provided to employers. A consumer reporting agency may not give out information about you to your employer, or a potential employer, without your written consent given to the employer. Written consent generally is not required in the trucking industry. For more information, go to www.consumerfinance.gov/learnmore. x You may limit “prescreened” offers of credit and insurance you get based on information in your credit report. Unsolicited “prescreened” offers for credit and insurance must include a toll-free phone number you can call if you choose to remove your name and address form the lists these offers are based on. You may opt out with the nationwide credit bureaus at 1-888-5-OPTOUT (1-888-567-8688). x The following FCRA right applies with respect to nationwide consumer reporting agencies: CONSUMERS HAVE THE RIGHT TO OBTAIN A SECURITY FREEZE You have a right to place a “security freeze” on your credit report, which will prohibit a consumer reporting agency from releasing information in your credit report without your express authorization. The security freeze is designed to prevent credit, loans, and services from being approved in your name without your consent. However, you should be aware that using a security freeze to take control over who gets access to the personal and financial information in your credit report may delay, interfere with, or prohibit the timely approval of any subsequent request or application you make regarding a new loan, credit, mortgage, or any other account involving the extension of credit. As an alternative to a security freeze, you have the right to place an initial or extended fraud alert on your credit file at no cost. An initial fraud alert is a 1-year alert that is placed on a consumer’s credit file. Upon seeing a fraud alert display on a consumer’s credit file, a business is required to take steps to verify the consumer’s identity before extending new credit. If you are a victim of identity theft, you are entitled to an extended fraud alert, which is a fraud alert lasting 7 years. A security freeze does not apply to a person or entity, or its affiliates, or collection agencies acting on behalf of the person or entity, with which you have an existing account that requests information in your credit report for the purposes of reviewing or collecting the account. Reviewing the account includes activities related to account maintenance, monitoring, credit line increases, and account upgrades and enhancements. x You may seek damages from violators. If a consumer reporting agency, or, in some cases, a user of consumer reports or a furnisher of information to a consumer reporting agency violates the FCRA, you may be able to sue in state or federal court. x Identity theft victims and active duty military personnel have additional rights. For more information, visit www.consumerfinance.gov/learnmore. States may enforce the FCRA, and many states have their own consumer reporting laws. In some cases, you may have more rights under state law. For more information, contact your state or local consumer protection agency or your state Attorney General. For information about your federal rights, contact: TYPE OF BUSINESS: CONTACT: 1.a. Banks, savings associations, and credit unions with total assets of over $10 billion and their affiliates b. Such affiliates that are not banks, savings associations, or credit unions also should list, in addition to the CFPB: a. Consumer Financial Protection Bureau 1700 G Street, N.W. Washington, DC 20552 b. Federal Trade Commission Consumer Response Center 600 Pennsylvania Avenue, N.W. Washington, DC 20580 (877) 382-4357 2. To the extent not included in item 1 above: a. National banks, federal savings associations, and federal branches and federal agencies of foreign banks b. State member banks, branches and agencies of foreign banks (other than federal branches, federal agencies, and Insured State Branches of Foreign Banks), commercial lending companies owned or controlled by foreign banks, and organizations operating under section 25 or 25A of the Federal Reserve Act. c. Nonmember Insured Banks, Insured State Branches of Foreign Banks, and insured state savings associations d. Federal Credit Unions a. Office of the Comptroller of the Currency Customer Assistance Group 1301 McKinney Street, Suite 3450 Houston, TX 77010-9050 b. Federal Reserve Consumer Help Center P.O. Box 1200 Minneapolis, MN 55480 c. FDIC Consumer Response Center 1100 Walnut Street, Box #11 Kansas City, MO 64106 d. National Credit Union Administration Office of Consumer Financial Protection (OCFP) Division of Consumer Compliance Policy and Outreach 1775 Duke Street Alexandria, VA 22314 3. Air carriers Asst. General Counsel for Aviation Enforcement & Proceedings Aviation Consumer Protection Division Department of Transportation 1200 New Jersey Avenue, S.E. Washington, DC 20590 4. Creditors Subject to the Surface Transportation Board Office of Proceedings, Surface Transportation Board Department of Transportation 395 E Street, S.W. Washington, DC 20423 5. Creditors Subject to the Packers and Stockyards Act, 1921 Nearest Packers and Stockyards Administration area supervisor 6. Small Business Investment Companies Associate Deputy Administrator for Capital Access United States Small Business Administration 409 Third Street, S.W., Suite 8200 Washington, DC 20416 7. Brokers and Dealers Securities and Exchange Commission 100 F Street, N.E. Washington, DC 20549 8. Federal Land Banks, Federal Land Bank Associations, Federal Intermediate Credit Banks, and Production Credit Associations Farm Credit Administration 1501 Farm Credit Drive McLean, VA 22102-5090 9. Retailers, Finance Companies, and All Other Creditors Not Listed Above Federal Trade Commission Consumer Response Center 600 Pennsylvania Avenue, N.W. Washington, DC 20580 (877) 382-4357 EXHIBIT A-3 Vermont Fair Credit Reporting Statute, 9 V.S.A. § 2480e (1999) § 2480e. Consumer consent (a) A person shall not obtain the credit report of a consumer unless: (1) the report is obtained in response to the order of a court having jurisdiction to issue such an order; or (2) the person has secured the consent of the consumer, and the report is used for the purpose consented to by the consumer. (b) Credit reporting agencies shall adopt reasonable procedures to assure maximum possible compliance with subsection (a) of this section. (c) Nothing in this section shall be construed to affect: (1) the ability of a person who has secured the consent of the consumer pursuant to subdivision (a)(2) of this section to include in his or her request to the consumer permission to also obtain credit reports, in connection with the same transaction or extension of credit, for the purpose of reviewing the account, increasing the credit line on the account, for the purpose of taking collection action on the account, or for other legitimate purposes associated with the account; and (2) the use of credit information for the purpose of prescreening, as defined and permitted from time to time by the Federal Trade Commission. ________________________________________________________________________________________________________________________________ VERMONT RULES *** CURRENT THROUGH JUNE 1999 *** AGENCY 06. OFFICE OF THE ATTORNEY GENERAL SUB-AGENCY 031. CONSUMER PROTECTION DIVISION CHAPTER 012. Consumer Fraud--Fair Credit Reporting RULE CF 112 FAIR CREDIT REPORTING CVR 06-031-012, CF 112.03 (1999) CF 112.03 CONSUMER CONSENT (a) A person required to obtain consumer consent pursuant to 9 V.S.A. §§ 2480e and 2480g shall obtain said consent in writing if the consumer has made a written application or written request for credit, insurance, employment, housing or governmental benefit. If the consumer has applied for or requested credit, insurance, employment, housing or governmental benefit in a manner other than in writing, then the person required to obtain consumer consent pursuant to 9 V.S.A. §§ 2480e and 2480g shall obtain said consent in writing or in the same manner in which the consumer made the application or request. The terms of this rule apply whether the consumer or the person required to obtain consumer consent initiates the transaction. (b) Consumer consent required pursuant to 9 V.S.A. §§ 2480e and 2480g shall be deemed to have been obtained in writing if, after a clear and adequate written disclosure of the circumstances under which a credit report or credit reports may be obtained and the purposes for which the credit report or credit reports may be obtained, the consumer indicates his or her consent by providing his or her signature. (c) The fact that a clear and adequate written consent form is signed by the consumer after the consumer's credit report has been obtained pursuant to some other form of consent shall not affect the validity of the earlier consent. EXHIBIT B ACCESS SECURITY REQUIREMENTS The parties acknowledge they must work together to protect the privacy of consumers. The following measures are designed to reduce unauthorized access of consumer reports. In accessing consumer information, End User agrees to implement and maintain the following measures: 1. All credentials such as user names/identifiers (user IDs) and user passwords must be kept confidential and must not be disclosed to an unauthorized party. End User agrees it will not discuss its Sterling credentials by telephone with any unknown caller, even if the caller claims to be an employee of End User or Sterling. 2. IT resources owned by the End User but used to access Sterling systems (“system access software”), whether developed by it or purchased from a third party vendor, will have End User’s Sterling account username and password information “hidden” or embedded and be known only by authorized personnel. End User will assign each user of any system access software a unique logon password to access the End User’s systems or networks. If such system access software is replaced by different access software and therefore no longer is in use or, alternatively, the hardware upon which such system access software resides is no longer being used or is being disposed of, or if the password has been compromised or believed to be compromised in any way, End User will change its password immediately. 3. Create a unique user ID for each user to enable individual authentication and accountability for access to Sterling’s infrastructure. Each use of the system access software must also have a unique logon password. 4. User IDs and passwords shall only be assigned to authorized individuals based on least privilege necessary to perform job responsibilities. 5. User IDs and passwords must not be shared, posted, or otherwise divulged in any manner. 6. Develop strong passwords that (i) contain a minimum of eight (8) alphanumeric characters for standard user accounts, and (ii) for interactive sessions (i.e. non system-to-system) ensure that passwords are changed periodically (every 90 days is recommended). 7. Passwords (e.g. subscriber code passwords, user password) must be changed immediately when (i) any system access software is replace by another system access software or is no longer used, and/or (ii) any suspicion of password being disclosed to an unauthorized party 8. Protect all passwords using, for example, encryption or a cryptographic hashing algorithm also known as “one-way” encryption. When using encryption, ensure that strong encryption algorithm are utilized (e.g. AES 256 or above). 9. Implement password protected screensavers with a maximum thirty (30) minute timeout to protect unattended workstations. Systems should be manually locked before being left unattended. 10. Terminate access rights immediately for users who access consumer information when those users are terminated or when they have a change in their job tasks an no longer require access to that consumer information. PRE-EMPLOYMENT BACKGROUND SCREENING, RELATED PRODUCTS AND SERVICES | AUGUST 15, 2019 2 Proprietary and Confidential © 2019 Sterling | www.sterlingcheck.com Tab 2 – Products/Pricing a. Appendix E (D) Price Proposal a) Products/Pricing Please refer to Appendix E (D) Price Proposal included in this tab. Appendix D RFP 19-13 Pre-Employment Background Screening, Related Products and Services PRICE PROPOSAL A. BACKGROUND SCREENING SERVICE PACKAGES 1. New General Employee Package. Provide package and pricing related to screening a new general employee. Following items: Form I-9/E-Verify; SSN Trace; criminal check; national sex offender check; and national security watch list (OFAC) check. Price starting at $14.45 2. New Management Employee Package. Provide package and pricing related to screening a new management-level employee. Following items: Form I-9/E- Verify; SSN trace; employment credit report; criminal check; national sex offender check; driver license check; national security watch list (OFAC) check; and education verification. Price starting at $26.45 3. Existing General Employee Package. Provide package and pricing related to screening an existing general employee. Following items: SSN trace; criminal check; national sex offender check; and national security watch list (OFAC) check. Price starting at $11.50 4. Existing Management Employee Package. Provide package and pricing related to screening an existing management-level employee. Following items: SSN trace; criminal check; national sex offender check; and national security watch list (OFAC) check; and education verification. Price starting at $17.50 5. International Package. Provide package and pricing related to screening international potential and existing employee. Following items: Form I-9/E- Verify; SSN trace; employment credit report; criminal check; national sex offender check; driver license check; national security watch list (OFAC) check; and education verification. Price starting at $26.25 6. Recommended Package(s). Should your firm have other recommended package plans, provide recommendation as part of your response. When working with other purchasing groups we typically find their member base has very different needs. We are flexible with our package creation and can tailor our packages to the needs of each individual member. The chart below includes our standard screening services and a la carte pricing with cooperative discounts built in. Packages will be created based on adding the individual service prices. B. UNBUNDLED BACKGROUND SCREENING SERVICES Please identify costs for “a la carte”/per unit background screening services using the table below (you may respond with additional details (express the levels, years, etc.), products and/or services): Services Price single name not to exceed Price for all names/ aliases Average Turnaround Time (in business days) Comments Data Confirmation Searches Social Security Number verification (CBSV) $ 4.00 2-3 business days Social Security Number search/trace (Address History Report) $ 1.00 instant Criminal History Searches County criminal search in a single county $ 6.00 $ 10.50 1 day (average 10 hours for county criminal history reports) Plus county fees where applicable County criminal search in all counties where the Consumer lived in the past 5 years based on the Social Security Number search $ 9.50 $ 16.50 1 day Plus county fees where applicable County criminal search in all counties where the Consumer lived in the past 7 years based on the Social Security Number search $ 10.50 $ 18.25 1 day Plus county fees where applicable County criminal search in all counties where the Consumer lived in the past 10 years based on the Social Security Number search $ 13.50 $ 23.50 2 days Plus county fees where applicable County criminal search in all counties where the Consumer lived in the past 15 years based on the Social Security Number search $ 30.00 $ 52.50 2 days Plus county fees where applicable County criminal search in all counties where the Consumer lived - UNLIMITED $ 45.00 $ 78.75 2 days Plus county fees where applicable State criminal search - single state $ 6.00 $ 10.00 2 days Plus state fees State criminal search in all states where the Consumer lived in the past 7 years based on the Social Security Number search $ 10.00 $ 17.00 2 days Plus state fees State criminal search in all states where the Consumer lived in the past 10 years based on the Social Security Number search $ 12.50 $ 21.25 2 days Plus state fees Federal district criminal court search for a single federal district $ 2.75 $ 4.25 1 day Plus fees where applicable Federal district criminal court search for all federal districts where the Consumer lived in the past 7 years based on the social security number search $ 4.50 $ 7.75 1 day Federal criminal search in all federal districts where the Consumer lived in the past 10 years based on the Social Security Number search $ 6.50 $ 11.25 1 day Add criminal for jurisdictions off education and employment locations $ 6.00 $ 10.50 1 day Per county/state/district price National Criminal Database check with validations included in price $ 4.00 $ 7.00 1 day Validations included but county fees passed through if necessary Locator Select (formerly ArrestDirect) with county validations included $ 4.00 $ 7.00 1 day Validations included but county fees passed through if necessary DOJ 50-State Sex Offender Search $ 2.50 $ 4.25 1 day Office of Financial Assets Control (OFAC) search $ 2.00 $ 3.50 1 day MVR Monitoring Varies This product pricing depends on the details of the program. There are implementation fees and monthly employee. More details can be provided on individual member basis. Arrest Monitoring $ 1.00 N/A ongoing Price is per employee per month. Civil Searches Driving record search from a single state DMV (Department of Motor Vehicles) $ 2.00 1 day Plus state fees Credit report for employment purposes $ 4.00 1 day Site Inspection for Credit Reports $ 85.00 One time third party vendor pass thru fee. Subject to increase if vendor raises fees Upper county civil courts search in a single county $ 14.00 $ 24.50 3 days Plus fees where applicable Upper county civil courts search in all counties where the consumer has lived in the past 7 years based on the social security number search $ 30.00 $ 52.50 3 days Plus fees where applicable Upper and Lower county civil courts search in a single county $ 29.00 $ 50.75 4 days Plus fees where applicable Upper and Lower county civil courts search in all counties where the consumer has lived in the past 7 years based on the social security number search $ 60.00 $ 105.00 4 days Plus fees where applicable Healthcare Profession Searches Fraud and Abuse Control Information System - Level I $ 4.00 2 days Fraud and Abuse Control Information System - Level II $ 5.00 2 days Fraud and Abuse Control Information System - Level III $ 6.00 2 days Office of Inspector General (OIG) excluded persons list search $ 3.00 1 day General Services Administration (GSA) excluded parties list search $ 2.00 1 day OIG (Office of Inspector General) /GSA (Government Services Administration) Check (Combined) $ 4.75 1 day National Practitioners Data Bank (NPDB) $ 3.50 1 day Neglect/Abuse Databases $ 5.50 1 day Verifications Employment verification for one employer $ 6.00 2 days For one employer - plus verification fees when applicable Employment verification for all employers in past 7 years , maximum 3 employers $ 14.00 2 days Plus verification fees where applicable Employment verification for all employers in past 10 years, maximum 5 employers $ 24.00 3 days Enhanced Employment/Education verification (3 calls to employer/school, 2 calls to candidate to obtain proof, then close) - per $ 8.50 3 days Per verification - plus verification fees when applicable school/employer Enhanced Employment verification (3 calls to employer, 2 calls to candidate to obtain proof, then close) - all employers, last 7 years, maximum 3 employers $ 20.00 3 days Per verification - plus verification fees when applicable Enhanced Employment verification (3 calls to employer, 2 calls to candidate to obtain proof, then close) - all employers, last 10 years, maximum 5 employers $ 27.50 3 days Per verification - plus verification fees when applicable Education verification with one educational institution for highest degree granted $ 6.00 2 days Plus Verification fees where applicable Professional license verification with one licensing agency $ 6.00 1 day Plus fees where applicable Professional/Personal Reference $ 8.50 2 days Military Verification $ 7.50 Varies Plus fees where applicable Department of Transportation (DOT) Verification $ 7.50 3 days plus fees where applicable Other Applicant Tracking System (ATS) or Human Resources Information System (HRIS) Integration Fee see notes Integration fees waived if standard integration. Custom integrations - prices vary based on complexity. See Details Below Educational Offerings see notes Free webinars and trainings on Sterling's services and technology as available. Additional notifications and updates through Member notifications and newsletters all at no charge to Member Pre-adverse/adverse letters $ 5.50 Per candidate Client Matrix Application (CMA) – Report Ratings based on client criteria $ 1.25 Per report Patriot Act Check $ 6.00 1 day Combines EPLS, OFAC, FDA, and OIG Checks Excluded Parties List System (EPLS) $ 3.50 1 day Federal Financial Institutions Check $ 7.00 1 day Limited Denial of Participation (HUD Programs) $ 7.00 1 day Denied Persons List $ 7.00 1 day Globex Report (Extended Global Sanctions) $ 6.75 1 day Bishops Services varies Varies based on client need Commercial Driver’s License Information System (CDLIS) Check (price includes fees) $ 3.75 1 day Notifies user where applicant has had license and can trigger MVR for each state – includes fees Alias / Maiden Name checks - for any other services where price may not specifically be listed 1.75x single name price Global Screening varies varies All global screening quotes will be based on 10,000 check volume in Sterling Global Toolkit (lowest possible pricing at any given time). International searches are available in 200 countries. Fingerprint Check (FINRA) $20.00 2-3 days Fingerprint Check (FBI) $20.00 1 day Plus FBI Fees Social Media Check $30.00 2 days Sterling Identity Document Verification $ 2.65 instant Price per candidate Sterling Identity Document Verification with Facial Recognition $ 3.85 instant Price Per candidate Department of Transportation PSP Crash & Inspection Records (DOTFMCSA) $ 15.50 2 days Plus fees Managed Compliance (Sterling sends out FCRA documents upon candidate requests) $ 4.00 Per candidate Resume Comparison $ 13.50 3 days Per candidate Order Entry Fee $ 7.50 Drug Screening Non-DOT Urine 5, 9, 10 Panel (collection in network includes collection, lab, and medical review officer) $ 26.00 1-2 days on negatives, 2-4 days on non- negatives Plus third-party collection fees if necessary Non-DOT Urine Panel w/ MDMA (Ecstasy) (collection in network includes collection, lab, and medical review officer) $ 26.00 1-2 days on negatives, 2-4 days on non- negatives Non-DOT Medical Professional 19 Panel (collection in network includes collection, lab, and medical review officer) $ 75.00 1-2 days on negatives, 2-4 days on non- negatives Non-DOT Urine Panel w/ Expanded Opiate (collection in network includes collection, lab, and medical review officer) $ 33.00 1-2 days on negatives, 2-4 days on non- negatives DOT 5 Panel Urine Drug Test (collection in network includes collection, lab, and medical review officer) $ 28.00 1-2 days on negatives, 2-4 days on non- negatives E-Screen (OHN) Urine 5, 7, 9 Panel (collection out of network includes collection, lab, and medical review officer) $ 38.00 1-2 days on negatives, 2-4 days on non- negatives Non-DOT Urine 4 Panel (removal of marijuana panel, collection in network includes collection, lab, and medical review officer) $ 26.00 1-2 days on negatives, 2-4 days on non- negatives Plus third-party collection fees if necessary 10 panel Urine Drug Screen with Expanded Opiate, Oxy+ua (12 Panel) $ 32.85 5 Panel eCup Rapid Test $ 8.75 Oxycodone Add-On $ 7.00 Urine: 10 Panel Instant Device (iCup) $ 150.00 Per box of 25 tests ($6 per test) Urine: 10P POCT Instant Result $ 26.60 Plus out-of-network collection fees if necessary Oral: 5P Lab Self Collect (Intercept) $ 21.50 Plus out-of-network collection fees if necessary Oral: 4P Lab Self Collect (Intercept) $ 21.50 Plus out-of-network collection fees if necessary Oral: Oral Fluid Device (Intercept) $ 107.25 Kits are sold and priced in bundles of 25. Shipping charges will apply. Oral: 6 Panel Instant Device (OralTox) $ 200.00 Kits are sold and priced in bundles of 25. Shipping charges will apply. Hair Drug Testing (5-panel) $ 67.00 Plus out-of-network collection fees if necessary Random Screening Management $ - No additional charge Additional Services Clinical:Pulmonary Function+OSHA Quest. $ 60.25 In Network Pricing. Clinial: OSHA Medical Questionnaire $ 50.00 In Network Pricing. Physical: OSHA Medical Opinion Letter $ 37.25 In Network Pricing. Audiogram $ 41.25 In Network Pricing. Clinical: Ishihara (Color) Vision $ 35.75 In Network Pricing. Clinical: Snellan (Wall Chart) Vision $ 43.00 In Network Pricing. Onsite Collections Varies Will vary based on exact needs Physical: DOT Examination - FAA or USCG $ 132.00 In Network Pricing. Physical: DOT Examination - FMCSA, FRA, FTA, or PHMSA $ 102.50 In Network Pricing. Physical: Examination $ 78.00 In Network Pricing. Breath Alcohol Testing $ 46.75 In Network Pricing. Blood Alcohol $ 34.00 In Network Pricing. 5 Panel Blood with Expanded Opiates $ 302.50 In Network Pricing. I-9 E-Verify Services: SService/Product PPrice NNote FFI9/eVerify $2.95 - Online Form I9 and Submission to eVerify LLocation Setup -- Per Client $750 - Initial account setup, administration- includes 1 location Additional Locations Setup $35 - Per additional location. Up to $5,000 maximum Annual I9 Solution Maintenance $350 Data Migration -- SSetup $1,250 - SOW required prior to implementation Data Migration - Per Record $0.15 - Electronic upload/storage of I9 data. - SOW mandatory prior to implementation - Document storage required- see below for cost Remote Hire - Setup $750 - Used for non-system user I9 access and processing Remote Hire - FI9/eVerify Less than 250: $ 14.00 - Completion Form I9, and submission to eVerify 251- 2,000: $ 11.25 - Used for non-system user I9 access and processing 2,001 - 5,000+: $ 8.00 Remote Hire -- NNotary Setup $450 - Access to 12k Notary Network Remote Hire -- NNotary "Standard" $75 - 1-3 day TAT Remote Hire -- NNotary "Rush" $200 - 24hr TAT Remediation Software Setup $6,200 - SOW required prior to bid Remediation - Monthly Software Charge $1,050 - Document storage required - see below for cost Remediation - Per Paper I9 Record $11 - Scan, convert, audit, and present for remediation Document Storage (Monthly Fee) $ 100.00 First 1GB - Applies to Data Migration and Remediation services $ 15.00 per additional 1GB Annual Licensing Pricing (Only for members utilizing our Onboarding Platform) ESSENTIALS PLUS ULTIMATE VOLUME OF ANNUAL NEW HIRES For Unlimited annual I-9 E- Verify For Unlimited I-9 E-Verify plus Onboarding Up to 100 $550.00 $2,800.00 101-250 $1,000.00 $6,750.00 251-500 $1,750.00 $13,250.00 501-750 $2,437.50 $18,000.00 751-1000 $2,800.00 $20,000.00 1001-1500 $4,125.00 $26,250.00 1501-2000 $5,400.00 $31,000.00 2001-3000 $7,950.00 $44,250.00 3001-4000 $10,600.00 $55,000.00 4001-5000 $13,250.00 $65,000.00 5001-6000 $15,000.00 $72,000.00 6001-8000 $20,000.00 $88,000.00 8001-10,000 $23,500.00 $105,000.00 10,001-15,000 $30,000.00 $150,000.00 15,001-20,000 $40,000.00 $195,000.00 20,001-25,000 $50,000.00 $237,500.00 25,001-30,000 $60,000.00 $270,000.00 30,001-35,000 $70,000.00 $315,000.00 35,001-40,000 $80,000.00 $360,000.00 40,001-45,000 $90,000.00 $395,437.50 45,001-50,000 $100,000.00 $427,500.00 50,001-60,000 $120,000.00 $501,600.00 60,001-70,000 $140,000.00 $571,900.00 70,001-80,000 $160,000.00 $638,400.00 80,001-90,000 $180,000.00 $701,100.00 90,001-100,000 $200,000.00 $760,000.00 ATS INTEGRATION FEES Product Description Member Price Integration Fee (Standard) - Avature Waived Integration Fee (Standard) - Bond-Adapt Waived Integration Fee (Standard) - Bond-eEmpact Waived Integration Fee (Standard) - Bond-StaffSuite Waived Integration Fee (Standard) - Bullhorn Waived Integration Fee (Standard) - Compas Waived Integration Fee (Standard) - CredentialSmart Waived Integration Fee (Standard) - Fast Recruiting Waived Integration Fee (Standard) - Greenhouse Waived Integration Fee (Standard) - HealthCare Source Waived Integration Fee (Standard) - Hirebridge Waived Integration Fee (Standard) - iCIMS Waived Integration Fee (Standard) - Interview Exchange Waived Integration Fee (Standard) - Jazz Waived Integration Fee (Standard) - Jobaline Waived Integration Fee (Standard) - Jobvite Waived Integration Fee (Standard) - MaxHire Waived Integration Fee (Standard) - MDStaff Waived Integration Fee (Standard) - Micron-BizCruit Waived Integration Fee (Standard) - Micron-LawCruit Waived Integration Fee (Standard) - MyStaffingPro Waived Integration Fee (Standard) - Newton Waived Integration Fee (Standard) - Infor-PeopleAnswers Waived Integration Fee (Standard) - Pereless Waived Integration Fee (Standard) - SmartRecruiters Waived Integration Fee (Standard) - SmartSearch Waived Integration Fee (Standard) - Snagajob Waived Integration Fee (Standard) - talentReef Waived Integration Fee (Standard) - Taleo Business Edition Waived Integration Fee (Standard) - TribeHR Waived Integration Fee (Premium) - Custom Web Services $ 5,000.00 Integration Fee (Premium) - Custom Batch $ 5,000.00 Integration Fee (Premium) - Kenexa $ 5,000.00 Integration Fee (Premium) - OpenHire (HRNX) $ 5,000.00 Integration Fee (Premium) - Peoplefluent - RMS/TM $ 5,000.00 Integration Fee (Premium) - SuccessFactors $ 5,000.00 Integration Fee (Premium) - Taleo Enterprise $ 5,000.00 Integration Fee (Premium) - Ultimate Software $ 5,000.00 Integration Fee (Premium) - Workday Recruiting $ 5,000.00 Integration Fee (Premium) - Other $ 5,000.00 Basic Integration - Additional Project Management Support (Per Hour) $ 200.00 Premium Integration - Additional Project Management Support (Per Hour) $ 200.00 Key Product Descriptions Service Notes Social Security Number Trace & Locator Sterling’s Social Security Number (SSN) Trace provides an address history and reported aliases associated with an SSN based on an aggregated database of 400+ sources. The results of this search tool are used to broaden the scope of a background check to include jurisdictions and names beyond what the candidate has disclosed. The aggregated database that is used for the SSN Trace is comprised of multiple sources containing address history information, such as information compiled by credit bureaus, utility company billing records, USPS mail forwarding information and other similar sources. Criminal Database (National) Sterling searches through the Federal Department of Justice, which includes the listing of registered sex offenders for all 50 States – except Nevada, which currently has an injunction in place. Many companies rely on a simple database search to fulfill sex offender searches, sacrificing accuracy and integrity. Though Sterling has access to several sex offender searches, we will only offer this search to clients needing to screen for sex offenders because of the holes and inaccuracies in other searches. There are a number of reasons to perform a sexual offender registry search in addition to a criminal search including sealed State or County records, records residing in Family Court, or the original sexual offense may have been dropped to a lesser charge. Criminal History Sterling leads the industry with accuracy and turnaround time using CourtDirectTM, our automated, high-performance connection with numerous county criminal jurisdictions across the US. Sterling’s CourtDirect is the largest, most comprehensive network of any provider anywhere in the world and we are adding capabilities on a weekly basis. Today, most companies physically retrieve courthouse data for background screening. With our breakthrough platform, Sterling successfully digitized and integrated primary source data from hundreds of US court jurisdictions. Fully 85% of our criminal record search volume is automated via CourtDirect. By eliminating human intervention from the process and creating direct pipelines of information from nationwide courthouses, CourtDirect allows Sterling to offer numerous benefits, including turnaround times 50% faster than the rest of the industry. County criminal record searches are typically based on the last 7 years of the candidate's address history as derived by the Social Security Number trace results. The central court search reveals felony and misdemeanor convictions and pending cases within a minimum of the last 7 years, subject to availability and applicable reporting limitations. This search is upgraded to a statewide search, rather than a county search, for a limited set of states including New York, Maine, Vermont, Puerto Rico and other US territories. Federal Criminal Records Federal criminal records detail crimes of a different scale than those at the county level; these crimes are prosecuted in federal district courts and include such charges as international/inter-state drug trafficking, kidnapping, etc. Sterling has the ability to obtain federal records from all district courts throughout the US and related territories. This method is typically used for screening upper-level positions to supplement County and State Criminal Record Checks. U.S. Criminal Records History Our Federal Criminal Search details crimes of a different scale than those at the county level; these crimes are prosecuted in federal district courts and include such charges as international/inter-state drug trafficking, kidnapping, etc. Sterling has the ability to obtain federal records from all district courts throughout the US and related territories. This method is typically used for screening upper-level positions to supplement County and State Criminal Record Checks. Consumer Credit History Sterling’s employment credit reports provide employers with information regarding a candidate’s financial responsibility without divulging their credit score. Results include: ƒ Negative account information ƒ Collections ƒ Other relevant information Professional License Verification With our Professional License Verification, Sterling contacts the awarding/issuing authority to obtain written or verbal verification of a professional license, credential, or membership. Our reports detail license type and status, date awarded, pending, or past disciplinary action, and dates of validity. Education Verification Sterling’s Education Verification confirm the education claims made by a candidate. Sterling maintains an exclusive and proprietary database to house the information release policies for every educational institution in North America and thousands worldwide. To complete education verifications, Sterling’s Verification Specialists access requests on our secure website. As our specialists gather information directly from record holding institutions or third parties designated by record holding institutions, they input details into the system and our appropriate department managers provide a quality review prior to final distribution to ESC. Employment Verification We provide Automated Employment Verifications which are used to identify any discrepancies between the candidate’s claims and the employment record. Sterling’s proven technology innovation and process re-engineering delivers higher completion rates for both employment verifications and personal references. As the references are completed, the following information is made available to Sterling, and is updated and available through Sterling's platform in real-time: written or verbal verification of former employer's name and location, contact information for employer’s HR department, supervisor's name and department, dates of employment, job title, as well as rate of pay (when available), reason for leaving, and eligibility for rehire. We have studied and tested combinations of phone and email communications with previous employers to deliver services quickly (less than 30 hours average turnaround time) and with high completion rates (over 80%). Motor Vehicle/Driving Record Our motor vehicle record searches contain state driving record information dating back a minimum of three years, depending on the jurisdiction. This search determines if the candidate’s license is valid and if they have a clean driving record history. In addition, the search provides information on the status of the candidate’s license, as well as any history of speeding, reckless driving, driving under the influence, or other offenses. The record provides dates of all incidents, as well as the dates and causes of all suspensions. We can provide motor vehicle record searches for all states. Sterling will also provide guidance on the following states with special requirements: ƒ New Hampshire ƒ Washington ƒ Puerto Rico ƒ Pennsylvania ƒ Utah National Sex Offender Search The Department of Justice (DOJ) 50-State Sex Offender Search is the most comprehensive and up-to-date sex offender search available today. It includes the listings of registered sex offenders for all 50 states (except Nevada), US territories, the District of Columbia, and participating Indian tribes. (Nevada currently has an injunction in place that restricts employers from using this information for employment purposes.) Many companies rely on a simple database search to fulfill sex offender searches, sacrificing accuracy and integrity. We recommend this sex offender search due to the inaccuracies found in other searches. State Sex Offender Search Same as above. National Security Watch List (OFAC) The Office of Foreign Assets Control (OFAC) administers and enforces economic sanctions programs, primarily against countries and groups of individuals such as terrorists and narcotics traffickers. The sanctions can either be comprehensive or selective, using the blocking of assets and trade restrictions to accomplish foreign policy and national security goals. If there is information on someone who has been tagged by the OFAC, no matter the person’s location, it may appear in the OFAC database. This information is derived from US dealings with the individual, as opposed to an industry in another country reporting directly to the OFAC. Sterling searches this list to identify any potential sanctions against the candidate SSN Trace Sterling’s Social Security Number (SSN) Trace provides an address history and reported aliases associated with an SSN based on an aggregated database of 400+ sources. The results of this search tool are used to broaden the scope of a background check to include jurisdictions and names beyond what the candidate has disclosed. The aggregated database that is used for the SSN Trace is comprised of multiple sources containing address history information, such as information compiled by credit bureaus, utility company billing records, USPS mail forwarding information and other similar sources. County Criminal Search (7years) Sterling leads the industry with accuracy and turnaround time using CourtDirectTM, our automated, high-performance connection with numerous county criminal jurisdictions across the US. Sterling’s CourtDirect is the largest, most comprehensive network of any provider anywhere in the world and we are adding capabilities on a weekly basis. Today, most companies physically retrieve courthouse data for background screening. With our breakthrough platform, Sterling successfully digitized and integrated primary source data from hundreds of US court jurisdictions. Fully 85% of our criminal record search volume is automated via CourtDirect. By eliminating human intervention from the process and creating direct pipelines of information from nationwide courthouses, CourtDirect allows Sterling to offer numerous benefits, including turnaround times 50% faster than the rest of the industry. County criminal record searches are typically based on the last 7 years of the candidate's address history as derived by the Social Security Number trace results. The central court search reveals felony and misdemeanor convictions and pending cases within a minimum of the last 7 years, subject to availability and applicable reporting limitations. This search is upgraded to a statewide search, rather than a county search, for a limited set of states including New York, Maine, Vermont, Puerto Rico and other US territories. State Criminal Search Sterling searches through the Federal Department of Justice, which includes the listing of registered sex offenders for all 50 States – except Nevada, which currently has an injunction in place. Many companies rely on a simple database search to fulfill sex offender searches, sacrificing accuracy and integrity. Though Sterling has access to several sex offender searches, we will only offer this search to clients needing to screen for sex offenders because of the holes and inaccuracies in other searches. There are a number of reasons to perform a sexual offender registry search in addition to a criminal search including sealed State or County records, records residing in Family Court, or the original sexual offense may have been dropped to a lesser charge. County Civil Search Our primary county civil search searches records at the upper level for violations of trust and civil law suits. This is important for assessing a candidate’s past business relationships, and is recommended for upper management executives, such as CPA’s and Accountants. A search of both upper and lower levels is also available. Sterling Identity Document Verification Using AI technology, we can quickly authenticate government issued IDs, typically in seconds. Candidates use their phone to capture required documents for authentication. When AI is unable to verify, humans take over to boost success rate. Product is charged per applicant and most documents are automatically authenticated, for those that require manual review, additional fees may apply. Sterling Identity Document Verification with Facial Recognition Combining AI technology with biometric facial comparison, we are able to both authenticate a government issued ID and perform identity verification. Candidates use their phone to capture required documents and take a selfie. The government issued ID is verified and the image matched to the selfie to confirm identity. Product is charged per applicant and most documents are automatically authenticated, for those that require manual review, additional fees may apply. C. IN-PROCESSING/ONBOARDING SERVICES Offeror shall answer the questions below regarding providing an electronic workflow solution for in-processing/onboarding paperwork for newly hired employees. 1. What is the fee for in-processing/onboarding services and how is the fee charged (e.g. per hire, per item processed)? Please see price list in Section B. For members who require onboarding services we would put them on our Onboarding platform and the fees will vary based on employee count. All fees are included and are assessed annually. Members who do not require onboarding services will be set up on our ScreeningDirect platform where there are no licensing or annual fees for screening services. 2. Are there any implementation fees? If not implemented upon contract execution, would there be future implementation fees? Implementation fees are included in the chart in Section B 3. Are there any conversion fees, retention fees, web service fees, training fees, marketing material fees, or other fees associated with providing in- processing/onboarding services? If so, please list below. Any of the fees exhibit D N/A D. In addition to the information provided above, please address the following questions: 1. Are there any implementation fees? If so, please list below. There are bundled annual platform fees included in Section B based on employee count 2. Are there any conversion fees, retention fees, web service fees, training fees, marketing material fees, or other fees associated for providing background screening services? If so, please list below. N/A 3. Are there Compliance Consulting Services? If so, detail the services and fees? As mentioned through the RFP sterling does take compliance seriously. Although we are not a compliance law firm sterling does have compliance expertise does and will provide Region 4 guidance where applicable. E. FORM I-9/E-VERIFY SERVICES Offeror shall answer the questions below regarding Form I-9/E-Verify services. 1. What is the per unit fee for E-Verify services? See charts in Section B. Note the $2.95 per unit fee is for clients on our ScreeningDirect Platform (most clients will be set up on this platform). This includes both electronic I-9 and E-Verify services. 2. What is the per unit fee for Form I-9 services? See #1 above 3. Can these fees be included as part of a packaged price for background screening services? If so, please include a copy of the packaged pricing options. Not typically. For most customers, the background screening is done post-offer, pre- hire. The I-9 E-Verify service is a post-hire activity and as such, priced separately. In other words, our clients don’t want to pay for I-9 or E-Verify as part of the pre-screen because if they end up not hiring the candidate, they will have paid for a service that will go unfulfilled. 4. Are there any implementation fees? If so, please list below. All implementation fees are listed in the chart in section B 5. Are there any fees for requesting audit copies and/or any fees for expert audit consultation? Yes, see chart in Section B 6. Are there any conversion fees, retention fees, web service fees, training fees, marketing material fees, or other fees associated with providing Form I-9 verification services? If so, please list below. N/A F. Department of Justice (DOJ) Verification Offeror shall answer the questions below regarding DOJ services. 1. Would your firm have the ability to register with any State DOJ for the purposes of fingerprint background check that requires it? Describe the process by which you would apply for such registration. Sterling provides two solutions for meeting state fingerprinting requirements. In states where the state DOJ works with multiple fingerprint vendors, and is accepting new applications, we pursue a direct integration. The process for which you apply for such registration varies greatly by state. Typically speaking, the state requires an application, followed by an approval process for software and hardware. Sterling recently completed such work in Florida and is the newest FDLE approved fingerprinting provider. In the majority of states, where a contract has been awarded to a single fingerprint vendor, or in which a state is not allowing for new registrations, Sterling seeks to form a partnership via our Third-Party Administrator (TPA) program. The TPA program is not available for all state fingerprinting requirements, as unfortunately no provider can support every state. Sterling is constantly working on expanding our fingerprinting coverage, both directly, and through strategic partnerships. 2. What are the per unit fee(s) for DOJ services? State fingerprinting fees vary widely by state and, in some instances, between agencies within a state. Sterling charges a $20 administrative fee for facilitating state fingerprinting requests. 3. Can these fees be included as part of a packaged price for background screening services? If so, please include a copy of the packaged pricing options. Yes, one of the main benefits of Sterling’s TPA program is consolidated billing for all screening services, including fingerprinting. Package pricing options vary greatly, and fingerprinting services (whether through TPA or direct) can be added to any screening package. 4. Are there any implementation fees? If so, please list below. No, Sterling does not charge implementation fees for fingerprinting. 5. Are there any fees for requesting audit copies and/or any fees for expert audit consultation? If so, please list below. Copies of fingerprints and associated criminal history is highly regulated; our ability to provide “audit copies” will vary in line with local, state, and federal regulation. Additionally, through our TPA program, this would be managed by our vendor partner. Expert audit consultation is not currently a service that Sterling offers. 6. Are there any conversion fees, retention fees, web service fees, training fees, marketing material fees, or other fees associated with providing DOJ verification services? If so, please list below. No, our fee structure is very straightforward: in states where we have a direct connection, we charge for collection and processing, plus any applicable state and federal fees. In states where we administer fingerprinting through a third party, we charge an administration fee, plus any applicable state and federal fees. G. Are there any discount programs? Is so, please describe discounted fee schedule based on projected volume in your cost proposal. If volume exceeds this number, state what the additional discount fee would be. Yes, the pricing included in Section B is heavily discounted based on this opportunity. Additional discounts may be available if the annual volume exceeds 5,000 annual screens. H. Do you offer adverse action letter fulfillment/solutions to clients? If yes, please describe the available resources and procedures involved. Please indicate in your cost proposal if there any additional fees for this option. Please provide the procedure utilized by your firm and sample action notices. Yes, $5.50 per candidate Managed Adverse Action Sterling’s adverse action management process includes both the pre-adverse action letter and the final adverse action letter. Adverse Action is initiated in our platform within the background check report via the Adverse Action button. ESC will be prompted to select which searches caused disqualification. Within 24 hours of submission, Sterling will mail or email the letter, report and all applicable summary of rights to the candidate. Five days later, the final Adverse Action letter will be automatically sent to the candidate with a copy of the background report and all applicable summary of rights. The entire process will be noted within the order for auditing and archiving purposes. If a candidate disputes the accuracy of the background check report, ESC will be notified of the re- investigation event. If the email containing the adverse action letter, report, and summary of rights is returned, Sterling will mail the letters and forms to the candidate’s current address. Within our Adverse Action workflows are pre-populated letters, mail or email delivery of letters and reports to candidates, automated final Adverse Action fulfillment, fully compliant Adverse Action letters and reports, electronic Fair Chance assessment forms, and a professional dispute resolution team to handle re- investigations when your candidates contest results. We can support custom Adverse Action letters at the account and subaccount levels. Sterling does charge a flat per candidate fee for Adverse Action management. The Fair Credit Reporting Act (FCRA) allows a Consumer Reporting Agency (CRA) up to 30 calendar days to resolve a candidate's dispute. Under special circumstances, a 15 day extension may be allotted. Most disputes are resolved within 5 to 10 business days. If, after 30 days, a Consumer Reporting Agency cannot demonstrate that the information contained in the report is accurate, the FCRA mandates removal of the disputed information from the report. Automated Adverse Action Sterling oversees the adverse action process with an automated system called Managed Adverse Action. This ensures the adverse action process is managed consistently every time. Your account can be set-up to automatically default to Managed Adverse Action when a “Review” decision is made. This process is automated and managed by Sterling’s internal teams to ensure a consistent level of quality. The individualized assessment, pre-adverse, and final adverse are delivered via email. Electronic adverse action reduces the reliance on the time it takes for a candidate to receive a letter via physical mail and improves ESC’s transparency into the adverse action process. Please note that electronic adverse action has no impact on how adverse action is initiated from the dashboard, or our dispute process – any initiated dispute will still pause the adverse action process. A candidate has until 11:59 pm PST on the day adverse action was initiated to log in to the candidate portal and view the pre-adverse action task. If the notification isn’t viewed within this established time frame, our process will automatically default to physical mail of the same adverse action information. Please refer to the attached Sample PreAdverse Action Letter and Sample Adverse Action Letter. I. Does your organization provide guidance or subject matter expertise in the form of a compliance professional, in-house counsel, etc.? Indicate any additional fees for this option. Yes. We provide compliance guidance and subject-matter expertise through our Compliance Department which is led by Angela Preston, Sterling’s Senior Vice President and Counsel - Corporate Ethics and Compliance. Angela is a recognized legal expert in the background screening field with more than 20 years as a licensed attorney and 17 years in the security and background investigation industry. Our Global Compliance Team consults with industry experts and continually analyzes privacy, human rights, and employment legislation trends. We also regularly retain in-country counsel for legal opinions and best practice data from over 230 geographies around the globe. Dear Applicant / Employee, When you applied for employment with CoGo's Co, you consented to the preparation of an employment background report by Sterling Talent Solutions, whose contact information is located below. Sterling Talent Solutions Dispute Resolution Department 6111 Oak Tree Boulevard Independence, OH 44131 Phone: 888.889.5248 Email: dispute.resolution@sterlingts.com STERLING TALENT SOLUTIONS has reported to us the following information: Reasons for Potential Disqualification: Based in whole or in part on this information, we are considering revoking an employment offer, denying continuation of your employment, or denying a promotion to you at this time. Attached is a copy of the report and a copy of A Summary of Your Rights Under the Fair Credit Reporting Act. Depending upon location, relevant state summaries of rights may also be included. You have a right to dispute the accuracy or completeness of any information Sterling Infosystems, Inc. dba Sterling Talent Solutions has provided, including the contents of the attached report, directly with Sterling. If you wish to file a dispute, please contact Sterling Infosystems, Inc. dba Sterling Talent Solutions immediately upon receipt of this letter and advise your HR representative at CoGo's Human Resources Department that you have done so. If we do not hear from you within 5 days, we will make our hiring determination based on the information currently available to us. Sincerely, CoGo’s Human Resources Department Encl: Report from Sterling Talent Solutions A Summary of Your Rights Under the Fair Credit Reporting Act [state summaries as appropriate] Dear Applicant / Employee, This letter is to inform you that an offer of employment, volunteer service, contract work, or continuation of current employment or the granting of a promotion will not be made at this time. This decision was based, either in whole or in part, on information provided to us in a consumer report furnished at our request by the consumer reporting agency whose contact information is located below. Sterling Talent Solutions Dispute Resolution Department 6111 Oak Tree Boulevard Independence, OH 44131 Phone: 888.889.5248 Email: dispute.resolution@sterlingts.com Under the federal Fair Credit Reporting Act, you have the right to obtain a free copy of your file from the consumer reporting agency if you make a request with the agency within 60 days. Enclosed with our letter to you dated [Date of Pre-Adverse Notice] was a copy of the report that we received from STERLING TALENT SOLUTIONS. You have the right to dispute directly with the consumer reporting agency the accuracy or completeness of any information provided by the agency. Enclosed is A Summary of Your Rights Under the Fair Credit Reporting Act, which was also enclosed with our letter to you dated [Date of Pre-Adverse Notice]. If you are a resident of New Jersey, Washington, Wisconsin and Massachusetts, also enclosed is a state summary of your rights. The consumer reporting agency did not make our decision and is not able to provide you the reasons why the decision was made. Sincerely, CoGo’s - Human Resources Department Encl: A Summary of Your Rights Under the Fair Credit Reporting Act [state summaries as appropriate] PRE-EMPLOYMENT BACKGROUND SCREENING, RELATED PRODUCTS AND SERVICES | AUGUST 15, 2019 3 Proprietary and Confidential © 2019 Sterling | www.sterlingcheck.com Tab 3 – Performance Capability a. OMNIA Partners documents Please refer to the following documents included in this tab. Appendix E – Price Proposal (see: Requirements for National Cooperative Contract) Tab 3 Exhibit A – RESPONSE FOR NATIONAL COOPERATIVE CONTRACT Tab 3 Exhibit B – ADMINISTRATION AGREEMENT, EXAMPLE prior to contract Tab 3 Exhibit C – MASTER INTERGOVERNMENTAL COOPERATIVE PURCHASING AGREEMENT, EXAMPLE Tab 3 (Not required) Exhibit D – PRINCIPAL PROCUREMENT AGENCY CERTIFICATE, EXAMPLE Tab 3 (Not required) Exhibit E – CONTRACT SALES REPORTING TEMPLATE Tab 3 Exhibit F – FEDERAL FUNDS CERTIFICATIONS Tab 3 Exhibit G – NEW JERSEY BUSINESS COMPLIANCE DOC #1 Ownership Disclosure Form DOC #2 Non-Collusion Affidavit DOC #3 Affirmative Action Affidavit ƒ Affirmative Action Affidavit - Sterling EEO Report DOC #4 Political Contribution Disclosure Form DOC #5 Stockholder Disclosure Certification DOC #6 Certification of Non-Involvement in Prohibited Activities in Iran DOC #7 New Jersey Business Registration Certificate ƒ Sterling NJ Business Registration Certificate Tab 3 Exhibit H – ADVERTISING COMPLIANCE REQUIREMENT Tab 3 OMNIA PARTNERS EXHIBITS EXHIBIT A- RESPONSE FOR NATIONAL COOPERATIVE CONTRACT Sterling’s responses are included in our proposal. 1.0 Scope of National Cooperative Contract Capitalized terms not otherwise defined herein shall have the meanings given to them in the Master Agreement or in the Administration Agreement between Supplier and OMNIA Partners. 1.1 Requirement Region 4 ESC (hereinafter defined and referred to as “Principal Procurement Agency”), on behalf of itself and the National Intergovernmental Purchasing Alliance Company, a Delaware corporation d/b/a OMNIA Partners, Public Sector (“OMNIA Partners”), is requesting proposals for pre-employment background pre-employment background screening, related products and services. The intent of this Request for Proposal is any contract between Principal Procurement Agency and Supplier resulting from this Request for Proposal (“Master Agreement”) be made available to other public agencies nationally, including state and local governmental entities, public and private primary, secondary and higher education entities, non-profit entities, and agencies for the public benefit (“Public Agencies”), through OMNIA Partners’ cooperative purchasing program. The Principal Procurement Agency has executed a Principal Procurement Agency Certificate with OMNIA Partners, an example of which is included as Exhibit D, and has agreed to pursue the Master Agreement. Use of the Master Agreement by any Public Agency is preceded by their registration with OMNIA Partners as a Participating Public Agency in OMNIA Partners’ cooperative purchasing program. Registration with OMNIA Partners as a Participating Public Agency is accomplished by Public Agencies entering into a Master Intergovernmental Cooperative Purchasing Agreement, an example of which is attached as Exhibit C. The terms and pricing established in the resulting Master Agreement between the Supplier and the Principal Procurement Agency will be the same as that available to Participating Public Agencies through OMNIA Partners. All transactions, purchase orders, invoices, payments etc., will occur directly between the Supplier and each Participating Public Agency individually, and neither OMNIA Partners, any Principal Procurement Agency nor any Participating Public Agency, including their respective agents, directors, employees or representatives, shall be liable to Supplier for any acts, liabilities, damages, etc., incurred by any other Participating Public Agency. Supplier is responsible for knowing the tax laws in each state. This Exhibit A defines the expectations for qualifying Suppliers based on OMNIA Partners’ requirements to market the resulting Master Agreement nationally to Public Agencies. Each section in this Exhibit A refers to the capabilities, requirements, obligations, and prohibitions of competing Suppliers on a national level in order to serve Participating Public Agencies through OMNIA Partners. These requirements are incorporated into and are considered an integral part of this RFP. OMNIA Partners reserves the right to determine whether or not to make the Master Agreement awarded by the Principal Procurement Agency available to Participating Public Agencies, in its sole and absolute discretion, and any party submitting a response to this RFP acknowledges that any award by the Principal Procurement Agency does not obligate OMNIA Partners to make the Master Agreement available to Participating Procurement Agencies. OMNIA PARTNERS COMPANY EXHIBITS EXHIBIT A- RESPONSE FOR NATIONAL COOPERATIVE CONTRACT 1.2 Marketing, Sales and Administrative Support During the term of the Master Agreement OMNIA Partners intends to provide marketing, sales and administrative support for Supplier pursuant to this section that directly promotes the Supplier’s products and services to Participating Public Agencies through multiple channels, each designed to promote specific products and services to Public Agencies on a national basis. The OMNIA Partners marketing team will work in conjunction with Supplier to promote the Master Agreement to both existing Participating Public Agencies and prospective Public Agencies through channels that may include: A. Marketing collateral (print, electronic, email, presentations) B. Website C. Trade shows/conferences/meetings D. Advertising E. Social Media The OMNIA Partners sales teams will work in conjunction with Supplier to promote the Master Agreement to both existing Participating Public Agencies and prospective Public Agencies through initiatives that may include: A. Individual sales calls B. Joint sales calls C. Communications/customer service D. Training sessions for Public Agency teams E. Training sessions for Supplier teams The OMNIA Partners contracting teams will work in conjunction with Supplier to promote the Master Agreement to both existing Participating Public Agencies and prospective Public Agencies through: A. Serving as the subject matter expert for questions regarding joint powers authority and state statutes and regulations for cooperative purchasing B. Training sessions for Public Agency teams C. Training sessions for Supplier teams D. Regular business reviews to monitor program success E. General contract administration Suppliers are required to pay an administrative fee of 3% of the greater of the Contract Sales under the Master Agreement and Guaranteed Contract Sales under this Request for Proposal. Supplier will be required to execute the OMNIA Partners Administration Agreement (Exhibit B). 1.3 Estimated Volume The dollar volume purchased under the Master Agreement is estimated to be approximately $13 million annually. While no minimum volume is guaranteed to Supplier, the estimated annual volume is projected based on the current annual volumes among the Principal Procurement Agency, other Participating Public Agencies that are anticipated to utilize the resulting Master Agreement to be made available to them through OMNIA Partners, and volume growth into other Public Agencies through a coordinated marketing approach between Supplier and OMNIA Partners. OMNIA PARTNERS COMPANY EXHIBITS EXHIBIT A- RESPONSE FOR NATIONAL COOPERATIVE CONTRACT 1.4 Award Basis The basis of any contract award resulting from this RFP made by Principal Procurement Agency will, at OMNIA Partners option, be the basis of award on a national level through OMNIA Partners. If multiple Suppliers are awarded by Principal Procurement Agency under the Master Agreement, those same Suppliers will be required to extend the Master Agreement to Participating Public Agencies through OMNIA Partners. Utilization of the Master Agreement by Participating Public Agencies will be at the discretion of the individual Participating Public Agency. Certain terms of the Master Agreement specifically applicable to the Principal Procurement Agency are subject to modification for each Participating Public Agency as Supplier, such Participating Public Agency and OMNIA Partners shall agree. Participating Agencies may request to enter into a separate supplemental agreement to further define the level of service requirements over and above the minimum defined in the Master Agreement (i.e. invoice requirements, order requirements, specialized delivery, diversity requirements such as minority and woman owned businesses, historically underutilized business, governing law, etc.). It shall be the responsibility of the Supplier to comply, when applicable, with the prevailing wage legislation in effect in the jurisdiction of the Participating Agency. It shall further be the responsibility of the Supplier to monitor the prevailing wage rates as established by the appropriate department of labor for any increase in rates during the term of this contract and adjust wage rates accordingly. Any supplemental agreement developed as a result of the Master Agreement is exclusively between the Participating Agency and the Supplier (Contract Sales are reported to OMNIA Partners). All purchase orders issued and accepted by the Supplier may survive expiration or termination of the Master Agreement. Participating Agencies’ purchase orders may exceed the term of the Contract if the purchase order is issued prior to the expiration of the Contract. Supplier is responsible for reporting all sales and paying the applicable administrative fee for sales that use the Master Agreement as the basis for the purchase order, even though Master Agreement may have expired. 1.5 Objectives of Cooperative Program This RFP is intended to achieve the following objectives regarding availability through OMNIA Partners’ cooperative program: A. Provide a comprehensive competitively solicited and awarded national agreement offering the Products covered by this solicitation to Participating Public Agencies; B. Establish the Master Agreement as the Supplier’s primary go to market strategy to Public Agencies nationwide; C. Achieve cost savings for Supplier and Public Agencies through a single solicitation process that will reduce the Supplier’s need to respond to multiple solicitations and Public Agencies need to conduct their own solicitation process; D. Combine the aggregate purchasing volumes of Participating Public Agencies to achieve cost effective pricing. OMNIA PARTNERS EXHIBITS EXHIBIT A- RESPONSE FOR NATIONAL COOPERATIVE CONTRACT 2.1 Representations and Covenants As a condition to Supplier entering into the Master Agreement, which would be available to all Public Agencies, Supplier must make certain representations, warranties and covenants to both the Principal Procurement Agency and OMNIA Partners designed to ensure the success of the Master Agreement for all Participating Public Agencies as well as the Supplier. 2.2 Corporate Commitment Supplier commits that (1) the Master Agreement has received all necessary corporate authorizations and support of the Supplier’s executive management, (2) the Master Agreement is Supplier's primary “go to market” strategy for Public Agencies, (3) the Master Agreement will be promoted to all Public Agencies, including any existing customers, and Supplier will transition existing customers, upon their request, to the Master Agreement, and (4) that the Supplier has read and agrees to the terms and conditions of the Administration Agreement with OMNIA Partners and will execute such agreement concurrent with and as a condition of its execution of the Master Agreement with the Principal Procurement Agency. Supplier will identify an executive corporate sponsor and a separate national account manager within the RFP response that will be responsible for the overall management of the Master Agreement. 2.3 Pricing Commitment Supplier commits the not-to-exceed pricing provided under the Master Agreement pricing is its lowest available (net to buyer) to Public Agencies nationwide and further commits that if a Participating Public Agency is eligible for lower pricing through a national, state, regional or local or cooperative contract, the Supplier will match such lower pricing to that Participating Public Agency under the Master Agreement. 2.4 Sales Commitment Supplier commits to aggressively market the Master Agreement as its go to market strategy in this defined sector and that its sales force will be trained, engaged and committed to offering the Master Agreement to Public Agencies through OMNIA Partners nationwide. Supplier commits that all Master Agreement sales will be accurately and timely reported to OMNIA Partners in accordance with the OMNIA Partners Administration Agreement. Supplier also commits its sales force will be compensated, including sales incentives, for sales to Public Agencies under the Master Agreement in a consistent or better manner compared to sales to Public Agencies if the Supplier were not awarded the Master Agreement. 3.1 SUPPLIER RESPONSE Supplier must supply the following information in order for the Principal Procurement Agency to determine Supplier’s qualifications to extend the resulting Master Agreement to Participating Public Agencies through OMNIA Partners. 3.2 Company A. Brief history and description of Supplier. B. Total number and location of sales persons employed by Supplier. C. Number and location of support centers (if applicable) and location of corporate office. Requirements for National Cooperative Contract Page 5 Requirements for National Cooperative Contract Page 6 OMNIA PARTNERS EXHIBITS EXHIBIT A- RESPONSE FOR NATIONAL COOPERATIVE CONTRACT D. Annual sales for the three previous fiscal years. E. Submit FEIN and Dunn & Bradstreet report. F. Describe any green or environmental initiatives or policies. G. Describe any diversity programs or partners supplier does business with and how Participating Agencies may use diverse partners through the Master Agreement. Indicate how, if at all, pricing changes when using the diversity program. H. Describe any historically underutilized business certifications supplier holds and the certifying agency. This may include business enterprises such as minority and women owned, small or disadvantaged, disable veterans, etc. I. Describe how supplier differentiates itself from its competitors. J. Describe any present or past litigation, bankruptcy or reorganization involving supplier. K. Felony Conviction Notice: Indicate if the supplier a. is a publicly held corporation and this reporting requirement is not applicable; b. is not owned or operated by anyone who has been convicted of a felony; or c. is owned or operated by and individual(s) who has been convicted of a felony and provide the names and convictions. L. Describe any debarment or suspension actions taken against supplier 3.3 Distribution, Logistics A. Describe the full line of products and services offered by supplier. B. Describe how supplier proposes to distribute the products/service nationwide. Include any states where products and services will not be offered under the Master Agreement, including U.S. Territories and Outlying Areas. C. Identify all other companies that will be involved in processing, handling or shipping the products/service to the end user. D. Provide the number, size and location of Supplier’s distribution facilities, warehouses and retail network as applicable. 3.4 Marketing and Sales A. Provide a detailed ninety-day plan beginning from award date of the Master Agreement describing the strategy to immediately implement the Master Agreement as supplier’s primary go to market strategy for Public Agencies to supplier’s teams nationwide, to include, but not limited to: i. Executive leadership endorsement and sponsorship of the award as the public sector go-to-market strategy within first 10 days ii. Training and education of Supplier’s national sales force with participation from the Supplier’s executive leadership, along with the OMNIA Partners team within first 90 days B. Provide a detailed ninety-day plan beginning from award date of the Master Agreement describing the strategy to market the Master Agreement to current Participating Public Agencies, existing Public Agency customers of Supplier, as well as to prospective Public Agencies nationwide immediately upon award, to include, but not limited to: i. Creation and distribution of a co-branded press release to trade publications ii. Announcement, contract details and contact information published on the Supplier’s website within first 90 days Requirements for National Cooperative Contract Page 7 OMNIA PARTNERS EXHIBITS EXHIBIT A- RESPONSE FOR NATIONAL COOPERATIVE CONTRACT iii. Design, publication and distribution of co-branded marketing materials within first 90 days iv. Commitment to attendance and participation with OMNIA Partners at national (i.e. NIGP Annual Forum, NPI Conference, etc.), regional (i.e. Regional NIGP Chapter Meetings, Regional Cooperative Summits, etc.) and supplier-specific trade shows, conferences and meetings throughout the term of the Master Agreement v. Commitment to attend, exhibit and participate at the NIGP Annual Forum in an area reserved by OMNIA Partners for partner suppliers. Booth space will be purchased and staffed by Supplier. In addition, Supplier commits to provide reasonable assistance to the overall promotion and marketing efforts for the NIGP Annual Forum, as directed by OMNIA Partners. vi. Design and publication of national and regional advertising in trade publications throughout the term of the Master Agreement vii. Ongoing marketing and promotion of the Master Agreement throughout its term (case studies, collateral pieces, presentations, promotions, etc.) viii. Dedicated OMNIA Partners internet web-based homepage on Supplier’s website with: x OMNIA Partners standard logo; x Copy of original Request for Proposal; x Copy of contract and amendments between Principal Procurement Agency and Supplier; x Summary of Products and pricing; x Marketing Materials x Electronic link to OMNIA Partners’ website including the online registration page; x A dedicated toll-free number and email address for OMNIA Partners C. Describe how Supplier will transition any existing Public Agency customers’ accounts to the Master Agreement available nationally through OMNIA Partners. Include a list of current cooperative contracts (regional and national) Supplier holds and describe how the Master Agreement will be positioned among the other cooperative agreements. D. Acknowledge Supplier agrees to provide its logo(s) to OMNIA Partners and agrees to provide permission for reproduction of such logo in marketing communications and promotions. Acknowledge that use of OMNIA Partners logo will require permission for reproduction, as well. E. Confirm Supplier will be proactive in direct sales of Supplier’s goods and services to Public Agencies nationwide and the timely follow up to leads established by OMNIA Partners. All sales materials are to use the OMNIA Partners logo. At a minimum, the Supplier’s sales initiatives should communicate: i. Master Agreement was competitively solicited and publicly awarded by a Principal Procurement Agency ii. Best government pricing iii. No cost to participate iv. Non-exclusive contract Requirements for National Cooperative Contract Page 8 OMNIA PARTNERS EXHIBITS EXHIBIT A- RESPONSE FOR NATIONAL COOPERATIVE CONTRACT F. Confirm Supplier will train its national sales force on the Master Agreement. At a minimum, sales training should include: i. Key features of Master Agreement ii. Working knowledge of the solicitation process iii. Awareness of the range of Public Agencies that can utilize the Master Agreement through OMNIA Partners iv. Knowledge of benefits of the use of cooperative contracts G. Provide the name, title, email and phone number for the person(s), who will be responsible for: i. Executive Support ii. Marketing iii. Sales iv. Sales Support v. Financial Reporting vi. Accounts Payable vii. Contracts H. Describe in detail how Supplier’s national sales force is structured, including contact information for the highest-level executive in charge of the sales team. I. Explain in detail how the sales teams will work with the OMNIA Partners team to implement, grow and service the national program. J. Explain in detail how Supplier will manage the overall national program throughout the term of the Master Agreement, including ongoing coordination of marketing and sales efforts, timely new Participating Public Agency account set-up, timely contract administration, etc. K. State the amount of Supplier’s Public Agency sales for the previous fiscal year. Provide a list of Supplier’s top 10 Public Agency customers, the total purchases for each for the previous fiscal year along with a key contact for each. L. Describe Supplier’s information systems capabilities and limitations regarding order management through receipt of payment, including description of multiple platforms that may be used for any of these functions. M. Provide the Contract Sales (as defined in Section 10 of the National Intergovernmental Purchasing Alliance Company Administration Agreement) that Supplier will guarantee each year under the Master Agreement for the initial three years of the Master Agreement (“Guaranteed Contract Sales”). $ .00 in year one $ .00 in year two $ .00 in year three To the extent Supplier guarantees minimum Contract Sales, the administration fee shall be calculated based on the greater of the actual Contract Sales and the Guaranteed Contract Sales. N. Even though it is anticipated many Public Agencies will be able to utilize the Master Agreement without further formal solicitation, there may be circumstances Requirements for National Cooperative Contract Page 9 OMNIA PARTNERS EXHIBITS EXHIBIT A- RESPONSE FOR NATIONAL COOPERATIVE CONTRACT where Public Agencies will issue their own solicitations. The following options are available when responding to a solicitation for Products covered under the Master Agreement. i. Respond with Master Agreement pricing (Contract Sales reported to OMNIA Partners). ii. If competitive conditions require pricing lower than the standard Master Agreement not-to-exceed pricing, Supplier may respond with lower pricing through the Master Agreement. If Supplier is awarded the contract, the sales are reported as Contract Sales to OMNIA Partners under the Master Agreement. iii. Respond with pricing higher than Master Agreement only in the unlikely event that the Public Agency refuses to utilize Master Agreement (Contract Sales are not reported to OMNIA Partners). iv. If alternative or multiple proposals are permitted, respond with pricing higher than Master Agreement, and include Master Agreement as the alternate or additional proposal. Detail Supplier’s strategies under these options when responding to a solicitation. OMNIA PARTNERS EXHIBITS EXHIBIT B- ADMINISTRATION AGREEMENT, EXAMPLE OMNIA P A R T N E R S ADMINISTRATION AGREEMENT THIS ADMINISTRATION AGREEMENT (this "Agreement") is made/this _ day of 20 _, between National Intergovernmental Purchasing Alliance Company, a Delaware corporation d/b/a OMNIA Partners, Public Sector ("OMNIA Partners, Public Sector"), and ("Supplier"). RECITALS WHEREAS, the (the "Principal Procurement Agency") has entered into a Master Agreement effective , Agreement No , by and between the Principal Procurement Agency and Supplier, (as may be amended from time to time in accordance with the terms thereof, the "Master Agreement"), as attached hereto as Exhibit A and incorporated herein by reference as thoughtfully set forth herein, for the purchase of (the "Pr`dUct"); WHEREAS, said Master Agreement provides that any or all public agencies, including state and local governmental entities, public and private primary, secondary and higher education entities, non-profit entities, and agencies for the public benefit (collectively, "Public Agencies"), that register (either via registration on the OMNIA Partners, Public Sector website or execution of a Master Intergovernmental Cooperative Purchasing Agreement, attached hereto as Exhibit B) (each, hereinafter referred ,to as a "Participating Public Agency") may purchase Product at prices stated in the Master Agr . ment; WHEREAS, Participating Public Agencies may access the Master Agreement which is offered through OMNIA Partners, Public Sector to Public Agencies; WHEREAS, OMNIA Partners, Public Sector serves as the contract administrator of the Master Adeement on behalf of Principal Procurement Agency; WHEREAS, Principal Procurement Agency desires OMNIA Partners, Public Sector to proceed with administration of the Master Agreement; and WHEREAS, OMNIA Partners, Public Sector and Supplier desire to enter into this Agreement to make available the Master Agreement to Participating Public Agencies and to set forth certain terms and conditions governing the relationship between OMNIA Partners, Public Sector and Supplier. NOW, THEREFORE, in consideration of the payments to be made hereunder and the mutual covenants contained in this Agreement, OMNIA Partners, Public Sector and Supplier hereby agree as follows: Requirements for National Cooperative Contract Page 10 DEFINITIONS 1. Capitalized terms used in this Agreement and not otherwise defined herein shall have the meanings given to them in the Master Agreement. TERMS AND CONDITIONS 2. The Master Agreement and the terms and conditions contained therein shall apply to this Agreement except as expressly changed or modified by this Agreement. Supplier acknowledges and agrees that the covenants and agreements of Supplier set forth in the solicitation and Supplier's response thereto resulting in the Master Agreement are incorporated herein and are an integral part hereof. 3. OMNIA Partners, Public Sector shall be afforded all of the rights, privileges and indemnifications afforded to Principal Procurement Agency by or from Supplier under the Master Agreement, and such rights, privileges and indemnifications shall accrue and apply with equal effect to OMNIA Partners, Public Sector, its agents, employees, directors; and representatives under this Agreement including, but not limited to, Supplier's obligation to obtain appropriate insurance. 4. OMNIA Partners, Public Sector shall perform all of its duties, responsibilities and obligations as contract administrator of the Master Agreement ori' behalf of Principal Procurement Agency as set forth herein, and Supplier hereby acknowledges and agrees that all duties, responsibilities and obligations will be undertaken by OMNIA Partners, Public Sector solely in its capacity as the contract administrator under the Master P greement. 5. With respect to any purchases by Principal Procurement Agency or any Participating Public Agency pursuant to the Master Agreement, OMNIA Partners, Public Sector shall not be: (i) construed as a dealer, re -marketer, representative, partner or agent of any type of the Supplier, Principal Procurement Agency or any Participating Public Agency; (ii) obligated, liable or responsible for any order for Product made by Principal Procurement Agency or any Participating Public Agency or any employee thereof under the Master Agreement or for any payment required to be made with respect to such order for Product; and (iii) obligated, liable or responsible for any failure by Principal Procurement Agency or any Participating Public Agency to comply with procedures or requirements of applicable law or the Master Agreement or to obtain the due authorization and approval "necessary to purchase under the Master Agreement. OMNIA Partners, Public Sector makes no representation or guaranty with respect to any minimum purchases by Principal Procurement Agency or any Participating Public Agency or any employee thereof under this Agreement or the Master Agreement. 6. OMNIA Partners, Public Sector shall not be responsible for Supplier's performance under the/Master Agreement, and Supplier shall hold OMNIA Partners, Public Sector harmless from any liability that may arise from the acts or omissions of Supplier in connection with the Master Agreement. 7. WITHOUT LIMITING THE GENERALITY OF THE FOREGOING, OMNIA PARTNERS, PUBLIC SECTOR EXPRESSLY DISCLAIMS ALL EXPRESS OR IMPLIED REPRESENTATIONS AND WARRANTIES REGARDING OMNIA PARTNERS, PUBLIC SECTOR' PERFORMANCE AS A CONTRACT ADMINISTRATOR OF THE MASTER AGREEMENT. OMNIA PARTNERS, PUBLIC SECTOR SHALL NOT BE LIABLE IN ANY WAY FOR ANY SPECIAL, INCIDENTAL, INDIRECT, CONSEQUENTIAL, EXEMPLARY, PUNITIVE, OR RELIANCE DAMAGES, EVEN IF OMNIA PARTNERS, PUBLIC SECTOR IS ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Requirements for National Cooperative Contract Page 11 TERM OF AGREEMENT; TERMINATION 8. This Agreement shall be in effect so long as the Master Agreement remains in effect, provided, however, that the provisions of Sections 3 — 8 and 12 — 23, hereof and the indemnifications afforded by the Supplier to OMNIA Partners, Public Sector in the Master Agreement, to the extent such provisions survive any expiration or termination of the Master Agreement, shall survive the expiration or termination of this Agreement. 9. Supplier's failure to maintain its covenants and commitments contained in this Agreement or any action of the Supplier which gives rise to a right by Principal Procurement Agency to terminate the Master Agreement shall constitute a material breach of this Agreement. If such breach is not cured within thirty (30) days of written notice to Supplier, in addition to any and all remedies available at law or equity, OMNIA Partners, Public Sector shall have the right to terminate this Agreement, at OMNIA Partners, Public Sector' sole discretion. Notwithstanding anything contained herein to the contrary, this Agreement shall terminate on the date of the termination or expiration of the Master Agreement. / NATIONAL PROMOTION 10. OMNIA Partners, Public Sector and Supplier shall publicize and promote the availability of the Master Agreement's products and services to Public Agencies and such agencies' employees. Supplier shall require each Public Agency to register its participation in the OMNIA Partners, Public Sector program by either registering on the OMNIA Partners, Public Sector website(www.omniar)artners.com/publicsector),_.or/executing a Master Intergovernmental Cooperative Purchasing Agreement prior to processing the Participating Public Agency's first sales order. Upon request, Supplier shall make available to interested Public Agencies a copy of the Master Agreement and such price lists or quotes as may be necessary for such Public Agencies to evaluate potential purchases. 11. Supplier shall provide such marketing and administrative support as set forth in the solicitation resulting in the Master Agreement, including assisting in development of marketing materials as reasonably requested by Principal Procurement Agency and OMNIA Partners, Public Sector. Supplier shall be responsible for obtaining permission or license of use and payment of any license fees for all content and images Supplier provides to OMNIA Partners, Public Sector or posts on the OMNIA Partners, Public Sector website. Supplier shall indemnify, defend and hold harmless OMNIA Partners, Public Sector for use of all such content and images including copyright infringement claims. Supplier and OMNIA Partners, Public Sector each hereby grant to the other party a limited, revocable, non -transferable, non-sublicensable right to use such party's logo (each, the "Logo") solely for use in marketing the Master Agreement. Each party shall provide the other party with the standard terms of use of such party's Logo, and such party shall comply with such terms in all material respects. Both parties shall obtain approval from the other party prior to use of such party's Logo. Notwithstanding the foregoing, the parties understand and agree that except as provided herein neither party shall have any right, title or interest in the other party's Logo. Upon termination of this Agreement, each party shall immediately cease use of the other party's Logo. ADMINISTRATIVE FEE, REPORTING & PAYMENT 12. An "Administrative Fee" shall be defined and due to OMNIA Partners, Public Sector from Supplier in the amount of percent ( %) ("Administrative Fee Percentage") multiplied by the total purchase amount paid to Supplier, less refunds, credits on returns, rebates and discounts, for the sale of products and/or services to Principal Procurement Agency and Participating Public Agencies pursuant to the Master Agreement (as amended from time to time and including any renewal thereof) ("Contract Sales"). From time to time the parties may mutually agree in writing to a Requirements for National Cooperative Contract Page 12 lower Administrative Fee Percentage for a specifically identified Participating Public Agency's Contract Sales. 13. Supplier shall provide OMNIA Partners, Public Sector with an electronic accounting report monthly, in the format prescribed by OMNIA Partners, Public Sector, summarizing all Contract Sales for each calendar month. The Contract Sales reporting format is provided as Exhibit C ("Contract Sales Report"), attached hereto and incorporated herein by reference. Contract Sales Reports for each calendar month shall be provided by Supplier to OMNIA Partners, Public Sector by the 10th day of the following month. Failure to provide a Contract Sales Report within the time and manner specified herein shall constitute a material breach of this Agreement and if not cured within thirty (30) days of written notice to Supplier shall be deemed a cause for termination of the Master Agreement, at Principal Procurement Agency's sole discretion, and/or this Agreement, at OMNIA Partners, Public Sector' sole discretion. 14. Administrative Fee payments are to be paid by Supplier to OMNIA Partners, Public Sector at the frequency and on the due date stated in Section 13, above, for Supplioir's submission of corresponding Contract Sales Reports. Administrative Fee payments are to be made via Automated Clearing House (ACH) to the OMNIA Partners, Public Sector designated financial institution identified in Exhibit D. Failure to provide a payment of the Administrative Fee within the time and manner specified herein shall constitute a material breach of this Agreement and if not cured within thirty (30) days of written notice to Supplier shall be deemed a cause for termination of the Master Agreement, at Principal Procurement Agency's sole discretion,,and/or this Agreement, at OMNIA Partners, Public Sector' sole discretion. All Administrative Fees -not paid when due shall bear interest at a rate equal to the lesser of one and one-half percent (1 1/2%) per month or the maximum rate permitted by law until paid in full. i 15. Supplier shall maintain an accounting/ of all purchases made by Participating Public Agencies under the Master Agreement. OMNIA Partners, Public Sector, or its designee, in OMNIA Partners, Public Sector' sole discretion, reserves the right to compare Participating Public Agency records with Contract Sales Reports submitted by Supplier for a period of four (4) years from the date OMNIA Partners, Public Sector receives such report. In addition, OMNIA Partners, Public Sector may engage a third party to conduct an independent audit of Supplier's monthly reports. In the event of such an audit, Supplier shall provide all materials reasonably requested relating to such audit by OMNIA Partners, Public Sector at the location designated by OMNIA Partners, Public Sector. In the event an underreporting of Contract Sales and a resulting underpayment of Administrative Fees is revealed, OMNIA Partners, Public Sector will notify the Supplier in writing. Supplier will have thirty (30j days from the date of such notice to resolve the discrepancy to OMNIA Partners, Public Sector%`reasonable satisfaction, including payment of any Administrative Fees due and owing, together with interest thereon in accordance with Section 13, and reimbursement of OMNIA Partners, Public Sector' costs and expenses related to such audit. GENERAL PROVISIONS 16. This Agreement, the Master Agreement and the exhibits referenced herein supersede any and all other agreements, either oral or in writing, between the parties hereto with respect to the subject matter hereto and no other agreement, statement, or promise relating to the subject matter of this Agreement which is not contained or incorporated herein shall be valid or binding. In the event of any conflict between the provisions of this Agreement and the Master Agreement, as between OMNIA Partners, Public Sector and Supplier, the provisions of this Agreement shall prevail. 17. If any action at law or in equity is brought to enforce or interpret the provisions of this Agreement or to recover any Administrative Fee and accrued interest, the prevailing party shall Requirements for National Cooperative Contract Page 13 be entitled to reasonable attorney's fees and costs in addition to any other relief to which it may be entitled. 18. This Agreement and OMNIA Partners, Public Sector' rights and obligations hereunder may be assigned at OMNIA Partners, Public Sector' sole discretion to an affiliate of OMNIA Partners, Public Sector, any purchaser of any or all or substantially all of the assets of OMNIA Partners, Public Sector, or the successor entity as a result of a merger, reorganization, consolidation, conversion or change of control, whether by operation of law or otherwise. Supplier may not assign its obligations hereunder without the prior written consent of OMNIA Partners, Public Sector. 19. All written communications given hereunder shall be delivered by first-class mail, postage prepaid, or overnight delivery on receipt to the addresses as set forth below. A. OMNIA Partners, Public Sector: li OMNIA Partners, Public Sector Attn: President 840 Crescent Centre Drive Suite 600 Franklin, TN 37067 B. Supplier: J f rl km 20. If any provision of this Agreement shall be deemed to be, or shall in fact be, illegal, inoperative or unenforceable, the same shall not affect any other provision or provisions herein contained or render the same invalid, inoperative or unenforceable to any extent whatever, and this Agreement will be construed by limiting or invalidating such provision to the minimum extent necessary to make such provision valid, legal and enforceable. 21. This Agreement may not be amended, changed, modified, or altered without the prior written consent of the parties hereto, and no provision of this Agreement may be discharged or waived, except 6y a writing signed by the parties. A waiver of any particular provision will not be deemed a waiver of any other provision, nor will a waiver given on one occasion be deemed to apply to any other dccasion. 22. This Agreement shall inure to the benefit of and shall be binding upon OMNIA Partners, Public Sector, the Supplier and any respective successor and assign thereto; subject, however, to the limitations contained herein. 23. This Agreement will be construed under and governed by the laws of the State of Delaware, excluding its conflicts of law provisions and any action arising out of or related to this Agreement shall be commenced solely and exclusively in the state or federal courts in Williamson County Tennessee. Requirements for National Cooperative Contract Page 14 24. This Agreement may be executed in counterparts, each of which is an original but all of which, together, shall constitute but one and the same instrument. The exchange of copies of this Agreement and of signature pages by facsimile, or by .pdf or similar electronic transmission, will constitute effective execution and delivery of this Agreement as to the parties and may be used in lieu of the original Agreement for all purposes. Signatures of the parties transmitted by facsimile, or by pdf or similar electronic transmission, will be deemed to be their original signatures for any purpose whatsoever. [INSERT SUPPLIER ENTITY NAME] Name f a Title t) Q i hq Date �— OMNIA PARTNERS, PUBLIC SECTOR Signature Sarah Vavra Name Sr. Vice President, Public Sector Contracting Title Date i j Requirements for National Cooperative Contract Page 15 OMNIA PARTNERS EXHIBITS EXHIBIT C –MASTER INTERGOVERNMENTAL COOPERATIVE PURCHASING AGREEMENT, EXAMPLE MASTER INTERGOVERNMENTAL COOPERATIVE PURCHASING AGREEMENT This Master Intergovernmental Cooperative Purchasing Agreement (this “Agreement”)is entered into by and between those certain government agencies that execute a Principal Procurement Agency Certificate (“Principal Procurement Agencies”)with National Intergovernmental Purchasing Alliance Company, a Delaware corporation d/b/a OMNIA Partners, Public Sector and/or Communities Program Management, LLC, a California limited liability company d/b/a U.S. Communities (collectively,“OMNIA Partners, Public Sector”) to be appended and made a part hereof and such other public agencies (“Participating Public Agencies”)who register to participate in the cooperative purchasing programs administered by OMNIA Partners, Public Sector and its affiliates and subsidiaries (collectively, the “OMNIA Partners Parties”)by either registering on the OMNIA Partners, Public Sector website (www.omniapartners.com/publicsector or any successor website), or by executing a copy of this Agreement. RECITALS WHEREAS, after a competitive solicitation and selection process by Principal Procurement Agencies, in compliance with their own policies, procedures, rules and regulations, a number of suppliers have entered into “Master Agreements”(herein so called) to provide a variety of goods, products and services (“Products”) to the applicable Principal Procurement Agency and the Participating Public Agencies; WHEREAS, Master Agreements are made available by Principal Procurement Agencies through the OMNIA Partners Parties and provide that Participating Public Agencies may purchase Products on the same terms, conditions and pricing as the Principal Procurement Agency, subject to any applicable federal and/or local purchasing ordinances and the laws of the State of purchase; and WHEREAS, in addition to Master Agreements, the OMNIA Partners Parties may from time to time offer Participating Public Agencies the opportunity to acquire Products through other group purchasing agreements. NOW, THEREFORE, in consideration of the mutual promises contained in this Agreement, and of the mutual benefits to result, the parties hereby agree as follows: 1. Each party will facilitate the cooperative procurement of Products. 2. The Participating Public Agencies shall procure Products in accordance with and subject to the relevant federal, state and local statutes, ordinances, rules and regulations that govern Participating Public Agency’s procurement practices. The Participating Public Agencies hereby acknowledge and agree that it is the intent of the parties that all provisions of this Agreement and that Principal Procurement Agencies’participation in the program described herein comply with all applicable laws, including but not limited to the requirements of 42 C.F.R. § 1001.952(h), as may be amended from time to time. The Participating Public Agencies further acknowledge and agree that they are solely responsible for their compliance with all applicable “safe harbor”regulations, including but not limited to any and all obligations to fully and accurately report discounts and incentives. /053&26*3&% 3. The Participating Public Agency represents and warrants that the Participating Public Agency is not a hospital or other healthcare provider and is not purchasing Products on behalf of a hospital or healthcare provider. 4. The cooperative use of Master Agreements shall be in accordance with the terms and conditions of the Master Agreements, except as modification of those terms and conditions is otherwise required by applicable federal, state or local law, policies or procedures. 5. The Principal Procurement Agencies will make available, upon reasonable request, Master Agreement information which may assist in improving the procurement of Products by the Participating Public Agencies. 6. The Participating Public Agency agrees the OMNIA Partners Parties may provide access to group purchasing organization (“GPO”) agreements directly or indirectly by enrolling the Participating Public Agency in another GPO’s purchasing program, including but not limited to Vizient Source, LLC, Provista, Inc. and other OMNIA Partners, Public Sector affiliates and subsidiaries; provided the purchase of Products through the OMNIA Partners Parties or any other GPO shall be at the Participating Public Agency’s sole discretion. 7. The Participating Public Agencies (each a “Procuring Party”) that procure Products through any Master Agreement or GPO Product supply agreement (each a “GPO Contract”) will make timely payments to the distributor, manufacturer or other vendor (collectively, “Supplier”) for Products received in accordance with the terms and conditions of the Master Agreement or GPO Contract, as applicable. Payment for Products and inspections and acceptance of Products ordered by the Procuring Party shall be the exclusive obligation of such Procuring Party. Disputes between Procuring Party and any Supplier shall be resolved in accordance with the law and venue rules of the State of purchase unless otherwise agreed to by the Procuring Party and Supplier. 8. The Procuring Party shall not use this Agreement as a method for obtaining additional concessions or reduced prices for purchase of similar products or services outside of the Master Agreement. Master Agreements may be structured with not-to-exceed pricing, in which cases the Supplier may offer the Procuring Party and the Procuring Party may accept lower pricing or additional concessions for purchase of Products through a Master Agreement. 9. The Procuring Party shall be responsible for the ordering of Products under this Agreement. A non-procuring party shall not be liable in any fashion for any violation by a Procuring Party, and, to the extent permitted by applicable law, the Procuring Party shall hold non-procuring party harmless from any liability that may arise from the acts or omissions of the Procuring Party. 10. WITHOUT LIMITING THE GENERALITY OF THE FOREGOING, THE OMNIA PARTNERS PARTIES EXPRESSLY DISCLAIM ALL EXPRESS OR IMPLIED REPRESENTATIONS AND WARRANTIES REGARDING ANY PRODUCT, MASTER AGREEMENT AND GPO CONTRACT. THE OMNIA PARTNERS PARTIES SHALL NOT BE LIABLE IN ANY WAY FOR ANY SPECIAL, INCIDENTAL, INDIRECT, CONSEQUENTIAL, EXEMPLARY, PUNITIVE, OR RELIANCE DAMAGES, EVEN IF THE OMNIA PARTNERS PARTIES ARE ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. FURTHER, THE PROCURING PARTY ACKNOWLEDGES AND AGREES THAT THE OMNIA PARTNERS PARTIES SHALL HAVE NO LIABILITY FOR ANY ACT OR OMISSION BY A SUPPLIER OR OTHER PARTY UNDER A MASTER AGREEMENT OR GPO CONTRACT. 11. This Agreement shall remain in effect until termination by either party giving thirty (30) days’ written notice to the other party. The provisions of Paragraphs 6 - 10 hereof shall survive any such termination. 12. This Agreement shall take effect upon (i) execution of the Principal Procurement Agency Certificate, or (ii) registration on the OMNIA Partners, Public Sector website or the execution of this Agreement by a Participating Public Agency, as applicable. OMNIA PARTNERS, PUBLIC SECTOR Authorized Signature Signature Sarah E. Vavra Name Name Sr. Vice President, Public Sector Contracting Title and Agency Name Title Date Date OMNIA PARTNERS EXHIBITS EXHIBIT D –OMNIA PARTNERS PRINCIPAL PROCUREMENT AGENCY CERTIFICATE, EXAMPLE PRINCIPAL PROCUREMENT AGENCY CERTIFICATE In its capacity as a Principal Procurement Agency (as defined below) for National Intergovernmental Purchasing Alliance Company, a Delaware corporation d/b/a OMNIA Partners, Public Sector (“OMNIA Partners, Public Sector”),[NAME OF PPA] agrees to pursue Master Agreements for Products as specified in the attached Exhibits to this Principal Procurement Agency Certificate. I hereby acknowledge, in my capacity as of and on behalf of [NAME OF PPA](“Principal Procurement Agency”),that I have read and hereby agree to the general terms and conditions set forth in the attached Master Intergovernmental Cooperative Purchasing Agreement regulating the use of the Master Agreements and purchase of Products that from time to time are made available by Principal Procurement Agencies to Participating Public Agencies nationwide through OMNIA Partners, Public Sector. I understand that the purchase of one or more Products under the provisions of the Master Intergovernmental Cooperative Purchasing Agreement is at the sole and complete discretion of the Participating Public Agency. Authorized Signature, [PRINCIPAL PROCUREMENT AGENCY] Signature Name Title Date /053&26*3&% OMNIA PARTNERS EXHIBITS EXHIBIT E – OMNIA PARTNERS CONTRACT SALES REPORTING TEMPLATE OMNIA PARTNERS EXHIBITS EXHIBIT C - CONTRACT SALES REPORTING TEMPLATE (to be submitted electronically in Microsoft Excel format) OMNIA Partners Contract Sales Monthly Report Supplier Name: Sterling Infosystems, Inc. dba Sterling Contract Sales Report Month: Contract ID: Supplier Reporting Contact: Title: Phone: Email: Participating Agency Name Address City State Zip Code Participating Agency # {Assigned by National IPA and provided to Supplier} Transaction Date (Date of Sale) Contract Sales for Month ($) Admin Fee % Admin Fee $ Report Totals Cumulative Contract Sales OMNIA PARTNERS EXHIBITS EXHIBIT F- FEDERAL FUNDS CERTIFICATIONS FEDERAL CERTIFICATIONS ADDENDUM FOR AGREEMENT FUNDED BY U.S. FEDERAL GRANT TO WHOM IT MAY CONCERN: Participating Agencies may elect to use federal funds to purchase under the Master Agreement. This form should be completed and returned. DEFINITIONS Contract means a legal instrument by which a non —Federal entity purchases property or services needed to carry out the project or program under a Federal award. The term as used in this part does not include a legal instrument, even if the non —Federal entity considers it a contract, when the substance of the transaction meets the definition of a Federal award or subaward Contractor means an entity that receives a contract as defined in Contract. Cooperative agreement means a legal instrument of financial assistance between a Federal awarding agency or pass -through entity and a non —Federal entity that, consistent with 31 U.S.C. 6302-6305: (a) Is used to enter into a relationship the principal purpose of which is to transfer anything of value from the Federal awarding agency or pass -through entity to the non —Federal entity to carry out a public purpose authorized by a law of the United States (see 31 U.S,C. 6101(3)); and not to acquire property or services for the Federal government or pass -through entity's direct benefit or use; (b) Is distinguished from a grant in that it provides for substantial involvement between the Federal awarding agency or pass -through entity and the non —Federal entity in carrying out the activity contemplated by the Federal award. (c) The term does not include: (1) A cooperative research and development agreement as defined in 15 U.S.C. 3710a; or (2) An agreement that provides only: (i) Direct United States Government cash assistance to an individual; (ii) A subsidy; (iii) A loan; (iv) A loan guarantee; or (v) Insurance. Federal awarding agency means the Federal agency that provides a Federal award directly to a non —Federal entity Federal award has the meaning, depending on the context, in either paragraph (a) or (b) of this section: (a)(1) The Federal financial assistance that a non —Federal entity receives directly from a Federal awarding agency or indirectly from a pass -through entity, as described in § 200.101 Applicability; or (2) The cost -reimbursement contract under the Federal Acquisition Regulations that a non —Federal entity receives directly from a Federal awarding agency or indirectly from a pass -through entity, as described in § 200.101 Applicability. (b) The instrument setting forth the terms and conditions. The instrument is the grant agreement, cooperative agreement, other agreement for assistance covered in paragraph (b) of § 200.40 Federal financial assistance, or the cost - reimbursement contract awarded under the Federal Acquisition Regulations. (c) Federal award does not include other contracts that a Federal agency uses to buy goods or services from a contractor or a contract to operate Federal government owned, contractor operated facilities (GOCOs). (d) See also definitions of Federal financial assistance, grant agreement, and cooperative agreement. Non —Federal entity means a state, local government, Indian tribe, institution of higher education (IHE), or nonprofit organization that carries out a Federal award as a recipient or subrecipient. Nonprofit organization means any corporation, trust, association, cooperative, or other organization, not including IHEs, that: (a) Is operated primarily for scientific, educational, service, charitable, or similar purposes in the public interest; (b) Is not organized primarily for profit; and (c) Uses net proceeds to maintain, improve, or expand the operations of the organization. Obligations means, when used in connection with a non —Federal entity's utilization of funds under a Federal award, orders placed for property and services, contracts and subawards made, and similar transactions during a given period that require payment by the non —Federal entity during the same or a future period. Pass -through entity means a non —Federal entity that provides a subaward to a subrecipient to carry out part of a Federal program. Recipient means a non —Federal entity that receives a Federal award directly from a Federal awarding agency to carry out an activity under a Federal program. The term recipient does not include subrecipients. Simplified acquisition threshold means the dollar amount below which a non —Federal entity may purchase property or services using small purchase methods. Non —Federal entities adopt small purchase procedures in order to expedite the purchase of items costing less than the simplified acquisition threshold. The simplified acquisition threshold is set by the Federal Acquisition Regulation at 48 CFR Subpart 2.1 (Definitions) and in accordance with 41 U.S.C. 1908. As of the publication of this part, the simplified acquisition threshold is $150,000, but this threshold is periodically adjusted for inflation. (Also see definition of § 200.67 Micro -purchase.) Subaward means an award provided by a pass -through entity to a subrecipient for the subrecipient to carry out part of a Federal award received by the pass -through entity. It does not include payments to a contractor or payments to an individual that is a beneficiary of a Federal program. A subaward may be provided through any form of legal agreement, including an agreement that the pass -through entity considers a contract. Subrecipient means a non —Federal entity that receives a subaward from a pass -through entity to carry out part of a Federal program; but does not include an individual that is a beneficiary of such program. A subrecipient may also be a recipient of other Federal awards directly from a Federal awarding agency. Termination means the ending of a Federal award, in whole or in part at any time prior to the planned end of period of performance. The following certifications and provisions may be required and apply when Participating Agency expends federal funds for any purchase resulting from this procurement process. Pursuant to 2 C.F.R. § 200.326, all contracts, including small purchases, awarded by the Participating Agency and the Participating Agency's subcontractors shall contain the procurement provisions of Appendix I I to Part 200, as applicable. APPENDIX II TO 2 CFR PART 200 (A) Contracts for more than the simplified acquisition threshold currently set at $150,000, which is the inflation adjusted amount determined by the Civilian Agency Acquisition Council and the Defense Acquisition Regulations Council (Councils) as authorized by 41 U.S.C. 1908, must address administrative, contractual, or legal remedies in instances where contractors violate or breach contract terms, and provide for such sanctions and penalties as appropriate. Pursuant to Federal Rule (A) above, when a Participating Agency expends federal funds, the Participating Agency reserves all rights and privileges under the applicable laws and regulations with respect to this procurement in the event of breach of contract by either party. J.- Does offeror agree? YESInitials of Authorized Representative of offeror (B) Termination for cause and for convenience by the grantee or subgrantee including the manner by which it will be effected and the basis for settlement. (All contracts in excess of $10,000) Pursuant to Federal Rule (B) above, when a Participating Agency expends federal funds, the Participating Agency reserves the right to immediately terminate any agreement in excess of $10,000 resulting from this procurement process in the event of a breach or default of the agreemeqt9by,0fferor as detailed in the terms of the contract. Does offeror agree? YES At Initials of Authorized Representative of offeror (C) Equal Employment Opportunity. Except as otherwise provided under 41 CFR Part 60, all contracts that meet the definition of "federally assisted construction contract" in 41 CFR Part 60.1.3 must include the equal opportunity clause provided under 41 CFR 60-1.4(b), in accordance with Executive Order 11246, "Equal Employment Opportunity" (30 CFR 12319, 12935, 3 CFR Part,1964-1965 Comp., p. 339), as amended by Executive Order 11375, "Amending Executive Order 11246 Relating to Equal Employment Opportunity," and implementing regulations at 41 CFR part 60, "Office of Federal Contract Compliance Programs, Equal Employment Opportunity, Department of Labor." Pursuant to Federal Rule (C) above, when a Participating Agency expends federal funds on any federally assisted construction contract, the equal opportunity clause is incorporated � eference herein. Does offeror agree to abide by the above? YES Initials of Authorized Representative of offeror (D) Davis -Bacon Act, as amended (40 U.S.C. 3141-3148). When required by Federal program legislation, all prime construction contracts in excess of $2,000 awarded by non -Federal entities must include a provision for compliance with the Davis -Bacon Act (40 U.S.C. 3141-3144, and 3146.3148) as supplemented by Department of Labor regulations (29 CFR Part 5, "Labor Standards Provisions Applicable to Contracts Covering Federally Financed and Assisted Construction"). In accordance with the statute, contractors must be required to pay debarred, suspended, or otherwise excluded by agencies, as well as parties declared ineligible under statutory or regulatory authority other than Executive Order 12549. Pursuant to Federal Rule (H) above, when federal funds are expended by Participating Agency, the offeror certifies that during the term of an award for all contracts by Participating Agency resulting from this procurement process, the offeror certifies that neither it nor its principals is presently debarred, suspended, proposed for debarment, declared ineligible, or voluntarily excluded from participation by any federal department or agency. If at any time during the term of an award the offeror or its principals becomes debarred, suspended, proposed for debarment, declared ineligible, or voluntarily excluded from participation by any federal department or agency, the offeror will notify the Participating Agency. Does offeror agree? YES Initials of Authorized Representative of offeror (1) Byrd Anti -Lobbying Amendment (31 U.S.C. 1352)—Contractors that apply or bid for an award exceeding $100,000 must file the required certification. Each tier certifies to the tier above that it will not and has not used Federal appropriated funds to pay any person or organization for influencing or attempting to influence an officer or employee of any agency, a member of Congress, officer or employee of Congress, or an employee of a member of Congress in connection with obtaining any Federal contract, grant or any other award covered by 31 U.S.C. 1352. Each tier must also disclose any lobbying with non -Federal funds that takes place in connection with obtaining any Federal award. Such disclosures are forwarded from tier to tier up to the non -Federal award. Pursuant to Federal Rule (1) above, when federal funds are expended by Participating Agency, the offeror certifies that during the term and after the awarded term of an award for all contracts by Participating Agency resulting from this procurement process, the offeror certifies that it is in compliance with all applicable provisions of the Byrd Anti -Lobbying Amendment (31 U.S.C.1352). The undersigned further certifies that: (1) No Federal appropriated funds have been paid or will be paid for on behalf of the undersigned, to any person for influencing or attempting to influence an officer or employee of any agency, a Member of Congress, an officer or employee of congress, or an employee of a Member of Congress in connection with the awarding of a Federal contract, the making of a Federal grant, the making of a Federal loan, the entering into a cooperative agreement, and the extension, continuation, renewal, amendment, or modification of a Federal contract, grant, loan, or cooperative agreement. (2) If any funds other than Federal appropriated funds have been paid or will be paid to any person for influencing or attempting to influence an officer or employee of any agency, a Member of Congress, an officer or employee of congress, or an employee of a Member of Congress in connection with this Federal grant or cooperative agreement, the undersigned shall complete and submit Standard Form-LLL, "Disclosure Form to Report Lobbying", in accordance with its instructions. (3) The undersigned shall require that the language of this certification be included in the award documents for all covered sub -awards exceeding $100,000 in Federal funds at all appropriate tiers and that all subrecipients shall certify and disclose accordingly. Does offeror agree? YES 1 LY Initials of Authorized Representative of offeror RECORD RETENTION REQUIREMENTS FOR CONTRACTS INVOLVING FEDERAL FUNDS When federal funds are expended by Participating Agency for any contract resulting from this procurement process, offeror certifies that it will comply with the record retention requirements detailed in 2 CFR § 200,333. The offeror further certifies that offeror will retain all records as required by 2 CFR § 200.333 for a period of three years after grantees or subgrantees submit final expenditure reports oA quarterly or annual financial reports, as applicable, and all other pending matters are closed. Does offeror agree? YES Initials of Authorized Representative of offeror CERTIFICATION OF COMPLIANCE WITH THE ENERGY POLICY AND CONSERVATION ACT When Participating Agency expends federal funds for any contract resulting from this procurement process, offeror certifies that it will comply with the mandatory standards and policies relating to energy efficiency which are contained in the state energy conservation plan issued in compliance with the Energy Policy and Conservation Act (42 U.S.C. 6321 et seq.; 49 C.F.R. Part 18). Does offeror agree? YES Initials of Authorized Representative of offeror CERTIFICATION OF COMPLIANCE WITH BUYAMERICA PROVISIONS To the extent purchases are made with Federal Highway Administration, Federal Railroad Administration, or Federal Transit Administration funds, offeror certifies that its products comply with all applicable provisions of the Buy America Act and agrees to provide such certification or applicable waiver with respect to specific products to any Participating Agency upon request. Purchases made in accordance with the Buy America Act must still follow the applicable procurement rules calling for free and open competition. Does offeror agree? YE Initials of Authorized Representative of offeror CERTIFICATION OF ACCESS TO RECORDS— 2 C.F.R. § 200.336 Offeror agrees that the Inspector General of the Agency or any of their duly authorized representatives shall have access to any documents, papers, or other records of offeror that are pertinent to offeror's discharge of its obligations under the Contract for the purpose of making audits, examinations, excerpts, and transcriptions. The right also includes timely and reasonable access to offeror's personnel for the purpose of interview and discussion relating to such documents. Does offeror agree? YE Initials of Authorized Representative of offeror CERTIFICATION OF APPLICABILITYTO SUBCONTRACTORS Offeror agrees that all contracts it awards pursuant to the Contract shall be bound by the foregoing terms and conditions. Does offeror agree? YE�A2 Initials of Authorized Representative of offeror Offeror agrees to comply with all federal, state, and local laws, rules, regulations and ordinances, as applicable. It is further acknowledged that offeror certifies compliance with all provisions, laws, acts, regulations, etc. as specifically noted above. Offeror's Name: Sterling Infos stems Inc. dba Sterling Address, City, State, an ip Code: 1 State St. Plaza 241" Floor. New York NY 10004 Phone Number��;`�4d'r/ Fax Number: � -- Printed Name and Title of Representative: Email Address: A-116. �kCFJG /gqc 'lug (A c Signature of Authorized Representafivd: 14,11�.. UL-tJ' Date: OMNIA PARTNERS EXHIBITS EXHIBIT G- NEW JERSEY BUSINESS COMPLIANCE DOC #1 OWNERSHIP DISCLOSURE FORM (N.J.S. 52:25-24.2) Pursuant to the requirements of P.L. 1999, Chapter 440 effective April 17, 2000 (Local Public Contracts Law), the offeror shall complete the form attached to these specifications listing the persons owning 10 percent (10%) or more of the firm presenting the proposal. Company Name: Sterling Infosystems. Inc. dba Sterling Street: 1 State St. Plaza, 2411 Floor City, State, Zip Code: New York, NY 10004 1 _ certify that l am the sole owner of that there are no partners and the business is not incorporated, and the provisions of N.J.S. 52:25-24.2 do not apply. OR: 1 a partner in do hereby certify that the following is a list of all individual partners who own a 10% or greater interest therein. I further certify that if one (1) or more of the partners is itself a corporation or partnership, there is also set forth the names and addresses of the stockholders holding 10% or more of that corporation's stock or the individual partners owning 10% or greater interest in that partnership. I _ an authorized representative of Sterlin lnfos stems Inc.1 dba Sterlin a corporation, do hereby certify that the following is a list of the names and addresses of all stockholders in the corporation who own 10% or more of its stock of any class. 1 further certify that if one (1) or more of such stockholders is itself a corporation or partnership, that there is also set forth the names and addresses of the stockholders holding 10% or more of the corporation's stock or the individual partners owning a 10% or greater interest in that partnership. Note: If there are no partners or stockholders owning 10% or more interest indicate none. Name Address Interest Majority owned by Goldman Sachs and affiliated investors. 1 further certify that the statements and information contained herein, are complete and correct to the best of my knowledge and belief. V-D Date Authorrzek ignature and Title DOC #4 OMNIA PARTNERS EXHIBITS EXHIBIT G- NEW JERSEY BUSINESS COMPLIANCE C. 271 POLITICAL CONTRIBUTION DISCLOSURE FORM Public Agency Instructions This page provides guidance to public agencies entering into contracts with business entities that are required to file Political Contribution Disclosure forms with the agency. It is not intended to be provided to contractors. What follows are instructions on the use of form local units can provide to contractors that are required to disclose political contributions pursuant to N.J.S.A. 19:44A-20.26 (P.L. 2005, c. 271, s.2). Additional information on the process is available in Local Finance Notice 2006-1 {htt ://www.n'.�ov/dca/divisions/dl s/resources/lfns 2006.htm1). Please refer back to these instructions for the appropriate links, as the Local Finance Notices include links that are no longer operational. 1. The disclosure is required for all contracts in excess of $17,500 that are not awarded pursuant to a "fair and open" process (N.J.S.A. 19:44A-20.7). 2. Due to the potential length of some contractor submissions, the public agency should consider allowing data to be submitted in electronic form (i.e., spreadsheet, pdf file, etc.). Submissions must be kept with the contract documents or in an appropriate computer file and be available for public access. The form is worded to accept this alternate submission. The text should be amended if electronic submission will not be allowed. 3. The submission must be received from the contractor and on file at least 10 days prior to award of the contract. Resolutions of award should reflect that the disclosure has been received and is on file. 4. The contractor must disclose contributions made to candidate and party committees covering a wide range of public agencies, including all public agencies that have elected officials in the county of the public agency, state legislative positions, and various state entities. The Division of Local Government Services recommends that contractors be provided a list of the affected agencies. This will assist contractors in determining the campaign and political committees of the officials and candidates affected by the disclosure. a. The Division has prepared model disclosure forms for each county. They can be downloaded from the "County PCD Forms" link on the Pay -to -Play web site at ham://www.ni.gov/dca/divisions/dlcs/programs/lpcl.htnl#12. They will be updated from time -to -time as necessary. b. A public agency using these forms should edit them to properly reflect the correct legislative district(s). As the forms are county -based, they list all legislative districts in each county. Districts that do not represent the public agency should be removed from the lists. c. Some contractors may find it easier to provide a single list that covers all contributions, regardless of the county. These submissions are appropriate and should be accepted. d. The form may be used "as -is", subject to edits as described herein. e. The "Contractor Instructions" sheet is intended to be provided with the form. It is recommended that the Instructions and the form be printed on the same piece of paper. The form notes that the Instructions are printed on the back of the form; where that is not the case, the text should be edited accordingly. f. The form is a Word document and can be edited to meet local needs, and posted for download on web sites, used as an e-mail attachment, or provided as a printed document. It is recommended that the contractor also complete a "Stockholder Disclosure Certification." This will assist the local unit in its obligation to ensure that contractor did not make any prohibited contributions to the committees listed on the Business Entity Disclosure Certification in the 12 months prior to the contract (See Local Finance Notice 2006-7 for additional information on this obligation at http://www.ni.gov/dca/divisions/dlizs/resources/Ifns 2006.html). A sample Certification form is part of this package and the instruction to complete it is included in the Contractor Instructions. NOTE: This section is not applicable to Boards of Education. OMNIA PARTNERS EXHIBITS EXHIBIT G- NEW JERSEY BUSINESS COMPLIANCE Doc #4, continued C. 271 POLITICAL CONTRIBUTION DISCLOSURE FORM Contractor Instructions Business entities (contractors) receiving contracts from a public agency that are NOT awarded pursuant to a "fair and open" process (defined at N.J.S.A. 19:44A-20.7) are subject to the provisions of P.L. 2005, c. 271, s.2 (N.J.S.A. 19:44A-20.26). This law provides that 10 days prior to the award of such a contract, the contractor shall disclose contributions to: • any State, county, or municipal committee of a political party • any legislative leadership committee* • any continuing political committee (a.k.a., political action committee) • any candidate committee of a candidate for, or holder of, an elective office: 0 of the public entity awarding the contract 0 of that county in which that public entity is located 0 of another public entity within that county 0 or of a legislative district in which that public entity is located or, when the public entity is a county, of any legislative district which includes all or part of the county The disclosure must list reportable contributions to any of the committees that exceed $300 per election cycle that were made during the 12 months prior to award of the contract. See N.J.S.A. 19:44A-8 and 19:44A-16 for more details on reportable contributions. N.J.S.A. 19:44A-20.26 itemizes the parties from whom contributions must be disclosed when a business entity is not a natural person. This includes the following: • individuals with an "interest" ownership or control of more than 10% of the profits or assets of a business entity or 10% of the stock in the case of a business entity that is a corporation for profit • all principals, partners, officers, or directors of the business entity or their spouses • any subsidiaries directly or indirectly controlled by the business entity • IRS Code Section 527 New Jersey based organizations, directly or indirectly controlled by the business entity and filing as continuing political committees, (PACs). When the business entity is a natural person, "a contribution by that person's spouse or child, residing therewith, shall be deemed to be a contribution by the business entity." N.J.S.A. 19:44A-20.26(b)] The contributor must be listed on the disclosure. Any business entity that fails to comply with the disclosure provisions shall be subject to a fine imposed by ELEC in an amount to be determined by the Commission which may be based upon the amount that the business entity failed to report. The enclosed list of agencies is provided to assist the contractor in identifying those public agencies whose elected official and/or candidate campaign committees are affected by the disclosure requirement. It is the contractor's responsibility to identify the specific committees to which contributions may have been made and need to be disclosed. The disclosed information may exceed the minimum requirement. The enclosed form, a content -consistent facsimile, or an electronic data file containing the required details (along with a signed cover sheet) may be used as the contractor's submission and is disclosable to the public under the Open Public Records Act. The contractor must also complete the attached Stockholder Disclosure Certification. This will assist the agency in meeting its obligations under the law. NOTE: This section does not apply to Board of Education contracts. N.J.S.A. 19:44A-3(s): "The term "legislative leadership committee" means a committee established, authorized to be established, or designated by the President of the Senate, the Minority Leader of the Senate, the Speaker of the General Assembly or the Minority Leader of the General Assembly pursuant to section 16 of P.L.1993, c.65 (C.19:44A-10.1) for the purpose of receiving contributions and making expenditures." OMNIA PARTNERS EXHIBITS Doc #4, EXHIBIT G- NEW JERSEY BUSINESS COMPLIANCE continued C. 271 POLITICAL CONTRIBUTION DISCLOSURE FORM Required Pursuant to N.J.S.A. 19:44A-20.26 This form or its permitted facsimile must be submitted to the local unit no later than 10 days prior to the award of the contract. Part I — Vendor information Vendor Name: Sterling Infosystems, Inc., dba Sterling Address: 1 State St. Plaza, 24th Floor City: I New York State:NY Zi :10004 The undersigned being authorized to certify, hereby certifies that the submission provided herein represents compliance with the provisions of N.J.S.A. 19:44A-20.26 and as represented by the Instructions accompanying thisr Signature Printed Name Title Part II — Contribution Disclosure Disclosure requirement: Pursuant to N.J.S.A. 19:44A-20.26 this disclosure must include all reportable political contributions (more than $300 per election cycle) over the 12 months prior to submission to the committees of the government entities listed on the form provided by the local unit. ❑ Check here if disclosure is provided in electronic form Contributor Name Recipient Name Date DollarAmount Not applicable $ ❑ Check here if the information is continued on subsequent page(s) OMNIA PARTNERS EXHIBITS Doc #4, EXHIBIT G- NEW JERSEY BUSINESS COMPLIANCE continued List of Agencies with Elected Officials Required for Political Contribution Disclosure N.J •S.A. 19:44A-20.26 Not applicable to Sterling County Name: State: Governor, and Legislative Leadership Committees Legislative District #s: State Senator and two members of the General Assembly per district. County: Freeholders {County Executive) County Clerk Sheriff Surrogate Municipalities (Mayor and members of governing body, regardless of title): USERS SHOULD CREATE THEIR OWN FORM, OR DOWNLOAD FROM THE PAY TO PLAY SECTION OF THE DLGS WEBSITE A COUNTY -BASED, CUSTOMIZABLE FORM. OMNIA PARTNERS EXHIBITS EXHIBIT G- NEW JERSEY BUSINESS COMPLIANCE DOC #6 Certification of Non -Involvement in Prohibited Activities in Iran Pursuant to N.J.S.A. 52:32-58, Offerors must certify that neither the Offeror, nor any of its parents, subsidiaries, and/or affiliates (as defined in N.J.S.A. 52:32 — 56(e) (3)), is listed on the Department of the Treasury's List of Persons or Entities Engaging in Prohibited Investment Activities in Iran and that neither is involved in any of the investment activities set forth in N.J.S.A. 52:32 — 56(f). Offerors wishing to do business in New Jersey through this contract must fill out the Certification of Non - Involvement in Prohibited Activities in Iran here: http://www.state.ni.us/humanservices/dfd/info/standard/fdc/disclosure investmentact.pdf. Offerors should submit the above form completed with their proposal. STATE OF NEW JERSEY — DIVISION OF PURCHASE AND PROPERTY DISCLOSURE OF INVESTMENT ACTIVITIES IN IRAN Quote Number.19-13 Bidder/offeror: Sterling Infosystems, Inc., dba Sterling PART 1: CERTIFICATION BIDDERS MUST COMPLETE PART 1 BY CHECKING EITHER BOX. FAILURE TO CHECK ONE OF THE BOXES WILL RENDER THE PROPOSAL NON -RESPONSIVE. Pursuant to Public Law 2012, c. 25, any person or entity that submits a bid or proposal or otherwise proposes to enter into or renew a contract must complete the certification below to attest, under penalty of perjury, that neither the person or entity, nor any of its parents, subsidiaries, or affiliates, is identified on the Department of Treasury's Chapter 25 list as a person or entity engaging in investment activities in Iran. The Chapter 25 list is found on the Division's website at htW:/d'wwww stati' nj usitreasuryl ase/pdff I�er25Lisfi . Bidders must review this list prior to completing the below certification. Failure to complete the certification will render a bidder's proposal non -responsive, if the Director finds a person or entity to be in violation of law, s/he shall take action as may be appropriate and provided by law, rule or contract, including but not limited to, imposing sanctions, seeking compliance, recovering damages, declaring the parry in default and seeking debarment or suspension of the party PLEASE CHECK THE APPROPRIATE BOX: I certify, pursuant to Public Law 2012, c. 25, that neither the bidder listed above nor any of the bidder's parents, subsidiaries, or affiliates is listed on the N.J_ Department of the Treasury"s list of entities determined to be engaged in prohibited activities in Iran pursuant to P.L. 2012, c. 25 ("Chapter 25 List"). 1 further certify that I am the person listed above, or I am an officer ❑ or representative of the entity listed above and am authorized to make this certification on its behalf. I will skip Part 2 and sign and complete the Certification below. I am unable to certify as above because the bidder and/or one or more of its parents, subsidiaries, or affiliates is listed on ❑ the Department's Chapter 25 list I will provide a detailed, accurate and precise description of the activities in Part 2 below and sign and complete the Certification below. Failure to provide such will result in the proposal being rendered as non- responsive and appropriate penalties, fines and/or sanctions will be assessed as provided by law. PART 2: PLEASE PROVIDE FURTHER INFORMATION RELATED TO INVESTMENT ACTIVITIES IN IRAN You must provide a detailed, accurate and precise description of the activities of the bidding person/entity, or one of its parents, subsidiaries or affiliates, engaging in the investment activities in Iran outlined above by completing the boxes below. EACH BOX WILL PROMPT YOU TO PROVIDE INFORMATION RELATIVE TO THE ABOVE QUESTIONS. PLEASE PROVIDE THOROUGH ANSWERS TO EACH QUESTION. IF YOU NEED TO MAKE ADDITIONAL ENTRIES, CLICK THE "ADD AN ADDITIONAL ACTIVITIES ENTRY" BUTTON. Name Not applicable Relationship to Bidder/Offeror Description of Activities Duration of Engagement Anticipated Cessation Date Bidder/Offeror Contact Name Contact Phone Number ADD AN ADDITIONAL ACTIVITIES ENTRY Certification: I, being duly sworn upon my oath, hereby represent and state that the foregoing information and any attachments thereto to the best of my knowledge are true and complete. I attest that I am authorized to execute this certification on behalf of the above -referenced person or entity. I acknowledge that the State of New Jersey is relying on the information contained herein and thereby acknowledge that I am under a continuing obligation from the date of this certification through the completion of any contracts with the State to notify the State in writing of any changes to the answers of information contained herein. I acknowledge that I am aware that it is a criminal offense to make a false statement or misrepresentation in this certification, and if I do so, I recognize that I am subject to criminal prosecution under the law and that it will also constitute a material breach of my agreements) with the State of New Jersey and that the State at its option may declare any c tract(s) resulting from this certification void and unenforceable. 1 Full Name (Print): / Signature: Title: �- 1Ct Date: D / DPP Standard Forms Packet 11/2013 OMNIA PARTNERS EXHIBITS EXHIBIT G- NEW JERSEY BUSINESS COMPLIANCE DOC #7 NEW JERSEY BUSINESS REGISTRATION CERTIFICATE (N.J.S.A. 52:32-44) Offerors wishing to do business in New Jersey must submit their State Division of Revenue issued Business Registration Certificate with their proposal here. Failure to do so will disqualify the Offeror from offering products or services in New Jersey through any resulting contract. http://www.state.ni.us/treasury/revenue/forms/noreg.pdf Sterling is registered to do business in New Jersey. See attached NJ Business Registration Certificate (07-15-2019). STATE OF NEW JERSEY BUSINESS REGISTRATION CERTIFICATE Taxpayer Name:STERLING INFOSYSTEMS, INC. Trade Name: Address:1 STATE STREET 24TH FLOOR NEW YORK, NY 10004 Certificate Number:1927152 Effective Date:January 23, 2015 Date of Issuance:July 15, 2019 For Office Use Only: 20190715151128603 OMNIA PARTNERS EXHIBITS EXHIBIT H- OMNIA PARTNERS ADVERTISING COMPLIANCE REQUIREMENT Pursuant to certain state notice provisions, including but not limited to Oregon Revised Statutes Chapter 279A.220, the following public agencies and political subdivisions of the referenced public agencies are eligible to register with OMNIA Partners and access the Master Agreement contract award made pursuant to this solicitation, and are hereby given notice of the foregoing request for proposals for purposes of complying with the procedural requirements of said statutes: Nationwide: State of Alabama State of Hawaii State of Massachusetts State of New Mexico State of South Dakota State of Alaska State of Idaho State of Michigan State of New York State of Tennessee State of Arizona State of Illinois State of Minnesota State of North Carolina State of Texas State of Arkansas State of Indiana State of Mississippi State of North Dakota State of Utah State of California State of Iowa State of Missouri State of Ohio State of Vermont State of Colorado State of Kansas State of Montana State of Oklahoma State of Virginia State of Connecticut State of Kentucky State of Nebraska State of Oregon State of Washington State of Delaware State of Louisiana State of Nevada State of Pennsylvania State of West Virginia State of Florida State of Maine State of New Hampshire State of Rhode Island State of Wisconsin State of Georgia State of Maryland State of New Jersey State of South Carolina State of Wyoming District of Columbia Lists of political subdivisions and local governments in the above referenced states / districts may be found at http://www.usa.gov/Agencies/State_and_Territories.shtml and https://www.usa.gov/local-governments. Certain Public Agencies and Political Subdivisions: CITIES, TOWNS, VILLAGES AND BOROUGHS INCLUDING BUT NOT LIMITED TO: BAKER CITY GOLF COURSE, OR CITY OF ADAIR VILLAGE, OR CITY OF ASHLAND, OR CITY OF AUMSVILLE, OR CITY OF AURORA, OR CITY OF BAKER, OR CITY OF BATON ROUGE, LA CITY OF BEAVERTON, OR CITY OF BEND, OR CITY OF BOARDMAN, OR CITY OF BONANAZA, OR CITY OF BOSSIER CITY, LA CITY OF BROOKINGS, OR CITY OF BURNS, OR CITY OF CANBY, OR CITY OF CANYONVILLE, OR CITY OF CLATSKANIE, OR CITY OF COBURG, OR CITY OF CONDON, OR CITY OF COQUILLE, OR CITY OF CORVALLI, OR CITY OF CORVALLIS PARKS AND RECREATION DEPARTMENT, OR CITY OF COTTAGE GROVE, OR CITY OF DONALD, OR CITY OF EUGENE, OR CITY OF FOREST GROVE, OR CITY OF GOLD HILL, OR CITY OF GRANTS PASS, OR CITY OF GRESHAM, OR CITY OF HILLSBORO, OR CITY OF INDEPENDENCE, OR CITY AND COUNTY OF HONOLULU, HI CITY OF KENNER, LA CITY OF LA GRANDE, OR CITY OF LAFAYETTE, LA CITY OF LAKE CHARLES, OR CITY OF LEBANON, OR CITY OF MCMINNVILLE, OR CITY OF MEDFORD, OR CITY OF METAIRIE, LA CITY OF MILL CITY, OR CITY OF MILWAUKIE, OR CITY OF MONROE, LA CITY OF MOSIER, OR CITY OF NEW ORLEANS, LA CITY OF NORTH PLAINS, OR CITY OF OREGON CITY, OR CITY OF PILOT ROCK, OR CITY OF PORTLAND, OR CITY OF POWERS, OR CITY OF PRINEVILLE, OR CITY OF REDMOND, OR CITY OF REEDSPORT, OR CITY OF RIDDLE, OR CITY OF ROGUE RIVER, OR CITY OF ROSEBURG, OR CITY OF SALEM, OR CITY OF SANDY, OR CITY OF SCAPPOOSE, OR CITY OF SHADY COVE, OR CITY OF SHERWOOD, OR CITY OF SHREVEPORT, LA CITY OF SILVERTON, OR CITY OF SPRINGFIELD, OR CITY OF ST. HELENS, OR CITY OF ST. PAUL, OR CITY OF SULPHUR, LA CITY OF TIGARD, OR CITY OF TROUTDALE, OR CITY OF TUALATIN, OR CITY OF WALKER, LA CITY OF WARRENTON, OR CITY OF WEST LINN, OR CITY OF WILSONVILLE, OR CITY OF WINSTON, OR CITY OF WOODBURN, OR LEAGUE OF OREGON CITES THE CITY OF HAPPY VALLEY OREGON ALPINE, UT ALTA, UT ALTAMONT, UT ALTON, UT AMALGA, UT AMERICAN FORK CITY, UT ANNABELLA, UT ANTIMONY, UT APPLE VALLEY, UT AURORA, UT BALLARD, UT BEAR RIVER CITY, UT BEAVER, UT BICKNELL, UT BIG WATER, UT BLANDING, UT BLUFFDALE, UT BOULDER, UT CITY OF BOUNTIFUL, UT BRIAN HEAD, UT BRIGHAM CITY CORPORATION, UT BRYCE CANYON CITY, UT CANNONVILLE, UT CASTLE DALE, UT CASTLE VALLEY, UT CITY OF CEDAR CITY, UT CEDAR FORT, UT CITY OF CEDAR HILLS, UT CENTERFIELD, UT CENTERVILLE CITY CORPORATION, UT CENTRAL VALLEY, UT CHARLESTON, UT CIRCLEVILLE, UT CLARKSTON, UT CLAWSON, UT CLEARFIELD, UT CLEVELAND, UT CLINTON CITY CORPORATION, UT COALVILLE, UT CORINNE, UT CORNISH, UT COTTONWOOD HEIGHTS, UT DANIEL, UT DELTA, UT DEWEYVILLE, UT DRAPER CITY, UT DUCHESNE, UT EAGLE MOUNTAIN, UT EAST CARBON, UT ELK RIDGE, UT ELMO, UT ELSINORE, UT ELWOOD, UT EMERY, UT ENOCH, UT ENTERPRISE, UT EPHRAIM, UT ESCALANTE, UT EUREKA, UT FAIRFIELD, UT FAIRVIEW, UT FARMINGTON, UT FARR WEST, UT FAYETTE, UT FERRON, UT FIELDING, UT FILLMORE, UT FOUNTAIN GREEN, UT FRANCIS, UT FRUIT HEIGHTS, UT GARDEN CITY, UT GARLAND, UT GENOLA, UT GLENDALE, UT GLENWOOD, UT GOSHEN, UT GRANTSVILLE, UT GREEN RIVER, UT GUNNISON, UT HANKSVILLE, UT HARRISVILLE, UT HATCH, UT HEBER CITY CORPORATION, UT HELPER, UT HENEFER, UT HENRIEVILLE, UT HERRIMAN, UT HIDEOUT, UT HIGHLAND, UT HILDALE, UT HINCKLEY, UT HOLDEN, UT HOLLADAY, UT HONEYVILLE, UT HOOPER, UT HOWELL, UT HUNTINGTON, UT HUNTSVILLE, UT CITY OF HURRICANE, UT HYDE PARK, UT HYRUM, UT INDEPENDENCE, UT IVINS, UT JOSEPH, UT JUNCTION, UT KAMAS, UT KANAB, UT KANARRAVILLE, UT KANOSH, UT KAYSVILLE, UT KINGSTON, UT KOOSHAREM, UT LAKETOWN, UT LA VERKIN, UT LAYTON, UT LEAMINGTON, UT LEEDS, UT LEHI CITY CORPORATION, UT LEVAN, UT LEWISTON, UT LINDON, UT LOA, UT LOGAN CITY, UT LYMAN, UT LYNNDYL, UT MANILA, UT MANTI, UT MANTUA, UT MAPLETON, UT MARRIOTT-SLATERVILLE, UT MARYSVALE, UT MAYFIELD, UT MEADOW, UT MENDON, UT MIDVALE CITY INC., UT MIDWAY, UT MILFORD, UT MILLVILLE, UT MINERSVILLE, UT MOAB, UT MONA, UT MONROE, UT CITY OF MONTICELLO, UT MORGAN, UT MORONI, UT MOUNT PLEASANT, UT MURRAY CITY CORPORATION, UT MYTON, UT NAPLES, UT NEPHI, UT NEW HARMONY, UT NEWTON, UT NIBLEY, UT NORTH LOGAN, UT NORTH OGDEN, UT NORTH SALT LAKE CITY, UT OAK CITY, UT OAKLEY, UT OGDEN CITY CORPORATION, UT OPHIR, UT ORANGEVILLE, UT ORDERVILLE, UT OREM, UT PANGUITCH, UT PARADISE, UT PARAGONAH, UT PARK CITY, UT PAROWAN, UT PAYSON, UT PERRY, UT PLAIN CITY, UT PLEASANT GROVE CITY, UT PLEASANT VIEW, UT PLYMOUTH, UT PORTAGE, UT PRICE, UT PROVIDENCE, UT PROVO, UT RANDOLPH, UT REDMOND, UT RICHFIELD, UT RICHMOND, UT RIVERDALE, UT RIVER HEIGHTS, UT RIVERTON CITY, UT ROCKVILLE, UT ROCKY RIDGE, UT ROOSEVELT CITY CORPORATION, UT ROY, UT RUSH VALLEY, UT CITY OF ST. GEORGE, UT SALEM, UT SALINA, UT SALT LAKE CITY CORPORATION, UT SANDY, UT SANTA CLARA, UT SANTAQUIN, UT SARATOGA SPRINGS, UT SCIPIO, UT SCOFIELD, UT SIGURD, UT SMITHFIELD, UT SNOWVILLE, UT CITY OF SOUTH JORDAN, UT SOUTH OGDEN, UT CITY OF SOUTH SALT LAKE, UT SOUTH WEBER, UT SPANISH FORK, UT SPRING CITY, UT SPRINGDALE, UT SPRINGVILLE, UT STERLING, UT STOCKTON, UT SUNNYSIDE, UT SUNSET CITY CORP, UT SYRACUSE, UT TABIONA, UT CITY OF TAYLORSVILLE, UT TOOELE CITY CORPORATION, UT TOQUERVILLE, UT TORREY, UT TREMONTON CITY, UT TRENTON, UT TROPIC, UT UINTAH, UT VERNAL CITY, UT VERNON, UT VINEYARD, UT VIRGIN, UT WALES, UT WALLSBURG, UT WASHINGTON CITY, UT WASHINGTON TERRACE, UT WELLINGTON, UT WELLSVILLE, UT WENDOVER, UT WEST BOUNTIFUL, UT WEST HAVEN, UT WEST JORDAN, UT WEST POINT, UT WEST VALLEY CITY, UT WILLARD, UT WOODLAND HILLS, UT WOODRUFF, UT WOODS CROSS, UT COUNTIES AND PARISHES INCLUDING BUT NOT LIMITED TO: ASCENSION PARISH, LA ASCENSION PARISH, LA, CLEAR OF COURT CADDO PARISH, LA CALCASIEU PARISH, LA CALCASIEU PARISH SHERIFF’S OFFICE, LA CITY AND COUNTY OF HONOLULU, HI CLACKAMAS COUNTY, OR CLACKAMAS COUNTY DEPT OF TRANSPORTATION, OR CLATSOP COUNTY, OR COLUMBIA COUNTY, OR COOS COUNTY, OR COOS COUNTY HIGHWAY DEPARTMENT, OR COUNTY OF HAWAII, OR CROOK COUNTY, OR CROOK COUNTY ROAD DEPARTMENT, OR CURRY COUNTY, OR DESCHUTES COUNTY, OR DOUGLAS COUNTY, OR EAST BATON ROUGE PARISH, LA GILLIAM COUNTY, OR GRANT COUNTY, OR HARNEY COUNTY, OR HARNEY COUNTY SHERIFFS OFFICE, OR HAWAII COUNTY, HI HOOD RIVER COUNTY, OR JACKSON COUNTY, OR JEFFERSON COUNTY, OR JEFFERSON PARISH, LA JOSEPHINE COUNTY GOVERNMENT, OR LAFAYETTE CONSOLIDATED GOVERNMENT, LA LAFAYETTE PARISH, LA LAFAYETTE PARISH CONVENTION & VISITORS COMMISSION LAFOURCHE PARISH, LA KAUAI COUNTY, HI KLAMATH COUNTY, OR LAKE COUNTY, OR LANE COUNTY, OR LINCOLN COUNTY, OR LINN COUNTY, OR LIVINGSTON PARISH, LA MALHEUR COUNTY, OR MAUI COUNTY, HI MARION COUNTY, SALEM, OR MORROW COUNTY, OR MULTNOMAH COUNTY, OR MULTNOMAH COUNTY BUSINESS AND COMMUNITY SERVICES, OR MULTNOMAH COUNTY SHERIFFS OFFICE, OR MULTNOMAH LAW LIBRARY, OR ORLEANS PARISH, LA PLAQUEMINES PARISH, LA POLK COUNTY, OR RAPIDES PARISH, LA SAINT CHARLES PARISH, LA SAINT CHARLES PARISH PUBLIC SCHOOLS, LA SAINT LANDRY PARISH, LA SAINT TAMMANY PARISH, LA SHERMAN COUNTY, OR TERREBONNE PARISH, LA TILLAMOOK COUNTY, OR TILLAMOOK COUNTY SHERIFF'S OFFICE, OR TILLAMOOK COUNTY GENERAL HOSPITAL, OR UMATILLA COUNTY, OR UNION COUNTY, OR WALLOWA COUNTY, OR WASCO COUNTY, OR WASHINGTON COUNTY, OR WEST BATON ROUGE PARISH, LA WHEELER COUNTY, OR YAMHILL COUNTY, OR COUNTY OF BOX ELDER, UT COUNTY OF CACHE, UT COUNTY OF RICH, UT COUNTY OF WEBER, UT COUNTY OF MORGAN, UT COUNTY OF DAVIS, UT COUNTY OF SUMMIT, UT COUNTY OF DAGGETT, UT COUNTY OF SALT LAKE, UT COUNTY OF TOOELE, UT COUNTY OF UTAH, UT COUNTY OF WASATCH, UT COUNTY OF DUCHESNE, UT COUNTY OF UINTAH, UT COUNTY OF CARBON, UT COUNTY OF SANPETE, UT COUNTY OF JUAB, UT COUNTY OF MILLARD, UT COUNTY OF SEVIER, UT COUNTY OF EMERY, UT COUNTY OF GRAND, UT COUNTY OF BEVER, UT COUNTY OF PIUTE, UT COUNTY OF WAYNE, UT COUNTY OF SAN JUAN, UT COUNTY OF GARFIELD, UT COUNTY OF KANE, UT COUNTY OF IRON, UT COUNTY OF WASHINGTON, UT OTHER AGENCIES INCLUDING ASSOCIATIONS, BOARDS, DISTRICTS, COMMISSIONS, COUNCILS, PUBLIC CORPORATIONS, PUBLIC DEVELOPMENT AUTHORITIES, RESERVATIONS AND UTILITIES INCLUDING BUT NOT LIMITED TO: BANKS FIRE DISTRICT, OR BATON ROUGE WATER COMPANY BEND METRO PARK AND RECREATION DISTRICT BIENVILLE PARISH FIRE PROTECTION DISTRICT 6, LA BOARDMAN PARK AND RECREATION DISTRICT CENTRAL CITY ECONOMIC OPPORTUNITY CORP, LA CENTRAL OREGON INTERGOVERNMENTAL COUNCIL CITY OF BOGALUSA SCHOOL BOARD, LA CLACKAMAS RIVER WATER CLATSKANIE PEOPLE'S UTILITY DISTRICT CLEAN WATER SERVICES CONFEDERATED TRIBES OF THE UMATILLA INDIAN RESERVATION COOS FOREST PROTECTIVE ASSOCIATION CHEHALEM PARK AND RECREATION DISTRICT DAVID CROCKETT STEAM FIRE COMPANY #1, LA EUGENE WATER AND ELECTRIC BOARD HONOLULU INTERNATIONAL AIRPORT HOODLAND FIRE DISTRICT #74 HOUSING AUTHORITY OF PORTLAND ILLINOIS VALLEY FIRE DISTRICT LAFAYETTE AIRPORT COMMISSION, LA LAFOURCHE PARISH HEALTH UNIT – DHH-OPH REGION 3 LOUISIANA PUBLIC SERVICE COMMISSION, LA LOUISIANA WATER WORKS MEDFORD WATER COMMISSION MELHEUR COUNTY JAIL, OR METRO REGIONAL GOVERNMENT METRO REGIONAL PARKS METROPOLITAN EXPOSITION RECREATION COMMISSION METROPOLITAN SERVICE DISTRICT (METRO) MULTNOMAH EDUCATION SERVICE DISTRICT NEW ORLEANS REDEVELOPMENT AUTHORITY, LA NORTHEAST OREGON HOUSING AUTHORITY, OR PORT OF BRANDON, OR PORT OF MORGAN CITY, LA PORTLAND DEVELOPMENT COMMISSION, OR PORTLAND FIRE AND RESCUE PORTLAND HOUSING CENTER, OR OREGON COAST COMMUNITY ACTION OREGON HOUSING AND COMMUNITY SERVICES OREGON LEGISLATIVE ADMINISTRATION ROGUE VALLEY SEWER, OR SAINT LANDRY PARISH TOURIST COMMISSION SAINT MARY PARISH REC DISTRICT 2 SAINT MARY PARISH REC DISTRICT 3 SAINT TAMMANY FIRE DISTRICT 4, LA SALEM MASS TRANSIT DISTRICT SEWERAGE AND WATER BOARD OF NEW ORLEANS, LA SOUTH LAFOURCHE LEVEE DISTRICT, LA TRI-COUNTY METROPOLITAN TRANSPORTATION DISTRICT OF OREGON TUALATIN HILLS PARK & RECREATION DISTRICT TUALATIN VALLEY FIRE & RESCUE TUALATIN VALLEY WATER DISTRICT WILLAMALANE PARK AND RECREATION DISTRICT WILLAMETTE HUMANE SOCIETY K-12 INCLUDING BUT NOT LIMITED TO: ACADIA PARISH SCHOOL BOARD BEAVERTON SCHOOL DISTRICT BEND-LA PINE SCHOOL DISTRICT BOGALUSA HIGH SCHOOL, LA BOSSIER PARISH SCHOOL BOARD BROOKING HARBOR SCHOOL DISTRICT CADDO PARISH SCHOOL DISTRICT CALCASIEU PARISH SCHOOL DISTRICT CANBY SCHOOL DISTRICT CANYONVILLE CHRISTIAN ACADEMY CASCADE SCHOOL DISTRICT CASCADES ACADEMY OF CENTRAL OREGON CENTENNIAL SCHOOL DISTRICT CENTRAL CATHOLIC HIGH SCHOOL CENTRAL POINT SCHOOL DISTRICT NO.6 CENTRAL SCHOOL DISTRICT 13J COOS BAY SCHOOL DISTRICT NO.9 CORVALLIS SCHOOL DISTRICT 509J COUNTY OF YAMHILL SCHOOL DISTRICT 29 CULVER SCHOOL DISTRICT DALLAS SCHOOL DISTRICT NO.2 DAVID DOUGLAS SCHOOL DISTRICT DAYTON SCHOOL DISTRICT NO.8 DE LA SALLE N CATHOLIC HS DESCHUTES COUNTY SCHOOL DISTRICT NO.6 DOUGLAS EDUCATIONAL DISTRICT SERVICE DUFUR SCHOOL DISTRICT NO.29 EAST BATON ROUGE PARISH SCHOOL DISTRICT ESTACADA SCHOOL DISTRICT NO.10B FOREST GROVE SCHOOL DISTRICT GEORGE MIDDLE SCHOOL GLADSTONE SCHOOL DISTRICT GRANTS PASS SCHOOL DISTRICT 7 GREATER ALBANY PUBLIC SCHOOL DISTRICT GRESHAM BARLOW JOINT SCHOOL DISTRICT HEAD START OF LANE COUNTY HIGH DESERT EDUCATION SERVICE DISTRICT HILLSBORO SCHOOL DISTRICT HOOD RIVER COUNTY SCHOOL DISTRICT JACKSON CO SCHOOL DIST NO.9 JEFFERSON COUNTY SCHOOL DISTRICT 509-J JEFFERSON PARISH SCHOOL DISTRICT JEFFERSON SCHOOL DISTRICT JUNCTION CITY SCHOOLS, OR KLAMATH COUNTY SCHOOL DISTRICT KLAMATH FALLS CITY SCHOOLS LAFAYETTE PARISH SCHOOL DISTRICT LAKE OSWEGO SCHOOL DISTRICT 7J LANE COUNTY SCHOOL DISTRICT 4J LINCOLN COUNTY SCHOOL DISTRICT LINN CO. SCHOOL DIST. 95C LIVINGSTON PARISH SCHOOL DISTRICT LOST RIVER JR/SR HIGH SCHOOL LOWELL SCHOOL DISTRICT NO.71 MARION COUNTY SCHOOL DISTRICT MARION COUNTY SCHOOL DISTRICT 103 MARIST HIGH SCHOOL, OR MCMINNVILLE SCHOOL DISTRICT NOAO MEDFORD SCHOOL DISTRICT 549C MITCH CHARTER SCHOOL MONROE SCHOOL DISTRICT NO.1J MORROW COUNTY SCHOOL DIST, OR MULTNOMAH EDUCATION SERVICE DISTRICT MULTISENSORY LEARNING ACADEMY MYRTLE PINT SCHOOL DISTRICT 41 NEAH-KAH-NIE DISTRICT NO.56 NEWBERG PUBLIC SCHOOLS NESTUCCA VALLEY SCHOOL DISTRICT NO.101 NOBEL LEARNING COMMUNITIES NORTH BEND SCHOOL DISTRICT 13 NORTH CLACKAMAS SCHOOL DISTRICT NORTH DOUGLAS SCHOOL DISTRICT NORTH WASCO CITY SCHOOL DISTRICT 21 NORTHWEST REGIONAL EDUCATION SERVICE DISTRICT ONTARIO MIDDLE SCHOOL OREGON TRAIL SCHOOL DISTRICT NOA6 ORLEANS PARISH SCHOOL DISTRICT PHOENIX-TALENT SCHOOL DISTRICT NOA PLEASANT HILL SCHOOL DISTRICT PORTLAND JEWISH ACADEMY PORTLAND PUBLIC SCHOOLS RAPIDES PARISH SCHOOL DISTRICT REDMOND SCHOOL DISTRICT REYNOLDS SCHOOL DISTRICT ROGUE RIVER SCHOOL DISTRICT ROSEBURG PUBLIC SCHOOLS SCAPPOOSE SCHOOL DISTRICT 1J SAINT TAMMANY PARISH SCHOOL BOARD, LA SEASIDE SCHOOL DISTRICT 10 SHERWOOD SCHOOL DISTRICT 88J SILVER FALLS SCHOOL DISTRICT 4J SOUTH LANE SCHOOL DISTRICT 45J3 SOUTHERN OREGON EDUCATION SERVICE DISTRICT SPRINGFIELD PUBLIC SCHOOLS SUTHERLIN SCHOOL DISTRICT SWEET HOME SCHOOL DISTRICT NO.55 TERREBONNE PARISH SCHOOL DISTRICT THE CATLIN GABEL SCHOOL TIGARD-TUALATIN SCHOOL DISTRICT UMATILLA MORROW ESD WEST LINN WILSONVILLE SCHOOL DISTRICT WILLAMETTE EDUCATION SERVICE DISTRICT WOODBURN SCHOOL DISTRICT YONCALLA SCHOOL DISTRICT ACADEMY FOR MATH ENGINEERING & SCIENCE (AMES) , UT ALIANZA ACADEMY , UT ALPINE DISTRICT , UT AMERICAN LEADERSHIP ACADEMY , UT AMERICAN PREPARATORY ACADEMY , UT BAER CANYON HIGH SCHOOL FOR SPORTS & MEDICAL SCIENCES , UT BEAR RIVER CHARTER SCHOOL , UT BEAVER SCHOOL DISTRICT , UT BEEHIVE SCIENCE & TECHNOLOGY ACADEMY (BSTA) , UT BOX ELDER SCHOOL DISTRICT , UT CBA CENTER , UT CACHE SCHOOL DISTRICT , UT CANYON RIM ACADEMY , UT CANYONS DISTRICT , UT CARBON SCHOOL DISTRICT , UT CHANNING HALL , UT CHARTER SCHOOL LEWIS ACADEMY , UT CITY ACADEMY , UT DAGGETT SCHOOL DISTRICT , UT DAVINCI ACADEMY , UT DAVIS DISTRICT , UT DUAL IMMERSION ACADEMY , UT DUCHESNE SCHOOL DISTRICT , UT EARLY LIGHT ACADEMY AT DAYBREAK , UT EAST HOLLYWOOD HIGH , UT EDITH BOWEN LABORATORY SCHOOL , UT EMERSON ALCOTT ACADEMY , UT EMERY SCHOOL DISTRICT , UT ENTHEOS ACADEMY , UT EXCELSIOR ACADEMY , UT FAST FORWARD HIGH , UT FREEDOM ACADEMY , UT GARFIELD SCHOOL DISTRICT , UT GATEWAY PREPARATORY ACADEMY , UT GEORGE WASHINGTON ACADEMY , UT GOOD FOUNDATION ACADEMY , UT GRAND SCHOOL DISTRICT , UT GRANITE DISTRICT , UT GUADALUPE SCHOOL , UT HAWTHORN ACADEMY , UT INTECH COLLEGIATE HIGH SCHOOL , UT IRON SCHOOL DISTRICT , UT ITINERIS EARLY COLLEGE HIGH , UT JOHN HANCOCK CHARTER SCHOOL , UT JORDAN DISTRICT , UT JUAB SCHOOL DISTRICT , UT KANE SCHOOL DISTRICT , UT KARL G MAESER PREPARATORY ACADEMY , UT LAKEVIEW ACADEMY , UT LEGACY PREPARATORY ACADEMY , UT LIBERTY ACADEMY , UT LINCOLN ACADEMY , UT LOGAN SCHOOL DISTRICT , UT MARIA MONTESSORI ACADEMY , UT MERIT COLLEGE PREPARATORY ACADEMY , UT MILLARD SCHOOL DISTRICT , UT MOAB CHARTER SCHOOL , UT MONTICELLO ACADEMY , UT MORGAN SCHOOL DISTRICT , UT MOUNTAINVILLE ACADEMY , UT MURRAY SCHOOL DISTRICT , UT NAVIGATOR POINTE ACADEMY , UT NEBO SCHOOL DISTRICT , UT NO UT ACAD FOR MATH ENGINEERING & SCIENCE (NUAMES) , UT NOAH WEBSTER ACADEMY , UT NORTH DAVIS PREPARATORY ACADEMY , UT NORTH SANPETE SCHOOL DISTRICT , UT NORTH STAR ACADEMY , UT NORTH SUMMIT SCHOOL DISTRICT , UT ODYSSEY CHARTER SCHOOL , UT OGDEN PREPARATORY ACADEMY , UT OGDEN SCHOOL DISTRICT , UT OPEN CLASSROOM , UT OPEN HIGH SCHOOL OF UTAH , UT OQUIRRH MOUNTAIN CHARTER SCHOOL , UT PARADIGM HIGH SCHOOL , UT PARK CITY SCHOOL DISTRICT , UT PINNACLE CANYON ACADEMY , UT PIUTE SCHOOL DISTRICT , UT PROVIDENCE HALL , UT PROVO SCHOOL DISTRICT , UT QUAIL RUN PRIMARY SCHOOL , UT QUEST ACADEMY , UT RANCHES ACADEMY , UT REAGAN ACADEMY , UT RENAISSANCE ACADEMY , UT RICH SCHOOL DISTRICT , UT ROCKWELL CHARTER HIGH SCHOOL , UT SALT LAKE ARTS ACADEMY , UT SALT LAKE CENTER FOR SCIENCE EDUCATION, UT SALT LAKE SCHOOL DISTRICT , UT SALT LAKE SCHOOL FOR THE PERFORMING ARTS, UT SAN JUAN SCHOOL DISTRICT , UT SEVIER SCHOOL DISTRICT , UT SOLDIER HOLLOW CHARTER SCHOOL , UT SOUTH SANPETE SCHOOL DISTRICT , UT SOUTH SUMMIT SCHOOL DISTRICT , UT SPECTRUM ACADEMY , UT SUCCESS ACADEMY , UT SUCCESS SCHOOL , UT SUMMIT ACADEMY , UT SUMMIT ACADEMY HIGH SCHOOL , UT SYRACUSE ARTS ACADEMY , UT THOMAS EDISON - NORTH , UT TIMPANOGOS ACADEMY , UT TINTIC SCHOOL DISTRICT , UT TOOELE SCHOOL DISTRICT , UT TUACAHN HIGH SCHOOL FOR THE PERFORMING ARTS , UT UINTAH RIVER HIGH , UT UINTAH SCHOOL DISTRICT , UT UTAH CONNECTIONS ACADEMY , UT UTAH COUNTY ACADEMY OF SCIENCE , UT UTAH ELECTRONIC HIGH SCHOOL , UT UTAH SCHOOLS FOR DEAF & BLIND , UT UTAH STATE OFFICE OF EDUCATION , UT UTAH VIRTUAL ACADEMY , UT VENTURE ACADEMY , UT VISTA AT ENTRADA SCHOOL OF PERFORMING ARTS AND TECHNOLOGY , UT WALDEN SCHOOL OF LIBERAL ARTS , UT WASATCH PEAK ACADEMY , UT WASATCH SCHOOL DISTRICT , UT WASHINGTON SCHOOL DISTRICT , UT WAYNE SCHOOL DISTRICT , UT WEBER SCHOOL DISTRICT , UT WEILENMANN SCHOOL OF DISCOVERY , UT HIGHER EDUCATION ARGOSY UNIVERSITY BATON ROUGE COMMUNITY COLLEGE, LA BIRTHINGWAY COLLEGE OF MIDWIFERY BLUE MOUNTAIN COMMUNITY COLLEGE BRIGHAM YOUNG UNIVERSITY - HAWAII CENTRAL OREGON COMMUNITY COLLEGE CENTENARY COLLEGE OF LOUISIANA CHEMEKETA COMMUNITY COLLEGE CLACKAMAS COMMUNITY COLLEGE COLLEGE OF THE MARSHALL ISLANDS COLUMBIA GORGE COMMUNITY COLLEGE CONCORDIA UNIVERSITY GEORGE FOX UNIVERSITY KLAMATH COMMUNITY COLLEGE DISTRICT LANE COMMUNITY COLLEGE LEWIS AND CLARK COLLEGE LINFIELD COLLEGE LINN-BENTON COMMUNITY COLLEGE LOUISIANA COLLEGE, LA LOUISIANA STATE UNIVERSITY LOUISIANA STATE UNIVERSITY HEALTH SERVICES MARYLHURST UNIVERSITY MT. HOOD COMMUNITY COLLEGE MULTNOMAH BIBLE COLLEGE NATIONAL COLLEGE OF NATURAL MEDICINE NORTHWEST CHRISTIAN COLLEGE OREGON HEALTH AND SCIENCE UNIVERSITY OREGON INSTITUTE OF TECHNOLOGY OREGON STATE UNIVERSITY OREGON UNIVERSITY SYSTEM PACIFIC UNIVERSITY PIONEER PACIFIC COLLEGE PORTLAND COMMUNITY COLLEGE PORTLAND STATE UNIVERSITY REED COLLEGE RESEARCH CORPORATION OF THE UNIVERSITY OF HAWAII ROGUE COMMUNITY COLLEGE SOUTHEASTERN LOUISIANA UNIVERSITY SOUTHERN OREGON UNIVERSITY (OREGON UNIVERSITY SYSTEM) SOUTHWESTERN OREGON COMMUNITY COLLEGE TULANE UNIVERSITY TILLAMOOK BAY COMMUNITY COLLEGE UMPQUA COMMUNITY COLLEGE UNIVERSITY OF HAWAII BOARD OF REGENTS UNIVERSITY OF HAWAII-HONOLULU COMMUNITY COLLEGE UNIVERSITY OF OREGON-GRADUATE SCHOOL UNIVERSITY OF PORTLAND UNIVERSITY OF NEW ORLEANS WESTERN OREGON UNIVERSITY WESTERN STATES CHIROPRACTIC COLLEGE WILLAMETTE UNIVERSITY XAVIER UNIVERSITY UTAH SYSTEM OF HIGHER EDUCATION, UT UNIVERSITY OF UTAH, UT UTAH STATE UNIVERSITY, UT WEBER STATE UNIVERSITY, UT SOUTHERN UTAH UNIVERSITY, UT SNOW COLLEGE, UT DIXIE STATE COLLEGE, UT COLLEGE OF EASTERN UTAH, UT UTAH VALLEY UNIVERSITY, UT SALT LAKE COMMUNITY COLLEGE, UT UTAH COLLEGE OF APPLIED TECHNOLOGY, UT STATE AGENCIES ADMIN. SERVICES OFFICE BOARD OF MEDICAL EXAMINERS HAWAII CHILD SUPPORT ENFORCEMENT AGENCY HAWAII DEPARTMENT OF TRANSPORTATION HAWAII HEALTH SYSTEMS CORPORATION OFFICE OF MEDICAL ASSISTANCE PROGRAMS OFFICE OF THE STATE TREASURER OREGON BOARD OF ARCHITECTS OREGON CHILD DEVELOPMENT COALITION OREGON DEPARTMENT OF EDUCATION OREGON DEPARTMENT OF FORESTRY OREGON DEPT OF TRANSPORTATION OREGON DEPT. OF EDUCATION OREGON LOTTERY OREGON OFFICE OF ENERGY OREGON STATE BOARD OF NURSING OREGON STATE DEPT OF CORRECTIONS OREGON STATE POLICE OREGON TOURISM COMMISSION OREGON TRAVEL INFORMATION COUNCIL SANTIAM CANYON COMMUNICATION CENTER SEIU LOCAL 503, OPEU SOH- JUDICIARY CONTRACTS AND PURCH STATE DEPARTMENT OF DEFENSE, STATE OF HAWAII STATE OF HAWAII STATE OF HAWAII, DEPT. OF EDUCATION STATE OF LOUISIANA STATE OF LOUISIANA DEPT. OF EDUCATION STATE OF LOUISIANA, 26TH JUDICIAL DISTRICT ATTORNEY STATE OF UTAH PRE-EMPLOYMENT BACKGROUND SCREENING, RELATED PRODUCTS AND SERVICES | AUGUST 15, 2019 4 Proprietary and Confidential © 2019 Sterling | www.sterlingcheck.com Tab 4 – Qualification and Experience a. References (Tab 5 v.iii.) Provide a minimum of 5 customer references relating to the products and services within this RFP. Include entity name, contact name and title, contact phone and email, city, state, years serviced, description of services and annual volume. Sterling is proud to provide the following references that signify Sterling’s ability to support customers with large complex programs, governmental agencies, energy/utilities, educational institutions at the higher education level and smaller programs alike with significant growth and tenure. Large Defense Contractor 1. Lockheed Martin Vicki Pavay – HR Manager, Pre-Boarding & Off-Boarding Programs Bethesda, MD Phone: (301) 548-2389 Email: vicki.pavay@lmco.com ƒ Client since 2002 ƒ Description of Services – Background Screening ƒ Annual volume -$2M+ Energy / Utilities 1. Duke Energy Margaret Fenner, Director, Threat Management Raleigh, NC Phone: (704) 382-2291 E-Mail: margaret.fenner@duke-energy.com ƒ Client since 2005 ƒ Description of Services – Background Screening ƒ Annual Volume - $602,864 2. Consolidated Edison Co. of New York Inc. Tom Aloisi, Human Resources Manager New York, NY Phone: (212) 460-3988 E-Mail: aloisit@coned.com ƒ Client since 2002 ƒ Description of Services – Background Screening ƒ Annual Volume – $156,385 PRE-EMPLOYMENT BACKGROUND SCREENING, RELATED PRODUCTS AND SERVICES | AUGUST 15, 2019 5 Proprietary and Confidential © 2019 Sterling | www.sterlingcheck.com Education The references listed below are education facilities that host summer camps for children, similar to ESC. 1. Texas A&M University Rita Bowden, Division of Human Resources and Organizational Effectiveness College Station, TX Phone: (979) 862-1015 E-Mail: rbowden@tamu.edu ƒ Client since 2016 ƒ Description of Services – Background Screening ƒ Annual volume - $521,249 2. University of Miami Lisi Carreno, MBA, SPHR, Executive Director, Talent Acquisition Miami, FL Phone: (305) 284-6709 E-Mail : lcarreno@miami.edu ƒ Client since 2013 ƒ Description of Services – Background Screening ƒ Annual volume -$229,645 3. George Washington University Annie Hess, CCP, SHRM – SCP, Director, Talent Acquisition Washington DC Phone : (571) 553-8360 E-Mail : ahess@gwu.edu ƒ Client since 2010 ƒ Description of Services – Background Screening ƒ Annual volume - $200,655 4. Phillips Exeter Academy Amy Chick – Human Resources Administrative Coordinator Exeter, NH Phone: (603) 777-3395 E-Mail : archick@exeter.edu Human Resources Administrative Coordinator ƒ Client since 2017 ƒ Description of Services – Background Screening ƒ Annual volume - $27,962 Government clients 1. City of Fort Collins Lori Wiggins – Talent Acquisition Manager Fort Collins, CO 80524 Phone: (970) 416-4245 E-Mail: lwiggins@fcgov.com ƒ Client since 2008 PRE-EMPLOYMENT BACKGROUND SCREENING, RELATED PRODUCTS AND SERVICES | AUGUST 15, 2019 6 Proprietary and Confidential © 2019 Sterling | www.sterlingcheck.com ƒ Description of Services – Background Screening ƒ Annual volume - $14,319 2. City of Colorado Springs Kathryn Valtin, HR Supervisor-Recruiting Colorado Springs, CO Phone : (719) 385-5156 E-Mail : Kathryn.Valtin@coloradosprings.gov ƒ Client since 2008 ƒ Description of Services – Background Screening ƒ Annual volume - $30,067 PRE-EMPLOYMENT BACKGROUND SCREENING, RELATED PRODUCTS AND SERVICES | AUGUST 15, 2019 7 Proprietary and Confidential © 2019 Sterling | www.sterlingcheck.com Tab 5 – Value Add RFP Sterling’s Response to RFP Section IV.2 ii. Respond to APPENDIX D, Price Proposal. Understood. Please refer to our responses in Appendix D, Price Proposal included in Tab 2. ii. Describe products, service and background screening service packages. Will a participating agency be able to create a background screening service package(s) based on their needs? Detail your response. Yes, ESC will have the ability to choose from a-la-carte option or an unlimited number of packages can be designed to align with ESC’s workflow. ESC will have the ability to choose from a-la-carte options or an unlimited number of packages. Below is a table of the common product approaches our education clients have designed in the effort to drive excellence in protecting their education institution and their student population: PRE-EMPLOYMENT BACKGROUND SCREENING, RELATED PRODUCTS AND SERVICES | AUGUST 15, 2019 8 Proprietary and Confidential © 2019 Sterling | www.sterlingcheck.com Examples of role specific additions: ƒ Motor Vehicle records for any drivers ƒ Integrated compliant Social Media searches ƒ Post-hire Criminal and Driver License Monitoring ƒ Credit reports for staff with fiduciary responsibilities ƒ Professional license status for teaching or other functions to help avoid accreditation and reputation threats. ƒ FACIS ® search for healthcare (ie. school nurses) related positions iiii. Describe any additional discounts or rebates available. Additional discounts or rebates may be offered for large quantity orders, single ship to location, growth, annual spend, guaranteed quantity, etc. Group Volume Rebate. The Group Volume Rebate is based upon the aggregate program gross revenue of Participating Members. The Group Volume Rebates will be calculated in January for the previous year’s sales (back to dollar one) based upon the table below. The Group Volume Rebate will be divided amount Participating Members based on each Participating Member’s percentage of the total program gross revenue. The Group Volume Rebate is reconciled and paid out annually each March. Total Aggregate Program Spend of Participating Members Rebate Percentage Less than $4 Million 0% $4 Million - $6 Million 1% $6 Million - $8 Million 1.50% $8 Million - $10 Million 2% $10 Million - $12 Million 2.50% $12 Million > 3% PRE-EMPLOYMENT BACKGROUND SCREENING, RELATED PRODUCTS AND SERVICES | AUGUST 15, 2019 9 Proprietary and Confidential © 2019 Sterling | www.sterlingcheck.com Example: If the total program spend for 2017 equals $4MM, the rebate percentage would be 1.0%. The rebate distributed back to Participating Members would be $40,000. If Participating Member X’s spend for 2017 was $500,000 then Participating Member X’s portion of this rebate would be equal to $5,000. iiv. Describe how customers verify they are receiving Contract pricing. Sterling will conduct quarterly business reviews to ensure ESC is always being provided contracted pricing. v. Describe payment methods offered. We accept the following methods of payment: ƒ BOA E Payables ƒ ACH payments ƒ Checks ƒ Credit Cards - Visa, MasterCard, American Express and Discover vi. Propose the frequency of updates to the Offeror’s pricing structure. Describe any proposed indices to guide price adjustments. If offering a catalog contract with discounts by category, while changes in individual pricing may change, the category discounts should not change over the term of the Contract. Pricing will remain in place for the length of the contract term between OMNIA and Sterling. vii. Describe how future product introductions will be priced and align with Contract pricing proposed. As with all the pricing we are proposing through the OMNIA partnership, any new solution developed will priced to align with a similar aggressive pricing strategy. viii. Provide any additional information relevant to this section. Not to Exceed Pricing. Region 4 ESC requests pricing be submitted as not to exceed pricing. Unlike fixed pricing, the Contractor can adjust submitted pricing lower if needed but, cannot exceed original pricing submitted. Contractor must allow for lower pricing to be available for similar product and service purchases. Cost plus pricing as a primary pricing structure is not acceptable. Prices are guaranteed 120 days. Understood. PRE-EMPLOYMENT BACKGROUND SCREENING, RELATED PRODUCTS AND SERVICES | AUGUST 15, 2019 10 Proprietary and Confidential © 2019 Sterling | www.sterlingcheck.com bb) Performance Capability i. Include a detailed response to Appendix E, Exhibit A, OMNIA Partners Response for National Cooperative Contract. Responses should highlight experience, demonstrate a strong national presence, describe how Offeror will educate its national sales force about the Contract, describe how products and services will be distributed nationwide, include a plan for marketing the products and services nationwide, and describe how volume will be tracked and reported to OMNIA Partners. Sterling’s Response to Appendix E, Exhibit A, Section 3.0 Supplier must supply the following information in order for the Principal Procurement Agency to determine Supplier’s qualifications to extend the resulting Master Agreement to Participating Public Agencies through OMNIA Partners. 3.1 Company A. Brief history and description of Supplier. Sterling is a privately owned corporation that was founded in 1975 and incorporated in Delaware in 2003. We began with a staff of two employees, and have grown to over 4,000 employees globally, which includes our New York City headquarters and operations centers in the US, Canada, EMEA, and APAC. Sterling serves 25,000 clients performing over 150 million background checks and drug tests yearly in over 230 countries, territories, and dependencies across the globe. As a leading provider of employment screening services, we have the knowledge and experience to conduct background checks worldwide. We have developed flexible technology that accommodates a wide range of request submission and fulfillment options, facilitating customized solutions for local users, while still ensuring consistency and compliance throughout our clients’ programs. Through its Industrials, Government & Education practice, Sterling focuses on the unique and vital roles of these critical sectors that impact people’s lives every day. A common theme across the public sector is sensitivity to safety and efficiency while being mindful of reputation and community relationships. B. Total number and location of sales persons employed by Supplier. We have approximately 107 sales people globally in the following locations. ƒ Dallas, TX, US ƒ New York, NY, US ƒ Roseville, CA, US ƒ Bothell, WA, US ƒ Bellevue, WA, US ƒ Independence, OH, US ƒ Fort Collins, CO, US ƒ UK PRE-EMPLOYMENT BACKGROUND SCREENING, RELATED PRODUCTS AND SERVICES | AUGUST 15, 2019 11 Proprietary and Confidential © 2019 Sterling | www.sterlingcheck.com ƒ EMEA CC. Number and location of support centers (if applicable) and location of corporate office. Sterling operates in 22 offices in 9 countries worldwide. The graphic below shows our global office locations: US ƒ New York, NY - Customer Service/Sales/Account/Management/Executive Leadership/Product Development/Mergers and Acquisitions/Technology/Drug and Occupational Health Services ƒ Roseville, CA - Sales/Account Management/Education and Employment Verification Fulfillment ƒ Marietta, GA - Technology/Product Development/Data Back-up Facilities/Global Products ƒ Bothell, WA - Customer Service/Sales/Management/Marketing/Drug and Occupational Health Services ƒ Bellevue, WA - Customer Service/Sales/Management/Office of Innovation/Product Development and Technology ƒ Independence, OH - Customer Service/Technical Support/Sales/Account Management/Operations/Onshore Fulfillment/Compliance/Dispute Resolution/Drug and Occupational Health Services ƒ Fort Collins, CO - Customer Service/Technical Support/Sales/Account Management/Verified Volunteers/Bishops Services ƒ Portland, OR – Sterling Identity Canada ƒ Surrey, BC - Customer Service/Sales/Management PRE-EMPLOYMENT BACKGROUND SCREENING, RELATED PRODUCTS AND SERVICES | AUGUST 15, 2019 12 Proprietary and Confidential © 2019 Sterling | www.sterlingcheck.com ƒ Montreal, QC - Customer Service/Sales/Management/Compliance India ƒ Mumbai, India - Customer Service/Account Management/Fulfillment/Operational Excellence/Technical Development and Support/ Drug and Occupational Health Services UK/Australia ƒ Swansea, South Wales, UK - Account Management/Customer Service/Fulfillment ƒ Holborn, London - Account Management ƒ North Sydney, Australia – RISQ Group Philippines ƒ Manilla, Taguig City, Philippines - Customer Services/Business Relationship Management ƒ Cubao, Quezon City, Philippines - Customer Services/Business Relationship Management Operations ƒ Beijing, China ƒ Central, Hong Kong ƒ United Square, Singapore ƒ Shanghai, China ƒ Darul Ehsan, Malaysia Headquarters Sterling Infosystems, Inc., dba Sterling 1 State St. Plaza, 24th Floor, New York, NY 10004 DD. Annual sales for the three previous fiscal years. Year Total Revenue 2018 $460,068,000 2017 $480,956,000 2016 $446,929,000 PRE-EMPLOYMENT BACKGROUND SCREENING, RELATED PRODUCTS AND SERVICES | AUGUST 15, 2019 13 Proprietary and Confidential © 2019 Sterling | www.sterlingcheck.com EE. Submit FEIN and Dunn & Bradstreet report. FEIN: 11 – 2845313 Sterling’s Dun & Bradstreet report is included as an attachment. F. Describe any green or environmental initiatives or policies. In recognition of ecological limits, interdependence, and healthy communities, Sterling operates in an office emphasizing sustainability and energy efficiency. Sterling does not utilize machinery that poses significant risk to the environment or an individual’s safety, and Sterling encourages office correspondence through digital means. The paper products that Sterling uses are environmentally friendly (e.g. acid free), and Sterling maintains a comprehensive internal recycling program. Sterling was an early adopter of the “paperless” background checking solution in response to its efforts to become more sustainable and environmentally conscious. This initiative resulted in a fully enabled online ordering as described throughout this response. Our platform eliminates the need for users to perform data entry or attempt to decipher poor penmanship, and decreases reliance on paper products. If you chose to use the online consent form, the entire process can be paperless. Sterling’s greatest successes, relative to sustainability, have been produced through the development of the following technologies. ƒ Sterling provides ESC with paperless options for order entry, results, billing, and chain of custody forms. ƒ All account management reporting functionality is provided electronically. ƒ Electronic wet signature on the consent and disclosure form. ƒ With CourtDirect, Sterling eliminated over 75% of human traffic to court facilities. ƒ Overall process improvement reducing paper and product waste. G. Describe any diversity programs or partners supplier does business with and how Participating Agencies may use diverse partners through the Master Agreement. Indicate how, if at all, pricing changes when using the diversity program. Our supplier diversity mission is to proactively identify, build relationships with, and purchase goods and services from certified diverse businesses. Diverse vendors will have an equal opportunity to be included in our strategic sourcing and procurement process. Vendors that seek to do business with us must demonstrate the ability to add value and provide high-quality goods and services that are competitively priced, reliable, and aligned with our superior level of service. The Sterling vendor diversity program’s objective is to procure 10% of indirect spend annually with diverse vendors enrolled in the program. Our Global Procurement team provides leadership quarterly reports tracking the objective and progress of the program. This will solidify our outreach and stance on equality throughout our vendor base. PRE-EMPLOYMENT BACKGROUND SCREENING, RELATED PRODUCTS AND SERVICES | AUGUST 15, 2019 14 Proprietary and Confidential © 2019 Sterling | www.sterlingcheck.com HH. Describe any historically underutilized business certifications supplier holds and the ccertifying agency. This may include business enterprises such as minority and women owned, small or disadvantaged, disable veterans, etc. Sterling takes maximum advantage of all business certifications it holds. I. Describe how supplier differentiates itself from its competitors. At Sterling, we differentiate ourselves through our people and concern for your business and culture with our focus on educational verticalization. Our deepest concern is promoting a safe work environment for you and your employees. Through our partnership with ESC, we will create a trust, propelled by our dedicated team, who are readily available and adaptable to your culture and needs. Sterling’s main goal is to help you locate the most valuable candidates so that you can create a workplace where your employees feel confident and secure. Throughout 2019, Sterling has focused attention on education through a variety of events, including sponsorship and speaking at the LEAP HR Higher Education Conference in May along with a webinar focused on Employment Verification. In August, Sterling hosted a Roundtable attended by prominent clients. Leading experts discussed perspectives within education, background screening, and the critical convergence of the two—including key compliance and safety concerns. With the May re-launch of Sterling Student, for screening of students participating in internships or other academic-related programs within sensitive positions to satisfy various requirements, regulations, and polices, Sterling extended its reach across the full spectrum of campus employment needs. Sterling solutions cover full-time, part-time, contract, and study- related cases. Industry-leading turnaround times To deliver your background reports faster, Sterling uses our proprietary AI technology to automate our criminal record screening fulfillment processes. We automate 85% of our criminal record search volume, allowing us to offer you turnaround times 50% faster than the rest of the industry, with 66% of searches closing in just an hour. By removing manual intervention, we also minimize human error. While screening over 26 million candidates annually, Sterling amends an average of just 0.009% of criminal searches to correct erroneous or incomplete information. Unrivaled expertise and service ESC will be supported by a Client Success Team dedicated to government and educational services industry, so you receive tailored service with vertical expertise. Throughout our relationship, this team will learn your culture and processes so we can make the best recommendations for ESC. Each quarter, your Client Success Partner will review your screening program, benchmarking it against other clients in your industry. Working together with ESC, Sterling will help you build the screening program that best supports your business goals. Candidate experience We understand how crucial a good candidate experience is for ESC—this helps to form the first impression of their new employer. Through Sterling’s candidate hub, your candidates will have the power to manage and streamline their screening process. They will navigate through a PRE-EMPLOYMENT BACKGROUND SCREENING, RELATED PRODUCTS AND SERVICES | AUGUST 15, 2019 15 Proprietary and Confidential © 2019 Sterling | www.sterlingcheck.com clear, modern interface that is simple to understand and easy to use from anywhere and on any device—helping them complete their tasks faster. Compliance Sterling supports a compliant background screening experience, not just in the United States, but worldwide. We embrace the ever-changing landscape of federal, state, and local hiring regulations, adhering to the Fair Credit Reporting Act (FCRA), Equal Employment Opportunity Commission (EEOC), and other domestic and international regulations governing pre- employment services. Webinars hosted by experts The world of background screening is constantly evolving. To keep ESC informed, Sterling partners with renowned law firms, consultants, and our in-house experts to host webinars on topics important to our clients. Certain webinars also qualify for SHRM recertification credits. JJ. Describe any present or past litigation, bankruptcy or reorganization involving supplier. In connection with its performance of millions of background checks annually, Sterling is the subject of litigation from time to time, none of which has been material to Sterling’s financial health. Such litigation is generally dismissed or settled without judicial findings. Sterling is continually evaluating and improving its processes in response to litigation trends, regulatory pronouncements and statutory changes. K. Felony Conviction Notice: Indicate if the supplier a. is a publicly held corporation and this reporting requirement is not applicable; Sterling is a privately held company. b. is not oowned or operated by anyone who has been convicted of a felony; or No. This is not applicable to Sterling. c. is owned or operated by and individual(s) who has been convicted of a felony and provide the names and convictions. No. This is not applicable to Sterling. L. Describe any debarment or suspension actions taken against supplier. None have been taken. This is not applicable to Sterling. PRE-EMPLOYMENT BACKGROUND SCREENING, RELATED PRODUCTS AND SERVICES | AUGUST 15, 2019 16 Proprietary and Confidential © 2019 Sterling | www.sterlingcheck.com 3.2 Distribution, Logistics AA. Describe the full line of products and services offered by supplier. Sterling offers hundreds of screening and pre-employment products, some of which are summarized below: US Screening Product Overview ! The Complete Criminal Record Locator ƒ Social Security Trace/Address Verification ƒ Enhanced National Criminal Database Search ƒ Locator Select Database Search ! Criminal Record Checks ƒ County Criminal Record Check ƒ State Criminal Record Check ƒ Federal Criminal Record Check ! Employment Credit Report ! Sex Offender Registry Search (Dept. Of Justice) ! Department of Motor Vehicle Search/Motor Vehicle Records (MVR) ! DOT (reasonable suspicion, random testing) ! Drug Testing and Occupational Health Services (blood, urine, breath, hair, oral fluid, physicals and more) ! Education Verification ! Employment Verification ! Fingerprinting ! Fraud and Abuse Control Information System (FACIS) Search ! I-9 Verification/E-Verify ! National Practitioner Data Bank ! Office of Inspector General (OIG) Search ! Personal/Professional References ! Professional License Verification ! Social Media Searches ! Terrorist Watch List/Office of Foreign Assets Control (OFAC) Search ! Workers’ Compensation Search Additional services that are unique to Sterling: Sterling Student Portal Our Student Portal is a self-service portal which ESC may utilize when seeking to hire students seeking employment or internships within sensitive positions or to satisfy requirements/regulations/polices–the student can pay for their own background check. The application provides easy web-based access to an online questionnaire and consent form (the forms can be customized for ESC, but the customization would final approval by Sterling’s Compliance Team prior to implementation) that are completed by the student and submitted directly to Sterling in order to initiate a background order. The results would go directly to ESC. This solution helps with risk management by ensuring the background check is compliant and that the client will have access to the results without having to manage the process. In addition, it removes the administrative burden of initiating background orders and controls costs. Alternatively, you can choose to be billed directly for these background checks. PRE-EMPLOYMENT BACKGROUND SCREENING, RELATED PRODUCTS AND SERVICES | AUGUST 15, 2019 17 Proprietary and Confidential © 2019 Sterling | www.sterlingcheck.com Government Across all levels of government, employees must provide a positive and professional experience for constituents. A key part of this equation is knowing the backgrounds of the people you hire. Whether your employees work on your infrastructure, handle finance or anything in between, Sterling’s employee background checks help ensure all candidates brought in for sensitive roles are trustworthy. Education Academic settings, from pre-schools to universities, are unique communities where personal relationships are important. Inviting full-time, part-time or contract employees into your classrooms or campus involves specialized requirements to maintain a safe environment and gain your community’s confidence. When placing students in internships or employment affiliated with a degree in a program, Sterling Student, a unique background screening solution, provides value and confidence to leading universities. Through a combination of pre-employment background screening and workforce monitoring solutions, governments and leading educational institutions have long-standing relationships with Sterling to help maintain safety and public confidence across campuses. Sterling Diligence Sterling Diligence (Bishops Services) is the oldest privately held investigation and corporate due diligence firm in the United States. Founded in 1898, we use our decades of experience to bring insight, accuracy and timeliness to its investigations around the world. In 2008, Bishops became part of the Sterling group of companies. While other firms have used technology to create “cookie-cutter” report templates and internet downloads to conduct its investigations, we use technology to access an increased range of primary source data at every jurisdictional level. Our clients include: ƒ law and accounting firms ƒ government ƒ hedge funds ƒ private equity firms ƒ commercial and investment banks Our lead investigators develop a deep understanding of the needs of each market segment and tailor their due diligence and reporting process to meet a client’s individual needs. Sterling Identity - Compliant Fingerprinting to Enhance Criminal Searches Sterling is one of the few companies authorized as both a FINRA and FBI channeler. Sterling offers a national network of digital fingerprinting technology, deployed through kiosks in over 800 The UPS Store locations nationally. Sterling has worked hard to provide the only consistent, single-sourced national fingerprinting network in existence. This network covers PRE-EMPLOYMENT BACKGROUND SCREENING, RELATED PRODUCTS AND SERVICES | AUGUST 15, 2019 18 Proprietary and Confidential © 2019 Sterling | www.sterlingcheck.com over 720 cities in all 50 states and Washington, DC—your candidates are usually less than a 30-minute trip from a Sterling fingerprinting location. To provide a consistent and high-quality experience for candidates having their fingerprints captured, Sterling developed a training and quality assurance program for The UPS Store technicians to ensure they can reliably capture candidate fingerprints in accordance with FBI best practices. This training includes informative videos, fingerprint capture practice sessions, and a final fingerprint submission that is reviewed by the team for certification and quality purposes, so technicians are thoroughly prepared to capture your candidates’ fingerprints effectively. Additionally, Sterling can provide a fully FCRA-compliant fingerprinting process. Sterling is able to seamlessly incorporate primary source verification, and state and federal compliance rules into your background screening process. Providing this option allows our clients to benefit from FBI fingerprint searches, while limiting risk and ensuring both a comprehensive and compliant screening solution. Continuous Monitoring Program Sterling offers ongoing monitoring services to proactively mitigate risk via re-screening. Using a myriad of industry-leading data sources, coupled with our unmatched expertise, Sterling’s Continuous Monitoring solution proactively identifies new applicant threats such as new criminal arrests and sanctions/exclusions daily – preventing violence, litigation, and insider fraud. Sterling’s Continuous Monitoring will benefit ESC for the following reasons: UUnmatched Expertise. Sterling was the first to productize daily monitoring services in 2015 and is committed to continuous innovation to make it easier to manage and monitor the entire lifecycle of a customer’s screening program. Diverse Data Sources. From sanctions and exclusions to license status to criminal records, Sterling offers a myriad of continuous monitoring options to detect applicant threats. React Quickly to Risk. We use the most up-to-date and comprehensive data sources that enable continuous monitoring of applicants with proactive alerts and notifications Flexibility. Configure your monitoring program (single or multiple) to fit your specific business needs and requirements. B. Describe how supplier proposes to distribute the products/service nationwide. Include any states where products and services will not be offered under the Master Agreement, including U.S. Territories and Outlying Areas. Sterling has made major investments in our national and international screening technology. We offer a one world, one platform solution that allows you to initiate background checks in PRE-EMPLOYMENT BACKGROUND SCREENING, RELATED PRODUCTS AND SERVICES | AUGUST 15, 2019 19 Proprietary and Confidential © 2019 Sterling | www.sterlingcheck.com over 195 countries from your master account, including all 50 states, US Territories and Outlying Areas. Sterling has organized our global screening solutions into 6 primary categories consisting of over 3,100+ products worldwide, covering over 200+ jurisdictions. Availability of each search type may vary based on our ongoing best practices approach for determining the viability as well as permissibility of a particular product. This approach ensures compliant, best practice country-level background check elements are offered on a regional and global basis. CC. Identify all other companies that will be involved in processing, handling or shipping the products/service to the end user. Sterling will be the only company involved in your background screening process. We provide the largest entity performing the screening services; however, At least 14% percent of orders placed for criminal products utilize one or more independent contractors/subcontractors to fulfill order requests. As a Consumer Reporting Agency (CRA), Sterling prepares background checks by compiling data from hundreds of different sources, from courthouses, to state driving record repositories, to drug testing laboratories. We consider these organizations to be suppliers of data, not subcontractors. We use court runners and other vendors in our supply chain, but we do not subcontract work out to other consumer reporting agencies. The identity and mix of suppliers that we use depends on the service offering and is considered proprietary information of Sterling. D. Provide the number, size and location of Supplier’s distribution facilities, warehouses and retail network as applicable. This is not applicable to Sterling. 3.3 Marketing and Sales A. Provide a detailed ninety-day plan beginning from award date of the Master Agreement describing the strategy to immediately implement the Master Agreement as supplier’s primary go to market strategy for Public Agencies to supplier’s teams nationwide, to include, but not limited to: i. Executive leadership endorsement and sponsorship of the award as the public sector go - to-market strategy within first 10 days ii. Training and education of Supplier’s national sales force with participation from the Supplier’s executive leadership, along with the OMNIA Partners team within first 90 days 90 Day Plan ƒ As the existing partner to OMNIA Private Sector today, we feel that we are uniquely positioned to leverage our nine years of history where we have collectively accumulated over 80 unique customers and approximately $10M in annual spend. This momentum will allow is to springboard into a successful deployment with ESC and early adoption of the Master Agreement for Public Agencies. Additionally, through our Government and Education vertical, PRE-EMPLOYMENT BACKGROUND SCREENING, RELATED PRODUCTS AND SERVICES | AUGUST 15, 2019 20 Proprietary and Confidential © 2019 Sterling | www.sterlingcheck.com we have developed the intellectual capital, systems and programs to specifically address the needs of the Public Agency sector. ƒ First 30 days: ƒ Kickoff call with all appropriate parties (program managers at Sterling, OMNIA and ESC ƒ Executive Sponsor assigned to the partnership ƒ Go-To-Market strategy and establish weekly cadence for first 90 days of program. ƒ Kickoff call to include Sterling presentation from dedicated Government & Education Team including: ▪ Alla Schay, General Manager, Industry Government & Education (IGE) ▪ Gurdon Blackwell, VP of Sales IGE ▪ Cecilia Green, Regional Director of Sales IGE (Located in Dallas, Texas) ▪ Nicholas Herstich, Head of Product, IGE ▪ Amanda Schafer, Head of Client Success, IGE ▪ Michael Kirsch, Head of Marketing, IGE ▪ Harris Bornstein, Senior Director of Strategic Alliances ▪ ƒ Creation of training program for internal Sterling training, as well as external training of OMNIA Public Sales Team. Sterling to report on: ƒ Pipeline tracking ƒ Client revenue tracking ƒ Revenue share processing ƒ Draft co-branded press release with ESC and OMNIA support ƒ Introduction between marketing teams (Sterling, OMNIA, ESC if necessary) ƒ Introductions between sales teams (Sterling, OMNIA) 30-60 days: ƒ Design and publish co-branded marketing materials for external use to include program highlights, Sterling differentiators, and key contact information. ƒ Creation of Internal Documentation for dedicated sales team, specifically geared towards selling into Public space (with OMNIA) to be published on Sterling’s intranet: ▪ Sales strategy documents ▪ Member lists ▪ Preferred price lists ▪ Marketing materials – white papers, one-pagers, etc. PRE-EMPLOYMENT BACKGROUND SCREENING, RELATED PRODUCTS AND SERVICES | AUGUST 15, 2019 21 Proprietary and Confidential © 2019 Sterling | www.sterlingcheck.com ƒ Creation and training of dedicated Sterling team of client success executives to support ESC and OMNIA Public Sector members who join Sterling via this contract. ƒ Publish and distribute co-branded press release ƒ Create landing page on Sterling website to include marketing materials, contract information, program highlights, and webform for interested parties to participate in the program 60-90 Days: ƒ Sterling program owner to present solution to stakeholders at ESC and OMNIA highlighting: ▪ Specific elements of the program and service availability ▪ Key differentiators ▪ Industry trends ▪ Partnership highlights and how to position Sterling’s solutions to members ƒ Set up bi-weekly cadence calls to discuss pipeline and member penetration and engagement. ƒ Discuss details around participation with OMNIA partners at national and regional events ƒ Creation of co-branded regional member roundtable events ƒ Invitations to regional members ƒ Thought leadership presentations ƒ Roundtable Discussions ƒ Product roadmap presentations from Sterling ƒ Networking opportunities BB. Provide a detailed ninety-day plan beginning from award date of the Master Agreement describing the strategy to market the Master Agreement to current Participating Public Agencies, existing Public Agency customers of Supplier, as well as to prospective Public Agencies nationwide immediately upon award, to include, but not limited to: i. Creation and distribution of a co-branded press release to trade publications ii. Announcement, contract details and contact information published on the Supplier's website within first 90 days. iii. Design, publication and distribution of co-branded marketing materials within PRE-EMPLOYMENT BACKGROUND SCREENING, RELATED PRODUCTS AND SERVICES | AUGUST 15, 2019 22 Proprietary and Confidential © 2019 Sterling | www.sterlingcheck.com ffirst 90 days iv. Commitment to attendance and participation with OMNIA Partners at national (i.e. NIGP Annual Forum, NPI Conference, etc.), regional (i.e. Regional NIGP Chapter Meetings, Regional Cooperative Summits, etc.) and supplier-specific trade shows, conferences and meetings throughout the term of the Master Agreement. v. Commitment to attend, exhibit and participate at the NIGP Annual Forum in an area reserved by OMNIA Partners for partner suppliers. Booth space will be purchased and staffed by Supplier. In addition, Supplier commits to provide reasonable assistance to the overall promotion and marketing efforts for the NIGP Annual Forum, as directed by OMNIA Partners. vi. Design and publication of national and regional advertising in trade publications throughout the term of the Master Agreement vii. Ongoing marketing and promotion of the Master Agreement throughout its term (case studies, collateral pieces, presentations, promotions, etc.) viii. Dedicated OMNIA Partners internet web-based homepage on Supplier's website with: x OMNIA Partners standard logo; x Copy of original Request for Proposal; x Copy of contract and amendments between Principal Procurement Agency and Supplier; x Summary of Products and pricing; x Marketing Materials x Electronic link to OMNIA Partners’ website including the online registration page; x A dedicated toll-free number and email address for OMNIA Partners x A dedicated toll-free number and email address for OMNIA Partners 90 DAY PLAN As the existing partner to OMNIA Private Sector today, we feel that we are uniquely positioned to leverage our nine years of history and momentum to springboard into a successful deployment with ESC and early adoption of the Master Agreement for Public Agencies. Additionally, through our Government and Education vertical, we have developed the intellectual capital, systems and programs to specifically address the needs of the Public Agency sector. PRE-EMPLOYMENT BACKGROUND SCREENING, RELATED PRODUCTS AND SERVICES | AUGUST 15, 2019 23 Proprietary and Confidential © 2019 Sterling | www.sterlingcheck.com First 30 days: ƒ Kickoff call with all appropriate parties (program managers at Sterling, OMNIA and ESC) ▪ Go-To-Market strategy and establish weekly cadence for first 90 days of program. ▪ Kickoff call to include Sterling presentation from dedicated Government & Education Team including: !! Alla Schay, General Manager, Industry Government & Education (IGE) ! Gurdon Blackwell, VP of Sales IGE ! Cecilia Green, Regional Director of Sales IGE (Located in Dallas, Texas) ! Nicholas Herstich, Head of Product, IGE ! Amanda Schafer, Head of Client Success, IGE ! Michael Kirsch, Head of Marketing, IGE ! Harris Bornstein, Senior Director of Strategic Alliances ƒ Creation of training program for internal Sterling training, as well as external training of OMNIA Public Sales Team. ƒ Sterling to report on: ▪ Pipeline tracking ▪ Client revenue tracking ▪ Revenue share processing ƒ Draft co-branded press release with ESC and OMNIA support ƒ Introduction between marketing teams (Sterling, OMNIA, ESC if necessary) ƒ Introductions between sales teams (Sterling, OMNIA) 30-60 Days: ƒ Design and publish co-branded marketing materials for external use to include program highlights, Sterling differentiators, and key contact information. ƒ Creation of Internal Documentation for dedicated sales team, specifically geared towards selling into Public space (with OMNIA) to be published on Sterling’s intranet: ▪ Sales strategy documents ▪ Member lists ▪ Preferred price lists ▪ Marketing materials – white papers, one-pagers, etc. ƒ Creation and training of dedicated Sterling team of client success executives to support ESC and OMNIA Public Sector members who join Sterling via this contract. ƒ Publish and distribute co-branded press release ƒ Create landing page on Sterling website to include marketing materials, contract information, program highlights, and webform for interested parties to participate in the program 60-90 Days: ƒ Sterling program owner to present solution to stakeholders at ESC and OMNIA highlighting: ▪ Specific elements of the program and service availability ▪ Key differentiators PRE-EMPLOYMENT BACKGROUND SCREENING, RELATED PRODUCTS AND SERVICES | AUGUST 15, 2019 24 Proprietary and Confidential © 2019 Sterling | www.sterlingcheck.com ▪ Industry trends ▪ Partnership highlights and how to position Sterling’s solutions to members ƒ Set up bi-weekly cadence calls to discuss pipeline and member penetration and engagement. ƒ Discuss details around participation with OMNIA partners at national and regional events ƒ Creation of co-branded regional member roundtable events ▪ Invitations to regional members ▪ Thought leadership presentations ▪ Roundtable Discussions ▪ Product roadmap presentations from Sterling ▪ Networking opportunities CC. Describe how Supplier will transition any existing Public Agency customers’ accounts to the Master Agreement available nationally through OMNIA Partners. Include a list of current cooperative contracts (regional and national) Supplier holds and describe how the Master Agreement will be positioned among the other cooperative agreements. Sterling has a number of public agencies already on contract. For each of these entities, we will evaluate the details of their programs and determine eligibility for the OMNIA Partners program within the first 90 days of our contract. We currently do not have any other cooperative contracts but do work with other GPO’s such as OMNIA Private Sector, Coretrust/Healthtrust, and Coupa. While those contracts provide no overlap within the Public sector, Sterling does have a wealth of success and experience with the cooperative strategy in other types of businesses and industries. D. Acknowledge Supplier agrees to provide its logo(s) to OMNIA Partners and agrees to provide permission for reproduction of such logo in marketing communications and promotions. Acknowledge that use of OMNIA Partners logo will require permission for reproduction, as well. Acknowledged. E. Confirm Supplier will be proactive in direct sales of Supplier’s goods and services to Public Agencies nationwide and the timely follow up to leads established by OMNIA Partners. All sales materials are to use the OMNIA Partners logo. At a minimum, the Supplier’s sales initiatives should communicate: i. Master Agreement was competitively solicited and publicly awarded by a Principal Procurement Agency ii. Best government pricing iii. No cost to participate iv. Non-exclusive contract PRE-EMPLOYMENT BACKGROUND SCREENING, RELATED PRODUCTS AND SERVICES | AUGUST 15, 2019 25 Proprietary and Confidential © 2019 Sterling | www.sterlingcheck.com Confirmed. FF. Confirm Supplier will train its national sales force on the Master Agreement. At a minimum, sales training should include: i. Key features of Master Agreement ii. Working knowledge of the solicitation process iii. Awareness of the range of Public Agencies that can utilize the Master Agreement through OMNIA Partners iv. Knowledge of benefits of the use of cooperative contracts Confirmed. G. Provide the name, title, email and phone number for the person(s), who will be responsible for: i. Executive Support Alla Schay General Manager (212) 812-1039 Alla.Schay@sterlingcheck.com ii. Marketing Michael Kirsh Marketing Leader Industrials, Government & Education (212) 812-1009 Michael.Kirsh@sterlingcheck.com iii. Sales Gurdon Gurdon Blackwell SVP, Sales Executive Leader (212)812-1017 Gurdon.Blackwell@sterlingcheck.com PRE-EMPLOYMENT BACKGROUND SCREENING, RELATED PRODUCTS AND SERVICES | AUGUST 15, 2019 26 Proprietary and Confidential © 2019 Sterling | www.sterlingcheck.com iiv. Sales Support Cecilia Green Enterprise Sales Executive (214) 387-8552 Cecilia.Green@sterlingcheck.com v. Financial Reporting John Conroy Financial Planning & Analysis Senior Manager (646) 829-3339 John.Conroy@sterlingcheck.com vi. Accounts Payable Rocco DiPaolo (212) 736-5100 ext. 3772 Director of Collections Rocco.DiPaolo@sterlingcheck.com vii. Contracts Rachel Mazzeo Vice President & Corporate Counsel (216) 685-7930 Rachel.Mazzeo@sterlingcheck.com H. Describe in detail how Supplier’s national sales force is structured, including contact information for the highest-level executive in charge of the sales team. Sterling’s focus on industrials, government and education offers a dedicated, nationally distributed salesforce to attack this specific addressable market. All sales executives report up into the SVP with one Enterprise representative overseeing the Region 4 activity. Gurdon Blackwell Senior Vice President, Client Success (212) 812-1017 Gurdon.Blackwell@sterlingts.com Cecilia Green Enterprise Sales Executive (214) 387-8552 Cecilia.Green@sterlingcheck.com PRE-EMPLOYMENT BACKGROUND SCREENING, RELATED PRODUCTS AND SERVICES | AUGUST 15, 2019 27 Proprietary and Confidential © 2019 Sterling | www.sterlingcheck.com II. Explain in detail how the sales teams will work with the OMNIA Partners team to implement, grow and service the national program. As indicated in our 90-day plan above, Sterling will create a dedicated team to this partnership head up by Harris Bornstein (Senior Director Strategic Alliances) and Gurdon Blackwell (VP of Sales, Government and Education) and supported by Cecilia Green (Regional Director of Sales IGE). Throughout the first 90 days of the contract, Harris, Gurdon and Cecilia will work closely with OMNIA and ESC to establish both internal and external marketing plans to roll out the program, the details of which are provided in the 90-day plan above. Harris and Gurdon will also establish bi-weekly pipeline calls with the appropriate stakeholders at OMNIA to ensure activity and program adoption as well as to conduct ongoing training when necessary. Our dedicated marketing manager (Michael Kirsch) will also maintain a close relationship with his counterparts at OMNIA to create and keep up-to-date any and all marketing materials, making them publicly available. J. Explain in detail how Supplier will manage the overall national program throughout the term of the Master Agreement, including ongoing coordination of marketing and sales efforts, timely new Participating Public Agency account set-up, timely contract administration, etc. See response in Question I above. In addition to the marketing and sales support to be dedicated to this program, the Sterling IGE Team will also assign a program manager to this partnership specifically with regards to setting up new accounts for members. During the execution of the 90-day play, this program manager will participate on calls dedicated to creating a program that will suit the needs of Public agencies and we will create a repeatable process by which OMNIA Public Sector members can readily and easily get set up with a Sterling account to begin ordering background and drug screening as quickly as possible. Our replicated OMNIA Private Sector treatment strategy will allow for a designated Client Success Partner to be tied directly to the public sector account that responsible for the ongoing health and well-being of the business relationship. This client success partner will have client success associates supporting day- to -day activity with strategic support being provided by the designated resource. While our experience tells us that many public entities appreciate a program tailored to their specific needs, we will at least look to establish a foundation for all new clients that each individual member can build off of to customize the specific needs they may have (screening packages, user setup, account hierarchy, ATS integrations, etc.) K. State the amount of Supplier’s Public Agency sales for the previous fiscal year. Provid e a list of Supplier’s top 10 Public Agency customers, the total purchases for each for the previous fiscal year along with a key contact for each Public Agency Clients Total Purchases for 2018 Contact Texas A&&M University System $655,540 Rita Bowden Grand Canyon University $333,574 Jody Grubish University of Miami $291,859 Lisi Carreno PRE-EMPLOYMENT BACKGROUND SCREENING, RELATED PRODUCTS AND SERVICES | AUGUST 15, 2019 28 Proprietary and Confidential © 2019 Sterling | www.sterlingcheck.com CCity & County of Denver $$259,311 CCindy Bishop CCity of Philadelphia $$180,972 AArdena Starks NNorth Dakota University System $$161,938 JJill Spacek BBoise State UUniversity $$140,276 KKim Marks CCity of Atlanta $$130,670 KKimberly Finley CCity of Phoenix $$90,797 JJudy Boros L. Describe Supplier’s information systems capabilities and limitations regarding order management through receipt of payment, including description of multiple platforms that may be used for any of these functions. Our cloud-based, proprietary technology platform unifies ESC’s candidate orders and data into a single, streamlined workflow so that authorized contacts can easily place orders, manage tasks, monitor the status of background checks, and view candidate records. Highly secure and regularly updated to meet evolving compliance standards, it can be used to manage even the most complex screening program seamlessly, including criminal background checks, verifications, I-9, and drug screening. Key features ƒ Ability to initiate a background check, then track and review results online ƒ Automated forms and data collection to streamline the process ƒ E-Invite technology that allows applicants to electronically provide consent and personal information to initiate the screening process ƒ Integrated adverse action process that can be managed by ESC or Sterling ƒ Candidate profiles that can be linked to job positions and screening packages to help ensure consistency, while reducing discrepancies and human error ƒ Automatic notifications for completed reports and ETAs that are customizable based on security policies and user rights ƒ Instant SSN Trace results which provide a candidate’s address history so you know where the searches will take place and if there are alias/maiden names associated with the candidate’s SSN that should be added to the order ƒ Visual dashboard lets you see the status of your candidates and orders at a glance ƒ A candidate snapshot where you’ll find the latest information about order status, order ID number, order date and more ƒ Our proprietary SmartData technology delivers an automated Client Matrix Application (adjudication/scoring), reducing the potential for human error and driving significantly faster turnaround times. The best part is that you only need to review the background PRE-EMPLOYMENT BACKGROUND SCREENING, RELATED PRODUCTS AND SERVICES | AUGUST 15, 2019 29 Proprietary and Confidential © 2019 Sterling | www.sterlingcheck.com checks that don’t meet your standards, allowing your team to focus on what they do best. Additional features Comprehensive 360-view of your screening program We leverage a unique, powerful data analytics platform to collect a 360-degree view of your background screening program with new reporting features that are: ƒ Fast. We utilize marketing leading cloud solutions Amazon Web Services and Looker to produce reports based on real-time data streaming. ƒ Interactive. Our visualizations show you a complete story with data. Easy-to-read reports and organized dashboards allow users to drill down, filter, and keep exploring data. ƒ Accurate. Reports have a wide array of configurable data attributes and metrics that are detailed and accurate. ƒ Self-Service. Our self-service ability allows your users to download entire dashboards complete with underlying data for each dashboard element. ƒ Customizable data sections. These track key metrics like turnaround time, hit rates, and cost. Additionally, with reporting dashboards, users can see a high-level view of your screening program and drill down to specific candidates or searches for more information. ƒ In addition, Sterling’s new dashboards now synthesize data into interactive charts and graphs that visualize everything from order volume to turnaround time to review rate by package, by service, by state / county / country, by account, by open order…and more. Visual toolbar This will allow your users to easily monitor the status of the screening program using a visual toolbar directly on the platform home page, and quickly see how many candidates (or records) are currently in each of the following six key stages of the screening process: ƒ E-Invite not started (24 hours) – E-invites to the Candidate Hub that have not been started within 24 hours of contacting the candidate. ƒ Workflows in progress – Workflows that have been started, but not completed. ƒ Drafted - not yet started – Includes orders that have been drafted but not submitted for processing. ƒ Awaiting missing information – Includes orders that are missing information from the candidate. ƒ Unread order notes – An expanded area that displays the order notes from Client Services. ƒ Managed adverse action - in process – A list of any records currently in the managed adverse action process. Information includes name, status, disposition, and result. PRE-EMPLOYMENT BACKGROUND SCREENING, RELATED PRODUCTS AND SERVICES | AUGUST 15, 2019 30 Proprietary and Confidential © 2019 Sterling | www.sterlingcheck.com Candidate snapshot ESC will be able to get a quick snapshot for any candidate through the candidate pop-up window. You are then provided with the latest information about an order status, complete with the order ID number, order date, and more. ESC can also link to more orders for the candidate, as well as contact Client Services directly from the screen with any inquiries. PRE-EMPLOYMENT BACKGROUND SCREENING, RELATED PRODUCTS AND SERVICES | AUGUST 15, 2019 31 Proprietary and Confidential © 2019 Sterling | www.sterlingcheck.com Initiation of a background screen ESC will have numerous options to initiate a background check. Either through an ATS integration or directly through our platform, we will give you easy, streamlined options to quickly provide your candidates with the proper instructions to begin the screening process. Status/results The status and results of the background screens are available anywhere, 24/7, in our platform. Candidate Hub Our candidate hub was developed to capture the mobile-first audience. We understand that, as the background experience is one of your first interactions with a potential new hire, the candidate interface should be intuitive and mobile-responsive. Candidates need to be able to submit their information any time, from anywhere. PRE-EMPLOYMENT BACKGROUND SCREENING, RELATED PRODUCTS AND SERVICES | AUGUST 15, 2019 32 Proprietary and Confidential © 2019 Sterling | www.sterlingcheck.com Through Sterling’s Candidate Hub, your candidates will have the power to manage and streamline their screening process while navigating through a clear, modern interface that is simple to understand and easy to use. They will be able to: ƒ Save time with detection of their location, login with Google credentials, and auto-fill employment history from LinkedIn. ƒ Upload documents and electronically sign directly from their phones—or any type of device. ƒ Easily resume their tasks with just a tap due to the auto-save feature. ƒ Keep engaged through optional SMS notifications and alerts. MM. Provide the Contract Sales (as defined in Section 10 of the National Intergovernmental Purchasing Alliance Company Administration Agreement) that Supplier will guarantee each year under the Master Agreement for the initial three years of the Master Agreement (“Guaranteed Contract Sales”). $_______.00 in year one $_______.00 in year two $_______.00 in year three To the extent Supplier guarantees minimum Contract Sales, the administration fee shall be calculated based on the greater of the actual Contract Sales and the Guaranteed Contract Sales. Sterling cannot agree to guaranteed contract sales. N. Even though it is anticipated many Public Agencies will be able to utilize the Master Agreement without further formal solicitation, there may be circumstances where Public Agencies will issue their own solicitations. The following options are available when responding to a solicitation for Products covered under the Master Agreement. i. Respond with Master Agreement pricing (Contract Sales reported to OMNIA Partners). If competitive conditions require pricing lower than the standard Master Agreement not-to- exceed pricing, Supplier may respond with lower pricing through the Master Agreement. If Supplier is awarded the contract, the sales are reported as Contract Sales to OMNIA Partners under the Master Agreement. iii. Respond with pricing higher than Master Agreement only in the unlikely event that the Public Agency refuses to utilize Master Agreement (Contract Sales are not reported to OMNIA Partners). PRE-EMPLOYMENT BACKGROUND SCREENING, RELATED PRODUCTS AND SERVICES | AUGUST 15, 2019 33 Proprietary and Confidential © 2019 Sterling | www.sterlingcheck.com iiv. If alternative or multiple proposals are permitted, respond with pricing higher than Master Agreement, and include Master Agreement as the alternate or additional proposal. Detail Supplier’s strategies under these options when responding to a solicitation. Understood End of Sterling’s Response to Appendix E, Exhibit A, Section 3.0 PRE-EMPLOYMENT BACKGROUND SCREENING, RELATED PRODUCTS AND SERVICES | AUGUST 15, 2019 34 Proprietary and Confidential © 2019 Sterling | www.sterlingcheck.com iii. The successful Offeror will be required to sign Appendix E, Exhibit B, OMNIA Partners Administration Agreement prior to Contract award. Offerors should have any reviews required to sign the document prior to submitting a response. Offeror’s response should include any proposed exceptions to OMNIA Partners Administration Agreement on Appendix B, Terms and Conditions Acceptance Form. Understood. Please see the executed Appendix E, Exhibit B included in Tab 3. iii. Include completed Appendix E, Exhibits F. Federal Funds Certifications and G. New Jersey Business Compliance. Please see the executed Appendix E, Exhibit F included in Tab 3. iv. Provide a complete description of technology and security. Include integration, infrastructure, data and reporting. Technology Sterling leads the industry in technological advancements and process automation. Sterling was among the first employment screening companies to implement an online delivery and reporting system, and we continue to lead the way in terms of turnaround time, completion rates, service, data security, and innovation. ƒ SmartData – our proprietary AI technology – automates Sterling’s criminal record screening fulfillment processes, eliminating manual processes so that background checks can be completed quickly and efficiently. Our AI technology matches relevant court records to the candidate, normalizing that court information, standardizes dispositions associated with the criminal charge, and applies FCRA and state compliance rules. Our technology engine supplements additional information through new sources or references our statutes database, where we have housed information around charge rules for every state. By eliminating the manual process over the past year, it has resulted in our criminal results being delivered 40% faster YoY. We have significantly reduced time to hire as 66%+ of Sterling’s criminal searches close within an hour. o CourtDirect System. With direct integrations with jurisdictions and our groundbreaking AI, we deliver turnaround times 50% faster than the rest of the industry. PRE-EMPLOYMENT BACKGROUND SCREENING, RELATED PRODUCTS AND SERVICES | AUGUST 15, 2019 35 Proprietary and Confidential © 2019 Sterling | www.sterlingcheck.com o Fulfillment Optimization. Sterling’s proprietary SmartData technology delivers an automated Client Matrix Application (adjudication / scoring), reducing the potential for human error and driving significantly faster turnaround times. The best part is: you only need to re-review background checks that don’t meet your standards, so your team can focus on what they do best. ƒ Candidate Hub – Our candidate entry portal provides cutting-edge technology for online consent and information collection that can be tailored specifically for ESC, resulting in a streamlined process, enhanced candidate experience, and reduced turnaround times for background checks. ƒ A SaaS-based, single platform through which ESC can manage your entire hiring process. ▪ Candidates and new hires benefit from a paper-free hiring experience with fewer repetitious forms and tasks. ESC’s users benefit from fewer touch points, less faxing and paperwork, an overall reduction in time to hire, and an improved, branded hiring experience. ▪ 24/7 access to unlimited users, requiring little to no training for users to reach full productivity. PRE-EMPLOYMENT BACKGROUND SCREENING, RELATED PRODUCTS AND SERVICES | AUGUST 15, 2019 36 Proprietary and Confidential © 2019 Sterling | www.sterlingcheck.com ▪ Ability to use our system from most mobile devices, including smartphones and tablets. ƒ Easily exported, on-demand/self-serve reporting from your dashboard. These reports include: ▪ Account Activity Summaries ▪ Turnaround Time Metrics ▪ Criminal Hit Rate Percentages ▪ Billing Reports and more Security Sterling products and services are SaaS-based and delivered via a hosted user interface. All services are web-based and are accessible with internet access, a browser, and a secure username and password log-in. To emphasize security, we require a two-factor authentication for remote network access. We have standard business office levels of security, including key card access, cameras on exterior doors, alarm systems, and badges are color coded based on FTE and contractor type. Additionally, all data centers and co-location facilities are reviewed annually for adherence to required policies and applicable certifications. PRE-EMPLOYMENT BACKGROUND SCREENING, RELATED PRODUCTS AND SERVICES | AUGUST 15, 2019 37 Proprietary and Confidential © 2019 Sterling | www.sterlingcheck.com Integration Sterling integrates with numerous Applicant Tracking Systems (ATS) and/or HRIS platforms. To streamline the recruitment- to-hire process, we partner with leading ATS providers to deliver a pre-integrated, turn-key, and completely paperless solution. By eliminating duplicate data entry and paper processes, and by lowering the risk errors associated with manual data entry, you’ll benefit from: ƒ A more compliant, end-to-end recruiting and hiring process ƒ Faster turn-around times ƒ Decreased time to hire ƒ Increased probability of hiring the most qualified candidates ƒ Increased efficiency and lower cost All Sterling products and available services can be accessed with integration. In addition, Sterling has developed strategic relationships with best-in-class partners that have allowed us to extend our platform beyond traditional employment background screening. We’re dedicated to identifying strategic partners with solutions that bring additional value to our customers. Leveraging these solutions, we can deliver fully- integrated, turn-key solutions that are easy to implement, and which improve ESC’s experience and performance Infrastructure The Sterling application is provided as a web application over HTTPS. The application is hosted behind a load balancer and consists of multiple application servers and databases on a Microsoft-based technology stack, including IIS and SQL Server. Network security is provided by Cisco firewalls and Cisco Intrusion Protection Services. Data and reporting We leverage a unique, powerful data analytics platform to collect a 360-degree view of your background screening program with new reporting features that are: ƒ Fast. We utilize marketing leading cloud solutions Amazon Web Services and Looker to produce reports based on real-time data streaming. ƒ Interactive. Our visualizations show you a complete story with data. Easy-to-read reports and organized dashboards allow users to drill down, filter, and keep exploring data. ƒ Accurate. Reports have a wide array of configurable data attributes and metrics that are detailed and accurate. ƒ Self-Service. Our self-service ability allows your users to download entire dashboards complete with underlying data for each dashboard element. ƒ Customizable data sections. These track key metrics like turnaround time, hit rates, and cost. Additionally, with reporting dashboards, users can see a high-level view of your screening program and drill down to specific candidates or searches for more information. Sterling offers the following standard reports: PRE-EMPLOYMENT BACKGROUND SCREENING, RELATED PRODUCTS AND SERVICES | AUGUST 15, 2019 38 Proprietary and Confidential © 2019 Sterling | www.sterlingcheck.com ƒ Program overview This dashboard provides a high-level summary of your overall background screening program. This dashboard gives you early visibility into spend per month, average review rates, average turnaround times, and average monthly volume metrics. ƒ Service detail A deep dive into individual product performance providing insight into the value, impact and performance of each product that’s part of the background screening program. ƒ Geographic & demographic detail A summary of critical geographic and demographic fulfillment details for core criminal products (e.g., Criminal County, Criminal State, Enhanced Nationwide and Locator Select). Details about the applicants that have been screened such as the difference in average turnaround times for different age groups, and detail about the county and state criminal searches completed. ƒ Package detail Tracks program metrics such as order volume, charges, turnaround times, and review rates by individual package. ƒ Bill code detail Tracks program metrics such as order volume, charges, turnaround times, and review rates by individual bill code. ƒ Account detail Tracks program metrics such as order volume, charges, turnaround times, and review rates by individual account. ƒ Job title detail Tracks program metrics such as order volume, charges, turnaround times, and review rates by individual job title. ƒ International detail Provides an in-depth understanding of order and product level details and metrics at an international level for criminal, public records and verification searches. ƒ Periodic comparison Allows you to quickly look at program and detailed metrics from two customizable time periods for comparison. ƒ Open orders Tracks the status of orders within the program that are still open or in progress. Helps understand what products or jurisdictions are causing delays. ƒ Turnaround time breakdown Detailed arrangement of turnaround times within an order by the different stages of the order. Please refer to the attached Program Reports and Analytics document for additional details. PRE-EMPLOYMENT BACKGROUND SCREENING, RELATED PRODUCTS AND SERVICES | AUGUST 15, 2019 39 Proprietary and Confidential © 2019 Sterling | www.sterlingcheck.com x LList technology or software requirements needed to use your system (i.e., browser vversions, etc). All Sterling services are web-based and accessible with internet access, a browser, and secure log-in credentials. There are no additional hardware or software requirements. We also provide the technology and flexibility to access and submit onboarding reports via Samsung Galaxy Tablets, Apple iPads, and smartphone mobile devices. Desktop Browser Requirements ƒ Microsoft® Internet Explorer® versions 9, 10, & 11 ƒ Mozilla® Firefox®, current, supported versions ƒ Google Chrome™, current, supported versions ƒ Apple® Safari® versions 6.x, 7.x and 8.x. Recommendations and Requirements for all Browsers ƒ Enable JavaScript, cookies, and TLS ƒ Use a minimum screen resolution of 1024 x 768 for best possible user experience Mobile Requirements ƒ Safari - latest iOS version on both iPhone and iPad ƒ Chrome - latest Android version on both smartphones and tablets x How are services ordered? Provide a description of your ordering process. Include any demo codes, if these are available. Order process All orders for background screening services originate with ESC’s personnel. After collecting the appropriate consent forms, users place their order through platform following four simple steps: ƒ Order Options ƒ Candidate Information ƒ Address History ƒ Confirmation Sterling offers three different methods when collecting consent forms —a standard E-invite, ATS/HRIS integration, or manual collection. When using E-invite, the candidate completes and electronically signs their consent form online. E-signatures are legally binding in all 50 states. Additional information can also be collected from the candidate at this time, such as previous employment or education history, eliminating data entry during the background ordering process. Upon completion of E-invite, Sterling’s system automatically stores the e-signed consent form and additional information into the candidate’s online record. At this point, ESC’s users can simply log into the platform and initiate the order. PRE-EMPLOYMENT BACKGROUND SCREENING, RELATED PRODUCTS AND SERVICES | AUGUST 15, 2019 40 Proprietary and Confidential © 2019 Sterling | www.sterlingcheck.com Since the candidate’s information is captured electronically by using E-invite, the information is already pre-populated into the system. The user simply selects the candidate’s record and initiates the order. This eliminates the need for users to perform data entry or attempt to decipher poor penmanship. By using E-invite consent forms, the entire process can be paperless. If the consent forms are manually collected, ESC’s users enter the information from the candidates’ completed consent forms into the platform and submit the order. Benefits to ESC ƒ Allows users to place orders twenty-four hours a day, seven days a week anywhere internet access is available ƒ Creates an auditable trail of when an order is submitted ƒ When using the E-invite, copies of completed and signed E-invite consent forms reside in the system and can be accessed or printed whenever necessary ƒ Orders are ready to be processed right away upon receipt by Sterling ƒ Information is readable, uniform, and clear, allowing for greater accuracy ƒ When combined with E-invite, the process can be paperless Demonstration We would be happy to schedule a demonstration for ESC. x IIs your on-line site available 24/7, 365days? Yes. x Describe your security policies. Sterling products and services are SaaS-based and delivered via a hosted user interface. All services are web-based and are accessible with internet access, a browser, and a secure username and password log-in. To emphasize security, we require a two-factor authentication for remote network access. We have standard business office levels of security, including key card access, cameras on exterior doors, alarm systems, and badges are color coded based on FTE and contractor type. Additionally, all data centers and co-location facilities are reviewed annually for adherence to required policies and applicable certifications. x What is the password policy (specific password requirements, frequency of password changes, procedure for lost user ID and password)? To access the Sterling system, a unique username and password are required. Accounts may not be shared, and passwords must be changed every 90 days, with password re-use prevented for 12 previous passwords. Passwords must meet the following requirements: ƒ Minimum length of 8 characters PRE-EMPLOYMENT BACKGROUND SCREENING, RELATED PRODUCTS AND SERVICES | AUGUST 15, 2019 41 Proprietary and Confidential © 2019 Sterling | www.sterlingcheck.com ƒ At least one upper-case letter ƒ At least one lower-case letter ƒ At least one numeric character ƒ At least one punctuation mark Users are locked out of the system after five unsuccessful attempts. Sterling’s platform supports password expiration, lockout for failed passwords, session timeouts, and complexity controls. ƒ Expiration: Passwords can be set to expire in intervals of 1, 2, 3, 6, or 12 months. You also have the option to set passwords to never expire. ƒ Lockout: The platform will lock out users for one hour after three failed login attempts to their account. Admins can also unlock the user manually. ƒ Session Timeouts: The system times out after 30 minutes and requires users to log back in. This time can also be set to 5, 10, or 20 minutes. ƒ Complexity: Passwords must be at least 8 characters and contain one number and one special character. Sterling assigns User IDs and passwords to client-authorized account representatives only. Additionally, Sterling has designed and implemented a client-configurable user, password, login, and session management system. Should an employee with access to Sterling’s web portal leave your company, your HR staff can change the password required to access Sterling’s web portal on the website or by contacting the Client Services department. User rights are established during the implementation process, including customizable capabilities to delineate each user’s precise information access. For example, super users can be designated to see all results, while others might have more limited access related to their specific departmental or other needs. The client can restrict user-access to specific data details, such as positive urinalysis, adverse criminal records, or invalid Social Security numbers. x WWhat are the policies regarding the proper maintenance and disposal of personally identifiable information? Any documents we collect during the screening process are attached to the candidate record in the Sterling platform. ESC can view the background report and supporting documents all in one place for easy reference. We retain personal information long enough to fulfill the purpose for which it was originally collected, to fulfill our legal obligations, and to allow individuals to exercise their rights under the law. We securely destroy or anonymize personal information that we are no longer required to retain. PRE-EMPLOYMENT BACKGROUND SCREENING, RELATED PRODUCTS AND SERVICES | AUGUST 15, 2019 42 Proprietary and Confidential © 2019 Sterling | www.sterlingcheck.com x EExplain your retention and disposal policy. Describe your data recovery/backup ssystem. Retention and disposal policy We retain personal information long enough to fulfill the purpose for which it was originally collected, to fulfill our legal obligations, and to allow individuals to exercise their rights under the law. We securely destroy or anonymize personal information that we are no longer required to retain. Data backup and recovery Please refer to Sterling’s attached Business Continuity Plan. x Who maintains the application? Where is your application hosted? Sterling maintains the application. Our servers are located within a securely managed infrastructure and undergo multiple reviews by independent auditors. Data Centers are located in AWS US East, Baltimore MD, and Sterling VA. Sterling backs up data from primary data center to alternate data center using real-time disk replication. x How do you isolate the information from one client to the other? We have advanced security measures in place to secure and protect your personal information, such as internal and external firewalls, monitoring and alert systems to prevent and detect intrusion attempts, and 256-bit encryption of data both in transit and at rest. Our servers are located within a securely managed infrastructure and undergo multiple reviews by independent auditors. Our employees access data through secure virtual desktop interfaces, and our online interfaces are encrypted, password protected and monitored. We employ equally rigorous physical security policies to prevent physical access to our premises. Our servers and offices, including personal information in hard copy form, are kept in access-controlled and monitored environments. All of our employees have been carefully screened and undergone thorough security and privacy training. We restrict access to personal information to individuals who need it to perform their work functions. Our operations, customer service, account management, finance, quality, vendor management and compliance teams may have regular access to personal information, and employees in other departments may access it occasionally as required to provide services, communicate with you and fulfill our legal obligations. We also enter into contractual agreements with service providers with which we may need to share your personal information, which require them to protect your personal information to the same level as we do and allow us to audit their compliance with those obligations. PRE-EMPLOYMENT BACKGROUND SCREENING, RELATED PRODUCTS AND SERVICES | AUGUST 15, 2019 43 Proprietary and Confidential © 2019 Sterling | www.sterlingcheck.com x HHow is access controlled? Our system supports role-based access control (RBAC). Administrators can create and modify user roles with specific permission sets and then assign users to those roles. The application has various access and permission possibilities. A user can be a superuser or a regular user. Superusers can be designated to see all results, while other users might have more limited access related to their specific departmental or other needs. Users or groups can be assigned access to individual screens and individual field visibility, depending on need. ESC can restrict user access to specific data details, such as positive urinalysis, adverse criminal records, or invalid Social Security numbers. x Are all the activities of your employees logged and traceable? Yes. All activities that result in the change of data are logged, including login attempts; these transactions are also replicated to our SIEM tool, AlienVault. The changes can be traced to a specific login identifier. x What notifications do you provide throughout the background screen process? Do you provide notification if a search result is delayed and if so provide details? Describe process of individual to questions the accuracy of the report, including the response time to the individual. Notifications Our notifications are very customizable. The system can notify the recruiter and/or candidate at multiple points during the background process, such as when electronic consent forms are completed, when the candidate is missing information, when the candidate has provided invalid information, and when there are alerts on results. Sterling’s platform can also be configured to send reminder notifications regarding missing information. The timing of the reminders can also be tailored to your needs. Additionally, in Sterling’s Candidate Hub, your candidates can opt in to SMS notifications that keep them engaged in the background process. Supported SMS notifications include: ƒ Portal invite ƒ Portal invite reminder ƒ Background check completed ƒ Reminder for required documents Delays The moment our researchers become aware of a potential delay that may affect turnaround time, ESC is notified regarding the nature of the delay, the reasons for the delay, and an updated completion date. PRE-EMPLOYMENT BACKGROUND SCREENING, RELATED PRODUCTS AND SERVICES | AUGUST 15, 2019 44 Proprietary and Confidential © 2019 Sterling | www.sterlingcheck.com Electronic notifications containing this detailed information are sent out to ESC’s designated contact(s). Sterling posts notifications of search delays on ESC’s custom dashboard in the Sterling system. We also notify clients of any regional delays due to lay-offs, weather, summer closures, etc. via an email and postings on our dashboard when users first log in. Dispute If a candidate wishes to dispute the accuracy of any information found on their background report, Sterling provides a fully FCRA compliant dispute resolution process. Sterling has a dedicated Dispute Resolution team specially trained to receive, investigate, and resolve applicant disputes. When an applicant contacts us to contest reported information, your organization is notified to keep you informed of the dispute resolution process. Our Dispute Resolution team then works with the candidate and investigates the disputed information. Our team will validate any supporting documents provided by the applicant with the issuing authority. Applicants can also request an explanation of Sterling investigative procedures. Both ESC and the candidate are notified with the outcome of the dispute. Disputes are resolved within 30 days of being received by our Dispute Resolution team. As allowed under the FCRA, a 15-day extension can be applied if the applicant provides additional information relating to the dispute. However, our average turnaround time for disputes is just five calendar days, so your team can resume the hiring process as quickly as possible. x HHow do you protect the confidentiality of the information? We have advanced security measures in place to secure and protect your personal information, such as internal and external firewalls, monitoring and alert systems to prevent and detect intrusion attempts, and 256-bit encryption of data both in transit and at rest. Our servers are located within a securely managed infrastructure and undergo multiple reviews by independent auditors. Our employees access data through secure virtual desktop interfaces, and our online interfaces are encrypted, password protected and monitored. We employ equally rigorous physical security policies to prevent physical access to our premises. Our servers and offices, including personal information in hard copy form, are kept in access-controlled and monitored environments. All our employees have been carefully screened and undergone thorough security and privacy training. We restrict access to personal information to individuals who need it to perform their work functions. Our operations, customer service, account management, finance, quality, vendor management and compliance teams may have regular access to personal information, and employees in other departments may access it occasionally as required to provide services, communicate with you and fulfill our legal obligations. We also enter into contractual agreements with service providers with which we may need to share your personal information, which require them to protect your personal information to the same level as we do and allow us to audit their compliance with those obligations. PRE-EMPLOYMENT BACKGROUND SCREENING, RELATED PRODUCTS AND SERVICES | AUGUST 15, 2019 45 Proprietary and Confidential © 2019 Sterling | www.sterlingcheck.com vv. Describe how Offeror responds to emergency orders. Urgent orders can be brought to the attention of your Client Success Partner. High priority issues are marked as such within Sterling’s CRM system to ensure the highest attention is given to the issue. Sterling regularly provides updates on pending items that need additional research. vi. What is Offeror’s average on time delivery rate? Describe Offeror’s history of meeting timelines. Average on time delivery rate Service Average Turnaround Time Social Security Number Trace Instant Enhanced Nationwide Criminal Database Search 3.36 hours before validation Locator Select Search 2.4 hours before validation County Criminal Records (7-Year Search) 12 hours Federal Criminal Records 1.44 hours DOJ 50-State Sex Offender Search 1.44 hours Employment Verification (US) 2.01 days Education Verification (US) 2.10 days Professional License Verification (US) 1.07 days Motor Vehicle Records 13.92 hours Consumer Credit Report 8.64 hours OFAC (Terrorist Watch List) Search 0.48 hours Drug Testing 1-2 days for negative results; 3-5 days for non-negative results History The following information is a sample of overall client turnaround times/percentages tracked through our platform. ƒ Raw numbers are based on seasonality. Some numbers will vary (e.g., if schools are closed for summer/winter break etc., then the turnaround time for education search closures will be impacted significantly during that period). PRE-EMPLOYMENT BACKGROUND SCREENING, RELATED PRODUCTS AND SERVICES | AUGUST 15, 2019 46 Proprietary and Confidential © 2019 Sterling | www.sterlingcheck.com ƒ Also, the numbers are subject to demographic and other influences; the numbers below are at our levels across the US. PProduct Day 1 % Day 2 % Day 3 % Day 4 % County Criminal (Felony/Misdemeanor) Overall 83.07% 92.84% 96.33% 98.01% National Criminal Database Overall 96.38% 98.41% 99.04% 99.33% Federal Overall 99.33% 99.82% 99.96% 99.98% Statewide Overall 85.71% 93.89% 95.86% 97.00% Education Overall 52.98% 70.21% 81.01% 86.91% Employment Overall 42.28% 63.49% 77.62% 86.12% MVR Overall 87.24% 97.08% 98.90% 99.54% vii. Describe Offeror’s ability to meet service and warranty needs. Sterling has established Service Level Agreements that keep us accountable to provide our services within a certain time frame. ETAs are provided with each order, and are based on our turnaround times for the last 90 days. We run reports on the turnaround times in each county, and any outliers that appear in these reports are analyzed to determine the source of any lengthy or abnormal turnaround times that are identified. Please refer to the attached Sample Service Level Agreement. viii. Describe your quality control procedures you follow to ensure accuracy in reporting results. Sterling follows a disciplined and scientific approach to operations management to drive quality control and enhanced customer experience. Our quality program allows us to deliver a 99% accuracy rate for millions of orders annually. Key elements of our quality program are as below: People: Dedicated and independent team of quality coaches who are process subject matter experts Methodology: A scientific methodology for quality monitoring based on statistically valid stratified sample that includes remote and side-by-side monitoring Framework: A quality measurement methodology that captures regulatory compliance, conformance to policy and procedural standards, and customer experience categorized into critical and non-critical Errors. This framework ensures real-time feedback from quality control and supervisors to identify key focus areas across both compliance and customer impact. PRE-EMPLOYMENT BACKGROUND SCREENING, RELATED PRODUCTS AND SERVICES | AUGUST 15, 2019 47 Proprietary and Confidential © 2019 Sterling | www.sterlingcheck.com Focus areas are incorporated into communication and feedback of the results at the associate level. The quality control framework for each of our processes is customized to specific control needs and regulatory compliance. Every key product is audited by quality assurance (QA) professionals. Each staff member is audited at a statistically significant level, which allows us to produce a quality metric at an individual agent level. This is an essential factor in driving the individuals’ performance ratings and pay for performance schedules. x DDescribe your methodology to ensure turnaround time reports a. Are you able to generate turnaround time reports for each order placed and for each search conducted? Yes. Please refer to the attached Program Reports and Analytics document for additional details. b. Do you notify customer if there is a delay? Yes. The moment our researchers become aware of a potential delay that may affect turnaround time, ESC is notified regarding the nature of the delay, the reasons for the delay, and an updated completion date. Electronic notifications containing this detailed information are sent out to ESC’s designated contact(s). Sterling posts notifications of search delays on ESC’s custom dashboard in the Sterling system. We also notify clients of any regional delays due to lay-offs, weather, summer closures, etc. via an email and postings on our dashboard when users first log in. ix. Describe customer service and ongoing success. x Please describe how your organization will respond to instances. What is your customer service/problem resolution process? Include hours of operation, protocol, number of services, etc. Sterling has an internal case management system used companywide through Salesforce, which monitors and records each contact or conversation with our clients and with applicants. Any client or candidate complaints reported to your Client Success Partner or Client Success Team are handled with the utmost urgency to ensure resolution. All complaints are logged, time stamped, and tracked internally through our CRM system to ensure the correct department is held accountable and that the complaint is resolved. Once a complaint is submitted, the issue is evaluated from a correction, coaching, and preventive action mechanism to ensure these are managed and minimized. Customer service hours are Monday through Friday, 8:00 a.m. to 8 p.m. EST, excluding holidays. Our response time is to reply within two hours during normal business hours. All PRE-EMPLOYMENT BACKGROUND SCREENING, RELATED PRODUCTS AND SERVICES | AUGUST 15, 2019 48 Proprietary and Confidential © 2019 Sterling | www.sterlingcheck.com phones calls/emails/faxes received after hours will be promptly responded to the next business morning. xx. Explain your firm’s conflict resolution philosophy. What is your approach to resolving conflicts? How do you handle client escalations? How do you respond to customer complaints and services issues? Do you offer business reviews? Philosophy We strive to provide ESC with exceptional service and are dedicated to responding to client concerns in a respectful, timely, and client-driven manner. Your Client Success Partner associates liaise with all necessary internal departments, so your needs are met and service related issues are efficiently resolved. Conflicts/escalations/complaints and service issues To ensure ESC’s concerns are addressed effectively and quickly, we have outlined the following escalation steps. 1. ESC contacts your Client Success Associate. Your Client Success Associate works directly with you to identify the cause of the concern and develop a resolution. Generally, the vast majority of daily operations queries can be easily responded to at this stage and addressed with a brief email or phone call. 2. Escalation to team lead or manager. If your concern has not been resolved after working with the Client Success Associate, it is then escalated to the team lead or manager of client services. Sterling team leads and managers are senior employees within the Client Success department. They have experience working with some of our largest and most complex accounts, making them knowledgeable and well-equipped to provide viable solutions. 3. Escalation to Client Success Partner. We understand that some concerns require greater authority to be satisfactorily addressed and resolved. If the concern has not yet been satisfactorily resolved, it is escalated to your Client Success Partner. All our Client Success Partners have extensive corporate HR experience and are well equipped to help provide meaningful, long-term resolutions to clients. 4. Monitor account. After implementing the resolution, your Client Success Associate continues to monitor your account to ensure that it is operating smoothly. We ensure that in addition to the designated Client Success Associate and Client Success Partner, all levels of management are available to provide client service if further escalation is required. Business reviews ESC’s dedicated Client Success Partner will proactively help you manage your relationship with Sterling. They will provide monthly, quarterly, and/ or annual business reviews. Reviews include: ƒ Past performance, including volume and turnaround times ƒ Benchmarking against similar clients PRE-EMPLOYMENT BACKGROUND SCREENING, RELATED PRODUCTS AND SERVICES | AUGUST 15, 2019 49 Proprietary and Confidential © 2019 Sterling | www.sterlingcheck.com ƒ Program initiatives ƒ Configurations ƒ New Sterling updates and enhancements ƒ Best practice recommendations This high-level review allows ESC and Sterling to develop a partnership founded upon proactive continuous improvement and innovation. Sterling can customize the frequency of these meetings and metrics to meet ESC’s preferences. xxi. Describe Offeror’s invoicing process. Sterling has worked with clients with decentralized organizational structures to streamline the process through our flexible system, which can be tailored to ESC’s specific structure. Sterling’s system has been designed with the needs of our clients in mind and provides a variety of options to customize the setup of your account. There are no limits on the number of users or subaccounts that can be created based on company, department, or geography, and no extra fees for setup. For example, separate subaccounts can be created for each ESC department and/or geography, and the individual users at each location can have unique permissions and access rights and can be tracked through the system’s reporting tools. Alternatively, Sterling can set up one main ESC account, with separate bill codes for each location, which your users can select from a dropdown list to ensure all orders are billed correctly. Sterling can work with you during implementation to develop an account structure that is most convenient for your needs. Sterling’s standard invoice options include: ƒ Monthly statement summarizing all activity by applicant ƒ Standard invoice, which groups the information listed above by individual applicant ƒ Invoice sorted by your company’s internal cost center number ƒ Invoice sorted by service ƒ Credit card billing – Sterling can accept credit cards including Visa, MasterCard, and American Express Invoicing can be: ƒ centralized (all users consolidated into one invoice) ƒ decentralized (each user receiving their own invoice) ƒ regional (groups of users receiving one invoice) Invoices can also be emailed to any number of individuals specified by ESC. These invoices can be exported electronically in PDF or Excel format. PRE-EMPLOYMENT BACKGROUND SCREENING, RELATED PRODUCTS AND SERVICES | AUGUST 15, 2019 50 Proprietary and Confidential © 2019 Sterling | www.sterlingcheck.com xxii. Describe Offeror’s contract implementation/customer transition plan. x Describe your firm’s account set-up and implementation procedure and timelines. Implementation process The strategy during an implementation is very important to understand expectations between ESC and Sterling. We act upon these through design, configuration, testing, and delivery. It will allow the delivery to be systemic in nature and will be monitored by Sterling’s Professional Services Group. Another important factor is communication. This, along with milestone achievement, will be facilitated via webinar trainings, conference calls, and, as needed, contact with ESC. These interactions will include Sterling’s PSG team, Client Success Team, and Subject Matter Experts. We set up calls to outline the details and responsibilities of all parties, after which a Scoping Requirement Documentation (SRD) and/or Integration Requirement Documentation (IRD) is created and signed off by both parties. The creation of the SRD & IRD also allows for timelines to be established and milestones identified. This alleviates many issues that may arise and addresses questions up front. Prior to implementation, Sterling also offers a proactive pre-implementation meeting called “Blue Printing”. The Sterling team comes together to pre-scope ESC requirements, inform ESC of specific requirements you should be prepared to provide, and identifies any non-standard processes. By utilizing our blue printing process this allows for a more efficient implementation process. Timeline The overall implementation plan includes a written timeline agreed to by both ESC and Sterling that covers the entire implementation process. This process typically has a six-to-eight week timeline. x Can a participating agency customize a screening program? Yes. Customizable platform Your administrative users will have full access rights to create and manage many customizable aspects of the user interface. There is also significant flexibility within each option to ensure Sterling’s systems meet your needs, including offline means for submitting orders and receiving results. They will have access to various settings to help enforce organizational screening policies such as the requirement of a bill code at time of order, à la carte ordering and compliance aspects. Below is a list of items that are most commonly utilized by administrative users: ƒ Addition of custom fields ƒ Creation and management of custom drop-down menus and/or free text fields for items like bill codes, job positions, locations, etc. PRE-EMPLOYMENT BACKGROUND SCREENING, RELATED PRODUCTS AND SERVICES | AUGUST 15, 2019 51 Proprietary and Confidential © 2019 Sterling | www.sterlingcheck.com ƒ Creation and management of users and their rights ƒ Grouping users together to view one another’s orders/candidates ƒ Creation and management of security policies for users ƒ Configuration of candidate workflow ƒ Creating and managing custom electronic forms: o Required fields can be configured to ESC’s specifications. o ESC can determine what services will be included in its customized profiles as well as its “a la carte” list of individual services. o The contents of any package may include optional services as well as those that are mandatory. o ESC can change the names of fields to match its company’s terminology. • Addition and subtraction of documents in the document library Candidate Hub ESC will have the ability to customize and brand the candidate portal to better align with your requirements for collecting information from applicants. ESC can customize items within the portal such as the verbiage on the candidates’ welcome page, company contact information displayed within the portal, and additional fields/questions the candidate completes in the workflow (beyond those required in order for Sterling to conduct the requested searches and/or verifications). Several options are: ƒ Create and managing custom email templates ƒ Create and manage email distribution lists (e.g. managing recipients of notifications) ƒ Enable certain fields to be required data points xxiii. Describe your process for training employees. Training Training guides, webinars, and video clips are made available to you during the implementation phase, to help with change management. Your project manager will put together detailed implementation documents (consisting of a statement of work, project schedule, key account stakeholder responsibilities etc.) during the implementation process. To help with change management, training guides, webinars, and video clips are made available to new clients during the implementation phase. Your project manager will also create detailed implementation documents (consisting of a statement of work, project schedule, key account stakeholder responsibilities, etc.) during the implementation process. Ongoing training Both new and existing users may benefit from ongoing training post-implementation. Ongoing training is typically provided through the following methods: PRE-EMPLOYMENT BACKGROUND SCREENING, RELATED PRODUCTS AND SERVICES | AUGUST 15, 2019 52 Proprietary and Confidential © 2019 Sterling | www.sterlingcheck.com o User guides available from the platform o Detailed release notes o ESC-specific training o Refresher training for existing users o Regularly scheduled training sessions for new users o On-demand recorded training sessions o Virtual instructor-led training classes o Interactive tutorials o Product videos o Live product demonstrations that may include new product release training, such as the roll-out of a new integration As products change, our internal training teams update the resources that are available to ESC. In addition, your dedicated Client Success Team will share blogs, white papers, relevant news articles, and compliance pieces. Sterling also periodically hosts HR-specific educational seminars with its legal and professional partners. The seminars act as information sessions that keep you abreast of legal changes and their effects on the administration of your background screening program. Seminar participants are eligible for HRCI credits towards maintaining PHR/SPHR designations. xxiv. Describe the financial condition of Offeror. It is Sterling’s belief that it is in a solid financial position. Sterling has supportive equity sponsors and a credit facility that is rated B2/B stable from Moody’s and S&P, respectively. Sterling’s management and equity partners believe in maintaining low debt to EBITDA leverage, which is why its credit rating is better than some of its competitors. Sterling’s growth has been in the double digits year over year and was a driving reason for the majority investment by Goldman Sachs in 2015. Sterling is encouraged and optimistic about its financial position for many years to come. xv. Provide a website link in order to review website ease of use, availability, and capabilities related to ordering, returns and reporting. Describe the website’s capabilities and functionality. Demonstration We would be happy to provide ESC with a live demonstration of our proprietary technology platform. rces that are available to s, th on on minar PHR/SPHR PRE-EMPLOYMENT BACKGROUND SCREENING, RELATED PRODUCTS AND SERVICES | AUGUST 15, 2019 53 Proprietary and Confidential © 2019 Sterling | www.sterlingcheck.com Website capabilities Our cloud-based, proprietary technology platform unifies ESC’s candidate orders and data into a single, unified workflow so that authorized contacts can easily place orders, manage tasks, monitor the status of background checks, and view candidate records. Highly secure and regularly updated to meet evolving compliance standards, it can be used to manage even the most complex screening program seamlessly, including criminal background checks, verifications, I-9, and drug screening. Website functionality Sterling’s solution is vendor-hosted and is based on Microsoft application technology, including IIS, ASP, SQL Server, and Active Directory. xxvi. Describe the Offeror’s safety record. Although we don’t work in or produce with physical attributes, safety and the assistance in providing the safest school campus and work environment is at the core of everything we do. The way we would measure safety is by the accuracy of our results which is currently 99.9% and our current average of applicant claims validated through a dispute investigation leading to the amendment of incorrect or incomplete information is 0.009% of the volume of criminal searches processed by Sterling xvii. Provide any additional information relevant to this section. x Describe your measures to ensure legal compliance pertaining to employment screening (i.e. FCRA, EEOC, etc.) Sterling makes sure the right questions are asked to support a compliant background screening experience, not just in the United States, but worldwide. We embrace the ever- changing landscape of federal, state, and local hiring regulations, adhering to the Fair Credit Reporting Act (FCRA), Equal Employment Opportunity Commission (EEOC), and other domestic and international regulations governing pre-employment services. x What notifications do you provide throughout the background screening process? Do you provide notification if a search result is delayed? If so, provide details. Yes. Notifications The status of the request can be viewed at any time through the platform. Each stage of the background check is provided: ƒ Initiation of the consent stage ƒ Completion of consent stage ƒ Initiation of the background check PRE-EMPLOYMENT BACKGROUND SCREENING, RELATED PRODUCTS AND SERVICES | AUGUST 15, 2019 54 Proprietary and Confidential © 2019 Sterling | www.sterlingcheck.com ƒ Issues, roadblocks, delays ƒ Completion of results Some of the notifications that can be provided are: ƒ Completion of electronic consent forms ƒ Missing information from the candidate and/or invalid information. ƒ Reminder notifications regarding missing information. (If ESC prefers an alternative option, Sterling can contact the candidate directly.) Delays The moment our researchers become aware of a potential delay that may affect turnaround time, ESC is notified regarding the nature of the delay, the reasons for the delay, and an updated completion date. Electronic notifications containing this detailed information are sent out to ESC’s designated contact(s). Sterling posts notifications of search delays on ESC’s custom dashboard in the Sterling system. We also notify clients of any regional delays due to lay-offs, weather, summer closures, etc. via an email and postings on our dashboard when users first log in. x WWhat is your company’s process for resolving consumer disputes? Please include descriptions of dispute documentation, document storage and retrieval, timeliness, internal resources, and any other applicable details. Dispute If a candidate wishes to dispute the accuracy of any information found on their background report, Sterling provides a fully FCRA compliant dispute resolution process. Sterling has a dedicated Dispute Resolution team specially trained to receive, investigate, and resolve applicant disputes. When an applicant contacts us to contest reported information, your organization is notified to keep you informed of the dispute resolution process. Our Dispute Resolution team then works with the candidate and investigates the disputed information. Our team will validate any supporting documents provided by the applicant with the issuing authority. Applicants can also request an explanation of Sterling investigative procedures. Both your organization and the candidate are notified with the outcome of the dispute. Disputes are resolved within 30 days of being received by our Dispute Resolution team. As allowed under the FCRA, a 15 day extension can be applied if the applicant provides additional information relating to the dispute. However, our average turnaround time for disputes is just 5 calendar days, so your team can resume the hiring process as quickly as possible. Retention and disposal policy We retain personal information long enough to fulfill the purpose for which it was originally collected, to fulfill our legal obligations, and to allow individuals to exercise their rights under the law. We securely destroy or anonymize personal information that we are no longer required to retain. PRE-EMPLOYMENT BACKGROUND SCREENING, RELATED PRODUCTS AND SERVICES | AUGUST 15, 2019 55 Proprietary and Confidential © 2019 Sterling | www.sterlingcheck.com x DDescribe your process for conducting onsite inspection for potential clients. As part of Sterling’s responsibilities, in order to grant access to credit reports only to qualified clients, Sterling is obliged to conduct an onsite inspection for any company that requires access to consumer credit files. Your Sales representative will: 1. Collect required documentation 2. Initiate the Onsite Inspection Process 3. Forward the results and following required documentation to our Credentialing department ƒ Sterling Infosystems, Inc. On-Site Inspection Addendum ƒ Letter of Intent 4. Credentialing will evaluate the Onsite inspection and send their approval to our Account Creation department to enable credit reports. x How will your company assist in staying abreast of legal requirements on the federal and state levels? The offeror must certify that criminal records, credit reports, sex offender status, etc. can be obtained for each state. Confirmed. Sterling’s approach to compliance in supporting ESC is to stay engaged with your business. We provide proactive, as well as agile support. Sterling conducts regular meetings with ESC’s Compliance leadership to share information and shape the agenda for proactive compliance initiatives as well as to support your urgent priorities. In addition, Sterling provides an on-site compliance training for ESC’s compliance, legal and government relations teams. The Compliance team at Sterling consists of senior level directors and associates with combined experience of over 60 years. The SVP of Compliance, a VP of Compliance, two director level professionals, and two senior managers lead a team of over 20 associates who conduct compliance-related functions including product compliance, client support, and dispute resolution. Our Compliance team works closely with our internal Legal group, reporting in to Sterling’s General Counsel. Sterling will assist ESC with developing products and practices that mitigate risk and support a compliant business model. In addition, Sterling has strategic partnerships with leading national and international employment law firms. We call on these partners to aid in our understanding of FCRA rules and to help develop policies and procedures that allow us to reduce our clients’ liability and keep candidate information secure. One of Sterling’s partners, Seyfarth Shaw, is the pre-eminent expert on FCRA regulations and issues. They played an integral role in the authoring and passage of the Fair and Accurate Credit Transactions Act (FACT Act), which amended the FCRA. PRE-EMPLOYMENT BACKGROUND SCREENING, RELATED PRODUCTS AND SERVICES | AUGUST 15, 2019 56 Proprietary and Confidential © 2019 Sterling | www.sterlingcheck.com x PPlease provide a list of countries where you have no access to certain types of bbackground information. We can provide screening solutions to all geographic regions globally, including EMEA, APAC, LATAM, and North America. We currently provide services for over 195 countries and countless other jurisdictions worldwide. We would need an understanding of the particular types of information ESC requires in order to provide these details. x Please describe how you fulfill county searches where electronic records are not available and define the frame in which these requests will be processed County level searches are considered primary source searches. In the event criminal records are not available online or through one of our primary source integrations, Sterling uses a combination of in-house employees and a network of vendor partners to obtain the small percentage of criminal records unavailable through CourtDirect. The turnaround time is approximately 10 hours for a clear report. x Please describe the process and timeline for international employment and education screenings. Availability of each search type will vary based on a country’s local environment and documentation and privacy requirements/policies. Generally, where performable, we see a 7- 10 business day turnaround time average. International employment verification We obtain written or verbal verification of former employer's name and location contact information for employers HR department Supervisor's name and department dates of employment job title as well as rate of pay (when available) reason for leaving and eligibility of rehire. The turnaround time varies per country. International education verification We obtain written or verbal verification of overseas academic credential and the institute which awarded the qualification through direct contact with the institute’s officials and against known degree mills. We verify the institution's name school campus location telephone number dates of study degree received and subject of study. The details of the results also consist of contact information for the institution's registrar's office and if institution is accredited. The turnaround time varies per country. x Does your firm outsource any parts of the screening process? If so describe how personally identifiable information is protected? Are any services “off-shore” explain in detail. Sterling maintains a captive, offshore fulfillment center where fulfillment operations are performed, though no data is stored. PRE-EMPLOYMENT BACKGROUND SCREENING, RELATED PRODUCTS AND SERVICES | AUGUST 15, 2019 57 Proprietary and Confidential © 2019 Sterling | www.sterlingcheck.com Sterling primarily utilizes one of the largest employee networks of criminal researchers. In less than 30% of the time, criminal searches are performed by contracted third parties to ensure maximum coverage and prompt results. Sterling has a team dedicated to managing these vendors and conducts monthly audits which checks results for quality to ensure maximum accuracy and the shortest possible turnaround times for our clients. PII data protection Sterling associates’ access both data and systems via secure Citrix sessions on thin client terminals that have no storage capacity. Moreover, cameras, phones or other storage devices are not permitted in the operations work areas. Lastly, all printing functions have been removed for those associates in operations using Citrix and thin clients. The facility is guarded at its point of entry and egress and monitored throughout using security cameras. Additionally, security audits of that facility are performed annually. Sterling does maintain a captive, offshore fulfillment center where fulfillment operations are performed, though no data is stored. If required, exclusive onshore fulfillment capabilities can be arranged. c) QQualification and Experience i. Provide a brief history of the Offeror, including year it was established and corporate office location. History Sterling is a privately-owned corporation that was founded in 1975 and incorporated in Delaware in 2003. We began with a staff of two employees, and have grown to over 4,000 employees globally, which includes our New York City headquarters and operations centers in the US, Canada, EMEA, and APAC. Sterling serves 25,000 clients performing over 150 million background checks and drug tests yearly in over 230 countries, territories, and dependencies across the globe. A leading provider of employment screening services, we have the knowledge and experience to conduct background checks worldwide. We have developed flexible technology that accommodates a wide range of request submission and fulfillment options, facilitating customized solutions for local users, while still ensuring consistency and compliance throughout our clients’ programs. Headquarters Sterling Infosystems, Inc., dba Sterling 1 State St. Plaza, 24th Floor New York, NY 10004 ii. Describe Offeror’s reputation in the marketplace. We have been in the background screening business since 1975. We have worked diligently to cement our relationships with over 25,000 clients through leading customer service and advocacy as well as technological advancements and innovation. We value our client relationships and are one of the only firms to proactively request feedback on a continual basis from our customers and their applicants in order to incorporate development to our teams and platform. This had led to a YoY 97% holistic client retention rate. PRE-EMPLOYMENT BACKGROUND SCREENING, RELATED PRODUCTS AND SERVICES | AUGUST 15, 2019 58 Proprietary and Confidential © 2019 Sterling | www.sterlingcheck.com iiii. Describe what differentiates you from your competitors. At Sterling, we differentiate ourselves through our people and attention to your business and culture. Our deepest concern is promoting a safe work environment for you and your employees. Through our strong financial positioning and our partnership with ESC, we will create a trust, propelled by our dedicated team, who are readily available and adaptable your culture and needs. Sterling’s main goal is to help you locate the most valuable candidates so that you can create a workplace where your employees feel confident and secure. In addition, Sterling invests approximately $60 million per year into product development and service improvement to ensure that we remain at the forefront of the background screening industry and can quickly adapt to changes in technology and customer needs. Examples include but are not limited to our recent verticalization strategy to “wrap” ourselves around our customers and adapt to their needs and requirements. Subject matter expertise and consultation in the education, government, public transportation, utility and public health care markets is an industry first. Moreover, our forward thinking investment in our identity business is a clear indicator of how we strive to deliver a first to market offering. Industry-leading turnaround times To deliver your background reports faster, Sterling uses our proprietary AI technology to automate our criminal record screening fulfillment processes. We automate 85% of our criminal record search volume, allowing us to offer you turnaround times 50% faster than the rest of the industry, with 66% of searches closing in just an hour. By removing manual intervention, we also minimize human error. While screening over 26 million candidates annually, Sterling amends an average of just 0.009% of criminal searches to correct erroneous or incomplete information. Unrivaled expertise and service ESC will be supported by a Client Success Team dedicated to government and educational services industry, so you receive tailored service with vertical expertise. Throughout our relationship, this team will learn your culture and processes so we can make the best recommendations for ESC. Each quarter, your Client Success Partner will review your screening program, benchmarking it against other clients in your industry. Working together with ESC, Sterling will help you build the screening program that best supports your culture and business goals. Candidate experience We understand how crucial a good candidate experience is for clients—this helps to form the first impressions of their new employer. Through Sterling’s candidate hub, your candidates will have the power to manage and streamline their screening process. They will navigate through a clear, modern interface that is simple to understand and easy to use from anywhere and on any device—helping them complete their tasks faster. PRE-EMPLOYMENT BACKGROUND SCREENING, RELATED PRODUCTS AND SERVICES | AUGUST 15, 2019 59 Proprietary and Confidential © 2019 Sterling | www.sterlingcheck.com Compliance Sterling makes sure the right questions are asked to support a compliant background screening experience, not just in the United States, but worldwide. We embrace the ever- changing landscape of federal, state, and local hiring regulations, adhering to the Fair Credit Reporting Act (FCRA), Equal Employment Opportunity Commission (EEOC), and other domestic and international regulations governing pre-employment services. We provide guidance and subject matter expertise on compliance through our Compliance Department and in-house counsel. Our Compliance Department is led by Angela Preston, Sterling’s Senior Vice President and Counsel - Corporate Ethics and Compliance. She is the Chair of NAPBS Board of Directors for 2018-2019 term. A seasoned professional in the background screening industry, Angela is a tenured member of the NAPBS Board of Directors having previously served terms as Director and Secretary/Treasurer, respectively. She is also actively involved in the NAPBS Government Relations Committee where she previously served as Board Liaison. Angela is also a frequent speaker and educator to the industry, and has been quoted by CNN, MSNBC, Bloomberg, SHRM, and the Daily Beast. Webinars hosted by experts The world of background screening is constantly evolving. To keep our clients informed, Sterling partners with renowned law firms, consultants, and our in-house experts to host webinars on topics important to our clients. Certain webinars also qualify for SHRM recertification credits. iiv. Describe Offeror’s reputation of products and services in the marketplace. We have built our reputation on delivering efficient, high-quality end-to-end solutions while cultivating strong, sustainable relationships. v. Describe the experience and qualification of key employees. Cecilia Green, Regional Director, Enterprise & Global Accounts Cecilia has 15+ years of B2B sales and sales leadership experience in a variety of industries including SaaS HCM solutions, performance improvement, multi-family housing, advertising and financial services. Strong track record of developing senior executive relationships through a consultative selling process that ensures client satisfaction and long-term partnerships. Gurdon Blackwell, Senior Vice President, Client Success Gurdon leads all sales functions for generating new revenue and client growth opportunities for our Industrials, Government and Education market Alla Schay, General Manager - Industrials, Government & Education Alla serves as General Manager for Sterling’s Manufacturing, Transportation, Education, Energy, Utilities & Government business lines as organization transitions from functional to business line/P&L leadership. She is the executive leader responsible for all sales, client services, marketing and product functions for this fast growing division along with oversight of back office functions. PRE-EMPLOYMENT BACKGROUND SCREENING, RELATED PRODUCTS AND SERVICES | AUGUST 15, 2019 60 Proprietary and Confidential © 2019 Sterling | www.sterlingcheck.com Client Success Team Your dedicated Client Success Team will be assigned during contract negotiations in order to determine the most relevant individuals suited to your needs. We will be happy to provide their contact information and capabilities at that time. You can be assured that this team will be proficient and knowledgeable regarding the education/government industry and will have years of experience working with clients similar to ESC. This team will be trained on your particular requirements and will work closely with you to fully understand and alleviate any concerns you may have during the implementation of your account and throughout our business relationship. We will help you screen your candidates thoroughly so that you can offer a safer working environment to your employees while giving you the comfort of knowing you have onboarded the right person. PRE-EMPLOYMENT BACKGROUND SCREENING, RELATED PRODUCTS AND SERVICES | AUGUST 15, 2019 61 Proprietary and Confidential © 2019 Sterling | www.sterlingcheck.com Client Success Team Members Role Client Success Partner ƒ Primary contact for your Client Success Team and questions about your program strategy ƒ Will hold regular strategy meetings with ESC and will benchmark your program against other clients in your industry ƒ Advise ESC about new products and services that can enhance your program ƒ Will be your gateway to Sterling’s internal network of subject matter experts ƒ Remove obstacles to your program’s success Client Services Executive ƒ Manage day-to-day questions for ESC’s end users ƒ Remove obstacles to program success Gurdon Blackwell, Head of Client Success, Education/Government ƒ Support your Client Success Partner in projects and initiatives ƒ Provide strategic oversight to program strategies ƒ Remove obstacles to program success Alla Schay, General Manager, Education/Government ƒ Leader of the Education/Government Division vvi. Describe Offeror’s experience working with the government sector. Through a combination of pre-employment background screening and workforce monitoring solutions, government agencies and over 470 leading educational institutions have long- standing relationships with Sterling to help maintain safety and public confidence. Across all levels of government, employees must provide a positive and professional experience for constituents. Sterling’s employee background checks help ensure all candidates brought in for sensitive roles are trustworthy whether your employees work on your infrastructure, handle finance or anything in between. PRE-EMPLOYMENT BACKGROUND SCREENING, RELATED PRODUCTS AND SERVICES | AUGUST 15, 2019 62 Proprietary and Confidential © 2019 Sterling | www.sterlingcheck.com vvii. Describe past litigation, bankruptcy, reorganization, state investigations of entity or current officers and directors. the answer here is fine. In connection with its performance of millions of background checks annually, Sterling is the subject of litigation from time to time, none of which has been material to Sterling’s financial health. Such litigation is generally dismissed or settled without judicial findings. Sterling is continually evaluating and improving its processes in response to litigation trends, regulatory pronouncements and statutory changes. Sterling has had no state investigations. viii. Provide a minimum of 5 customer references relating to the products and services within this RFP. Include entity name, contact name and title, contact phone and email, city, state, years serviced, description of services and annual volume. Large Corporate Account 1. Lockheed Martin Vicki Pavay – HR Manager, Pre-Boarding & Off-Boarding Programs Bethesda, MD Phone: (301) 548-2389 Email: vicki.pavay@lmco.com ƒ Client since 2002 ƒ Description of Services – Background Screening ƒ Annual volume -$2M+ Energy / Utilities 1. Duke Energy Margaret Fenner, Director, Threat Management Raleigh, NC Phone: (704) 382-2291 E-Mail: margaret.fenner@duke-energy.com ƒ Client since 2005 ƒ Description of Services – Background Screening ƒ Annual Volume - $602,864 2. Consolidated Edison Co. of New York Inc. Tom Aloisi, Human Resources Manager New York, NY Phone: (212) 460-3988 E-Mail: aloisit@coned.com ƒ Client since 2002 ƒ Description of Services – Background Screening ƒ Annual Volume – $156,385 PRE-EMPLOYMENT BACKGROUND SCREENING, RELATED PRODUCTS AND SERVICES | AUGUST 15, 2019 63 Proprietary and Confidential © 2019 Sterling | www.sterlingcheck.com Education The references listed below are education facilities that host summer camps for children, similar to ESC 1. Texas A&M University Rita Bowden, Division of Human Resources and Organizational Effectiveness College Station, TX Phone: (979) 862-1015 E-Mail : rbowden@tamu.edu ƒ Client since 2016 ƒ Description of Services – Background Screening ƒ Annual volume - $521,249 2. University of Miami Lisi Carreno, MBA, SPHR, Executive Director, Talent Acquisition Miami, FL Phone: (305) 284-6709 E-Mail : lcarreno@miami.edu ƒ Client since 2013 ƒ Description of Services – Background Screening ƒ Annual volume -$229,645 3. George Washington University Annie Hess, CCP, SHRM – SCP, Director, Talent Acquisition Washington DC Phone : (571) 553-8360 E-Mail : ahess@gwu.edu ƒ Client since 2010 ƒ Description of Services – Background Screening ƒ Annual volume - $200,655 4. Phillips Exeter Academy Amy Chick – Human Resources Administrative Coordinator Exeter, NH Phone: (603) 777-3395 E-Mail : archick@exeter.edu Human Resources Administrative Coordinator ƒ Client since 2017 ƒ Description of Services – Background Screening ƒ Annual volume - $27,962 Government clients 1. City of Fort Collins Lori Wiggins – Talent Acquisition Manager Fort Collins, CO 80524 Phone: (970) 416-4245 PRE-EMPLOYMENT BACKGROUND SCREENING, RELATED PRODUCTS AND SERVICES | AUGUST 15, 2019 64 Proprietary and Confidential © 2019 Sterling | www.sterlingcheck.com lwiggins@fcgov.com ƒ Client since 2008 ƒ Description of Services – Background Screening ƒ Annual volume - $14,319 2. City of Colorado Springs Kathryn Valtin, HR Supervisor-Recruiting Colorado Springs, CO Phone : (719) 385-5156 E-Mail : Kathryn.Valtin@coloradosprings.gov ƒ Client since 2008 ƒ Description of Services – Background Screening ƒ Annual volume - $30,067 PProvide any additional information relevant to this section. d) Value Add – i. Provide any additional information related to products and services Offeror proposes to enhance and add value to the Contract. Any optional items or packages shall be fully detailed/describe what is included in the item/package. New to 2019 Sterling Student – Students seeking employment or internships within sensitive positions or to satisfy various requirements, regulations, and policies can pay for their own background check. The results can then go directly to the campus or ISD. Sterling Identity – With Sterling Identity’s new VerifyID, candidates can verify their identity at the start of the screening process. Using their phone, candidates snap photos of their photo government issued identification card and one of themselves. Our state-of-the-art technologies will then authenticate the documents and compare the photos using both AI and human expertise. Results are usually returned within seconds. This will reduce fraud and impersonation and create faster onboarding. PRE-EMPLOYMENT BACKGROUND SCREENING, RELATED PRODUCTS AND SERVICES | AUGUST 15, 2019 65 Proprietary and Confidential © 2019 Sterling | www.sterlingcheck.com Tab 6 – Additional Required Documents (Appendix C) a. Acknowledgment and Acceptance of Region 4 ESC’s Open Records Policy (Appendix C, Doc #1) Included with proposal in this tab. b. Antitrust Statement (Tex. Government Code § 2155.005) (Appendix C, Doc #2) Included with proposal in this tab. c. Implementation of House Bill 1295 Certificate of Interested Parties (Form 1295) (Appendix C, Doc #3) Included with proposal in this tab. d. Texas Government Code 2270 Verification Form (Appendix C, Doc #4) Included with proposal in this tab. e. Any additional agreements Offeror will require Participating Agencies to sign BSRA and Credentialing Document - will be provided during contract negotiations. Appendix C ADDITIONAL REQUIRED DOCUMENTS DOC #1 Acknowledgment and Acceptance of Region 4 ESC's Open Records Policy DOC #2 Antitrust Certification Statements (Tex. Government Code § 2155.005) DOC #3 Implementation of House Bill 1295 Certificate of Interested Parties (Form 1295) DOC #4 Texas Government Code 2270 Verification Form Appendix C, Doc #1 ACKNOWLEDGMENT AND ACCEPTANCE F REGION 4 ESC's OPEN RECORDS POLICY OPEN RECORDS POLICY All proposals, information and documents submitted are subject to the Public Information Act requirements governed by the State of Texas once a Contract(s) is executed. If an Offeror believes its response, or parts of its response, may be exempted from disclosure, the Offeror must specify page -by -page and line -by-line the parts of the response, which it believes, are exempt and include detailed reasons to substantiate the exemption. Price is not confidential and will not be withheld. Any unmarked information will be considered public information and released, if requested under the Public Information Act. The determination of whether information is confidential and not subject to disclosure is the duty of the Office of Attorney General (OAG). Region 4 ESC must provide the OAG sufficient information to render an opinion and therefore, vague and general claims to confidentiality by the Offeror are not acceptable. Region 4 ESC must comply with the opinions of the OAG. Region 4 ESC assumes no responsibility for asserting legal arguments on behalf of any Offeror. Offeror is advised to consult with their legal counsel concerning disclosure issues resulting from this procurement process and to take precautions to safeguard trade secrets and other proprietary information. Signature below certifies complete acceptance of Region 4 ESC's Open Records Policy, except as noted below (additional pages may be attached, if necessary). Check one of the following responses to the Acknowledgment and Acceptance of Region 4 ESC's Open Records Policy below: X We acknowledge Region 4 ESC's Open Records Policy and declare that no information submitted with this proposal, or any part of our proposal, is exempt from disclosure under the Public Information Act. ❑ We declare the following information to be a trade secret or proprietary and exempt from disclosure under the Public Information Act. (Note: Offeror must specify page -by -page and line -by-line the parts of the response, which it believes, are exempt. In addition, Offeror must include detailed reasons to substantiate the exemption(s). Price is not confident and will not be withheld. All information believed to be a trade secret or proprietary must be listed. It is further understood that failure to identify such information, in strict accordance with the instructions, will result in that information being considered public information and released, if requested under the Public Information Act.) � d, � ") � Date Authorized Sigr)dtutV& Tt le J Appendix C, Doc #2 ANTITRUST CERTIFICATION STATEMENTS (Tex. Government Code § 2155.005) Attorney General Form I affirm under penalty of perjury of the laws of the State of Texas that: 1. 1 am duly authorized to execute this Contract on my own behalf or on behalf of the company, corporation, firm, partnership or individual (Company) listed below; 2. In connection with this proposal, neither I nor any representative of the Company has violated any provision of the Texas Free Enterprise and Antitrust Act, Tex. Bus. & Comm. Code Chapter 15; 3. In connection with this proposal, neither I nor any representative of the Company has violated any federal antitrust law; and 4. Neither I nor any representative of the Company has directly or indirectly communicated any of the contents of this proposal to a competitor of the Company or any other company, corporation, firm, partnership or individual engaged in the same line of business as the Company. Company Sterling Infosystems, Inc. dba Sterling Address 1 State St. Plaza, 241h Floor, New York, NY 10004 Official Authorizing Proposal Phone Fax Contact A114 �Signatur Printed Name ( CAt �Ctor- Position with Company Signature Printed Name Position with Company Appendix C, DOC # 3 Implementation of House Bill 1295 Certificate of Interested Parties (Form 1295): In 2015, the Texas Legislature adopted House Bill 1295, which added section 2252.908 of the Government Code. The law states that a governmental entity or state agency may not enter into certain contracts with a business entity unless the business entity submits a disclosure of interested parties to the governmental entity or state agency at the time the business entity submits the signed contract to the governmental entity or state agency. The law applies only to a contract of a governmental entity or state agency that either (1) requires an action or vote by the governing body of the entity or agency before the contract may be signed or (2) has a value of at least $1 million. The disclosure requirement applies to a contract entered into on or after January 1, 2016. The Texas Ethics Commission was required to adopt rules necessary to implement that law, prescribe the disclosure of interested parties form, and post a copy of the form on the commission’s website. The commission adopted the Certificate of Interested Parties form (Form 1295) on October 5, 2015. The commission also adopted new rules (Chapter 46) on November 30, 2015, to implement the law. The commission does not have any additional authority to enforce or interpret House Bill 1295. Filing Process: Staring on January 1, 2016, the commission will make available on its website a new filing application that must be used to file Form 1295. A business entity must use the application to enter the required information on Form 1295 and print a copy of the completed form, which will include a certification of filing that will contain a unique certification number. An authorized agent of the business entity must sign the printed copy of the form and have the form notarized. The completed Form 1295 with the certification of filing must be filed with the governmental body or state agency with which the business entity is entering into the contract. The governmental entity or state agency must notify the commission, using the commission’s filing application, of the receipt of the filed Form 1295 with the certification of filing not later than the 30th day after the date the contract binds all parties to the contract. The commission will post the completed Form 1295 to its website within seven business days after receiving notice from the governmental entity or state agency. Information regarding how to use the filing application will be available on this site starting on January 1, 2016. https://www.ethics.state.tx.us/whatsnew/elf_info_form1295.htm Last Revision: February 16, 2016 Appendix C, DOC # 4 Texas Government Code 2270 Verification Form House Bill 89 (85R Legislative Session), which adds Chapter 2270 to the Texas Government Code, provides that a governmental entity may not enter into a contract with a company without verification that the contracting vendor does not and will not boycott Israel during the term of the contract. Furthermore, Senate Bill 252 (85R Legislative Session), which amends Chapter 2252 of the Texas Government Code to add Subchapter F, prohibits contracting with a company engaged in business with Iran, Sudan or a foreign terrorist organization identified on a list prepared by the , Texas Comptroller. 1, l as an authorized representative of Sterling Infosyst64s, Inc. dba Sterling (I s-kws C. Act ottk a contractor engaged by Insert Name of Company Region 4 Education Service Center, 7145 West Tidwell Road Houston TX 77092, verify by this writing that the above -named company affirms that it (1) does not boycott Israel; and (2) will not boycott Israel during the term of this contract, or any contract with the above - named Texas governmental entity in the future. Also, our company is not listed on and we do not do business with companies that are on the Texas Comptroller of Public Accounts list of Designated Foreign Terrorists Organizations found at i#ps:Hcomptroller.texas.gov/purchasin-q/docs/foreign-terrorist.pdf. I further affirm that if our company's position on this issue is reversed and this affirmation is no longer valid, that the above -named Texas governmental entity will be notified in writing within one (1) business day and we understand that our company's failure to affirm and comply with the requirements of Texas Government Code 2270 et seq. shall be grounds for immediate contract termination without penalty to the above -named Texas governmental entity. I swear and affirm that the above is true and correct. Tcj't 4LZ" ("--" v° /&^ Signa ure of Named Aut ized Company Representative I Date STERLING ATTACHMENTS BUSINESS CONTINUITY PLAN Sterling Business Continuity Plan v. 03042019 Page i TABLE OF CONTENTS 1.0 BUSINESS CONTINUITY PLAN OVERVIEW ............................................................................................................ 1 1.1 POLICY STATEMENT ............................................................................................................................................................ 2 1.2 PLAN SCOPE ...................................................................................................................................................................... 2 1.3 PLAN OBJECTIVES ............................................................................................................................................................... 2 1.4 PLAN EXCLUSIONS .............................................................................................................................................................. 2 1.5 BCP DISTRIBUTION ............................................................................................................................................................. 2 2.0 BCP RECOVERY TEAM STRUCTURE ...................................................................................................................... 3 2.1 BCP RECOVERY TEAM DESCRIPTION: ..................................................................................................................................... 3 2.2 BUSINESS RECOVERY TEAM TASKS: ........................................................................................................................................ 3 2.3 BCP RECOVERY TEAM & FUNCTIONAL AREAS: ......................................................................................................................... 4 Client Services ................................................................................................................................................................. 4 OPS OHS .......................................................................................................................................................................... 5 OPS Public Records .......................................................................................................................................................... 5 OPS Verifications ............................................................................................................................................................. 6 OPS Order Creation & Special Operations ....................................................................................................................... 7 Human Resources ........................................................................................................................................................... 8 Product Management ..................................................................................................................................................... 9 Marketing & Communications ........................................................................................................................................ 9 Information Technology ................................................................................................................................................ 10 3.0 BUSINESS RECOVERY PROCEDURES & LOSS SCENARIOS .................................................................................... 11 3.1 BUSINESS RECOVERY PLANNING APPROACH........................................................................................................................... 11 3.2 LOSS SCENARIOS: ............................................................................................................................................................. 11 3.3 RECOVERY LEVELS ............................................................................................................................................................. 11 3.4 CRITICAL BUSINESS FUNCTIONS PRIORITIZED .......................................................................................................................... 12 4.0 RECOVERY STRATEGIES ..................................................................................................................................... 24 4.1 LOSS OF FACILITY RECOVERY STRATEGY ................................................................................................................................. 24 4.2 LOSS OF PEOPLE RECOVERY STRATEGY .................................................................................................................................. 27 4.3 LOSS OF TECHNOLOGY RECOVERY STRATEGY .......................................................................................................................... 28 4.4 LOSS OF VENDOR SERVICES RECOVERY STRATEGY ................................................................................................................. 311 Sterling Business Continuity Plan v. 03042019 Page ii PLAN MAINTENANCE HISTORY 10-28-2013 BCP Plan Draft v.10282013 Curt Schwall, 04/05/2013 06-24-2014 BCP Plan Drafts Updates v.06242014 Curt Schwall, 06/24/2014 09-18-2014 BCP Policy Update v.09182014 Marty Brodbeck, 09/18/2014 11-14-2016 BCP Plan Update v.11042016 Vikas Vig, 11/14/2016 12-12-2016 International User Update v.12122016 Vikas Vig, 12/12/2016 01-16-2017 Corrected Pagination Error v.01162017 Vikas Vig, 01/16/2017 01-30-2017 CTO Name Update v.01302017 Vikas Vig, 01/30/2017 03-17-2017 Names Updated, Formatting v.03172017 Vikas Vig, 03/17/2017 05-25-2017 Names Updated, Formatting v.05252017 Vikas Vig, 05/25/2017 05-26-2017 CAN Revision Update v.05262017 Vikas Vig, 05/26/2017 06-26-2017 Names Updated, Formatting v.06262017 Vikas Vig, 06/26/2017 07-25-2017 Names Updated, Formatting v.07252017 Vikas Vig, 07/25/2017 08-09-1017 Names Updated, Formatting v.08092017 Vikas Vig, 08/09/2017 08-15-2017 Formatting v.08152017 Vikas Vig, 08/09/2017 01-24-2018 UK and BCP plan updates v.01242018 Vikas Vig, 01/24/2018 05-07-2018 Names Updated, Formatting v.05072018 Vikas Vig, 05/07/2018 08-01-2018 Names and BCP plan updates v.08012018 Vikas Vig, 08/01/2018 10-10-2018 Names and BCP plan updates v.10102018 GV Prasad, 10/10/2018 02-04-2019 Names Updated, Formatting v.02042019 GV Prasad, 02/04/2019 03-04-2019 Names Updated, Formatting v.03042019 GV Prasad, 03/04/2019 Sterling Business Continuity Plan v. 03042019 Page 1 1.0 BUSINESS CONTINUITY PLAN OVERVIEW The purpose of the Sterling Business Continuity Plan (BCP) is to minimize the impact of any disruption to the business operation of the organization and by containing it within a predictable and predetermined period of time. Through this planning process, strategies and action plans have been developed that provide protection and alternative modes of operation for business processes to continue. To do this, Sterling has developed preventative controls, contingency resources, and procedures that are administered by the Incident Management and Recovery Team Members. This Business Continuity Plan (BCP) was developed after conducting a Business Impact Analysis (BIA) for the business groups and back office support departments at Sterling. Key risks were identified, critical functions defined, dependencies prioritized, and recovery strategies formulated. The BCP will only be used in situations when it is determined that the impact and/or business risk to the organization requires alternate business recovery strategies to maintain operations as and when directed by the Sterling Incident Management Team (IMT). A disaster/emergency condition, for this specific purpose, is defined as an event or series of events (natural or man-made), that consists of, but may not be limited to: x Loss or inability to access work facilities x Loss or unavailability of people of the organization x Disruption/inaccessibility of technology systems x Unavailability of service providers/vendors The organization recognizes that disruptions will impact the ability to continue normal capabilities following such an incident: • Loss of a Facility impacts the centralized office support resources and dependencies necessary to perform the work: Locating an alternate work space is essential. • Loss or unavailability of the organization’s professionals that are core to the business operations: Sterling must be able to leverage alternate professional expertise if employees are unavailable, both internal and external, in a timely manner to assist during a crisis to maintain deliverables. • Loss of Technology is instrumental to how the organization conducts services and there is a high level of dependency on the information technology systems which creates significant risks. • Loss of Service Provider/Vendors can contribute to delays or missed deadlines in the delivery of services by the organization. Sterling recognizes the importance of an effective BCP to maintain business operations and realizes its role in maintaining such services during and/or following an emergency situation. Sterling has adopted this plan with the primary goal of preparing, restoring and maintaining Sterling facilities, systems, and services in the event of such a disaster or significant disruption to the organization. Sterling Business Continuity Plan v. 03042019 Page 2 1.1 Policy Statement It is the Policy of Sterling to maintain a comprehensive Business Continuity Plan. All business departments are responsible for ensuring compliance with this policy and that their respective plan component is tested no less than annually. The organization’s BCP efforts exercise reasonable measures to protect the personnel, safeguard assets, and maintain business services. 1.2 Plan Scope The scope of this plan is focused on the initial 30-day period following a business disruption to maintain critical business functions, at which time alternative arrangements would need to be made to bringing service capabilities to a level to allow resumption of full business capabilities. Other supporting plan documentation includes: • Incident Management Response Plan x IT Disaster Recovery Plan 1.3 Plan Objectives x To reestablish the essential related services provided by Sterling within their required recovery window as identified in the recovery areas at the declaration of a disaster. x To suspend all non-essential activities until critical functions and dependencies have been restored. x To mitigate the impact to Sterling’s business operations through the rapid implementation of effective recovery strategies as defined herein. x To reduce confusion and misinformation by providing a clearly defined command and control structure. x References and points to the location of any data that resides outside of this document. x Provides procedures and resources needed to assist in recovery. x Identifies alternate sources for supplies, resources and locations. 1.4 Plan Exclusions x Succession of Management (Legacy Planning) x Restoration of the Primary Facilities 1.5 BCP Distribution Authorized personnel can access the plan documents at https://www.preparisapp.com/login Rest of page intentionally left blank. Sterling Business Continuity Plan v. 03042019 Page 3 2.0 BCP RECOVERY TEAM STRUCTURE 2.1 BCP Recovery Team Description: Sterling has a BCP Recovery Team consisting of Department Leaders responsible for activation of their department recovery plans. The Incident Management Team of the organization provides oversight for any crisis event and engages the Business Recovery Team based on the extent of the incident situation. Members of the BCP Recovery Team have logistical and business recovery responsibilities based on the unique circumstances of each incident. 2.2 Business Recovery Team Tasks: x Determine immediate needs x Notify department team members x Initiate alternate work procedures x Relocate as necessary x Leverage backup support resources to complete work x Utilize defined alternate technology access x Perform critical functions/ processes x Report status to the IM & BCP Team x Return to normal services Rest of page intentionally left blank. Sterling Business Continuity Plan v. 03042019 Page 4 2.3 BCP Recovery Team & Functional Areas: The following list(s) outlines the primary department recovery team leads at Sterling that are the focus for prioritizing and coordinating business recovery procedures for their business area. Some department leads may also serve on the Incident Management Team managing the response and recovery efforts. BCP Recovery Team Members (Business Functional Leads) Client Services (P) Primary / (S) Secondary P / S Department Leads Desk Phone Mobile Phone E-Mail New York HQ (P) Alla Schay (S) Vincenza Caruso-Valente Independence, OH (P) Amanda Schaefer (S) Judy Tetzlaf Roseville, CA (P) Erin Enders Manila (Taguig City) (P) John Seminiano Manila (Quezon City) (P) Kelly Valencia Mumbai (P) Rajesh Badhwar (S) Jason Athaide Swansea (P) Samantha Vaughan (S) Montreal (P) Samuel Giguere Surrey (P) Jordan LeClair (S) Nazia Raisa Rest of page left intentionally blank to keep tables intact. Sterling Business Continuity Plan v. 03042019 Page 5 OPS OHS (P) Primary / (S) Secondary OPS Public Records (P) Primary / (S) Secondary P / S Department Leads Desk Phone Mobile Phone E-Mail Independence, OH (P) Joyce Conner-Boyd (S) Mike Ensor Mumbai (P) GV Prasad (S) Amit Gurnani Swansea (P) Kate Ellis (S) Samantha Vaughan Montreal (P) Conor McKee (S) Andy Juc Surrey (P) Conor McKee (S) Andy Juc Rest of page left intentionally blank to keep tables intact. P / S Department Leads Desk Phone Mobile Phone E-Mail Independence, OH (P) Liz Lastafka (S) Lauren Leonard Bothell, WA (P) Liz Lastafka Mumbai (P) GV Prasad (S) Sundaram Iyer Sterling Business Continuity Plan v. 03042019 Page 6 OPS Verifications (P) Primary / (S) Secondary Rest of page left intentionally blank to keep tables intact. P / S Department Leads Desk Phone Mobile Phone E-Mail Independence, OH (P) Sheryl Toth (S) Lynette Whittney Manila (Taguig City) (P) Manish Yadav (S) Ralp Santos Manila (Quezon City) (P) Manish Yadav (S) Karen Raagas Mumbai (P) GV Prasad (S) Shreejith Gopi Swansea (P) Kate Ellis (S) Samantha Vaughan Montreal (P) Joel Gauthier Surrey (P) Conor McKee (S) Jason Hammond Sterling Business Continuity Plan v. 03042019 Page 7 OPS Order Creation & Special Operations (P) Primary / (S) Secondary Rest of page left intentionally blank to keep tables intact. P / S Department Leads Desk Phone Mobile Phone E-Mail Independence, OH (P) Mike Ensor (S) Brenda Patacca Mumbai (P) GV Prasad (S) Amit Gurnani Swansea (P) Kate Ellis (S) Samantha Vaughan Montreal (P) Conor McKee (S) Andy Juc Surrey (P) Conor McKee (S) Andy Juc Sterling Business Continuity Plan v. 03042019 Page 8 Human Resources (P) Primary / (S) Secondary Rest of page left intentionally blank to keep tables intact. P / S Department Leads Desk Phone Mobile Phone E-Mail New York HQ (P) Danielle Korins (S) Independence, OH (P) Dawn Shanklin (S) Anthony Pampanini Bothell, WA (P) Jenna Gardner Bellevue, WA (P) Jenna Gardner Marietta, GA (P) Jasmine Dalton Roseville, CA (P) Jenna Gardner Fort Collins, CO (P) Katie Zwetzig (S) Melissa Kelley-Hilton Manila (Taguig City) (P) Benjamin Romualdez Ruth Sarsoza Manila (Quezon City) (P) Benjamin Romualdez (S) Ruth Sarsoza Mumbai (P) Sanjay Chandel (S) Shreyas Desai Swansea (P) Brogan Hall Surrey (P) Jaspreet Murray Sterling Business Continuity Plan v. 03042019 Page 9 Product Management (P) Primary / (S) Secondary P / S Department Leads Desk Phone Mobile Phone E-Mail New York HQ (P) Chris Cassimus Roseville, CA (P) David Dickson Mumbai (P) Gaurav Singh Marketing & Communications (P) Primary / (S) Secondary Rest of page left intentionally blank to keep tables intact. P / S Department Leads Desk Phone Mobile Phone E-Mail New York HQ (P) Dasnet Garcia (S) Carrie Andrews Sterling Business Continuity Plan v. 03042019 Page 10 Information Technology (P) Primary / (S) Secondary P / S Department Leads Desk Phone Mobile Phone E-Mail New York HQ (P) Sravana Karnati (S) Gabriel N. Nunoo Marietta, GA (P) Mike Campbell (S) Troy Whitlow Independence, OH (P) Jim Likovic (S) Jon Wheeler Swansea, Wales (P) Matt Weller (S) Bellevue, WA (P) Michael Cheek (S) Matthew Orn Manila (Taguig City) (P) Jefferson Gozo Manila (Quezon City) (P) Jefferson Gozo Mumbai (P) Ravi Tadepalli (S) Preetam Shetty Rest of page intentionally left blank. Sterling Business Continuity Plan v. 03042019 Page 11 3.0 BUSINESS RECOVERY PROCEDURES & LOSS SCENARIOS 3.1 Business Recovery Planning Approach The BCP approach was developed after an in-depth review and evaluation of possible risks resulting from an actual, pending or potential, disruptive incident measured at varying degrees of intensity. This section of the plan outlines the means necessary to handle all incidents in a controlled and structured manner. It outlines the strategies to mitigate the impact of the event, recovery procedures to implement, and communication processes to follow in response to any disruptive event. 3.2 Loss Scenarios: Incidents can create varying s of disruption to business operations. These disruptions can be grouped by the type of loss and require a defined business recovery strategy for each situation. One or more of these loss scenarios can occur and must be considered in addressing the most critical business functions. The recovery strategies outlined in the next section are based on the following loss types: Loss of Facility: The facility is either temporarily or permanently unavailable. Examples might include: x The facility being destroyed by fire and smoke damage x The facility being temporarily unavailable due to flooding x The facility is disabled by power loss x The facility being temporarily unavailable due to contamination Loss of IT/Network: Business processes/functions are disabled by loss of computer function. Examples might include: x A breach has occurred in the network and the server has been shut down due to a computer virus x Equipment damage or failure and must be replaced or data connectivity lost. Loss of People: Business operation is disrupted due to the unavailability of personnel. Examples might include: x A storm or other natural disaster has prevented personnel from coming to work x An employee is in the hospital, expertise/functional knowledge not available to perform tasks x Wide-spread illness/pandemic flu has impacted a significant number of personnel x Government/Political upheaval, with protests blocking access to public thoroughfares Loss of Vendor: x Service Providers cannot provide timely support or service-impacted by site incident x Single source vendor/service provider goes out of business x Data cannot be accessed or product delivered due to issues beyond vendor’s control x Regulatory change inhibits vendor from gaining access to data 3.3 Recovery Levels Recovery strategies can be categorized into the following levels with each level designed to provide an effective recovery solution equally matched to the estimated duration of the emergency condition and the critical function recovery objectives. Sterling Business Continuity Plan v. 03042019 Page 12 LEVEL 1: INTRA-DAY OUTAGE: (CRITICAL FUNCTIONS) <0-12 HOURS An intra-day outage at Sterling <12 hours can have an impact on certain business functions. These processes can experience little to no downtime and are considered critical services. During this time period, the IM/BCP Team will assess the incident and the impacted departments will be given the highest priority. The functions will utilize alternate procedures to perform any critical tasks. LEVEL 2: TEMPORARY OUTAGE (TIME SENSITIVE FUNCTIONS) <24 HOURS If a site incident extends beyond the intraday timeline but a resolution is expected to take less than 24 hours, the incident should be classified as a temporary outage. The BCP Recovery team will execute its business continuity recovery strategy for all time sensitive functions as necessary. Functional teams with 24 hour recovery objectives will be given high priority during the temporary outage. LEVEL 3: SHORT-TERM OUTAGE (IMPORTANT FUNCTIONS) <72 HOURS A short-term outage is defined as the period of time that the organization will execute its formal business continuity recovery strategy for all important functions to be restored within 72 hours of an incident. Based on the impact to the existing site, important functions and key individuals that perform these processes will be the focus while other non-critical work assignments and associates are on standby. LEVEL 4: MEDIUM-TERM OUTAGE (PRIMARY FUNCTIONS) 3 DAYS – 2 WEEKS A medium-term outage is defined as the period of time that the organization will execute its formal business continuity recovery strategy for the recovery of all primary business service functions within 3 days to 2 weeks. Critical personnel would begin focusing on their primary responsibilities while still maintaining critical business functions. LEVEL 5: LONG-TERM OUTAGE (NON ESSENTIAL FUNCTIONS) 2 WEEKS – SEVERAL MONTHS A long-term outage is defined, as the period of time that the organization will exceed the allowed occupancy time beyond a medium-term outage of 2 weeks. A long term outage may require extensive repair work at the primary location or the entire facility has been destroyed. In this situation, a new work site for the impacted office location must be established. If the new or existing office space will not be accessible for a few months, then an alternate temporary site will be established to continue critical services in the interim. 3.4 Critical Business Functions Prioritized A business impact analysis was completed for all departments/functional areas across Sterling that identified and categorized key risks and critical business functions in an effort to respond effectively to an unplanned incident. The following table outlines the business processes across the organization requiring the highest recovery priority. Though all business functions serve an important purpose, these particular processes are most critical in the continued operation of the organization following an incident. The impacts discussed in the critical business functions assume that the impact a disaster has, does not cause the total loss of our datacenter and/or network services. The present cutover capability for a total datacenter loss is: Order Entry on Screening Direct, Work Force Direct, and VV – recovery within 48 hours; SFDC, US O365, & NetSuite recovery in < 1hr. All other services and systems, such as Fulfillment, Client integrations, VDI, US Sterling Business Continuity Plan v. 03042019 Page 13 Phones (includes India Operations) will take approximately 3 weeks to recover. While the likelihood of such a loss is highly improbable in statistical terms, it remains a caveat until the DR currently underway are executed (1st Quarter 2019), by which time we are forecasted to be able to overcome such a loss within 72 hours. In the event the Business Continuity Plan (non-datacenter loss) is initiated, the critical business functions will be prioritized per the below: Business Group/ Department: Critical Business Functions/Services: Recovery Time Objective (RTO): Technology & Vendor Dependencies Critical Functions: Recovery Strategies Client Services Impact Non- Datacenter Related 1. Account mgmt. / relationship mgmt. for Tiers 1 & 2 2. Communications- email, calls, links 3. Customer Service- day-to day operations on all tiers for existing orders. Within 1-day E-Mail Phone system Client Website/Blog VDI SBC-Legacy platform: AdminClient, AISS, Tandem, SterlingONE platform & connected applications Back-Check tools Sales Force tools US Wiki R drive Canada Wiki Sterlink Reports Manager BackCheck 2.0 Network H Drive Files: access to Client Services folder and Client Services IDS Folder (for communication with Manila and Mumbai) Cisco soft phone and IVR capabilities (V) Salesforce (V) Admin Client Axcess Microsoft applications AWS If a facility cannot be occupied-the following strategies will be considered by the Incident Management Team and Client Service Leadership: 1. Account Management (North America & UK Only) Work Remote 2. CSEs – Load balance between sites 3. CSRs – Load balance between sites Strategy: Rapid assessment of existing client orders status. Rapid assessment of phone system status and email capabilities. UK: Client Support Team: 70% Mumbai based/ 30% Swansea based 3 x Swansea based CSE’s could work remotely if Swansea offices is unavailable UK based AM’s/BRM’s and CSE’s would cover all CS matters for top 50 clients if Mumbai office is unavailable. Rest of page intentionally left blank. Sterling Business Continuity Plan v. 03042019 Page 14 Business Group/ Department: Critical Business Functions/Services: Recovery Time Objective (RTO): Technology & Vendor Dependencies Critical Functions: Recovery Strategies Operations Impact Non- Datacenter Related OHIO: Fulfill all US-mandated existing orders for: 1. Verifications 2. OHS 3. Public Records 4. Special Operations (Pre and Final Adverse Action, Managed Compliance) Within 1-day Verifications: AdminClient, AISS/Axcess Phones, Drug Testing: AISS/Axcess, AdminClient, Drug Direct, DrugPak Drug Testing Order Creation and Special Ops: AdminClient, AISS/Axcess, Public Records: Argentun (platform to process volume), AdminClient, AISS/Axcess, UK Admin Client / 2.0 / legacy Wiki Phone System R drive access H drive Access Email Microsoft Applications Data Services (CAD) BackCheck 2.0 CAD Wiki Reports Manager R Drive access PhraseExpress Email eConsent Voice Services (CAD) BackCheck 2.0 CAD Wiki e-manager Reports Manager VDS e-reference portal R Drive access Fax PhraseExpress Phones email Vendors: OHS – Labcorp, Quest, eScreen, i3Screen, Concentra, Psycmedic, etc. Criminal – court runners or vendors, FACIS, OIG, Accurint (ENW), DOJ, etc. Verif - TALX, verify jobs, NSC, NPDB 1. If an incident impacts any site load balance work to other sites. This requires ensuring the network and general infrastructure are collectively scoped for peak capacity, and that as the company grows, the peak capacity is reflected in regular network and infrastructure updates. Manila also has 2 sites to distribute work/relocate personnel between locations (upwards of 50 additional seats). For Surrey and Montreal offices, which serve as each other’s balance backup, we also have numerous employees set up to work remotely. 2. Fulfillment/Operations services in all locations will be load balanced between other designated locations. For the Mumbai location, in addition to the existing load balancing between the Manila facilities, a team of public records employees are set up to work remotely. As above, the peak resources are pre- staged in advance, and are periodically evaluated to reflect corporate and seasonal growth. Pre and Final Adverse Action are performed out of Ohio. Would need to identify alternate site to complete in US. SWANSEA: UK mandated work to be handled by remote employees in the UK. Postal certificates to be redirected to local sorting office and picked up. BOTHELL: Fulfill all US-mandated existing orders for: 1. OHS Within 1-day MUMBAI: Fulfill all non-onshore mandated existing orders for: 1. Verifications 2. OHS 3. Public Records 4. Special Operations (Pre and Final Adverse Action, Managed Compliance) 5. International Screening Within 1-day MANILA: Fulfill all US-mandated existing orders for: 1. Verifications 2. Public Records 3. International Screening Within 1-day SWANSEA: International Screening (UK Mandated) 1. Data fulfillment 2. Verification fulfillment 3. Registered office for disclosure Scotland criminal results in paper format Within 1-day MONTREAL: Fulfill all existing orders for: 1. Verifications 2. OHS 3. Public Records 4. International Screening Within 1-day SURREY: Fulfill all existing orders for: 1. Verifications 2. OHS 3. Public Records 4. International Screening Within 1-day Sterling Business Continuity Plan v. 03042019 Page 15 Business Group/ Department: Critical Business Functions/Services: Recovery Time Objective (RTO): Technology & Vendor Dependencies Critical Functions: Recovery Strategies Order Creation – accurint, TU (trace/credit) Data services CAD – police controller, Transunion, Canada Post Rest of page intentionally left blank. Sterling Business Continuity Plan v. 03042019 Page 16 Business Group/ Department: Critical Business Functions/Services: Recovery Time Objective (RTO): Technology & Vendor Dependencies Critical Functions: Recovery Strategies Human Resources Impact Non- Datacenter Related USA/UK: 1. Communications 2. Office Management 3. Payroll^ 4. Benefits 5. Recruitment 6. Performance/LMS ^ UK Payroll outsourced to ADP 1. Continuous 2. Continuous 3. Within a few days 4. Within a few days 5. When feasible 6. When feasible US/UK: Ultipro ADP-vendor hosted Time Entry system iCONNECT Outlook Legiant (US by VPN)-Security/ badging systems Vendor portals VPN Citrix 1. Options to submit/process payroll remote. Time sheets can also be done manually in US. 2. Use the Preparis notification alert system and protocols 3. Carriers can provide employee benefits support. MUMBAI: 1. Communications 2. Office Management 3. Payroll* 4. Benefits 5. Recruitment 6. Performance/LMS 7. Training & Development 8. HR Analytics * On Spreadsheets- completed with Finance- Monthly. 1. Continuous 2. Continuous 3. Within a few days 4. Within a few days 5. When feasible 6. When feasible 7. When feasible 8. When feasible Ultipro iConnect (CSOD) – Talent Management solution (V) ADP-vendor hosted MS Office and Outlook application Typing Master – hosted on local machines Kwench – Online library – (V) Survey Monkey (V / cloud) iQuest – Employee Quiz system– hosted on local server Skype – Online interviews Video Phone / Jabber – local and global interactions Watch your Health (V) – Health portal DSR Darashaw – Provides physical archiving of our employee personnel files. Recruitment agencies (we work with ~ 20 agencies in Mumbai and outside Mumbai) however names of some critical one’s are as follows: Cigniti, Radford, FOCUS, Futurz, Equations, Mentorus, Copper Gate, Genius Consultants, Genetic Callnet and Select Smart. There is a Crisis Management Committee composed of Head of Operations, HR Head and Facilities Head. Text Blast to all employees is managed by Facilities team, is done remotely, and is web-based. Preparis notification alert system to be expanded. During a crisis situation, the communication rollout is a joint effort between multiple departments. Marketing and HR will manage internal communications through different modes setup in each location (for e.g.: SMS broadcast, e- mail, or automated telephone calls that can be sent by Preparis Portal). Sterling Business Continuity Plan v. 03042019 Page 17 Business Group/ Department: Critical Business Functions/Services: Recovery Time Objective (RTO): Technology & Vendor Dependencies Critical Functions: Recovery Strategies MANILA: 1. Communications 2. Office Management 3. Payroll* 4. Benefits** 5. Recruitment 6. Performance/LMS 7. Training & Development 8. HR Analytics * Manual spreadsheets, managed by Finance ** Medical, Medical benefits processing 1. Continuous 2. Continuous 3. Within a few days 4. Within a few days 5. When feasible 6. When feasible 7. When feasible 8. When feasible Epredix (CEB assessment tool) – web-based assessment tool for applicants Typing Test.com – web-based assessment tool for applicants iConnect Outlook/Email VPN/Citrix Zalamea Online Platform for Employee Retirement Plan Survey Monkey Job Portals – e.g. Jobstreet Globe Text Connect Net Suite Google (for vendor/supplier searches) Maxicare Online Services Vendors: Shuttle service between Manila sites Legiant USICG– Benefits Administrator, Ceridian – Payroll Provider US and CAN ADP Payroll Provider UK & IND Benefits Third Party Providers Maxicare (Health provider; provider of Doctors & nurses REIA Shuttle services Jobstreet & other Job portals Pantry concessionaire Search Agencies Security & Housekeeping agencies CEB – ePredix assessment tool GLOBE Payroll managed by Finance. Biometric payroll. No electronic system; manual processing now done out of McKinley. Spreadsheets. Direct deposit. 2x/month. One Payroll Mgr.- can work remote/no back-up to this person-risk. Benefits done manually/not critical. Internal communications during BCP: they have a set of procedures in place: There is a Crisis Management Committee composed of Head of Operations, HR Head and Facilities Head. SMS broadcast to all employees is managed by Facilities team, is done remotely, and is web- based. Preparis notification alert system to be expanded. During a crisis situation, the communication rollout is a joint effort between multiple departments. Marketing and HR will manage internal communications through different modes setup in each location (for e.g.: SMS broadcast, e- mail, or automated telephone calls that can be sent by Preparis Portal) SURREY: 1. Communications 2. Office Management 3. Payroll 4. Benefits 5. Recruitment 6. Performance/LMS 1. Continuous 2. Continuous 3. Within a few days 4. When feasible 5. When feasible 6. When feasible Technology Preparis Advance tracker Outlook/MS Suite VDI NetSuite Acumatica iConnect BackCheck 2.0 BackCheck 2.0 extranet 1. Options to submit/process payroll remote. Time sheets can also be done manually and entered into timekeeping system. 90% of Payroll/Accounting staff can work remotely 2. Use of the Preparis notification alert system Sterling Business Continuity Plan v. 03042019 Page 18 Business Group/ Department: Critical Business Functions/Services: Recovery Time Objective (RTO): Technology & Vendor Dependencies Critical Functions: Recovery Strategies Vendors Ceridian (payroll) HSBC online banking Couriers Community Living (office helpers) Concessions providers Janitorial services Garbage disposal Alarm company Office supplies Blue Cross (benefits) Rest of page intentionally left blank. Sterling Business Continuity Plan v. 03042019 Page 19 Business Group/ Department: Critical Business Functions/Services: Recovery Time Objective (RTO): Technology & Vendor Dependencies Critical Functions: Recovery Strategies Marketing Impact Non- Datacenter Related Manage communications with clients. Coordinate with HR on internal communications. 1. Call clients on phone 2. Administer Salesforce 3. E-Mail Clients 4. Internal comms w. HR 5. Manage websites 6. Manage intranet 1. Continuous 2. Continuous 3. Continuous 4. Continuous 5. Within 1 day 6. Within 1 day Telephone system(s) Salesforce E-Mail Preparis iCONNECT Site Core Net Suite Company Website WordPress platform Marketing will work with the Incident Management Team (IMT) on coordinating external and internal communications. Marketing will partner with HR on the internal notifications. SFDC, web and communications teams are all equipped to work from home full time with laptops and/or desktops. The Preparis notification system will be used for all internal communications. Other communications will also be leveraged by location including call trees and SMS broadcast, e-mail, or automated telephone calls that can be sent by Preparis Portal. Manage communications with clients. Coordinate with HR on internal communications. UK 1. Administer Salesforce 2. E-Mail Clients 3. Internal comms w. HR 4. Manage websites 5. Manage intranet 1. Continuous 2. Continuous 3. Continuous 4. Within 1 day 5. Within 1 week Rest of page left intentionally blank to keep tables intact. Sterling Business Continuity Plan v. 03042019 Page 20 Business Group/ Department: Critical Business Functions/Services: Recovery Time Objective (RTO): Technology & Vendor Dependencies Critical Functions: Recovery Strategies IT Impact Non- Datacenter Related IT infrastructure, DR, security, system oversight. Service all platforms, including voice, call centers, up to the Application Tier. 1. Phones 2. Network Services 3. All Support Functions 4. Operational Platforms 5. Help transition locations & return to SLA 6. Repair/Restore what has been damaged during the event 1. Continuous 2. Continuous 3. Continuous 4. Continuous 5. Continuous 6. Continuous, but also dependent on severity and what has been damaged. Telephone system(s) All network switches & routers Desktops, laptops, mobile computing devices Outlook E-Mail All MS Office desktop apps Web servers & services / BLOG Salesforce Preparis iCONNECT Site Core Ceridian VDI SBC-Legacy platform: AdminClient, AISS, Tandem, Back-Check tools Network H Drive Files: access to Client Services folder and Client Services IDS Folder (for communication with Manila and Mumbai) Cisco soft phone and IVR capabilities Axcess AWS Drug Direct, DrugPak Drug Testing Order Creation and Argentun (platform to process volume), AdminClient, AISS/Axcess, Time Entry system iCONNECT Outlook Legiant (US by VPN)-Security/ badging systems Vendor portals VPN Citrix Ultipro iConnect (CSOD) – Talent Management solution (V) Spine (Payroll system) – hosted on local server Kwench – Online library – (V) Survey Monkey (V / cloud) iQuest – Employee Quiz system– hosted on local server Skype – Online interviews Video Phone / Jabber – local and global interactions Watch your Health (V) – Health portal CSOD – Provide Talent Management solution globally DSR Darashaw – Provides physical archiving of employee personnel files. Primary production data centers are in Baltimore and Calgary. Backups are done to disk and tape Email Office 365 hosted solution provides failover/redundancy for US mail system; Canada Email system runs out of Tier-3 Data Center. Cloud based platforms have established fail-over capabilities. Infrastructure redundancy has been established including hardware and circuit redundancy in the Baltimore and Calgary datacenters. There are three premise-based phone systems in: Calgary, Baltimore and the Mumbai operations center. Same set-up for all three systems. If damage to one phone system/site, calls would need to be re-directed to Ohio or Manila. In Mumbai, incoming calls go through the Baltimore system. Outgoing are through local carrier. The Contact Center in Baltimore controls call delivery to agents registered to the Baltimore and Calgary Phone Systems. Sterling Business Continuity Plan v. 03042019 Page 21 Business Group/ Department: Critical Business Functions/Services: Recovery Time Objective (RTO): Technology & Vendor Dependencies Critical Functions: Recovery Strategies Epredix (CEB assessment tool) – web-based assessment tool for applicants Typing Test.com – web-based assessment tool for applicants VPN/Citrix Zalamea Online Platform for Employee Retirement Plan Survey Monkey Job Portals – e.g. Jobstreet Globe Text Connect Google (for vendor/supplier searches) Maxicare Online Services Vendors: Legiant USICG– Benefits Administrator, Ceridian ADP Payroll Benefits Third Party Providers Maxicare Jobstreet & other Job portals CEB – ePredix assessment tool GLOBE OHS – Labcorp, Quest, eScreen, i3Screen, Concentra, Psycmedic, etc. Criminal – vendors, FACIS, OIG, Accurint (ENW), DOJ, etc. Verif - TALX, verify jobs, NSC, NPDB Order Creation – accurint, TU (trace/credit) Rest of page intentionally left blank. Sterling Business Continuity Plan v. 03042019 Page 22 Business Group/ Department: Critical Business Functions/Services: Recovery Time Objective (RTO): Technology & Vendor Dependencies Critical Functions: Recovery Strategies Product Management Impact Non- Datacenter Related Client Platform- Fulfillment Setup & Support -System Automation/Interface Within 24 hours PRISM/MIPS MVR Gateway Argentum Fulfillment APIs SmartData SSF Broker VIF Admin Client (Sterling West) TALX/NSCH Accurint Office Suite BackCheck 2.0 eConsent Canada Wiki US Wiki Align with DR strategy for IT to ensure key platforms are available to service the clients. Canada Wiki is hosted in Tier 3 Datacenter, backed up and configured for High Availability. US Wiki is hosted in Tier 3 Datacenter, backed up and configured for High Availability. Rest of page intentionally left blank. Sterling Business Continuity Plan v. 03042019 Page 23 This page intentionally left blank Sterling Business Continuity Plan v. 03042019 Page 24 4.0 RECOVERY STRATEGIES 4.1 Loss of Facility Recovery Strategy Key Strategies: x Account Management (Tier 1) can be maintained working remote – North America & UK. x Client Support services (Tier 2-4) can be load balanced between other designated locations. In UK, specifically, remote employees will maintain client support x Fulfillment/Operations services in all locations will be load balanced between other designated locations and remote computing enabled. x Continue to expand client services and operations head count and cross training at other existing sites to load balance and minimize risk if one site experiences a facility outage. Where this is infeasible due to space considerations, remote workers can also help with load balancing. x Critical back office support functions will be managed and performed remotely. (HR, IT, Communications) The impacts discussed in the critical business functions assume that the impact a disaster has, does not cause the total loss of our datacenter and/or network services. The present cutover capability for a total datacenter loss is: Order Entry on Screening Direct, Work Force Direct, and VV – recovery within 48 hours; SFDC, US O365, & NetSuite recovery in < 1hr. All other services and systems, such as Fulfillment, Client integrations, VDI, US Phones (includes India Operations) will take approximately 3 weeks to recover. While the likelihood of such a loss is highly improbable in statistical terms, it remains a caveat until the DR enhancements currently underway are executed (1st Quarter 2019), by which time we are forecasted to be able to overcome such a loss within 72 hours. In the event that a Sterling office experiences a significant disruption to the facility, the local Incident Coordinators and Incident Management Team (IMT) will ensure everyone is safe and accounted for and will have employees remain at home until further direction is provided by the IMT. The Preparis system will be utilized for broadcast data and event management. The system can communicate via SMS, E-Mail, and Telephone. The IMT and local site Incident Coordinator(s) will convene by conference call if the facility cannot be occupied or travel is restricted to assess the situation and provide necessary direction to the impacted business functional team leadership as defined in the Sterling Incident Management Plan. The Preparis notification alert system and other local office communication protocols will be utilized by the IMT and local Incident Coordinators to ensure all personnel are well informed of the incident and the BCP Recovery Team Leaders received the appropriate direction to begin recover efforts. Facilities, IT, HR, Communications members of the IMT will provide necessary guidance and ongoing support to the BCP Recovery Team Department Leads on recovery efforts and required directions. The recovery strategies to maintain and perform critical business functions will vary based on the severity and length of the facility outage as well the functional teams and location impacted. The following recovery strategies are outlined below by each functional team. Sterling Business Continuity Plan v. 03042019 Page 25 Client Service Account Management for Tier 1 clients can be maintained and managed through remote access and direct contact with the clients. Client support service is a function that requires centralized activities. The strategy is that if a facility is impacted where client service is performed, the work will be shifted to other locations and will load balance the additional call volume until the existing facility or alternate worksite is re- established. Additionally, client service reps based in UK will manage support through remote access and direct contact with the clients Operations Similar to the client services functions, the operations functions are performed in various locations. Fulfillment If a facility outage impacts any location, the recovery strategy is to shift the work to other locations, and/or have employees work remotely until the existing site can be re-entered or an alternate site is identified. In an outage that affects Mumbai or Manila, they will load balance each other. In an outage that affects Surrey or Montreal, they will load balance each other, and/or have employees work remotely. In an outage that affects Swansea (UK), employees work remotely Verifications In an outage that affects Mumbai or Manila, they will load balance each other. In an outage that affects Surrey or Montreal, they will load balance each other, and/or have employees work remotely. Public Records A team of public record specialists in Mumbai employees to work remotely. OHS In an outage that affects Mumbai or Ohio, they will load balance each other, and/or have employees work remotely. The leadership team continues to assess and expand cross training and personnel in other locations to further load balance the work volume and types of services performed in each location. Back Office Support The back office support functions that are identified as critical to support the business operations can primarily be performed in a remote setting if impacted. This primarily includes HR, Communication, Product Management and IT functions. IT and Product Management will work jointly to ensure systems and system platforms are operational and will collaborate remotely or at the data center(s). Payroll and personnel support will be handled remotely and communication utilizing the Preparis notification system will provide appropriate guidance, updates, and instructions to the impacted employees and recovery team leads. Temporary office space or even conference room space at a hotel/conference center will be utilized as an interim solution for required meetings. Conference call features of the system and business team specific system updates will allow for remote collaboration and updates for team members that are decentralized. Based on the severity of the facility impact, the IMT will partner with the building property management and real estate resources to identify alternate work space. The IMT will relocate the functional teams in priority order to the new/temporary office space based on functional recovery priorities defined below. This strategy will allow for critical functions to be maintained for a temporary time period until the existing office can be repaired or a new office space is established. Sterling Business Continuity Plan v. 03042019 Page 26 Though each business area of the organization handles hard copies/paper documents on a daily basis, the majority of critical documents required to conduct current work is available in electronic format or can be re-created from another source with minimal impact. Strategies to mitigate this risk are being assessed by each department of the organization to ensure all critical documents are available in electronic format. Loss of Facility Risk Summary Matrix Excluding Data Center Loss Below is a risk based categorization of each business functional area of Sterling. Each department’s risk ranking determines their respective recovery strategy for support and prioritization by the IMT. Functional Areas Risk Category Recovery Priority - Incident Management Team (Initial Response & Recovery Processes) - IT/Product Management Support-Impacted Site & Data Center. - Operations-Fulfillment (Re- direct/Re-locate) - Client Services (Re-direct/Re- locate) - Initial Employee/Client Communications - High Risk Immediate priority. (Initial 12-24 hours). Redirect functions and support recovery efforts and relocation as required. - HR- Payroll - Facilities- coordinate recovery/alternate site efforts - Marketing support for Client Services and Employees Medium Risk: Recovery of time sensitive functions and processes. (24-72 hours) - Non-essential functional team members (all groups) Low Risk: Will remain at home and on call to be available as needed. (3 days- several weeks) Rest of page left intentionally blank to keep tables intact. Sterling Business Continuity Plan v. 03042019 Page 27 4.2 Loss of People Recovery Strategy Key Strategies: Department team members are present and have sufficient knowledge and cross training to maintain critical business functions in the same locations. Continued expansion of personnel across locations and additional cross training is ongoing. In the event of a significant loss or unavailability of personnel at Sterling, non-critical work will be stopped and available personnel will be reassigned to perform critical business services where possible. Based on the BIA department reviews conducted, there is appropriate knowledge in the local offices to maintain critical functions. Other office locations have varying levels of knowledge to perform the functions but cross-training and resource allocation continues to be expanded to properly load balance the offices with the necessary expertise and capabilities to handle the work volume. HR will work with the Incident Management Team and Department Leads to support issues concerning pandemic alerts, injuries, fatalities, unavailability and application of personnel policies during recovery. The planning goal is to enable each office to be properly prepared to respond to a loss of people threat condition and to protect the organization’s critical assets. The following matrix outlines functional team members risk rating due to their criticality to support the business operations, specialized function, member count and expertise if they experienced a loss/unavailability of personnel. Each department outlines specific people strategies and support resources necessary to perform critical business functions if the primary personnel are not present. Loss of People Risk Summary Matrix Department Risk Category Risk Description - Executive Leadership - Incident Management & Recovery Team (Department Leads) - IT - Product Management - Account Management High Risk - Critical Assignment Roles - Specialized Functions/Experience - Mission Critical Timeline - Operations - Client Services - HR - Marketing - Facilities Medium Risk - Important Deadlines/Turnaround - High Volume with extended delays - Specialized Role or Single Source - Back office-non-essential resources-non client services Lower Risk - Expanded/Delayed Timeline - Redundancy/Backups - Replication of Service Data Sterling Business Continuity Plan v. 03042019 Page 28 4.3 Loss of Technology Recovery Strategy Key Strategies: x The US IT production environment (network, applications, and phone systems) is operated out of a Tier 3 data center in Baltimore, MD. The data center has redundant power, circuits and hardware capabilities in the datacenter. Our Canadian Operations utilize a Tier 3, best-in-class data center in Calgary, Alberta. The data center has redundant power, circuits, and hardware capabilities. x Remote access available utilizing a company laptop is in place for account management and key back office leadership (North America only). x In US Operations, Email and certain core production platforms have been moved to cloud- hosted providers. This provides redundancy and accessibility of employees over the internet remote. Our Canadian Operations host Email services and other core platforms from the aforementioned data center in Calgary. x Ongoing investments in 2018 will continue to enhance the recovery time for VDI, telephones, and other fulfillment systems The Sterling IT production network environment and core applications are hosted at an SSAE-16 certified Tier 3 colocation data center in Baltimore, MD monitored 24X7 that provides the highest levels of redundancy and protection from environmental events. The list of the core production systems are listed below in priority order. Email- (Office 365-cloud-based in the US, and in Canada it is hosted at a Tier 3 Datacenter) and other vendor hosted applications (i.e. Salesforce) can be accessed anywhere the internet is available. There is a reliance on the vendor’s DR capabilities that includes replication/failover to minimize downtime for access to systems. Invariably, pieces of information technology do fail from time to time. In these cases, Sterling Talent Solutions is prepared to recover from these scenarios through the following techniques: Backups – Sterling Talent Solutions utilizes database and server backup software to protect physical and virtual workloads. Database backups are offloaded to a secondary enterprise SAN for protection against data loss and data corruption. Database and server backups can be restored in-place for immediate recovery in the primary datacenter, or restored to similar or dissimilar hardware for testing and for recovery in a hardware-fault situation. Replication – Transaction log replication is implemented between primary and secondary sites for Order Entry/Capture systems. This ensures that customer and order data is backed up to our secondary site in near real-time and protected in the event of a primary data center technology or environmental failure. DR Site Failover – Failover for Order Entry systems from the primary site to the recovery site is outlined in the diagram below. These failover capabilities are tested on an annual basis. Sterling Business Continuity Plan v. 03042019 Page 29 Internet Load Balancer Pair Web Application Tier Web Application Tier Database Cluster Database Cluster Internet Load Balancer Pair Web Application Tier Web Application Tier Database Cluster Database ClusterTransaction Log Replication Baltimore, MD Data Center (Production)Sterling, VA Data Center (Recovery Site) Identical Config Identical Config Rest of page left intentionally blank to keep tables intact. Sterling Business Continuity Plan v. 03042019 Page 30 Listed below are the IT system dependencies that require the highest recovery priority to align with the recovery objectives. IT Recovery Priorities: Core System Requirements Function Systems Order Entry/Capture Screening Direct – Recruiter Portal Workforce Direct – Candidate Portal Verified Volunteers – Volunteer Portal Integrations (CLIP) – Integrated Clients (background check ordering is directly integrated with their Application Tracking System (ATS)) Operations/Verifications/Client Service Admin Client – Management Portal IFN/Argentum – Manual Court Couriers for Local Jurisdictions MIPS/PRISM – CourtDirect interface. Smart Data – Candidate Scoring for Recruiter OHS/DrugPak – Drug testing MVR – Motor Vehicle Records AISS/Axcess SalesForce BackOffice IT System Requirements Contact Center Phone System Email Fax H Drive access (department shares) VDI Rest of page intentionally left blank. Sterling Business Continuity Plan v. 03042019 Page 31 4.4 Loss of Vendor Services Recovery Strategy Critical vendors and service providers that the Sterling business teams rely upon have been identified in the BIA Matrix for each department. If a primary vendor/service provider experiences a crisis of its own, then Sterling requires that either the vendor has sufficient DR recovery capabilities, or Sterling has identified alternate providers to whom those business-critical functions can be migrated as a replacement. As a standard process, Sterling will conduct routine vendor/service provider risk assessments of their current service providers to ensure appropriate DR strategies are in place and where gaps, alternate options are considered. Listed below are the critical service providers/vendors that Sterling is reliant on. Rest of page intentionally left blank. Sterling Business Continuity Plan v. 03042019 Page 32 Department Service Provider Name/Function Operations OHS – Labcorp (US), Quest (US), eScreen (US), i3Screen (US), Concentra (US), Psycmedic (US), etc. Criminal – US court runners or vendors, FACIS (US), OIG (US), Accurint-ENW (US), DOJ (US), etc. Verif - TALX (US), Verifyjobs (US), NSCH (US), NPDB (US) Order Creation – Accurint (US), TU-trace/credit (US) Human Resources Legiant (US) USICG– Benefits Administrator (US), Ceridian – Payroll Provider US and CAN ADP Payroll Provider UK and India Benefits Third Party Providers (Global) Ultipro - Global India: CSOD – Provide Talent Management solution globally DSR Darashaw – Provides physical archiving of our employee personnel files. Recruitment agencies (we work with approximately 20 agencies in & outside Mumbai) Some critical one’s are: Cigniti, Radford, FOCUS, Futurz, Equations, Mentorus, Copper Gate, Genius Consultants, Genetic Callnet and Select Smart. Philippines: Maxicare (Health provider; provider of Doctors & nurses REIA Shuttle services Jobstreet & other Job portals Pantry concessionaire Search Agencies Security & Housekeeping agencies CEB – ePredix assessment tool GLOBE Marketing Salesforce (US) Pardot (US) WordPress (US) Sterling Business Continuity Plan v. 03042019 Page 33 IT IT Telecom Providers Location Name Carrier Carrier Service LEC Baltimore, MD AT&T MPLS 1G/1G Verizon Baltimore, MD CenturyLink MPLS 1G/1G Zayo Baltimore, MD CenturyLink SIP Trunks (450 over CenturyLink MPLS) Baltimore, MD Masergy MPLS 250M/1G Baltimore, MD OneStream SIP Trunks (400 over Masergy MPLS) Baltimore, MD Tier Point ISP 1G/1G Multiple Baltimore, MD CenturyLink ISP DDOS/1G Burstable Zayo Baltimore, MD Verizon LD PRI Baltimore, MD Verizon LD PRI Baltimore, MD Windstream LD PRI Baltimore, MD Windstream LD PRI Baltimore, MD Zayo PTP 10G/10G Bellevue, WA AT&T MPLS 100M/1G ELI Bellevue, WA CenturyLink MPLS 100M/1G CenturyLink Bothell, WA AT&T MPLS 300M/1G L3 (TW Telecom) Bothell, WA CenturyLink MPLS 300M/1G Frontier Calgary, AB Masergy MPLS 100M/1G Calgary, AB OneStream SIP Trunks (100 over Masergy MPLS) Calgary, CA AT&T MPLS 100M/1G Telus Calgary, CA Centurylink MPLS 100M/1G Shaw Cleveland, OH AT&T MPLS 100M/1G SBC Cleveland, OH CenturyLink MPLS 100M/1G Time Warner Ft. Collins, CO CenturyLink MPLS 50M/100M CenturyLink Manila, PH (McKinley) AT&T MPLS 100M/100M PLDT Manila, PH (McKinley) CenturyLink MPLS 100M/100M Globe Manila, PH (Cubao) AT&T MPLS 100M/1G PLDT Manila, PH (Cubao) CenturyLink MPLS 100M/100M Globe Marietta, GA AT&T MPLS 100M/1G ATT (Bell South) Marietta, GA CenturyLink MPLS 100M/1G AT&T (Bell South) Montreal, CAN AT&T MPLS 50M/100M Rogers Montreal, CAN CenturyLink MPLS 50M/50M Bell Canada Mumbai, IN AT&T MPLS 300M/300M Bharti Mumbai, IN CenturyLink MPLS 300M/1G Tata Mumbai, IN Vodafone MPLS 35M/Ethernet (Primary) Bharti Mumbai, IN Vodafone MPLS 35M (Secondary) Reliance Mumbai, IN Vodafone SIP Trunks (over Vodafone MPLS) NYC, NY AT&T MPLS 100M/1G LightTower NYC, NY CenturyLink MPLS 100M/1G Verizon Roseville, CA AT&T MPLS 100M/100M ATT (Pac Bell) Roseville, CA CenturyLink MPLS 50M/100M PacBell/ATT Seattle , WA AT&T MPLS 100M/1G Seattle, WA CenturyLink MPLS 100M/1G No LEC Sterling, VA AT&T MPLS 100M/1G ATT (LNS) Sterling, VA CenturyLink MPLS 100M/1G No LEC Sterling, VA CenturyLink ISP 1G Burstable No LEC Sterling, VA Zayo PTP 10G/10G Surrey, BC AT&T MPLS 100M/1G Shaw Surrey, BC CenturyLink MPLS 100M/100M Telus Swansea, UK AT&T MPLS 100M/100M Colt Swansea, UK AWS Azure All other IT systems listed in critical business functions list that support business operations. CenturyLink MPLS 50M/100M VodaFone Product Management NA Client Services NA 67(5/,1*,1)26<67(06,1& '816Š 0DLOLQJ $GGUHVV 32%2; 6HDWWOH:$  +HDGTXDUWHUV 6WDWH6W)O 1HZ<RUN1< :HEVLWH ZZZVWHUOLQJLQIRV\VWHPVFRP 3KRQH 3XUFKDVH'DWH /DVW8SGDWH'DWH $WWHQWLRQ.LPEHUO\ %XVLQHVV,QIRUPDWLRQ5HSRUW ([HFXWLYH6XPPDU\ <HDU6WDUWHG  &RQWURO<HDU  &(2 :,//,$0*5((1%/$77&+% &2&(2 (PSOR\HHV  (PSOR\HHV+HUH 8QGHWHUPLQHGDWWKLVORFDWLRQ :RUNLQJ&DSLWDO  7UDGH6W\OHV 67(5/,1*%$&.&+(&. 67(5/,1*7$/(17 62/87,216 1HW:RUWK &RPSDQ\,QIR ' %5DWLQJ ' %5DWLQJ $  )LQDQFLDO6WUHQJWK $ PLOOLRQDQGRYHU &RPSRVLWH&UHGLW$SSUDLVDO  ' %3$<'(;Š 8SWRPRQWK' %3$<'(;  8SWRPRQWK ' %3$<'(; 8SWRPRQWK' %3$<'(;  8SWRPRQWK ' %3$<'(; ' %9LDELOLW\5DWLQJ ' %9LDELOLW\5DWLQJ $' 3DJHRI %XVLQHVV,QIRUPDWLRQ5HSRUW ‹'XQ %UDGVWUHHW,QF$OOULJKWVUHVHUYHG 3DJHRI   9LDELOLW\6FRUH  $ 'DWD'HSWK,QGLFDWRU $  3RUWIROLR&RPSDULVRQ  ' &RPSDQ\3URILOH )LQDQFLDO 'DWD 7UDGH 3D\PHQWV &RPSDQ\ 6L]H <HDUVLQ %XVLQHVV $YDLODEOH $YDLODEOH 7UDGH 0HGLXP <RXQJ %XVLQHVV,QIRUPDWLRQ %XVLQHVV6XPPDU\ %UDQFK 'LYLVLRQ <(6 )LQDQFLQJ 6(&85(' )LQDQFLDO &RQGLWLRQ *22' 6,& ,QIRUPDWLRQ UHWULHYDOVHUYLFHV GHWHFWLYHDUPRUHG FDUVHUYLFHV 1$,&6  $OO2WKHU ,QIRUPDWLRQ 6HUYLFHV +LVWRU\6WDWXV &/($5  )LQDQFLDO6WUHQJWK $ PLOOLRQDQGRYHU &RPSRVLWH&UHGLW$SSUDLVDO  &UHGLW&DSDFLW\6XPPDU\ ' %5DWLQJ $ 3ULRU' % 5DWLQJ $ 5DWLQJ'DWH   3D\PHQW$FWLYLW\ EDVHGRQH[SHULHQFHV 86' $YHUDJH+LJK &UHGLW  +LJKHVW&UHGLW  7RWDO+LJKHVW &UHGLW  ' %9LDELOLW\5DWLQJ 7KH' %9LDELOLW\5DWLQJXVHV' % VSURSULHWDU\DQDO\WLFVWRFRPSDUHWKHPRVWSUHGLFWLYHEXVLQHVVULVNLQGLFDWRUVDQGGHOLYHUDKLJKO\UHOLDEOH DVVHVVPHQWRIWKHSUREDELOLW\WKDWDFRPSDQ\ZLOOQRORQJHUEHLQEXVLQHVVZLWKLQWKHQH[WPRQWKV 9LDELOLW\6FRUH  &RPSDUHGWR$OO86%XVLQHVVHVZLWKLQ' %'DWDEDVH ‡/HYHORIULVN/RZ5LVN ‡%XVLQHVVHVUDQNHGKDYHDSUREDELOLW\RIEHFRPLQJQRORQJHUYLDEOH ‡3HUFHQWDJHRIEXVLQHVVHVUDQNHG ‡$FURVVDOO86EXVLQHVVHVWKHDYHUDJHSUREDELOLW\RIEHFRPLQJQRORQJHUYLDEOH 3DJHRI %XVLQHVV,QIRUPDWLRQ5HSRUW ‹'XQ %UDGVWUHHW,QF$OOULJKWVUHVHUYHG 3DJHRI 3RUWIROLR&RPSDULVRQ  &RPSDUHGWRDOO%XVLQHVVHVZLWKLQWKHVDPH02'(/6(*0(17 0RGHO6HJPHQW$YDLODEOH)LQDQFLDO'DWD ‡/HYHORIULVN0RGHUDWH5LVN ‡%XVLQHVVHVUDQNHGZLWKLQWKLVPRGHOVHJPHQWKDYHDSUREDELOLW\RIEHFRPLQJQRORQJHUYLDEOH ‡3HUFHQWDJHRIEXVLQHVVHVUDQNHGZLWKLQWKLVPRGHOVHJPHQW ‡:LWKLQWKLVPRGHOVHJPHQWWKHDYHUDJHSUREDELOLW\RIEHFRPLQJQRORQJHUYLDEOH $'DWD'HSWK,QGLFDWRU $ 'DWD'HSWK,QGLFDWRU'HWDLOV 5LFK)LUPRJUDSKLFV ([WHQVLYH&RPPHUFLDO7UDGLQJ$FWLYLW\ &RPSUHKHQVLYH)LQDQFLDO$WWULEXWHV '&RPSDQ\3URILOH )LQDQFLDO'DWD 7UDGH3D\PHQWV &RPSDQ\6L]H <HDUVLQ %XVLQHVV $YDLODEOH $YDLODEOH 7UDGH 0HGLXP <RXQJ &RPSDQ\3URILOH'HWDLOV ‡)LQDQFLDO'DWD$YDLODEOH ‡7UDGH3D\PHQWV$YDLODEOH 7UDGH ‡%XVLQHVV6L]H0HGLXP (PSOR\HHVRU6DOHV.. ‡<HDUVLQ%XVLQHVV<RXQJ  %XVLQHVV+LVWRU\ 2IILFHUV :,//,$0*5((1%/$77&+%&2&(2 -26+3(,5(=&2&(2 5,&+$5'6(/'2135(6 '$1,(/32%5,(1&)2 $//$6&+$<&+,()*/2%$/&/,(172)),&(5 9,.$69,*(;(&935(6 '$1,(//(.25,16&+,()+52)),&(5 %,//<*2/'67(,1(930 $ *935$6$'+($'2)*/2%$/23(5$7,216 67(9(%$51(77*(1(5$/&2816(/ 65$9$1$.$51$7,&72 /283$*/,$&,2 9$/32/725$.(93352'8&79(57,&$/6 'LUHFWRUV 7+(2)),&(5 6 $VRI 7KH'HODZDUH6HFUHWDU\RI6WDWH VEXVLQHVVUHJLVWUDWLRQVILOHVKRZHGWKDW6WHUOLQJ,QIRV\VWHPV,QFZDVUHJLVWHUHGDVD&RUSRUDWLRQRQ$SULO XQGHUILOLQJQXPEHU 3DJHRI %XVLQHVV,QIRUPDWLRQ5HSRUW ‹'XQ %UDGVWUHHW,QF$OOULJKWVUHVHUYHG 3DJHRI %XVLQHVVVWDUWHG3UHVHQWFRQWUROVXFFHHGHG-XQ 5(&(17(9(17 2Q1RYHPEHUVRXUFHVVWDWHGWKDW6WHUOLQJ,QIRV\VWHPV,QF1HZ<RUN1<KDVFRPSOHWHGWKHDFTXLVLWLRQRIWKHFRPPHUFLDOVHJPHQWEXVLQHVV RI6XUHLG,QF+LOOVERUR25RQ2FWREHU:LWKWKHDFTXLVLWLRQWKHFRPPHUFLDOVHJPHQWZKLFKZLOOUHWDLQWKHEUDQGQDPH6XUH,'DVDVHSDUDWH EXVLQHVVXQLWRI6WHUOLQJDQGWKHQRQFRPPHUFLDOVHJPHQWVRI6XUH,',QFZLOORSHUDWHXQGHUDQHZDVVXPHGEXVLQHVVQDPH)RUWLRU6ROXWLRQV7HUPV RIWUDQVDFWLRQVZHUHQRWGLVFORVHG ,Q-XQ&DOHUD&DSLWDOWKHIRUPHUSDUHQWFRPSDQ\FRPSOHWHGWKHVDOHRILWVPDMRULW\LQWHUHVWLQ6WHUOLQJ%DFNFKHFNWR*ROGPDQ6DFKV0HUFKDQW %DQNLQJ'LYLVLRQDQG/D&DLVVHGHGHSRWHWSODFHPHQWGX4XHEHF:LOOLDP*UHHQEODWWFRQWLQXHVWRPDLQWDLQDPLQRULW\RZQHUVKLSLQWHUHVWLQWKH FRPSDQ\ :,//,$0*5((1%/$77ERUQSUHVHQWDFWLYHKHUH -26+3(,5(=-XO\SUHVHQWDFWLYHKHUH3UHYLRXVO\VHUYHGDV3UHVLGHQWDQG&22RI'XQ %UDGVWUHHW 5,&+$5'6(/'21SUHVHQWDFWLYHKHUH '$1,(/32%5,(1SUHVHQWDFWLYHKHUH%HIRUHMRLQLQJ6WHUOLQJVSHQWPXFKRIKLVFDUHHULQWKHWHOHFRPPXQLFDWLRQVLQGXVWU\DV&)2RI+DZDLLDQ 7HOFRPDIRUPHU9HUL]RQVXEVLGLDU\*OREDO&URVVLQJ*HQXLW\DQG*7(&RUSRUDWLRQ/HGWKHELOOLRQLQLWLDOSXEOLFRIIHULQJIRUWKHFRPSDQ\DVLWV&KLHI )LQDQFLDO2IILFHU$V&)2IRU*7(&RUSRUDWLRQKHWRRNDOHDGLQJUROHLQWKHFRPSDQ\ VPHUJHUZLWK%HOO$WODQWLF7KLVPHUJHUOHGWRWKHIRUPDWLRQRI 9HUL]RQLQ-XQH6HUYHGDV&)2RI-DFNVRQ+HZLWWZKHUHKHZRUNHGWRFRPSOHWHWKHGHEWUHVWUXFWXULQJIRUWKHFRPSDQ\+ROGVDQ0%$IURPWKH 8QLYHUVLW\RI&KLFDJR*UDGXDWH6FKRRORI%XVLQHVVDQGD%6IURP%RVWRQ&ROOHJH $//$6&+$<SUHVHQWDFWLYHKHUH3ULRUWRMRLQLQJ6WHUOLQJKHOGVHQLRUDQGVWUDWHJLFSRVLWLRQVDW:ROWHUV.OXZHU&RUSRUDWH/HJDO6HUYLFHV &/6  3UHYLRXVO\3ULQFLSDO0DQDJHPHQW&RQVXOWDQWDW3ULFHZDWHUKRXVH&RRSHUV 3Z& 5HFHLYHGKHUEDFKHORU VGHJUHHIURPWKH&ROOHJHRI:LOOLDPDQG0DU\ 9,.$69,*SUHVHQWDFWLYHKHUH '$1,(//(.25,163UHYLRXVO\DFWLYHZLWK<RGOH39+&RUS'RZ-RQHV%DQNRI$PHULFDDQG6PLWK 1HSKHZ+ROGVD%DFKHORULQ%XVLQHVVIURP ,VHQEUHJ6FKRRORI0DQDJHPHQW80DVV$PKHUVWDQGDQ([HFXWLYHEXVLQHVVFHUWLILFDWHSURJUDPIURP0,76ORDQ6FKRRORI0DQDJHPHQW %,//<*2/'67(,1SUHVHQWDFWLYHKHUH3UHYLRXVO\DFWLYHZLWK3HUVHYHQW*URXS//&DQG6WDU0RXQWDLQ&DSLWDO0DQDJLQJ'LUHFWRU+HDGRI 1RUWK$PHULFD7HOHFRP0HUFKDQW%DQNLQJDW0DFTXDULH&DSLWDO)URPWKURXJKZLWK*ROGPDQ6DFKV+ROGVDQ0%$IURP+DUYDUG%XVLQHVV 6FKRRODQGD%6(LQHOHFWULFDOHQJLQHHULQJIURPWKH8QLYHUVLW\RI3HQQV\OYDQLD *935$6$'SUHVHQWDFWLYHKHUH 67(9(%$51(77-DQXDU\SUHVHQWDFWLYHKHUH 65$9$1$.$51$7,3UHYLRXV\DFWLYHZLWK([SHGLD'LVQH\$PD]RQDQG2UDFOH+ROGVD3K'LQ$,$SSOLFDWLRQVLQ&KHPLFDO(QJLQHHULQJIURP7KH 2KLR6WDWH8QLYHUVLW\ /283$*/,$SUHVHQWDFWLYHKHUH+HVSUHYLRXVO\KHOGH[HFXWLYHUROHVDW-LUDIH,QIRJURXS6QDJDMRE'RZ-RQHV)DFWLYD0791HWZRUNVDQG $ERXWFRP+ROGVDQ0%$IURP0,76ORDQ6FKRRORI0DQDJHPHQWDQGD%%$IURP-DPHV0DGLVRQ8QLYHUVLW\LQ&RPSXWHU,QIRUPDWLRQ6\VWHPV 9$/32/725$.SUHVHQWDFWLYHKHUH :LOOLDP*UHHQEODWWLVDOVRDQRIILFHULQWKHIROORZLQJ 6WHUOLQJ7HVWLQJ6\VWHPV,QF1HZ<RUN1<VWDUWHG3HUIRUPVEDFNJURXQGLQYHVWLJDWLRQVDQGGUXJWHVWLQJ,QWHUFRPSDQ\UHODWLRQVFRQVLVWVRI VKDUHGHPSOR\HHVDQGIDFLOLWLHV $)),/,$7(6 7KHIROORZLQJDUHUHODWHGWKURXJKFRPPRQSULQFLSDOVPDQDJHPHQWDQGRURZQHUVKLS6WHUOLQJ7HVWLQJ6\VWHPV,QF1HZ<RUN1<6WDUWHG   '816,QWHUFRPSDQ\UHODWLRQV1RQHUHSRUWHGE\PDQDJHPHQW 6KDUHKROGHUV *ROGPDQ6DFKV1HZ<RUN1<2SHUDWHVDVDQLQYHVWPHQWFRPSDQ\ /D&DLVVHGHGHSRWHWSODFHPHQWGX4XHEHF2SHUDWHVDVDQLQYHVWPHQWFRPSDQ\ :LOOLDP*UHHQEODWW)RXQGHUDQG&R&(2RIVXEMHFWFRPSDQ\ %XVLQHVVDGGUHVVKDVFKDQJHGIURP:WK6W)O1HZ<RUN1<WR6WDWH6W)O1HZ<RUN1< 3DJHRI %XVLQHVV,QIRUPDWLRQ5HSRUW ‹'XQ %UDGVWUHHW,QF$OOULJKWVUHVHUYHG 3DJHRI %XVLQHVV5HJLVWUDWLRQ &25325$7($1'%86,1(665(*,675$7,2165(3257('%<7+(6(&5(7$5<2)67$7(2527+(52)),&,$/6285&($62)6HS 5HJLVWHUHG1DPH 67(5/,1* ,1)26<67(06 ,1& %XVLQHVV7\SH '20(67,& &25325$7,21 &RUSRUDWLRQ7\SH 352),7 ,QFRUSRUDWHG'DWH  6WDWHRI,QFRUSRUDWLRQ *(25*,$ )LOLQJ'DWH  5HJLVWUDWLRQ,' 'XUDWLRQ 3(53(78$/ 6WDWXV $&7,9(&203/,$1&( 6WDWXV$WWDLQHG 'DWH  :KHUH)LOHG 6(&5(7$5<2) 67$7(%86,1(66 6(59,&(6$1' 5(*8/$7,216&25325$7( ',9,6,21 $7/$17$*$ 5HJLVWHUHG $JHQW 3$5$&253 ,1&25325$7(' +$5'<,9(6 /$1( /$:5(1&(9,//( *$ 3ULQFLSDOV 1DPH 7LWOH &/$5(+$57 &+,() (;(&87,9( 2)),&(5 67$7(675((73/$=$7+)/2251(: <25.1< '$1,(/2 %5,(1 &+,() ),1$1&,$/ 2)),&(5 67$7(675((73/$=$7+)/2251(: <25.1< 67(9( %$51(77 6(&5(7$5< 67$7(675((73/$=$7+)/2251(: <25.1< *RYHUQPHQW$FWLYLW\6XPPDU\ $FWLYLW\6XPPDU\ %RUURZHU1R $GPLQLVWUDWLYH'HEW1R *UDQWHH1R 3DUW\([FOXGHGIURP )HGHUDO3URJUDPV 1R 3XEOLF&RPSDQ\1$ &RQWUDFWRU1R ,PSRUWHU([SRUWHU1$ /DERU6XUSOXV$UHD1$ 6PDOO%XVLQHVV1$ :RPHQ2ZQHG1$ 0LQRULW\2ZQHG<HV 3RVVLEOHFDQGLGDWHIRUVRFLRHFRQRPLFSURJUDPFRQVLGHUDWLRQ 7KHGHWDLOVSURYLGHGLQWKH*RYHUQPHQW$FWLYLW\VHFWLRQDUHDVUHSRUWHGWR'XQ %UDGVWUHHWE\WKHIHGHUDOJRYHUQPHQWDQGRWKHUVRXUFHV 2SHUDWLRQV'DWD $VRI 'HVFULSWLRQ3URYLGHVLQIRUPDWLRQUHWULHYDOVHUYLFHVVSHFLDOL]LQJLQGDWDEDVHLQIRUPDWLRQ3URYLGHVGHWHFWLYHJXDUGRUDUPRUHGFDU VHUYLFHVVSHFLDOL]LQJLQGHWHFWLYHVHUYLFHV +DVDFFRXQW V 7HUPVDUH1HWGD\V6HOOVWRUHWDLOHUVDQGFRPPHUFLDOFRQFHUQV7HUULWRU\/RFDO 1RQVHDVRQDO (PSOR\HHVZKLFKLQFOXGHVRIILFHU V 8QGHWHUPLQHGHPSOR\HGKHUH )DFLOLWLHV5HQWVVTIWLQDEXLOGLQJ ,QGXVWU\'DWD 6,& &RGH 'HVFULSWLRQ  'DWDEDVHLQIRUPDWLRQUHWULHYDO  'HWHFWLYHVHUYLFHV 1$,&6 &RGH 'HVFULSWLRQ  $OO2WKHU,QIRUPDWLRQ6HUYLFHV  ,QYHVWLJDWLRQ6HUYLFHV 3DJHRI %XVLQHVV,QIRUPDWLRQ5HSRUW ‹'XQ %UDGVWUHHW,QF$OOULJKWVUHVHUYHG 3DJHRI )DPLO\7UHH %UDQFKHV'RPHVWLF 67(5/,1* ,1)26<67(06,1& '81 6Š $.$2&&83$7,21$/ +($/7+$1'6$)(7< '(3$570(17 52&.6,'(5' ,1'(3(1'(1&(2+   6XEVLGLDULHV'RPHVWLF %,6+2366(59,&(6 ,1&25325$7(' '81 6Š 67$7(67)/ 1(:<25.1<  $%62 '81 6Š &5((.6,'( 5,'*(&7)/ 526(9,//(&$  6766,'//& '81 6Š $.$685(,' 6: *5((1%85*5'67(  3257/$1'25   6XEVLGLDULHV*OREDO 6WHUOLQJ7DOHQW 6ROXWLRQV&DQDGD&RUS '81 6Š $YH6XLWH  6855(<*5($7(5 9$1&289(591 & &$ &KHFNZHOO6ROXWLRQV &RUSRUDWLRQ '81 6Š $.$%DFN&KHFNGLYRI $YH6XLWH  6855(<*5($7(5 9$1&289(591 & &$ 67(5/,1* ,1)250$7,21 5(6285&(6,1',$ 35,9$7(/,0,7(' '81 6Š WK)ORRU*&RUS7HFK 3DUN .DVDUYDGDYDOL *KRGEKXQGHU5RDG 7+$1( ,1 67(5/,1*7$/(17 62/87,216 3+,/,33,1(6,1& '81 6Š WK)ORRU6FLHQFH+XE 7RZHU%XLOGLQJ 0F.LQOH\+LOO &\EHUSDUN 7$*,* 3+  7KLVOLVWLVOLPLWHGWRWKHILUVWEUDQFKHVVXEVLGLDULHVGLYLVLRQVDQGDIILOLDWHVERWKGRPHVWLFDQGLQWHUQDWLRQDO3OHDVHXVHWKH*OREDO)DPLO\/LQNDJH/LQN DERYHWRYLHZWKHIXOOOLVWLQJ 3DJHRI %XVLQHVV,QIRUPDWLRQ5HSRUW ‹'XQ %UDGVWUHHW,QF$OOULJKWVUHVHUYHG 3DJHRI )LQDQFLDO6WDWHPHQWV 7ZR<HDUV&RPSDUDWLYH6WDWHPHQW )LVFDO&RQVROLGDWHG 'HF 86' )LVFDO&RQVROLGDWHG 'HF 86' &XUU$VVHWV   &XUU/LDEV   &XUUHQW5DWLR   :RUNLQJ&DSLWDO   2WKHU$VVHWV   :RUWK   /RQJ7HUP/LDE   7KLV %XVLQHVV ,QGXVWU\ 0HGLDQ ,QGXVWU\ 4XDUWLOH 3URILWDELOLW\ 5HWXUQRQ6DOHV 81  81 5HWXUQRQ1HW:RUWK 81  81 6KRUW7HUP6ROYHQF\ &XUUHQW5DWLR    4XLFN5DWLR 81  81 (IILFLHQF\ $VVHWV6DOHV 81  81 6DOHV1HW:RUNLQJ&DSLWDO 81  81 8WLOL]DWLRQ 7RWDO/LDEV1HW:RUWK 81  81 $VRI .H\%XVLQHVV5DWLRV %DVHGRQHVWDEOLVKPHQWV 0RVW5HFHQW)LQDQFLDO6WDWHPHQW $VRI 6WDWHPHQW6RXUFH $FFRXQWDQW3ULFHZDWHUKRXVH&RRSHUV//31HZ<RUN1< $FFRXQWDQW V2SLQLRQ $UHYLHZRIWKHDFFRXQWDQW VRSLQLRQLQGLFDWHVWKHILQDQFLDOVWDWHPHQWVPHHWJHQHUDOO\DFFHSWHGDFFRXQWLQJSULQFLSOHVDQGWKDWWKHDXGLWFRQWDLQVQR TXDOLILFDWLRQV 67$7(0(17,7(0(;3/$1$7,216 7KHUHDUHLQWDQJLEOHVZKLFKUHSUHVHQWJRRGZLOODQGRWKHULQWDQJLEOHDVVHWV &RQWLQJHQFLHV 1RQH 1RQFXUUHQWDVVHWVFRQVLVWRIIL[HGDVVHWVLQWDQJLEOHVDQGJRRGZLOO /RQJWHUPOLDELOLWLHVFRQVLVWRIFDSLWDOOHDVHREOLJDWLRQVGHIHUUHGWD[HVDQGRWKHUOLDELOLWLHV &855(17$66(76 &RQVLVWRIFDVKDFFRXQWVUHFHLYDEOHSUHSDLGVDQGLQFRPHWD[UHFHLYDEOH &855(17/,$%,/,7,(6 &RQVLVWRIDFFRXQWVSD\DEOHDFFUXDOVFXUUHQWSRUWLRQORQJWHUPGHEWFXUUHQWSRUWLRQFDSLWDOOHDVHREOLJDWLRQVDQGRWKHUFXUUHQWOLDELOLWLHV /,48,',7< /LTXLGDVVHWVSURYLGHDGHTXDWHFRYHUDJHRIFXUUHQWOLDELOLWLHV 2Q$8*'DQLHO32EULHQ&)2VXEPLWWHGWKHDERYHILJXUHV 3DJHRI %XVLQHVV,QIRUPDWLRQ5HSRUW ‹'XQ %UDGVWUHHW,QF$OOULJKWVUHVHUYHG 3DJHRI ,QGLFDWRUV 3XEOLF)LOLQJV6XPPDU\ 7KHIROORZLQJGDWDLQFOXGHVERWKRSHQDQGFORVHGILOLQJVIRXQGLQ' % VGDWDEDVHRQWKLVFRPSDQ\ 5HFRUG7\SH 1RRI5HFRUGV 0RVW5HFHQW)LOLQJ'DWH -XGJPHQW  /LHQ  6XLW  8&&  3XEOLF)LOLQJV %DQNUXSWF\-XGJPHQW /LHQ 6XLW 8&& 7KHIROORZLQJ3XEOLF)LOLQJGDWDLVIRULQIRUPDWLRQSXUSRVHVRQO\DQGLVQRWWKHRIILFLDOUHFRUG&HUWLILHGFRSLHVFDQRQO\EHREWDLQHGIURPWKHRIILFLDOVRXUFH 3DJHRI %XVLQHVV,QIRUPDWLRQ5HSRUW ‹'XQ %UDGVWUHHW,QF$OOULJKWVUHVHUYHG 3DJHRI )XOO)LOLQJV 8&&)LOLQJV &ROODWHUDO $OO$VVHWV )LOLQJ1R :KHUH)LOHG 6(&5(7$5<2)67$7(8&&',9,6,21'29(5'( 6HFXUHG3DUW\.(<%$1.1$7,21$/$662&,$7,21$6&2//$7(5$/$*(17 &/(9(/$1'2+ 'HEWRU 67(5/,1*,1)26<67(06,1& /DWHVW,QIR 5HFHLYHG  7\SH 2ULJLQDO 'DWH)LOHG  &ROODWHUDO $OO$VVHWV )LOLQJ1R :KHUH)LOHG 6(&5(7$5<2)67$7(8&&',9,6,21'29(5'( 6HFXUHG3DUW\.(<%$1.1$7,21$/$662&,$7,21$6&2//$7(5$/$*(17 &/(9(/$1'2+ 'HEWRU 67(5/,1*,1)26<67(06,1& /DWHVW,QIR 5HFHLYHG  7\SH 2ULJLQDO 'DWH)LOHG  &ROODWHUDO /HDVHG,QYHQWRU\DQGSURFHHGV&KDWWHOSDSHUDQGSURFHHGV )LOLQJ1R :KHUH)LOHG 6(&5(7$5<2)67$7(8&&',9,6,21'29(5'( 6HFXUHG3DUW\&,6&26<67(06&$3,7$/&25325$7,216$1-26(&$ 'HEWRU 67(5/,1*,1)26<67(06,1& /DWHVW,QIR 5HFHLYHG  7\SH 2ULJLQDO 'DWH)LOHG  )LOLQJ1R :KHUH)LOHG 6(&5(7$5<2)67$7(8&&',9,6,21'29(5'( 6HFXUHG3DUW\&,6&26<67(06&$3,7$/&25325$7,21 'HEWRU 67(5/,1*,1)26<67(06,1& /DWHVW,QIR 5HFHLYHG  7\SH $PHQGPHQW 'DWH)LOHG  2ULJLQDO)LOLQJ1R )LOLQJ1R 2ULJLQDO8&&)LOHG 'DWH  :KHUH)LOHG 6(&5(7$5<2)67$7(8&&',9,6,21'29(5'( 6HFXUHG3DUW\&,6&26<67(06&$3,7$/&25325$7,216$1-26(&$ 'HEWRU 67(5/,1*,1)26<67(06,1& /DWHVW,QIR 5HFHLYHG  7\SH &RQWLQXDWLRQ 'DWH)LOHG  2ULJLQDO)LOLQJ1R &ROODWHUDO /HDVHG(TXLSPHQWDQGSURFHHGV )LOLQJ1R :KHUH)LOHG 6(&5(7$5<2)67$7(8&&',9,6,21$/%$1<1< 6HFXUHG3DUW\'(/$*(/$1'(1),1$1&,$/6(59,&(6,1&:$<1(3$ 'HEWRU 67(5/,1*,1)26<67(06,1& /DWHVW,QIR 5HFHLYHG  7\SH 2ULJLQDO 'DWH)LOHG  )LOLQJ1R 2ULJLQDO8&&)LOHG 'DWH  :KHUH)LOHG 6(&5(7$5<2)67$7(8&&',9,6,21'29(5'( 6HFXUHG3DUW\-3025*$1&+$6(%$1.1$:+,7(3/$,161< 'HEWRU 67(5/,1*,1)26<67(06,1& /DWHVW,QIR 5HFHLYHG  7\SH &RQWLQXDWLRQ 'DWH)LOHG  2ULJLQDO)LOLQJ1R 7KHSXEOLFUHFRUGLWHPVFRQWDLQHGLQWKLVUHSRUWPD\KDYHEHHQSDLGWHUPLQDWHGYDFDWHGRUUHOHDVHGSULRUWRWKHGDWHWKLVUHSRUWZDVSULQWHG $GGLWLRQDO8&&DQG6/-ILOLQJVIRUWKLVFRPSDQ\FDQEHIRXQGE\FRQGXFWLQJDPRUHGHWDLOHGVHDUFKLQRXU3XEOLF5HFRUGV'DWDEDVH 3D\GH[ 3DJHRI %XVLQHVV,QIRUPDWLRQ5HSRUW ‹'XQ %UDGVWUHHW,QF$OOULJKWVUHVHUYHG 3DJHRI 8SWRPRQWK' %3$<'(;  8SWRPRQWK ' %3$<'(; :KHQZHLJKWHGE\GROODUDPRXQWSD\PHQWVWRVXSSOLHUV DYHUDJH'D\V%H\RQG7HUPV%DVHGRQSD\PHQWV FROOHFWHGRYHUODVWPRQWKV 8SWRPRQWK' %3$<'(;  8SWRPRQWK ' %3$<'(; :KHQZHLJKWHGE\GROODUDPRXQWSD\PHQWVWRVXSSOLHUV DYHUDJHGD\VEH\RQGWHUPV%DVHGRQSD\PHQWV FROOHFWHGXSWRPRQWKV :KHQZHLJKWHGE\GROODUDPRXQWWKHLQGXVWU\DYHUDJH LV*(1(5$//<:,7+,1WHUPV +LJKULVNRIODWH SD\PHQW DYHUDJH WRGD\V EH\RQGWHUPV 0HGLXPULVNRIODWH SD\PHQW DYHUDJH GD\VRUOHVV EH\RQGWHUPV /RZULVNRIODWH SD\PHQW DYHUDJH SURPSWWR GD\VVRRQHU 6KRZVWKH' %3$<'(;VFRUHVDVFDOFXODWHGXSWRPRQWKVDQGXSWRPRQWKVRISD\PHQWH[SHULHQFHV 3D\PHQW7UHQG XS 3D\PHQWV:LWKLQ7HUPV  $YHUDJH+LJK&UHGLW  7RWDO3D\PHQW([SHULHQFHV IRUWKH+4  7RWDO3ODFHGIRU&ROOHFWLRQ  /DUJHVW+LJK&UHGLW  +LJKHVW1RZ2ZLQJ  +LJKHVW3DVW'XH  FRPSDUHGWRSD\PHQWVWKUHHPRQWKVDJR 7KH3D\PHQW6XPPDU\VHFWLRQUHIOHFWVSD\PHQWLQIRUPDWLRQLQ' % VILOHDVRIWKHGDWHRIWKLVUHSRUW 7KHUHDUHSD\PHQWH[SHULHQFHVLQ' % VILOHZLWKH[SHULHQFHVUHSRUWHGGXULQJWKHODVWWKUHHPRQWKSHULRG 7KHKLJKHVW1RZ2ZHVRQILOHLV7KHKLJKHVW3DVW'XHRQILOHLV 7RS,QGXVWULHV ,QGXVWULHV 7RWDO 5HFHLYHG 7RWDO$PRXQWV /DUJHVW+LJK &UHGLW :LWKLQ 7HUPV  'D\V6ORZ      7HOHSKRQHFRPPXQLFWQV         0LVFEXVLQHVVVHUYLFH         5DGLRWHOHSKRQHFRPPXQ         (OHFWULFVHUYLFHV         :KROFRPSXWHUVVRIWZU         %XVLQHVVFRQVXOWLQJ         3UHSDFNDJHGVRIWZDUH         1RQFODVVLILHG         3XEOLFILQDQFH         0LVFFRPSXWHUVHUYLFH         27+(5,1'8675,(6         2WKHU3D\PHQW&DWHJRULHV &DWHJRU\ 7RWDO5HFHLYHG 7RWDO'ROODU$PRXQWV /DUJHVW+LJK&UHGLW &DVK([SHULHQFHV    3D\PHQWUHFRUGXQNQRZQ  8QIDYRUDEOHFRPPHQWV  3D\PHQW6XPPDU\ 3DJHRI %XVLQHVV,QIRUPDWLRQ5HSRUW ‹'XQ %UDGVWUHHW,QF$OOULJKWVUHVHUYHG 3DJHRI 3ODFHGIRU&ROOHFWLRQ  'HWDLOHG3D\PHQW+LVWRU\ 'DWH5HSRUWHG 3D\LQJ5HFRUG +LJK&UHGLW 1RZ2ZHV 3DVW'XH 6HOOLQJ7HUPV /DVW6DOH ZLWKLQ PRQWKV $XJXVW 3SW    1  3SW6ORZ    1$   6DWLVIDFWRU\    1$      &DVKDFFRXQW  -XO\ 3SW    1$  3SW    1$  3SW    1$  3SW    1$  3SW    1$  3SW    1$  3SW    1$  3SW    1$  3SW    1$  3SW    1$  3SW6ORZ    1$      &DVKDFFRXQW      &DVKDFFRXQW      &DVKDFFRXQW      &DVKDFFRXQW      &DVKDFFRXQW      &DVKDFFRXQW  -XQH     &DVKDFFRXQW      &DVKDFFRXQW      &DVKDFFRXQW      &DVKDFFRXQW  0D\     &DVKDFFRXQW      &DVKDFFRXQW  $SULO 3SW    1$  3SW    1$  3SW    1$  3SW6ORZ    1$      &DVKDFFRXQW      &DVKDFFRXQW      &DVKDFFRXQW  )HEUXDU\ 3SW    1$      &DVKDFFRXQW  -DQXDU\ 3SW    1$  'HFHPEHU     &DVKDFFRXQW   &DVKRZQRSWLRQ    1$      &DVKDFFRXQW  1RYHPEHU 3SW    1$  3SW    1$  2FWREHU 3SW    1$  3DJHRI %XVLQHVV,QIRUPDWLRQ5HSRUW ‹'XQ %UDGVWUHHW,QF$OOULJKWVUHVHUYHG 3DJHRI     &DVKDFFRXQW      &DVKDFFRXQW      &DVKDFFRXQW      &DVKDFFRXQW      &DVKDFFRXQW  -XO\ 3SW    1$  $SULO     &DVKDFFRXQW  0DUFK 3SW    1$  3SW    1$  'HFHPEHU 3SW    1$  3SW    1$  3SW    1$  3SW    1$  $XJXVW 3SW    1  /LQHVVKRZQLQUHGDUHRUPRUHGD\VEH\RQGWHUPV (DFKH[SHULHQFHVKRZQLVIURPDVHSDUDWHVXSSOLHU8SGDWHGWUDGHH[SHULHQFHVUHSODFHWKRVHSUHYLRXVO\UHSRUWHG 3DJHRI %XVLQHVV,QIRUPDWLRQ5HSRUW ‹'XQ %UDGVWUHHW,QF$OOULJKWVUHVHUYHG 3DJHRI 1 | © 2018 Sterling | sterlingtalentsolutions.com | 800.899.2272 SScreeningDirect UUser Guide || AAnalytics Dashboards ƒ ƒ RReporting & Analytics UUser Guide Updated on February 18, 2019 Confidential & Proprietar y Statement This material constitutes confidential and proprietary information of Sterling Talent Solutions and its reproduction, publication or disclosure to others without the express authorization of the General Counsel of Sterling Talent Solutions is strictly prohibited. sterlingtalentsolutions.com | 800.899.2272 SScreeningDirect UUser Guide || AAnalytics Dashboards Version 1 | © 2019 Sterling Talent Solutions | 2 ƒ Data Matters. Actionable Insights Matter More. Introducing nnew reporting and analytics dashboards –– ppowered by Sterling –– that are designed to collect a 360-degree view of your background screening and drug and health screening programs Sterling’s robust suite of new, enhanced reporting dashboards are now available within the ScreeningDirect platform – providing you with better insights and data-driven decisions you need to manage, streamline and optimize your screening programs. STERLING DELIVERS REPORTING AND ANALYTICS FEATURES THAT ARE: ƒ Fast, Real Fast. Reporting is based on market-leading cloud solutions via Amazon Web Services and Looker – providing near real-time data streaming ƒ Interactive. Our visualizations help you tell a complete story with data. Easy-to-read reports and beautiful dashboards allow users to drill down, filter, and keep exploring ƒ Accurate. Reports have a wide array of configurable data attributes and metrics that is detailed, and accurate ƒ Self-Service. Our self-service ability allows users to download complete dashboards and data underlying each dashboard element sterlingtalentsolutions.com | 800.899.2272 SScreeningDirect UUser Guide || AAnalytics Dashboards Version 1 | © 2019 Sterling Talent Solutions | 3 Dashboard Filters RReporting Drill Down As shown in Figure B, a drill down or deep dive into product performance metrics can be seen across all aspects of the program. Available within every dashboard Can easily choose more than one value at a time Filters dynamically based on selections Filter section minimizes for maximum visualization Figure A: Dashboard Filters Figure B: Drill down in the Product Overview Dashboard Dashboard Filters Figure A: Dashboard Filters sterlingtalentsolutions.com | 800.899.2272 SScreeningDirect UUser Guide || AAnalytics Dashboards Version 1 | © 2019 Sterling Talent Solutions | 4 RReporting Dashboard Types with Detailed Descriptions and Metrics Program Overview This dashboard provides a high-level summary of your overall background screening program. This dashboard will give you early visibility into spend per month, average review rates, average turnaround times, and average monthly volume metrics. Metrics ƒ Orders Over Time ƒ Charges Over Time ƒ Monthly Avg. Cost Per Order ƒ Orders in Range ƒ Order MTD ƒ Avg. Order TAT (days) in Range ƒ Avg. Order TAT (days) in MTD ƒ Charges MTD ƒ Order Review Rate in Range ƒ Order Review Rate MTD ƒ Order Level Fulfillment TAT ƒ Order Results ƒ Three Tier Order Results ƒ TAT Breakdown by Quarter 1 Figure C: Program Overview Dashboard Screenshot sterlingtalentsolutions.com | 800.899.2272 SScreeningDirect UUser Guide || AAnalytics Dashboards Version 1 | © 2019 Sterling Talent Solutions | 5 RReporting Dashboard Types with Detailed Descriptions and Metrics Service Detail A deep dive into individual product performance providing insight into the value, impact and performance of each product that’s part of the background screening and/or drug and health screening program. Metrics ƒ Orders Over Time ƒ Charges Over Time ƒ Monthly Avg. Cost Per Order ƒ Criminal/Public Records TATs, Product Details, & Scores ƒ Verification TATs, Product Details, & Scores ƒ D&HS TATs, Product Details & Scores ƒ Identify/MVR/Other TATs, Product Details & Scores ƒ Risk & Compliance TATs, Product Details & Scores ƒ Intl TATs, Product Details & Scores ƒ TATs by Product ƒ Avg. TAT for Crim / PR Search (Clear) ƒ Avg. TAT for Crim / PR Search (Review) ƒ Avg. TAT for Verification Search (Clear) ƒ Avg. TAT for Verification Search (Review) ƒ Avg. TAT for D&HS Search (Clear) ƒ Avg. TAT for D&HS Search (Review) 2 Figure D: Service Detail Screenshot sterlingtalentsolutions.com | 800.899.2272 SScreeningDirect UUser Guide || AAnalytics Dashboards Version 1 | © 2019 Sterling Talent Solutions | 6 RReporting Dashboard Types with Detailed Descriptions and Metrics Geographic & DDemographic Detail A summary of critical geographic and demographic fulfillment details for core criminal products (e.g. Criminal County, Criminal State, Enhanced Nationwide and Locator Select). Details about the candidates that have been screened such as the difference in average turnaround times for different age groups, and detail about the county and state criminal searches completed. Metrics ƒ Orders by Applicant State of Residence ƒ Orders by Gender & Age ƒ Searches by County ƒ County Search TAT ƒ Searches by State ƒ State Search TAT ƒ Average County/State Searches by Order ƒ Volume & Review Rate by County/State ƒ Order Count by TAT ƒ Review Rate by TAT ƒ Jurisdiction Metrics Over Time 3 Figure E: Geographic & Demographic Detail Dashboard Screenshot sterlingtalentsolutions.com | 800.899.2272 SScreeningDirect UUser Guide || AAnalytics Dashboards Version 1 | © 2019 Sterling Talent Solutions | 7 RReporting Dashboard Types with Detailed Descriptions and Metrics Package Detail Tracks program metrics such as order volume, charges, turnaround times, and review rates by individual package. Metrics ƒ Orders Created Over Time by Package ƒ Charges by Package ƒ Avg. Charge per Order by Package ƒ TATs by Package ƒ Average TAT by Package ƒ Order Review Rate Over Time ƒ Order Review Rate by Package 4 Figure F: Package Detail Dashboard Screenshot sterlingtalentsolutions.com | 800.899.2272 SScreeningDirect UUser Guide || AAnalytics Dashboards Version 1 | © 2019 Sterling Talent Solutions | 8 RReporting Dashboard Types with Detailed Descriptions and Metrics Bill Code Detail Tracks program metrics such as order volume, charges, turnaround times, and review rates by individual bill code. Metrics ƒ Orders by Bill Code ƒ Charges by Bill Code ƒ Avg. Charge per Order by Bill Code ƒ TATs by Bill Code ƒ Average TAT by Bill Code ƒ Order Review Rate Over Time ƒ Order Review Rate by Bill Code Account Detail Tracks program metrics such as order volume, charges, turnaround times, and review rates by individual account. Metrics ƒ Orders by Account ƒ Charges by Account ƒ Avg. Charge per Order by Account ƒ TATs by Account ƒ Average TAT by Account ƒ Order Review Rate Over Time ƒ Order Review Rate by Account Job Title Detail Tracks program metrics such as order volume, charges, turnaround times, and review rates by individual job title. Metrics ƒ Orders by Job Title ƒ Charges by Job Title ƒ Avg. Charge per Order by Job Title ƒ TATs by Job Title ƒ Average TAT by Job Title ƒ Order Review Rate Over Time ƒ Order Review Rate by Job Title 5 6 7 sterlingtalentsolutions.com | 800.899.2272 SScreeningDirect UUser Guide || AAnalytics Dashboards Version 1 | © 2019 Sterling Talent Solutions | 9 RReporting Dashboard Types with Detailed Descriptions and Metrics International Detail Provides an in-depth understanding of order and product level details and metrics at an international level for criminal, public records and verification searches. Metrics ƒ Charges by Package ƒ Avg. Charge per Order by Package ƒ Applicants by Country of Residence ƒ Charges by Applicant Country of Residence ƒ Order Metrics by Country of Residence ƒ International Crim/Public Records searches by Country searched ƒ International Average Crim/Public Records Turnaround Times by Country ƒ International Average Crim/Public Records Review Rates by Country ƒ International Verification Volume by Country ƒ International Verification Turnaround Times by Country ƒ International Verification Review Rates by Country 8 Figure G: International Dashboard Screenshot sterlingtalentsolutions.com | 800.899.2272 SScreeningDirect UUser Guide || AAnalytics Dashboards Version 1 | © 2019 Sterling Talent Solutions | 10 RReporting Dashboard Types with Detailed Descriptions and Metrics Periodic Comparison Allows you to quickly look at program and detailed metrics from two customizable time periods for comparison. Metrics ƒ Metrics by Package ƒ Charges per Order ƒ Metrics by Product ƒ Metrics by Jurisdiction ƒ Order Volume ƒ Average Order TAT ƒ Order Review Rate ƒ Search Volume ƒ Average Search TAT ƒ Search Review Rate 9 Figure H: Periodic Comparison Dashboard Screenshot sterlingtalentsolutions.com | 800.899.2272 SScreeningDirect UUser Guide || AAnalytics Dashboards Version 1 | © 2019 Sterling Talent Solutions | 11 RReporting Dashboard Types with Detailed Descriptions and Metrics 10 11 Open Orders Tracks the status of orders within the program that are still open or in progress. Helps understand what products or jurisdictions are causing delays. Metrics ƒ Order Review Rate by Bill Code ƒ Open Orders ƒ Open Searches ƒ Average Days with Sterling ƒ Open Orders in Review ƒ Orders in Adverse Action ƒ Open Order Detail ƒ Open Orders by Package ƒ Open Searches by Product Group TAT Breakdown Detailed stratification of turnaround times within an order by the different stages of the order. Metrics ƒ Order Volume ƒ Order Level TAT ƒ E-Invite Creation TAT ƒ Candidate Invite Response TAT ƒ Fulfillment TAT ƒ Customer Adjudication TAT ƒ Adverse Action TAT sterlingtalentsolutions.com | 800.899.2272 SScreeningDirect UUser Guide || AAnalytics Dashboards Version 1 | © 2019 Sterling Talent Solutions | 12 MMetric Definitions Metric Name Description Search Volume Count of distinct SearchIDs Search Percentage The percent of the total searches in a group Search Level TAT The time it took for a specific search to be fulfilled by Sterling Average Search Level TAT The average time it took Sterling to fulfill a search Search Review Rate (formerly hit rate) The percentage from the total searches that were scored as Consider, Review, Level 2, or Level 3 Order Volume The count of distinct order IDs Order Percentage The percent of the total orders Order Level Fulfillment TAT The time it took Sterling to fulfill all of the searches within an order Order Level TAT The time between the creation of an order by the client until the order closed. Includes the time it takes for the candidate to respond to an e-invite, the customer review time, and the adverse action time. Average Order Level TAT The average time between the creation of an order by the client until the order closed. Includes the time it takes for the candidate to respond to an e-invite, the customer review time, and the adverse action time. Order Review Rate (formerly hit rate) The percent of orders with a final score of Consider, Review, Level 2, or Level 3. This is based on the score after client review if there is one. Order Review Rate Before Review The percent of orders that had at least one reportable search that was scored as Consider, Review, Level 2, or Level 3. Gives insight to how many orders had to be reviewed as opposed to orders whose final scores were designated as alerts. Charges The cost of the fulfillment of searches that are processed within the platform. Does not include platform fees, credits, memos and annual fees. Adverse Action TTAT The time it takes to complete the adverse action process sterlingtalentsolutions.com | 800.899.2272 SScreeningDirect UUser Guide || AAnalytics Dashboards Version 1 | © 2019 Sterling Talent Solutions | 13 MMetric Definitions Continued Metric Name Description Customer Adjudication TAT The time it takes the client to review the order if there were scores that required review Criminal Search TAT The time it takes Sterling to complete all of the searches in the order that was part of the criminal/public records services Invite Creation TAT The time it takes the client to create and send out the e-invite for the candidate to complete before the order was submitted to Sterling for fulfillment Candidate Invite Response TAT The time it takes the candidate to respond and complete the e- invite D&HS Searches TAT The time it takes Sterling to complete all of the searches in the order that were part of the drug and health services product group Verifications TAT The time it takes Sterling to complete all of the searches in the order that were part of the verifications product group Identify/MVR/Other TAT The time it takes Sterling to complete all of the searches in the order that were part of the identity, motor vehicle records, and other product group International TAT The time it takes Sterling to complete all of the searches in the order that were part of the international product group Risk/Commpliance/Fin. Serv. TAT The time it takes Sterling to complete all of the searches in the order that were part of the risk, compliance and financial services product group Package TAT The time it takes to complete the searches in the package sterlingtalentsolutions.com | 800.899.2272 SScreeningDirect UUser Guide || AAnalytics Dashboards Version 1 | © 2019 Sterling Talent Solutions | 14 RReporting Elements Order Details Service / Search Level Detail ƒ TAT decomposition by order stage ƒ Candidate identifiers and demographic information ƒ Results/statuses ƒ Cost/charge information including invoice and intramonth detail ƒ TAT decomposition by product and ƒ individual search ƒ Jurisdictional breakdown and geographical summary ƒ Results/statuses All reporting elements can be aggregated by package, account, bill code, job title, user, time, and additional dimensions based on specific customer requirements Reporting Dashboard Chart Types Pie Percentages of volumes that pertain to certain scores Pareto Shows volumes fulfilled within buckets of time in columns Line Showing volume trends over time, usually by month Bar Shows volumes broken out by parameter Q1 2019 Sterling Confidential Page 11 of 88 SERVICE LEVEL AGREEMENT The following agreement measures Sterling performance commitments to our customers – sections include metrics around Quality Assurance, Customer Service, System Uptime, and Operational service delivery. Quality Assurance The Quality Assurance standard specifies quarterly performance standards related to the accuracy rates for Service Delivery.† Component Target Description Post-fulfillment quality monitoring 99.00% Sterling has a standardized quality monitoring program across key service offerings to ensure a 99% accuracy rate (accuracy rate defined as the percentage of audited requests classified as not having a critical error) – critical errors for key services are outlined in further detail in Appendix A Customer Service This Service Level Standard specifies performance goals related to Service Delivery by the Client Services / Support team – The timeliness of Turnaround times (TAT) for email responses, Call answer times, etc.† Component Target Description Email response time 2 hours Acknowledgement email will be sent to you by the person handling / investigating the details / request on your email. Any email received after 8:00PM Eastern Prevailing Time will be answered before 10:00am Eastern Prevailing Time on the next working day Average Speed of Answer – calls 30 seconds After selecting the desired options on the interactive voice response system (IVR) Hours of Operations for email, calls and chats Monday – Friday 8:00AM to 8:00PM Eastern Prevailing Time Hours may be reduced for holidays such as day before / after Christmas, Thanksgiving, etc. † Not eligible for service credit, sampling is performed across all Sterling customers and is not client specific Q1 2019 Sterling Confidential Page 22 of 88 System Uptime This Service Level Standard specifies performance goals quarterly related to Sterling application uptime and is the weighted availability of applications and services within each main screening platform.‡ Component Target Description Weighted availability of applications and services within each main screening platform 99.5% Excluding scheduled downtime and incidents outside Sterling’ Span of Control Application is available for use 24 X 7 with service level components measured quarterly continually during this period. Maintenance windows and system upgrades to occur during off hours to minimize down-time. Scheduled downtime is currently reserved 11PM Eastern Prevailing Time on Saturday evening to 9AM Eastern Prevailing Time Sunday morning. Notification of change in maintenance windows and downtime to occur 5 business days in advance. Span of Control means the areas over which Sterling has specific control (e.g., Software System, integration APIs maintained by Sterling, operational support, etc.). Areas outside the Sterling' Span of Control (e.g., Internet connectivity, Security Incidents, hardware, Client systems or changes in the Client’s Data Responsibilities, data quality, errors performed by Client's personnel) are not included in the SLAs. ScreeningDirect Operational Performance Turnaround Time (TAT) targets for ScreeningDirect search level products listed below is specific to the platform and requires amendment upon product migration, or can be amended to client specific performance on the platform after four quarters of business activity upon request. See Rules of Engagement below for description of how Sterling measures TAT and for applicable exclusions. TABLE 1: TAT for Domestic Service Transactions Product Average TAT Targets Standard Package – SSN Trace & 7 year county/federal court search based on 7 year address history from SSN trace; may include Enhanced Nationwide/Locator Select/MVR/Sex Offender and/or US domestic watch lists e.g. OFAC/FACIS 3.5 Business Days across all Standard Packages Extended Package – Standard Package + US domestic Education/Employment/Personal Reference and/or License 5.0 Business Days across all Extended Packages Standard Urine Drug Screening (10 Panel) – Negative (EChain Only) 2 Business Days Standard Urine Drug Screening (10 Panel) – Non-Negative (EChain Only) 5 Business Days Additional products available upon request ‡ Not eligible for service credit, sampling is performed as a weighted average across all Sterling applications Q1 2019 Sterling Confidential Page 33 of 88 TABLE 2: TAT for US Domestic A la Carte Service Transactions Product Average TAT Targets County Criminal Record (7 year RD) 2 Business Days SSN Trace 1 Business Day Enhanced Nationwide Criminal Search 1.5 Business Days Federal Criminal Record 1 Business Day Locator Select 1.5 Business Days DOJ 50 State Sex Offender 1.5 Business Days State Criminal Repository 2.5 Business Days Office of Foreign Assets Control 1 Business Day Drivers Record 1.5 Business Days Employment Verification (3-2-P-C) 3.5 Business Days Education Verification (3-2-P-C) 3.5 Business Days Client Matrix Application 1 Business Day Credential Verification 3.5 Business Days Fraud and Abuse Control Inform (FACIS) L3 2 Business Days Additional products available upon request TABLE 3: TAT for International Service Transactions Country Product Average TAT Targets Canada International Criminal Search 5 Business Days Education Verification - Int. 5.5 Business Days Employment Verification - Int. 5 Business Days India International Criminal Search 11 Business Days Education Verification - Int. 10.5 Business Days Employment Verification - Int. 9.5 Business Days United Kingdom International Criminal Search 12.0 Business Days Education Verification - Int. 9.0 Business Days Employment Verification - Int. 7.0 Business Days Additional countries/products available upon request Q1 2019 Sterling Confidential Page 44 of 88 Rules of Engagement Metrics ƒSterling business hours are between Mondays at 9AM to Friday 6PM Eastern Prevailing Time. ƒMeasurement of TAT excludes Sterling holidays and weekends ƒTAT for background services is calculated from the time Sterling’ system recognizes the creation of an order to the time the applicable product is completed and does not include reopened searches. ƒTAT for drug tests is calculated from the time of sample collection to the time of final report for drug tests (Echain only) ƒThe longest product turnaround time within a package drives applicant level performance. A half day is added to the Performance Standards analysis to accommodate any additional processing time. Additional processing time may be required for client specific CMA processes. ƒRequests received after 6PM Eastern Prevailing Time the day before a weekend or holiday will be considered to begin at 9AM Eastern Prevailing Time on the next business day. ƒBusiness days exclude the following Sterling holidays and any country specific international holidays: ƒNew Year’s Day ƒMartin Luther King, Jr. Day ƒPresidents Day ƒMemorial Day ƒIndependence Day ƒLabor Day ƒColumbus Day ƒVeteran’s Day ƒThanksgiving Day/Day After Thanksgiving ƒDay Before or After Christmas/Christmas Day ƒTAT targets exclude criminal searches in the State of New Jersey and the Commonwealth of Puerto Rico, and DMV searches in Pennsylvania. ƒEducation verification requests entered during applicable school break periods are not counted in measuring TAT performance. ƒUS domestic Education and Employment verifications assume the “3 contacts to the entity and 2 contacts to the applicant for proof for unverifiable” workflow ƒSterling is not responsible for delays due to i. natural or other disasters, war, terrorism, or other unforeseen developments that preclude our access to the courts ii. unresponsive courts iii. the retrieval of court copy documents iv. compliance with Federal, State, or local laws and regulations v. third party vendors and sources beyond direct control of Sterling vi. Strikes and Furloughs that prevent timely access to necessary records Q1 2019 Sterling Confidential Page 55 of 88 Order Request Completeness Upon placing the order, Client must provide complete and accurate information to Sterling. The following items indicate where Sterling would contact the applicant or Client for additional information in order to fulfill the request which will likely delay service levels: 1. Application ƒIncomplete address information, including street, city and state ƒDates when maiden names were used are not provided 2. Education Verification ƒMissing dates of attendance and/or graduation, and/or name used while in attendance ƒName of school abbreviated or incomplete ƒSchool location not provided ƒSpecific location of campus (if applicable) ƒDegree OR Diploma Copy (For International Requests) 3. Employment Verification ƒMissing dates of employment ƒName of company abbreviated or incomplete ƒSpecific location of company ƒEmployee Code (For International Requests) ƒRelieving letter (For International Requests) 4. Drug Screening ƒCollection must be completed within 24 hours of order 5. Driver’s License Verification ƒIncorrect driver’s license number ƒState of issuance not provided or incorrect 6. Personal References ƒDaytime telephone numbers missing ƒComplete telephone number and correct names are not provided for each reference 7. Authorization / Release ƒAppropriate signed release is not provided which includes the applicant’s addresses (and associated dates at each address) for the past seven (7) years ƒDate of Birth inaccurate or not provided ƒMaiden name not provided, if applicable Q1 2019 Sterling Confidential Page 66 of 88 Performance Standards and Reporting Sterling shall measure the average TAT for each product or package type on a quarterly basis. In the event actual average TAT exceeds the applicable average TAT target by more than 0.5 days, Sterling shall analyze the results to determine the number of products or packages which, if excluded from the average TAT calculation, would yield a result equal to the applicable average TAT target, and credit Client for the cost of these orders less fees (either packaged or a la carte) that included such products or packages. To ensure statistical accuracy, quarterly volume for a product or package must exceed 100 transactions to be eligible for average TAT measurement and application of the foregoing process. Reporting will be performed quarterly on a calendar basis upon Client’s request after a full calendar quarter of business. An illustrative example follows: Order ID Package Type Target TAT Actual TAT SLA Outlier 1 Standard 3.5 8 8.0 2 Standard 3.5 4 4 3 Standard 3.5 3 3 4 Standard 3.5 4 4 5 Standard 3.5 3 3 6 Standard 3.5 4 4 7 Standard 3.5 9 9.0 8 Standard 3.5 3 3 Average 4.75 Actual TAT exceeds TAT target by more than 0.5 days Average Excluding SLA Outliers 3.5 Credits: Orders 1 and 7 to be credited. Strikeouts in SLA Outlier column indicate outlier TATs that would make the respective order eligible for credit. THE ABOVE SETS FORTH CLIENT’S SOLE AND EXCLUSIVE REMEDY, AND STERLING’S ENTIRE LIABILITY, FOR STERLING’S FAILURE TO MEET ITS TAT FOR SERVICE TRANSACTIONS. Q1 2019 Sterling Confidential Page 77 of 88 Appendix A: Critical Error Types For Verifications (Applicable to all Services) Closed file audit (CFA) - Non Voice Parameter 1. Search reported incorrectly (Per client instructions) 2. Search reported with incorrect final disposition 3. Search reported as no records found post calling an incorrect entity/location 4. Liability risk (Non permissible entity contacted) 5. Search reported with verification from a non-accredited educational entity (diploma mill) (Education Only) 6. Search rated incorrectly (for rated clients only) 7. Search closed with verification from an unauthorized source 8. Search closed with verification from an unauthorized number (cell phone) Voice Parameters 1. Search updated with call information when no attempt made on the file 2. Recording script not provided on the call 3. Search closed with verification from an unauthorized source 4. Search reported as no records found post calling an incorrect entity/location Criminal Services 1. Searches / RE / QC / CC / Special Ops / Nationwide a. Search reported as clear despite reportable case(s) (Missed Hit) 2. Record Entry & Quality Check a. Search reported with information already reported on the same order 3. Record Entry, Court Calling, Quality Check & Special Ops a. Search reported incorrectly (Per client instructions) b. Search reported as clear despite reportable case(s) (Missed Hit) c. Search reported non-reportable case(s) (Per FCRA/State guidelines) d. Search reported non-reportable case(s) (Applicant details not a match, LAST NAME) e. Search reported non-reportable case(s) (Applicant details not a match, FIRST NAME) f. Search reported non-reportable case(s) (Applicant details not a match, MIDDLE NAME) g. Search reported non-reportable case(s) (Applicant details not a match, DAY OF BIRTH) h. Search reported non-reportable case(s) (Applicant details not a match, MONTH OF BIRTH) i. Search reported non-reportable case(s) (Applicant details not a match, YEAR OF BIRTH) j. Search reported non-reportable case(s) (Applicant details not a match, NON-MATCHING FULL DOB) k. Search reported non-reportable case(s) (Applicant details not a match, NON-MATCHING FULL NAME) l. Search reported non-reportable case(s) (Applicant details not a match, NON-MATCHING SSN) m. Search reported with incorrect number of cases n. Search reported with incorrect number of charges o. Search reported with incorrect charge p. Search reported with an incorrect charge level q. Search reported with incorrect Disposition r. Search reported with incorrect Disposition Date s. Search reported with incorrect arrest date t. Search reported as clear not considering Violation of Probation (VoP) date (when applicable) u. Search reported as hit not considering Violation of Probation (VoP) date (when applicable) v. Search reported with incorrect Violation of Probation details w. Search rated incorrectly (for rated clients only) x. Search reported with incorrect outcome (Conviction vs. arrest) Q1 2019 Sterling Confidential Page 88 of 88 4. Court Calling a. Search updated with call information when no attempt made on the file b. Recording script not provided on the call 5. Nationwide a. Search opened for incorrect county as per the order