The URL can be used to link to this page

Home My WebLink AboutContractAGREEMENT FOR FOCUSED OT/SCADA SECURITY ASSESSMENT (SOFTWARE AS A SERVICES AGREEMENT) THIS AGREEMENT (“Agreement”), datedfor reference purposes only asJanuary 5, 2026, is by and between the City of Renton (the “City”), a Washington municipal corporation, and LUMIFI CYBER, INC. (“Vendor”), Foreign Profit Corporation. The City and the Vendor are referred to collectively in this Agreement as the “Parties.” Once fully executed by the Parties, this Agreement is effective as of the last date signed by both parties (the “Effective Date”). 1. Scope of Work: Vendor agrees to perform a Focused OT/SCADA Security Assessment as further described in Exhibit A, which is attached and incorporated herein and may hereinafter be referred to as the “Work.” Vendor shall provide the Work consistent with the requirements of the Service Deliverables as set forth in Exhibit A. 2. Changes in Scope of Work: The City, without invalidating this Agreement, may order changes to the Work consisting of additions, deletions or modifications. Any such changes to the Work shall be ordered by the City in writing, and the Compensation shall be equitably adjusted consistent with the rates set forth in Exhibit A or as otherwise mutually agreed by the Parties. 3.Time of Performance: Vendor shall commence performance of the Agreement within 90 days of the Agreement’s execution. 4. Compensation: A. Amount. The amount of the Agreement consists of a single “One-Time Cost”. x One-Time Costs. The amount of the One Time Costs for this Agreement shall not exceed $ 20,880.00. Costs shall be paid based upon Work actually performed according to the rate(s) or amounts specified in Exhibit A. B. Method of Payment. On an annual basis during any year in which Work is performed, the Vendor shall submit a voucher or invoice in a form specified by the City, including a description of what Work has been performed, the name of the personnel performing such Work, and any hourly labor charge rate for such personnel. The Vendor shall also submit a final bill upon completion of all Work. Payment shall be made by the City for Workperformed within thirty (30) calendar days after receipt and CAG-26-035 PAGE 2 OF 15 approval by the appropriate City representative of the voucher or invoice. If the Vendor’s performancedoesnot meet the requirements of this Agreement, the Vendor will correct or modify its performance to comply with the Agreement. The City may withhold payment for work that does not meet the requirements of this Agreement. C. Effect of Payment. Payment for any part of the Work shall not constitute a waiver by the City of any remedies it may have against the Vendor for failure of the Vendor to perform the Work or for any breach of this Agreement by the Vendor. D. Non-Appropriation of Funds. If sufficient funds are not appropriated or allocated for payment under this Agreement for any future fiscal period, the City shall not be obligated to make payments for Workor amounts incurred after the end of the current fiscal period, and this Agreement will terminate upon the completion of all remaining Work for which funds are allocated. No penalty or expense shall accrue to the City in the event this provision applies. 5. Termination: A. The City reserves the right to terminate this Agreement at any time, with or without cause by giving ten (10) calendar days’ notice to the Vendor in writing. In the event of such termination or suspension, all finished or unfinished documents, data, studies, worksheets, models and reports, or other material prepared by the Vendor pursuant to this Agreement shall be submitted to the City, if any are required as part of the Work. B. In the event this Agreement is terminated by the City, the Vendor shall be entitled to payment for all hours worked to the effective date of termination, less all payments previously made. If the Agreement is terminated by the City after partial performance of Work for which the agreed compensation isa fixed fee, the City shall pay the Vendor an equitable share of the fixed fee. This provision shall not prevent the City from seeking any legal remedies it may have for the violation or nonperformance of any of the provisions of this Agreement and such charges due to the City shall be deducted from the final payment due the Vendor. No payment shall be made by the City for any expenses incurred or work done following the effective date of termination unless authorized in advance in writing by the City. C. Return of Information. Upon the written request of City, Consultant shall return any of the City’s Information in a usable format agreed to by the City at no additional cost to the City. 6. Warranties and Right to Use Work Product: Vendor represents and warrants that Vendor will perform all Work identified in this Agreement in a professional and workmanlike PAGE 3 OF 15 manner and in accordance with all reasonable and professional standards and laws. Vendor further represents and warrants that all final work product created for and delivered to the City pursuant to this Agreement shall be the original work of the Vendor and free from any intellectual property encumbrance which would restrict the City from using the work product. Vendor grants to the City a non-exclusive, perpetual right and license to use, reproduce, distribute, adapt, modify, and display all final work product produced pursuant to this Agreement. The City’s or other’s adaptation, modification or use of the final work products other than for the purposes of this Agreement shall be without liability to the Vendor. The provisions of this section shall survive the expiration or termination of this Agreement. 7. Record Maintenance: The Vendor shall maintain accounts and records, which properly reflect all direct and indirect costs expended and Workprovided in the performance of this Agreement and retain such records for as long as may be required by applicable Washington State records retention laws, but in any event no less than six years after the termination of this Agreement. The Vendor agrees to provide access to and copies of any records related to this Agreement as required by the City to audit expenditures and charges and/or to comply with the Washington State Public Records Act (Chapter 42.56 RCW). The provisions of this section shall survive the expiration or termination of this Agreement. 8. Public Records Compliance: To the full extent the City determines necessary to comply with the Washington State Public Records Act, Vendor shall make a due diligent search of all records in its possession or control relating to this Agreement and the Work, including, but not limited to, e-mail, correspondence, notes, saved telephone messages, recordings, photos, or drawings and provide them to the City for production. In the event Vendor believes said records need to be protected from disclosure, it may, at Vendor’s own expense, seek judicial protection. Vendor shall indemnify, defend, and hold harmless the City for all costs, including attorneys’ fees, attendant to any claim or litigation related to a Public Records Act request for which Vendorhas responsive records and for which Vendor has withheld records or information contained therein, or not provided them to the City in a timely manner. Vendorshall produce for distribution any and all records responsive to the Public Records Act request in a timely manner, unless those records are protected by court order. The provisions of this section shall survive the expiration or termination of this Agreement. 9. Independent Contractor Relationship: A. The Vendor is retained by the City only for the purposes and to the extent set forth in this Agreement. The nature of the relationship between the Vendorand the City during the period of the Work shall be that of an independent contractor, not employee. The Vendor, not the City, shall have the power to control and direct the details, manner or PAGE 4 OF 15 means of Work. Specifically, but not by means of limitation, the Vendor shall have no obligation to work any particular hours or particular schedule, unless otherwise indicated in the Scope of Work or where scheduling of attendance or performance is mutually arranged due to the nature of the Work. Vendor shall retain the right to designate the means of performing the Work covered by this agreement, and the Vendorshall be entitled to employ other workers at such compensation and such other conditions as it may deem proper, provided, however, that any contract so made by the Vendor is to be paid by it alone, and that employing such workers, it is acting individually and not as an agent for the City. B. The City shall not be responsible for withholding or otherwise deducting federal income tax or Social Security or contributing to the State Industrial Insurance Program, or otherwise assuming the duties of an employer with respect to Vendor or any employee of the Vendor. C. If the Vendor is a sole proprietorship or if this Agreement is with an individual, the Vendor agrees to notify the City and complete any required form if the Vendor retired under a State of Washington retirement system and agrees to indemnify any losses the City may sustain through the Vendor’s failure to do so. 10. Hold Harmless: The Vendor agrees to release, indemnify, defend, and hold harmless the City, elected officials, employees, officers, representatives, and volunteers from any and all claims, demands, actions, suits, causes of action, arbitrations, mediations, proceedings, judgments, awards, injuries, damages, liabilities, taxes, losses, fines, fees, penalties, expenses, attorney’s or attorneys’ fees, costs, and/or litigation expenses to or by any and all persons or entities, arising from, resulting from, or related to the negligent acts, errors or omissions of the Vendor in its performance of this Agreement or a breach of this Agreement by Vendor, except for that portion of the claims caused by the City’s sole negligence. Should a court of competent jurisdiction determine that this agreement is subject to RCW 4.24.115, (Validity of agreement to indemnify against liability for negligence relative to construction, alteration, improvement, etc., of structure or improvement attached to real estate…) then, in the event of liability for damages arising out of bodily injury to persons or damages to property caused by or resulting from the concurrent negligence of the Vendorand the City, its officers, officials, employees and volunteers, Vendor’s liability shall be only to the extent of Vendor’s negligence. It is further specifically and expressly understood that the indemnification provided in this Agreement constitute Vendor’s waiver of immunity under the Industrial Insurance Act, RCW Title 51, solely for the purposes of this indemnification. The Parties have mutually PAGE 5 OF 15 negotiated and agreed to this waiver. The provisions of this section shall survive the expiration or termination of this Agreement. 11. Gifts and Conflicts: The City’s Code of Ethics and Washington State law prohibit City employees from soliciting, accepting, or receiving any gift, gratuity or favor from any person, firm or corporation involved in a contract or transaction. To ensure compliance with the City’s Code of Ethics and state law, the Vendor shall not give a gift of any kind to City employees or officials. Vendor also confirms that Vendor does not have a business interest or a close family relationship with any City officer or employee who was, is, or will be involved in selecting the Vendor, negotiating or administering this Agreement, or evaluating the Vendor’s performance of the Work. 12. City of Renton Business License: Unless exempted by the Renton Municipal Code, Vendor shall obtain a City of Renton Business License prior to performing any Work and maintain the business license in good standing throughout the term of this agreement with the City. Information regarding acquiring a city business license can be found at: https://www.rentonwa.gov/Tax Information regarding State business licensing requirements can be found at: https://dor.wa.gov/doing-business/register-my-business 13. Insurance: Vendor shall secure and maintain: A. Commercial general liability insurance in the minimum amounts of $1,000,000 for each occurrence/$2,000,000 aggregate for the Term of this Agreement. B. In the event that Work delivered pursuant to this Agreement either directly or indirectly involve or require Professional Services, Professional Liability/ Errors and Omissions coverage shall be provided with minimum limits of $1,000,000 per occurrence. "Professional Services", for the purpose of this section, shall mean any Workprovided by a licensed professional or Workthat requiresa professional standard of care. C. Workers’ Compensation Coverage, as required by the Industrial Insurance laws of the State of Washington, shall also be secured. D. Commercial Automobile Liability for owned, leased, hired or non-owned, leased, hired or non-owned, with minimum limits of $1,000,000 per occurrence combined single limit, if there will be any use of Vendor’s vehicles on the City’s Premises by or on behalf of the City, beyond normal commutes. PAGE 6 OF 15 E. Cyber Liability Insurance is required, with limits not less than $2,000,000 per occurrence or claim, with $2,000,000 aggregate minimum. Coverage shall be sufficiently broad to respond to the duties and obligations as is undertaken by Vendor in this agreement and shall include, but not be limited to, coverage, including defense, for the following losses or services: claims involving infringement of intellectual property, infringement of copyright, trademark, trade dress, invasion of privacy violations, information theft, damage to or destruction of electronic information, release of private information, alteration of electronic information, extortion and network security, coverage for unauthorized access and use, failure of security, breach of confidential information, or privacy perils. The policy shall provide coverage for breach response costs, to include but not limited to crisis management services, credit monitoring, public relations, legal service advice, notification of affected parties, independent information security forensics firm, and costs to re-secure, re-create and restore data or systems as well as regulatory fines and penalties with limits sufficient to respond to these obligations. F. Vendor shall name the City as an Additional Insured on its commercial general liability policy on a non-contributory primary basis. The City’s insurance policies shall not be a source for payment of any Vendor liability, nor shall the maintenance of any insurance required by this Agreementbe construed to limit the liability of Vendorto the coverage provided by such insurance or otherwise limit the City’s recourse to any remedy available at law or in equity. Additional Insured requirements do not apply to Cyber Liability nor Professional Liability insurance, if applicable. G. Subject to the City’s review and acceptance, a certificate of insurance showing the proper endorsements, shall be delivered to the City before performing the Work. H. Vendor shall provide the City with written notice of any policy cancellation, within two (2) business days of their receipt of such notice. 14. Safeguarding of Personal Information; Intellectual Property: A. Personal Information: Vendor shall not use or disclose Personal Information, as defined in chapter 19.255 RCW, in any manner that would constitute a violation of federal law or applicable provisions of Washington State law. Vendoragrees to comply with all federal and state laws and regulations, as currently enacted or revised, regarding data security and electronic data interchange of Personal Information. Vendor shall ensure its directors, officers, employees, subcontractors or agents use Personal Information solely for the purposes of accomplishing the services set forth in the Agreement. PAGE 7 OF 15 Vendor shall protect Personal Information collected, used, or acquired in connection with the Agreement, against unauthorized use, disclosure, modification or loss. Vendor and its sub-providers agree not to release, divulge, publish, transfer, sell or otherwise make Personal Information known to unauthorized persons without the express written consent of City or as otherwise authorized by law. Vendoragrees to implement physical, electronic, and managerial policies, procedures, and safeguards to prevent unauthorized access, use, or disclosure of Personal Information. Vendorshall make the Personal Information available to amend as directed by Cityand incorporate any amendments into all the copies maintained by the Vendor or its subcontractors. Vendor shall certify its return or destruction upon expiration or termination of the Agreement and the Vendor shall retain no copies. If Vendor and City mutually determine that return or destruction is not feasible, the Vendorshall not use the Personal Information in a manner other than those permitted or authorized by state and federal laws. Vendor shall notify City in writing immediately upon becoming aware of any unauthorized access, use or disclosure of Personal Information. Vendor shall take necessary steps to mitigate the harmful effects of such use or disclosure. Vendor is financially responsible for notification of any unauthorized access, use or disclosure. The details of the notification must be approved by City. Any breach of this clause may result in termination of the Agreement and the demand for return of all Personal Information. B. Intellectual Property: Each Party retains all right, title, and interest under applicable contractual, copyright and related laws to their respective Information, including the right to use such information for all purposes permissible by applicable laws, rules, and regulations. 15. Delays: Vendor is not responsible for delays caused by factors beyond the Vendor’s reasonable control. When such delays beyond the Vendor’s reasonable control occur, the City agrees the Vendoris not responsible for damages, nor shall the Vendor be deemed to be in default of the Agreement. 16. Successors and Assigns: Neither the City nor the Vendorshall assign, transfer or encumber any rights, duties or interests accruing from this Agreement without the written consent of the other. PAGE 8 OF 15 17. Notices: Any notice required under this Agreement will be in writing, addressed to the appropriate party at the address which appears below (as modified in writing from time to time by such party), and given personally, by registered or certified mail, return receipt requested, by facsimile or by nationally recognized overnight courier service. Time period for notices shall be deemed to have commenced upon the date of receipt, EXCEPT facsimile delivery will be deemed to have commenced on the first business day following transmission. Email and telephone may be used for purposes of administering the Agreement, but should not be used to give any formal notice required by the Agreement. CITY OF RENTON Brett Tietjen 1055 South Grady Way Renton, WA 98057 Phone: (425) 430-6873 Email: btietjen@rentonwa.gov VENDOR Lumifi Cyber 1475 N Scottsdale Rd STE 410, Scottsdale, AZ 85257 Email: mblain@lumificyber.com 18. Discrimination Prohibited: Except to the extent permitted by a bona fide occupational qualification, the Vendor agrees as follows: A. Vendor, and Vendor’s agents, employees, representatives, and volunteers with regard to the Work performed or to be performed under this Agreement, shall not discriminate on the basis of race, color, sex, religion, nationality, creed, marital status, sexual orientation or preference, age (except minimum age and retirement provisions), honorably discharged veteran or military status, or the presence of any sensory, mental or physical handicap, unless based upon a bona fide occupational qualification in relationship to hiring and employment, in employment or application for employment, the administration of the delivery of Work or any other benefits under this Agreement, or procurement of materials or supplies. B. The Vendorwill take affirmative action to insure that applicants are employed and that employees are treated during employment without regard to their race, creed, color, national origin, sex, age, sexual orientation, physical, sensory or mental handicaps, or marital status. Such action shall include, but not be limited to the following employment, upgrading, demotion or transfer, recruitment or recruitment advertising, layoff or termination, rates of pay or other forms of compensation and selection for training. C. If the Vendor fails to comply with any of this Agreement’s non-discrimination provisions, the City shall have the right, at its option, to cancel the Agreementin whole or in part. PAGE 9 OF 15 D. The Vendor is responsible to be aware of and in compliance with all federal, state and local laws and regulations that may affect the satisfactory completion of the project, which includes but is not limited to fair labor laws, worker's compensation, and Title VI of the Federal Civil Rights Act of 1964, and will comply with City of Renton Council Resolution Number 4085. 19. Miscellaneous:The parties hereby acknowledge: A. The City is not responsible to train or provide training for Vendor. B. Vendorwill not be reimbursed for job related expensesexcept to the extent specifically agreed within the attached exhibits. C. Vendor shall furnish all tools and/or materials necessary to perform the Work except to the extent specifically agreed within the attached exhibits. D. In the event special training, licensing, or certification is required for Vendorto provide Work he/she will acquire or maintain such at his/her own expense and, if Vendor employs, sub-contracts, or otherwise assigns the responsibility to perform the Work, said employee/sub-contractor/assignee will acquire and or maintain such training, licensing, or certification. E. This is a non-exclusive agreement and Vendor is free to provide his/her Work to other entities, so long as there is no interruption or interference with the provision of Work called for in this Agreement. F. Vendor is responsible for his/her own insurance, including, but not limited to health insurance. G. Vendoris responsible for his/her own Worker’s Compensation coverage as well as that for any persons employed by the Vendor. PAGE 10 OF 15 20. Other Provisions: A. Approval Authority. Each individual executing this Agreementon behalf of the City and Vendor represents and warrants that such individuals are duly authorized to execute and deliver this Agreement on behalf of the City or Vendor. B. General Administration and Management. The City’s project manager is Brett Tietjen, Infrastructure and Security Manager, (425) 430-6873. In providing Work, Vendor shall coordinate with the City’s contract manager or his/her designee. C. Amendment and Modification. This Agreement may be amended only by an instrument in writing, duly executed by both Parties. D. Conflicts. In the event of any inconsistencies between Vendor proposals and this Agreement, the terms of this Agreementshall prevail. Any exhibits/attachments to this Agreement are incorporated by reference only to the extent of the purpose for which they are referenced within this Agreement. To the extent a Vendor prepared exhibit conflicts with the terms in the body of this Agreement or contains terms that are extraneous to the purpose for which it is referenced, the terms in the body of this Agreement shall prevail and the extraneous terms shall not be incorporated herein. E. Governing Law. This Agreement shall be made in and shall be governed by and interpreted in accordance with the laws of the State of Washington and the City of Renton. Vendor and all of the Vendor’s employees shall perform the Work in accordance with all applicable federal, state, county and city laws, codes and ordinances. F. Joint Drafting Effort. This Agreement shall be considered for all purposes as prepared by the joint efforts of the Parties and shall not be construed against one party or the other as a result of the preparation, substitution, submission or other event of negotiation, drafting or execution. G. Jurisdiction and Venue. Any lawsuit or legal action brought by any party to enforce or interpret this Agreement or any of its terms or covenants shall be brought in the King County Superior Court for the State of Washington at the Maleng Regional Justice Center in Kent, King County, Washington, or its replacement or successor. Vendor hereby expressly consents to the personal and exclusive jurisdiction and venue of such court even if Vendor is a foreign corporation not registered with the State of Washington. PAGE 11 OF 15 H. Severability. A court of competent jurisdiction’s determination that any provision or part of this Agreement is illegal or unenforceable shall not cancel or invalidate the remainder of this Agreement, which shall remain in full force and effect. I. Sole and Entire Agreement. This Agreement contains the entire agreement of the Parties and any representations or understandings, whether oral or written, not incorporated are excluded. J. Time is of the Essence. Time is of the essence of this Agreement and each and all of its provisions in which performance is a factor. Adherence to completion dates set forth in the description of the Work is essential to the Vendor’s performance of this Agreement. K. Third-Party Beneficiaries. Nothing in this Agreement is intended to, nor shall be construed to give any rights or benefits in the Agreement to anyone other than the Parties, and all duties and responsibilities undertaken pursuant to this Agreement will be for the sole and exclusive benefit of the Parties and no one else. L. Binding Effect. The Parties each bind themselves, their partners, successors, assigns, and legal representatives to the other party to this Agreement, and to the partners, successors, assigns, and legal representatives of such other party with respect to all covenants of the Agreement. M. Waivers. All waivers shall be in writing and signed by the waiving party. Either party’s failure to enforce any provision of this Agreement shall not be a waiver and shall not prevent either the City or Vendor from enforcing that provision or any other provision of this Agreement in the future. Waiver of breach of any provision of this Agreement shall not be deemed to be a waiver of any prior or subsequent breach unless it is expressly waived in writing. N. Counterparts. The Parties may execute this Agreementin any number of counterparts, each of which shall constitute an original, and all of which will together constitute this one Agreement. 21. Appendix II to Part 200—Contract Provisions for Non-Federal Entity Contracts Under Federal Awards In addition to other provisions required by the Federal agency or non-Federal entity, all contracts made by the non-Federal entity under the Federal award must contain provisions covering the following, as applicable. PAGE 12 OF 15 A. Contracts for more than the simplified acquisition threshold, which is the inflation adjusted amount determined by the Civilian Agency Acquisition Council and the Defense Acquisition Regulations Council (Councils) as authorized by 41 U.S.C. 1908, must address administrative, contractual, or legal remedies in instances where contractors violate or breach contract terms, and provide for such sanctions and penalties as appropriate. B. All contracts in excess of $10,000 must address termination for cause and for convenience by the non-Federal entity including the manner by which it will be effected and the basis for settlement. C. Equal Employment Opportunity. Except as otherwise provided under 41 CFR Part 60, all contracts that meet the definition of “federally assisted construction contract” in 41 CFR Part 60–1.3 must include the equal opportunity clause provided under 41 CFR 60– 1.4(b), in accordance with Executive Order 11246, “Equal Employment Opportunity” (30 FR 12319, 12935, 3 CFR Part, 1964–1965 Comp., p. 339), as amended by Executive Order 11375, “Amending Executive Order 11246 Relating to Equal Employment Opportunity,” and implementing regulations at 41 CFR part 60, “Office of Federal Contract Compliance Programs, Equal Employment Opportunity, Department of Labor.” D. Davis-Bacon Act, as amended (40 U.S.C. 3141–3148). When required by Federal program legislation, all prime construction contracts in excess of $2,000 awarded by non-Federal entities must include a provision for compliance with the Davis-Bacon Act (40 U.S.C. 3141–3144, and 3146–3148) as supplemented by Department of Labor regulations (29 CFR Part 5, “Labor Standards Provisions Applicable to Contracts Covering Federally Financed and Assisted Construction”). In accordance with the statute, contractors must be required to pay wages to laborers and mechanics at a rate not less than the prevailing wages specified in a wage determination made by the Secretary of Labor. In addition, contractors must be required to pay wages not less than once a week. The non-Federal entity must place a copy of the current prevailing wage determination issued by the Department of Labor in each solicitation. The decision to award a contract or subcontract must be conditioned upon the acceptance of the wage determination. The non-Federal entity must report all suspected or reported violations to the Federal awarding agency. The contracts must also include a provision for compliance with the Copeland “Anti-Kickback” Act (40 U.S.C. 3145), as supplemented by Department of Labor regulations (29 CFR Part 3, “Contractors and Subcontractors on Public Building or Public Work Financed in Whole or in Part by Loans or Grants from the United States”). The Act provides that each contractor or subrecipient must be prohibited from inducing, by any means, any person employed in the construction, completion, or repair of public work, to give up any part of the PAGE 13 OF 15 compensation to which he or she is otherwise entitled. The non-Federal entity must report all suspected or reported violations to the Federal awarding agency. E. Contract Work Hours and Safety Standards Act (40 U.S.C. 3701–3708). Where applicable, all contracts awarded by the non-Federal entity in excess of $100,000 that involve the employment of mechanics or laborers must include a provision for compliance with 40 U.S.C. 3702 and 3704, as supplemented by Department of Labor regulations (29 CFR Part 5). Under 40 U.S.C. 3702 of the Act, each contractor must be required to compute the wages of every mechanic and laborer on the basis of a standard work week of 40 hours. Work in excess of the standard work week is permissible provided that the worker is compensated at a rate of not less than one and a half times the basic rate of pay for all hours worked in excess of 40 hours in the work week. The requirements of 40 U.S.C. 3704 are applicable to construction work and provide that no laborer or mechanic must be required to work in surroundings or under working conditions which are unsanitary, hazardous or dangerous. These requirements do not apply to the purchases of supplies or materials or articles ordinarily available on the open market, or contracts for transportation or transmission of intelligence. F. Rights to Inventions Made Under a Contract or Agreement. If the Federal award meets the definition of “funding agreement” under 37 CFR § 401.2 (a)and the recipient or subrecipient wishes to enter into a contract with a small business firm or nonprofit organization regarding the substitution of parties, assignment or performance of experimental, developmental, or research work under that “funding agreement,” the recipient or subrecipient must comply with the requirements of 37 CFR Part 401, “Rights to Inventions Made by Nonprofit Organizations and Small Business Firms Under Government Grants, Contracts and Cooperative Agreements,” and any implementing regulations issued by the awarding agency. G. Clean Air Act (42 U.S.C. 7401–7671q.) and the Federal Water Pollution Control Act (33 U.S.C. 1251–1387), as amended—Contracts and subgrants of amounts in excess of $150,000 must contain a provision that requires the non-Federal award to agree to comply with all applicable standards, orders or regulations issued pursuant to the Clean Air Act (42 U.S.C. 7401–7671q) and the Federal Water Pollution Control Act as amended (33 U.S.C. 1251–1387). Violations must be reported to the Federal awarding agency and the Regional Office of the Environmental Protection Agency (EPA). H. Debarment and Suspension (Executive Orders 12549 and 12689)—A contract award (see 2 CFR 180.220) must not be made to parties listed on the governmentwide exclusions in the System for Award Management (SAM), in accordance with the OMB guidelines at 2 CFR 180 that implement Executive Orders 12549 (3 CFR part 1986 Comp., p. 189) and 12689 (3 CFR part 1989 Comp., p. 235), “Debarment and PAGE 14 OF 15 Suspension.” SAM Exclusions contains the names of parties debarred, suspended, or otherwise excluded by agencies, as well as parties declared ineligible under statutory or regulatory authority other than Executive Order 12549. I. Byrd Anti-Lobbying Amendment (31 U.S.C. 1352)—Contractors that apply or bid for an award exceeding $100,000 must file the required certification. Each tier certifies to the tier above that it will not and has not used Federal appropriated funds to pay any person or organization for influencing or attempting to influence an officer or employee of any agency, a member of Congress, officer or employee of Congress, or an employee of a member of Congress in connection with obtaining any Federal contract, grant or any other award covered by 31 U.S.C. 1352. Each tier must also disclose any lobbying with non-Federal funds that takes place in connection with obtaining any Federal award. Such disclosures are forwarded from tier to tier up to the non-Federal award. J. See § 200.323. K. See § 200.216. L. See § 200.322. ϮϮ͘SLCGP Contracting and Procurement Requirements ͘Per SLCGP requirements, all contracting agreements entered into pursuant to the SLCGP agreement shall incorporate the agreement by reference, represented in this document as Exhibit . ͘Any and all parties to this agreement agree to comply and be bound by the requirements set forth therein. PAGE 15 OF 15 IN WITNESS WHEREOF, the Parties have voluntarily entered into this Agreement as of the date last signed by the Parties below. CITY OF RENTON By:_____________________________ VENDOR By:____________________________ Kristi Rowland Deputy Chief AdministratŝǀĞ Officer Michael Blaine CFO _____________________________ Date Approved as to Legal Form By: __________________________ Shane Moloney City Attorney IT-Contract Template 6/17/2021 Approved by Cheryl Beyer via email 2/5/2026 LUMIFI CYBER, INC. ORDER FORM Lumifi Cyber, Inc. | 1475 N Scottsdale Road Suite 410 | Scottsdale, AZ 85257 | Visit lumificyber.com $QQXDO5HFXUULQJ 0RQWKO\5HFXUULQJ )HHV 2QH7LPH)HHV LUMIFI shall provide Customer with the following Products. Product Details can be found for the following Services below: This Order (the " ") is entered into by and between Lumifi Cyber, Inc., a Delaware corporation with offices at 1475 N. Scottsdale Rd., SuiteOrder 410, Scottsdale, AZ 85257 ("LUMIFI"), and Customer (Information Above) and is governed by the LUMIFI General Terms and Conditions ("Terms and Conditions") available at , which are incorporated herein by reference and togetherhttps://www.lumificyber.com/terms-conditions/ constitute a single agreement. Capitalized terms used but not otherwise defined herein shall have the meanings ascribed to such terms in the Terms and Conditions. In the event of any conflict between this Order and the Terms and Conditions, the terms of this Order will govern solely with regard to this Order. In the event Customer's use of any Product exceeds the usage metrics, then Customer will promptly pay LUMIFI all overage fees. Changes to the scope, schedule, and resources that impact total effort and/or cost to LUMIFI will be subject to a written change order and additional fees. Travel and expenses will be invoiced separately to Customer as incurred. All amounts and fees stated or referred to in this agreement or any Order are exclusive of taxes, duties, levies, tariffs, and other governmental charges (collectively, "Taxes"). Customer shall be responsible for payment of all Taxes and any related interest and/or penalties resulting from any payments made hereunder, other than taxes based on Lumifi's net income. All payments must be made in United States Dollars (USD). 325HTXLUHG" 6*UDG\:D\6WH 5HQWRQ:$ 8QLWHG6WDWHV %LOO7R &LW\RI5HQWRQ%LOO7R1DPH 3KRQH EWLHWMHQ#UHQWRQZDJRY(PDLO %UHWW7LHWMHQ&RQWDFW1DPH &LW\RI5HQWRQ$FFRXQW1DPH ([SLUDWLRQ'DWH 4XRWH1XPEHU &UHDWHG'DWH 0DUN*DWHO\/XPLIL5HS 2UGHU)RUP'HWDLO &XVWRPHU,QIRUPDWLRQ 2UGHU)RUP7HUPVDQG&RQGLWLRQV 3URGXFWV 3URGXFW&RGH 3URGXFW 'HVFULSWLRQ /LVW3ULFH 7\SH 4XDQWLW\ 8QLW3ULFH 7RWDO3ULFH 7RWDO &RQWUDFW &86720B6.8B27 &867206.8 2QH7LPH &867206.8 '(6&5,37,21 2QH7LPH )HH 3URGXFW62:85//LQNV 3URGXFW 62:85/ &867206.82QH7LPH 1R62:$YDLODEOH &RQWUDFW6XPPDU\ ([KLELW$ LUMIFI CYBER, INC. ORDER FORM Lumifi Cyber, Inc. | 1475 N Scottsdale Road Suite 410 | Scottsdale, AZ 85257 | Visit lumificyber.com BILLING CONTACT EMAIL:__________________________________ BILLING CONTACT NAME:__________________________________ DATE:__________________________________ TITLE:__________________________________ NAME:__________________________________ SIGNATURE:_____________________________ Customer DATE:__________________________________ TITLE:__________________________________ NAME:__________________________________ SIGNATURE:_____________________________ Lumifi Cyber, Inc. IN WITNESS WHEREOF, the parties hereto have caused this Order to be executed as of the Contract Start Date 1HW3D\PHQW7HUPV (OHFWURQLF)XQGV7UDQVIHU$&+3D\PHQW0HWKRG 2QH7LPH8S)URQW3D\PHQW)UHTXHQF\ &RQWUDFW7HUP /HQJWK0RQWKV &RQWUDFW(QG'DWH &RQWUDFW6WDUW'DWH 7RWDO&RQWUDFW )HHV 6XEVFULSWLRQ,QIR $XWKRUL]DWLRQ ©2025 Lumifi Cyber, Inc. All rights reserved. PRIVATE - Controlled by Lumifi Cyber 3/15PRIVATE - Controlled by Lumifi Cyber EXHIBIT A CCITYY OFF RENTON FOCUSEDD OT/SCADAA SECURITYY ASSESSMENT S COPE OF W ORK ©2025 Lumifi Cyber, Inc. All rights reserved. PRIVATE - Controlled by Lumifi Cyber 4/15PRIVATE - Controlled by Lumifi Cyber Notice Lumifi Cyber has made every reasonable attempt to ensure that the information contained within this statement of work is correct, current and properly sets forth the requirements as have been determined to date. The parties acknowledge and agree that the other party assumes no responsibility for errors that may be contained in or for misinterpretations that readers may infer from this document. Trademark Notice 2025 Lumifi Cyber, Inc. All Rights Reserved, Lumifi Cyber®, the Lumifi Cyber logos and other trademarks, service marks, and designs are registered or unregistered trademarks of Lumifi Cyber in the United States and in foreign countries. Statement of Nondisclosure Public Records Act: The Public Records Act provides that a number of types of documents are exempt from public inspection and copying - Exemption of Personal Information: RCW 42.56.230(3). In addition, documents are exempt from disclosure if any " other statute" exempts or prohibits disclosure. © Copyright 2025 Lumifi Cyber, Inc. ©2025 Lumifi Cyber, Inc. All rights reserved. PRIVATE - Controlled by Lumifi Cyber 5/15PRIVATE - Controlled by Lumifi Cyber GGenerall Informationn Backgroundd && Objectivess Purposee This SOW presents Lumifi Cyber’s approach and methodology for the following services: x A Focused OT/SCADA Security Assessment (FSSA) based on the NIST CyberSecurity Framework (CSF) o NERC CIP is not referenced as this applies to the Bulk Electric Generation and Distribution system which does not apply to the City o We will also draw on the America's Water Infrastructure Act of 2018 (AWIA) which we also have deep experience in using This SOW includes: x Scope of Work - Lumifi Cyber’s methodology for assisting and supporting City of Renton’s technology & executive teams, and the scope of work that will be performed x Deliverables - Description of the deliverables for this project x Project Assumptions - any assumptions that were used to derive the scope of work or pricing for this engagement ©2025 Lumifi Cyber, Inc. All rights reserved. PRIVATE - Controlled by Lumifi Cyber 6/15PRIVATE - Controlled by Lumifi Cyber SServicee Descriptionn andd Scopee This section provides a description of services, scope of activity, and support requirements associated with the services. Focusedd Securityy Assessmentt Our Focused Security Assessment approach may be summarized as a computer and network security assessment intended to provide a point-in-time snapshot of City of Renton’s security posture, coupled with a set of prioritized recommendations for increasing the security throughout the organization. The Focused Security Assessment will focus on City of Renton’s enterprise environment and the security management practices supporting that environment. The assessment methodology is based on standards of practice drawn from multiple sources and is based on the NIST Cyber Security Framework and may also reference the PCI DSS, HIPAA and CJIS encryption and data security standards. Approachh andd Methodologyy Lumifi Cyber will conduct up to five (5) focused information-gathering facilitation sessions at City of Renton. The sessions will discuss the required controls, while adding context from the current threat landscape that is relevant. The sessions will address the control standards as components that are relevant to each of the audiences (with some overlap), and conduct the delivery of information, as well as its solicitation. As the requirements are presented, a conversational narrative will be used to interview the audience as to how effectively each requirement is being currently met. This conversation will include ideas on how gaps in compliance may be met using open-source, managed services, and other methods that fit their people, process and technology with respect to cost and management requirements. Coordination,, Planning,, && Projectt Initiationn Lumifi Cyber will provide day-to-day project management for all aspects of this project, including tracking and resolution of project related issues, progress tracking, project reporting, and communication. A key component of Lumifi Cyber’s project management approach is timely reporting of project progress and findings. This enables a proactive approach to addressing security risks discovered during the course of the project and ensures that all project stakeholders are completely informed at all times. Customerr Resourcee Requirementss Achieving City of Renton’s objectives will require active participation from both the Lumifi Cyber Project Team as well as City of Renton’s own personnel. To ensure the timely and successful completion of this project, City of Renton should expect at least the following resource time commitments from its own personnel: ©2025 Lumifi Cyber, Inc. All rights reserved. PRIVATE - Controlled by Lumifi Cyber 7/15PRIVATE - Controlled by Lumifi Cyber x A Project Manager should be assigned to the project to serve as the single point of contact for the Lumifi Cyber Project Team o The City of Renton may choose to assign the Project Sponsor and Project Manager role to the same person o This role will require a commitment of approximately 4 hours during the course of the project x Report Review Team o Up to 4 hours per member to conduct report reviews PProjectt Initiationn Meetingg Lumifi Cyber recognizes the value of communication and ongoing collaboration with our customers. As such, we include a project initiation meeting (kick-off meeting) with all of our engagements. During the meeting, Lumifi Cyber will address the following topics: x Introduce key people at City of Renton and Lumifi Cyber x Exchange contact information (for regular reporting and emergencies) x Review scope of services x Review communication, notification, and issue escalation procedures x Discuss other specific City of Renton requests and rules of engagement x Discuss the involvement of City of Renton staff in the project for the purpose of knowledge transfer and security x Lumifi Cyber will discuss the deliverables required at completion of the project, the designated recipient, and the manner in which Lumifi Cyber will forward those deliverables Approachh Step 1 – Information Gathering Lumifi Cyber will collect all relevant information from document reviews and staff interviews, and review and verify gathered data. During this time, Lumifi Cyber focuses on information gathering to gain a better understanding of the information security program and how it’s applied to the Operational Technology/SCADA environments, policy and procedural implementation in these environments including: x Identification of the organizational structure and essential stakeholders in OT/SCADA security management activities x The information risk environment x Governance, policy management, acceptable risk tolerance for OT/SCADA systems ©2025 Lumifi Cyber, Inc. All rights reserved. PRIVATE - Controlled by Lumifi Cyber 8/15PRIVATE - Controlled by Lumifi Cyber x Information security planning activities x Additional functional components of the security program and the key practices supporting the OT/SCADA security program components x Operational risk and compliance activities x Critical issues confronting City of Renton x Prior information security-related assessments x The general technical architecture and the OT/SCADA technical architecture x Security training needs for staff and for OT/SCADA contractors and vendors x Encryption – especially on mobile devices x Limitations on information being passed (especially sensitive or regulated data) x OT/SCADA Incident response x Specific SSL/TLS vulnerabilities x Use of AI As stated, Lumifi Cyber will derive most of the information necessary to assess the environment and supporting key practices through documentation reviews, such as policies, procedures, and plans related to information security, and interviews and subsequent discussions with knowledgeable staff responsible for various aspects of information security management including: x Executive Management x Key business unit leaders x Information Security staff x CIO, IT Management, Administrators x OT/SCADA contractors and vendors who have access to the OT/SCADA environment x Staff focused on Business Continuity and Disaster Recovery x Support Functions (HR, Legal, Facilities) x Others, as applicable Step 2 – Review and Analysis Lumifi Cyber professionals will analyze the information gleaned from documents provided by City of Renton and our interviews with various staff. The objective is to identify critical issues and develop prioritized recommendations for improvement. ©2025 Lumifi Cyber, Inc. All rights reserved. PRIVATE - Controlled by Lumifi Cyber 9/15PRIVATE - Controlled by Lumifi Cyber Lumifi Cyber will conduct a gap analysis against the relevant NIST CSF controls and will document where City of Renton has met the standard. Step 3 – Reporting Using the results from Steps 1 & 2, Lumifi Cyber will develop prioritized recommendations to improve City of Renton’s OT/SCADA information security program. The recommendations to improve the environment will be based on aforementioned standards of practice, business requirements, internal security-related requirements, and practices used by peers. As part of this activity, Lumifi Cyber will ensure that our recommendations and supporting rationale are clearly understood and appropriate for City of Renton’s environment. Lumifi Cyber will present any documentation detailing our findings and recommendations in draft form so that City of Renton has an opportunity to review, comment, correct, and approve the format and content prior to finalizing the deliverable documentation. This iterative process helps to ensure that City of Renton can make informed, incremental decisions regarding specific courses of action throughout this review. ©2025 Lumifi Cyber, Inc. All rights reserved. PRIVATE - Controlled by Lumifi Cyber 10/15PRIVATE - Controlled by Lumifi Cyber SSchedulee Periodd off Performancee City of Renton understands and agrees that changes in critical factors (such as those listed below in Project Change Control, or a delay in signature of this document) may impact Lumifi Cyber’s ability to meet certain dates. Project Start Date Within Eight (8) weeks of Effective Date Project Completion Date Within Six (6) weeks of Start Date Projectt Changee Controll Lumifi Cyber has made every attempt to accurately estimate time required to successfully complete the project. City of Renton acknowledges and agrees that if impediments, complications, or City of Renton requested changes in scope arise, these factors are out of the control of Lumifi Cyber, and the length of the project and associated price could be impacted. Examples of valid impediments, complications, and changes in scope consist of (but are not limited to): x City of Renton initiated delay where Customer is not prepared to allow Lumifi Cyber to begin work on the agreed upon start date thus resulting in additional cost to Lumifi Cyber for resources that have been sent to City of Renton’s site but cannot begin the Services x City of Renton provided information necessary for timely delivery by Lumifi Cyber is not accurate x Delays or problems associated with third party telecommunication equipment o This includes, but is not limited to, cabling, servers, routers, hubs, and switches managed or installed by third parties x Malfunctioning hardware x Inability to access equipment or personnel that are required to complete the project x Conflicts or incompatibilities associated with the installation of hardware or software installed by Lumifi Cyber x City of Renton increases the scope of services requiring additional labor, hardware, software, materials, travel, lodging, meals, or other direct costs If any change(s) from impediments, complications, or City of Renton changes in the scope of services cause an increase or decrease in the price or level of effort of the SOW, or the ©2025 Lumifi Cyber, Inc. All rights reserved. PRIVATE - Controlled by Lumifi Cyber 11/15PRIVATE - Controlled by Lumifi Cyber time required for the performance of any part of the work to be accomplished hereunder, whether or not such work is specifically identified in the written change, then the price, delivery schedules and other affected provision(s), if any, as applicable, shall be equitably adjusted and this SOW shall be modified in writing by the mutual agreement of the parties in accordance with this Section. ©2025 Lumifi Cyber, Inc. All rights reserved. PRIVATE - Controlled by Lumifi Cyber 12/15PRIVATE - Controlled by Lumifi Cyber SServicee Deliverabless Descriptionn Lumifi Cyber will provide the following deliverables as part of this project: Table 1: Deliverable Description Name of Deliverable Description of Deliverable Focused OT/SCADA Security Assessment Report A report describing the activities performed, the findings and risk identified along with a 2-year roadmap containing a set of prioritized recommendations and next steps to mitigate the risks and increase the security posture of City of Renton’s OT/SCADA environments Executive Presentation A presentation to technical, management and/or executive staff describing the finding and recommendations. Acceptancee off Deliverabless City of Renton has five (5) business days to inspect and acknowledge full delivery of the Services to be provided by Lumifi Cyber hereunder upon completion and delivery of the Services by Lumifi Cyber. City of Renton will indicate such acknowledgement in writing. If City of Renton believes that Lumifi Cyber has not fully delivered the Services to be provided hereunder and refuses to acknowledge delivery on that basis, City of Renton shall identify in reasonable detail the specific Services or deliverables which City of Renton believes were not delivered, with specific reference to the corresponding sections of this SOW, via written notice to Lumifi Cyber within such five (5) business day period. Following Lumifi Cyber’s receipt of any such notification, the parties shall cooperate in good faith to promptly address and resolve any remaining Service delivery requirements. Upon Lumifi Cyber’s delivery of the remaining Services, if any, City of Renton’s right to inspect and acknowledge full delivery shall be as stated above. If City of Renton fails to provide such acknowledgement or notice within the five (5) business days of receiving final deliverables, City of Renton agrees that the services shall be deemed fully delivered to City of Renton. ©2025 Lumifi Cyber, Inc. All rights reserved. PRIVATE - Controlled by Lumifi Cyber 13/15PRIVATE - Controlled by Lumifi Cyber AAssumptionss Lumifi Cyber used the following assumptions during development of this SOW. Any changes to these assumptions may affect the price and schedule commitment. x City of Renton will provide Lumifi Cyber access to the business, customer, and technical information, and facilities necessary to execute the solution x City of Renton will provide Lumifi Cyber on-site and off-site access to documents necessary for this assessment x City of Renton will ensure that appropriate personnel are available to meet with Lumifi Cyber, as necessary x The Lumifi Cyber professional working day is eight hours, including reasonable time for meals o Lumifi Cyber understands that occasions arise during customer engagements that require a longer or shorter working day x Lumifi Cyber will not be obligated to extend engagements when delays result from City of Renton’s inability to meet stated prerequisites prior to an engagement, nor when delays result from City of Renton personnel not being available to provide required support x During this effort, Lumifi Cyber will not be responsible for negotiations with hardware, software, or other vendors, or any other contractual relationship between City of Renton and third parties o Lumifi Cyber, at the request of City of Renton, will provide input to City of Renton regarding optimal product or vendor selection x Any application code, documentation, and/or presentations developed under this SOW will be in English x Lumifi Cyber will perform the work between 8:30 a.m. and 5:00 p.m. (local time) x After-hour and weekend work (when required), must be explicitly identified below or as otherwise agreed to in writing by the parties: After-hours upon request?Yes No Weekend upon request?Yes No ©2025 Lumifi Cyber, Inc. All rights reserved. PRIVATE - Controlled by Lumifi Cyber 14/15PRIVATE - Controlled by Lumifi Cyber Location of onsite services?W ork can be conducted onsite or remotely ©2025 Lumifi Cyber, Inc. All rights reserved. PRIVATE - Controlled by Lumifi Cyber 15/15PRIVATE - Controlled by Lumifi Cyber CCostt Travell andd Expensee Reimbursementt All work can be conducted remotely, if desired or requested. If travel, meals, lodging, and other direct costs for the described effort are incurred, those expenses shall be reimbursed City of Renton at actual cost. Deliveryy Windoww This SOW must be scheduled for delivery within 6 months of signing. If it is not scheduled within 6 months of signing, Lumifi Cyber considers this SOW and the work within to be delayed by the Customer and will add a 5% surcharge to the Firm Fixed Price listed above to restart the engagement. The Customer will be invoiced for this additional cost upon delivery of each milestone. This SOW must be delivered within 1 year of signing. After 1 year where Lumifi has not been allowed and/or enabled by the Customer to perform the Scope of Work herein, this SOW is no longer valid and, at Lumifi Cyber’s sole discretion, must be renegotiated or it will be considered abandoned and will be closed one year from the signing date regardless of current milestone delivery status. If work has been initiated on this project but still has uncompleted milestones, the Customer will be billed for any Milestones where work has been initiated on those milestones prior to expiration even if those partially completed Milestones were not met.