GCR

Client Responsibilities

As applicable the Client shall:

1. Provide timely access to people and information including, but not limited to, the following areas:

a. Operations personnel knowledgeable of system and network administration and problem resolution flow.

b. Personnel knowledgeable about the applications that will be running on the systems.

c. Management personnel who are knowledgeable of IT and data architecture.

d. Personnel familiar with critical business flows and data

e. Management personnel responsible for adjudicating and making risk decisions for the business

2. The above personnel shall be designated in advance and be readily available to the Service Provider consultants. To the extent possible, meetings will be scheduled in advance. However, access on an ad hoc basis may be necessary as work proceeds.

3. Assign Client contacts who are deemed capable and competent to interact with Rhindon Cyber, and who are authorized to signoff and approve the required parts of the implementation.

4. Provide all necessary security access to Client systems and data.

5. Provide all the necessary support agreements for the software that is needed for the environment.

6. Have all licensing issues related to the movement of software applications understood and resolved. Unless previously established as a Rhindon Cyber responsibility, new license key codes, if required, must be obtained by the Client.

7. Have all application sources or support contact information readily available in the event that applications need to be reloaded from scratch.

8. Have finalized all contract negotiations with third-party suppliers for hardware, software, physical plant requirements, and/or additional network equipment required for Rhindon Cyber to perform the services. Client will provide Rhindon Cyber with an updated list of all third-party contacts, as well as Client’s assigned coordinator and all contacts necessary to facilitate the services stated in the Statement of Work.

9. Unless previously established as a Rhindon Cyber responsibility, and not included as part of the service, have performed all required backups and/or data migrations of existing data prior to work being performed by a Rhindon Cyber resource(s).

10. If not included as part of the service, have implemented a back-up power solution that ensures the availability of mission critical data, voice equipment, and applications.

11. Schedule and facilitate ‘down-time’ for systems and applications during certain periods during the service period.

12. If remote access is required, allow VPN connectivity or access via the Service Provider remote access solution. If VPN connectivity is not permitted, then a Service Change Request may be required.

13. Allow the Installation of any software which Rhindon Cyber requires to be installed on Client’s internal systems as part of the services, shall use such software in its internal systems only, and shall use the software internally according to the instructions set forth by Rhindon Cyber.

14. Obtain all permits, licenses, and right of ways necessary for the completion of the service, including but not limited to building and city requirements.

15. Communicate any issues or changes to the original service plan and/or the services stated in the Statement of Work to Rhindon Cyber immediately upon discovery.

Service Assumptions

General service assumptions include, but are not limited to, the following (as applicable to the service):

1. The delivery of services will be performed at a Rhindon Cyber facility.

2. Rhindon Cyber uses a forty (40) hour workweek as its full-time standard designation, delivered over a five (5) day workweek, including travel to and from Client’s location(s) when applicable.

3. Rhindon Cyber personnel may work hours other than normal business hours to accommodate their travel schedules, preferred system downtime windows, and time zones as mutually agreed upon by the parties.

4. If applicable, travel charges that are included in the Statement of Work are quoted assuming three (3) weeks’ advance notice. All travel expenses that are incurred with less than three (3) weeks’ advance notice may be subject to price adjustments.

5. The pricing in the Statement of Work does not include taxes, if any, which shall be Client’s responsibility.

6. Rhindon Cyber assumes Client will authorize Rhindon Cyber to procure and have readily available appropriate hardware, software, licenses for software products, network wiring, patch cords, uplink cables, additional network equipment, and/or features that are applicable to the service package which are necessary for work to be completed and to meet service package milestones.

7. The service package will involve some ‘knowledge transfer.’ The purpose of transfer of technology knowledge is to explain functionality provided by Rhindon Cyber delivered for the service package and to provide a high-level overview of how that functionality may be utilized by Client. Knowledge transfer is not intended to replace manufacturers’ formal instructions/classes.

8. Adequate staffing and management is included in the Statement of Work. If Client accelerates their timeline, additional staffing or overtime to meet the new deadlines may be required. Changes to Client’s schedule must be communicated to the Rhindon Cyber vCISO or other appointed personnel in writing within 24 hours of the change.

9. All communication that affects the technical aspects of the service package will be directed through the vCISO or other appointed personnel.

10. Review meetings will be held at milestone points in the service package delivery. These meetings are intended to facilitate discussion regarding service package timelines. The availability of Client’s management and support personnel is critical to the service package delivery and Client representation at these meetings is essential.

Should any of the above assumptions prove to be incorrect or incomplete, Rhindon Cyber may modify the price, scope of work, or if applicable, service milestones. Any such modifications shall be managed by the Service Change Management Process set forth below.

Resource Scheduling

Within 10 business days of receipt of the signed Statement of Work, Rhindon Cyber will discuss scheduling the delivery of the services.

Limitations

1. For services which are invoiced as a fixed fee engagement, the following shall apply:

a. Rhindon Cyber will invoice Client via an initial deposit invoice and a final invoice upon completion. Services with longer timelines may require progress payments.

b. Fixed fee pricing assumes all the work is performed as part of a single service; a delay caused by Client may increase the price.

c. If Client requests changes to the agreed upon Statement of Work through the Service Change Management Process set forth below, additional charges may be incurred and may increase the price.

d. In the event Client decides to cancel the service before its completion, Client shall be responsible for payment of all fees for services performed through the date of termination and fifty percent (50%) of the remaining balance on the fixed fee once all completed milestone payments are paid.

e. In the event of service cancellation, the Client is responsible for paying for hardware and software that is not able to be returned. Hardware and software that can be returned is subject to a 30% restocking fee.

2. For services which are invoiced on a time and materials basis, the following shall apply:

a. Rhindon Cyber will invoice Client for services delivered based on actual hours worked and subject to the minimums and/or limitations defined in the Statement of Work and/or this document. Invoicing will occur once per month.

b. The number of hours set forth in a Statement of Work for delivery of services is only an estimate of the number of hours required to perform the services.

3. For services which are invoiced monthly, the following shall apply:

a. Rhindon Cyber shall provide a quote for the entire term which shall include:

i. One time onboarding costs if applicable

ii. Monthly recurring cost for the duration of the term

b. Any on-boarding cost and the first month of any monthly recurring cost shall be paid up front prior to work commencing for the term.

c. Rhindon Cyber shall invoice the Client 30 days prior to the month services are to be performed in, and Client shall pay the invoice 15 calendar days prior to the month the services will occur in.

Service Delay Caused by Client

The delivery of services under the Statement of Work requires Client’s timely response to requests from Rhindon Cyber, including but not limited to the following (as applicable to the service):

• Documentation of systems and/or requirements
• Approval of service requirements
• Completion of assigned service tasks
• Any testing to be performed by Client
• Signoff of service milestones

In the event Client’s delay in providing the above referenced items causes unscheduled delays to the service schedule or adversely affects the utilization of Rhindon Cyber resources assigned to the service, Rhindon Cyber may:

• Following a review of the cause for delay with Client’s assigned sponsor, place the service “On Hold” until Client meets its obligations as outlined above.
• Once a service is “On Hold”, no additional status calls, reporting, tasks, etc. will proceed until the service is removed from “On Hold” status.
• Once a service is removed from “On Hold” status, Rhindon Cyber and Client will schedule the delivery of the remaining services. Scheduling will be subject to Rhindon Cyber’s resource availability.

Service Completion and Acceptance

1. For services which are invoiced as either a time and materials or a fixed fee engagement, the services will be considered complete when the scope of work specified in the Statement of Work is complete.

Service Change Management Process

1. Changes to the service scope may only be made through the following Service Change Management process. In the event either party desires to change the service, the following procedures shall apply:

a. Either party shall notify the other party of any requested changes. Rhindon Cyber will deliver a Service Change Request to Client for review and execution. The Service Change Request will describe the nature of the change, the reason for the change, and the effect the change will have on the scope of work, which may include changes to the tasks and activities, deliverables, service price and/or the schedule.

b. If both parties agree to implement the Service Change Request, the appropriate authorized representatives of the parties will sign the Service Change Request, indicating the acceptance of the changes by the parties.

2. Each executed Service Change Request will be incorporated into, and made a part of, the Statement of Work.

3. No party is under any obligation to proceed with the Service Change Request until such time as the Service Change Request has been agreed upon by both parties.

4. Any Client and/or third-party vendor actions that either accelerate or postpone Rhindon Cyber service responsibilities may result in a change to the Statement of Work and a subsequent Service Change Request.

5. In the event of a conflict between a Service Change Request’s scope of work and that set forth in the original Statement of Work, or a previous fully executed Service Change Request, the most recent fully executed Service Change Request shall prevail.