Loading...
09-0423_ONLINE UTILITY EXCHANGE_Service Agreement• UTILITY EXCHANGE SUBSCRIBER SERVICE AGREEMENT This Subscriber Service Agreement ("Agreement") is entered into by ONLINE Information Services, Inc., (hereafter referred to as "ONLINE"), a North Carolina corporation, dba/ the ONLINE Utility Exchangeand City of -San Juan Capistrano hereafter referred to as "Subscriber", a California Municipal corporation as of �Ae�- ONLINE and Subscriber agree as follows: TIIU, d l Ppr,l 23,?009 1. Services. Through the ONLINE Utility Exchange, ONLINE maintains a centralized database containing credit and consumer data information pertaining to the payment history of utility bills and other services that ONLINE may, from time to time, make available to Subscriber. ONLINE will furnish consumer information from this database to Subscriber. ONLINE will also furnish services to Subscriber involving the supply of consumer and business information. The source of this information may be credit information, consumer information, credit scoring services, fraud detection, and criminal records provided by national credit reporting repositories, national criminal record databases, and/or local county systems. The ONLINE Utility Exchange provides access to Subscriber to Experian Credit Information Service's database. Any mention of rights or obligations to ONLINE within this agreement shall also apply to Experian, Equifax, and Trans Union. ("Services"). 2. Charges to Subscriber. Subscriber agrees to pay ONLINE for all charges for each Subscriber inquiry (including "no record found") submitted to ONLINE as outlined in SCHEDULE A "ONLINE Charges to Subscriber." ONLINE reserves the rights to change these charges upon ninety (90) days notice to Subscriber. Subscriber will be solely responsible for all federal, state and local taxes levied or assessed in connection with ONLINE's performance of the Services, other than income taxes assessed with respect to ONLINE's taxable net income, for which income taxes ONLINE will be solely responsible. 3. Payment. All billing is processed monthly and is payable within 30 days following the invoice date. All invoices will be delivered via electronic mail to the address designated in the billing address section on the signature page on this Agreement. A service charge of 2% of the unpaid balance will be charged on all accounts not paid by 30 days after the invoice date. Services will be immediately terminated when account reaches 60 days past due. Services will not be reinstated until the full outstanding balance is paid in full. If account goes unpaid for 90 days the account will be referred to collections and/or legal proceedings initiated. Subscriber agrees to pay ONLINE's cost, including reasonable attorney fees, to recover any unpaid balance owed by Subscriber. 4. Subscriber Use. A. Subscriber hereby certifies and warrants that it will request and use credit information received from ONLINE solely in connection with credit transactions involving the consumer as to whom such information is sought, or for other "permissible purposes" as defined by the Fair Credit Reporting Act, 15 U.S.C. Section 1681 et seq. ("FCRA") and to effect the collection of unpaid debts. B. All such information shall be maintained by Subscriber in strict confidence and disclosed only to employees whose duties reasonably relate to the legitimate business purposes for which the information is requested. Subscriber will not disclose, sell or otherwise distribute to third parties any information received hereunder, except as otherwise required by law; provided, however, that if Subscriber has purchased a consumer report from ONLINE in connection with a consumer's application for credit, and the consumer makes a timely request of Subscriber, Subscriber may share the contents of that report with the consumer as long as it does so without charge. C. Subscriber shall request consumer reports from ONLINE by electronic means. Each request will contain sufficient identifying information concerning the consumer about who the consumer report is requested to enable ONLINE to deliver the consumer report. D. ONLINE reserves the right to modify the standard inquiry format to be used by Subscriber and Subscriber agrees to abide by such modifications. E. Subscriber hereby certifies that it will properly dispose of any customer information obtained from the use of the services to include the destruction or erasure of electronic media, the burning, pulverizing, or shredding of papers containing the customer information so that the information cannot practicably be read or reconstructed. Revised: 08/11/2008 F. Subscriber agrees to comply with all applicable provisions of the California Credit Reporting Agencies Act. Subscriber certifies that it _ IS or X IS NOT a "Retail Seller", as defined in Section 1802.3 of the California Civil Code, doing business in California and issues credit to consumers who appear in person that it will instruct its employees and agents to inspect a photo identification of the consumer at the time the application is submitted in person. This paragraph does not apply to an application for credit submitted by mail. G. Subscriber certifies that when requesting credit information on Vermont residents that it will comply with applicable provisions under Vermont law. In particular, Subscriber certifies that it will order information services related to Vermont residents that are defined as credit reports by the Vermont Fair Credit Reporting Act (VFCRA"), only after Subscriber has received prior consumer consent in accordance with VFCRA Section 2480c and applicable Vermont Rules. H. Subscriber further agrees that it will be solely responsible to ensure and require that each of its users meets and complies with applicable federal, state and local laws, rules, and regulations relating to its use of the Services and to the provision to ONLINE of Subscriber's Records. Relevant laws include but are not limited to: i. Establishing reasonable procedures to insure that its employees will not request Data Services relating to themselves, their families, friends, or request consumer information on other persons other than as permitted by the FCRA, ONLINE, and this Agreement. Where adverse action is taken against a consumer that is based in whole or in part on the information contained in a consumer report provided by ONLINE, consistent with the responsibilities under the Fair Credit Reporting Act, Subscriber shall notify the Consumer to direct consumer Inquiries to the CRA that provided the report and contained on the adverse action notice for such report. 5. FCRA Requirements A. Although the FCRA primarily regulates the operations of consumer credit reporting agencies, it also affects Subscriber as a user of information. ONLINE has included a copy of the FCRA with Subscriber's membership kit and it is posted at http://www.ftc.gov/os/statutes/feradoc.pdf, ONLINE suggests that Subscriber and Subscriber's employees become familiar with the following sections in particular: § 604. Permissible Purposes of Reports § 607. Compliance Procedures § 615. Requirement on users of consumer reports § 616. Civil liability for willful noncompliance § 617. Civil liability for negligent noncompliance § 619. Obtaining information under false pretenses § 621. Administrative Enforcement § 623. Responsibilities of Furnishers of Information to Consumer Reporting Agencies § 628. Disposal of Records B. Each of these sections is of direct consequence to users who obtain reports on consumers. C. As directed by the law, credit reports may be issued only if they are to be used for extending credit, review or collection of an account, employment purposes, underwriting insurance or in connection with some other legitimate business transaction such as in investment, partnership, etc. It is imperative that Subscriber identifies each request for a report to be used for employment purposes when such report is ordered. Additional state laws may also impact Subscriber's usage of reports for employment purposes. D. ONLINE strongly endorses the letter and spirit of the Federal Fair Credit Reporting Act. ONLINE believes that this law and similar state laws recognize and preserve the delicate balance between the rights of the consumer and the legitimate needs of commerce. E. In addition to the Federal Fair Credit Reporting Act, other federal and state laws addressing such topics as computer crime and unauthorized access to protected databases have also been enacted. As a prospective user of consumer reports, ONLINE expects that Subscriber will comply with all relevant federal statutes and the statutes and regulations of the states in which Subscriber operates. The FCRA provides that any people who knowingly and willfully obtain information on a consumer from a consumer reporting agency under false pretenses shall be fined under Title 18 of the United States Code, or imprisoned not more than two years, or both. F. ONLINE supports consumer reporting legislation that will assure fair and equitable treatment for all consumers and users of credit information. 6. ONLINE Use. A. ONLINE acknowledges its qualification as a specialty consumer reporting agency according to the Fair Credit Reporting Act: § 603 Definitions; rules of construction [15 U.S.C. § 1681a]: "(f) The term "consumer reporting agency" means any person which, for monetary fees, dues, or on a cooperative nonprofit basis, regularly engages in whole or in part In the practice of assembling or evaluating consumer credit information or other information on consumers for the purpose of furnishing consumer reports to third parties, and which uses any means or facility of interstate commerce for the purpose of preparing or furnishing consumer reports." 2 Revised: 08/11/2008 B. As a consumer reporting agency, ONLINE may only use Subscriber's Records for purposes consistent with applicable federal, state, and local laws, rules, and regulations' in the identification of credit risk and/or past due collections. C. ONLINE shall not sell or furnish to any third party a list of consumers' names and addresses identified as a customer list of Subscriber, nor will ONLINE extract directly from or otherwise identify on any third party's list a list of Subscriber's customers identified as a customer list of Subscriber. In no event shall ONLINE distribute a list of Subscriber's current or previous customers outside of the uses defined in this agreement. D. Subscriber agrees that ONLINE may use Subscriber's Records to affect collection of past -due accounts listed with ONLINE Collections. E. ONLINE shall use commercially reasonable efforts to promptly and accurately process and incorporate into its database any maintenance or consumer dispute verifications furnished to it by Subscriber, in accordance with the requirements of the FCRA or other applicable state or federal law. In the event that ONLINE deems any maintenance or verification response of Subscriber to be incomplete, internally inconsistent, or otherwise inaccurate, ONLINE, in its sole discretion, may revise the item of information to conform with information supplied by the consumer, reject the maintenance or verification response and delete the information from its database, or make any other revisions that it deems necessary or appropriate. 7. Conditions. Subscriber recognizes that ONLINE's services require the open sharing of information between utility subscribers. A. Subscriber agrees to furnish to ONLINE information from its records about its customers with whom it has established accounts. Such information will be furnished and updated no less frequently than at monthly intervals, unless otherwise agreed in writing. Subscriber hereby certifies that all information furnished to ONLINE shall be complete and accurate. Subscriber agrees to make a current list of all utility subscribers, including the service address, telephone number, place of employment and employment telephone number, well as a list of the payment experiences of Subscriber with current and previous customers. This listing of payment experiences may include customers who have unpaid utility bills more than 30 days old and prompt paying customers. Subscriber agrees that each account will be accompanied by the Social Security Number of the guarantor of the bill and, in the case of married parties or joint responsibility by more than one guarantor, the Social Security Number of each party who is responsible for payment of the bill. B. Subscriber agrees to notify ONLINE within 30 days of receipt of payment on any account which is part of ONLINE's Negative Data. C. Subscriber shall respond to any consumer disputes initiated by consumer within five (5) working days from receipt of dispute. Subscriber shall reverify disputed information through either voice communication, electronic mail, or through other means as mutually agreed in writing. Subscriber certifies that all information supplied by it on any automated or manual basis in response to a consumer dispute verification request sent to it by ONLINE shall be complete and accurate. If in response to a consumer dispute verification request received from ONLINE, Subscriber desires to change any information relating to an account it has previously reported, Subscriber shall update the account information on both the verification response and in its own internal records to conform with such change. Subsequent customer record updates provided by Subscriber, shall reflect such change. D. In the event that Subscriber fails to contribute customer payment experience data to the ONLINE Utility Exchange within 180 days of the effective date of this agreement, ONLINE shall consider the Subscriber to be a Non -Data Contributing Subscriber and shall impose a Non Data Contributor Surcharge of an additional $.25 per inquiry. 8. Access to Employment Screening Reports. Subscriber may elect to receive Credit, Criminal, DMV and other consumer Information for the purpose of evaluating a potential or current employee's background. Information received by Subscriber may include data from Equifax, Experian, Trans Union, or other third party data sources. If Subscriber elects to receive Employment Reports Subscriber acknowledges the following: A. A clear and conspicuous disclosure has been made in writing to the consumer at any time before the report is procured or caused to be procured, in a document that consist solely of the disclosure, that a consumer report (to include credit and criminal) may be obtained for employment purposes. B. The consumer has authorized in writing the procurement of the Employment Report by the subscriber. C. To include on their application for employment a signed authorization and release section giving permission for the Subscriber to pull an Employment Report to investigate the applicant. D. To keep documentation on the applicant (Signed Employment Application, Copy of Employment Report) on file in their office for 2 years. E. Subscriber agrees that Employment Reports will be the only credit reporting products pulled to screen employment applicants. F. Subscriber acknowledges that before taking any adverse action based in whole or in part on the Employment Report (if an offer is not extended to applicant based on information contained within the Employment Report), a copy of the report which contains the applicant's rights under the Fair Credit Reporting Act must be given to the applicant. G. The information from ONLINE's Employment Reports will not be used in violation of any applicable federal or state equal employment opportunity law or other regulation. Subscriber hereby acknowledges receipt of the Summary of Consumer Rights. 9. Term. This Agreement shall continue in force without any fixed date of termination. ONLINE or Subscriber may terminate this Agreement upon ten (10) days prior written notice to the other party. 3 Revised: 08/11/2008 0 0 10. Warranties. A. ONLINE warrants to Subscriber that ONLINE will use commercially reasonable efforts to deliver the Services promptly and accurately. Subscriber acknowledges that the Services involve information provided to ONLINE by fallible human sources and that for the fee charged for the Services, ONLINE cannot and will not be an insurer or guarantor of the accuracy or reliability of the Services, data contained in its database, or data provided with the Services. THE WARRANTY IN THE FIRST SENTENCE OF THIS PARAGRAPH IS THE ONLY WARRANTY ONLINE HAS GIVEN SUBSCRIBER WITH RESPECT TO THE SERVICES AND SUCH WARRANTY IS IN LIEU OF ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, ONLINE MIGHT HAVE GIVEN SUBSCRIBER WITH RESPECT THERETO, INCLUDING, FOR EXAMPLE AND WITHOUT LIMITATION, WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. B. Credit Scoring. ONLINE's Credit Scoring Vendors warrant that these Credit Scoring Models are empirically derived and demonstrably and statistically sound and that to the extent the population to which the Credit Scoring Model is applied is similar to the population sample on which the Credit Scoring Model was developed, the Credit Scoring Model score may be relied upon by Subscriber to rank consumers in the order of the risk of unsatisfactory payment such consumers might present to Subscriber. ONLINE's Credit Scoring Vendors further warrant that so long as they provide the Credit Scoring Model, they will comply with regulations promulgated from time to time pursuant to the Equal Credit Opportunity Act, 15 USC Section 1691 et seq. THE FOREGOING WARRANTIES ARE THE ONLY WARRANTIES ONLINE'S CREDIT SCORING VENDORS HAVE GIVEN SUBSCRIBER WITH RESPECT TO THEIR CREDIT SCORING MODEL AND SUCH WARRANTIES ARE IN LIEU OF ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, ONLINE'S CREDIT SCORING VENDORS MIGHT HAVE GIVEN SUBSCRIBER WITH RESPECT THERETO, INCLUDING, FOR EXAMPLE, WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Subscriber's rights under the foregoing Warranty are expressly conditioned upon Subscriber's periodic revalidation of the Credit Scoring Model in compliance with the requirements of Regulation B as it may be amended from time to time (12 CFR Section 202 et seq.). 11. Limitation of Liability. Subscriber acknowledges that ONLINE maintains a database, updated on a periodic basis, from which Subscriber solicits information, and that ONLINE does not undertake a separate investigation for each inquiry or request for Services made by Subscriber. Subscriber also acknowledges that ONLINE provides Subscriber access to Experian's national credit reporting repository and various products and services available to Subscriber from Experian through ONLINE. ONLINE may also provide Subscriber with access to Equifax and Trans Union's national credit reporting repositories. With regard to limitation of liability, any mention of ONLINE shall also apply to Experian, Equifax, and Trans Union. Subscriber also acknowledges that the prices ONLINE charges Subscriber for the Services are based upon ONLINE's expectation that the risk of any loss or injury that may be incurred by use of the Services will be borne by Subscriber and not ONLINE. Subscriber therefore agrees that it is responsible for determining that the Services are in accordance with ONLINE's obligations under this Agreement. If Subscriber reasonably determines that the Services do not meet ONLINE's obligations under this Agreement, Subscriber shall so notify ONLINE in writing within ten (10) days after receipt of the Services in question. Subscriber's failure to so notify ONLINE shall mean that Subscriber accepts the Services as is, and ONLINE shall have no liability whatsoever for the Services. Unless ONLINE disputes Subscriber's claim, ONLINE shall, at its option, either re -perform the Services in question or issue Subscriber a credit for the amount Subscriber paid for the nonconforming Services. This re - performance or credit constitutes Subscriber's sole remedy and ONLINE's maximum liability for any breach of this Agreement by ONLINE. If, notwithstanding the above, liability is imposed on ONLINE, then Subscriber agrees that ONLINE's total liability for any or all of Subscriber's losses or injuries from ONLINE's acts or omissions under this Agreement, regardless of the nature of the legal or equitable right claimed to have been violated, shall not exceed the amount paid by Subscriber to ONLINE under this Agreement during the six month period preceding the alleged breach by ONLINE of this Agreement. Subscriber covenants that it will not sue ONLINE for any amount greater than permitted by this Agreement. NOTWITHSTANDING ANY OTHER PROVISION OF THIS AGREEMENT, UNDER NO CIRCUMSTANCES WILL EITHER PARTY HAVE ANY OBLIGATION OR LIABILITY TO THE OTHER HEREUNDER FOR ANY INCIDENTAL, INDIRECT, CONSEQUENTIAL OR SPECIAL DAMAGES INCURRED BY THE OTHER PARTY (INCLUDING DAMAGES FOR LOST BUSINESS, LOST PROFITS OR DAMAGES TO BUSINESS REPUTATION), REGARDLESS OF HOW SUCH DAMAGES ARISE AND REGARDLESS OF WHETHER OR NOT A PARTY WAS ADVISED SUCH DAMAGES MIGHT ARISE. 12. Indemnification. Subscriber shall indemnify, defend and hold ONLINE and ONLINE Utility Exchange harmless from and against any and all claims and expenses which may be asserted against or incurred by ONLINE or ONLINE Utility Exchange, based upon the use by Subscriber of the Services or other information furnished by ONLINE for purposes not permitted by law. Subscriber shall be liable for its own acts of negligence, and Subscriber shall hold ONLINE harmless and indemnify ONLINE for any loss, cost, expense or liability incurred by ONLINE as a result of Subscriber's negligence in the furnishing of data to ONLINE, Subscriber's failure to perform any of its obligations described in this Agreement, or Subscriber's failure to comply with the FCRA. ONLINE shall hold subscriber harmless and indemnify Subscriber for any loss, cost expense of liability incurred by Subscriber as a result of ONLINE's negligence In the furnishing of data to Subscriber, ONLINE's failure to perform any of its obligations described in this agreement, or ONLINE's failure to comply with the FCRA. 13. Intellectual Property. Subscriber acknowledges that ONLINE has expended substantial time, effort and funds to create and deliver the Services and compile its consumer credit reporting database. The Services and the data in ONLINE's consumer credit reporting database is and will continue to be ONLINE's exclusive property. Nothing 4 Revised: 08/11/2008 0 0 contained in this Agreement shall be deemed to convey to Subscriber or to any other party any right, title or interest, including any patent, copyright or other proprietary right, in or to the Services or data in ONLINE's consumer credit reporting database. Subscriber will not use or permit its employees, agents and subcontractors to use, the trademarks, service marks, logos, names, or any other of ONLINE's or its affiliates' proprietary designations, whether registered or unregistered, without ONLINE's prior written consent. 14. Access Security Requirements: Subscriber agrees that ONLINE and Subscriber must work together to protect the privacy and information of consumers. The following information security measures are designed to reduce unauthorized access to consumer information. It is your responsibility to implement these controls. If you do not understand these requirements or need assistance, it is your responsibility to employ an outside service provider to assist you. Capitalized terms used herein have the meaning given in the Glossary attached as Exhibit A. ONLINE reserves the right to make changes to Access Security Requirements without notification. The information provided herewith provides minimum baselines for information security. In accessing ONLINE's services, you agree to follow these security requirements: A. Implement Strona Access Control Measures i. Do not provide your credit reporting agency Subscriber Codes or passwords to anyone. No one from the credit reporting agency will ever contact you and request your Subscriber Code number or password. ii. Proprietary or third party system access software must have credit reporting agency Subscriber Codes and password(s) hidden or embedded. Account numbers and passwords should be known only by supervisory personnel. iii. You must request your Subscriber Code password be changed immediately when: • any system access software is replaced by system access software or is no longer used; • the hardware on which the software resides is upgraded, changed or disposed of iv. Protect credit reporting agency Subscriber Code(s) and password(s) so that only key personnel know this sensitive information. Unauthorized personnel should not have knowledge of your Subscriber Code(s) and password(s). v. Create a separate, unique user ID for each user to enable individual authentication and accountability for access to the credit reporting agency's infrastructure. Each user of the system access software must also have a unique logon password. vi. Ensure that user IDs are not shared and that no Peer -to -Peer file sharing is enabled on those users' profiles. vii. Keep user passwords Confidential. viii. Develop strong passwords that are: • Not easily guessable (i.e. your name or company name, repeating numbers and letters or consecutive numbers and letters) • Contain a minimum of seven (7) alpha/numeric characters for standard user accounts ix. Implement password protected screensavers with a maximum fifteen (15) minute timeout to protect unattended workstations. x. Active logins to credit information systems must be configured with a 30 minute inactive session, timeout. xi. Restrict the number of key personnel who have access to credit information. xii. Ensure that personnel who are authorized access to credit information have a business need to access such information and understand these requirements to access such information are only for the permissible purposes listed in the Permissible Purpose Information section of your membership application. xiii. Ensure that you and your employees do not access your own credit reports or those reports of any family member(s) or friend(s) unless it is in connection with a credit transaction or for another permissible purpose. xiv. Implement a process to terminate access rights immediately for users who access credit reporting agency credit information when those users are terminated or when they have a change in their job tasks and no longer require access to that credit information. xv. After normal business hours, turn off and lock all devices or systems used to obtain credit information. xvi. Implement physical security controls to prevent unauthorized entry to your facility and access to systems used to obtain credit information. B. Maintain a Vulnerability Management Proaram i. Keep operating system(s), Firewalls, Routers, servers, personal computers (laptop and desktop) and all other systems current with appropriate system patches and updates. ii. Configure infrastructure such as Firewalls, Routers, personal computers, and similar components to industry best security practices, including disabling unnecessary services or features, removing or changing default passwords, IDs and sample files/programs, and enabling the most secure configuration features to avoid unnecessary risks. iii. Implement and follow current best security practices for Computer Virus detection scanning services and procedures: • Use, implement and maintain a current, commercially available Computer Virus detection/scanning product on all computers, systems and networks. • If you suspect an actual or potential virus, immediately cease accessing the system and do not resume the inquiry process until the virus has been eliminated. • On a weekly basis at a minimum, keep anti-virus software up-to-date by vigilantly checking or configuring auto updates and installing new virus definition files. iv. Implement and follow current best security practices for computer anti-Spyware scanning services and procedures: Revised: 08/11/2008 0 Ll • Use, implement and maintain a current, commercially available computer anti-Spyware scanning product on all computers, systems and networks. • If you suspect actual or potential Spyware, immediately cease accessing the system and do not resume the inquiry process until the problem has been resolved and eliminated. • Run a secondary anti-Spyware scan upon completion of the first scan to ensure all Spyware has been removed from your computers. • Keep anti-Spyware software up-to-date by vigilantly checking or configuring auto updates and installing new anti-Spyware definition files weekly, at a minimum. If your company's computers have unfiltered or unblocked access to the Internet (which prevents access to some known problematic sites), then it is recommended that anti-Spyware scans be completed more frequently than weekly. C. Protect Data i. Develop and follow procedures to ensure that data is protected throughout its entire information lifecycle (from creation, transformation, use, storage and secure destruction) regardless of the media used to store the data (i.e., tape, disk, paper, etc.) ii. All credit reporting agency data is classified as Confidential and must be secured to this requirement at a minimum. iii. Procedures for transmission, disclosure, storage, destruction and any other information modalities or media should address all aspects of the lifecycle of the information. iv. Encrypt all credit reporting agency data and information when stored on any laptop computer and in the database using AES or 3DES with 128 -bit key encryption at a minimum. v. Only open email attachments and links from trusted sources and after verifying legitimacy. D. Maintain an Information Security Policy i. Develop and follow a security plan to protect the Confidentiality and integrity of personal consumer information as required under the GLB Safeguard Rule. ii. Establish processes and procedures for responding to security violations, unusual or suspicious events and similar incidents to limit damage or unauthorized access to information assets and to permit identification and prosecution of violators. iii. The FACTA Disposal Rules requires that you implement appropriate measures to dispose of any sensitive information related to consumer credit reports and records that will protect against unauthorized access or use of that information. iv. Implement and maintain ongoing mandatory security training and awareness sessions for all staff to underscore the importance of security within your organization. E. Build and Maintain a Secure Network i. Protect Internet connections with dedicated, industry -recognized Firewalls that are configured and managed using industry best security practices. ii. Internal private Internet Protocol (IP) addresses must not be publicly accessible or natively routed to the Internet. Network address translation (NAT) technology should be used. iii. Administrative access to Firewalls and servers must be performed through a secure internal wired connection only. iv. Any stand alone computers that directly access the Internet must have a desktop Firewall deployed that is installed and configured to block unnecessary/unused ports, services and network traffic. v. Encrypt Wireless access points with a minimum of WEP 128 bit encryption, WPA encryption where available. vi: Disable vendor default passwords, SSIDs and IP Addresses on Wireless access points and restrict authentication on the configuration of the access point. F. Regularly Monitor and Test Networks L Perform regular tests on information systems (port scanning, virus scanning, vulnerability scanning). ii. Use current best practices to protect your telecommunications systems and any computer system or network device(s) you use to provide Services hereunder to access credit reporting agency systems and networks. These controls should be selected and implemented to reduce the risk of infiltration, hacking, access penetration or exposure to an unauthorized third party by: • protecting against intrusions; • securing the computer systems and network devices; • and protecting against intrusions of operating systems or software. G. Record Retention: The Federal Equal Opportunities Act states that a creditor must preserve all written or recorded information connected with an application for 60 months. In keeping with the ECOA, the credit reporting agency requires that you retain the credit application and, if applicable, a purchase agreement for a period of not less than 60 months. When conducting an investigation, particularly following a breach or a consumer complaint that your company impermissibly accessed their credit report, the credit reporting agency will contact you and will request a copy of the original application signed by the consumer or, if applicable, a copy of the sales contract. "Under Section 621 (a) (2) (A) of the FCRA, any person that violates any of the provisions of the FCRA may be liable for a civil penalty of not more than $2,500 per violation." 15. Confidentiality. All information, access granted, and services delivered and conveyed by ONLINE Information Services, Inc. and/or its representatives, whether furnished before or after the date hereof, and regardless of the Revised: 08/11/2008 manner in which it was furnished, is referred to in this agreement as CONFIDENTIAL information, whether or not marked "CONFIDENTIAL" and whether disclosed orally or in writing via any medium, including electronic. 16. Waiver. Either party may at any time waive compliance by the other with any covenant or condition contained in this Agreement, but only by written instrument signed by the party waiving such compliance. No such waiver, however, shall be deemed to constitute the waiver of any such covenant or condition in any other circumstance or the waiver of any other covenant or condition. 17. Successors and Assigns. This Agreement will be binding upon and will inure to the benefit of the parties hereto and their respective heirs, representatives, successors and permitted assignees. This Agreement may not be assigned, transferred, shared or divided in whole or in part by Subscriber without ONLINE's prior written consent, such consent shall not be unreasonably withheld. 18. Audit Rights. Subscriber understands that ONLINE and each of the national credit repositories requires the right to audit usage by Subscriber for compliance of requirements of the Federal Fair Credit Reporting Act. Subscriber herein agrees to cooperate fully with any compliance audit by a national credit repository and to provide ONLINE any required documentation or other information necessary for such an audit in a timely and reasonable manner. 19. Excusable Delays. Neither party shall be liable for any delay or failure in its performance under this Agreement (other than for payment obligations hereunder) if and to the extent that such delay or failure is caused by events beyond the reasonable control of the party including, without limitation, acts of God or public enemies, labor disputes, equipment malfunctions, computer downtime, software defects, material or component shortages, supplier failures, embargoes, rationing, acts of local, state or national governments or public agencies, utility or communication failures or delays, fire, earthquakes, flood, epidemics, riots and strikes. 20. Dispute Resolution. With the exception of any action taken under paragraphs 1 and 4 or any alleged violation of paragraph 9, 10 & 12 of this Agreement, the parties will resolve any dispute arising out of or relating to this Agreement in a binding arbitration conducted under the auspices of the American Arbitration Association. Disputes arising out of or resulting from actions taken under paragraphs 1- 4, or 9, 10, & 12 may be resolved informally by the parties through the courts. 21. Bureau Surcharges. Subscriber acknowledges that Credit Repositories may impose additional surcharges for access to files that are affiliate owned or that reside in certain States or Counties. Examples of these charges include Equifax Affiliate owned files, California Privacy Act Surcharges, and Alaska and Colorado State surcharges. In the event that a file is accessed which has such a surcharge, ONLINE reserves the right to pass that Surcharge along to the Subscriber. 22. Severability. This Agreement shall be deemed to be severable and, if any provision is determined to be void or unenforceable, then that provision will be deemed severed and the remainder of the Agreement will remain in effect. 23. Site Inspection. Subscriber agrees to an inspection of its premises by an independent Third Parry Inspection Agency. The national credit repository required inspection is to be completed, in a timely manner, before any services will be set up with our company. 24. Continuance of Business. In the event that Subscriber's business is sold or relocates to a different location, it is the Subscriber's obligation to notify ONLINE, in writing, of these changes, within 72 business hours of the effective date of the transaction or the relocation. 25. Governing Law. The laws of the State of California shall govern this agreement. Any action hereunder shall be brought only in the State of California, in the County of Orange If any provision is found void, invalid, or unenforceable, it will not affect the validity of the balance of this agreement, which shall remain valid. All rights not specifically granted in this agreement are reserved by ONLINE Information Services, Inc 26. Contract in Entirety; Law. This Agreement sets forth the entire understanding and agreement between ONLINE and Subscriber concerning the Services, and supersedes any prior or contemporaneous oral or written agreements or representations. It may be modified only by a written amendment executed by both parties. This Agreement shall be interpreted in accordance with the laws of the State of California. 27. Effective Date. This Agreement is effective beginning on thep!Q -� so . (Effective Date). IN WITNESS WHEREOF, the parties authorized representatives have executed this Agreement on the date indicated below. Subscriber hereby certifies to have read and understand the "FCRA Requirements" notice and "Access Security Requirements" and will take all reasonable measures to enforce them within Subscribers facility. Subscriber certifies that a permissible purpose exists to use all Services accessed from ONLINE in accordance with the Fair Credit Reporting Act and the applicable service agreement. Subscriber also certifies that information obtained from ONLINE will be used for the purpose(s) listed below and no other. Subscriber will not resell the report to any third party. Revised: 0811112008 0 0 PERMISSIBLE PURPOSEIAPPROPRIATE USE: Describe the specific purpose (A clear definition) for which ONLINE Services and consumer data will be used. (An answer like "Checking Credit" is not a permissible purpose.): .� N � Subscriber: City of San Juan Capistrano Signature:W`r✓�""�- Print Name: aN-2 - ✓� c�m.✓rs Title: C.t l MK, ckzw�L Fmai l:V,sfV;S�r�w 6tf Date: Federal Tax ID: C1�- 6 co 6 6 G Address of Principal Business Office 32400 Paseo Adelanto San Juan Capistrano, CA 92675 Billing Address: 32400 Paseo Adelanto San Juan Capistrano, CA 92675 Email address to send invoices: ss hee k@sa nj uan capistra no.org ONLINE Information Services, Inc. dba/ONLINE Utilitychange By: ,NI Nick Smith Date: Opf1 1 23, 2,90 / Address: 202 West Firetower Road Winterville, NC 28590 www.ONLINEUtilitvExchange.com Telephone: (866)630-6400 Fax: (800) 838-9830 Revised: 08/11/2008 0 SCHEDULE A ONLINE Charges to Subscriber Please denote beside each product what level user should have access. Please not that if Administrator (Admin) level is assigned, Supervisors (Super) and Users (User) will not have access to those products. And like wise if a Supervisor level is assigned Users will not have access to those products. If you desire for all individuals at your organization to have access to a product please set the Access Level for that product to User. ONLINE Utility Exchange Pricing: ONLINE Utility Exchange Report: Monthly Access Fee: Adverse Action Letter Service Business Report Pricing: Business Intelliscore Report Business Profile Report Business Profile w/ Intelliscore Report Employment Screening Reports Pricing Employment Credit Report National Criminal Search Statewide Instant Search County Search (Non -Instant) Non -Instant State Search National Sex Offender Only Search Access Level 2.70 Per Applicant Screened User 30.00 Per Month 0.95 Per Letter Sent YO 16.00 Per Report U52C 31.00 Per Report 35.50 Per Report c Amin . $11.00 Per Report $12.00 Per Report $10.00 Per Report $15.00 Per Report $15.00 Per Report $ 7.50 Per Report DMV (State Department of Motor Vehicles) Search STATE PRICE STATE PRICE NON INSTANT STATE PRICE Alabama $12.50 Montana $12.00 Alaska $10.50 Arkansas $17.50 Nebraska $7.50 Delaware $20.00 Arizona $14.50 New Jersey $15.50 Hawaii $16.50 Colorado $9.00 New Mexico $7.00 Iowa $14.00 Connecticut $20.50 Nevada $12.50 Missouri $6.75 Dist. Of Columbia $12.50 New Hampshire $13.50 Washington $10.50 Florida $12.00 New York $10.50 Wyoming $10.50 Georgia $12.50 North Carolina $10.50 Idaho $11.00 North Dakota $8.50 Illinois $17.50 Ohio $7.50 Indiana $11.50 Oklahoma 18.00 Kansas $12.00 Rhode Island $23.50 Kentucky $10.00 South Carolina $11.50 Louisiana $11.50 South Dakota $9.50 Maine $12.50 Tennessee $12.50 Maryland $14.50 Texas $12.00 Massachusetts $11.50 Utah $12.75 Michigan $12.50 Vermont $13.50 Minnesota $8.00 Virginia $12.50 Mississippi $17.50 West Vir inia $13.50 1 Wisconsin $10.50 Revised: 08/11/2008 0 Skip Tracina Report Pricing ONLINE PEOPLE SEARCH XPN COLLECTION REPORT XPN SOCIAL SEARCH XPN CREDIT RLE 0 SCHEDULE A Continued ONLINE Charges to Subscriber t Amt Per search $ 1.80 Per Report $ 1_35 Per Search S 3-25 Per Report *"**Note: If Tex exempt, Please Provide serl8cate" Subscriber agrees to the above pricing schedule for reports pulled from ONLINE Information Services. �19d� !`f✓�15LM � (SdDw bees Name) Dct-� �-t ckxwl.,- Z/1,—,:2 3 —o q (Sdxxbers Signftm) (DOW) 10 Revised: 08/11/1008 0 0 EXHIBIT A Glossary of Terms Glossary Term Definition Computer Virus A Computer Virus is a self -replicating computer program that alters the way a computer operates, without the knowledge of the user. A true virus replicates and executes itself. While viruses can be destructive by destroying data, for example, some viruses are benign or merely annoying. Confidential Very sensitive information. Disclosure could adversely impact our companies. Encryption Encryption is the process of obscuring information to make it unreadable without special knowledge. Firewall In computer science, a Firewall is a piece of hardware and/or software which functions in a networked environment to prevent unauthorized external access and some communications forbidden by the security policy, analogous to the function of Firewalls in building construction. The ultimate goal is to provide controlled connectivity between zones of differing trust levels through the enforcement of a security policy and connectivity model based on the least privilege principle. Information Lifecycle (Or Data Lifecycle) is a management program that considers the value of the information being stored over a period of time, the cost of its storage, its need for availability for use by authorized users, and the period of time for which it must be retained. IP Address A unique number that devices use in order to identify and communicate with each other on a computer network utilizing the Internet Protocol standard (IP). Any All participating network devices - including routers, computers, time -servers, printers, Internet tax machines, and some telephones - must have its own unique IP address. Just as each street address and phone number uniquely identifies a building or telephone, an IP address can uniquely identify a specific computer or other network device on a network. It is important to keep your IP address secure as hackers can gain control of your devices and possibly launch an attack on other devices. Peer -to -Peer A type of communication found in a system that uses layered protocols. Peer -to -Peer networking is the protocol often used for reproducing and distributing music without permission. Router A Router is a computer networking device that forwards data packets across a network via routing. A Router acts as a junction between two or more networks transferring data packets. Spyware Spyware refers to a broad category of malicious software designed to intercept or take partial control of a computer's operation without the consent of that machine's owner or user. In simpler terms, spyware is a type of program that watches what users do with their computer and then sends that information over the internet. SSID Part of the W i-Fi Wireless LAN, a service set identifier (SSID) is a code that identifies each packet as part of that network. Wireless devices that communicate with each other share the same SSID. Subscriber Code Your seven digit credit reporting agency account number. WEP Encryption (Wired Equivalent Privacy) A part of the wireless networking standard intended to provide secure communication. The longer the key used, the stronger the encryption will be (Older technology reaching its end of life). WPA (Wi-Fi Protected Access) A part of the wireless networking standard that provides stronger authentication and more secure communications. Replaces WEP. Uses dynamic key encryption verses static as in WEP (key is constantly changing and thus more difficult to break than WEP). 11 Revised: 08/11/2008 New UEX Customer Setup Customer: City of San Juan Capistrano Physical Address: 32400 Paseo Adelanto San Juan Capistrano, CA 92675 Mailing Address: 32400 Paseo Adelanto San Juan Capistrano, CA 92675 How long at physical address: 30 VP,( S Did you include Checking Credit in your Policies and Procedures? _Yes No Will you be printing and storing credit reports? Yes X No Do you lease or own the building in which you are located: (Please check one) X Own Commercial Building or Resident: Commercial Do you have investigation License? Yes X No If Yes, please provide a copy Estimated # of Credit Reports you will access monthly: /06 How will you access the Credit Report? X Personal Computer Other Default Websit UE Permissible Purpose: Credit Transaction(Fraud Prevention) NS ONLINE Rep: NI Q SrA E!1 Lease Software Vendor: J' C.G(-C"S Version: CIS 1-IL64 SySte. X Using Interface: Ye REPORT/ INTERFACE OPTION Collections File Upload: YA Web Collections: Y&1 Adverse Action Letter Service r6D Exchange Data Upload&N 12 Revised: 08/11/2008 E 0 SCORE (MUST be Completed) You can choose to use ONLINE's default scoring, or the break points and messages can be customized to your liking. Please circle one scorin mo E�� DEFAULT SCORING CUSTOMIZE AS FOLLOWS: (Message Examples: Maximum, 2x Avg. Mo sage, Etc.) Green: 0.0%- 10.0% Waive Deposit Yellow:10.1 % - 25.0% Moderate Deposit Red: 25.1%- 100.0% Maximum Deposit Deposit 1i Yellow: % Deposit Messac Red: % - % Message: It Report Shows: No Score, I choos Re Yellow / Green Bankru tc .Red Yellow /Green AFFILIATED OR PARENT COMPANY INFORMATION Affiliated or Parent Company: (—" 6a= Address: Zip Code: Contact Name: Phone:( ) BANK REFERENCE Bank Name: FS Address: iks�a—iVAXOX 0— r W - •. Bank Contact:7:S���\LQQ�2� Phone: Account Number(s): �)•_ 2 BUSINESS REFERENCES (1) Zip:rcma��j (2) Business Name: �s�t— Address�J City: -z-, State:Zip: So31o$-�Oao 13 Revised: 08/11/2008 0 Contact Person: Phone: ( 1`300 -'1b1 -\ate\ N0\0 ak"O 14 Revised: 08/11/2008 0 0 WEBSITE USER SETUP FORM Score Visible&N (Certain Interfaces require these to match your CIS Package logins) Password Expiration: 15Rn . Never User Full Name User Email Address User Name Administrator Smervisor User „ A/Sp \ C „ aS/U „ r A/S A/S A/S/U A/S/U A/S/U A/S/U A/S/U A/S/U A/S/U A/S/U A/S/U A/S/U A/S/U A/S!U A/S/U A/S/U A/S/U A/S/U A/S/U If you need additional users setup please copy this page and submit with your contract package) 15 Revised: 08/11/2008 Score Visible: Y/N (Certain Interfaces require these to match your CIS Package logins) Password Expiration: 1St log in Never User Full Name User Email Address Interface Loain Administrator Supervisor User A/S/U A/S/U A/S/U A/S/U A/S/U A/S/U A/S/U A/S/U A/S/U A/S/U A/S/U A/S/U A/S/U A/S/U A/S/U A/S/U A/S/U A/S/U A/S/U A/S/U A/S/U A/S/U A/S/U If you need additional users setup please copy this page and submit with your contract package) 16 Revised: 08/11/2008 • Customer Contacts Inspection Contact Person: Name: S+QCIe- Spee K PH: ° Lll- 487- Y3O1 Training Contact Person: Name: S7CICIC SiW 1 PH: c �qyq xM- x/301 Administrative Contact: Name: Sfu6c ShCe-K Title: CU3+6mec S2Cvice �&ORwj+soc PH: 9x19 -m- x1301 Receive Billing Y/N FX: Receive Announcements Y/N Email:SS�Ne W 5G 1 �UAVI COOS4PAho, 01 Alternate Administrative Contact: Name: '7�� Title: PH: q - Receive Billing: Y© FX: Receive Announcements: 1FEmail Accounts Payable Contact: Name7N!x�,e (Responsible for Accounts Payable) Title:OeC�cn��S� Receive Billing: 1Q FX: Receive Announcements: Y(n Email: Cr�Cd(��ScxY\p Technical Contact: Name: \ (Responsible for IT/Data) Title \�c PH: g�m� C3S cit i1ntP . Receive Billing: ` IM FX: Receive Announcements: Y& Email: 17 Revised: 08/11/2008 0 Authorization for Release of Driver Related Records As part of the application process for «accountName», I understand that they may conduct an investigation of my driver's license abstract. I understand that these records may be used for the eligibility of my employment or continued employment for the company designated below. I authorize without reservation the full release of these records from American Driving Records to ONLINE Information Services who is acting as agent to «accountName». I also release and discharge «accountName», and all of its agents and associates, any expenses, losses, damages, liabilities, or any other charges or complaints for the investigative process. I also authorize the full release of any driver related abstract, without reservation, throughout any duration of my employment at «accountName» . My signature below certifies that this authorization was completed by myself and is complete and true to the best of my knowledge. APPLICANT INFORMATION (Please print clearly and accurately) Last Name: First Name: Date of Birth: Driver's License #: Issuing State: Signature: Date: EMPLOYER ATTESTATION • That the company named below is an employer or prospective employer of the above named individual, and that I am a representative authorized to bind said company. • That AMERICAN DRP✓ING RECORDS is acting as agent on behalf of ONLINE Information Services who is acting as agent on our behalf to obtain the abstract of driver records of the above named individual. Company Name: Address: Printed Name: Title: Signature: Date: Please fax all requests to 1-800-873-5796. Note: If your request is ordered before 3:00 pm, then your report will be returned within the same business day. 18 Revised: 08/11/2008