The URL can be used to link to this page

Browse Search

Home My WebLink About20242831.tiffCbn c+ 1W81$9 BOARD OF COUNTY COMMISSIONERS PASS -AROUND REVIEW PASS AROUND TITLE: Renewal for EDR (Endpoint Detection & Response) DEPARTMENT: Information Technology DATE: October 16, 2024 PERSON REQUESTING: Ryan Rose V Brief description of the problem/issue: Renewal of Crowdstrike software for data protection for September 28, 2024, to September 28, 2025. What options exist for the Board? IT is requesting the Board to authorize the Chair to sign the attached Crowdstrike Terms and Conditions and the related Weld County Falcon Flex Pool document to remain maintenance support. Consequences: If we don't sign, the current support contract will expire which increases potential security risks. Impacts: The software platform helps protect Weld County endpoints, cloud workloads plus identities and data. Costs (Current Fiscal Year / Ongoing or Subsequent Fiscal Years): $100,787.00 for September 28, 2024 to September 28, 2025 Recommendation: IT recommends signature of the Crowdstrike Agreements. Legal has reviewed. Suocsort Recommendation Schedule Place on BOCC Agenda Work Session Other/Comments: Perry L. Buck, Pro -Tern Mike Freeman Scott K. James Kevin D. Ross , Chair Lori Seine CorSe.Yif 10(23/Z4 - CC : ZT(RR/S� I� 02/2S/25 2024-2831 rroo(3 UVVU.lyII CIIU. 1 IGPICCUU-V,I J,,,G-/1MON-/PV I -r J,LIJ/17G CROWDSTRIKE TERMS AND CONDITIONS These CrowdStrike Terms and Conditions by and between CrowdStrike, Inc., a Delaware corporation, and any Affiliates performing hereunder (collectively, "CrowdStrike") with a principal place of business at 150 Mathilda Place, Suite 300, Sunnyvale, California 94086 and Weld County, Colorado ("Customer"), with a place of business at 1150 O Street, Greeley, Colorado 80631 are entered into as of the date signed by the last party (the "Effective Date"). These CrowdStrike Terms and Conditions are a master agreement that cover all CrowdStrike products and services but provisions regarding specific products or services apply only to the extent Customer has purchased, accessed or used such products or services. 1. Definitions. "Affiliate" means any entity that a party directly or indirectly controls (e.g., subsidiary) or is controlled by (e.g., parent), or with which it is under common control (e.g., sibling). "Agreement" means these CrowdStrike Terms and Conditions together with each Order. "API" means an application program (or programming) interface. "CrowdStrike Competitor" means a person or entity in the business of developing, distributing, or commercializing Internet security products or services substantially similar to or competitive with CrowdStrike's products or services. "CrowdStrike Data" shall mean the data generated by the CrowdStrike Offerings, including but not limited to, correlative and/or contextual data, and/or detections. For the avoidance of doubt, CrowdStrike Data does not include Customer Data. "CrowdStrike Tool" means any CrowdStrike proprietary software -as -a -service, software, hardware, or other tool that CrowdStrike uses in performing Professional Services, which may be specified in the applicable SOW. CrowdStrike Tools may include CrowdStrike's products. "Customer" means as the context requires, in addition to the entity identified above, any Customer Affiliate that places an Order under these CrowdStrike Terms and Conditions, uses or accesses any Offering hereunder, or benefits from the Customer's use of an Offering. "Customer Contractor" means any individual or entity (other than a CrowdStrike Competitor) that: (i) has access or use of a Product under this Agreement solely on behalf of and for Customer's Internal Use, (ii) has an agreement to provide Customer (or its Affiliates) services, and (iii) is subject to confidentiality obligations covering CrowdStrike's Confidential Information. "Customer Contractor Services" means products, services or content developed or provided by Customer Contractors, including, but not limited to, third party applications complimentary to the Offerings, implementation services, managed services, training, technical support, or other consulting services related to, or in conjunction with, the Offerings. "Documentation" means CrowdStrike's end -user technical documentation included in the applicable Offering. "Endpoint" means any physical or virtual device, such as, a computer, server, laptop, desktop computer, mobile, cellular, container or virtual machine image. "Error" means a reproducible failure of a Product to perform in substantial conformity with its applicable Documentation. "Internal Use" means access or use solely for Customer's and subject to the Section entitled Affiliates, Orders and Payment; Affiliates and the Section entitled Access and Use Rights, its Affiliates', own internal information security purposes. By way of example and not limitation, Internal Use does not include access or use: (i) for the CrowdStrike Form May 27 2019 1 of 15 LA,U.11ylI CI IVCILJ,C IL, I ILMCCVL!-F ,FU-Ycl'c-F 1,09.-IPV-1r rJLruJM7L benefit of any person or entity other than Customer or its Affiliates, or (ii) in any event, for the development of any product or service. Internal Use is limited to access and use by Customer's and its Affiliates' employees and Customer Contractors (except as set forth in the Section entitled Customer Contractors), in either event, solely on Customer's behalf and for Customer's benefit. "Offerings" means, collectively, any Products, Product -Related Services, or Professional Services. "Order" means any purchase order or other ordering document (including any SOW) accepted by CrowdStrike or a reseller that identifies the following ordered by Customer: Offering, Offering quantity based on CrowdStrike's applicable license metrics (e.g., number of Endpoints, size of company (based on number of employees), number of file uploads, or number of queries), price and Subscription/Order Term. "Product" means any of CrowdStrike's cloud -based software or other products ordered by Customer as set forth in the relevant Order, the available accompanying API's, the CrowdStrike Data, any Documentation and any Updates thereto that may be made available to Customer from time to time by CrowdStrike. "Product -Related Services" means, collectively, (i) Falcon OverWatch, (ii) Falcon Complete Team, (iii) the technical support services for certain Products provided by CrowdStrike, (iv) training, and (v) any other CrowdStrike services provided or sold with Products. Product -Related Services do not include Professional Services. "Professional Services" means any professional services performed by CrowdStrike for Customer pursuant to an SOW or other Order. Professional Services may include without limitation incident response, investigation and forensic services related to cyber-security adversaries, tabletop exercises, and next generation penetration tests related to cyber-security. "Services" means, collectively, any Product -Related Services and any Professional Services. "Statement of Work" or "SOW" means a mutually -agreed executed written document describing the Professional Services to be performed by CrowdStrike for Customer, deliverables, fees, and expenses related thereto. "Subscription/Order Term" means the period of time set forth in the applicable Order during which: (i) Customer is authorized by CrowdStrike to access and use the Product or Product -Related Service, or (ii) Professional Services may be performed. "Updates" means any correction, update, upgrade, patch, or other modification or addition made by CrowdStrike to any Product and provided to Customer by CrowdStrike from time to time on an as available basis. 2. Affiliates, Orders and Payment. 2.1 Affiliates. Any Affiliate purchasing hereunder, or using or accessing any Offering hereunder, or benefitting from the Customer's use of an Offering, will be bound by and comply with all terms and conditions of this Agreement. The Customer signing these CrowdStrike Terms and Conditions will remain responsible for Customer's Affiliates' acts and omissions unless Customer's Affiliate has entered into its own Terms and Conditions with CrowdStrike. 2.2 Orders. Only those transaction -specific terms stating the Offerings ordered, quantity, price, payment terms, Subscription/Order Term, and billing/provisioning contact information (and for the avoidance of doubt, specifically excluding any pre-printed terms on a Customer or reseller purchase order) will have any force or effect unless a particular Order is executed by an authorized signer of CrowdStrike and returned to Customer (or the applicable reseller). If any such Order is so executed and delivered, then only those specific terms on the face of such Order that expressly identify those portions of this Agreement that are to be superseded will prevail over any conflicting terms herein but only with respect to those Offerings ordered on such Order. Orders are non -cancellable. Any Order through a reseller is subject to, and CrowdStrike's obligations and liabilities to Customer are governed by, this Agreement. 2.3 Payment and Taxes. Customer will pay the fees for Offerings to a reseller or CrowdStrike as set forth in the applicable Order. Unless otherwise expressly set forth on the Order, Customer will pay the fees and amounts stated on each Order within 30 days after receipt of the applicable invoice. Except as otherwise expressly provided in this Agreement, all fees and other amounts are non-refundable. Fees are exclusive of any applicable sales, use, value CrowdStrike Form May 27 2019 2 of 15 LJUI.UDNy.II CI I VCIUpe ILI. 1 ILMCCLJLJ-r Vf U-m•cuc-'v1o,-//'V1r I-JULIJPWL added, withholding, and other taxes, however designated. Customer shall pay all such taxes levied or imposed by reason of Customer's purchase of the Offerings and the transactions hereunder, except for taxes based on CrowdStrike's income or with respect to CrowdStrike's employment of its employees. 3. Access & Use Rights. 3.1 Evaluation. If CrowdStrike approves Customer's evaluation use of a CrowdStrike product ("Evaluation Product"), the terms herein applicable to Products also apply to evaluation access and use of such Evaluation Product, except for the following different or additional terms: (i) the duration of the evaluation is as mutually agreed upon by Customer and CrowdStrike, provided, that either CrowdStrike or Customer can terminate the evaluation at any time upon written (including email) notice to the other party; (ii) the Evaluation Product is provided "AS -IS" without warranty of any kind, and CrowdStrike disclaims all warranties, support obligations, and other liabilities and obligations for the Evaluation Product; and (iii) Customer's access and use is limited to Internal Use by Customer employees only. 3.2 Access & Use Rights. Subject to the terms and conditions of this Agreement (including CrowdStrike's receipt of applicable fees), CrowdStrike grants Customer, under CrowdStrike's intellectual property rights in and to the applicable Product, a non-exclusive, non -transferable (except as expressly provided in the Section entitled Assignment), non-sublicensable license to access and use the Products in accordance with any applicable Documentation solely for Customer's Internal Use during the applicable Subscription/Order Term. Customer's access and use is limited to the quantity in the applicable Order. Furthermore, the following additional terms and conditions apply to specific Products (or components thereof): (a) Products with Software Components. If Customer purchases a subscription to a Product with a downloadable object -code component ("Software Component"), Customer may, during the Subscription/Order Term install and run multiple copies of the Software Components solely for Customer's and Customer's Affiliates' Internal Use up to the maximum quantity in the applicable Order. (b) CrowdStrike Tools. If CrowdStrike provides CrowdStrike Tools to Customer pursuant to performing Professional Services, the license set forth in the Section entitled Access & Use Rights applies to such CrowdStrike Tools as used solely for Customer's Internal Use during the period of time set forth in the applicable Order, or if none is specified, for the period authorized by CrowdStrike. Not all Professional Services engagements will involve the use of CrowdStrike Tools. 3.3 Restrictions. The access and use rights set forth in the Section entitled Access & Use Rights do not include any rights to, and Customer will not, with respect to any Offering (or any portion thereof): (i) employ or authorize a CrowdStrike Competitor to use or view the Offering or Documentation, or to provide management, hosting, or support for an Offering; (ii) alter, publicly display, translate, create derivative works of or otherwise modify an Offering; (iii) sublicense, distribute or otherwise transfer an Offering to any third party (except as expressly provided in the Section entitled Assignment); (iv) allow third parties to access or use an Offering (except for Customer Contractors as expressly permitted herein); (v) create public Internet "links" to an Offering or "frame" or "mirror" any Offering content on any other server or wireless or Internet -based device; (vi) reverse engineer, decompile, disassemble or otherwise attempt to derive the source code (if any) for an Offering (except to the extent that such prohibition is expressly precluded by applicable law), circumvent its functions, or attempt to gain unauthorized access to an Offering or its related systems or networks; (vii) use an Offering to circumvent the security of another party's network/information, develop malware, unauthorized surreptitious surveillance, data modification, data exfiltration, data ransom or data destruction; (viii) remove or alter any notice of proprietary right appearing on an Offering; (ix) conduct any stress tests, competitive benchmarking or analysis on, or publish any performance data of, an Offering (provided, that this does not prevent Customer from comparing the Products to other products for Customer's Internal Use); (x) use any feature of CrowdStrike APIs for any purpose other than in the performance of, and in accordance with, this Agreement; or (xi) cause, encourage or assist any third party to do any of the foregoing. Customer agrees to use an Offering in accordance with laws, rules and regulations directly applicable to Customer and acknowledges that Customer is solely responsible for determining whether a particular use of an Offering is compliant with such laws. 3.4 Installation and User Accounts. CrowdStrike is not responsible for installing Products unless Customer purchases installation services from CrowdStrike. For those Products requiring user accounts, only the single individual user assigned to a user account may access or use the Product. Customer is liable and responsible for all CrowdStrike Form May 27 2019 3 of 15 LAJ,UJlylI CIILJ. I IL/1CGLJLJ'r VrUWLI,L-FV104-/ FVYrr J,LIJF\.7L actions and omissions occurring under Customer's and Customer Contractor's user accounts for Offerings. Customer shall notify CrowdStrike if Customer learns of any unauthorized access or use of Customer's user accounts or passwords for an Offering. 3.5 Malware Samples. If CrowdStrike makes malware samples available to Customer in connection with an evaluation or use of the Product ("Malware Samples"), Customer acknowledges and agrees that (i) Customer's access to and use of Malware Samples is at Customer's own risk, and (ii) Customer should not download or access any Malware Samples on or through its own production systems and networks and that doing so can infect and damage Customer's systems, networks, and data. Customer shall use the Malware Samples solely for Internal Use and not for any malicious or unlawful purpose. CrowdStrike will not be liable for any loss or damage caused by any Malware Sample that may infect Customer's computer equipment, computer programs, data, or other proprietary material due to Customer's access to or use of the Malware Samples. 3.6 Third Party Software. CrowdStrike uses certain third party software in its Products, including what is commonly referred to as open source software. Under some of these third party licenses, CrowdStrike is required to provide Customer with notice of the license terms and attribution to the third party. See the licensing terms and attributions for such third party software that CrowdStrike uses at httos://falcon.crowdstrike.com/opensource. 3.7 Ownership & Feedback. Products, Product -Related Services and the CrowdStrike Tools are made available for use or licensed, not sold. CrowdStrike owns and retains all right, title and interest (including all intellectual property rights) in and to the Products, Product -Related Services and the CrowdStrike Tools. Any feedback or suggestions that Customer provides to CrowdStrike regarding its Offerings and CrowdStrike Tools (e.g., bug fixes and features requests) is non -confidential and may be used by CrowdStrike for any purpose without acknowledgement or compensation; provided, Customer will not be identified publicly as the source of the feedback or suggestion. 4. Customer Contractors. 4.1 Authorization. Customer authorizes CrowdStrike to give Customer Contractors the rights and privileges to the Offerings necessary to enable and provide for Customer's use and receipt of the Customer Contractor Services. If at any time Customer revokes this authorization, to the extent the Offerings provide for Customer to limit the Customer Contractor's access and use of the Offerings, then Customer is responsible for taking the actions necessary to revoke such access and use. In the event Customer requires CrowdStrike assistance with such revocation or limitation, Customer must contact CrowdStrike Support with written notice of such revocation or limitation at support@crowdstrike.com and CrowdStrike will disable the Customer Contractor's access to Customer's Offerings within a reasonable period of time following receipt of such notice but in any event within 72 hours of receipt of such notice. 4.2 Disclaimer. Customer Contractors are subject to the terms and conditions in the Agreement while they are using the Offerings on behalf of Customer and Customer remains responsible for their acts and omissions during such time. Any breach by a Customer Contractor of this Agreement is a breach by Customer. CrowdStrike may make available Customer Contractor Services to Customer, for example, through an online directory, catalog, store, or marketplace. Customer Contractor Services are not required for use of the Offerings. Offerings may contain features, including API's, designed to interface with or provide data to Customer Contractor Services. CrowdStrike is not responsible or liable for any loss, costs or damages arising out of Customer Contractor's actions or inactions in any manner, including but not limited to, for any disclosure, transfer, modification or deletion of Customer Data (defined in Exhibit A). Whether or not a Customer Contractor is designated by CrowdStrike as, or otherwise claims to be "certified," "authorized," or similarly labeled, CrowdStrike does not (i) control, monitor, maintain or provide support'for, Customer Contractor Services, (ii) disclaims all warranties of any kind, indemnities, obligations, and other liabilities in connection with the Customer Contractor Services, and any Customer Contractor interface or integration with the Offerings, and (iii) cannot guarantee the continued availability of Customer Contractor Services and related features. If Customer Contractor Services and related features are no longer available for any reason, CrowdStrike is not obligated to provide any refund, credit, or other compensation for, or related to, the Offerings. 4.3 Restrictions on Customer Contractors. Customer shall not give or allow Customer Contractors access to, or use of, intelligence reports provided by, or made accessible in, the Products. For the avoidance of doubt, nothing herein prevents Customer from using intelligence API's in Customer Contractor Services for Customer's Internal Use. 5. Professional Services. CrowdStrike Form May 27 2019 4 of 15 L/VI.U.11yII GI IVellJpe IU. I ILMGCLlL/-I-Vr V-YLIiL-/V1UY-/FV\I'f JIiVJMJL 5.1 Fees. Professional Services will commence on a mutually agreed upon date. Estimates provided for Professional Services performed on a time -and -material basis are estimates only and not a guaranteed time of completion. Professional Services performed on a fixed fee basis are limited to the scope of services stated in the applicable Order. 5.2 Ownership of Deliverables. Professional Services do not constitute "works for hire," "works made in the course of duty," or similar terms under laws where the transfer of intellectual property occurs on the performance of services to a payor. The only deliverable arising from the Professional Services is a report consisting primarily of CrowdStrike's findings, recommendations, and adversary information. Customer owns the copy of the report (including without limitation, all of Customer's Confidential Information therein) delivered to Customer ("Deliverable"), subject to CrowdStrike's ownership of the CrowdStrike Materials. Customer agrees that relative to Customer, CrowdStrike exclusively owns any and all software (including object and source code), flow charts, algorithms, documentation, adversary information, report templates, know-how, inventions, techniques, models, CrowdStrike trademarks, ideas and any and all other works and materials developed by CrowdStrike in connection with performing the Professional Services (including without limitation all intellectual property rights therein and thereto) (collectively, the "CrowdStrike Materials") and that title shall remain with CrowdStrike. For the avoidance of doubt, the CrowdStrike Materials do not include any Customer Confidential Information or other Customer provided materials or data. Upon payment in full of the amounts due hereunder for the applicable Professional Services and to the extent the CrowdStrike Materials are incorporated into the Deliverable(s), Customer shall have a perpetual, non -transferable (except as expressly provided in the Section entitled Assignment), non-exclusive license to use the CrowdStrike Materials solely as a part of the Deliverable(s) for Customer's Internal Use. 6. Data Security and Privacy. See Exhibit A. 7. Confidentiality. 7.1 Definitions. In connection with this Agreement, each party ("Recipient") may receive Confidential Information of the other party ("Discloser") or third parties to whom Discloser has a duty of confidentiality. "Confidential Information" means non-public information in any form that is in the Recipient's possession regardless of the method of acquisition that the Discloser designates as confidential to Recipient or should be reasonably known by the Recipient to be Confidential Information due to the nature of the information disclosed and/or the circumstances surrounding the disclosure. Confidential Information shall not include information that is: (i) in or becomes part of the public domain (other than by disclosure by Recipient in violation of this Agreement); (ii) previously known to Recipient without an obligation of confidentiality and demonstrable by the Recipient; (iii) independently developed by Recipient without use of Discloser's Confidential Information; or (iv) rightfully obtained by Recipient from third parties without an obligation of confidentiality. 7.2 Restrictions on Use. Except as allowed in Section 77.3 (Exceptions), Recipient shall hold Discloser's Confidential Information in strict confidence and shall not disclose any such Confidential Information to any third party, other than to its employees, and contractors, including without limitation, counsel, accountants, and financial advisors (collectively, "Representatives"), its Affiliates and their Representatives, subject to the other terms of this Agreement, and in each case who need to know such information and who are bound by restrictions regarding disclosure and use of such information comparable to and no less restrictive than those set forth herein. Recipient shall not use Discloser's Confidential Information for any purpose other than as set forth in this Agreement. Recipient shall take the same degree of care that it uses to protect its own confidential information of a similar nature and importance (but in no event less than reasonable care) to protect the confidentiality and avoid the unauthorized use, disclosure, publication, or dissemination of the Discloser's Confidential Information. Within 72 hours of Recipient becoming aware of the unauthorized use, disclosure, publication, or dissemination of the Discloser's Confidential Information while in Recipient's control, Recipient shall provide Discloser with notice thereof. 7.3 Exceptions. Recipient may disclose Discloser's Confidential Information: (i) to the extent required by applicable law or regulation; (ii) pursuant to a subpoena or order of a court or regulatory, self -regulatory, or legislative body of competent jurisdiction; (iii) in connection with any regulatory report, audit, or inquiry; or (iv) where requested by a regulator with jurisdiction over Recipient. In the event of such a requirement or request, Recipient shall, to the extent legally permitted: (a) give Discloser prompt written notice of such requirement or request prior to such disclosure; and (b) at Discloser's cost, a reasonable opportunity to review and comment upon the disclosure and request confidential treatment or a protective order pertaining thereto prior to Recipient making such disclosure. If the CrowdStrike Form May 27 2019 5 of 15 LJULU.lyII GI IVellipC ILJ. I ICMGGLJLJ-r LAru-44,cY'v\OY-/ rv,rr JVVJM.7c Recipient is legally required to disclose the Discloser's Confidential Information as part of: (x) a legal proceeding to which the Discloser is a party but the Recipient is not; or (y) a government or regulatory investigation of the Discloser, the Discloser shall pay all of the Recipient's reasonable and actual out of pocket legal fees and expenses (as evidenced by reasonably detailed invoices) and will reimburse the Recipient for its reasonable costs and fees of compiling and providing such Confidential Information, including, a reasonable hourly rate for time spent preparing for, and participating in, depositions and other testimony. 7.4 Destruction. Upon Discloser's written request, Recipient shall use commercially reasonable efforts to destroy the Confidential Information and any copies or extracts thereof. However, Recipient, its Affiliates and their Representatives may retain any Confidential Information that: (i) they are required to keep for compliance purposes under a document retention policy or as required by applicable law, professional standards, a court, or regulatory agency; or (ii) have been created electronically pursuant to automatic or ordinary course archiving, back-up, security, or disaster recovery systems or procedures; provided, however, that any such retained information shall remain subject to this Agreement. Upon Discloser's request, Recipient will provide Discloser with written confirmation of destruction in compliance with this provision. 7.5 Equitable Relief. Each party acknowledges that a breach of this Section 7 (Confidentiality) shall cause the other party irreparable injury and damage. Therefore, each party agrees that those breaches may be stopped through injunctive proceedings in addition to any other rights and remedies which may be available to the injured party at law or in equity without the posting of a bond. 8. Warranties & Disclaimer. 8.1 No Warranty for Pre -Production Versions. Any pre -production feature or version of an Offering provided to Customer is experimental and provided "AS IS" without warranty of any kind and will not create any obligation for CrowdStrike to continue to develop, productize, support, repair, offer for sale, or in any other way continue to provide or develop any such feature or Offering. Customer agrees that its purchase is not contingent on the delivery of any future functionality or features, or dependent on any oral or written statements made by CrowdStrike regarding future functionality or features. 8.2 Product Warranty. If Customer has purchased a Product, CrowdStrike warrants to Customer during the applicable Subscription/Order Term that: (i) the Product will operate without Error; and (ii) CrowdStrike has used industry standard techniques to prevent the Products at the time of delivery from injecting malicious software viruses into Customer's Endpoints where the Products are installed. Customer must notify CrowdStrike of any warranty claim during the Subscription/Order Term. Customer's sole and exclusive remedy and the entire liability of CrowdStrike for its breach of this warranty will be for CrowdStrike, at its own expense to do at least one of the following: (a) use commercially reasonable efforts to provide a work -around or correct such Error; or (b) terminate Customer's license to access and use the applicable non -conforming Product and refund the prepaid fee prorated for the unused period of the Subscription/Order Term. CrowdStrike shall have no obligation regarding Errors reported after the applicable Subscription/Order Term. 8.3 Services Warranty. CrowdStrike warrants to Customer that it will perform all Services in a professional and workmanlike manner consistent with generally accepted industry standards. Customer must notify CrowdStrike of any warranty claim for Services during the period the Services are being performed or within 30 days after the conclusion of the Services. Customer's sole and exclusive remedy and the entire liability of CrowdStrike for its breach of this warranty will be for CrowdStrike, at its option and expense, to (a) use commercially reasonable efforts to re - perform the non -conforming Services, or (b) refund the portion of the fees paid attributable to the non -conforming Services. 8.4 Exclusions. The express warranties do not apply if the applicable Product or Service: (i) has been modified, except by CrowdStrike, (ii) has not been installed, used, or maintained in accordance with this Agreement or Documentation, or (iii) is non -conforming due to a failure to use an applicable Update. If any part of a Product or Service references websites, hypertext links, network addresses, or other third party locations, information, or activities, it is provided as a convenience only. 8.5 No Guarantee. CUSTOMER ACKNOWLEDGES, UNDERSTANDS, AND AGREES THAT CROWDSTRIKE DOES NOT GUARANTEE OR WARRANT THAT IT WILL FIND, LOCATE, OR DISCOVER ALL OF CUSTOMER'S CrowdStrike Form May 27 2019 6 of 15 LJUI.UDIyII CI IVCILI, IL., I ILPIGGLO LArU-'4LVL-PV\0Y-/PV VI-JLAIJMUL OR ITS AFFILIATES' SYSTEM THREATS, VULNERABILITIES, MALWARE, AND MALICIOUS SOFTWARE, AND CUSTOMER AND ITS AFFILIATES WILL NOT HOLD CROWDSTRIKE RESPONSIBLE THEREFOR. 8.6 Disclaimer. EXCEPT FOR THE EXPRESS WARRANTIES IN THIS SECTION 8, CROWDSTRIKE AND ITS AFFILIATES DISCLAIM ALL OTHER WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE. TO THE MAXIMUM EXTENT PERMITTED UNDER APPLICABLE LAW, CROWDSTRIKE AND ITS AFFILIATES AND SUPPLIERS SPECIFICALLY DISCLAIM ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGMENT WITH RESPECT TO THE OFFERINGS AND CROWDSTRIKE TOOLS. THERE IS NO WARRANTY THAT THE OFFERINGS OR CROWDSTRIKE TOOLS WILL BE ERROR FREE, OR THAT THEY WILL OPERATE WITHOUT INTERRUPTION OR WILL FULFILL ANY OF CUSTOMER'S PARTICULAR PURPOSES OR NEEDS. THE OFFERINGS AND CROWDSTRIKE TOOLS ARE NOT FAULT -TOLERANT AND ARE NOT DESIGNED OR INTENDED FOR USE IN ANY HAZARDOUS ENVIRONMENT REQUIRING FAIL-SAFE PERFORMANCE OR OPERATION. NEITHER THE OFFERINGS NOR CROWDSTRIKE TOOLS ARE FOR USE IN THE OPERATION OF AIRCRAFT NAVIGATION, NUCLEAR FACILITIES, COMMUNICATION SYSTEMS, WEAPONS SYSTEMS, DIRECT OR INDIRECT LIFE- SUPPORT SYSTEMS, AIR TRAFFIC CONTROL, OR ANY APPLICATION OR INSTALLATION WHERE FAILURE COULD RESULT IN DEATH, SEVERE PHYSICAL INJURY, OR PROPERTY DAMAGE. Customer agrees that it is Customer's responsibility to ensure safe use of an Offering and the CrowdStrike Tools in such applications and installations. CROWDSTRIKE DOES NOT WARRANT ANY THIRD PARTY PRODUCTS OR SERVICES. 8.7 Additional Terms That May Apply. See Exhibit C for additional warranties that may apply to certain Customers. 9. Indemnification. 9.1 CrowdStrike's Obligation. CrowdStrike shall at its cost and expense: (i) defend and/or settle any claim brought against Customer by an unaffiliated third party alleging that an Offering infringes or violates that third party's intellectual property rights, and (ii) pay and indemnify any settlement of such claim or any damages awarded to such third party by a court of competent jurisdiction as a result of such claim; provided, that Customer: (a) gives CrowdStrike prompt written notice of such claim; (b) permits CrowdStrike to solely control and direct the defense or settlement of such claim (however, CrowdStrike will not settle any claim in a manner that requires Customer to admit liability without Customer's prior written consent); and (c) provides CrowdStrike all reasonable assistance in connection with the defense or settlement of such claim, at CrowdStrike's cost and expense. In addition, Customer may, at Customer's own expense, participate in defense of any claim. 9.2 Remedies. If a claim covered under this Section occurs or in CrowdStrike's opinion is reasonably likely to occur, CrowdStrike may at its expense and sole discretion (and if Customer's access and use of an Offering is enjoined, CrowdStrike will, at its expense): (i) procure the right to allow Customer to continue using the applicable Offering; (ii) modify or replace the applicable Offering to become non -infringing; or (iii) if neither (i) nor (ii) is commercially practicable, terminate Customer's license or access to the affected portion of applicable Offering and refund a portion of the pre -paid, unused fees paid by Customer corresponding to the unused period of the Subscription/Order Term. 9.3 Exclusions. CrowdStrike shall have no obligations under this Section if the claim is based upon or arises out of: (i) any modification to the applicable Offering not made by CrowdStrike; (ii) any combination or use of the applicable Offering with or in any third party software, hardware, process, firmware, or data, to the extent that such claim is based on such combination or use; (iii) Customer's continued use of the allegedly infringing Offering after being notified of the infringement claim or after being provided a modified version of the Offering by CrowdStrike at no additional cost that is intended to address such alleged infringement; (iv) Customer's failure to use the Offering in accordance with the applicable Documentation; and/or (v) Customer's use of the Offering outside the scope of the rights granted under this Agreement. 9.4 Exclusive Remedy. THE REMEDIES SPECIFIED IN THIS SECTION CONSTITUTE CUSTOMER'S SOLE AND EXCLUSIVE REMEDIES, AND CROWDSTRIKE'S ENTIRE LIABILITY, WITH RESPECT TO ANY INFRINGEMENT OF THIRD PARTY INTELLECTUAL PROPERTY RIGHTS. 10. Limitation of Liability. CrowdStrike Form May 27 2019 7 of 15 LJVI.U,lylI CI IVCIUIJC IU. I ILJ'1CGlJLJ-rl'r 1,1-.4.4,...c-!V\om-rJl,vJM.7L 10.1 TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, EXCEPT FOR LIABILITY FOR ANY AMOUNTS PAID OR PAYABLE TO THIRD PARTIES UNDER SECTION 9 (INDEMNIFICATION), CUSTOMER'S PAYMENT OBLIGATIONS, AND/OR ANY INFRINGEMENT OR MISAPPROPRIATION BY ONE PARTY OF THE OTHER PARTY'S INTELLECTUAL PROPERTY RIGHTS, NEITHER PARTY SHALL BE LIABLE TO THE OTHER PARTY IN CONNECTION WITH THIS AGREEMENT OR THE SUBJECT MATTER HEREOF (UNDER ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STATUTE, TORT OR OTHERWISE) FOR ANY LOST PROFITS, REVENUE, OR SAVINGS, LOST BUSINESS OPPORTUNITIES, LOST DATA, OR SPECIAL, INCIDENTAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, EVEN IF SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES OR LOSSES OR SUCH DAMAGES OR LOSSES WERE REASONABLY FORESEEABLE; OR (B) AN AMOUNT THAT EXCEEDS THE TOTAL FEES PAID OR PAYABLE TO CROWDSTRIKE FOR THE RELEVANT OFFERING DURING THAT OFFERING'S SUBSCRIPTION/ORDER TERM. THESE LIMITATIONS WILL APPLY NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY REMEDY SPECIFIED IN THIS AGREEMENT. MULTIPLE CLAIMS SHALL NOT EXPAND THE LIMITATIONS SPECIFIED IN THIS SECTION 10. 10.2 Additional or Different Terms That May Apply. See Exhibit C for additional or different terms related to liability that may apply to certain Customers. 11. Compliance with Laws. Each party agrees to comply with all U.S. federal, state, local and non-U.S. laws directly applicable to such party in the performance of this Agreement, including but not limited to, applicable export and import, anti -corruption and employment laws. Customer acknowledges and agrees the Offerings shall not be used, transferred, or otherwise exported or re-exported to regions that the United States and/or the European Union maintains an embargo or comprehensive sanctions (collectively, "Embargoed Countries"), or to or by a national or resident thereof, or any person or entity subject to individual prohibitions (e.g., parties listed on the U.S. Department of Treasury's List of Specially Designated Nationals or the U.S. Department of Commerce's Table of Denial Orders) (collectively, "Designated Nationals"), without first obtaining all required authorizations from the U.S. government and any other applicable government. Customer represents and warrants that Customer is not located in, or is under the control of, or a national or resident of, an Embargoed Country or Designated National. CrowdStrike represents and warrants that CrowdStrike is not located in, or is under the control of, or a national or resident of, an Embargoed Country or Designated National. 12. U.S. Government End Users. 12.1 Commercial Items. The following applies to all acquisitions by or for the U.S. government or by any U.S Government prime contractor or subcontractor at any tier ("Government Users") under any U.S. Government contract, grant, other transaction, or other funding agreement. The Products, CrowdStrike Tools, and Documentation are "commercial items," as that term is defined in Federal Acquisition Regulation ("FAR") (48 C.F.R.) 2.101, consisting of "commercial computer software" and "commercial computer software documentation," as such terms are used in FAR 12.211 and 12.212. In addition, Department of Defense FAR Supplement ("DFARS") 252.227-7015 (Technical Data — Commercial Items) applies to technical data acquired by Department of Defense agencies. Consistent with FAR 12.211 and 12.212 and DFARS (48 C.F.R.) 227.7202-1 through 227.7202-4, the Products, CrowdStrike Tools, and Documentation are being licensed to Government Users pursuant to the terms of this license(s) customarily provided to the public as forth in this Agreement, unless such terms are inconsistent with United States federal law ("Federal Law"). 12.2 Disputes with the U.S. Government. If this Agreement fails to meet the Government's needs or is inconsistent in any way with Federal Law and the parties cannot reach a mutual agreement on terms for this Agreement, the Government agrees to terminate its use of the Offerings. In the event of any disputes with the U.S. Government in connection with this Agreement, Section 14.3 of this Agreement shall not apply. Instead the rights and duties of the parties arising from this Agreement, shall be governed by, construed, and enforced in accordance with Federal Procurement Law and any such disputes shall be resolved pursuant to the Contract Disputes Act of 1978, as amended (41 U.S.C. 7101-7109), as implemented by the Disputes Clause, FAR 52.233-1. 12.3 Precedence. This U.S. Government rights in this Section are in lieu of, and supersedes, any other FAR, DFARS, or other clause, provision, or supplemental regulation that addresses Government rights in the Offerings, computer software or technical data under this Agreement. CrowdStrike Form May 27 2019 8 of 15 lal,U,lylI CI IVCIU, I, I IGMCCIal-l-r VrU-VGV4-PV10V'/fV�r rJI.VJ/1.7L 13. Suspension and Termination. This Agreement shall remain effective until termination in accordance with this Section or as otherwise specified herein. CrowdStrike may immediately suspend Customer's access to, or use of, the Offerings if: (i) CrowdStrike believes that there is a significant threat to the security, integrity, functionality, or availability of the Offerings or any content, data, or applications in the Offerings; (ii) Customer or Customer users are in breach of Section 3.3 (Restrictions); or (iii) Customer fails to pay CrowdStrike when undisputed fees are due; provided, however, CrowdStrike will use commercially reasonable efforts under the circumstances to provide Customer with notice and, if applicable, an opportunity to remedy such violation prior to any such suspension. Either party may terminate this Agreement upon 30 days' written notice of a material breach by the other party, unless the breach is cured within the 30 -day notice period. Prior to termination and subject to the terms of this Agreement, Customer shall have the right to access and download Customer Data available per the Customer's purchased Products and data retention period in a manner and in a format supported by the Products. Upon termination of this Agreement for any reason: (a) all Customer's access and use rights granted in this Agreement will terminate; (b) Customer must promptly cease all use of Offerings and de -install all Software Components installed on Customer's Endpoints; and (c) Customer Data will be deleted in accordance with the data retention period purchased by Customer and Section 7.4 Confidentiality; Destruction). Sections 1, 3.3, 7, 10, 12, 13, and 14 and all liabilities that accrue prior to termination shall survive expiration or termination of this Agreement for any reason. 14. General. 14.1 Entire Agreement. This Agreement constitutes the entire agreement between Customer and CrowdStrike concerning the subject matter of this Agreement and it supersedes all prior and simultaneous proposals, agreements, understandings, or other communications between the parties, oral or written, regarding such subject matter. Notwithstanding the foregoing, if you have a CrowdStrike Limited Warranty Agreement for Falcon Complete (or a preceding or successor named product) fully executed with CrowdStrike, the warranty provided therein stands alone and is not superseded by this Agreement It is expressly agreed that the terms of this Agreement shall supersede any terms in any procurement Internet portal or other similar non-CrowdStrike document and no such terms included in any such portal or other non-CrowdStrike document shall apply to the Offerings ordered. Any Order through a reseller is subject to, and CrowdStrike's obligations and liabilities to Customer are governed by, this Agreement. CrowdStrike is not obligated under any reseller's agreement with you unless an officer of CrowdStrike executes the agreement This Agreement shall not be construed for or against any party to this Agreement because that party or that party's legal representative drafted any of its provisions. 14.2 Assignment. Neither party may assign this Agreement without the prior written consent of the other party, except to an Affiliate in connection with a corporate reorganization or in connection with a merger, acquisition, or sale of all or substantially all of its business and/or assets. Any assignment in violation of this Section shall be void. Subject to the foregoing, all rights and obligations of the parties under this Agreement shall be binding upon and inure to the benefit of and be enforceable by and against the successors and permitted assigns. 14.3 Governing Law; Venue. Except as otherwise provided in Exhibit B (if applicable), this Agreement, and the rights and duties of the parties arising from this Agreement, shall be governed by, construed, and enforced in accordance with the laws of the State of Colorado, excluding its conflicts -of -law principles. The sole and exclusive jurisdiction and venue for actions arising under this Agreement shall be state and federal courts in Weld County, Colorado, and the parties agree to service of process in accordance with the rules of such courts. The Uniform Computer Information Transactions Act and the United Nations Convention on the International Sale of Goods shall not apply. Notwithstanding the foregoing, each party reserves the right to file a suit or action in any court of competent jurisdiction as such party deems necessary to protect its intellectual property rights and, in CrowdStrike's case, to recoup any payments due. 14.4 Independent Contractors; No Third Party Rights. The parties are independent contractors. This Agreement shall not establish any relationship of partnership, joint venture, employment, franchise, or agency between the parties. No provision in this Agreement is intended or shall create any rights with respect to the subject matter of this Agreement in any third party. 14.5 Waiver, Severability & Amendments. The failure of either party to enforce any provision of this Agreement shall not constitute a waiver of any other provision or any subsequent breach. If any provision of this Agreement is held to be illegal, invalid, or unenforceable, the provision will be enforced to the maximum extent permissible so as to affect the intent of the parties, and the remaining provisions of this Agreement will remain in full force and CrowdStrike Form May 27 2019 9 of 15 lJULUDIyII CI IV CIL,IC Iv. I ILPICCVVT 1.ir0-YL1rL'rV10,- PNlrr Jl'VJPA3L effect. This Agreement may only be amended, or any term or condition set forth herein waived, by written consent of both parties. 14.6 Force Majeure. Neither party shall be liable for, nor shall either party be considered in breach of this Agreement due to, any failure to perform its obligations under this Agreement (other than its payment obligations) as a result of a cause beyond its control, including but not limited to, act of God or a public enemy, act of any military, civil or regulatory authority, change in any law or regulation, fire, flood, earthquake, storm or other like event, disruption or outage of communications (including an upstream server block and Internet or other networked environment disruption or outage), power or other utility, labor problem, or any other cause, whether similar or dissimilar to any of the foregoing, which could not have been prevented with reasonable care. The party experiencing a force majeure event, shall use commercially reasonable efforts to provide notice of such to the other party. 14.7 Notices. All legal notices will be given in writing to the addresses in the first introductory paragraph of this Agreement and will be effective: (i) when personally delivered, (ii) on the reported delivery date if sent by a recognized international or overnight courier, or (iii) five business days after being sent by registered or certified mail (or ten days for international mail). For clarity, Orders, POs, confirmations, invoices, and other documents relating to order processing and payment are not legal notices and may be delivered electronically in accordance with each party's standard ordering procedures. 14.8 Signatures. This Agreement and any Orders may be executed in two counterparts, each of which will be considered an original but all of which together will constitute one agreement. Any signature delivered by electronic means shall be treated for all purposes as an original. CROWDSTRIKE, INC. ,-DocuSigned by: VVIs c1n �QR� 4.46 2, By: .,,c,, E^IN2SAAE. Name: Michelle Racca Title: Deal Desk Manager 10/15/2024 Date: DS lJG LEGAL NAME OF CUSTOMER: Weld County, a o By: 7 Name: Kevin D. Ross Title: Chair, Board of Weld County Commissioners_ OCT 2 3 2024 Date: X61$ , ATTEST: Clerk t ' the Boar. v! By: De.uty Clerk o t :oard ikv CrowdStrike Form May 27 2019 10 of 15 Z0N-7,$'31 Docusign Envelope ID: 112AEEDD-FCF0-42C2-AA84-7AAFF3C03A92 Exhibit A: Data Security and Privacy Schedule 1. Definitions a. "CrowdStrike Systems" means those computer systems hosting the 'Falcon EPP Platform'. b. "Customer Data" means the data generated by the Customer's Endpoint and collected by: (i) the Products, and/or (ii) the CrowdStrike Tools, and in either case, sent to the CrowdStrike Systems. Customer Data is considered Customer's Confidential Information (defined in Section 7 Confidentiality) and subject to the exclusions, exceptions and obligations set forth therein and this Exhibit A Data Security and Privacy Schedule. c. "Execution Profile/Metric Data" means any machine -generated data, such as metadata derived from tasks, file execution, commands, resources, network telemetry, executable binary files, macros, scripts, and processes, that: (i) Customer provides to CrowdStrike in connection with this Agreement or (ii) is collected or discovered during the course of CrowdStrike providing Offerings, excluding any such information or data that identifies Customer or to the extent it includes Personal Data. d. "Personal Data" means information provided by Customer to CrowdStrike or collected by CrowdStrike from Customer used to distinguish or trace a natural person's identity, either alone or when combined with other personal or identifying information that is linked or linkable by CrowdStrike to a specific natural person. Personal Data also includes such other information about a specific natural person to the extent that the data protection laws applicable in the jurisdictions in which such person resides define such information as Personal Data. "Privacy and Security Laws" means U.S. federal, state and local and non-U.S. laws, including those of the European Union, that regulate the privacy or security of Personal Data and that are directly applicable to CrowdStrike. f. "Security Breach" means unauthorized access to, or unauthorized acquisition of: (i) Customer Data, or (ii) Personal Data, stored on CrowdStrike Systems that results in the compromise of such Customer Data and/or Personal Data. g. "Threat Actor Data" means any malware, spyware, virus, worm, Trojan horse, or other potentially malicious or harmful code or files, URLs, DNS data, network telemetry, commands, processes or techniques, metadata, or other information or data, in each case that is potentially related to unauthorized third parties associated therewith and that: (i) Customer provides to CrowdStrike in connection with this Agreement, or (ii) is collected or discovered during the course of CrowdStrike providing Offerings, excluding any such information or data that identifies Customer or to the extent that it includes Personal Data. 2. Falcon Platform The 'Falcon EPP Platform' uses a crowd -sourced environment, for the benefit of all customers, to help customers protect themselves against suspicious and potentially destructive activities. CrowdStrike's Products are designed to detect, prevent, respond to, and identify intrusions by collecting and analyzing data, including machine event data, executed scripts, code, system files, log files, dll files, login data, binary files, tasks, resource information, commands, protocol identifiers, URLs, network data, and/or other executable code and metadata. Customer, rather than CrowdStrike, determines which types of data, whether Personal Data or not, exist on its systems. Accordingly, Customer's endpoint environment is unique in configurations and naming conventions and the machine event data could potentially include Personal Data. CrowdStrike uses the data to: (i) analyze, characterize, attribute, warn of, and/or respond to threats against Customer and other customer, (ii) analyze trends and performance, (iii) improve the functionality of, and develop, CrowdStrike's products and services, and enhance cybersecurity; and (iv) permit Customers to leverage other applications that use the data, but for all of the foregoing, in a way that does not identify Customer or Customer's Personal Data to other customers. Neither Execution Profile/Metric Data nor Threat Actor Data are Customer's Confidential Information or Customer Data. 3. Processing Personal Data a. Provisioning/Use of Offerings. Personal Data may be collected and used during the provisioning and use of the Offerings to deliver, support and improve the Offerings, administer the Agreement and further the business relationship between Customer and CrowdStrike, comply with law, act in accordance with Customer's written instructions, or otherwise in accordance with this Agreement. Customer authorizes CrowdStrike to collect, use, store, and transfer the Personal Data that Customer provides to CrowdStrike as contemplated in this Agreement. CrowdStrike Form May 27 2019 11 of 15 Docusign Envelope ID: 112AEEDD-FCF0-42C2-AA84-7AAFF3C03A92 b. Suspicious/Unknown File Analysis. While using certain CrowdStrike Offerings Customer may have the option to upload (by submission, configuration, and/or, in the case of Services, by CrowdStrike personnel retrieval) files and other information related to the files for security analysis and response or, when submitting crash reports, to make the product more reliable and/or improve CrowdStrike's products and services or enhance cyber-security. These potentially suspicious or unknown files may be transmitted and analyzed to determine functionality and their potential to cause instability or damage to Customer's endpoints and systems. In some instances, these files could contain Personal Data for which Customer is responsible. 4. Compliance with Privacy and Information Security Requirements a. Compliance with Laws. CrowdStrike shall comply with all Privacy and Security Laws, the EU-US Privacy Shield Framework and the Swiss -US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of Personal Data from the European Economic Area, Switzerland, and the United Kingdom, as applicable. CrowdStrike's privacy notice may be found at http://www.crowdstrike.com/privacy-notice/. To the extent necessary to comply with Privacy and Security Laws, including but not limited to when Customer is a controller of Personal Data processed by CrowdStrike originating in the European Union, Switzerland, or the United Kingdom, the Data Protection Addendum set forth here https://www.crowdstrike.com/data-protection-agreement/ shall apply to CrowdStrike's processing of such Customer Personal Data. b. Safeguards. CrowdStrike shall maintain appropriate technical and organizational safeguards commensurate with the sensitivity of the Customer Data and Personal Data processed by it on Customer's behalf, which are designed to protect the security, confidentiality, and integrity of such Customer Data and Personal Data and protect such Customer Data and Personal Data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, including the safeguards set forth on Appendix 1 which substantially conform to the ISO/IEC 27002 control framework. ("Information Security Controls for CrowdStrike Systems"). c. Access; Contacts. With respect to employees, agents, and subcontractors, CrowdStrike shall limit access to Customer Data and Personal Data to only those employees, agents, and subcontractors who have a need to access the Customer Data and/or Personal Data in order to carry out their roles as contemplated in the terms of this Agreement. CrowdStrike shall assign and train personnel who shall: (i) liaise with customers regarding any issues concerning the security of Customer Data and/or Personal Data; (ii) receive notice of any Security Breach discovered by CrowdStrike and provide notice of any such Security Breach to Customer; and (iii) coordinate CrowdStrike's Security Breach response and remedial action. 5. Security Breach Response In the event CrowdStrike discovers a Security Breach, CrowdStrike shall: a. Without undue delay but no later than 72 hours of becoming aware, notify Customer of the discovery of the Security Breach. Such notice shall summarize the known circumstances of the Security Breach and the corrective action taken or to be taken by CrowdStrike. b. Conduct an investigation of the circumstances of the Security Breach. c. Use commercially reasonable efforts to rernediate the Security Breach. d. Use commercially reasonable efforts to communicate and cooperate with Customer concerning its response to the Security Breach. 6. Security Assessment and Provision of Audited Security Controls. Promptly after written (including email) request from Customer, CrowdStrike shall provide Customer with: (i) its most recent SOC II, Type 2 report regarding the CrowdStrike Systems; and (ii) provide its completed Standardized Information Gathering (SIG) questionnaire (or similar document) for the CrowdStrike Systems (the "Security Documentation"). Upon the provision of reasonable notice to CrowdStrike, once every twelve months during the term of the Agreement and during normal business hours unless otherwise decided by CrowdStrike in its sole discretion, CrowdStrike shall make appropriate CrowdStrike personnel reasonably available to Customer to discuss CrowdStrike's manner of compliance with applicable security obligations under this Agreement. In advance of such discussion, CrowdStrike may, in addition to the Security Documentation, provide Customer with access to additional requested information or documentation concerning CrowdStrike's information security practices as they relate to this Agreement, including without limitation, access to any security assessment reports designed to be shared with third parties. Any information or documentation provided pursuant to this assessment process or otherwise pursuant to this Schedule shall be considered CrowdStrike's Confidential Information and subject to the Confidentiality section of the Agreement. CrowdStrike Form May 27 2019 12 of 15 Docusign Envelope ID: 112AEEDD-FCF0-42C2-AA84-7AAFF3C03A92 7. Customer Obligations. Customer, along with its Affiliates, represents and warrants that: (i) it owns or has a right of use from a third party, and controls, directly or indirectly, all of the software, hardware and computer systems (collectively, "Systems") where the Products and/or CrowdStrike Tools will be installed or that will be the subject of, or investigated during, the Offerings, (ii) to the extent required under any federal, state, or local U.S. or non -US laws (e.g., Computer Fraud and Abuse Act, 18 U.S.C. § 1030 et seq., Title III, 18 U.S.C. 2510 et seq., and the Electronic Communications Privacy Act, 18 U.S.C. § 2701 et seq.) it has authorized CrowdStrike to access the Systems and process and transmit data through the Offerings and CrowdStrike Tools in accordance with this Agreement and as necessary to provide and perform the Offerings, (iii) it has a lawful basis in having CrowdStrike investigate the Systems, process the Customer Data and the Personal Data; (iv) that it is and will at all relevant times remain duly and effectively authorized to instruct CrowdStrike to carry out the Offerings, and (v) it has made all necessary disclosures, obtained all necessary consents and government authorizations required under applicable law to permit the processing and international transfer of Customer Data and Customer Personal Data from each Customer and Customer Affiliate, to CrowdStrike. 8. Notices. The following individuals shall be the primary contacts at Customer and CrowdStrike for any coordination, communications or notices with respect to Personal Data and this Schedule: a. CrowdStrike: Drew Bagley, VP & Counsel, Privacy & Cyber Policy (drew.bagley@.crowdstrike.com with a copy to legal@crowdstrike.com). For any Security Breach: Jerry Dixon, Chief Information Security Officer (jerrv.dixon a.crowdstrike.com with a copy to securitvffltcrowdstrike.com). b. Customer: the person who has signed the Agreement or another person as otherwise designated in writing (including by email) by Customer to CrowdStrike. Each party shall promptly notify the other if any of the foregoing contact information changes. CrowdStrike Form May 27 2019 13 of 15 Docusign Envelope ID: 112AEEDD-FCF0-42C2-AA84-7AAFF3CO3A92 Appendix 1 Information Security Controls for CrowdStrike Systems Security Control Category Description 1. Governance a. Assign to an individual or a group of individuals appropriate roles for developing, coordinating, implementing, and managing CrowdStrike's administrative, physical, and technical safeguards designed to protect the security, confidentiality, and integrity of Personal Data b. Use of data security personnel that are sufficiently trained, qualified, and experienced to be able to fulfill their information security -related functions 2. Risk Assessment a. Conduct periodic risk assessments designed to analyze existing information security risks, identify potential new risks, and evaluate the effectiveness of existing security controls b. Maintain risk assessment processes designed to evaluate likelihood of risk occurrence and material potential impacts if risks occur c. Document formal risk assessments d. Review formal risk assessments by appropriate managerial personnel 3. Information Security Policies a. Create information security policies, approved by management, published and communicated to all employees and relevant external parties. b. Review policies at planned intervals or if significant changes occur to ensure its continuing suitability, adequacy, and effectiveness. 4. Human Resources Security a. Maintain policies requiring reasonable background checks of any new employees who will have access to Personal Data or relevant CrowdStrike Systems, subject to local law b. Regularly and periodically train personnel on information security controls and policies that are relevant to their business responsibilities and based on their roles within the organization 5. Asset Management a. Maintain policies establishing data classification based on data criticality and sensitivity b. Maintain policies establishing data retention and secure destruction requirements c. Implement procedures to clearly identify assets and assign ownership 6. Access Controls a. Identify personnel or classes of personnel whose business functions and responsibilities require access to Personal Data, relevant CrowdStrike Systems and the organization's premises b. Maintain controls designed to limit access to Personal Data, relevant CrowdStrike Systems and the facilities hosting the CrowdStrike Systems to authorized personnel c. Review personnel access rights on a regular and periodic basis d. Maintain physical access controls to facilities containing CrowdStrike Systems, including by using access cards or fobs issued to CrowdStrike personnel as appropriate e. Maintain policies requiring termination of physical and electronic access to Personal Data and CrowdStrike Systems after termination of an employee f. Implement access controls designed to authenticate users and limit access to CrowdStrike Systems g. Implement policies restricting access to the data center facilities hosting CrowdStrike Systems to approved data center personnel and limited and approved CrowdStrike personnel h. Maintain dual layer access authentication processes for CrowdStrike employees with administrative access rights to CrowdStrike Systems 7. Cryptography a. Implement encryption key management procedures b. Encrypt sensitive data using a minimum of AES/128 bit ciphers in transit and at rest 8. Physical Security a. Require two factor controls to access office premises b. Register and escort visitors on premises 9. Operations Security a. Perform periodic network and application vulnerability testing using dedicated qualified internal resources b. Contract with qualified independent 3rd parties to perform periodic network and application penetration testing c. Implement procedures to document and remediate vulnerabilities discovered during vulnerability and penetration tests CrowdStrike Form May 27 2019 14 of 15 Docusign Envelope ID: 112AEEDD-FCF0-42C2-AA84-7AAFF3C03A92 10. Communications Security a. Maintain a secure boundary using firewalls and network traffic filtering b. Require internal segmentation to isolate critical systems from general purpose networks c. Require periodic reviews and testing of network controls 11. System Acquisition, Development and Maintenance a. Assign responsibility for system security, system changes and maintenance b. Test, evaluate and authorize major system components prior to implementation 12. Supplier Relationships Periodically review available security assessment reports of vendors hosting the CrowdStrike Systems to assess their security controls and analyze any exceptions set forth in such reports 13. Information Security Breach Management a. Monitor the access, availability, capacity and performance of the CrowdStrike Systems, and related system logs and network traffic using various monitoring software and services b. Maintain incident response procedures for identifying, reporting, and acting on Security Breaches c. Perform incident response table -top exercises with executives and representatives from across various business units d. Implement plan to address gaps discovered during exercises e. Establish a cross -disciplinary Security Breach response team 14. Business Continuity Management a. Design business continuity with goal of 99.9% uptime SLA b. Conduct scenario based testing annually 15. Compliance a. Establish procedures designed to ensure all applicable statutory, regulatory and contractual requirements are adhered to CrowdStrike Form May 27 2019 15 of 15 CROWDSTRIKE O W D STR I K E Quote/Order 150 Mathilda Place, Suite 300 Sunnyvale, California 94086 - United States http://www.crowdstrike.com THE INFORMATION AND PRICING CONTAINED IN THIS QUOTE/ORDER IS CONFIDENTIAL Contract Details Order Date: 09/27/2024 Customer Name: Weld County Prepared by: Alyssa Rhoades Order #: Q-1114182 Currency: USD Valid Until: 09/27/2024 Customer Contact Information Bill to Account: CDW Corporation Bill to Phone: 866-782-4239 Bill to Fax: Bill to Address: 200 North Milwaukee Ave, Vernon Hills, Illinois, 60061 United States Ship to Account: Weld County Ship to Contact: Eric Lund Ship to Contact Email: elund@weldgov.com Ship to Phone: 970-400-4000 Ship to Fax: Ship to Address: 1150 O St, Greeley, Colorado, 80631-9596, United States ' a ment Teims Payment Term: urehases Net 45 Day 1: Renewal: Term Dates: (Sep 28, 2024 - Sep 27, 2025) Day 1 Falcon Flex Product/Services Product SKU Term/ Months Quantity Falcon Endpoint Protection Pro Flexible Bundle CS.EPPPRO.SOLN 12 2,300 Prevent CS.PREVENT.SOLN 12 2,300 Falcon Control and Respond CS.CONRESP.SOLN 12 2,300 Falcon Device Control Bundle Promo CS.DEVICEBP.SOLN 12 2,300 Falcon Firewall Management Bundle Promo CS.FIREWBP.SOLN 12 2,300 Essential Support RR.HOS.ENT.ESTL 12 1 Insight CS. INSIGHT.SOLN 12 2,300 Overwatch CS.OW.SVC 12 2,300 Threat Graph Standard on GovCloud CS.TG.STD.GOV 12 2,300 Page 1 of 8 CROWDSTRIKE Quote/Order 150 Mathilda Place, Suite 300 Sunnyvale, Califomia 94086 - United States http://www.crowdstrike.com THE INFORMATION AND PRICING CONTAINED IN THIS QUOTE/ORDER IS CONFIDENTIAL CrowdStrike University: Term Dates: (Sep 28, 2024 - Sep 27, 2025) Product/Services Product SKU Term/ Months Quantity University LMS Subscription Customer Access Pass RR.PSO.ENT.PASS 12 6 Falcon Flex Pool: (Sep 28, 2024 - Sep 27, 2025) Product/Services Product SKU Term/ Months Quantity FalconFlex License Pool CS.FFLEXPOOL.SOLN 12 Day 1: Renewal: Term Dates: (Sep 28, 2024 - Sep 27, 2025) Day 1 Falcon Flex Products/Services Product SKU Term/ Months Quantity Falcon Endpoint Protection Pro Flexible Bundle CS.EPPPRO.SOLN 12 2,300 Prevent CS.PREVENT.SOLN 12 2,300 Falcon Control and Respond CS.CONRESP.SOLN 12 2,300 Falcon Device Control Bundle Promo CS.DEVICEBP.SOLN 12 2,300 Falcon Firewall Management Bundle Promo CS.FIREWBP.SOLN 12 2,300 Essential Support RR.HOS.ENT.ESTL 12 1 Insight CS.INSIGHT.SOLN 12 2,300 Overwatch CS.OW.SVC 12 2,300 Threat Graph Standard on GovCloud CS.TG.STD.GOV 12 2,300 CrowdStrike University: Term Dates: (Sep 28, 2024 - Sep 27, 2025) Products/Services Product SKU Term/ Months Quantity University LMS Subscription Customer Access Pass RR.PSO.ENT.PASS 12 6 Page 2 of 8 CROWDSTRIKE W D STR I KE Quote/Order 150 Mathilda Place, Suite 300 Sunnyvale, California 94086 - United States http://www.crowdstrike.com THE INFORMATION AND PRICING CONTAINED IN THIS QUOTE/ORDER IS CONFIDENTIAL Falcon Flex Pool: (Sep 28, 2024 - Sep 27, 2025) Products/Services Product SKU Term/ Months Quantity FalconFlex License Pool CS.FFLEXPOOL.SOLN 12 ' ate Table (Falcon Flex Portfolio) Description Bundle Product SKU Falcon Device Control Bundle Promo Falcon Endpoint Protection Pro Flexible Bundle CS.DEVICEBP.SOLN Falcon Endpoint Protection Pro Flexible Bundle Includes: • Falcon Control and Respond • Prevent Falcon Endpoint Protection Pro Flexible Bundle CS.EPPPRO.SOLN Falcon Firewall Management Bundle Promo Falcon Endpoint Protection Pro Flexible Bundle CS.FIREWBP.SOLN Insight Height CS.INSIGHT.SOLN Overwatch Overwatch CS.OW.SVC Threat Graph Standard on GovCloud Threat Graph Standard on GovCloud CS.TG.STD.GOV Terms and Conditions This Order is subject to and governed by the terms and conditions located here unless CrowdStrike and the Customer have otherwise executed an agreement, in which case, that agreement governs this Order. If for any reason you are unable to view the terms at the website given above, please contact your CrowdStrike sales representative indicated above. The Order and the applicable terms and conditions are collectively referred to as the Agreement. Please review the Agreement carefully before signing below, as your signature constitutes Customers agreement to be bound by its terms. If a subscription is purchased, the Subscription Start Date shall be the date this Order is fully executed. Once executed by the Customer, this Order is non -cancellable and amounts paid are non-refundable except as expressly provided for in the Agreement. This Order contains a compensation incentive that is conditioned on the Ship to Account signing a release of liability with CrowdStrike. Page 3 of 8 C R O W D ST R I K E Quote/Order 150 Mathilda Place, Suite 300 Sunnyvale, California 94086 - United States http://www.crowdstrike.com THE INFORMATION AND PRICING CONTAINED IN THIS QUOTE/ORDER IS CONFIDENTIAL ADDITIONAL TERMS - FLEX 1. Definitions. a. "Base Products" mean: (i) the products listed in the purchase tables labeled "Day 1 Falcon Flex" above (collectively, the "Base Product Tables"), and (ii) Flex Product(s) upon the Flex Product Start Date. For the avoidance of doubt, training, Fal.con fees, professional services and "on -demand" products are not included in Base Products. Not all Orders will contain Base Products. b. "Base Product Quantity" means the quantities of: (i) the Base Product in the Base Product Tables above, and (ii) to the extent applicable, the Flex Products approved by the Customer Representative for such Flex Products, each of (i) and (ii), subject to Section 4 Swap, is the minimum quantity fixed for the Subscription Term. c. "Canceled Products" mean the Products listed in the "Canceled Product/Services" table(s) above that are currently licensed by Customer and as of the Order Date are canceled and replaced with the Base Products. Not all Orders will contain Canceled Products. d. "Customer Representative" is the Ship to Account person listed above or a person authorized by Customer in an email to Customer's Technical Account Manager or Account Team and Partner to make Swaps and carry out Flex transactions pursuant to this Order. Customer may update the Customer Representative at any time upon written notice to CrowdStrike (an email to Customer's Technical Account Manager or Account Team shall suffice). e. "Falcon Flex License Pool" means the total dollar amount on the Partner Quote for the "FalconFlex License Pool CS" or the Partner named equivalent product. f. "Flex Commitment" means the dollar amount on the Partner Quote identified as the Flex Commitment or the Partner named equivalent product. The Flex Commitment is the sum of the Falcon Flex License Pool plus the total amount of the Base Products. For the avoidance of doubt, the Flex Commitment is not reduced by the total dollar amount of the Canceled Products. The Flex Commitment represents the Customer's committed spend. It does not reflect payments owed or paid. g. "Flex Products" mean (i) the products listed in the Rate Table (Falcon Flex Portfolio) above (if any), and (ii) any products that the parties mutually agree on (including the price) in the future as "Flex Products" in accordance with Section 3(a) of these Additional Terms. Flex Products are not included as Base Products until the Flex Product has been approved in accordance with Section 3(b)(i) of these Additional Terms. For the avoidance of doubt, training, Falcon fees, professional services, and on -demand products are not included in Flex Products. Not all Orders will contain Flex Products at the start of the Subscription Term. h. "Flex Product Start Date" means the date Partner receives Customer Representative's approval (an email shall suffice) of the Partner Quote. i. "Quarter" means any of the following: Quarter 1 is February, March and April, Quarter 2 is May, June and July, Quarter 3 is August, September and October and Quarter 4 is November, December and January. j. "Partner" means the "Ship to Account" listed above. k. "Partner Quote" means Partner's quote to Customer that is consistent with the corresponding CrowdStrike quote with the exception of pricing. Page 4 of 8 CROWDSTRIKE O W D ST R I K E Quote/Order 150 Mathilda Place, Suite 300 Sunnyvale, California 94086 - United States http://www.crowdstrike.com THE INFORMATION AND PRICING CONTAINED IN THIS QUOTE/ORDER IS CONFIDENTIAL 1. "Subscription Term" means the period of the Falcon Flex License Pool specified in the Falcon Flex table above beginning on the Order Date. Each year in the Subscription Term is referred to as a "Year" or "Year 1", "Year 2," and "Year 3", and so forth, as applicable. m. "Swap(s) or Swapped" means exchanging a Base Product for a Flex Product for the equivalent monetary value, rounded down to the nearest quantity. The price for the Flex Product shall be as stated in this Order unless otherwise mutually agreed by the parties in a new Order form. n. "Swap Dates" mean the annual anniversary(ies) of the Order Date. For the avoidance of doubt, the last day of the Subscription Term is not a Swap Date. o. "Swap Value" means the dollar value of the Base Product or the Flex Products, as applicable. The price for the Flex Product(s) shall be determined as set forth in this Order and the Partner Quote. The Swap Value is calculated as follows: multiply (i) the quantity of each Base Product or Flex Product, as applicable, that the Customer desires to Swap, and (ii) the applicable per unit price of that product, and if necessary, adjusted or prorated for a period that is for the remainder of the Subscription Term. If multiple Base Products are being Swapped for multiple Flex Products, (x) add the Swap Value of all the Base Products being Swapped, (y) add the Swap Value of all the Flex Products being Swapped, and then (z) compare the aggregate value of each of the Swapped Base Products versus the Flex Products. 2. Flex Commitment. a. CrowdStrike shall make the Base Products and the Flex Products available to Customer on the Order Date. Subject to the terms in this Order, during the Subscription Term, the Flex Commitment shall be used to pay for only the following: (i ) the Base Products at the Base Product Quantity for the Subscription Term, (ii) use of the Base Products in excess of the Base Product Quantity (see Section 3(c) Flex Usage below), and (iii) the Flex Products requested by Customer (pursuant to Section 3(b) Flex Usage below). For the avoidance of doubt, the Flex Commitment (including the Falcon Flex License Pool) cannot be used to pay for in whole or in part: (i) orders placed prior to this Order, and (ii) any renewal of any products or services purchased prior to this Order at the same or less quantity as previously purchased (unless such products are listed as a Base Product in this Order) b. If at the end of the Subscription Term, the aggregate cost of Customer's usage of the Products is less than the Flex Commitment, CrowdStrike shall not issue any refund or credit to Customer or Reseller and Reseller shall not issue a refund or credit to Customer. The Subscription Term cannot be extended. c. If at any time during the Subscription Term the Falcon Flex License Pool reaches zero and Customer has additional usage or chooses to make additional purchases, Customer will be invoiced for the additional sums necessary to cover the additional usage or purchases. Customer shall pay such invoices in accordance with its agreement with Partner and if payment terms are not specified in such agreement, within 30 days of receipt of the invoice. In turn, Partner shall pay CrowdStrike's invoice. For the avoidance of doubt, Customer can increase the Falcon Flex License Pool for any reason at any time. d. If Customer has remaining payments to make under one or more existing Orders with Reseller or CrowdStrike for the Cancelled Products, Customer shall pay such amounts as previously scheduled. The Flex Commitment cannot be used to pay invoices for products or services purchased prior to this Order. 3. Flex Usage. Page 5 of 8 CROWDSTRIKE O W D STR I K E Quote/Order 150 Mathilda Place, Suite 300 Sunnyvale, California 94086 - United States http://www.crowdstrike.com THE INFORMATION AND PRICING CONTAINED IN THIS QUOTE/ORDER IS CONFIDENTIAL a. Throughout the Subscription Term, CrowdStrike's (i ) Technical Account Manager and/or Account Team, the Customer's current licensed quantities and its usage of the products, including the Flex Products, shall be reviewed and discussed. In addition, the parties shall discuss upcoming products that may be added as Flex Products. Upon mutual written agreement of the parties, new products that are generally available at the time of the health check can be added to the list of Flex Products. b. During the Subscription Term, Customer shall have access to and may use the Flex Products in the quantities needed, provided that, i. (x )Customer Representative provides written notice to Reseller and CrowdStrike (an email to Customer's Technical Account Manager or Account Manager shall suffice) of the Flex Product that the Customer wants to use, and (y ) Customer Representative approves in writing (an email to Reseller shall suffice) the applicable Reseller Quote; and (z) Reseller approves in writing to CrowdStrike the applicable corresponding CrowdStrike Flex Product(s) quote issued to Reseller by CrowdStrike; ii. If a Flex Product has a dependency on other products, then the dependent products must have already been licensed or Customer must purchase a license for the dependent products as well; iii. A fee for technical support will be added to the quote at the applicable percentage multiplied by the fee for the Flex Products; iv. A bundled offering cannot be unbundled (i.e., the products making up the bundle cannot be used or purchased individually); v. Flex Products must be purchased in the quantity of the then current endpoint licenses or as otherwise mutually agreed by the parties; vi. Flex Products must be purchased for the remainder of the Subscription Term; and vii. CrowdStrike's pricing to Reseller for the Flex Products stated above or for new Flex Products, once mutually agreed, shall not increase during the Subscription Term. c. At the end of each Quarter in the Subscription Term, CrowdStrike will determine the quantities of the Base Products used by Customer. If the quantity is in excess of the then current licensed quantity, Customer shall purchase the excess quantity for a term that: (i ) begins on the first day of the Quarter following the Quarter with excess usage, and (ii) ends on the last day of the Subscription Term. The fee shall be calculated using the per unit fees for the applicable products above. CrowdStrike's pricing to Reseller for the Base Products shall not increase during the Subscription Term. The Falcon Flex License Pool shall be used to pay for the use of any products in excess of their then current licensed quantity unless otherwise agreed by the parties. 4. Swap. a. Subject to the terms of this Order and following the process in Section 4(b) below, Customer may, at the agreed Swap Dates, Swap the licenses of the Base Products for the Flex Products for the remainder of the Subscription Term. For the avoidance of doubt: i. Customer may not retrospectively Swap Base Products or obtain a credit for the prior year for unused Products. All Swaps are forward looking only; ii. Customer agrees that as part of the Swap, Customer's license for the Base Product ends on the last day of the Year in which Customer requests the Swap and the new Flex Product term starts on the first day of the Page 6 of 8 CROWDSTRIKE Quote/Order 150 Mathilda Place, Suite 300 Sunnyvale, Califomia 94086 - United States htty://www.crowdstrike.com THE INFORMATION AND PRICING CONTAINED IN THIS QUOTE/ORDER IS CONFIDENTIAL new Year for the remainder of the Subscription Term, unless otherwise Swapped on the next Swap date, if any; iii. Neither Reseller nor Customer shall not be entitled to any refund or credit for any delta resulting from a price differential between the Swap Value of the Base Product(s) and the newly obtained Flex Product(s). For example, there is one Year left in the Subscription Term and one unit of the Base Product being given up ("Base Product A") costs $100 per year and one unit of the newly acquired Flex Product ("Flex Product B") costs $80 per year. The Customer desires to Swap 5 units of Base Product A for 6 units of Flex Product B. The Swap Value for 5 units of Base Product A is $500.00 (5 x $100 x 1 year remaining in the Subscription Order Term). The Swap Value of 6 units of the Flex Product B is $480 (6 x $80 x 1 year remaining in the Subscription Order Term). In this scenario, the remaining $20 would be forfeited unless the Customer decides to purchase an additional unit of Flex Product B and pays the additional price differential, i.e. $60 (7x $80 x 1 year remaining in the Subscription Term = $560 - $500); iv. Bundled products cannot be "unbundled"; all bundled products must be Swapped as that stated bundle; v. If a Base Product or a Flex Product has a dependency on other products, then the dependent products must also be Swapped or Customer must purchase a license for the dependent products as well; and vi. A prorated amount of technical support proportionate to the Base Products and the Flex Products will be Swapped along with the Swapped Products. b. To implement a Swap, all of the following must occur: i. Customer Representative must provide CrowdStrike at least 30 days written notice (an email to Customer's Technical Account Manager and/or Account Team shall suffice) prior to the upcoming Swap Date with the names, SKU's and quantities of the Base Products and Flex Products that the Customer wants to Swap. ii. Customer Representative must approve in writing (an email to Customer's Technical Account Manager and/or Account Team shall suffice) the Partner Quote showing an update or a revision to the order with Reseller and the reduction in the Base Products and the increase or addition of the Flex Products, and additional fees, if any. iii. Reseller must approve in writing (an email shall suffice) the CrowdStrike provided quote showing an update or a revision to Partner's order with CrowdStrike and the reduction in the Base Products and the increase or addition of the Flex Products, and additional fees, if any; iv. The Partner revision to its order with Customer must be consistent with the CrowdStrike revision to its order with Reseller, with the exception of pricing; and v. If there are additional fees, Customer shall pay the Partner's invoice in accordance with the terms of the Partner Quote, and if payment terms are not specified in the revised Partner Quote, within 30 days of receipt of the invoice. In turn, Partner shall pay CrowdStrike's invoice. Page 7of8 CROWDSTRIKE O W D ST R I K E Quote/Order 150 Mathilda Place, Suite 300 Sunnyvale, California 94086 - United States http://www.crowdstrike.com THE INFORMATION AND PRICING CONTAINED IN THIS QUOTE/ORDER IS CONFIDENTIAL CrowdStrike, Inc. Bill To Account Weld County Signature: Name (Print): Title: Effective Date: Signature:: i Kevin D. Ross • • Name (Print): Chair, Board of Weld County Title: commissioners Effective Date: ATTEST: By: OCT 2 3 2024 to the B• - rd eputy ler to the Board r .81 Page 8 of 8 zo ac4- a 31 Mariah Higgins From: Sent: To: Subject: Follow Up Flag: Flag Status: Ryan Rose Wednesday, December 4, 2024 7:12 AM Mariah Higgins RE: December 2024 CTB Temp Status Update Follow up Flagged Good morning, We are good to close out the document. Thanks! Ryan From: Mariah Higgins <mhiggins@weld.gov> Sent: Tuesday, December 3, 2024 2:41 PM To: Ryan Rose <rrose@weld.gov> Subject: RE: December 2024 CTB Temp Status Update Hey Ryan, I would just like to clarify that we only need the one signature on the Crowdstrike Terms and Conditions? On the PA you requested signature on both the Crowdstrike Terms and Conditions and the related Weld County Falcon Flex Pool document so I just need to know if you're superseding that and saying we only need one to close out the document. Thank you, Mariah Higgins Deputy Clerk to the Board Clerk to the Board's Office Weld County 1150 O Street Greeley, CO 80631 Tel: (970) 400-4219 Email: mhippins(0. weld. gov Confidentiality Notice: This electronic transmission and any attached documents or other writings are intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential or otherwise protected from disclosure. If you have received this communication in error, please immediately notify sender by return e-mail and destroy the communication. Any disclosure, copying, distribution or the taking of any action concerning the contents of this communication or any attachments by anyone other than the named recipient is strictly prohibited. From: Ryan Rose <rrose@weld.gov> Sent: Tuesday, December 3, 2024 1:10 PM To: Jan Warwick <iwarwick@weld.gov>; Skyler Whitmore <swhitmore@weld.gov> Cc: Mariah Higgins <mhiggins@weld.gov> Subject: RE: December 2024 CTB Temp Status Update Hi, Page 10 of 15 has their signature. That is all we need currently. Thanks, Ryan From: Jan Warwick <iwarwick@weld.gov> Sent: Tuesday, December 3, 2024 11:01 AM To: Skyler Whitmore <swhitmore@weld.gov>; Ryan Rose <rrose@weld.gov> Cc: Mariah Higgins <mhiutins@weld.gov> Subject: December 2024 CTB Temp Status Update Good morning, This email serves as a status update for documents from the Commissioner's Agenda that are pending final signatures from various sources. When final signatures are obtained, please remember to send a copy to the Clerk to the Board's Office to ensure the Commissioners' final Resolution is signed, the Resolution is distributed, and the complete document is finalized. The query included items pending as of today's date, so there are items from recent Agendas that understandably may not have final signatures yet. 1. 2024-2831 - Renewal of Crowdstrike software. Obtain authorized signature of Crowdstrike, see page 24 of attached PDF. Thank you, Jan Warwick Deputy Clerk to the Board Weld County 1150 O Street Greeley, CO 80631 tel: 970-400-4217 Confidentiality Notice: This electronic transmission and any attached documents or other writings are intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential or otherwise protected from disclosure. If you have received this communication in error, please immediately notify sender by return e-mail and destroy the communication. Any disclosure, copying, distribution or the 2 ontract For Entity Information Entity Name" CROWDSTRIKE INC Contract Name* Entity ID* @00049206 O New Entity? Contract ID Parent Contract ID ENDPOINT DETECTION AND RESPONSE RENEWAL 8789 Contract Status CTB REVIEW Contract Lead * SWHITMORE Contract Lead Email swhitmore@weld.gov Contract Description* ENDPOINT DETECTION AND RESPONSE RENEWAL AGREEMENTS AND PASSAROUND Contract Description 2 Requires Board Approval YES Department Project # Contract Type * Department Requested BOCC Agenda Due Date AGREEMENT INFORMATION Date* 10/19/2024 TECHNOLOGY-GIS 10/23/2024 Amount* $100,787.00 Department Email Will a work session with BOCC be required?* CM- NO Renewable" InformationTechnologyGI YES S@weld.gov Does Contract require Purchasing Dept. to be Automatic Renewal Grant IGA Department Head Email CM- InformationTechnologyGI S-DeptHead@weld.gov County Attorney GENERAL COUNTY ATTORNEY EMAIL County Attorney Email CM- COU NTYATTO RN EY@WEL D.GOV included? If this is a renewal enter previous Contract ID If this is part of a MSA enter MSA Contract ID Note: the Previous Contract Number and Master Services Agreement Number should be left blank if those contracts are not in OnBase Contract Dates Effective Date Termination Notice Period Contact Information Review Date* 08/15/2025 Renewal Date* 09/24/2025 Committed Delivery Date Expiration Date Contact Info Contact Name Contact Type Contact Email Contact Phone 1 Contact Phone 2 Purchasing Purchasing Approver Purchasing Approved Date CONSENT 10/18/2024 Approval Process Department Head Finance Approver Legal Counsel RYAN ROSE CONSENT CONSENT DH Approved Date Finance Approved Date Legal Counsel Approved Date 10/18/2024 10/18/2024 10/18/2024 Final Approval BOCC Approved Tyler Ref # AG 102324 BOCC Signed Date Originator SWHITMORE BOCC Agenda Date 10/23/2024 Hello