NETWORK SERVICES AGREEMENT THIS NETWORK SERVICES AGREEMENT (this “Agreement”) is entered into as of ___________, 2011 (the “Effective Date”) by and between National LambdaRail, Inc., a Delaware nonprofit corporation authorized to do business in California, with offices at [STREET ADDRESS], [CITY], CA [ZIP] (“Supplier”), and the Regents of the University of California on behalf of itself and its Santa Cruz campus, a public trust organized under the Constitution of the State of California, with offices at 1156 High Street, Santa Cruz, CA 95064 (“Customer”). Capitalized terms not otherwise defined herein shall have the meaning set forth in Section 12. WHEREAS, Customer has entered and intends to enter into an agreement or agreements with the National Institutes of Health (“NIH”), National Center for Biotechnology Information (“NCBI”), National Cancer Institute (“NCI”), other NIH institutes, and/or certain contractors thereof, including, without limitation, SAIC-Frederick, Inc. (“SAIC”) (collectively, “Agency Partners”) pursuant to which Customer shall be responsible for developing, deploying and operating a system (“CGHub”) to support The Cancer Genome Atlas (“TCGA”), the Therapeutically Applicable Research to Generate Effective Treatments (“TARGET”), the Cancer Genome Anatomy Project/Cancer Genome Characterization Initiative (“CGAP/CGCI”), and similar programs (collectively the “Cancer Genomics Projects”) to collect, store, retrieve and analyze genomic data (the “CGHub Project”); WHEREAS, in connection with the foregoing, Customer requires use of an advanced, high capacity, high bandwidth data transfer network to facilitate the secure acquisition, storage, and sharing of genome sequence, phenotype metadata, and other Project Data via CGHub and support associated multiple simultaneous high-capacity data transfers across 10 gigabits per second (“Gbps”) links, and eventually 40 or 100 Gbps links; WHEREAS, Supplier is, as of the time of execution of this Agreement, the sole entity that owns or otherwise has the rights to use a nationwide network services infrastructure that provides stable, production-quality, non-interruptable private internet protocol service with traffic, routing, and policy separation, and that as of the Effective Date is already linked to each of the Primary Sites; and WHEREAS, Supplier is otherwise qualified and desires to provide the services described above and below, on behalf of the Agency Partners through this Agreement, and Customer desires to retain the assistance and services of Supplier in such capacity. NOW, THEREFORE, in consideration of the mutual agreements contained herein and other good and valuable consideration, and intending to be legally bound hereby, Supplier and Customer hereby agree to all of the following terms and conditions. 1. Scope of Services. The services to be provided by Supplier hereunder (“Network Services”) include, without limitation, network capacity, connectivity, and related operations and maintenance as set forth herein. The parties acknowledge and agree that the Network Services comprise an essential component of CGHub. (a) General Standard. The Network Services shall be substantially superior to equivalent services provided by the Agency Partners to the Cancer Genomics Projects prior to August 1, 2011. In particular, the Network Services shall provide stable, production-quality, non-interruptable private internet protocol service with traffic, routing, and policy separation, to support the secure transmission of Project Data at 10 Gbps and, before the end of the Term, 40 or 100 Gbps. CGHub Network Services Agreement Page 1 of 23 (b) CGHub and Specifications Development. Supplier acknowledges that, as of the Effective Date, CGHub remains under development. Accordingly, precise specifications for the Network Services (the “Specifications”) have not yet been fully defined and are subject to review and written acceptance by the Agency Partners, which acceptance may be withheld or delayed by the Agency Partners (“Acceptance”). Supplier shall cooperate with Customer in developing mutually agreeable plans for implementing the Network Services, which may include proposed Specifications (the “Implementation Plans”), and in seeking Acceptance of any proposed Specifications. The Implementation Plans and any Specifications for which Acceptance is secured shall be, and hereby are, included in the Network Services and incorporated herein by reference. Customer’s payment of fees for the Network Services under this Agreement shall not constitute Acceptance of any Specifications. Until Acceptance for all required Specifications has been secured and all deliverables and milestones described in the Implementation Plans have been fully completed, Supplier shall participate in weekly meetings or teleconferences with Customer’s Project Manager to provide detailed reports on progress against the Implementation Plans and to discuss plans for the following week. (c) Electronic and Information Technology Standards. In providing the Network Services, Supplier shall comply with Section 508 of the Rehabilitation Act of 1973 (29 U.S.C. 794d ) as amended by P.L. 105-220 under Title IV (Rehabilitation Act Amendments of 1998). Electronic and Information Technology developed, procured, maintained, and/or used under this Agreement shall be in compliance with the “Electronic and Information Technology Accessibility Standards” set forth by the Architectural and Transportation Barriers Compliance Board (also referred to as the “Access Board”) in 36 CFR Part 1194. The complete text of Section 508 Final Standards can be accessed at http://www.section508.gov/index.cfm?FuseAction=content&ID=12. Applicable standards to this requirement are set forth in 36 CFR Part 1194.21 through 26. Supplier further agrees to include this provision in any subcontract awarded pursuant to this Agreement. Failure to comply with these requirements shall constitute a material breach of this Agreement and may result in termination. (d) Notice of Delay. Supplier shall immediately notify Customer’s Project Manager in writing of any actual or potential delay in Supplier’s performance under the Implementation Plans or otherwise under this Agreement. Such notice shall, at a minimum, describe the cause, effect, duration, and corrective action proposed by Supplier to address the problem. Supplier shall give prompt written notice to Customer’s Project Manager of all changes to such conditions. This notification shall be informational only, and compliance with this provision shall not be construed as a waiver by Customer of any delivery schedule or date or of any rights or remedies provided by law or under this Agreement. 2. Services. (a) Basic Services. Supplier shall provide the Network Services and, at no additional cost to Customer, cooperate with and, to the extent relevant to the Network Services, otherwise assist Customer in performing the work required under the Statement of Work (“SOW”) attached to the SAIC Letter Agreement of July 29, 2011, as it may be amended from time to time, and under other SOWs issued by the Agency Partners from time to time pursuant to the Agency Partner Agreement, which is attached at Exhibit A and incorporated as part of this Agreement. (b) Capacity and Connectivity. Without limiting the scope of the Network Services or the Acceptance provisions set forth in Section 1, Supplier shall provide infrastructure capacity and connectivity to the Service Recipients, as further provided below. i. Supplier shall provide a dedicated version of Supplier’s PacketNet service, as generally described at http://www.nlr.net/services.php (subject to such modifications as may be agreed to in writing by Customer and Supplier and subject to Acceptance) for use by Service Recipients in CGHub Network Services Agreement Page 2 of 23 connection with the CGHub Project. This service shall include, without limitation, 10 Gbps connectivity for all Service Recipients across Supplier’s entire network as described at http://www.nlr.net/servicesmap.php as of the Effective Date and as it may be expanded from time to time thereafter (the “Network”); internet protocol (“IP”) transit services to provide connectivity between CGHub and the Internet; and a routable block of at least thirty-two (32) IP addresses and control of the reverse domain name service for those addresses. Customer acknowledges that, as between Customer and Supplier, the Network is and shall remain at all times throughout the Term the property of Supplier. ii. Supplier shall provide one 10 Gbps link to the Network for each Service Recipient beginning with the Primary Sites; provided, however, that if Customer notifies Supplier that certain Service Recipients require a specified level of connectivity less than 10 Gbps, Supplier shall be obligated to provide only such lesser level of connectivity for such Service Recipients, and Customer shall receive usage credits as specified in Exhibit E (“Usage Credits”). iii. Supplier shall connect each Service Recipient to the Network in accordance with the connection specifications provided by such Service Recipient to Supplier, which connection specifications shall be reasonably acceptable to Supplier. Such connection specifications may include physical connectivity to the Service Recipient’s applicable regional provider (“Regional Provider”) and BGP peering with the Service Recipient or Regional Provider; provided, however, the parties acknowledge that connection specifications may vary among Service Recipients depending on each Service Recipient’s needs, existing facilities and Regional Provider arrangements. If Supplier objects to the connection specifications provided by any Service Recipient, Supplier shall promptly notify such Service Recipient and Customer of its objection and cooperate in good faith with such Service Recipient and Customer to develop reasonably acceptable alternative specifications as promptly as possible. Supplier shall ensure that connectivity as specified herein is fully operational and available to a Service Recipient no later than five (5) business days after Supplier receives reasonably acceptable connection specifications from that Service Recipient. If a Service Recipient requests a change to its connection specifications, Supplier shall implement such change (subject to the acceptance provisions described above) as promptly as practicable; provided, however, that if the change is material such that Supplier is required to charge a fee for the service, such fee shall be limited to Supplier’s actual cost of supplying the service and shall be payable only if approved in advance in writing by Customer. Supplier shall install a 40 Gbps uplink from the Network to Customer’s primary data center located at I/O Phoenix (the “Data Center”). This uplink shall be fully installed on or before October 3, 2011 and fully tested and operational for use by the Service Recipients no later than October 7, 2011. Supplier shall install a second 40 Gbps uplink from its Network to the Data Center, which shall be redundant and completely physically diverse from the first. The second uplink shall be fully installed, tested, and operational for use by Service Recipients no later than October 1, 2012. When both uplinks are fully operational, both shall be active simultaneously (not in active/standby configuration). iv. v. Supplier expressly acknowledges that there shall be no limit on the number of Service Recipients or traffic volume across the Network related to the CGHub Project. vi. Supplier shall provide Customer with a monthly report on Network utilization in a form that is satisfactory to Customer. vii. Supplier may, to the extent consistent with the above provisions, the Specifications, and the Agency Partner Agreement, provide the Network Services in accord with Supplier’s own technical specifications. CGHub Network Services Agreement Page 3 of 23 viii. Supplier may provide the connectivity as contemplated herein via affiliates listed on Exhibit B, which exhibit Supplier may update from time to time upon notice to Customer, subject to Customer’s approval (not to be unreasonably withheld); provided, however, that Supplier shall require such affiliates to comply with the terms and conditions of the Agency Partner Agreement, and Supplier shall be solely liable for the acts and omissions of such affiliates and their Personnel. ix. At any time (and from time to time) during the Term, Customer shall have the option of upgrading some or all Service Recipients to 40 Gbps connectivity or, if available at such time, 100 Gbps connectivity. In the event such an upgrade is requested, Customer and Supplier shall negotiate in good faith the terms and conditions of such upgrade (including the Specifications, financial terms, implementation activities and any appropriate additions or revisions to the Service Level Agreements and Service Level Credits (as defined below)), provided that such terms and conditions shall be at least as favorable to Customer as those generally available to Supplier’s other customers. Supplier shall effect such upgrade as promptly as practical following the parties’ agreement on the applicable terms and conditions. (c) Supplier Equipment. Customer acknowledges that the Network Services may include the use of certain equipment owned by Supplier (“Supplier Equipment”) and acknowledges that title to such Supplier Equipment is and shall remain vested with Supplier. If and to the extent the Supplier Equipment is housed within collocation or other facilities owned, leased, or licensed by Customer, Customer shall be responsible for providing electric power for the Supplier Equipment and shall, solely to the extent within Customer’s control: (i) keep the Supplier Equipment physically secure and free from all liens and encumbrances; and (ii) bear the risk of loss or damage to the Supplier Equipment not caused by Supplier or Supplier’s Personnel. Under no circumstances shall Customer be held responsible for the acts or omissions of Supplier or Supplier’s Personnel or other actions, omissions or events beyond Customer’s control. (d) Supplier Access; Repairs. Customer shall reasonably cooperate with Supplier’s efforts to access property and equipment necessary for Supplier to provide the Network Services. Such access shall be used by Supplier solely for this purpose and may include, without limitation, conduits, holes, wireways, wiring, plans, equipment, space, and other items reasonably necessary to provide capacity, and may be utilized by Supplier to construct, install, repair, maintain, replace, and remove access lines and network facilities, and otherwise to provide the Network Services, but in each case subject to any reasonable restrictions imposed by the owner or operator of such property and equipment. Supplier may take such actions as may be necessary to maintain and repair the Network upon reasonable advance notice or, in the event of an emergency, without prior notice (but in such case with prompt notice after the fact); provided, however, that such actions shall at all times be in accord with the Specifications, Implementation Plans, and Agency Partner Agreement, as well as Supplier’s obligations under Exhibit C. (e) No Resale. Supplier acknowledges that the Network Services shall be provided to the Service Recipients as part of CGHub. Customer shall not resell capacity to third parties for purposes unrelated to CGHub without Supplier’s prior written consent. (f) Support. Supplier shall provide the Network Services support described at Exhibit C. (g) Service Level Commitments; Service Level Credits. Supplier shall be responsible for assuring the service level commitments specified at Exhibit D, addressing availability, transmission quality, maintenance response, technical support, and other commitments and associated credits (the “Service Level Agreement” or “SLA”). If Supplier fails to meet any Service Level Agreement, Supplier shall pay Customer the credits specified on such Exhibit (“Service Level Credits”), which Service Level Credits shall be deemed to be price reductions reflecting the diminished value of the Network Services as CGHub Network Services Agreement Page 4 of 23 a result of the failure and are not a penalty. Without limiting any other remedy available to Customer hereunder, in the event Supplier fails to meet any Service Level Agreement, Supplier shall promptly perform and provide to Customer a root cause analysis and, in consultation with Customer, take appropriate remedial actions and institute appropriate preventive measures to ensure that such failure does not recur, in each case at Supplier’s own cost. (h) Steering Committee. Supplier shall facilitate a technical infrastructure improvement steering committee (the “Steering Committee”) comprising representatives of all CGHub participating institutions in addition to Customer and Supplier, which shall meet (in person or by video or teleconference) quarterly or with such other frequency as may be determined by the Steering Committee. The purpose of the Steering Committee shall be to monitor Supplier’s performance against the SLA and to consider and evaluate potential and ongoing Network Services improvements relevant to CGHub. Supplier shall provide a written performance report, in a form acceptable to Customer and with such reasonable supporting documentation as may be requested by Customer, reasonably in advance of each Steering Committee meeting. 3. Additional Terms and Conditions Relevant to Services. (a) Accounts, Records and Audits. Supplier and Supplier’s respective affiliates and subcontractors shall maintain accounts, books, papers, records, documents and other evidence (“Records”) detailing all elements of their proposal costs, work performed and charges made by them under this Agreement or otherwise directly pertinent to this Agreement. The Records shall be retained by Supplier and such Personnel for a period of five (5) years from the date of the expiration or termination of this Agreement or such longer time as may be required by an Agency Partner. The system of accounts employed by the Supplier and such Personnel hereunder shall be satisfactory to the Customer, shall be in accordance with Agency Partner requirements and generally accepted accounting principles consistently applied. The Records shall be subject to inspection and audit by the Customer, the Agency Partners, the Comptroller General of the United States, and any of their duly authorized representatives at all reasonable times and places. (b) Reports. All reporting requirements imposed on Customer pursuant to the Specifications or otherwise by the Agency Partners (under the Agency Partner Agreement or otherwise) are adopted and incorporated by reference as a part of this Agreement, to the extent they relate to the Network Services. In addition, if Supplier has cause to believe that Customer or any Customer Personnel have acted improperly or unethically under this Agreement, Supplier shall report such behavior to Customer’s UCSC Compliance Officer (http://www.universityofcalifornia.edu/compaudit/campuscontacts.html) or to Customer’s Compliance Hotline at (800) 403-4744. Copies of Customer’s Standards of Ethical Conduct and contacts for such reports are available online at https://secure.ethicspoint.com/domain/media/en/gui/23531/index.html. (c) Conflict of Interest. Supplier hereby certifies that no Customer employee (or near relative of any Customer employee) is employed by or owns or controls any interest in Supplier’s business, nor has received any gift or gratuity from Supplier, unless this information was previously disclosed to Customer and Customer’s Chancellor or Executive Vice Chancellor expressly provided written authorization to proceed with the transactions contemplated under this Agreement. In the event Supplier later becomes aware of a Customer employee (or near relative of a Customer employee) the Supplier has employed or who owns or controls any interest in Supplier’s business, or who has received a gift or gratuity from Supplier, Supplier shall disclose this information to the Customer signatory below and describe the employment or financial interest in Supplier’s firm. For purposes of this Section 3(c), “Supplier” includes Supplier and its directors, officers, partners, members, and affiliates. CGHub Network Services Agreement Page 5 of 23 (d) Certification and Disclosure Regarding Payments to Influence Certain Federal Transactions. In accordance with 31 USC 1352, and FAR 52.203-11 and FAR 52.203-12, Supplier certifies, by virtue of execution of this Agreement and by accepting payments hereunder, that to the best of its knowledge and belief: no Federal appropriated funds have been/shall be paid, by or on behalf of Supplier (or any subcontractors), to any person for influencing/attempting to influence an officer or employee of Congress, or an employee of a Member of Congress in connection with the awarding of any Federal contract, the making of any Federal grant, the making of any Federal loan, the entering into of any making of any cooperative agreement, and the extension, continuation, renewal, amendment, or modification of any Federal contract, grant, loan, or cooperative agreement. If any funds other than Federal appropriated funds have been paid or shall be paid to any person for influencing or attempting to influence an officer or employee of any agency, a Member of Congress, an officer or employee of Congress, or an employee of a Member of Congress in connection with this Agreement, Supplier shall complete and submit to Customer OMB Standard Form-III, “Disclosure Form to Report Lobbying”. (e) Prohibition on Involvement with Terrorist Activities. Supplier acknowledges that U.S. Executive Orders and Laws, including but not limited to E.O. 13224 and P.L. 107-56, prohibit transactions with and the provision of resources and support to individuals and organizations associated with terrorism. It is the legal responsibility of Supplier to ensure compliance with these Executive Orders and Laws. This clause must be included in any subcontracts issued by Supplier in connection with this Agreement. (f) Export Controls. Supplier shall not, nor shall Supplier authorize or permit its Personnel to disclose, export, or re-export any SAIC information, or any process, product, or services produced under this Agreement, without prior notification to Customer and SAIC and complying with all applicable Federal, State, and local laws, regulations, and ordinances, including the regulations of the U.S. Department of Commerce and/or the U.S. Department of State. In addition, Supplier agrees to immediately notify Customer if the Supplier is listed on any of the Department of State, Treasury, or Commerce proscribed persons or destinations lists, or if the Supplier’s export privileges are otherwise denied, suspended, or revoked in whole or in part. Supplier shall include in any subcontract and related documents, notice to third parties that the export of any process, goods, and/or technical data from the United States may require an export control license from the U.S. Government and that failure to obtain such export control license may result in termination of agreement and/or criminal liability under U.S. laws. (g) ARRA Obligations. Supplier expressly acknowledges that this Agreement is funded in whole or in part with funding provided under the American Recovery and Reinvestment Act of 2009 (the “Recovery Act”), which imposes specific reporting and other obligations. In particular, Supplier must segregate the obligations and expenditures related to funding under the Recovery Act. Financial and accounting systems should be revised as necessary to segregate, track, and maintain these funds apart and separate from other revenue streams. No part of the funds from the Recovery Act shall be commingled with any other funds or used for a purpose other than that of making payments for costs allowable for Recovery Act projects. Recovery Act funds can be used in conjunction with other funding as necessary to complete projects, but tracking and reporting must be separate to meet the reporting requirements of the Recovery Act and OMB Guidance. This provision must be flowed down to any subcontract over $25,000 that is funded, in whole or in part, by the Recovery Act unless the Agreement is with an individual. (h) Debarred or Suspended Parties. Supplier certifies, to the best of its knowledge and belief, that Supplier and its Principals: (i) are not presently debarred, suspended, proposed for debarment, or declared ineligible for the award of contracts by any Federal agency; (ii) have not within a three (3) year period preceding this award been convicted of or had a civil judgment rendered against them for: commission of a fraud or a criminal offense in connection with obtaining, attempting to obtain, or CGHub Network Services Agreement Page 6 of 23 performing a public (Federal, state or local) contract or subcontract; violation of Federal or state antitrust statutes relating to this submission of offers; or commission of embezzlement, theft, forgery, bribery, falsifications or destruction of records, making false statements, or receiving stolen property; and (iii) are not presently indicted for, or otherwise criminally or civilly charged by a government entity with, commission of any of the offenses enumerated herein. Supplier certifies that neither it nor its Principals have, within a three (3) year period preceding this Agreement, had one or more contracts terminated for default by any federal agency. “Principals” for the purposes of this certification, means officers, directors, owners, partners, and persons having primary management or supervisory responsibilities within a business entity (e.g., general manager, plant manager, head of a subsidiary, division or business segments, and similar positions). This certification concerns a matter within the jurisdiction of an agency of the United States and the making of a false, fictitious, or fraudulent certification may render the maker subject to prosecution under Section 1001, Title 18, United States Code. Certification of this provision is a material representation of fact upon which reliance was placed when entering into this Agreement. If it is later determined that Supplier knowingly rendered an erroneous certification, in addition to other remedies available to Customer, Customer may terminate the Agreement immediately. Supplier hereby certifies these conditions and does so by entering this Agreement or by providing the goods/services purchased hereunder. (i) Equal Opportunity and Affirmative Action. Supplier shall not maintain or provide racially segregated facilities for employees at any establishment under its control. Supplier shall adhere to the requirements set forth in Executive Orders 11246 and 11375, and with respect to activities occurring in the State of California, to the California Fair Employment and Housing Act (Government Code section 12900 et seq.). Expressly, Supplier shall not discriminate against any employee or applicant for employment because of race, color, religion, sex, national origin, ancestry, medical condition (as defined by California Code section 12925f), marital status, age, physical and mental handicap in regard to any position for which the employee or applicant for employment is qualified, or because he or she is a disabled veteran or veteran of the Vietnam era. Supplier shall further specifically undertake affirmative action regarding the hiring, promotion and treatment of minority group persons, women, the handicapped, and disabled veterans and veterans of the Vietnam era. Supplier shall communicate this policy in both English and Spanish to all persons concerned within its company, with outside recruiting services, and the minority community at large. Supplier shall provide Customer on request a breakdown of its labor force by groups, specifying the above characteristics within job categories, and shall discuss with Customer its policies and practices relating to affirmative action programs. (j) Purchase of American-Made Equipment and Products. It continues to be the sense of Congress that, to the greatest extent practicable, all equipment and products purchased with grant, cooperative agreement, or contract funds should be American-made, and Supplier agrees to comply with the foregoing to the extent practicable. 4. Fees and Payments. (a) Fees. Customer shall pay to Supplier the applicable fees for the Network Services in accordance with the payment schedule set forth on Exhibit E (“Fees”). (b) Expenses. Customer also shall reimburse Supplier for reasonable, documented out of pocket travel, lodging, meal and other expenses incurred by Supplier Personnel in the course of performing the Network Services; provided, however, and only to the extent that: (i) such expenses shall be reasonable, allocable to the Agency Partner Agreement, and allowable pursuant to the Agency Partner Agreement and applicable Agency Partner requirements including without limitation those specified in Federal Acquisition Regulation (“FAR”) Part 31 Cost Principles and Procedures and with OMB Circular A-21; (ii) any expenses in excess of $1,000 individually or $10,000 in the aggregate shall require the prior CGHub Network Services Agreement Page 7 of 23 written approval of Customer; and (iii) all documentation required by Customer pursuant to its standard reimbursement policies or the Agency Partner Agreement is timely, accurately, and completely submitted together with any invoice. (c) Taxes. The compensation stated in this Agreement includes all applicable taxes and shall not be changed hereafter as the result of Supplier’s failure to include any applicable tax, or as the result of any changes in the Supplier’s tax liabilities. Customer shall withhold from the compensation described above the full amount of any and all taxes required to be withheld by the laws of the State of California. Customer shall remit such amount directly to the State of California Franchise Tax Board, settlement of which must be made by Supplier with the State of California through: Franchise Tax Board, PO Box942867, Sacramento, CA 94267-0001. All Network Services are to be performed in California unless specifically indicated otherwise in the attached exhibits or schedules. (d) Payments. Subject to Exhibit E, payments due under this Agreement shall be payable by Customer within sixty (60) calendar days after receipt by Customer of a written invoice from Supplier; provided, however, that all payments hereunder are contingent upon Agency Partner funding. Under no circumstances shall Customer be liable for payments not fully funded by the Agency Partners. 5. Confidentiality. (a) Confidential Information. Each party shall: (i) hold in strict confidence all Confidential Information of the other party using the same safeguards as it uses to protect its own Confidential Information of comparable value or sensitivity, but in any event, using safeguards that meet or exceed the Security Best Practices; (ii) use the Confidential Information solely to perform its obligations or exercise its rights under this Agreement; (iii) not transfer, display or otherwise disclose or make available such Confidential Information to any third party, other than the receiving party’s directors, officers, employees or agents (or, in the case of Customer, the Service Recipients or their Personnel) to the extent such persons are bound by equivalent confidentiality obligations and use restrictions and have a legitimate need to know the Confidential Information in order for the receiving party to perform its obligations or exercise its rights under this Agreement. (b) Disclosure in Compliance with Law. The receiving party may disclose the Confidential Information of the other party in response to a valid court order, law, rule, regulation or other governmental action, provided, however, that: (i) the disclosing party is notified in writing reasonably in advance of the disclosure of the information; and (ii) the receiving party assists the disclosing party, at the disclosing party’s expense, in any lawful attempt by the disclosing party to limit or prevent the disclosure of the Confidential Information. In the event that the disclosure relates to Personal Identifying Information within Project Data, Supplier agrees to immediately notify Customer of any action or communication that may lead to Supplier being required to disclose such Project Data and to the greatest extent possible Supplier shall allow Customer (or an Agency Partner) to control and manage any such response. Each party (in addition to any legal or other remedies available to such party) may seek injunctive or other equitable relief to prevent or remedy a breach or threatened breach of this Section 5 and each party agrees not to object or defend against such action on the basis that monetary damages would provide an adequate remedy. Notwithstanding the above, Supplier acknowledges that in the event a disclosure is mandated pursuant to the California Public Records Act, Customer may cooperate with Supplier in seeking to limit or prevent disclosure only if and to the extent Customer independently determines in good faith that the information sought to be protected is not in fact subject to disclosure under that law. (c) Customer Confidential Information. As between Customer and Supplier, Confidential Information of Customer is and shall remain the sole property of Customer. Without limitation to Section CGHub Network Services Agreement Page 8 of 23 5(a), Customer Confidential Information shall not be used by Supplier for any purpose other than the performance of its obligations under this Agreement, and shall not be sold, assigned, leased or otherwise transferred, disposed of or provided to third parties by Supplier (other than to Service Recipients consistent with the Specifications) or commercially exploited by or on behalf of Supplier or any of its Personnel. Supplier shall keep all Project Data confidential, even if it is in the public domain due to a breach by the receiving party or any other person or entity of a contractual commitment or other legal or contractual obligation. Supplier shall segregate Customer Confidential Information from its own data and that of its other clients. Failure to implement appropriate procedures to segregate Customer Confidential Information shall be considered a material breach of this Agreement and a Security Incident. In addition, the unauthorized Processing of Customer Confidential Information shall be considered a material breach of this Agreement and a Security Incident. (d) Safeguards. In addition to Supplier’s other obligations under this Section 5, Supplier shall establish and maintain safeguards against the unauthorized access, destruction, loss or alteration of Customer Confidential Information in the possession of Supplier and other Project Data which may be transmitted, stored, or shared using the Network Services, which safeguards are no less rigorous than: (i) the most rigorous practices of Customer or Supplier as of the Effective Date including; (ii) IT security best practices as defined by ISO 27001; (iii) all privacy and security obligations, standards and safeguards required by the Agency Partner Agreement or specified in any security plan approved by the Agency Partners or otherwise necessary for Customer to achieve Trusted Partner Status; (iv) the Data Security and Privacy Terms set forth at http://purchasing.ucsc.edu/forms/datasecurityappendix.pdf; and (v) any additional security requirements, standards, obligations, specifications and/or event reporting procedures required by any applicable Law (collectively, together with Supplier’s obligations under Section 5(c), the “Security Best Practices”). The Security Best Practices shall include, at a minimum, using firewalls, password protection and virus protection software, and performing periodic, but in any event at least quarterly, comprehensive internal security audits of the Network Services. Supplier shall provide Customer with written reports detailing the results of such security audits and tests, and shall take appropriate and adequate measures to resolve issues thereby identified. Customer shall have the right to establish backup security for Customer Confidential Information and to keep backup and files for such data in its possession if it so chooses. Additionally, Supplier shall contractually require any Supplier Personnel with access to Customer Confidential Information to comply with the Security Best Practices and other confidentiality restrictions contained in this Agreement. Supplier expressly acknowledges that, as of the Effective Date: (i) the Agency Partners anticipate that CGHub Project shall be operated in conformance with the Federal Information Security Management Act (“FISMA”) and “low impact” standards adopted by the National Institute for Standards and Technology (“NIST”) with select moderate enhancements; but (ii) laws and regulations that may govern components of the CGHub Project during the Term, including, without limitation, the Federal Policy for the Protection of Human Subjects, are currently in a state of flux and may impose additional requirements prior to expiration or termination of this Agreement. Supplier shall comply with all such requirements in performing the Network Services at no additional cost to Customer. (e) Security Reviews. Customer (or its designated representatives) may, on an annual basis or more frequently as reasonably requested by Customer or otherwise required by an Agency Partner, conduct an audit to verify that Supplier is operating in accordance with Security Best Practices. The audit may include a review of all aspects of Supplier’s performance including, without limitation: (i) systems, software development practices and procedures; (ii) network, operating system, database and application configuration controls; (iii) general controls and security practices and procedures; (iv) disaster recovery and back-up procedures; (v) change and problem management processes and procedures; and (vi) network and system vulnerability and risk analysis. Supplier shall, and shall cause its Personnel to, cooperate with Customer in conducting any such audit, and shall allow Customer reasonable access to all pertinent records, documentation, computer systems, data, personnel and processing areas as Customer CGHub Network Services Agreement Page 9 of 23 reasonably requests to complete the audit. Supplier shall provide satisfactory assurances that it has corrected any deviations from Security Best Practices that are identified in any security audit as soon as practicable, but in no event more than five (5) days after receiving notice from Customer outlining any deviations. Each Party shall bear its own costs in connection with such an audit. Nothing herein shall be interpreted to limit in any way the rights of Agency Partners or the Comptroller General of the United States to conduct any audit. Customer shall not be responsible for any Supplier fees, costs, or expenses incurred in connection with such Federal security reviews. (f) Security Breaches and Remediation. In the event Supplier discovers or is notified of an actual or potential Security Incident, Supplier shall promptly notify Customer, and Supplier and Customer shall consult in good faith regarding Remediation Efforts that may be necessary and reasonable. In addition to its obligations under Section 8, Supplier shall: (i) at Customer’s sole discretion either undertake Remediation Efforts for a Security Incident, at Supplier’s sole expense and in line with Security Best Practices, and/or reimburse Customer for Customer’s reasonable costs and expenses in connection with taking Remediation Efforts for a Security Incident; and (ii) provide assurances satisfactory to Customer and the Agency Partners that no Security Incident shall recur. (g) Additional Data Privacy and Security Terms. The terms and conditions of Customer’s Data Security and Privacy Appendix, online at http://purchasing.ucsc.edu/forms/datasecurityappendix.pdf, as well as any additional data privacy and security terms imposed by the Agency Partners, are incorporated herein by reference. In the event of any inconsistency among this Agreement and such additional privacy and security terms and conditions such that Supplier cannot reasonably comply with both (or all), the following priority shall apply: (i) terms and conditions specified by any Agency Partner; (ii) Customer’s Data Security and Privacy Appendix; (iii) the provisions of this Section 5. Supplier expressly agrees to comply with the Information Technology (“IT”) systems security and/or privacy specifications set forth in the Agency Partner Agreement and as further defined by FISMA, and to include this requirement in any subcontract awarded pursuant to this Agreement. 6. Term and Termination. (a) Term. The initial term of this Agreement shall commence as of the Effective Date and continue for a period of four (4) years (the “Term”), unless earlier terminated pursuant to this Section 6. (b) Termination for Breach. Either party may terminate this Agreement immediately upon delivery of written notice of such termination to the other party in the event that the other party breaches any material provision of this Agreement (or commits a series of non-material breaches that, collectively, are material) and fails to cure such breach(es) within thirty (30) days after the non-breaching party delivers notice of such breach(es) to the breaching party. (c) Additional Termination Rights. Without limitation to the provisions of Section 6(b), Customer may also terminate this Agreement immediately upon written notice to Supplier in the event of any of the following: (i) Customer fails to secure or ceases to receive CGHub Project funding from the Agency Partners (in which case termination shall be concurrent with cessation of funding); (ii) Customer fails to receive or retain Trusted Partner Status; (iii) Supplier suffers or permits the appointment of a receiver for its business or assets, becomes subject to involuntary proceedings under any bankruptcy or insolvency law (which proceedings remain undismissed for thirty [30] days) or is dissolved, wound up or liquidated; (iv) a Material Service Failure; or (v) the Agency Partner Agreement (or any relevant agreement with an Agency Partner) is terminated under any circumstances. CGHub Network Services Agreement Page 10 of 23 (d) Events Upon Termination. Upon any termination of this Agreement for any reason, Supplier shall destroy or securely erase all copies of Customer Confidential Information in Supplier’s possession or under Supplier’s control, including, without limitation, Project Data and Personally Identifiable Information subject to any applicable Data Laws. Supplier shall not withhold any Customer Confidential Information, nor access to any Data, as a means of resolving any dispute. Any provisions which by their terms should be reasonably understood to survive, including without limitation those addressing confidentiality, security, indemnification, and relevant warranties, shall survive any termination or expiration of this Agreement. (e) Payments Upon Termination. Promptly upon any termination of this Agreement, Supplier shall invoice Customer for all Fees and reimbursable expenses accrued as of the termination date, less any Service Level Credits, Usage Credits or other amounts owing to Customer hereunder as of such termination date. Supplier or Customer, as applicable, shall pay to the other any amounts owed within thirty (30) days of receipt of such invoice (or, in the case of payments from Supplier to Customer, within thirty (30) days after the effective date of termination). (f) Termination Assistance. At Customer’s request, commencing (i) any time during the twelve (12) months prior to the expiration of this Agreement; or (ii) upon any notice of termination of this Agreement, and continuing for a period of up to twelve (12) months from the effective date of expiration, or termination, Supplier shall provide to Customer or to its designee (collectively, “Successor”), assistance, support and other services to allow the Network Services to continue without interruption or adverse effect and to facilitate the orderly transfer of the Network Services to the Successor (“Termination Assistance Services”). Such Termination Assistance Services shall be provided to Customer by Supplier regardless of the reason for termination or expiration and the reasonable fees, expenses and charges for suchTermination Assistance Services shall be borne by Customer. The Termination Assistance Services shall be deemed to be “Network Services” for purposes of Supplier’s obligations hereunder. 7. Warranties and Disclaimer. The following warranties are effective notwithstanding prior inspection or acceptance of the Network Services and are in addition to and do not limit the rights afforded to the parties by any other provision of this Agreement. (a) Authority. Each party represents and warrants that (i) it has full power and authority to enter into this Agreement and convey the rights conveyed herein, (ii) it has not entered into nor shall it enter into any agreements that would conflict with its obligations hereunder or render it incapable of satisfactorily performing hereunder, (iii) it has obtained all licenses, authorizations, approvals, consents or permits required to perform its obligations under this Agreement under all applicable Laws, and (iv) the execution, delivery, and performance of this Agreement shall be in compliance with all applicable Laws and shall not constitute a violation of any judgment, order, or decree or a material default under any material contract by which it or any of its material assets are bound or an event that would, with notice or lapse of time, or both, constitute such a default. (b) Network Services. Supplier represents and warrants that: (i) the Network Services shall be rendered with promptness, due care, skill and diligence; (ii) the Network Services shall be executed in a professional and workmanlike manner, in accordance with the best practices of the information technology services industry; (iii) Supplier shall use adequate numbers of qualified Personnel with suitable training, education, experience, know-how, competence and skill to perform the Network Services; and (iv) Supplier has and shall retain the resources, capacity, expertise and ability to provide the Network Services. CGHub Network Services Agreement Page 11 of 23 (c) Compliance with Law; Noninfringement. Supplier represents and warrants that it shall comply with all applicable Laws in connection with this Agreement and the performance of its obligations hereunder, including, without limitation, applicable Data Laws. Supplier further represents and warrants that it shall comply with any and all obligations imposed on Customer under the Agency Partner Agreement or otherwise specified by the Agency Partners which may be applicable to the Network Services or Supplier’s performance hereunder, including, without limitation, obligations with respect to data security, foreign assets and export control, which provisions are incorporated herein by this reference. In addition, Supplier represents and warrants that the Network Services shall not infringe any patent, copyright, trademark, trade secret or other proprietary right of any third party. (d) Viruses. Supplier represents and warrants that it shall ensure that no forms of harmful surreptitious code, such as viruses, spyware and worms, or alternative means through which unauthorized individuals can monitor, copy, access or download Data on or accessed through CGHub, such as robots, spiders, scrapers or webcrawlers (collectively, “Viruses”) are introduced by any means into CGHub, or the systems used to provide the Network Services. If a Virus is found to have been introduced, Supplier shall promptly notify Customer in writing of the introduction and at no additional charge to Customer, assist Customer in eradicating the Virus and eliminating its effects, and if the Virus causes an interruption of the use of CGHub or the Network Services, a loss of operational efficiency or loss of Data, Supplier shall take all necessary steps to repair any damage done by the Virus, including undertaking Remediation Efforts at no cost or loss to Customer. (e) Adoption by Reference of Agency Partner Agreement Representations, Warranties, and Covenants. All representations, warranties, and covenants made by Customer under the Agency Partner Agreement are hereby incorporated by reference as Supplier representations, warranties, and covenants to Customer, to the extent applicable to the Network Services. (f) Disclaimer. OTHER THAN THE FOREGOING, SUPPLIER MAKES NO REPRESENTATIONS OR WARRANTIES WITH RESPECT TO THE NETWORK SERVICES. WITHOUT LIMITATION TO THE FOREGOING, SUPPLIER SPECIFICALLY DISCLAIMS ALL EXPRESS WARRANTIES NOT STATED HEREIN AND ALL IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 8. Insurance and Indemnification (a) Supplier represents and warrants that, during the Term, it shall keep in full force and effect and maintain at its sole cost and expense (primary and non-contributing) insurance policies from reputable insurers against such risks and in such amounts as are customary for similarly situated companies (but in no event less than commercially reasonable levels of insurance and any insurance required by applicable Law or otherwise specified by the Agency Partners, including without limitation as provided in the Agency Partner Agreement). Supplier shall provide Customer with Certificates of Insurance evidencing all policies and coverages prior to the Effective Date and thereafter upon Customer’s request; and shall provide Customer with at least thirty (30) days’ written notice prior to any cancellation or restrictive modification of same. [NOTE – SPECIFIC LIMITS WILL BE INCLUDED SUBJECT TO DISUCSSION.] (b) Supplier shall indemnify and hold harmless Customer, the Agency Partners, and their respective officers, employees and agents (collectively with Customer, “Included Indemnitees”) from and against all claims, losses, damages, liabilities and lawsuits (including reasonable attorneys fees and costs) (collectively, “Damages”) arising from or relating to (i) any claim that the Network Services infringe any third party’s patent, copyright, trademark or other proprietary right or constitutes misappropriation of a CGHub Network Services Agreement Page 12 of 23 trade secret, (ii) any breach by Supplier of any of its obligations, covenants, representations or warranties provided in this Agreement, (iii) any Security Incident to the extent attributable to Supplier’s or Supplier Personnel acts or omissions; or (iv) any other act or omission by Supplier or its Personnel that may cause liability to Customer pursuant to the Agency Partner Agreement. Without limitation to any other rights or remedies of Customer, in the event that Customer’s use of the Network Services is enjoined as a result of a claim of infringement, Supplier shall, at its sole option and expense, either (i) procure for Customer the rights necessary to continue using the enjoined Network Services or (ii) replace or modify the same so that they no longer infringe or misappropriate the third party’s rights, while such replaced or modified Network Services remain in compliance with the Specifications and the warranties provided in Section 7. If Supplier, in its reasonable discretion, determines that neither of these options is commercially reasonable, Supplier may terminate this Agreement upon thirty (30) days’ written notice to Customer, provided that Supplier refunds to Customer any Fees previously paid which are applicable to the period during which Customer did not receive Network Services (including any period following termination). (c) Supplier’s indemnification obligations under Section 8(b) with respect to any Damages arising from third party claims are contingent upon (i) Customer or another Included Indemnitee giving Supplier prompt written notice of such claim, loss, expense, damage, liability or lawsuit, provided, however, that absent material prejudice to Supplier, the failure to promptly notify shall not eliminate or reduce Supplier’s obligations hereunder, (ii) the relevant Included Indemnitees cooperating reasonably with Supplier in the defense and/or settlement thereof; provided, however, that Supplier may not enter into any settlements imposing non-monetary obligations on or acknowledging liability or fault on behalf of the Included Indemnitees without Customer’s prior written consent, and (iii) Supplier having an opportunity to assume control of such defense; provided, however, that if Supplier assumes such control, the Included Indemnitees shall have the right to participate reasonably in such defense, including, without limitation, the right to retain separate counsel at its own expense. Neither party shall be responsible for any settlement that it does not approve in writing. (d) Supplier’s indemnification obligations under Section 8(b) shall not apply to the extent the claim is based on use of the Network Services by Service Recipients other than in accordance with this Agreement. 9. Limitation of Liability. Except with respect to the indemnity provided in Section 8, Supplier shall not be liable to Customer for any consequential, indirect, incidental or special damages arising under this Agreement, even if Supplier has been advised of the possibility of such damages. Supplier shall not be liable under this Agreement under any contract, negligence, strict liability or other legal or equitable theory for any amounts, in the aggregate, in excess of the total amount of Fees actually paid by Customer to Supplier hereunder; provided, however, that the foregoing limitation on liability shall not apply with respect to (i) the indemnity provided in Section 8, (ii) any required Remediation Efforts pursuant to Section 5(f), or (iii) death, personal injury or property damage caused by Supplier or its Personnel. 10. Publicity; Use of Names. Neither party may use the names or marks of the other, nor of an Agency Partner, without the applicable party’s express written consent. Supplier expressly acknowledges that: (i) the Agency Partner Agreement requires that SAIC be provided with thirty (30) days written notice of any proposed press release describing or otherwise referring to the CGHub Project, the content of which is subject to SAIC approval; and (ii) California Education Code § 92000 restricts the lawful uses of Customer’s name and marks. 11. General. (a) Assignment. Neither party shall have the right to assign, transfer, or sublicense any obligations or benefit under this Agreement without the prior written consent of the other party hereto, CGHub Network Services Agreement Page 13 of 23 provided, however, that Customer may assign this Agreement without Supplier’s prior written consent to an Agency Partner or to any successor to Customer as the manager of the CGHub Project. Except as otherwise provided herein, this Agreement shall be binding on and inure to the benefit of the respective successors and permitted assigns of the parties. (b) Notices. All notices under this Agreement shall be in writing, and shall be deemed given when personally delivered, when mailed by prepaid certified or registered U.S. mail, when sent by commercial overnight courier service with tracking capabilities or by email or facsimile (if confirmed by one of the other methods permitted hereunder within 48 hours after such facsimile transmission), to the respective addressee of each party at the address, email address or facsimile number below, or such other address, email address or facsimile number as such party last provided to the other party by written notice. (c) No Waiver. The failure of either party to enforce its rights under this Agreement at any time for any period shall not be construed as a waiver of such rights. (d) Independent Contractors. Notwithstanding any provision hereof, for all purposes of this Agreement each party shall be and act as an independent contractor and not as partner, joint venturer or agent of the other party and shall not bind nor attempt to bind the other party to any contract. At no time shall Supplier or Supplier’s Personnel be considered employees of University for any purpose, including but not limited to workers’ compensation provisions. (e) Third-Party Rights. Nothing in this Agreement is intended to make any person or entity who is not signatory to the agreement – other than the Agency Partners to the extent contemplated in the Agency Partner Agreement, the Service Recipients to the extent contemplated by the Network Services and the Included Indemnitees to the extent contemplated by Section 8 – a third-party beneficiary of any right created by this Agreement or by operation of law. (f) Modifications. Except for changes or modifications to Exhibit A, which may be made by notice from Customer to Supplier, no changes or modifications to or waivers of any provision of this Agreement shall be effective unless evidenced in a written amendment that is signed by both parties. Supplier expressly acknowledges that contracting authority at Customer is limited to the Chancellor and specified other officials expressly delegated authority by the Chancellor. (g) Severability. In the event that any provision of this Agreement shall be determined to be illegal or unenforceable, such provision shall be limited or eliminated to the minimum extent necessary so that this Agreement shall otherwise remain in full force and effect and enforceable. (h) Governing Law; Jurisdiction. This Agreement shall be governed by and construed in accordance with the Laws of the State of California, without regard to the conflicts of laws provisions thereof. (i) Disputes. Any dispute arising regarding the interpretation or implementation of this Agreement, including any claims for breach of this Agreement, shall be resolved by submitting the claim for arbitration to the American Arbitration Association in accordance with its rules and procedures applicable to commercial disputes. The location of any arbitration hearing shall be Santa Cruz, California, and any enforcement of the arbitrator's decision shall be brought in the Superior Court of Santa Cruz County, California. The sole jurisdiction and venue for any non-arbitrable actions related to the subject matter of this Agreement shall be the state and federal courts located in Santa Cruz, California. In any action brought by a party to enforce the terms of this Agreement, the prevailing party shall be entitled to reasonable attorney's fees and costs, including the reasonable value of any services provided by in-house CGHub Network Services Agreement Page 14 of 23 counsel. The reasonable value of services provided by in-house counsel shall be calculated by applying an hourly rate commensurate with prevailing market rates charged by attorneys in private practice for such services. (j) Remedies Cumulative. Unless expressly stated otherwise in this Agreement, all remedies provided for in this Agreement shall be cumulative and in addition to, and not in lieu of, any other remedies available to either party at law, in equity or otherwise. (k) Headings. Headings herein are for convenience of reference only and shall in no way affect interpretation of the Agreement. (l) Acknowledgement. The parties each acknowledge that the terms and conditions of this Agreement have been the subject of active and complete negotiations, and that such terms and conditions should not be construed in favor of or against any party by reason of the extent to which any party or its professional advisors participated in the preparation of this Agreement. (m) Force Majeure. Neither party shall be liable for any failure of or delay in performance of its obligations under this Agreement to the extent such failure or delay is due to acts of God, acts of a public enemy, terrorism, fires, floods, wars, civil disturbances, sabotage, insurrections, blockades, embargoes, storms, explosions, labor disputes (whether or not the employees' demands are reasonable and/or within the party's power to satisfy), acts of any governmental body, failure or delay of third parties or governmental bodies from whom a party is obtaining or must obtain approvals, authorizations, licenses, franchises, or permits, or inability to obtain labor, materials, power, equipment, or transportation, or other similar circumstances beyond such party’s reasonable control, in each case except to the extent that such party is at fault in failing to prevent or causing such default or delay, and provided that such default or delay cannot reasonably be circumvented by such party through the use of alternate sources, workaround plans or other means (collectively referred to herein as “Force Majeure”). Each party shall use its reasonable efforts to minimize the duration and consequences of any failure of or delay in performance resulting from a Force Majeure event and to promptly notify the other of any actual or potential Force Majeure event; provided, however, that in the event a condition of Force Majeure continues for more than sixty (60) days, the party not invoking Force Majeure to excuse its failure to perform (e.g., a party whose performance is not being delayed a condition of Force Majeure) shall have the right in its discretion to terminate this Agreement. (n) Entire Agreement. This Agreement, including all Exhibits hereto, constitutes the entire agreement between the parties with respect to its subject matter and supersedes all proposals, oral or written, all negotiations, conversations, discussions or agreements between or among the parties relating to the subject matter. (o) Time is of the Essence. Supplier acknowledges and agrees that time is of the essence with respect to the performance of Supplier’s obligations hereunder. (p) Counterparts. This Agreement may be executed in counterparts, each of which shall be deemed an original but all of which together shall constitute one and the same Agreement. 12. Additional Definitions. As used in this Agreement (including any Exhibits hereto): (a) “Agency Partner Agreement” shall mean the agreement or agreements referenced in the Recitals including, without limitation, the Letter Agreement between SAIC and Customer dated July 29, 2011, under which Customer is appointed to act as subcontractor of SAIC, which in turn directly contracts with the other Agency Partners), and all supplements, amendments, and additional agreements CGHub Network Services Agreement Page 15 of 23 related to the CGHub project between any Agency Partner and Customer that Customer attaches to Exhibit A by notice to Supplier. (b) “Authorized Third Party Users” shall mean Cancer Genomics Projects genome sequencing centers (“GSCs”), data analysis centers (“GDACs”), and data coordinating centers (“DCCs”), and other research facilities and entities (including their respective Personnel) as may be selected and authorized by Customer (and/or the Agency Partners), in Customer’s (or the Agency Partners’) sole discretion, to use the Network Services in connection with the CGHub Project. (c) “Confidential Information” shall mean any confidential or proprietary information of a party that is disclosed in any manner and in any media to the other party (or to which such other party gains access) in connection with or as a result of this Agreement, and which at the time of disclosure either (i) is marked as being “Confidential” or “Proprietary”, (ii) is otherwise reasonably identifiable as confidential or proprietary information, or (iii) under the circumstances of disclosure should reasonably be considered as confidential or proprietary information. Specifically, Confidential Information includes: (A) the existence of and the terms and conditions of this Agreement; and (B) all types of proprietary technical or business information, including data, know-how, formulas, algorithms, processes, designs, drawings, schematics, plans, strategies, specifications, requirements, standards and documentation, reports, pricing, market, marketing or demographic information, software, trade secrets, research, analyses, inventions, ideas and other types of nonpublic information, including copies and archival records thereof. For purposes of this Agreement, Confidential Information of Customer expressly includes Project Data. Confidential Information does not include information that is: (I) in the public domain other than due to a breach by the receiving party or any other person or entity of a contractual commitment or other duty to the disclosing party; (II) known to the receiving party prior to its receipt from the disclosing party or obtained by the receiving party outside the scope of this Agreement from a third party that has no obligation of confidentiality to the disclosing party, in each case without breaching this Agreement; or (III) independently developed by the receiving party without reference to the Confidential Information of the disclosing party. However, Personal Identifying Information within Project Data shall always be treated as Confidential Information of Customer and shall not be subject to the exclusions contained in this definition. (d) “Data” shall mean any data or information, in any form or format, including interim, processed, compiled, summarized, or derivative versions of such data or information, that may exist in any system, database, or record. (e) “Data Laws” shall mean any Laws restricting collection, use, processing or free movement of personal data (including, without limitation, otherwise deidentified genomic data), such as the California Information Practices Act (IPA), Gramm-Leach-Bliley Act of 1999, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Children's Online Privacy Protection Act (COPPA), The Child Online Protection Act, the Genetic Information Nondiscrimination Act (GINA), the European Union Directive on the Protection of Personal Data and implementing member state legislation, the Personal Information Protection and Electronic Documents Act (PIPEDA) of Canada, and the fair information principles published by the United States Federal Trade Commission. “Data Laws” also includes, as in effect from time to time, any law, rule, regulation, declaration, decree, directive, statute, or other enactment, order, mandate, resolution or self-regulatory guideline or standard (including those issued by organizations such as NIST and the PCI Security Standards Council), which is applicable to an Agency Partner, a party or to which a party is required to submit or which is voluntarily adopted by a party or other companies in such party’s industry, issued or enacted by any domestic or foreign, supra-national, national, state, county, municipal, local, territorial or other government or industry body, bureau, court, commission, board, authority, or agency, anywhere in the world and which relates to Data. CGHub Network Services Agreement Page 16 of 23 (f) “Law” shall mean: (i) any applicable law, statute, regulation, ordinance or subordinate legislation in force from time to time to which a party (including, without limitation, a party’s Personnel) is subject; (ii) the common law as applicable to the parties from time to time; (iii) any binding court order, judgment or decree; and (iv) any applicable directive, policy, rule or order that is binding on a party and that is made or given by any government or authority, an agency or contractor thereof, or any regulatory body; of any country, the European Union, or other national, federal, commonwealth, state, provincial or local jurisdiction and of any exchange or association whose regulations are binding on either party pursuant to a self-regulating mechanism approved by a governmental entity. (g) “Material Service Failure” shall mean a single failure or series of failures that, collectively, materially compromise the Service Recipients’ ability to utilize the Network Services as contemplated in the Agency Partner Agreement and under this Agreement including, without limitation, a Critical Disruption (as defined at Exhibit C) or series of Critical Disruptions causing Network outages a total of more than twenty-one (21) days during any twelve (12) month period, regardless of cause or efforts to resolve. (h) “Personal Identifying Information” shall mean any Data that identifies or could be used to identify a natural person, such as a name, mailing address, phone number, fax number, email address, frequent flier number, Social Security number, credit card or other payment Data, date of birth, drivers license number, account number or user ID, PIN, or password. For the avoidance of doubt, Data shall be deemed Personal Identifying Information if it contains genomic sequence information, SNPs, or similar information; or if the unauthorized access, use, disclosure, modification, storage, destruction, or loss of that Data otherwise may trigger the application of any Data Law or any security breach notification under a Data Law. (i) “Personnel” shall mean a party’s or other entity’s officers, directors, employees, agents, affiliates, subcontractors and independent contractors (and their respective Personnel). (j) The “Primary Sites” include, at the time of execution of this Agreement: (1) the Data Center, Customer (at its UCSC campus), Baylor University, British Columbia Genome Sciences Centre, Broad Institute, Lineberger Cancer Center (University of North Carolina), and Washington University, St. Louis (collectively the “First Priority Sites”); and (2) Customer’s Berkeley, Davis, Los Angeles, and San Francisco campuses (UC Berkeley, UC Davis, UCLA, and UCSF), Complete Genomics (Mountain View, CA), Harvard Medical School, Ilumina, Inc. (San Diego, CA), Institute for Systems Biology (Seattle, Washington), Johns Hopkins University, Lawrence Berkeley National Laboratory, MD Anderson Cancer Center (Houston, TX), Memorial Sloan-Kettering Cancer Center, National Center for Genome Resources (Santa Fe, NM), Oregon Health Sciences University, and University of Southern California (collectively the “Second Priority Sites”). (k) “Project Data” shall mean all Data: (i) submitted by or on behalf of Customer to Supplier (including Supplier Personnel); (ii) uploaded or otherwise transferred or provided by Service Recipients for use or placement on CGHub; or (iii) otherwise owned or held by Service Recipients to which Supplier has access in connection with this Agreement. For the avoidance of doubt, Project Data shall include, without limitation: (A) any genome-related Data or other Data regarding individual patients, trial participants and other individuals providing information for research, use, distribution or study on CGHub, including, without limitation, Personal Identifying Information for such individuals, and (B) Data related to Service Recipient Personnel, including Personal Identifying Information. If it is unclear if any Data constitutes Project Data, then as between Customer and Supplier, and until such matter is definitively resolved otherwise, such Data shall be deemed to be Project Data under this Agreement. CGHub Network Services Agreement Page 17 of 23 (l) “Process” shall mean, with respect to Data, to collect, access, use, process, disclose, transmit, transfer, store, or retain such Data. (m) “Remediation Efforts” shall mean activities designed to remedy a Security Incident which may be required by Law (applicable to Customer, Supplier or both) or by Customer or Agency Partner policy or procedures pertaining to a Security Incident, or which may otherwise be necessary, reasonable or appropriate under the circumstances, commensurate with the nature of the Security Incident. Remediation Efforts may include, without limitation: (i) development and delivery of legal notices to affected individuals or other third parties as may be required by applicable law or as otherwise appropriate; (ii) establishment and operation of toll-free telephone numbers (or, where toll-free telephone numbers are not available, dedicated telephone numbers) for affected individuals to receive specific information and assistance; (iii) provision of free credit reports, credit monitoring and credit or identity repair services for affected individuals; (iv) provision of identity theft insurance for affected individuals; (v) cooperation with and response to regulatory inquiries and other similar actions; (vi) undertaking of investigations (internal or by a governmental body) of such Security Incident; and (vii) cooperation with and response to litigation with respect to such Security Incident (including class action suits or similar proceedings); and in each case including, legal costs and disbursements and the payment of fines, settlements and damages. (n) “Security Incident” shall mean, in connection with the Network Services provided by Supplier to Customer: (i) the loss or misuse (by any means) of Customer Confidential Information or Project Data; (ii) the inadvertent, unauthorized, and/or unlawful processing, alteration, corruption, sale, rental, or destruction of Customer Confidential Information or Project Data; (iii) any other act or omission that compromises or threatens to compromise the security, confidentiality, or integrity of Customer Confidential Information or Project Data; or (iv) any breach of Customer’s security policies (as provided by Customer to Supplier in writing from time to time) or the applicable security requirements of the Agency Partner Agreement, including, without limitation, any security policies required for “moderate security” protection under FISMA. (o) “Service Recipients” include the Primary Sites and other Authorized Third Party Users. (p) “Trusted Partner Status” shall mean the status accorded to an institution when the Agency Partners permit the institution to distribute Project Data to Primary Sites and other Authorized ThirdParty Users. IN WITNESS WHEREOF, the parties hereto have executed this Agreement as of the Effective Date. SUPPLIER CUSTOMER By: By: Name: Name: (print name) (print name) Title: Title: Address: Address: Facsimile No.: Facsimile No.: Email Address: Email Address: CGHub Network Services Agreement Page 18 of 23 EXHIBIT A: AGENCY PARTNER AGREEMENTS CGHub Network Services Agreement Page 19 of 23 EXHIBIT B – NETWORK SERVICES AFFILIATES CENIC Florida LambdaRail Front Range GigaPoP / University Corporation for Atmospheric Research Lonestar Education and Research Network Mid-Atlantic Terascale Partnership: MATP / Virginia Tech Foundation North Carolina Light Rail Oak Ridge National Laboratory Oklahoma State Regents for Higher Education Pacific Northwest Gigapop Pittsburgh Supercomputing Center / University of Pittsburgh Southeastern Universities Research Association Southern Light Rail University of New Mexico (on behalf of the State of New Mexico) CGHub Network Services Agreement Page 20 of 23 EXHIBIT C: NETWORK SERVICES SUPPORT 1. Monitoring. Supplier shall be responsible for implementing and operating all measurement and monitoring tools and procedures required to monitor, measure and report its performance of the Network Services (and, to the extent applicable, relative to the Service Level Agreements). Such tools and procedures shall, at a minimum, provide continuous monitoring of all Network components and real-time alerts of any events that may adversely affect connectivity for any Service Recipient (“Alerts”). 2. Support. Supplier shall coordinate and track installation of circuit turn-ups and provide oversight of circuit deployments. Supplier further shall provide trouble ticket creation and general customer, network operations center and helpdesk support, in each case available 24 hours per day, 7 days per week, 365 days a year, by phone and email, to (i) the CGHub Project help desk, (ii) each Service Recipient and (iii) each Regional Provider (collectively, “Support Recipients”). In no event shall such service and support be inferior to the service or support provided by Supplier to any other customer of Supplier. 3. Maintenance. Without limiting the foregoing, Supplier shall reasonably notify and consult with Customer in advance of any maintenance events or field service work that may adversely affect the Network Services and shall take all reasonable steps to minimize any related disruption or impact on Service Recipients. 4. Communications. Supplier shall provide on-line access to up-to-date reporting in relation to the Network Services, including problem management data and other data regarding the status of service problems, service requests and user inquiries. At Customer’s request, Supplier shall work with other subcontractors of Customer to build network monitoring capabilities into the dashboard of the CGHub user software. 5. Additional Obligations Relevant to Critical Disruptions. Without limiting any other remedies set forth in this Agreement (including Exhibit D), in the event of a significant Network Services disruption that has a critical impact on the operations of CGHub (“Critical Disruption”), Supplier shall work continuously, during and after normal business hours, and devote all necessary resources to resolve the Critical Disruption or develop a reasonable workaround as quickly as possible, but in no event less than twenty-four (24) hours after notification thereof by Customer (the “Resolution Period”). Any Critical Disruption that is not resolved, or for which a reasonable workaround is not in use, within the Resolution Period shall entitle Customer to a credit equal to one hundred dollars ($100.00) for each one (1) hour period (or portion thereof) from the end of the Resolution Period until such Critical Disruption is resolved or a reasonable workaround is in use. CGHub Network Services Agreement Page 21 of 23 EXHIBIT D: SERVICE LEVEL AGREEMENTS AND CREDITS [SUBJECT TO NEGOTIATION AND AGENCY PARTNER APPROVAL] Supplier shall perform the Network Services so as to meet or exceed the Service Level Agreements specified in this Exhibit D. Failure to meet the Service Level Agreements shall entitle Customer to the Service Level Credits specified herein. Following each calendar month, Supplier shall provide a report, in a form satisfactory to Customer, describing Supplier’s performance in relation to the Service Level Agreements and calculating any Service Level Credits for such period. Any outstanding Service Level Credits shall be reflected on and applied against the Fees in the next invoice for Network Services issued by Supplier. 1. Transmission Quality [TBD] 2. Availability. Supplier shall provide Network connectivity as described in the Agreement to each Service Recipient at a minimum availability of [NUMBER]%, excluding scheduled outages approved in advance by Customer. Availability numbers for the Service Recipients individually and collectively shall be averaged over each calendar month. In the event Supplier fails to meet this Service Level Agreement for any Service Recipient or the Service Recipients collectively, Customer shall receive a credit equal to $[AMOUNT] for each [NUMBER]% of additional downtime for such Service Recipient or the Service Recipients collectively, as applicable, in the applicable calendar month, subject to a maximum total credit of $[AMOUNT] in any calendar month. 3. Installation. In the event Supplier fails to meet any of the installation timelines specified in Section 2 or in the Implementation Plans, Customer shall receive a credit equal to $[AMOUNT] for each one (1) day period (or portion thereof) from the end of the specified period until the applicable connection is fully installed and operational. 4. Response and Notification. In connection with the support services described in Exhibit C, Supplier shall provide an initial response to any email or voicemail inquiry or network alert or other trouble report within one (1) hour after such inquiry or report is received by Supplier, however receipt occurs. In connection with the monitoring services described in Exhibit C, Supplier shall notify Customer and any affected Service Recipients of any Alerts within one (1) hour after such Alert is provided by Supplier’s monitoring system. In the event Supplier fails to meet the foregoing Service Level Agreement for any inquiry, network alert or other trouble report, or Alert, Customer shall receive a credit equal to $[AMOUNT] for each one (1) hour period (or portion thereof) from the end of the applicable one (1) hour period until Supplier provides the required response or notification. 5. [ADDITIONAL SLAs TO BE DETERMINED] CGHub Network Services Agreement Page 22 of 23 EXHIBIT E: SCHEDULE OF FEES 1. Fees payable pursuant to Section 4(a) of the Agreement $644,323 not less than thirty (30) days after Agency Partner Acceptance of the Implementation Plan that addresses full operational status of all of the Primary Sites, covering the period from the Effective Date through September 30, 2012 (the “Initial Project Year”). $401,181 for each twelve (12) month period following the Initial Project Year (each an “Applicable Project Year”), in each case payable in quarterly installments during such Applicable Project Year. The above Fees cover all Network Services for the Primary Sites. In the event Customer or an Agency Party requests that Network Services be provided to additional Service Recipients, the Fees for any period following such addition shall be increased such that the amount of Fees per Service Recipient for such period remains constant before and after giving affect to such addition. Notwithstanding anything herein to the contrary, no installment of Fees shall be payable by Customer until sixty (60) days following receipt by Customer of applicable funding from the Agency Partners. In the event of early termination of this Agreement, by either party for any reason, Supplier shall reimburse to Customer any Fees previously paid which are applicable to the period following such termination. 2. Reductions The Fees owed to Supplier during any Applicable Project Year shall be reduced by the Service Level Credits and by Usage Credits, which Customer may earn in an amount of $[AMOUNT] per Applicable Project Year for each Service Recipient that requires Network Services at 1 Gbps rather than 10 Gbps in such Applicable Project Year. Usage Credits shall be prorated in the event a Service Recipient requires Network Services at 1 Gpbs for a portion of any Applicable Project Year. 3. Invoices Notwithstanding anything here in the to contrary, no Fees shall be payable hereunder except in response to Supplier invoices which shall be in a form and contain information reasonably acceptable to Customer. Supplier shall deliver invoices for Fees at least sixty (60) days prior to the applicable due date, except that the first invoice may be delivered within thirty (30) days of the Effective Date. CGHub Network Services Agreement Page 23 of 23