Loading...
HomeMy WebLinkAboutSOCRADAR CYBER INTELLIGENCE INC.Docusign Envelope ID: 4D6CF659-66B6-419F-BAAB-FF5IEADFF578 N-2025-060 CUSTOMER SAAS SUBSCRIPTION AGREEMENT SOCRadar`' INSURANCE ON FILE WORK MAY PROCEED CUSTOMER SAAS SUBSCRIPTION AGREEMENT UNTIL INSURANCE EXPIRES II11wZs _ CITY CIL 2 5 2025 SOCRadar Platform DATE: MA D'. fo(k) (Nak Sure \ D i*vlr Terms of Service Agreement Welcome to the SOCRadar Platform. This program allows you to access and use the SOCRadar Cyber Threat Intelligence Platform, documentation and content (individually and collectively the "Service") through the website platform.SOCRadar.com and/or related websites for a limited period of time. The contractual Terms of s Service ("TOS") are between you, the City of Santa Ana, a charter city and municipal corporation organized and existing under the Constitution and laws of the State of California ("City"), and SOCRadar, a Delaware Corporation. You and SOCRadar may each be referred to as a "Party" and together as the "Parties". If you use any of SOCRadar services, documentation or content you hereby agree to this TOS for the duration of the product evaluation program ('Term"). If you do not agree to this TOS, please do not use any of SOCRadar Services. 1.ACCESS TO THE SERVICE Subject to the terms and conditions of this TOS, SOCRadar grants you a non-exclusive, non -transferable license, during the Term, to use and access the Service, solely in accordance with the published documentation for the Service, for your own internal -use purposes. You agree that you will not: (a) permit any third party to access and/or use the Service; (b) rent, lease, loan, or sell access to the Service to any third party; (c) interfere with, disrupt, alter, translate, or modify the Service or any part thereof, or create an undue burden on the Service or the networks or services connected to the Service; (d) reverse -engineer the Service (except to the extent that such restriction on reverse engineering is prohibited by law and then you shall provide SOCRadar with prompt written notice prior to any such action), use the Services to conduct, publish or disclose any competitive benchmarking tests or analysis; or access the Service to build a competitive product or service; or (e) introduce software or automated agents or scripts to the Service so as to produce multiple accounts, generate automated searches, requests and queries, or to strip or mine data from the Service. Service accounts and passwords may not be used by more than one individual user and you agree that you will not assist with or permit this. You shall not use the Services for any production purposes or use the Services except to evaluate such Services during the designated Term. SOCRadar reserves the right to immediately terminate any account access that SOCRadar reasonably determines has been used by an unauthorized third party or in violation of this TOS. SOCRadar Cyber Intelligence Inc. www.SOCRadar.io Docusign Envelope ID: 4DBCF659-66B6-419F-BAAB-FF5IEADFF578 CUSTOMER SAAS SUBSCRIPTION AGREEMENT SOCRadar'`" 2.OWNERSHIP. You agree the Service, all software, hardware, algorithms, all SOCRadar CTI as defined below, methodologies, and other technology used by SOCRadar to provide the Service, and all intellectual property and proprietary rights in all of the foregoing, is the exclusive property of SOCRadar and its suppliers. You hereby assign to SOCRadar any suggestions, ideas, enhancement requests, feedback, recommendations or other information provided by you related to the Service. All rights not expressly granted to you are reserved to SOCRadar. 3. "SOCRadar CTI Data" means: (a) all information that is generated, collected, developed, produced, or created through the public -source search functions of the Service, including such information generated by previous searches that is stored in the SOCRadar digital risk and threat information platform; and (b) any analytical product that is produced by SOCRadar based on the information described in subsection (a) Subject to the terms and conditions of this TOS, SOCRadar hereby grants to you a non-exclusive, non -transferable license to access and download the SOCRadar using the Service, during the term of this TOS solely for your internal business purposes and under no circumstances may you distribute any SOCRadar CTI Data to any third parties. 4. "Confidential Information" means: the SOCRadar CTI Data and any nonpublic information regarding the Service. You will not use any Confidential Information for any purpose not expressly permitted by this TOS. You will protect the Confidential Information from unauthorized use, access, or disclosure in the same manner as you protect your own confidential or proprietary information of a similar nature and with no less than reasonable care. You will be allowed to disclose the Confidential Information to the extent that such disclosure is (i) specifically approved in writing by SOCRadar, (ii) necessary in the course of legal proceedings for you to defend yourself or to enforce its rights under this TOS; or (iii) required by law or by the order of a court or similar judicial or administrative body, provided that you notify SOCRadar of such required disclosure promptly and in writing and cooperates with SOCRadar, at SOCRadar reasonable request and expense, in any lawful action to contest or limit the scope of such required disclosure. You will return to SOCRadar or destroy all tangible copies of Confidential Information in your possession or control and permanently erase all electronic copies of Confidential Information promptly upon the expiration or termination of this TOS, whichever occurs first, except to the extent necessary to permit you to exercise any license right to the SOCRadar CTI Data expressly surviving this TOS. SOCRadar Cyber Intelligence Inc. www.SOCRadar.io Docusign Envelope ID: 4D6CF659-66B6-419F-BAAB-FF61EADFF578 CUSTOMER SAAS SUBSCRIPTION AGREEMENT SO Radar 5. FEES, TAXES AND PAYMENT a. City agrees to pay, and SOCRadar agrees to accept as total payment for its services for City, the rates and charges identified in Compensation - Exhibit A, attached hereto and incorporated by reference. The cost for services is $42,500. The total amount to be expended during the term of this Agreement shall not exceed $49,000, which includes a $6,500 contingency fee to cover additional expenses such as applicable taxes, levies, duties, or similar governmental charges, such as value-added tax (VAT), sales tax, goods and service tax, or use tax. All payments shall be made within thirty (30) days of invoice date. 6. DATA SECURITY SOCRadar will use reasonable efforts to establish and maintain safeguards to protect the security and integrity of the Service and protect against the accidental or unauthorized access, use, alteration or disclosure of the content. Except with your consent or as otherwise permitted under this TOS, SOCRadar will not use the content other than to provide the Service. 7. DATA PRIVACY. You and SOCRadar shall comply with applicable data protection laws and regulations. You agree not to submit any personal datato the Service except as required for your registration and use of the Service. 8. WARRANTY DISCLAIMER. THE SERVICE AND THE SOCRadar CTI DATA ARE PROVIDED "AS IS," AND SOCRadar MAKES NO (AND HEREBY DISCLAIMS ALL) WARRANTIES, REPRESENTATIONS, OR CONDITIONS, WHETHER WRITTEN, ORAL, EXPRESS, IMPLIED OR STATUTORY, INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, SATISFACTORY QUALITY, TITLE, NONINFRINGEMENT, OR FITNESS FOR A PARTICULAR PURPOSE, WITH RESPECT TO THE USE, MISUSE, OR INABILITY TO USE THE SERVICE (IN WHOLE OR IN PART), THE SOCRadar CTI DATA, OR ANY OTHER PRODUCTS OR SERVICES PROVIDED TO YOU BY SOCRadar. SOCRadar DOES NOT WARRANT THAT SEARCHES PERFORMED BY THE SERVICE WILL REVEAL ANY OR ALL SECURITY THREATS OR PREDICT ANY OR ALL ATTACKS, THAT THE SOCRadar CTI DATA WILL BE ACCURATE OR COMPLETE, OR THAT OPERATION OF THE SERVICE SHALL BE UNINTERRUPTED OR ERROR -FREE. WITHOUT LIMITING THE GENERALITY OF THE FOREGOING, SOCRadar DISCLAIMS ANY LIABILITY FOR, AND SHALL NOT BE RESPONSIBLE IN ANY WAY REGARDING, ANY THIRD -PARTY CONTENT, INFORMATION, MATERIALS, LINKS, FILES, OR SEARCH RESULTS THAT MAY BE ACCESSIBLE THROUGH THE SERVICE OR THE SOCRadar CTI DATA. 9 _INDEMNITY. 9.1 General Indemnity. SOCRadar will defend, indemnify, and hold City of Santa Ana, its City Council, officers, officials, employees, agents and representatives harmless from and against direct damages, finally awarded by a court of competent jurisdiction arising from any third -party claim, demand, action, or proceeding ("Claim") for personal injury or death to the extent directly caused by SOCRadar's gross negligence or willful misconduct while performing its duties under this Terms of Service Agreement, except to the extent the claim arises from City of Santa Ana's acts or omissions. SOCRadar Cyber Intelligence Inc. www.SOCRadar.io Docusign Envelope ID: 4D6CF659-66B6-419F-BAAB-FF51FADFF578 CUSTOMER SAAS SUBSCRIPTION AGREEMENT Q CRadar- S 9.2 Intellectual Property Infringement. SOCRadar will indemnify and defend Customer against any third -party claim alleging that a SOCRadar developed or manufactured Product or Service (the "Infringing Product") directly infringes a valid United States patent or copyright ("Infringement Claim"). 10. LIMITATION OF LIABILITY. 10.1. IN NO EVENT SHALL SOCRadar BE LIABLE TO YOU FOR ANY SPECIAL, INDIRECT, INCIDENTAL OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES OR COSTS DUE TO ANY DIRECT OR INDIRECT LOSS OF PROFITS, DATA, USE OR GOODWILL, PERSONAL OR PROPERTY DAMAGE RESULTING FROM OR IN CONNECTION WITH THIS TOS, THE SERVICE, OR THE USE OR INABILITY TO USE THE SERVICE, REGARDLESS OF THE CAUSE OF ACTION OR THE THEORY OF LIABILITY, WHETHER IN TORT (INCLUDING NEGLIGENCE), CONTRACT, OR OTHERWISE, EVEN IF SOCRadar HAS BEEN NOTIFIED OF THE LIKELIHOOD OF SUCH DAMAGES. 10.2. EXCEPT FOR LIABILITY RELATED TO PERSONAL INJURY, PROPERTY DAMAGE OR DEATH, THE MAXIMUM AGGREGATE LIABILITY OF SOCRadar ARISING OUT OF OR IN ANY WAY CONNECTED TO THIS TOS WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE BUT EXCLUDING WILLFUL MISCONDUCT) OR OTHERWISE, SHALL NOT EXCEED THE TOTALAMOUNT PAID TO SOCRadar UNDER THIS TOS AGREEMENT. 11. TERM AND TERMINATION. Term. This TOS shall commence on the date of first access of the Services for a term of one (1) year, unless expressly extended in writing by the Parties or terminated in accordance with the terms. Termination. Your access to the Service will automatically terminate when the TOS terminates or at any time as determined by SOCRadar in its sole discretion. Upon expiration or termination of this TOS, your access to the Service and license to the SOCRadar CTI Data shall be terminated. Notwithstanding the foregoing, any term or condition of this TOS which by its sense or nature should be deemed to survive such termination shall so survive. Suspension. SOCRadar may, with or without prior notice, suspend your access to the Services if SOCRadar reasonably concludes that you or users are using the Service in denial of service attacks or spamming; illegal activity; breach of the terms and conditions of this TOS; or actions causing immediate and material harm to SOCRadar or other third parties. You agree that SOCRadar will not be liable to you or any third party for any damages if SOCRadar exercises any of its rights as permitted by this Section 9. 12. CONFLICT OF INTEREST CLAUSE 1. SOCRadar or subrecipient must maintain reasonable written standards of conduct covering conflicts of interest and governing the actions of its employees engaged in the selection, award, and administration of contracts. No employee, officer, agent, or board member with a real or apparent conflict of interest may participate in the selection, award, or administration of a contract supported by the Federal award. A conflict of interest includes when the employee, officer, agent, or board member, any member of their immediate family, their partner, or an organization that employs or is about to employ any of the parties indicated herein, has a financial or other interest in or a tangible personal benefit from an entity considered for a contract. An employee, officer, agent, and board member of the recipient or subrecipient may neither SOCRadar Cyber Intelligence Inc. www.SOCRadar.io Docusign Envelope ID: 4D6CF659-66B6-419F-BARB-FF5IEADFF578 CUSTOMER SAAS SUBSCRIPTION AGREEMENT SOCRadarq' solicit nor accept gratuities, favors, or anything of monetary value from contractors. However, SOCRadar or subrecipient may set standards for situations where the financial interest is not substantial or a gift is an unsolicited item of nominal value. SOCRadar's or subrecipient's standards of conduct must also provide for disciplinary actions to be applied for violations by its employees, officers, agents, or board members. 2. If SOCRadar or subrecipient has a parent, affiliate, or subsidiary organization that is not a State, local government, or Indian Tribe, SOCRadar or subrecipient must also maintain written standards of conduct covering organizational conflicts of interest. Organizational conflicts of interest mean that because of relationships with a parent company, affiliate, or subsidiary organization, SOCRadar or subrecipient is unable or appears to be unable to be impartial in conducting a procurement action involving a related organization. 13. INSURANCE SOCRadar shall procure and maintain for the duration of the contract commercially reasonable insurance coverage appropriate for its business and the services provided hereunder, including technology errors and omissions insurance and cyber liability coverage. MINIMUM SCOPE AND LIMIT OF INSURANCE Coverage shall be at least as broad as: 1. Technology Professional Liability Errors and Omissions Insurance (E&O): appropriate to SOCRadar's profession and work hereunder, with limits not less than $2,000,000 per occurrence and $2,000,000 aggregate. Coverage shall be sufficiently broad to respond to the duties and obligations as is undertaken by SOCRadar in this agreement. 2. Workers' Compensation as required by the State of California, with statutory limits, and Employer's Liability insurance with limits of no less than $1,000,000 per accident, policy, employee, for bodily injury or disease. If SOCRadar maintains broader coverage and/or higher limits than the minimums shown above for any line of coverage, Customer requires and shall be entitled to the broader coverage and/or the higher limits maintained by SOCRadar. Any available insurance proceeds in excess of the specified minimum limits of insurance and coverage shall be available to Customer. 1. SOCRadar shall provide reasonable notice to Customer of any cancellation, suspension, or material change in required insurance coverage. Self -Insured Retentions SOCRadar shall disclose any self -insured retentions must to Customer upon reasonable request. Customer may require SOCRadar to provide proof of ability to pay losses and related investigations, claim administration, and defense expenses within the retention. Acceptability of Insurers Insurance is to be placed with insurers authorized to conduct business in the state of California with a current A.M. Best rating of no less than A-:VII, or with other insurers that maintain financially sound ratings and are reasonably acceptable to both parties. Claims Made Policies SOCRadar Cyber Intelligence Inc. www.SOCRadar.io Docusign Envelope ID: 4D6CF659-66B6-419F-BAAB-FF5IEADFF578 CUSTOMER SAAS SUBSCRIPTION AGREEMENT SOCRadar- If any of the required policies provide coverage on a claims -made basis: 1. The retroactive date must be shown and must be before the date of the contract. 2. Insurance must be maintained and evidence of insurance must be provided for at least one (1) year after completion of work. 3. If coverage is canceled or non -renewed, SOCRadar shall use commercially reasonable efforts to maintain "extended reporting" coverage for a minimum of three (3) years after completion of work. Verification of Coverage SOCRadar shall furnish Customer with original Certificates of Insurance including all required amendatory endorsements upon reasonable request. Failure to obtain the required documents prior to the work beginning shall not waive SOCRadar s obligation to provide them. Customer may, upon reasonable request, review complete, certified copies of all required insurance policies, including endorsements that directly relate to coverage under this Agreement. Subcontractors SOCRadar shall use commercially reasonable efforts to ensure that all subcontractors maintain insurance meeting the material the requirements stated herein. Special Risks or Circumstances Customer may propose reasonable modifications to these requirements, including limits, based on the nature of the risk, prior experience, insurer, coverage, or other special circumstances. Any such modifications shall be subject to SOCRadar's sole discretion. Failure to Maintain Insurance Coverage If SOCRadar, for any reason, fails to maintain insurance coverage, as expressly required under this Agreement, for the entire term of this contract, it may constitute a material breach, subject to SOCRadar's right to cure within a reasonable period. Customer, may provide written notice of such failure, and if not cured within the cure period, may have the option to terminate this Agreement and obtain damages if legally permissible and directly resulting from such failure. 14. CERTIFICATIONS The funds used to pay for this Agreement will be partly comprised of federal grant funds. SOCRadar agrees and understands that it will comply with the terms of the Certifications attached hereto as Exhibits B and C, incorporated by reference into this Agreement. SOCRadar shall keep itself informed of all City, State and Federal laws and regulations which may, in any manner, affect the performance of it services pursuant to this Agreement. Consultant shall at all times, observe and comply with all such laws and regulations. City and its officers and employees shall not be liable at law or in equity by reason of the failure of the Consultant to comply with this paragraph. SOCRadar Cyber Intelligence Inc. www.SOCRadar.io Docusign Envelope ID: 4D6CF659-66B6-419F-BAAB-FF51EADFF578 CUSTOMER SAAS SUBSCRIPTION AGREEMENT SO® CRadar 15. MISCELLANEOUS 15.1. If you are located in the United States: This TOS and any dispute or claim arising out of it or in connection with it or its subject matter or formation (including non -contractual disputes or claims) shall be governed by and construed in accordance with the law of the COMMONWEALTH OF VIRGINIA, without giving effect to any conflicts of laws principles that would require the application of the law of a different state. Each Party irrevocably agrees that the state and federal courts located in Virginia have exclusive jurisdiction to any dispute or claim arising out of or in connection with this TOS or its subject matter orformation (including non -contractual disputes or claims), and each Party expressly consents to the jurisdiction of such courts. If you are located outside the United States: This TOS and any dispute or claim arising out of it or in connection with it or its subject matter or formation (including non -contractual disputes or claims) shall be governed by and construed in accordance with the laws of Commonwealth of Virginia, US. Each Party irrevocably agrees that the courts of US have exclusive jurisdiction to any dispute or claim arising out of or in connection with this TOS or its subject matter or formation (including non - contractual disputes or claims). 15.2. Neither Party is an agent or partner of the other. 15.3. You shall always comply with all international and domestic laws, ordinances, regulations, and statutes that are applicable to your use of the Service and SOCRadar CTI Data hereunder 15.4. You agree not to export, re-export, or transfer, directly or indirectly, any U.S. technical data acquired from SOCRadar or any products utilizing such data, in violation of the United States export laws or regulations. 15.5. If any provision of this TOS is, for any reason, held to be invalid or unenforceable, the other provisions of this TOS will remain enforceable and the invalid or unenforceable provision will be deemed modified so that it is valid and enforceable to the maximum extent permitted by law. Any waiver or failure to enforce any provision of this TOS on one occasion will not be deemed a waiver of any other provision or of such provision on any other occasion. 15.6. Neither Party shall assign,subcontract,delegate, or otherwise transfer this TOS, or its rights and obligations herein, without obtaining the prior written consent of the other Party, and any attempted assignment, subcontract, delegation, or transfer in violation of the foregoing will be null and void; provided, however, that SOCRadar may assign this TOS in connection with a merger, acquisition, reorganization or sale of all or substantially all of its assets, or other operation of law, without your consent. This TOS shall be binding upon the Parties and their respective successors and permitted assigns. 15.7. Any delay in the performance of any duties or obligations of either Party will not be considered a breach of this TOS if such delay is caused by a labor dispute, shortage of materials, fire, earthquake, flood, or any other event beyond the control of such Party, provided that such Party uses reasonable efforts, under the circumstances, to notify the other Party of the cause of such delay and to resume performance as soon as possible. 15.8. No modification of or amendment to this TOS, or any waiver of any rights under this TOS, will be effective unless in writing and signed by an officer of SOCRadar. SOCRadar Cyber Intelligence Inc. www.SOCRadar.io Docusign Envelope ID: 4D6CF659-66B6-419F-BAAB-FF51EADFF578 CUSTOMER SAAS SUBSCRIPTION AGREEMENT SO Radar 15.9. Active Scanning. With the latest addition to the attack surface management module, the active scanning feature has been activated in addition to passive scanning for vulnerability detections. Your approval is required before the active scanning feature can be turned on for the company. If your company does not agree with the active scanning process for the company domain, please indicate that in the PO and platform request form. 15.10. By signing this contract, you approve the usage of your logo(s) representing your brand(s) in SOCRadar's publicweb platforms with the aim of promoting SOCRadar's benefits to its customers, as long as the contract applies. [Signatures on following page] IN WITNESS WHEREOF, the parties hereto have caused this Agreement to be executed by their duly authorized representatives as of the Effective Date. SOCRadar CYBER INTELLIGENCE INC. Signature: Signed by: , 6— (Awamsiov. Name: John wi iamson Title: VP Sales Americas Date: 3/3/2025 ATTEST: SONIA R. CARVALHO City Attorney By: ja0dL-===' TAMARA BOGOSIAN Senior Assistant City Attorney CITY OF SANTA ANA RECOMMENDED FOR /,I,APPROVAL: �I Signature: V- 1 -e - Name: ROBERTRODRIGUEZ Title: Chief of Police Date: 3l`/1202S CITY OF SANTA ANA in /4l�--Alllli- U/"4� ALVARO NUNEZ City Manager SOCRadar Cyber Intelligence Inc. www.SOCRadar.io EXHIBIT A Quote & Order Form PREPARED FOR: Santa Ana Police Department 14th January, 2025 ISSUED BY SOCRADAR CYBER INTELLIGENCE INC. 254 Chapman Road, Suite 208, Newark, DE 19702 QUOTE CONTACT Eric Mullins Enterprise Account Executive Eric. Mullinsfc)socradar.io 443-667-1156 We empower you to know the unknowns. About SOCRadar Organizations across the globe are increasingly selecting SOCRadar as their early warning system against cyber-attacks. Combining Cyber Threat Intelligence, Attack Surface Management, Brand Protection, Supply Chain Intelligence, and Dark Web Monitoring, we provide you a hacker's perspective of your organization, and accurate alarms of your vulnerabilities and exploitable assets on the surface, deep, and dark web. With SOCRadar you can eliminate critical risks in the earliest stages of the cyber kill chain to protect your reputation, employees, customers, and overall business operations. SOCRadar is positioned for long-term success focused on Al innovation, global expansion, rich multifunctionality, and an intense commitment to helping clients be proactive against evolving cyber threat vectors. Trusted by Cybersecurity Leaders Over 590,000 ratings and reviews from real customers are rigorously vetted by Gartner for objective insight into vendors. SOCRadar is the highest -rated product in cyber threat intelligence, and we're proud of this validation from our customers who trust us to transform their digital risk perspective into a proactive, not just defensive strategy. What do our customers say about us? High Leader Performer 2024 2024 Gartner. Peer hisights- 4.8 ;t-*** ® M Highest User Best Meets Adoption Requirements SUMMER 2024 2024 oP`i0609 cyber Thr� / rP rP/ QT� • O /A P7 PP d XTI pi z N ,P. Extended Threat 0 Intelligence AJ x°P3 m T ao s° Brand Protectioe SOCRadar Extended Threat Intelligence (XTI) is an innovation in proactive cybersecurity protection used by over 27,000 security experts in over 170 countries worldwide. Natively integrated digital intelligence and detection capabilities put your organization on a new proactive stance, by quickly alerting security teams about emergent threats to your Internet -facing digital assets, even those (known as "shadow IT") you may not be aware of. XTI continuously illuminates vectors utilized by threat actors to target and launch attacks in the earliest stages of the cyber kill chain. Integrated takedown and dark web data removal services enable you to swiftly neutralize threats with a mouse click - before they can exploited. XTI combines Cyber Threat Intelligence, Attack Surface Management, Digital Risk and Brand Protection, Dark Web Monitoring, and Supply Chain Intelligence — in one platform deployed in minutes. Modular architecture enables the deployment of individual modules for specific cybersecurity needs or budgets. Know the unknowns and get even more value from your existing cybersecurity technology stack and program. • SaaS-based with predictable, transparent and scalable pricing • Multi -Tenant: Architected for MSSPs • Modular: Products can be leveraged individually or in full • Al & Big Data -powered • Highly scalable: From SME to Global Enterprise • Integrated in-house Takedown Services and Black Market Data Acquisition • Built-in Sandbox for Malware Analysis • Plug -and -play platform • Supply Chain Intelligence on over 50 million companies • Easy -to -integrate via APIs: CTI, SIEM, SOAR, EDR and MDR tools & platforms Licensing Structure SOCRadar is a SaaS platform providing predictable, transparent, and scalable pricing for any business size and needs, including features such as take -down services and dark web data acquisition. Modular architecture enables Cyber Threat Intelligence, Digital Risk Protection, External Attack Surface Management, and Dark Web Monitoring to be provided in whole, blended or individual modules to ideally meet your cybersecurity use case. The following price quote has been designed based on our recent discussions. *See Appendix for platform features. Price Quote Date: 14th January 2025 Customer: Santa Ana Police Department Item SKU Description Payment Frequency Term Length List Price Primc Digital Risk Protection • Dark Web Monitoring • Surface Web Monitoring • Brand Monitoring (Impersonation, Phishing, Mobile App) • VIP Protection Included: 1 SCR -BP -EX a Up to 3 domains Up -Front 1 Year $35,000 $12,500 • Up to 50 IP Addresses • Up to 10 VIP Accounts • Up to 75 keywords • Up to 5 mobile apps • Up to 5 social media accounts • $500 Black Market Removal Credits Cyber Threat Intelligence • Threat Hunting • Malware Analysis • Supply Chain Intelligence • Threat Landscape Monitoring 2 SCR-CT-UX Up -Front 1 Year $64,400 $30,000 Included: • 50,000 annual threat hunting credits • 100 annual malware analysis credits • 10 Supply Chain Partners • Unlimited Threat Hunting Rules 3 SOC-PUT-2H SOCRadarO Platform User Training Up -Front 1 Year $1,500 $0.00 • 2 Hours, 2 Seats 4 SOC-AUA-SX Seat Licenses Up -Front 1 Year $16,000 $0.00 • 8 Additional seats Total •00 $42,500 OPTIONAL ADD-ONS d� Term Qty List Price 1 SCR-TI-ACX Threat Hunting Annual 1,000 $1,000 e Additional credits 2 SCR-TDKAAS-A Takedown As -a -Service Annual 5 $1,500 CX • Additional credits 3 SCR-BMCDR-AC Black Market Removal Annual 5 $500 X e Additional credits 5 SOC-AUA-SX Seat Licenses Annual 1 $2,000 Additional seats 6 SOC-INT API Integration One-time 1 $10,000 Per instance Terms & Conditions This quotation ("Agreement") indicates to the Santa Ana Police Department ("Customer") that SOCRadar will provide the above listed software, subscriptions or services (collectively, the "Products"), at the prices reflected herein, and subject to the Agreement executed by and between Customer and SOCRadar for such Products, or (ii) If the parties have not signed a full agreement for the relevant Products, this document and the software and Services provided by SOCRADAR and used by Customer hereby confirm and acknowledge that this offer is binding instead of the contract, as of the Terms and Conditions, and the Effective Date. Customer shall be responsible for sales or use taxes incurred as a result of purchase of applicable Products from SOCRadar unless Customer provides SOCRadar with a valid tax exemption certification authorized by the appropriate taxing authority. - VAT is not included, and all prices are in US Dollars. - Payment order is valid as wire -transfer. - Payment term: Net-30 payment terms. Invoicing details Legal Company Name: Santa Ana Police Department, Homeland Security Division Billing Address: 60 Civic Plaza, M-18, Santa Ana, CA 92702 Billing Email Address: IN WITNESS WHEREOF, this Purchase Order has been duly executed on behalf of each party as of the date of last signature below ("Effective Date.") Santa Ana Police Department SOCRadar Cyber Intelligence Inc. First & Last Name: ROBERT RODRIGUEZ First & Last Name: 7ohn Williamson Title: CHIEFOFPOLICE Title: vP sales Americas Date:03l04/2025 Date: 3/3/2025 —Signed by: Signature: L W ` Signature: I ". 11 M Appendix: Subscription Plans & Features Comparison We offer an innovative consolidated architecture with flexible plans to help you achieve maximum operational efficiency and unmatched ROL Digital Asset Discovery Digital Asset Monitoring Asset Exposure Risk Scoring Asset Activity Mapping Visual Attack Surface Mapping Attack Surface Management SSL Security Monitoring External Network Security Monitoring Website Security Check Passive Vulnerability Scanning Active Vulnerability Scanning *CISA Kev Check *Ransomware Check Dark Web Monitoring *Hacker Chatter Monitoring *IM Platform Monitoring *Credential Leak / Data Breach *Stealer Malware & Botnet Tracking Surface Web Monitoring Brand Protection / Digital *Cloud Storage Monitoring Risk Protection *Code & API Repo Monitoring *Malware Analysis Service Monitoring Phishing Monitoring Stolen Credit Card Tracking Rogue Mobile Application SOCRadar Cyber Intelligence Inc. I www.socradar.io I Sales Quote IP/Domain Blacklist Monitoring VIP Protection *VIP Data Breach *VIP Account Breach Social Media Risks *Twitter Content Detection *Impersonating Social Accounts Detection Threat Investigation Malware Analysis Threat Hunting Rules Access Breach Dataset Industry & Country based Threat Monitoring Ransomware Activity Monitoring Threat Actor & APT Monitoring Cyber Threat Intelligence Vulnerability Intelligence Vulnerability Risk Scoring Threat Feed / IOC IOC Scoring Supply Chain Intelligence *Vendor Tracking *Incident based Vendor Monitoring *Assessment Report Online Access to SOCRadar Academy Certified Cyber Threat Intelligence Training Black Market Credential Removal Professional Services Takedown as -a -service *Impersonating Domain *Impersonating Social Media Account *Rogue Mobile Apps *Fraud and Scam Pages *Code Repository Content 0 Threat Actor Engagement API & Integration: *Digital Footprint API *Threat Feed/IOC API & Integration *Threat Analysis API *Incident API *Vulnerability API *Takedown API Digital Assets Brand & Personal information: *Passport Number *Social Security Number *Emails Protection Coverage *VPN Accounts *Keywords BIN Numbers (Banks only) Swift Records (Banks only) VIP & Social Media Accounts Dark Web *Hacker Channels (Telegram, Discord,IRC,ICQ) *Forums *Paste Sites *TOR *Black market Surface Web *Molware Analysis Services *Code Repository Data Source Coverage *Cloud Buckets & Storage *Top News & Blogs Page Mobile App Stores *Rogue Mobile Apps Social Media *Twitter(suspicious content & impersonating) *Instogrom (impersonating) *Youtube (impersonating) *Facebook (impersonating) *TikTok (impersonating) Seat Licenses Email & Chat Support Management & Support Log Audit Single Sign -On (SSO) Role -based access 10 Docusign Envelope ID: 4D6CF659-66B6-419F-BAAB-FF5IEADFF578 Exhibit B — Federal Regulations a. Federal Regulations — Recipient must comply with the government cost principles, uniform administrative requirements and audit requirements for federal grant program housed within Title 2, Part 200 of the Code of Federal Regulations. b. Debarment and Suspension — As required by Executive Orders 12549 and 12689, and 2 CPR §200.214 and codified in 2 CFR Part 180, Recipient must provide protection against waste, fraud, and abuse by debarring or suspending those persons deemed irresponsible in their dealings with the Federal government. C. Audit Records — With respect to all matters covered by this agreement all records shall be made available for audit and inspection by CITY, the grant agency and/or their duly authorized representatives for a period of three (3) years from the date of submission of the final expenditure report by the City of Santa Ana. For a period of three years after final delivery hereunder or until all claims related to this Agreement are finally settled, whichever is later, Recipient shall preserve and maintain all documents, papers and records relevant to the services provided in accordance with this Agreement, including the Attachments hereto. For the same time period, Recipient shall male said documents, papers and records available to City and the agency from which City received grant funds or their duly authorized representative(s), for examination, copying, or mechanical reproduction on or off the premises of Recipient, upon request during usual working hours. d. Reports — Recipient shall provide to City all records and information requested by City for inclusion in quarterly reports and such other reports or records as City may be required to provide to the agency from which City received grant funds or other persons or agencies. C. Section 504 of the Rehabilitation Act of 1973 (Handicapped — All recipients of federal funds must comply with Section 504 of the Rehabilitation Act of 1973 (The Act). Therefore, the federal funds recipient pursuant to the requirements of The Act hereby gives assurance that no otherwise qualified handicapped person shall, solely by reason of handicap be excluded from the participation in, be denied the benefits of or be subject to discrimination, including discrimination in employment, in any program or activity that receives or benefits from federal financial assistance. The Recipient agrees it will ensure that requirements of The Act shall be included in the agreements with and be binding on all of its contractors, subcontractors, assignees or successors. f. Americans with Disabilities Act of 1990 — (ADA) Recipient must comply with all requirements of the Americans with Disabilities Act of 1990 (ADA), as applicable. g. Political Activity — None of the funds, materials, property, or services provided directly or indirectly under this agreement shall be used for any partisan political activity, or to further the election or defeat of any candidate for public office, or otherwise in violation of the provisions of the "Hatch Act". h. No Lobbying — Recipient will comply with all applicable lobbying prohibitions and laws, including those found in the Byrd Anti -Lobbying Amendment (31 U.S.C. 1352, et seq.), and agrees that none of the funds provided under this award may be expended by the Recipient to pay any person to influence, or attempt to influence an officer or employee of any agency, a Member of Congress, an officer or employee of Congress, or an employee of a Member of Congress in connection with any federal action concerning the award or renewal of any federal contract, grant, loan, or cooperative agreement. i. Non -Discrimination and Equal Opportunity —Recipient will comply, and all its contractors (or subrecipients) will comply, with Title VI of the Civil Rights Act of 1964, as amended; Section 504 of Docusign Envelope ID: 4D6CF659-66B6-419F-BAAB-FF51EADFF578 the Rehabilitation Act of 1964, as amended; Subtitle A, Title H of the Americans with Disabilities Act (ADA) (1990); Title IX of the Education Amendments of 1972; the Age Discrimination Act of 1975, as amended; Drug Abuse Office and Treatment Act of 1972, as amended; Comprehensive Alcohol Abuse and Alcoholism Prevention, Treatment and Rehabilitation Act of 1970, as amended; Section 523 and 527 of the Public Health Service Act of 1912, as amended; Title VIII of the Civil Rights Act of 1968, as amended; Department of Justice Non -Discrimination Regulations, 28 CFR Part 42, Subparts C, D, E, and G; and Department of Justice regulations on disability discrimination, 28 CFR Part 35 and 39. In the event a Federal or State court, Federal or State administrative agency, or the Recipient makes a finding of discrimination after a due process hearing on the grounds of race, color, religion, national origin, sex, or disability against a recipient of funds, the Recipient will forward a copy of the findings to CITY which will, in turn, submit the findings to the Office of Civil Rights, Office of Justice Programs, U.S. Department of Justice. If applicable, recipient will comply with the equal opportunity clause in 41 C.F.R. 60-1.4(b) in accordance with Executive Order 11246 as amended by Executive Order No. 11375. i. Equal Employment Op ortunity — Recipient will comply, and all its contractors (or subrecipients) will comply, with all requirements of the Executive Order 11246 of September 24, 1965, entitled `Equal Employment Opportunity," as amended by Executive Order 11375 of October 13, 1967, and as supplemented in Department of Labor regulations (41 CFR chapter 60), as applicable. k. Public Contracts Code — Recipient will comply, and all its contractors (or subrecipients) will comply, with all requirements of the California Public Contract Code Section 10295.3, as applicable. 1. Copeland "Anti -Kickback" Act — Recipient will comply, and all its contractors (or subrecipients) will comply, with all requirements of the Copeland "Anti -Kickback" Act (40 U.S.C. 3145) as supplemented in Department of Labor regulations (29 CFR Part 3), as applicable. in. Davis -Bacon Act — Recipient will comply, and all its contractors (or subrecipients) will comply, with all requirements of the Davis -Bacon Act (40 U.S.C. 3141-3144 and 3146-3148) as supplemented by Department of Labor regulations (29 CPR Part 5), as applicable. n. Work Hours and Safety — Recipient will comply, and all its contractors (or subrecipients) will comply, with all requirements of Sections 103 and 107 of the Contract Work Hours and Safety Standards Act (40 U.S.C. 3702 and 3704) as supplemented by Department of Labor regulations (29 CFR Part 5), as applicable. o. Clean Air Act — (1) The contractor agrees to comply with all applicable standards, orders or regulations issued pursuant to the Clean Air Act, as amended, 42 U.S.C. § 7401 et seq. (2) The contractor agrees to report each violation to CITY and understands and agrees that the CITY will, in turn, report each violation as required to assure notification to the Federal Emergency Management Agency, and the appropriate Environmental Protection Agency Regional Office. (3) The contractor agrees to include these requirements in each subcontract exceeding $150,000 financed in whole or in part with Federal assistance provided by FEMA. Docusign Envelope ID: 4D6CF659-66B6-419F-BAAB-FF51EADFF578 P. Energy and Conservation — Recipient will comply, and all its contractors (or subrecipients) will comply, with all requirements of the Energy Policy and Conservation Act (42 U.S.C. 6201), as applicable. q. Waste Disposal — Recipient will comply, and all its contractors (or subrecipients) will comply, with all requirements of Section 6002 of the Solid Waste Disposal Act, as amended by the Resource Conservation and Recovery Act, as applicable. r. Patent Rights — Recipient agrees that the Department of Homeland Security shall have the authority to seek patent rights for any process, product, invention or discovery developed and paid for with funding through this Agreement based on the requirements of 37 CFR§ 401 and any other implementing regulations, as applicable. s. Copyright — Recipient may copyright any books, publications or other copyrightable materials developed in the course of or under this Agreement. However, the federal awarding agency, State Administrative Agency (SAA) and City reserve a royalty -free, non-exclusive, and irrevocable license to reproduce, publish or otherwise use, and to authorize others to use, for federal government, SAA and/or City purpose: (1) the copyright in any work developed through this Agreement; and (2) any rights of copyright to which the subcontractor purchases ownership with support through this grant. The Federal government's, SAA's and City's rights identified above must be conveyed to the publisher and the language of the publisher's release form must ensure the preservation of these rights. t. Equal Employment in Construction Contracts — Pursuant to Equal Employment Opportunity requirements of 41 C.P.R. 60-1.4(b) in accordance with Executive Order 11246 as amended by Executive Order No. 11375, as to any construction contract thereunder, if applicable, during the performance of this contract, the contractor agrees as follows: (1) The contractor will not discriminate against any employee or applicant for employment because of race, color, religion, sex, sexual orientation, gender identity, or national origin. The contractor will take affirmative action to ensure that applicants are employed, and that employees are treated during employment without regard to their race, color, religion, sex, sexual orientation, gender identity, or national origin. Such action shall include, but not be limited to the following: Employment, upgrading, demotion, or transfer; recruitment or recruitment advertising; layoff or termination; rates of pay or other forms of compensation; and selection for training, including apprenticeship. The contractor agrees to post in conspicuous places, available to employees and applicants for employment, notices to be provided setting forth the provisions of this nondiscrimination clause. (2) The contractor will, in all solicitations or advertisements for employees placed by or on behalf of the contractor, state that all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, or national origin. Docusign Envelope ID: 4D6CF659-66B6-419F-BAAB-FF5IEADFF578 (3) The contractor will not discharge or in any other manner discriminate against any employee or applicant for employment because such employee or applicant has inquired about, discussed, or disclosed the compensation of the employee or applicant or another employee or applicant. This provision shall not apply to instances in which an employee who has access to the compensation information of other employees or applicants as a part of such employee's essential job functions discloses the compensation of such other employees or applicants to individuals who do not otherwise have access to such information, unless such disclosure is in response to a formal complaint or charge, in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or is consistent with the contractor's legal duty to furnish information. (4) The contractor will send to each labor union or representative of workers with which he has a collective bargaining agreement or other contract or understanding, a notice to be provided advising the said labor union or workers' representatives of the contractor's commitments under this section, and shall post copies of the notice in conspicuous places available to employees and applicants for employment. (5) The contractor will comply with all provisions of Executive Order 11246 of September 24, 1965, and of the rules, regulations, and relevant orders of the Secretary of Labor. (6) The contractor will furnish all information and reports required by Executive Order 11246 of September 24, 1965, and by rules, regulations, and orders of the Secretary of Labor, or pursuant thereto, and will permit access to his books, records, and accounts by the administering agency and the Secretary of Labor for purposes of investigation to ascertain compliance with such rules, regulations, and orders. (7) In the event of the contractor's noncompliance with the nondiscrimination clauses of this contract or with any of the said rules, regulations, or orders, this contract may be canceled, terminated, or suspended in whole or in part and the contractor may be declared ineligible for further Government contracts or federally assisted construction contracts in accordance with procedures authorized in Executive Order 11246 of September 24, 1965, and such other sanctions may be imposed and remedies invoked as provided in Executive Order 11246 of September 24, 1965, or by rule, regulation, or order of the Secretary of Labor, or as otherwise provided by law. (8) The contractor will include the portion of the sentence immediately preceding paragraph (1) and the provisions of paragraphs (1) through (8) in every subcontract or purchase order unless exempted by rules, regulations, or orders of the Secretary of Labor issued pursuant to section 204 of Executive Order 11246 of September 24, 1965, so that such provisions will be binding upon each subcontractor or vendor. The contractor will take such action with respect to any subcontract or purchase order as the administering agency may direct as a means of enforcing such provisions, including sanctions for noncompliance. U. Prohibition on Certain Telecommunications and Video Surveillance Services or Equipment — Recipient will comply, and all its contractors (or subrecipients) will comply, with all requirements under Uniform Guidance 2 CPR §200.216. Recipient will comply with FEMA Policy 405- 143-1, Prohibitions on Expending FEMA Award Funds on Covered Telecommunications Equipment or Services (Interim), which prohibits grant recipients and subrecipients from obligating or expending loan or grant funds to procure or obtain, extend or renew a contract to procure or obtain, or to enter into a contract (or extend or renew a contract) to procure or obtain equipment, services, or systems that uses Docusign Envelope ID: 4D6CF659-66B6-419F-BAAB-FF51EADFF578 covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system. As described in Public Law 115-232, section 889, covered telecommunications equipment: (1) Telecommunications equipment produced by Huawei Technologies Company or ZTE Corporation (or any subsidiary or affiliate of such entities). (2) For the purpose of public safety, security of government facilities, physical security surveillance of critical infrastructure, and other national security purposes, video surveillance and telecommunications equipment produced by Hytera Communications Corporation, Hangzhou Hilcvision Digital Technology Company, or Dahua Technology Company (or any subsidiary or affiliate of such entities). (3) Telecommunications or video surveillance services produced by such entities or using such equipment. (4) Telecommunications or video surveillance equipment or services produced or provided by an entity that the Secretary of Defense, in consultation with the Director of the National Intelligence or the Director of the Federal Bureau of Investigation, reasonably believes to be an entity owned or controlled by, or otherwise connected to, the government of a covered foreign country. V. Domestic Preferences for Procurements/Subcontracts — Recipient will comply, and all its contractors (or subrecipients) will comply, with all requirements under Uniform Guidance 2 CFR §200.322. Recipient shall comply with the federal and recipient standards in the award of any subcontracts. For purposes of this Agreement, subcontracts shall include but not be limited to purchase agreements, rental or lease agreements, third party agreements, consultant service contracts and construction subcontracts. Recipient shall ensure that the terms of this Agreement with the CITY are incorporated into all Subcontractor Agreements. The recipient shall submit all Subcontractor Agreements to the CITY for review prior to the release of any funds to the subcontractor. The recipient shall withhold funds to any subcontractor agency that fails to comply with the terms and conditions of this Agreement and their respective Subcontractor Agreement. (1) Recovered Materials Recipient shall make maximum use of products containing recovered materials that are EPA - designated items unless the product cannot be acquired competitively within a timeframe providing for compliance with the contract performance schedule; Meeting contract performance requirements; or at a reasonable price. Information about this requirement, along with the list of EPA -designated items, is available at EPA's Comprehensive Procurement Guidelines webpage: https://www.epa.gov/smm/comprehensive- procurement-guideline-cpg-pro gram. The Contractor also agrees to comply with all other applicable requirements of Section 6002 of the Solid Waste Disposal Act. Docusign Envelope ID: 4D6CF659-66B6-419F-BAAB-FF51 EADFF578 (2) Domestic Preference for Procurements Recipient should, to the greatest extent practicable, provide a preference for the purchase, acquisition, or use of goods, products, or materials produced in the United States. This includes, but is not limited to iron, aluminum, steel, cement, and other manufactured products. For purposes of this clause: Produced in the United States means, for iron and steel products, that all manufacturing processes, from the initial melting stage through the application of coatings, occurred in the United States Manufactured products mean items and construction materials composed in whole or in part of non-ferrous metals such as aluminum; plastics and polymer -based products such as polyvinyl chloride pipe; aggregates such as concrete; glass, including optical fiber; and lumber. W. Termination for Cause and Convenience — Should recipient fail for any reason to comply with the contractual obligations of this agreement within the time specified by this Agreement, the CITY reserves the right to terminate the Agreement, reserving all rights under state and federal law. X. Contractual/Leeal Remedies for Breach of Contract — Should recipient fail for any reason to comply with the contractual obligations of this Agreement and/or willfully, knowingly or negligently breach any term, condition or requirement of the agreement, City may impose sanctions including but not limited to damages (liquidated damages and or penalties) and /or any other remedy available pursuant to the Agreement of the laws then in effect. Docusign Envelope ID: B538B131-83DD-47C4-978F-371468D89BA4 EXHIBIT C NON -LOBBYING CERTIFICATION SOCRadar certifies, by signing this certificate, to the best of his or her knowledge and belief, that: (1) No Federal appropriated funds have been paid or will be paid, by or on behalf of the undersigned, to any person for influencing or attempting to influence an officer or employee of any Federal agency, a Member of Congress, an officer or employee of Congress, or an employee of a Member of Congress in connection with the awarding of any Federal contract, the making of any Federal grant, the making of any Federal loan, the entering into of any cooperative agreement, and the extension, continuation, renewal, amendment, or modification of any Federal contract, grant, loan, or cooperative agreement. (2) If any funds other than Federal appropriated funds have been paid or will be paid to any person for influencing or attempting to influence an officer or employee of any Federal agency, a Member of Congress, an officer or employee of Congress, or an employee of a Member of Congress in connection with this Federal contract, grant, loan, or cooperative agreement, the undersigned shall complete and submit Standard Form-LLL, "Disclosure of Lobbying Activities," in conformance with its instructions. This certification is a material representation of fact upon which reliance was placed when this transaction was made or entered into. Submission of this certification is a prerequisite for making or entering into this transaction imposed by Section 1352, Title 31, U.S. Code. Any person who fails to file the required certification shall be subject to a civil penalty of not less than $10,000 and not more than $100,000 for each such failure. SOCRadar also agrees to require that the language of this certification be included in all lower tier subcontracts, which exceed $100,000 and that all such subrecipients shall certify and disclose accordingly, siign"e by: Signed: �buln �i�iawShcn CPaCFA3EEZ..SIIT ... Title: VP sales Americas Firm: SOCRADAR CYBER INTELLIGENCE INC. Date: 3/3/2025 Last updated by Lric Mulfins on Jan 14. 2025 at 1136 AM II SAKISOW SOCRADAR CYBER INTELLIGENCE INC. SOCRADAR CYBER INTELLIGENCE INC. Unique Entity ID CAGE / NCAGE Purpose of Registration ENXZK2UJ98A3 (blank) Federal Assistance Awards Only Registration Status Expiration Date Active Registration Jan 14, 2026 Physical Address Mailing Address 2035 Sunset Lake RD 254 Chapman Road Newark, Delaware 19702-2600 Suite 208 United States Newark, Delaware 19702 United States Doing Business as Division Name Division Number (blank) (blank) (blank) Congressional District State / Country of Incorporation URL Delaware 00 Delaware / United States (blank) Registration Dates Activation Date Submission Date Initial Registration Date Jan 16, 2025 Jan 14, 2025 Jan 13, 2025 Entity Dates Entity Start Date Fiscal Year End Close Date Jul 12, 2019 Mar 31 Immediate Owner CAGE Legal Business Name (blank) (blank) Highest Level Owner CAGE Legal Business Name (blank) (blank) Executive Compensation Registrants in the System for Award Management (SAM) respond to the Executive Compensation questions in accordance with Section 6202 of P.L. 110.252, amending the Federal Funding Accountability and Transparency Act (P.L. 109-282). This information is not displayed in SAM. It is sent to USAspending.gov for display in association with an eligible award. Maintaining an active registration in SAM demonstrates the registrant responded to the questions. Proceedings Questions Registrants in the System for Award Management (SAM.gov) respond to proceedings questions in accordance with FAR 52.209-7, FAR 52.209-9, or 2. C.F.R. 200 Appendix XII. Their responses are displayed in the responsibility/qualification section of SAM.gov. Maintaining an active registration in SAM.gov demonstrates the registrant responded to the proceedings questions. Active Exclusions Records? No I authorize my entity's non -sensitive information to be displayed in SAM public search results: Yes Business Types Entity Structure Entity Type Organization Factors Corporate Entity (Not Tax Exempt) Business or Organization (blank) Profit Structure For Profit Organization Mar J2. 2025 04:13:15 PMGMT hnpc/1.vam.yov/entitylEN=1098A3/roieData?states= ull Page I aft Last updated by Erlc MulIIns on Jan 14, 2025 at 11; 36 AM SOCRADAR CYBER INTELLIGENCE INC. Socio-Economic Types Check the registrant's Reps & Carts, if present, under FAR 52.2123 or FAR 52.219.1 to determine if the entity is an SBA -certified HUBZone small business concern. Additional small business information may be found In the SBA's Dynamic Small Business Search If the entity completed the SBA supplemental pages during registration. Accepts Credit Card Payments Debt Subject To Offset Yes No EFT Indicator CAGE Code 0000 (blank) Electronic Business R 254 Chapman Road John Williamson, VP Sales, America Suite 208 Newark, Delaware 19702 United States Government Business 9. 254 Chapman Road John Williamson, VP Sales, America Suite 208 Newark, Delaware 19702 United States NAICS Codes Primary NAICS Codes NAICS Title This entity does not appear in the disaster response registry. Men IZ 2025 04:13:15 PM GMT hh,.-Ilnsaw.gov/en0ty/ENXZK1UJ98A3/cweOnta?slaters=null Page 2 o12 ./� SOCRCYB-01 PDIMAR DATE 1 3/110/2012025 ACORO' CERTIFICATE OF LIABILITY INSURANCE THIS CERTIFICATE IS ISSUED AS A MATTER OF INFORMATION ONLY AND CONFERS NO RIGHTS UPON THE CERTIFICATE HOLDER. THIS CERTIFICATE DOES NOT AFFIRMATIVELY OR NEGATIVELY AMEND, EXTEND OR ALTER THE COVERAGE AFFORDED BY THE POLICIES BELOW. THIS CERTIFICATE OF INSURANCE DOES NOT CONSTITUTE A CONTRACT BETWEEN THE ISSUING INSURER(S), AUTHORIZED REPRESENTATIVE OR PRODUCER, AND THE CERTIFICATE HOLDER. IMPORTANT: If the certificate holder is an ADDITIONAL INSURED, the policy(ies) must have ADDITIONAL INSURED provisions or be endorsed. If SUBROGATION IS WAIVED, subject to the terms and conditions of the policy, certain policies may require an endorsement. A statement on this certificate does not confer rights to the certificate holder in lieu of such endorsemen s). PRODUCER CONTACT Wesfair Agency, Inc. PO Box 320 Chappaqua, NY 10514 PHONE FA% a/C, No, E:t : (914) 238-3734 AIc, Na :(914) 236-8402 Ebm,&[LEss. contact@wesfair.com INSURE S AFFORDING COVERAGE NAIC# INSURER A : The Hartford 29424 INSURED INSURER B:TrisuraSpecialty Insurance Company 16188 INSURER C : Socradar Cyber Intelligence Inc INSURER D : 254 Chapman Rd Ste 20 Newark, DE 19702 INSURER E: INSURER F : COVERAGES CERTIFICATE NUMBER: RFVISION NIIMRFR- THIS IS TO CERTIFY THAT THE POLICIES OF INSURANCE LISTED BELOW HAVE BEEN ISSUED TO THE INSURED NAMED ABOVE FOR THE POLICY PERIOD INDICATED. NOTWITHSTANDING ANY REQUIREMENT, TERM OR CONDITION OF ANY CONTRACTOR OTHER DOCUMENT WITH RESPECT TO WHICH THIS CERTIFICATE MAY BE ISSUED OR MAY PERTAIN, THE INSURANCE AFFORDED BY THE POLICIES DESCRIBED HEREIN IS SUBJECT TO ALL THE TERMS, EXCLUSIONS AND CONDITIONS OF SUCH POLICIES. LIMITS SHOWN MAY HAVE BEEN REDUCED BY PAID CLAIMS. INGR LTRTYPE OF INSURANCE ADOL 9UBR POLICY NUMBER POLICY EFF POLICY EXP LIMITS A X COMMERCIAL GENERAL LIABILITY CLAIMS -MADE ❑X OCCUR X X 16SBMBM8WHU 12116/2024 1211612025 EACH OCCURRENCE $ 1,000,000 DAMAGETOREMrED PREMI 1000000 10,000 MED EXP LA.V onePerson) PERSONAL&ADV INJURY 11000,000 GEN'L X AGGREGATE LIMIT APPLIES PER: POLICY ❑ jECT LOC GENERAL AGGREGATE 11 21000,000 PRODUCTS-COMP/OP AGG 2,0001000 OTHER: A AUTOMOBILE LIABILITY COMBINED SINGLE LIMIT $ q,ggg ggg BODILY INJURY Per person)$ ANY AUTO 16SBMBM8WHU 1211612024 1211612025 OWNED SCHEDULED AUTOS ONLY AUTOS BODILY INJURY Per accident $ X AMAGE ParracoRJYhy $ AUTOS ONLY X NON -OWNED ONLY A X UMBRELLA LIAR OCCUR EACH OCCURRENCE $ 4,000,000 AGGREGATE 41000,000 EXCESS LIAR CLAIMS -MADE X X 16SBMBMBWHU 1211612024 12/16/2025 DEC X RETENTIONS 10,000 WORKERS COMPENSATION AND EMPLOYERS'LIABILITY YIN ANY FFICERIMEI BER EXCLUO OXECUTIVE ❑ PANandatory In NH) NIA PER OR E.L.EACH ACCIDENT' ELDISEASE EA EMPLOYE If Yes, describe under DESCRIPTION OF OPERATIONS below E.L DISEASE- POLICY LIMIT B Errors & Omissions X AT5662582001 11/4/2024 1114/2025 ea. claimlaggreg 3,000,000 DESCRIPTION OF OPERATIONS I LOCATIONS I VEHICLES (ACORD 101, Additional Remarks Schedule, may be attached If more space is required) City of Santa Ana, its City Council, its officers, officials, employees, agents, and volunteers are to be added as additional insureds under General Liability, Umbrella Liability and Company's E&O/Cyber Liability policy, with respect to any liability arising out of work or operations performed by or on behalf of the Company including materials, parts, equipment, and personnel furnished in connection with such work or operations as required by written contract. Waiver of subrogation in favor of City of Santa Ana, and its City Council, its officers, officials, employees, agents, and volunteers as respects of job performed by SOCRadar Cyber Intelligence, Inc. as required by written contract. A 30 day notice of cancellation is endorsed to the policy for the City of Santa Ana. ""'"�°"" APPROVED Project: #14-6809 / Arterial Street Slurry Seal Tu TranrvT=• Nguyen By Tu Tran Nguyen at 9:24 am, Mar 11, 2025 City of Santa Ana 20 Civic Center Plaza Administrative Sews Div. M-96 Attn: Jeff Hiltbrand Santa Ana, CA 92701 SHOULD ANY OF THE ABOVE DESCRIBED POLICIES BE CANCELLED BEFORE THE EXPIRATION DATE THEREOF, NOTICE WILL BE DELIVERED IN ACCORDANCE WITH THE POLICY PROVISIONS. AUTHOI/��RIZED REP�RESSEENTTAATIVE _W � -4, r ACORD 25 (2016103) ©1988-2015 ACORD CORPORATION. All rights reserved. The ACORD name and logo are registered marks of ACORD 21CQ A� �r CERTIFICATE OF LIABILITY INSURANCE DATE(MMIDDIYYYY) 03/05/2025 THIS CERTIFICATE IS ISSUED AS A MATTER OF INFORMATION ONLY AND CONFERS NO RIGHTS UPON THE CERTIFICATE HOLDER. THIS CERTIFICATE DOES NOT AFFIRMATIVELY OR NEGATIVELY AMEND, EXTEND OR ALTER THE COVERAGE AFFORDED BY THE POLICIES BELOW. THIS CERTIFICATE OF INSURANCE DOES NOT CONSTITUTE A CONTRACT BETWEEN THE ISSUING INSURER(S), AUTHORIZED REPRESENTATIVE OR PRODUCER, AND THE CERTIFICATE HOLDER. IMPORTANT: If the certificate holder is an ADDITIONAL INSURED, the policy(ies) must have ADDITIONAL INSURED provisions or be endorsed. If SUBROGATION IS WAIVED, subject to the terms and conditions of the policy, certain policies may require an endorsement. A statement on this certificate does not confer rights to the certificate holder in lieu of such endorsements . PRODUCER AON RISK SERVICES SOUTH INC 3550 LENDX ROAD NORTHEAST SUITE 1700 ATLANTA GA 30326 CONTACT NAME: Aon Risk Services, Inc of Florida PHONE No Ext: 833-506.1544 A/CtAX, No: EMAIL ADDRESS: WOTK.COm trinet.com INSURER(S) AFFORDING COVERAGE NAIC# INSURER A: ACE American Insurance Company 22667 INSURED TriNet Group, Inc. UCIF SOCRadar Cyber Intelligence, Inc. INSURERS INSURER C : 1 Park Place, Suite 600 Dublin, CA 94568-7983 INSURER D : INSURER E WSURER F COVERAGES CERTIFICATE NUMBER: 15848338 REVISION NUMBER: THIS IS TO CERTIFY THAT THE POLICIES OF INSURANCE LISTED BELOW HAVE BEEN ISSUED TO THE INSURED NAMED ABOVE FOR THE POLICY PERIOD INDICATED. NOTWITHSTANDING ANY REQUIREMENT, TERM OR CONDITION OF ANY CONTRACT OR OTHER DOCUMENT WITH RESPECT TO WHICH THIS CERTIFICATE MAY BE ISSUED OR MAY PERTAIN, THE INSURANCE AFFORDED BY THE POLICIES DESCRIBED HEREIN IS SUBJECT TO ALL THE TERMS, EXCLUSIONS AND CONDITIONS OF SUCH POLICIES. LIMITS SHOWN MAY HAVE BEEN REDUCED BY PAID CLAIMS. INSR LTR TYPE OF INSURANCE ADDL INSR BUBR Me POLICY NUMBER POLICY EFF MMMD POLICY EXP MM(DDIYYYY LIMITS COMMERCIAL GENERAL LIABILITY CLOCCUR EACH OCCURRENCE $ 'AGE DTED CAM PREMAGE TO RENISES EaecMxxu $ MED FXP An one arson $ PERSONAL &ADV INJURY $ GEN'L AGGREGATE LIMIT APPLIES PER: POLICY PROJECT LOG GENERALAGGREGATE $ PRODUCTS -COMP/OPAGG $ $ OTHER AUTOMOBILE LIABILITY COMBINED SINGLE LIMII Ea accident $ ANY AUTO BODILY INJURY Perperson) $ OWNED SCHEDULED AUTOS ONLY AUTOS BODILY INJURY Per accident $ HIRED NON -OWNED PROPERTY DAMAGE AUTOS ONLY AUTOS ONLY Per accident $ UMBRELLALIAB OCCUR EACH OCCURRENCE $ AGGREGATE $ EXCESS LIAB CLAIMS -MADE DEC I I RETENTION$ WORKERS COMPENSATION ANOEMPLOYERS'LIABILITY YIN PER OTH- X STATUTE ER E.L. EACH ACCIDENT $ 2,000,000 A ANY PROPRIETOR,PARTNEWEXECUTIVE OFFICERIMEMBER EXCLUDED? NIA X WLR C57824748 - 07/01/2024 07/01/2025 E.L. DISEASE - EA EMPLOYEE $ 2,000,000 (Mandatory In NH) Ir math ribeunder E.L. DISEASE -POLICY LIMIT $ 2,000,000 DESCRIPTION OF OPERATIONS below DESCRIPTION OF OPERATIONS / LOCATIONS / VEHICLES (ACORD 101, Additional Remarks Schedule, may be attached K more space is required) Workers Compensation coverage is limited to worksile employees of SOCRadar Cyber Intelligence, Inc. through a co -employment agreement with TriNet HR III, Inc.. Waiver of subrogation in favor of City of Santa Ana, and its City Council, its officers, officials, employees, agents, and volunteers as respects of job performed by SOCRadar Cyber Intelligence, Inc. as required by written contract. A 30 day notice of cancellation is endorsed to the policy for the City of Santa Ana. Project: #14-6809 / Arterial Street Slurry Seal APPROVED By Tu Tran Nguyen at 9:24 am, Mar 11, 2025 CERTIFICATE HOLDER CANCELLATION City of Santa Ana SHOULD ANY OF THE ABOVE DESCRIBED POLICIES BE CANCELLED BEFORE 20 Civic Center Plaza THE EXPIRATION DATE THEREOF, NOTICE WILL BE DELIVERED IN Ross Annex (N-22) ACCORDANCE WITH THE POLICY PROVISIONS. Santa Ana, CA 92701 AUTHORIZED REPRESENTATIVE ooa d46A i6etwee6 cloutA One ©1988-2015 ACORD CORPORATION. All rights reserved. ACORD 25 (2016/03) The ACORD name and logo are registered marks of ACORD Workers' Compensation and Employers' Liability Policy Named Insured TriNet Group, Inc. UC/P SOCRadar Cyber Intelligence, Inc. Endorsement Number 1 Park Place, Suite 600 Dublin, CA 94568-7983 Policy Number Symbol: WLR Number: CS7824748 Policy Period Effective Date of Endorsement 07/01/2024 TO 07/01/2025 03/31/2025 Issued By (Name of Insurance Company) ACE American Insurance Company Insert the policy number. The remainder of the information is to be completed only when this endorsement is issued subsequent to the preparation of the policy. This endorsement changes the policy to which It is attached and is effective on the date issued unless otherwise stated. CALIFORNIA WAIVER OF OUR RIGHT TO RECOVER FROM OTHERS ENDORSEMENT This endorsement applies only to the insurance provided by the policy because California is shown in item 3.A. of the Information Page. We have the right to recover our payments from anyone liable for an injury covered by this policy. We will not enforce our right against the person or organization named in the Schedule, but this waiver applies only with respect to bodily injury arising out of the operations described in the Schedule, where you are required by a written contract to obtain this waiver from us. You must maintain payroll records accurately segregating the remuneration of your employees while engaged in the work described in the Schedule. Schedule 1. (X) Specific Waiver Name of person or organization: City of Santa Ana, and its City Council, its officers, officials, employees, agents, and volunteers 20 Civic Center Plaza Ross Annex (N-22) Santa Ana, CA 92701 () Blanket Waiver Any person or organization for whom the Named Insured has agreed by written contract to furnish this waiver. 2. Operations: Project: #14-68091 Arterial Street Slurry Seal 3. Premium: The premium charge for this endorsement shall be INCLUDED percent of the California premium developed on payroll in connection with work performed for the above person(s) or organization(s) arising out of the operations described. 4. Minimum Premium: INCLUDED WC 90 03 75 (05/18) Workers' Compensation and Employers' Liability Policy Named Insured TriNet Group, Inc. UC/F SOCRadar Cyber Intelligence, Inc. 1 Park Place, Suite 600 Endorsement Number Dublin, CA 94568-7983 Policy Number Symbol: WLR Number.C57824748 Policy Period Effective Date of Endorsement 07/01/2024TO 07/01/2025 03/31/2025 Issued By (Name of Insurance Company) ACE American Insurance Company Insert the policy number. The remainder of the information is to be completed only when this endorsement Is issued subsequent to the preparation of the policy. This endorsement changes the policy to Which it is attached and is effective on the date Issued unless otherwise stated. NOTICE TO OTHERS ENDORSEMENT - SPECIFIC PARTIES A. If we cancel this Policy prior to its expiration date by notice to you or the first Named insured for any reason other than nonpayment of premium, we will endeavor, as set out below, to send written notice of cancellation, via such electronic or other form of notification as we determine, to the persons or organizations listed in the schedule set out below (the "Schedule"). You or your representative must provide us with both the physical and e-mail address of such persons or organizations, and we will utilize such e-mail address or physical address that you or your representative provided to us on such Schedule. B. We will endeavor to send or deliver such notice to the e-mail address or physical address corresponding to each person or organization indicated in the Schedule at least 30 days prior to the cancellation date applicable to the Policy. C. The notice referenced in this endorsement is intended only to be a courtesy notification to the person(s) or organization(s) named in the Schedule in the event of a pending cancellation of coverage. We have no legal obligation of any kind to any such person(s) or organization(s). Our failure to provide advance notification of cancellation to the person(s) or organization(s) shown in the Schedule shall impose no obligation or liability of any kind upon us, our agents or representatives, will not extend any Policy cancellation date and will not negate any cancellation of the Policy. D. We are not responsible for verifying any information provided to us in any Schedule, nor are we responsible for any incorrect information that you or your representative provide to us. If you or your representative does not provide us with the information necessary to complete the Schedule, we have no responsibility for taking any action under this endorsement. In addition, if neither you nor your representative provides us with e-mail and physical address information with respect to a particular person or organization, then we shall have no responsibility for taking action with regard to such person or entity under this endorsement. E. We may arrange with your representative to send such notice in the event of any such cancellation. F. You will cooperate with us in providing, or in causing your representative to provide, the e-mail address and physical address of the persons or organizations listed in the Schedule. G. This endorsement does not apply in the event that you cancel the Policy. 6141:1 ;1711 m o Name of Certificate Holder E-Mail Address Physical Address City of Santa Arm 20 Civic Center Plaza Ross Annex (N-22) Santa Ana, CA 92701 All other terms and conditions of this Policy remain unchanged. This endorsement is not applicable in the states of AZ, FL, ID, ME, NC, NJ, NM, TX and WI. Authorized Representative WC990371 (01/11) Page oft at bay TRISURA VII. Conditions A. INSURED EXTENSIONS Third Party Coverage shall extend to apply as follows: 1. Spousal, Domestic Partner, Estates, and Legal Representatives a. In the event of an Insured Person's death, incapacity, or bankruptcy, any Claim made against such Insured Person's estate, heirs, executors, administrators, assigns, and legal representatives shall be considered to be a Claim made against such Insured Person, but only to the extent such Insured Person would otherwise be covered under this Policy; and b. In the event of a Claim made against an Insured Person's lawful spouse or domestic partner, such Claim shall be considered to be a Claim made against such Insured Person, but only for a Wrongful Act actually or allegedly committed by such Insured Person other than such spouse or domestic partner. 2. Additional Insureds a. If an Insured Organization is required by written contract to provide coverage for any person or entity under this Policy (hereinafter an "Additional Insured"), then such person or entity shall be considered an "Additional Insured" under this Policy, but only for liability arising out of Wrongful Acts actually or allegedly committed or attempted by or on behalf of an Insured Organization, and not for any liability arising solely out of any act, error, or omission by such "Additional Insured"; provided, however, that coverage afforded to an "Additional Insured" shall only extend to actual or alleged Wrongful Acts committed or attempted after such written contract was executed. B. SUBSIDIARIES 1. Coverage for Subsidiaries With respect to any Insured Organization which is a Subsidiary, coverage afforded under this Policy for such Subsidiary, and its Insured Persons, shall only apply to: a. Loss resulting from Cyber Events which occurred after the effective date that such entity became a Subsidiary and prior to the date that such entity ceased to be a Subsidiary; and b. Claims for Wrongful Acts which actually or allegedly occurred after the effective date that such entity became a Subsidiary and prior to the date that such entity ceased to be a Subsidiary. Any entity which ceases to be a Subsidiary during the Policy Period shall be afforded coverage through the expiration date of the current Policy Period but only with respect to Wrongful Acts and Cyber Events which occurred before the date it ceased to be a Subsidiary. AB-TEO-001.1 0412022 Page 32 of 39 at bay HSB. K. SUBROGATION 1. In the event of any payment by us of Loss, Damages, or Claim Expenses or other amounts under this Policy, we are subrogated to the Insured's rights of recovery against any person or organization, and the Insureds shall execute and deliver instruments, papers, and whatever else is necessary to secure such rights and enable us to effectively bring suit or otherwise pursue subrogation rights in the name of the Insureds under this Policy. 2. However, we shall not subrogate as described in paragraph VII.K.1. above: a. against any Insured Person, unless such Insured Person was in violation of paragraph VI. A.1.; or b. if an Insured agreed in writing to waive such Insured's right of recovery or subrogation against any person or entity prior to the Cyber Event or Wrongful Act which gave rise to the Claim or Loss connected with such subrogation. L. RECOVERIES All recoveries from third parties for payments of Loss, Damages, or Claim Expenses shall be applied in the following order of priority after first deducting the costs and expenses incurred in obtaining such recovery: 1. to us, to reimburse us for any Retention we paid on an Insured's behalf and for any Damages, Loss, or Claims Expenses we paid under this Policy; and 2. to the Insured, to reimburse the Insured for any Retention such Insured paid and for any other amounts not covered under this Policy. Provided, that such recoveries shall not include any recovery from insurance, reinsurance, security, or indemnity taken for our benefit, or any portion of a Retention we waived. M. AUTHORIZATION The Named Insured has the authority to act on behalf of all Insureds and is responsible for the payment of premiums and receiving of notices of cancellation, nonrenewal, or any change to coverage provided under this Policy. All Insureds agree to this authority and have delegated, individually and collectively, all such authority exclusively to the Named Insured. Provided, however, that nothing within this condition, VII.M. Authorization, shall relieve any Insured from giving any notice to us that is required under this Policy. 1,1111WIFE9RPIMAIWO" This Policy, including any rights or duties herein, may not be transferred or assigned to another party unless we have provided our prior written consent to such transfer or assignment. O. ACTION AGAINST US No action shall lie against us unless, as a condition precedent thereto, the Insured has been in full compliance with all terms of this Policy. No person or entity shall have any rights under this Policy to join us as a party to any action against any Insured to determine such Insured's liability, nor shall we be impleaded by such Insured or the legal representatives of such Insured. AB-TEO-001.1 04/2022 Page 38 of 39