SaaS Services 6.1 Our SaaS Services are audited at least yearly in accordance with the AICPA’s Statement on Standards for Attestation Engagements (“SSAE”) No. 18. We have attained, and will maintain, SOC 1 and SOC 2 compliance, or its equivalent, for so long as you are timely paying for SaaS Services. Upon execution of a mutually agreeable Non-Disclosure Agreement (“NDA”), we will provide you with a summary of our compliance report(s) or its equivalent. Every year thereafter, for so long as the NDA is in effect and in which you make a written request, we will provide that same information. 6.2 You will be hosted on shared hardware in a Tyler data center or in a third-party data center. In either event, databases containing your Data will be dedicated to you and inaccessible to our other customers. 6.3 Our Tyler data centers have fully-redundant telecommunications access, electrical power, and the required hardware to provide access to the Tyler Software in the event of a disaster or component failure. In the event any of your Data has been lost or damaged due to an act or omission of Tyler or its subcontractors or due to a defect in Tyler’s software, we will use best commercial efforts to restore all the Data on servers in accordance with the architectural design’s capabilities and with the goal of minimizing any Data loss as greatly as possible. In no case shall the recovery point objective (“RPO”) exceed a maximum of twenty-four (24) hours from declaration of disaster. For purposes of this subsection, RPO represents the maximum tolerable period during which your Data may be lost, measured in relation to a disaster we declare, said declaration will not be unreasonably withheld. 6.4 In the event we declare a disaster, our Recovery Time Objective (“RTO”) is twenty-four (24) hours. For purposes of this subsection, RTO represents the amount of time, after we declare a disaster, within which your access to the Tyler Software must be restored. 6.5 We conduct annual penetration testing of either the production network and/or web application to be performed. We will maintain industry standard intrusion detection and prevention systems to monitor malicious activity in the network and to log and block any such activity. We will provide you with a written or electronic record of the actions taken by us in the event that any unauthorized access to your database(s) is detected as a result of our security protocols. We will undertake an additional security audit, on terms and timing to be mutually agreed to by the parties, at your written request. You may not attempt to bypass or subvert security restrictions in the SaaS Services or environments related to the Tyler Software. Unauthorized attempts to access files, passwords or other confidential information, and unauthorized vulnerability and penetration test scanning of our network and systems (hosted or otherwise) is prohibited without the prior written approval of our IT Security Officer. 6.6 We test our disaster recovery plan on an annual basis. Our standard test is not client-specific. Should you request a client-specific disaster recovery test, we will work with you to schedule and execute such a test on a mutually agreeable schedule. At your written request, we will provide test results to you within a commercially reasonable timeframe after receipt of the request. 6.7 We will be responsible for importing back-up and verifying that you can log-in. You will be responsible for running reports and testing critical processes to verify the returned Data. 6.8 We provide secure Data transmission paths between each of your workstations and our servers. 6.9 Tyler data centers are accessible only by authorized personnel with a unique key entry. All other visitors to Tyler data centers must be signed in and accompanied by authorized personnel. Entry attempts to the data center are regularly audited by internal staff and external auditors to ensure no unauthorized access. 6.10 Where applicable with respect to our applications that take or process card payment data, we are responsible for the security of cardholder data that we possess, including functions relating to storing, processing, and transmitting of the cardholder data and affirm that, as of the Effective Date, we comply with applicable requirements to be considered PCI DSS compliant and have performed the necessary steps to validate compliance with the PCI DSS. We agree to supply the current status of our PCI DSS compliance program in the form of an official Attestation of Compliance, which can be found at xxxxx://xxx.xxxxxxxxx.xxx/about- us/compliance, and in the event of any change in our status, will comply with applicable notice requirements.
Utilities, Services Landlord shall provide, subject to the terms of this Section 11, water, electricity, heat, air conditioning, light, power, sewer, and other utilities (including gas and fire sprinklers to the extent the Project is plumbed for such services), refuse and trash collection and janitorial services (collectively, “Utilities”). Landlord shall pay, as Operating Expenses or subject to Tenant’s reimbursement obligation, for all Utilities used on the Premises, all maintenance charges for Utilities, and any storm sewer charges or other similar charges for Utilities imposed by any Governmental Authority or Utility provider, and any taxes, penalties, surcharges or similar charges thereon. Landlord shall not cause any Utilities to the Premises which are not currently separately metered to be separately metered. Tenant shall pay directly to the Utility provider, prior to delinquency, any separately metered Utilities and services which may be furnished to Tenant or the Premises during the Term. Tenant shall pay, as part of Operating Expenses, its share of all charges for jointly metered Utilities based upon consumption, as reasonably determined by Landlord. No interruption or failure of Utilities, from any cause whatsoever other than Landlord’s willful misconduct, shall result in eviction or constructive eviction of Tenant, termination of this Lease or the abatement of Rent. Tenant agrees to limit use of water and sewer with respect to Common Areas to normal restroom use. Landlord’s sole obligation for either providing emergency generators or providing emergency back-up power to Tenant shall be: (i) to provide emergency generators with not less than the capacity of the emergency generators located in the Building as of the Commencement Date, and (ii) to contract with a third party to maintain the emergency generators as per the manufacturer’s standard maintenance guidelines. Landlord shall have no obligation to provide Tenant with operational emergency generators or back-up power or to supervise, oversee or confirm that the third party maintaining the emergency generators is maintaining the generators as per the manufacturer’s standard guidelines or otherwise. During any period of replacement, repair or maintenance of the emergency generators when the emergency generators are not operational, including any delays thereto due to the inability to obtain parts or replacement equipment, Landlord shall have no obligation to provide Tenant with an alternative back-up generator or generators or alternative sources of back-up power. Tenant expressly acknowledges and agrees that Landlord does not guaranty that such emergency generators will be operational at all times or that emergency power will be available to the Premises when needed.