Common use of NO OFFSHORING AFFIDAVIT Clause in Contracts

NO OFFSHORING AFFIDAVIT. Unless otherwise agreed in writing, the Contractor and its subcontractors will not perform any of the Services from outside of the United States, and the Contractor will not allow any State of Florida Data to be sent by any medium, transmitted or accessed outside of the United States. The Contractor agrees that a violation of items listed above will result in immediate and irreparable harm to the Department and will entitle the Department to a credit of $50,000 per violation, with a total cap of $500,000 per event. This credit is intended only to cover the Department’s internal staffing and administrative costs as well as the diminished value of Services provided under the Contract and will not preclude the Department from recovering other damages it may suffer as a result of such violation. For purposes of determining the damages due hereunder, a group of violations relating to a common set of operative facts (e.g., same location, same time period, same off-shore entity) will be treated as a single event. A violation of this provision will also entitle the Department to recover damages, if any, arising from a breach of this section and constitutes an event of default. Notwithstanding any provision of this Contract to the contrary, the Contractor shall notify the Department as soon as possible and in all events within one (1) business day in the event it discovers any Data is breached, any unauthorized access of State of Florida Data occurs (even by persons or companies with authorized access for other purposes), any unauthorized transmission of Data or any credible allegation or suspicion of a material violation of the above. This notification is required whether the event affects one employee/retiree or the entire population. The notification shall be clear and conspicuous and include a description of the following: (a) The incident in general terms. (b) The type of personal information that was subject to the unauthorized access and acquisition. (c) The number of individuals who were, or potentially have been affected by the breach. (d) The actions taken by the Contractor to protect the Data information from further unauthorized access. However, the description of those actions in the written notice may be general so as not to further increase the risk or severity of the breach. Upon becoming aware of an alleged security breach or security incident, the Contractor Security Officer shall set up a conference call with the Department’s Contract Manager. The conference call invitation shall contain a brief description of the nature of the event. When possible, a thirty

NO OFFSHORING AFFIDAVIT. ‌ Unless otherwise agreed in writing, the Contractor and its subcontractors will not perform any of the Services from outside of the United States, and the Contractor will not allow any State of Florida Data to be sent by any medium, transmitted or accessed outside of the United States. The Contractor agrees that a violation of items listed above will result in immediate and irreparable harm to the Department and will entitle the Department to a credit of $50,000 per violation, with a total cap of $500,000 per event. This credit is intended only to cover the Department’s internal staffing and administrative costs as well as the diminished value of Services provided under the Contract and will not preclude the Department from recovering other damages it may suffer as a result of such violation. For purposes of determining the damages due hereunder, a group of violations relating to a common set of operative facts (e.g., same location, same time period, same off-shore offshore entity) will be treated as a single event. A violation of this provision will also entitle the Department to recover damages, if any, arising from a breach of this section and constitutes an event of default. Notwithstanding any provision of this Contract to the contrary, the Contractor shall notify the Department as soon as possible and in all events within one (1) business day in the event it discovers any Data is breached, any unauthorized access of State of Florida Data occurs (even by persons or companies with authorized access for other purposes), any unauthorized transmission of Data or any credible allegation or suspicion of a material violation of the above. This notification is required whether the event affects one employee/retiree or the entire population. The notification shall be clear and conspicuous and include a description of the following: (a) The incident in general terms. (b) The type of personal information that was subject to the unauthorized access and acquisition. (c) The number of individuals who were, or potentially have been affected by the breach. (d) The actions taken by the Contractor to protect the Data information from further unauthorized access. However, the description of those actions in the written notice may be general so as not to further increase the risk or severity of the breach. Upon becoming aware of an alleged security breach or security incident, the Contractor Security Officer shall set up a conference call with the Department’s Contract Manager. The conference call invitation shall contain a brief description of the nature of the event. When possible, a thirtythirty (30) minute notice shall be given to allow Department personnel to be available for the call. If the designated time is not practical for the Department, an alternate time for the call shall be scheduled. All available information shall be shared on the call. The Contractor shall answer all questions based on the information known at that time and shall answer additional questions as additional information becomes known. The Contractor shall provide the Department with final documentation of the incident including all actions that took place. If the Contractor becomes aware of a security breach or security incident outside of normal business hours, the Contractor shall notify the Department’s Contract Manager and, in all events, within one (1) business day.

NO OFFSHORING AFFIDAVIT. ‌ Unless otherwise agreed in writing, the Contractor and its subcontractors will not perform any of the Services from outside of the United States, and the Contractor will not allow any State of Florida Data to be sent by any medium, transmitted or accessed outside of the United States. The Contractor agrees that a violation of items listed above will result in immediate and irreparable harm to the Department and will entitle the Department to a credit of $50,000 per violation, with a total cap of $500,000 per event. This credit is intended only to cover the Department’s internal staffing and administrative costs as well as the diminished value of Services provided under the Contract and will not preclude the Department from recovering other damages it may suffer as a result of such violation. For purposes of determining the damages due hereunder, a group of violations relating to a common set of operative facts (e.g., same location, same time period, same off-shore entity) will be treated as a single event. A violation of this provision will also entitle the Department to recover damages, if any, arising from a breach of this section and constitutes an event of default. Notwithstanding any provision of this Contract to the contrary, the Contractor shall notify the Department as soon as possible and in all events within one (1) business day in the event it discovers any Data is breached, any unauthorized access of State of Florida Data occurs (even by persons or companies with authorized access for other purposes), any unauthorized transmission of Data or any credible allegation or suspicion of a material violation of the above. This notification is required whether the event affects one employee/retiree or the entire population. The notification shall be clear and conspicuous and include a description of the following: (a) The incident in general terms. (b) The type of personal information that was subject to the unauthorized access and acquisition. (c) The number of individuals who were, or potentially have been been, affected by the breach. (d) The actions taken by the Contractor to protect the Data information from further unauthorized access. However, the description of those actions in the written notice may be general so as not to further increase the risk or severity of the breach. Upon becoming aware of an alleged security breach or security incident, the Contractor Security Officer shall set up a conference call with the Department’s Contract ManagerDepartment Representative. The conference call invitation shall contain a brief description of the nature of the event. When possible, a thirtythirty (30) minute notice shall be given to allow Department personnel to be available for the call. If the designated time is not practical for the Department, an alternate time for the call shall be scheduled. All available information shall be shared on the call. The Contractor shall answer all questions based on the information known at that time and shall answer additional questions as additional information becomes known. The Contractor shall provide the Department with final documentation of the incident including all actions that took place. If the Contractor becomes aware of a security breach or security incident outside of normal business hours, the Contractor shall notify the Department Representative and in all events, within one (1) business day.

NO OFFSHORING AFFIDAVIT. Unless otherwise agreed in writing, the Contractor and its subcontractors will not perform any of the Services from outside of the United States, and the Contractor will not allow any State of Florida Data to be sent by any medium, transmitted or accessed outside of the United States. The Contractor agrees that a violation of items listed above will result in immediate and irreparable harm to the Department and will entitle the Department to a credit of $50,000 per violation, with a total cap of $500,000 per event. This credit is intended only to cover the Department’s internal staffing and administrative costs as well as the diminished value of Services provided under the Contract and will not preclude the Department from recovering other damages it may suffer as a result of such violation. For purposes of determining the damages due hereunder, a group of violations relating to a common set of operative facts (e.g., same location, same time period, same off-shore entity) will be treated as a single event. A violation of this provision will also entitle the Department to recover damages, if any, arising from a breach of this section and constitutes an event of default. Notwithstanding any provision of this Contract to the contrary, the Contractor shall notify the Department as soon as possible and in all events within one (1) business day in the event it discovers any Data is breached, any unauthorized access of State of Florida Data occurs (even by persons or companies with authorized access for other purposes), any unauthorized transmission of Data or any credible allegation or suspicion of a material violation of the above. This notification is required whether the event affects one employee/retiree or the entire population. The notification shall be clear and conspicuous and include a description of the following: (a) The incident in general terms. (b) The type of personal information that was subject to the unauthorized access and acquisition. (c) The number of individuals who were, or potentially have been affected by the breach. (d) The actions taken by the Contractor to protect the Data information from further unauthorized access. However, the description of those actions in the written notice may be general so as not to further increase the risk or severity of the breach. Upon becoming aware of an alleged security breach or security incident, the Contractor Security Officer shall set up a conference call with the Department’s Contract Manager. The conference call invitation shall contain a brief description of the nature of the event. When possible, a thirtythirty (30) minutes notice shall be given to allow Department personnel to be available for the call. If the designated time is not practical for the Department, an alternate time for the call shall be scheduled. All available information shall be shared on the call. The Contractor shall answer all questions based on the information known at that time and shall answer additional questions as additional information becomes known. The Contractor shall provide the Department with final documentation of the incident, including all actions that took place. If the Contractor becomes aware of a security breach or security incident outside of normal business hours, the Contractor shall notify the Department’s Contract Manager within one (1) business day.

NO OFFSHORING AFFIDAVIT. Unless otherwise agreed in writing, the Contractor and its subcontractors will not perform any of the Services from outside of the United States, and the Contractor will not allow any State of Florida Data to be sent by any medium, transmitted or accessed outside of the United States. The Contractor agrees that a violation of items listed above will result in immediate and irreparable harm to the Department and will entitle the Department to a credit of $50,000 per violation, with a total cap of $500,000 per event. This credit is intended only to cover the Department’s internal staffing and administrative costs as well as the diminished value of Services provided under the Contract and will not preclude the Department from recovering other damages it may suffer as a result of such violation. For purposes of determining the damages due hereunder, a group of violations relating to a common set of operative facts (e.g., same location, same time period, same off-shore entity) will be treated as a single event. A violation of this provision will also entitle the Department to recover damages, if any, arising from a breach of this section and constitutes an event of default. Notwithstanding any provision of this Contract to the contrary, the Contractor shall notify the Department as soon as possible and in all events within one (1) business day in the event it discovers any Data is breached, any unauthorized access Access of State of Florida Data occurs (even by persons or companies with authorized access Access for other purposes), any unauthorized transmission of Data or any credible allegation or suspicion of a material violation of the above. This notification is required whether the event affects one employee/retiree or the entire population. The notification shall be clear and conspicuous and include a description of the following: (a) The incident in general terms. (b) The type of personal information that was subject to the unauthorized access Access and acquisition. (c) The number of individuals who were, or potentially have been affected by the breach. (d) The actions taken by the Contractor to protect the Data information from further unauthorized accessAccess. However, the description of those actions in the written notice may be general so as not to further increase the risk or severity of the breach. Upon becoming aware of an alleged security breach or security incident, the Contractor Security Officer shall set up a conference call with the Department’s Contract Manager. The conference call invitation shall contain a brief description of the nature of the event. When possible, a thirty

NO OFFSHORING AFFIDAVIT. ‌ Unless otherwise agreed in writing, the Contractor and its subcontractors will not perform any of the Services from outside of the United States, and the Contractor will not allow any State of Florida Data to be sent by any medium, transmitted or accessed outside of the United States. The Contractor agrees that a violation of items listed above will result in immediate and irreparable harm to the Department and will entitle the Department to a credit of $50,000 per violation, with a total cap of $500,000 per event. This credit is intended only to cover the Department’s internal staffing and administrative costs as well as the diminished value of Services provided under the Contract and will not preclude the Department from recovering other damages it may suffer as a result of such violation. For purposes of determining the damages due hereunder, a group of violations relating to a common set of operative facts (e.g., same location, same time period, same off-shore entity) will be treated as a single event. A violation of this provision will also entitle the Department to recover damages, if any, arising from a breach of this section and constitutes an event of default. Notwithstanding any provision of this Contract to the contrary, the Contractor shall notify the Department as soon as possible and in all events within one (1) business day in the event it discovers any Data is breached, any unauthorized access of State of Florida Data occurs (even by persons or companies with authorized access for other purposes), any unauthorized transmission of Data or any credible allegation or suspicion of a material violation of the above. This notification is required whether the event affects one employee/retiree or the entire population. The notification shall be clear and conspicuous and include a description of the following: (a) The incident in general terms. (b) The type of personal information that was subject to the unauthorized access and acquisition. (c) The number of individuals who were, or potentially have been affected by the breach. (d) The actions taken by the Contractor to protect the Data information from further unauthorized access. However, the description of those actions in the written notice may be general so as not to further increase the risk or severity of the breach. Upon becoming aware of an alleged security breach or security incident, the Contractor Security Officer shall set up a conference call with the Department’s Contract Manager. The conference call invitation shall contain a brief description of the nature of the event. When possible, a thirtythirty (30) minute notice shall be given to allow Department personnel to be available for the call. If the designated time is not practical for the Department, an alternate time for the call shall be scheduled. All available information shall be shared on the call. The Contractor shall answer all questions based on the information known at that time and shall answer additional questions as additional information becomes known. The Contractor shall provide the Department with final documentation of the incident including all actions that took place. If the Contractor becomes aware of a security breach or security incident outside of normal business hours, the Contractor shall notify the Department’s Contract Manager and, in all events, within one (1) business day.

NO OFFSHORING AFFIDAVIT. ‌ Unless otherwise agreed in writing, the Contractor and its subcontractors will not perform any of the Services from outside of the United States, and the Contractor will not allow any State of Florida Data to be sent by any medium, transmitted or accessed outside of the United States. The Contractor agrees that a violation of items listed above will result in immediate and irreparable harm to the Department and will entitle the Department to a credit of $50,000 per violation, with a total cap of $500,000 per event. This credit is intended only to cover the Department’s internal staffing and administrative costs as well as the diminished value of Services provided under the Contract and will not preclude the Department from recovering other damages it may suffer as a result of such violation. For purposes of determining the damages due hereunder, a group of violations relating to a common set of operative facts (e.g., same location, same time period, same off-shore entity) will be treated as a single event. A violation of this provision will also entitle the Department to recover damages, if any, arising from a breach of this section and constitutes an event of default. Notwithstanding any provision of this Contract to the contrary, the Contractor shall notify the Department as soon as possible and in all events within one (1) business day in the event it discovers any Data is breached, any unauthorized access of State of Florida Data occurs (even by persons or companies with authorized access for other purposes), any unauthorized transmission of Data or any credible allegation or suspicion of a material violation of the above. This notification is required whether the event affects one employee/retiree or the entire population. The notification shall be clear and conspicuous and include a description of the following: (a) The incident in general terms. (b) The type of personal information that was subject to the unauthorized access and acquisition. (c) The number of individuals who were, or potentially have been affected by the breach. (d) The actions taken by the Contractor to protect the Data information from further unauthorized access. However, the description of those actions in the written notice may be general so as not to further increase the risk or severity of the breach. Upon becoming aware of an alleged security breach or security incident, the Contractor Security Officer shall set up a conference call with the Department’s Contract ManagerDepartment Representative. The conference call invitation shall contain a brief description of the nature of the event. When possible, a thirtythirty (30) minute notice shall be given to allow Department personnel to be available for the call. If the designated time is not practical for the Department, an alternate time for the call shall be scheduled. All available information shall be shared on the call. The Contractor shall answer all questions based on the information known at that time and shall answer additional questions as additional information becomes known. The Contractor shall provide the Department with final documentation of the incident including all actions that took place. If the Contractor becomes aware of a security breach or security incident outside of normal business hours, the Contractor shall notify the Department Representative and in all events, within one (1) business day.

NO OFFSHORING AFFIDAVIT. Unless otherwise agreed in writing, the Contractor and its subcontractors will not perform any of the Services from outside of the United States, and the Contractor will not allow any State of Florida Data to be sent by any medium, transmitted or accessed outside of the United States. The Contractor agrees that a violation of items listed above will result in immediate and irreparable harm to the Department and will entitle the Department to a credit of $50,000 per violation, with a total cap of $500,000 per event. This credit is intended only to cover the Department’s internal staffing and administrative costs as well as the diminished value of Services provided under the Contract and will not preclude the Department from recovering other damages it may suffer as a result of such violation. For purposes of determining the damages due hereunder, a group of violations relating to a common set of operative facts (e.g., same location, same time period, same off-shore entity) will be treated as a single event. A violation of this provision will also entitle the Department to recover damages, if any, arising from a breach of this section and constitutes an event of default. Notwithstanding any provision of this Contract to the contrary, the Contractor shall notify the Department as soon as possible and in all events within one (1) business day in the event it discovers any Data is breached, any unauthorized access of State of Florida Data occurs (even by persons or companies with authorized access for other purposes), any unauthorized transmission of Data or any credible allegation or suspicion of a material violation of the above. This notification is required whether the event affects one employee/retiree or the entire population. The notification shall be clear and conspicuous and include a description of the following: (a) The incident in general terms. (b) The type of personal information that was subject to the unauthorized access and acquisition. (c) The number of individuals who were, or potentially have been affected by the breach. (d) The actions taken by the Contractor to protect the Data information from further unauthorized access. However, the description of those actions in the written notice may be general so as not to further increase the risk or severity of the breach. Upon becoming aware of an alleged security breach or security incident, the Contractor Security Officer shall set up a conference call with the Department’s Contract Manager. The conference call invitation shall contain a brief description of the nature of the event. When possible, a thirty

NO OFFSHORING AFFIDAVIT. Unless otherwise agreed in writing, the Contractor and its subcontractors will not perform any of the Services from outside of the United States, and the Contractor will not allow any State of Florida Data to be sent by any medium, transmitted or accessed outside of the United States. The Contractor agrees that a violation of items listed above will result in immediate and irreparable harm to the Department and will entitle the Department to a credit of $50,000 per violation, with a total cap of $500,000 per event. This credit is intended only to cover the Department’s internal staffing and administrative costs as well as the diminished value of Services provided under the Contract and will not preclude the Department from recovering other damages it may suffer as a result of such violation. For purposes of determining the damages due hereunder, a group of violations relating to a common set of operative facts (e.g., same location, same time period, same off-shore entity) will be treated as a single event. A violation of this provision will also entitle the Department to recover damages, if any, arising from a breach of this section and constitutes an event of default. Notwithstanding any provision of this Contract to the contrary, the Contractor shall notify the Department as soon as possible and in all events within one (1) business day in the event it discovers any Data is breached, any unauthorized access of State of Florida Data occurs (even by persons or companies with authorized access for other purposes), any unauthorized transmission of Data or any credible allegation or suspicion of a material violation of the above. This notification is required whether the event affects one employee/retiree or the entire population. The notification shall be clear and conspicuous and include a description of the following: (a1) The incident in general terms. (b2) The type of personal information that was subject to the unauthorized access and acquisition. (c3) The number of individuals who were, or potentially have been affected by the breach. (d4) The actions taken by the Contractor to protect the Data information from further unauthorized access. However, the description of those actions in the written notice may be general so as not to further increase the risk or severity of the breach. Upon becoming aware of an alleged security breach or security incident, the Contractor Security Officer shall set up a conference call with the Department’s Contract Manager. The conference call invitation shall contain a brief description of the nature of the event. When possible, a thirty

NO OFFSHORING AFFIDAVIT. Unless otherwise agreed in writing, the Contractor and its subcontractors will not perform any of the Services from outside of the United States, and the Contractor will not allow any State of Florida Data to be sent by any medium, transmitted or accessed outside of the United States. The Contractor agrees that a violation of items listed above will result in immediate and irreparable harm to the Department and will entitle the Department to a credit of $50,000 per violation, with a total cap of $500,000 per event. This credit is intended only to cover the Department’s internal staffing and administrative costs as well as the diminished value of Services provided under the Contract and will not preclude the Department from recovering other damages it may suffer as a result of such violation. For purposes of determining the damages due hereunder, a group of violations relating to a common set of operative facts (e.g., same location, same time period, same off-shore entity) will be treated as a single event. A violation of this provision will also entitle the Department to recover damages, if any, arising from a breach of this section and constitutes an event of default. Notwithstanding any provision of this Contract to the contrary, the Contractor shall notify the Department as soon as possible and in all events within one (1) business day in the event it discovers any Data is breached, any unauthorized access of State of Florida Data occurs (even by persons or companies with authorized access for other purposes), any unauthorized transmission of Data or any credible allegation or suspicion of a material violation of the above. This notification is required whether the event affects one employee/retiree or the entire population. The notification shall be clear and conspicuous and include a description of the following: (a) The incident in general terms. (b) The type of personal information that was subject to the unauthorized access and acquisition. (c) The number of individuals who were, or potentially have been affected by the breach. (d) The actions taken by the Contractor to protect the Data information from further unauthorized access. However, the description of those actions in the written notice may be general so as not to further increase the risk or severity of the breach. Upon becoming aware of an alleged security breach or security incident, the Contractor Security Officer shall set up a conference call with the Department’s Contract Manager. The conference call invitation shall contain a brief description of the nature of the event. When possible, a thirtythirty (30) minute notice shall be given to allow Department personnel to be available for the call. If the designated time is not practical for the Department, an alternate time for the call shall be scheduled. All available information shall be shared on the call. The Contractor shall answer all questions based on the information known at that time and shall answer additional questions as additional information becomes known. The Contractor shall provide the Department with final documentation of the incident including all actions that took place. If the Contractor becomes aware of a security breach or security incident outside of normal business hours, the Contractor shall notify the Department’s Contract Manager and in all events, within one (1) business day.