2023/01/11 Evidence IQ, Inc. BALLISTICS IQ MUNICIPAL, STATE AND FEDERAL LAW ENFORCEMENT AGENCY AGREEMENTEvidence IQ, Inc. – Ballistics IQ Agreement Page 1 of 13
EVIDENCE IQ – BALLISTICS IQ
MUNICIPAL, STATE AND FEDERAL
LAW ENFORCEMENT AGENCY AGREEMENT
This Municipal, State and Federal Law Enforcement Agency Agreement
(“Agreement”) is made and entered into effective January 11, 2023 (the “Effective Date”)
between Evidence IQ, Inc., a Delaware corporation (“EIQ”), and City of Menifee
(“AGENCY”).
A. EIQ collects, stores and disseminates Ballistics Data (as herein defined) to law
enforcement agencies through its EIQ Software Service (as herein defined); and
B. AGENCY desires to obtain access to Ballistics Data through the EIQ Software
Service on the terms and conditions set forth in this Agreement;
NOW, THEREFORE, in consideration of the mutual agreements contained herein and
other good and valuable consideration, the receipt and sufficiency of which is acknowledged
by the parties, the parties agree as follows:
1. Definitions. As used in this Agreement, certain terms have the meanings set
forth below. Certain other capitalized terms are defined in the text of this Agreement in the
section in which the term is first used.
“Ballistics Data” means ballistics data and images collected by LEAs and
available through the EIQ Software Service for use by LEAs. All Ballistics Data uploaded by
AGENCY to the EIQ Software Service is owned by AGENCY.
“EIQ Software Service” means a web-based (hosted) suite of software
applications of EIQ consisting of analytical and investigative software located on a physical
database server that also hosts Ballistics Data accessed through the EIQ customer portal.
“LEA” means a municipal, state or Federal law enforcement agency.
“Service Fee” means the amount required to be paid by AGENCY per Service
Period defined in Exhibit A for access to the EIQ Software Service and Ballistics Data.
“User” means an individual who is an agent and sworn officer of AGENCY and
who is authorized by AGENCY to access the Ballistics Data through the EIQ Software
Service on behalf of AGENCY with login credentials provided by AGENCY.
2. License.
(a) Grant of License. Subject to, and conditioned on, AGENCY’s payment
of the Service Fee and compliance with all other terms and conditions of this Agreement, EIQ
grants to AGENCY a non-exclusive, non-transferable right and license to access and use the
Ballistics Data through the EIQ Software Service during the Service Period only for
investigatory law enforcement purposes in AGENCY’s geographic area of their jurisdiction
on investigations that AGENCY is conducting. AGENCY is not permitted by this license to
enter Ballistics Data arising from investigations being conducted by other LEAs.
DocuSign Envelope ID: C6A5AF01-DC7F-4D7F-896B-2E12B36FD4DEDocuSign Envelope ID: 0B3CDAAB-1794-484E-BAFB-9715AA70602C
Evidence IQ, Inc. – Ballistics IQ Agreement Page 2 of 13
(b) License of Ballistics Data. AGENCY grants to EIQ a non-exclusive,
fully paid up, royalty free, worldwide, sublicensable, transferable, perpetual and irrevocable
license to use, install, access, reproduce, modify, impose, display, create derivative works of,
distribute, and license for use by EIQ’s customers the Ballistics Data uploaded by AGENCY
in connection with its EIQ Software Service.
(c) Data Sharing. All Ballistics Data uploaded by AGENCY will be
available through the EIQ Software Service and accessible by other LEAs who contract with
EIQ to access the EIQ Software Service.
(d) Non-Exclusive Licensed Access. AGENCY acknowledges that the
right or ability of EIQ to license other third parties to access the Ballistics Data through the
EIQ Software Service is not restricted in any manner by this Agreement, and that it is EIQ’s
intention to license a number of other LEAs to access the Ballistics Data through the EIQ
Software Service. EIQ shall have no liability to AGENCY for any such action.
3. Access to the Ballistics Data Through the EIQ Software Service.
(a) Account Security. EIQ shall provide to AGENCY the necessary
passwords and network links or connections to allow AGENCY’s Users to access the Ballistics
Data through the EIQ Software Service. AGENCY shall be responsible for assigning to each
of AGENCY’s Users a username and password (one per user account). An unlimited number
of User accounts is provided. AGENCY will cause the Users to maintain username and
password credentials confidential and will prevent use of such username and password
credentials by any unauthorized person(s). AGENCY shall notify EIQ immediately if
AGENCY believes the password of any of its Users has, or may have, been obtained or used
by any unauthorized person(s). In addition, AGENCY must notify EIQ immediately if
AGENCY becomes aware of any other breach or attempted breach of the security of any of
its Users’ accounts.
(b) Eligibility. AGENCY shall only authorize individuals who satisfy the
eligibility requirements of “Users” to access the EIQ Software Service. EIQ in its sole
discretion may deny EIQ Software Service access to any individual based on such person’s
failure to satisfy such eligibility requirements.
(c) User Logins. Except with the prior written consent of EIQ, AGENCY
shall not provide User logins to agents or officers of other local, state or Federal LEAs or
access the EIQ Software Service on behalf of other LEAs.
(d) Liability. AGENCY is responsible and liable for all uses of the
Ballistics Data through the EIQ Software Service resulting from access provided by
AGENCY, directly or indirectly, whether such access or use is permitted by or in violation of
this Agreement. Without limiting the generality of the foregoing, AGENCY is responsible
for all acts and omissions of each User and each act or omission by each User that would
constitute a breach of this Agreement if taken by AGENCY will be deemed a breach of this
Agreement by AGENCY. AGENCY shall use reasonable efforts to make all Users aware of
this Agreement’s provisions as applicable to such User’s use of the Ballistics Data through
the EIQ Software Service, and shall cause Users to comply with such provisions.
DocuSign Envelope ID: C6A5AF01-DC7F-4D7F-896B-2E12B36FD4DEDocuSign Envelope ID: 0B3CDAAB-1794-484E-BAFB-9715AA70602C
Evidence IQ, Inc. – Ballistics IQ Agreement Page 3 of 13
(e) Restrictions on Use of the Ballistics Data Through the EIQ
Software Service.
(i) AGENCY acknowledges that a large part of EIQ’s competitive
advantage comes from the collection and analysis of the Ballistics Data. AGENCY’s and each
User’s access, use, except as expressly permitted under this Agreement, and disclosure of any
such Ballistics Data would cause irreparable damage to EIQ.
(ii) Except as expressly permitted under this Agreement, AGENCY
agrees that it shall not, directly or indirectly, nor will it permit a User or any other party to,
without the prior written consent of EIQ, (A) access the EIQ Software Service and utilize the
Ballistics Data for any purpose other than for investigatory law enforcement purposes,
(B) disclose the Ballistics Data to any unauthorized third party; (C) copy, modify, or create
derivative works of the EIQ Software Service or the Ballistics Data, in whole or in part;
(D) create, attempt to create, or grant permission to the source program and/or object
program associated with the EIQ Software Service or the Ballistics Data; (E) decompile,
disassemble or reverse engineer any software component of the EIQ Software Service for any
reason, including, without limitation, to develop functionally similar computer software or
services; (F) modify, alter or delete any of the copyright notices embedded in or affixed to the
copies of any components of the EIQ Software Service or the Ballistics Data; (G) rent, lease,
lend, sell, license, sublicense, assign, distribute, publish, transfer or otherwise make
available the EIQ Software Service or the Ballistics Data; or (H) use the EIQ Software Service
or the Ballistics Data in any manner or for any purpose that infringes, misappropriates, or
otherwise violates any intellectual property right or other right of any person or entity that
violates any applicable law.
(iii) AGENCY agrees to take all necessary precautions to protect the
Ballistics Data against its unauthorized use or disclosure and exercise at least the same
degree of care in safeguarding the Ballistics Data as AGENCY would with AGENCY’s own
confidential information.
(iv) AGENCY shall not create, publish, distribute, or permit any
written, electronically transmitted or other form of publicity material that references the
Ballistics Data, EIQ Software Service or this Agreement without first submitting the
material to EIQ and receiving written consent from EIQ thereto. This restriction is
specifically intended to ensure consistency with other media messaging and will survive the
expiration or earlier termination of this Agreement. This Section 3(e)(iv) shall not apply to
information AGENCY is required to publish by applicable law or a court order from a court
of competent jurisdiction.
(v) AGENCY agrees as follows:
(A) to notify EIQ immediately upon discovery of any
unauthorized use or disclosure of Ballistics Data or any other breach of this Section 3 by
AGENCY or any User, and AGENCY shall reasonably cooperate with EIQ to regain
possession of the Ballistics Data, prevent its further unauthorized use, and otherwise prevent
any further breaches of this Section 3;
(B) a breach or threatened breach by AGENCY or a User of
any covenant contained in this Agreement, including under this Section 3, may cause
irreparable damage to EIQ and that EIQ could not be made whole by monetary damages.
DocuSign Envelope ID: C6A5AF01-DC7F-4D7F-896B-2E12B36FD4DEDocuSign Envelope ID: 0B3CDAAB-1794-484E-BAFB-9715AA70602C
Evidence IQ, Inc. – Ballistics IQ Agreement Page 4 of 13
Therefore, EIQ shall have, in addition to any remedies available at law, the right to seek
equitable relief to enforce this Agreement, including a restraining order, an injunction,
specific performance, and any other relief that may be available from any court, without any
requirement to post a bond or other security, or to prove actual damages or that monetary
damages are not an adequate remedy; and
(C) AGENCY’s obligations of non-disclosure and other
obligations under this Agreement are effective as of the Effective Date and will survive the
termination or expiration of this Agreement, except in order to respond to valid FOIA
inquiries or otherwise required by law.
(f) Reservation of Rights. EIQ reserves all rights not expressly granted
to AGENCY in this Agreement.
4. Service Fees and Term. The AGENCY Service Fees will be based on the
type of solution selected and the Service Period. Exhibit A further defines the Service Period
term and cost and permitted use.
(a) AGENCY agrees to reasonable assist EIQ with testimonials, case
studies, and being a referenceable resource for other Law Enforcement organizations. All
public-facing collateral will be pre-approved by AGENCY in writing prior to any external
publication.
(b) AGENCY may use the EIQ Service for the purposes of assisting and
supporting the AGENCY’s personnel only unless granted permission in writing by EIQ.
5. Term and Termination.
(a) Term. The initial term of this Agreement begins on the Effective Date
and, unless terminated earlier pursuant to this Agreement’s express provisions, will continue
in effect as defined in Exhibit A from such date (the “Service Period”).
(b) Termination.
(i) AGENCY may terminate this Agreement with or without cause
upon thirty (30) days’ prior written notice to EIQ. If AGENCY’s notice of termination is based
on a breach of this Agreement by EIQ, the notice of termination will set forth in reasonable
detail EIQ’s breach of the Agreement. If within such thirty (30) day period EIQ fails to cure
to AGENCY’s satisfaction the breach, this Agreement will terminate upon the expiration of
such thirty (30) day period and AGENCY shall be entitled to a refund of the portion of the
Service Fee prorated to the date of breach. If AGENCY’s notice of termination is based on a
reason other than a breach of this Agreement by EIQ, this Agreement will terminate upon
the expiration of such thirty (30) day period and AGENCY will not be entitled to a refund of
a portion of the Service Fee, , any portion thereof, upon such a termination.
(ii) EIQ may terminate this Agreement with or without cause upon
thirty (30) days’ prior written notice to AGENCY. If EIQ’s notice of termination is based on
a breach of this Agreement by AGENCY, the notice of termination will set forth in reasonable
detail AGENCY’s breach of this Agreement. If within such thirty (30) day period AGENCY
fails to cure to EIQ’s satisfaction the breach, this Agreement will terminate upon the
expiration of such thirty (30) day period and AGENCY shall not be entitled to a refund of the
DocuSign Envelope ID: C6A5AF01-DC7F-4D7F-896B-2E12B36FD4DEDocuSign Envelope ID: 0B3CDAAB-1794-484E-BAFB-9715AA70602C
Evidence IQ, Inc. – Ballistics IQ Agreement Page 5 of 13
Service Fee, or any portion thereof. If EIQ’s notice of termination is based on a reason other
than a breach of this Agreement by AGENCY, this Agreement will terminate upon the
expiration of such thirty (30) day period and AGENCY will be entitled to a refund of a portion
of the Service Fee prorated to the termination.
(iii) Either party may terminate this Agreement, effective
immediately upon written notice to the other party, if the other party: (A) becomes insolvent
or is generally unable to pay, or fails to pay, its debts as they become due; (B) files or has filed
against it, a petition for voluntary or involuntary bankruptcy or otherwise becomes subject,
voluntarily or involuntarily, to any proceeding under any domestic bankruptcy or insolvency
law; (C) makes or seeks to make a general assignment for the benefit of its creditors; or
(D) applies for or has appointed a receiver, trustee, custodian or similar agent appointed by
order of any court of competent jurisdiction to take charge of or sell any material porti on of
its property or business. AGENCY shall be entitled to a prorated refund of the Service Fee,
, upon such a termination.
(iv) Upon expiration or earlier termination of this Agreement, all
rights granted by EIQ to AGENCY under this Agreement will immediately cease to exist and
AGENCY must promptly discontinue all use of the EIQ Software Service. The license
granted by AGENCY to EIQ pursuant to Section 2(b) shall survive the termination or
expiration of this Agreement.
(v) This Section 5(b) shall survive any termination or expiration
of this Agreement.
6. Warranty Disclaimer by EIQ; Indemnification by AGENCY.
(a) Limitations of Liability. EIQ WILL NOT BE LIABLE FOR
AGENCY’S USE OF THE BALLISTICS DATA OR THE EIQ SOFTWARE SERVICE
UNDER ANY CONTRACT, NEGLIGENCE, TORT, STRICT LIABILITY OR OTHER
LEGAL OR EQUITABLE THEORY FOR ANY INDIRECT, INCIDENTAL,
CONSEQUENTIAL, SPECIAL OR EXEMPLARY DAMAGES (INCLUDING, WITHOUT
LIMITATION, LOSS OF REVENUE OR GOODWILL OR ANTICIPATED PROFITS OR
LOST OF BUSINESS). TO THE EXTENT THE FOREGOING LIMITATION OF LIABILITY
IS PROHIBITED OR OTHERWISE UNENFORCEABLE, EIQ’S CUMULATIVE LIABILITY
TO AGENCY ARISING OUT OF OR RELATED TO THIS AGREEMENT SHALL NOT
EXCEED $10,000.00 OR AN AMOUNT RECEIVED VIA A CLAIM PAID BY AN EIQ
INSURER, WHICHEVER IS GREATER.
(b) Indemnification. AGENCY agrees to indemnify, defend (with counsel
acceptable to EIQ) and hold harmless EIQ and its employees, representatives, agents,
officers, directors, and corporate employees (against any and all claims, suits, actions, or
other proceedings brought against the Indemnified Party based on or arising from any claim
that AGENCY or any User breached any terms or provisions of this Agreement or that any
Ballistics Data uploaded by AGENCY to the EIQ Software Service infringes or
misappropriates a third party’s intellectual property rights; provided, that AGENCY may not
settle any such claim against EIQ unless EIQ consents to such settlement and provided
further that EIQ will have the right, at its option, to defend itself against any such claim or
to participate in the defense thereof by counsel of its own choice. EIQ agrees to indemnify,
defend (with counsel acceptable to AGENCY) and hold harmless AGENCY and its employees,
representatives, agents, officers, directors, and corporate employees against any and all
DocuSign Envelope ID: C6A5AF01-DC7F-4D7F-896B-2E12B36FD4DEDocuSign Envelope ID: 0B3CDAAB-1794-484E-BAFB-9715AA70602C
Evidence IQ, Inc. – Ballistics IQ Agreement Page 6 of 13
claims, suits, actions, or other proceedings brought against the indemnified party based on
or arising from any claim that EIQ breached any terms or provisions of this Agreement or
that the EIQ Software Service, excluded Ballistics Data uploaded by AGENCY, infringes or
misappropriates a third party’s intellectual property rights; provided, that EIQ may not
settle any such claim against AGENCY unless AGENCY consents to such settlement and
provided further that AGENCY will have the right, at its option, to defend itself against any
such claim or to participate in the defense thereof by counsel of its own choice
7. Miscellaneous.
(a) Notices. Any notice under this Agreement must be written. Notices
must be addressed to the recipient and either (i) hand delivered; (ii) placed in the United
States mail, certified, return receipt requested; (iii) deposited with an overnight delivery
service; or (iv) sent via e-mail and followed with a copy sent by overnight delivery or regular
mail, to the address or e-mail address specified below. Any mailed notice is effective three
(3) business days after the date of deposit with the United States Postal Service or the
overnight delivery service, as applicable; all other notices are effective upon receipt. A failure
of the United States Postal Service to return the certified mail receipt to the dispatcher of
such notice will not affect the otherwise valid posting of notice hereunder.
Addresses for all purposes under this Agreement are:
If to EIQ: Evidence IQ, Inc.
Attn: Matt Brady, CEO
346 River Street
Lemont, Illinois 60439
E-mail: Brady@EvidenceIQ.com
If to AGENCY: City of Menifee
Att: Chonte Keene, Crime Scene/ Evidence
Specialist
29714 HAUN RD.
MENIFEE, CA 92586
E-mail: ckeene@menifeepolice.org
Either party may designate another address for this Agreement by giving the other party at
least five (5) business days’ advance notice of its address change. A party’s attorney may
send notices on behalf of that party, but a notice is not effective against a party if sent only
to that party’s attorney.
(b) Assignment. Neither party shall assign its rights or delegate its
obligations under this Agreement to any party, without the express written consent of the
non-assigning party. Any such purported assignment or delegation in violation of this
Section 7(b) will be null and void. No unauthorized assignment or delegation will relieve
either party of any of its obligations hereunder. This Agreement is binding upon and inures
to the benefit of the parties and their respective permitted successors and assigns.
(c) Governing Law; Venue. THIS AGREEMENT IS GOVERNED BY
AND INTERPRETED IN ACCORDANCE WITH THE LAWS OF THE STATE OF
CALIFORNIA WITHOUT REGARD TO CONFLICTS-OF-LAWS PRINCIPLES. THE
DocuSign Envelope ID: C6A5AF01-DC7F-4D7F-896B-2E12B36FD4DEDocuSign Envelope ID: 0B3CDAAB-1794-484E-BAFB-9715AA70602C
Evidence IQ, Inc. – Ballistics IQ Agreement Page 7 of 13
PARTIES HERETO CONSENT THAT VENUE OF ANY ACTION BROUGHT UNDER THIS
AGREEMENT WILL BE IN RIVERSIDE COUNTY, CALIFORNIA.
(d) Amendments; Waiver. No amendment to this Agreement or waiver
of any right or obligation created by this Agreement will be effective unless it is in writing
and signed by both parties. No waiver by any party of any of the provisions hereof will be
effective unless explicitly set forth in writing and signed by the party so waiving. Except as
otherwise set forth in this Agreement, (i) no failure to exercise, or delay in exercising, any
rights, remedy, power or privilege arising from this Agreement will operate or be construed
as a waiver thereof, and (ii) no single or partial exercise of any right, remedy, power or
privilege hereunder will preclude any other or further exercise thereof or the exercise of any
other right, remedy, power or privilege.
(e) Entirety. This Agreement constitute the entire agreement between
the parties and supersede all prior and contemporaneous understandings, agreements,
representations and warranties and other communications, oral or written between the
parties. No contrary or additional terms contained in any purchase order or other
communication from AGENCY will be a part of this Agreement.
(f) Force Majeure. Neither party will be liable for failure to perform or
delay in performing any obligation under this Agreement if nonperformance is caused by an
occurrence beyond the reasonable control of such party and without its fault or negligence,
such as acts of God or the public enemy, acts of the Government in either its sovereign or
contractual capacity, fires, floods, epidemics, quarantine restrictions, strikes, unusually
severe weather, delays of common carriers, or any other cause beyond the reasonable control
of such party.
(g) Severability. If any provision of this Agreement is held to be invalid,
illegal or unenforceable for any reason, such invalidity, illegality or unenforceability will not
affect any other provisions of this Agreement, and this Agreement will be construed as if such
invalid, illegal or unenforceable provision had never been contained herein.
(h) Counterparts. This Agreement may be executed in counterparts, each
of which is deemed an original, but all of which together are deemed to be one and the same
agreement.
(i) CJIS Requirements. AGENCY certifies that its Users shall comply
with the CJIS requirements outlined in Exhibit B. EIQ certifies that it shall comply with
the CJIS requirements set forth in Exhibit B.
IN WITNESS WHEREOF, the parties hereto have executed this Agreement by persons duly
authorized as of the date and year first above written.
EIQ: Evidence IQ, Inc.
By:
Name: Steve Cintron
Title: CFO
AGENCY: City of Menifee
By:
Name:
Title:
DocuSign Envelope ID: C6A5AF01-DC7F-4D7F-896B-2E12B36FD4DEDocuSign Envelope ID: 0B3CDAAB-1794-484E-BAFB-9715AA70602C
City Manager
Armando Villa
Evidence IQ, Inc. – Ballistics IQ Agreement Page 8 of 13
Address: 29844 Haun Rd.
MENIFEE, CA 92586
[signature page – Evidence IQ – Ballistics IQ
Municipal, State and Federal Law Enforcement AGENCY Agreement]
DocuSign Envelope ID: C6A5AF01-DC7F-4D7F-896B-2E12B36FD4DEDocuSign Envelope ID: 0B3CDAAB-1794-484E-BAFB-9715AA70602C
Evidence IQ, Inc. – Ballistics IQ Agreement Page 9 of 13
EXHIBIT A
Service Fees
DocuSign Envelope ID: C6A5AF01-DC7F-4D7F-896B-2E12B36FD4DEDocuSign Envelope ID: 0B3CDAAB-1794-484E-BAFB-9715AA70602C
Evidence IQ, Inc. – Ballistics IQ Agreement Page 10 of 13
Exhibit B
CJIS Requirements
EIQ and AGENCY agree on the importance of data security, integrity and system
availability and that these security objectives will only be achieved through shared responsibility.
EIQ and AGENCY agree they will more likely be successful with information security by use of the
EIQ-supplied technical controls and AGENCY’s use of those controls in conjunction with AGENCY’s
policies to protect the systems, data and privacy.
EIQ and AGENCY agree that AGENCY-owned and FBI-CJIS-supplied data in EIQ systems
does not meet the definition of FBI-CJIS provided Criminal Justice Information (“CJI”).
Regardless, EIQ agrees to treat the AGENCY-supplied information in EIQ systems as CJI. EIQ
will strive to meet those technical and administrative controls to ensure the tools are in place for
the proper protection of systems, information and privacy of individuals to the greatest degree
possible.
EIQ and AGENCY agree that information obtained or incorporated into EIQ systems may
be associated with records that are sensitive in nature having, tactical, investigative and
“Personally Identifiable Information.” As such, that information will be treated in accordance with
applicable laws, policies and regulations governing protection and privacy of this type of data.
EIQ and AGENCY agree that products and services offered by EIQ are merely an
investigative tool to aid EIQ’s customers in the course of their duties and that EIQ make no claims
that direct actions be initiated based solely upon the information responses or analytical results.
Further, EIQ and AGENCY agree that AGENCY is ultimately responsible for taking the
appropriate actions from results, hits, etc. generated by EIQ products and require ongoing training,
human evaluation, verifying the accuracy and currency of the information, and appropriate
analysis prior to taking any action.
Certain capitalized terms are defined in the FBI-CJIS Security Policy.
The parties agree as follows.
EIQ:
1. EIQ has established the use of the FBI-CJIS Security Policy as guidance for
implementing technical security controls in an effort to meet or exceed those requirements.
2. EIQ will appoint a CJIS Information Security Officer to act as a conduit to AGENCY’s
Contracting Government AGENCY and AGENCY Coordinator to receive any FBI-CJIS Security
Policy information and disseminate such information to the appropriate staff.
3. EIQ will adhere to FBI-CJIS Security Policy Awareness Training and Personnel
Screening standards as required by AGENCY.
4. EIQ will, by default, classify all AGENCY-supplied data and information related to
AGENCY-owned infrastructure, information systems or communications systems as “criminal
justice data.” All AGENCY information will be treated at the highest level of confidentiality by all
EIQ staff. EIQ has supporting guidance/policies for staff handling the full life cycle of information
DocuSign Envelope ID: C6A5AF01-DC7F-4D7F-896B-2E12B36FD4DEDocuSign Envelope ID: 0B3CDAAB-1794-484E-BAFB-9715AA70602C
Evidence IQ, Inc. – Ballistics IQ Agreement Page 11 of 13
in physical or electronic form and has accompanying disciplinary procedures for unauthorized
access, misuse or mishandling of that information.
5. EIQ will not engage in data mining, commercial sale, unauthorized access and/or use
of any of AGENCY-owned data.
6. EIQ will initiate its formal cyber Incident Response Procedures if any cyber incident
or data breach occurs.
7. EIQ will immediately inform AGENCY of any cyber incident or data breach, to
include DDoS, Malware, Virus, etc. that may impact or harm AGENCY’s data, systems or
operations so proper analysis can be performed and AGENCY’s Incident Response Procedures can
be initiated.
8. EIQ will only allow authorized support staff to access AGENCY’s account or
AGENCY’s data for AGENCY-related purposes.
9. EIQ will use training, policy and procedures to ensure support staff use proper
handling, processing, storing, and communication protocols for AGENCY’s data.
10. EIQ will protect AGENCY’s systems and data by monitoring and auditing staff user
activity to ensure that it is only within the purview of system application development, system
maintenance or the support roles assigned.
11. EIQ will inform AGENCY of any unauthorized, inappropriate use of data or systems.
12. EIQ will design software applications to facilitate FBI-CJIS-compliant information
handling, processing, storing and communication of AGENCY’s data.
13. EIQ will advise AGENCY when any software application or equipment technical
controls are not consistent with meeting FBI-CJIS Security Policy criteria for analysis and due
consideration.
14. EIQ will use the existing Change Management process to sufficiently plan for system
or software changes and updates with “rollback” plans.
15. EIQ will provide technical security controls that only permit authorized user access
to AGENCY-owned data and EIQ systems as intended by AGENCY.
16. EIQ will meet or exceed the FBI-CJIS Security Policy complex password construction
and change rules.
17. EIQ will only provide access to EIQ’s systems and AGENCY-owned information
through AGENCY managed role-based access and applied sharing rules configured by AGENCY.
18. EIQ will provide technical controls with additional levels of user Advanced
Authentication in physically non-secure locations.
19. EIQ will provide compliant FIPS 140-2 Certified 128-bit encryption for AGENCY-
owned data during transport and storage (“data at rest”) while in the custody and control of EIQ.
20. EIQ will provide firewalls and virus protection to protect networks, storage devices
and data.
DocuSign Envelope ID: C6A5AF01-DC7F-4D7F-896B-2E12B36FD4DEDocuSign Envelope ID: 0B3CDAAB-1794-484E-BAFB-9715AA70602C
Evidence IQ, Inc. – Ballistics IQ Agreement Page 12 of 13
21. EIQ will execute archival, purges and/or deletion of data as configured by AGENCY.
22. EIQ will provide auditing and alerting tools within the software applications so
AGENCY can monitor access and activity of EIQ support staff and AGENCY users for unauthorized
access, disclosure, alteration or misuse of AGENCY-owned data. EIQ support staff will only have
access when granted by AGENCY.
23. EIQ will only perform direct support remote access to AGENCY
systems/infrastructure when requested, authorized and physically granted access to the
applications/systems by AGENCY. This activity will be documented by both parties.
24. EIQ will create and retain activity transaction logs to enable auditing by AGENCY
and EIQ staff.
25. EIQ will provide physical protection for the equipment storing AGENCY data along
with additional technical controls to protect physical and logical access to systems and data.
26. EIQ will participate in any information or technical security compliance audit
performed by AGENCY or any state CJIS system agency or FBI-CJIS division.
27. EIQ will perform independent employment background screening for EIQ’s staff and
participate in additional fingerprint background screening as required by AGENCY.
28. EIQ agrees that all AGENCY-contributed data, including “hot-lists,” scans, user
information etc., will only be shared as designated by AGENCY and will remain the responsibility
and property of AGENCY.
AGENCY:
1. AGENCY will appoint an AGENCY Coordinator as a central point of contact for all
FBI-CJIS Security Policy-related matters and to assign staff that are familiar with the contents of
the FBI-CJIS Security Policy.
2. AGENCY will have the AGENCY Coordinator (a) provide timely updates with
specific information regarding any new FBI-CJIS, state or local information security policy
requirements that may impact EIQ compliance or system/application development and (b) facilitate
obtaining certifications, training, and fingerprint-based background checks as required.
3. AGENCY will inform EIQ when any FBI-CJIS Security Awareness Training,
personnel background screening or execution of FBI-CJIS Security Addendum Certifications is
required.
4. AGENCY will immediately inform EIQ of any relevant data breach or cyber incident,
to include DDoS, Malware, Virus, etc. that may impact or harm EIQ systems, operations, business
partners and/or other agencies, so proper analysis can be performed, and Incident Response
Procedures can be initiated.
5. AGENCY is responsible for the legality and compliance of information recorded,
submitted or placed in EIQ systems and use of that data.
6. AGENCY is responsible for proper equipment operation and placement of equipment.
DocuSign Envelope ID: C6A5AF01-DC7F-4D7F-896B-2E12B36FD4DEDocuSign Envelope ID: 0B3CDAAB-1794-484E-BAFB-9715AA70602C
Evidence IQ, Inc. – Ballistics IQ Agreement Page 13 of 13
7. AGENCY is responsible for vetting authorized user access to EIQ systems with due
consideration of providing potential access to non-AGENCY information.
8. AGENCY is responsible for control of persons granted access to purchased EIQ
systems, along with data stored and transmitted via EIQ systems.
9. AGENCY is responsible for all data security, handling and data protection strategies
from point of acquisition, during transport and until submission (“Hotlist upload”) into EIQ
systems.
10. AGENCY will reinforce AGENCY’s staff policies and procedures for secure storage
and protection of EIQ system passwords.
11. AGENCY will reinforce AGENCY’s staff policies for creating user accounts with only
government domain email addresses. Any exceptions must be granted in writing.
12. AGENCY will reinforce AGENCY’s staff policies for not sharing user accounts.
13. AGENCY will use EIQ role-based access as designed to foster system security and
integrity.
14. AGENCY controls, and is responsible for, appropriate use and data storage policies
as well as procedures for the data maintained outside the EIQ systems, including when any
information is disseminated, extracted or exported out of EIQ’s systems.
15. AGENCY controls, and is responsible for developing, policies, procedures and
enforcement for applying deletion/purging and dissemination rules to information within and
outside EIQ’s systems.
16. AGENCY is responsible for ensuring data and system protection strategies are
accomplished through the tools provided by EIQ for account and user management features along
with audit and alert threshold features.
17. AGENCY will use the “virtual escorting” security tools provided for managing
AGENCY’s system remote access and monitor EIQ support staff when authorized to assist
AGENCY.
18. AGENCY acknowledges that the EIQ-designed technical controls and tools will only
be effective in conjunction with AGENCY-created policies and procedures that guide user access
and appropriate use of the system.
19. AGENCY acknowledges that information and services provided through EIQ
products do not provide any actionable information and AGENCY users are responsible for the
validity and accuracy of their data and developing procedures to verify information with the record
owner and other systems, such as the National Crime Information Center, based upon the potential
lead generated.
M:\07\070366.01\11-24-20
DocuSign Envelope ID: C6A5AF01-DC7F-4D7F-896B-2E12B36FD4DEDocuSign Envelope ID: 0B3CDAAB-1794-484E-BAFB-9715AA70602C