REPORT/RECOMMENDATION TO THE BOARD OF SUPERVISORS
OF SAN BERNARDINO COUNTY
AND RECORD OF ACTION
December 7, 2021
FROM
LARRY AINSWORTH, Chief Information Officer, Innovation and Technology Department
SUBJECT
Title
Agreements with Xecurify Inc. dba miniOrange for WordPress Plugin
End
RECOMMENDATION(S)
Recommendation
1. Approve an End User License Agreement, including non-standard terms, with Xecurify Inc. dba miniOrange Security Software Private Limited, for a subscription to the miniOrange software WordPress plugin, for purchase amounts as authorized by County purchasing policies for the period of December 7, 2021, through December 6, 2026.
2. Approve a Service Level Agreement, including non-standard terms, with Xecurify Inc. dba miniOrange Security Software Private Limited, for a subscription to the miniOrange software WordPress plugin, for purchase amounts as authorized by County purchasing policies for the period of December 7, 2021, through December 6, 2026.
(Presenter: Larry Ainsworth, Chief information Officer, 388-5501)
Body
COUNTY AND CHIEF EXECUTIVE OFFICER GOALS & OBJECTIVES
Operate in a Fiscally-Responsible and Business-Like Manner.
FINANCIAL IMPACT
Approval of the End User License Agreement and the Service Level Agreement will not result in the use of Discretionary General Funding (Net County Cost). The Agreements are non-financial in nature and do not commit the County to make any purchases. If future purchases are made under these Agreements, the Innovation and Technology Department (ITD) will adhere to County purchasing policies and return to the Board of Supervisors (Board) for approval, if necessary.
BACKGROUND INFORMATION
ITD continues to modernize its existing platform for web content creation to provide enhanced functionality by using the open-source content management system, WordPress, for its templates and plugin architecture. A plugin is a third-party software component that enables customization by adding a specific feature to a website or application. By utilizing plugins, ITD can extend and expand the functionality of web content and application management platforms. The miniOrange plugin enhances site performance and response time for WordPress sites.
The Xecurify Inc. dba miniOrange Security Software Private Limited (Xecurify) End User License Agreement (EULA) and the Service Level Agreement (SLA) are Xecurify’s standard commercial agreements, which include terms that differ from the standard County contract and omit certain County standard contract terms. The non-standard and missing terms include the following:
1. Both the EULA and the SLA are silent on governing law
• The County standard contract requires California governing law.
• Potential Impact: Remaining silent on governing law results in uncertainty over which state’s laws will govern the interpretation of the contract, and leads to ambiguity in interpretation of the contract terms. Xecurify is registered as a Wyoming corporation. The contract could be interpreted under any state law depending on where the claim is brought, including Wyoming or California. Any questions, issues or claims arising under this contract could require the County to hire outside counsel competent to advise on the applicable state law, which may result in fees that exceed the total contract amount.
2. Xecurify may change the terms of the EULA at any time without notice in its sole discretion.
• The County standard contract requires that any changes to the contract to be reduced to writing, executed and attached to the original Contract and approved by the person(s) authorized to do so on behalf of Contractor and County.
• Potential Impact: The County could be agreeing to new terms without review by anyone, including County Counsel, and without the approval of the new terms by the Board. County Counsel cannot advise on whether and to what extent any other state law may affect the enforceability of unilateral changes to the terms.
3. Xecurify may assign the EULA or the SLA without notice to the County and without the County’s approval.
• The County must approve any assignment of the contract.
• Potential Impact: Xecurify could assign the contract to a third party or business with which the County is legally prohibited from doing business due to issues of Federal debarment or suspension and conflict of interest, without the County’s knowledge. County Counsel cannot advise on whether and to what extent any state law other than California may permit or restrict a party’s right to assign without an express provision in the contract.
4. Neither the EULA nor the SLA address attorneys’ fees and costs.
• The County standard contract requires each party to bear its own costs and attorney fees, regardless of who is the prevailing party.
• Potential Impact: There is no provision in the contract addressing each party’s responsibility for paying attorneys’ fees. Under California law, attorneys’ fees are not recoverable by the prevailing party in a contract dispute unless the contract specifically provides for such recovery. County Counsel cannot advise on, whether and to what extent, any state law other than California may affect a party’s requirement to pay the prevailing party’s attorneys’ fees and costs in a legal action where no specific provision is provided in the contract.
5. Neither the EULA nor the SLA require Xecurify to indemnify the County, as required by County Policy 11-07.
• The County standard contract indemnity provision requires the Contractor to indemnify, defend, and hold County harmless from third party claims arising out of the acts, errors or omissions of any person. The standard contract provision for intellectual property indemnity is: Contractor will indemnify, defend, and hold harmless County and its officers, employees, agents and volunteers, from any and all third party claims, costs (including without limitation reasonable attorneys’ fees), and losses for infringement of any United States patent, copyright, trademark or trade secret (Intellectual Property Rights) by any goods or services.
• Potential Impact: If the County is sued for any claim, including intellectual property infringement based on its use of Xecurify’s software or services, the County may be solely liable for the costs of defense and damages, which could exceed the total contract amount. County Counsel cannot advise on whether and to what extent any state law other than California may allow the County to require Xecurify to defend or indemnify it absent an express provision in the contract.
6. Neither the EULA nor the SLA requires Xecurify to meet the County’s insurance standards as required pursuant to County Policy 11-07.
• The County Policy requires contractors to carry appropriate insurance at limits and under conditions determined by the County’s Risk Management Department and set forth in the County standard contract.
• Potential Impact: The contract does not include County standard insurance requirements. This means that the County has no assurance that Xecurify will be financially responsible for claims that may arise from the County’s use of the software, which could result in expenses to the County that exceed the total contract amount.
7. Xecurify limits its liability to the County under the SLA to the amounts actually paid to Xecurify.
• The County standard contract does not include a limitation of liability.
• Potential Impact: Claims could exceed the liability cap and the contract amount leaving the County financially liable for the excess. In addition, the County’s liability under the contract is not similarly limited. County Counsel cannot advise on, whether and to what extent, any law other than California law may limit or expand the exclusion of limits to the extent prohibited by applicable law.
8. The term of the EULA is perpetual. The term of the SLA is indefinite.
• County Policy 11-06SP does not permit indefinite term or automatically renewing contracts unless approved by the Board.
• Potential Impact: There is no end term to the contract and the County is indefinitely bound to the terms and conditions of the contract until terminated by Xecurify or until the County ceases use of the Xecurify software and services.
9. There is no stated venue in either the EULA or the SLA.
• The County standard contract requires venue for disputes in Superior Court of California, County of San Bernardino, San Bernardino District.
• Potential Impact: Xecurify is organized under the laws of the State of Wyoming with a principal office located in Laramie County, Wyoming. Having no express venue in the contract means that Laramie County, Wyoming venue could be applied to the EULA or SLA, which may result in additional expenses that exceed the amount of the contract.
10. Xecurify provides the software “AS IS” and disclaims all warranties of any kind.
• There is no warranty requirement in the County standard contract. The County expects its vendors and service providers to fully warrant the products and services they provide to the County.
• Potential Impact: The County’s use of the software is solely at its own risk. Under California law, sellers are not required to provide any warranty. County Counsel cannot advise on, whether and to what extent, any other state law may limit or expand the disclaimers of warranty to the extent prohibited by applicable law.
ITD recommends approval of the End User License Agreement and the Service Level Agreement, including the non-standard terms, to utilize this plugin to enhance site performance and response time for WordPress sites.
PROCUREMENT
The End User License Agreement and the Service Level Agreement, including non-standard terms, will be used to accompany future purchase orders to be approved, as necessary, per County Policy 11-04 Procurement of Goods, Supplies, Equipment and Services.
REVIEW BY OTHERS
This item has been reviewed by County Counsel (Bonnie Uphold, Deputy County Counsel, 387-5455) on October 28, 2021; Purchasing (Michelle Churchill, Supervising Buyer, 387-2070) on October 28, 2021; Risk Management (Victor Tordesillas, Director, 386-8623) on November 29, 2021; Finance (Sofia Almeida, Administrative Analyst, 387-43782) on November 17, 2021; and County Finance and Administration (Paloma Hernandez-Barker, Deputy Executive Officer, 387-5423) on November 18, 2021.