CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS DOCUMENT, MARKED BY [***],
HAS BEEN OMITTED BECAUSE IT IS NOT MATERIAL AND WOULD LIKELY CAUSE COMPETITIVE
HARM TO THE COMPANY IF PUBLICLY DISCLOSED.


SOFTWARE AS A SERVICE (SaaS) AGREEMENT


This SOFTWARE AS A SERVICE (SaaS) AGREEMENT (“Agreement”) is made this 1st day
of November, 2015 (“Effective Date”) by and between Anthem, Inc., an Indiana
corporation (“Anthem”), and Castlight Health, Inc., a Delaware corporation
(“Castlight”), and describes the terms under which Castlight will provide
certain software and services to Anthem.
In consideration of the covenants and agreements contained herein, and other
good and valuable consideration, the receipt and sufficiency of which is hereby
acknowledged, the Parties agree to the terms and conditions contained in this
Software as a Service (SaaS) Agreement.
1.GENERAL


1.1 Definitions. Capitalized terms used herein shall have the meanings ascribed
to them in the body of this Agreement and/or in the Order Schedules, Exhibits
and other documents attached hereto, or as defined below. Terms other than those
defined herein shall be given their plain English meaning, and those terms known
in the information technology industry shall be interpreted in accordance with
their generally known meanings. Unless the context otherwise requires, words
importing the singular include the plural and vice-versa.


1.1.1 “Affiliate” means any entity controlling or controlled by or under common
control with a Party, at the time of execution of the Agreement and any time
thereafter, where “control” is defined as (a) the ownership of at least fifty
percent (50%) of the equity or beneficial interest of such entity, or (b) any
other entity with respect to which such Party has significant management or
operational responsibility (even though such Party may own less than fifty
percent (50%) of the equity of such entity).


1.1.2 “Authorized User(s)” means with respect to the Services (other than the
publicly available portal) any individual who is at least 18 years of age, and
eligible as determined by Plan to receive Covered Services under a health
benefit Plan, in each case solely to the extent that with respect to such person
there is an effective Order Schedule for such person’s access to the Services. 
Individuals accessing the publicly available portal shall be Authorized Users
solely with respect to such access of the publicly available portal.  For all
purposes related to this Agreement, including all schedules, attachments,
exhibits, manual(s), notices and communications related to this Agreement, the
term “Covered Individual” may be used interchangeably with the terms insured,
Member or Enrollee, and the meaning of each is synonymous with any such other.


1.1.3 BCBSA” means the Blue Cross and Blue Shield Association


1.1.4 “BCBSA Requirements” means those requirements with which Anthem and its
affiliates must comply pursuant to their license agreements with the Blue Cross
and Blue Shield Association. These requirements include but are not limited to:
(a) the requirements established by the Blue Cross Blue Shield Association
(“BCBSA”), governing access to and use of the BCBS Axis Data and, as applicable,
the Claims Data (the “BCBSA Axis Requirements”); and (b) co-branding
requirements pertaining to the use of trade names and marks, to the extent
applicable to the Services (the “BCBSA Co-branding Requirements”). The BCBSA
Axis Requirements identified as of the effective date hereof are enumerated in
Exhibit J to this Agreement. The BCBSA Co-branding Requirements identified as of
the effective date hereof are summarized in Exhibit J to this Agreement.
Castlight acknowledges the obligations of Anthem and its affiliates to comply
with all applicable BCBSA requirements, which
Software as a Service (SaaS) Agreement REV. December 2014 Page 1





--------------------------------------------------------------------------------

CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS DOCUMENT, MARKED BY [***],
HAS BEEN OMITTED BECAUSE IT IS NOT MATERIAL AND WOULD LIKELY CAUSE COMPETITIVE
HARM TO THE COMPANY IF PUBLICLY DISCLOSED.


compliance is Anthem’s responsibility, and agrees to cooperate with Anthem in
ensuring such compliance. Within thirty (30) days from notice unless the Parties
mutually agree to a different timeframe, Castlight agrees to comply with BCBSA
Requirements issued after the Effective Date and agrees to perform remediation
if Anthem determines Castlight is noncompliant with applicable BCBSA
Requirements, provided Anthem explains what specific rule necessitates a change
and/or remediation upon each such notice.


1.1.1 “Collaboration Agreement” shall mean that certain Reference Based Benefits
Collaboration Agreement entered into by the Parties effective as of January 18,
2013, including all amendments thereto.


1.1.2 “Confidential information” has the meaning ascribed in Section 9.2.


1.1.3 “Covered Service” means a medical procedure, service, or treatment that is
covered under a health plan insured or administered by an Anthem Company.


1.1.4 “Documentation” shall mean all descriptions, instructions or other
materials that are incorporated into this Agreement during the Term which
describe the specifications, operation, functionality or other information
regarding the Castlight System or Subscription Service.


1.1.5  “Exhibit” or “Exhibits” shall include, when applicable, the Business
Associate Agreement (BAA), the Federal Government Services Addenda (Exhibits B
and D), the Medicare Compliance Specialty Exhibit (Exhibit C), the Diversity
Supplier Compliance Exhibit (Exhibit E), the Medicaid Requirements (Exhibit F)
and/or any other exhibits attached hereto.


1.1.6 “Force Majeure Event” has the meaning ascribed in Section 18.8 below.


1.1.7 HIPAA” means the Health Insurance Portability and Accountability Act of
1996 and the regulations promulgated thereunder at 45 C.F.R. §§ 160-164.


1.1.8  “Intellectual Property” means all concepts, inventions (whether or not
protected under patent laws), works of authorship, information fixed in any
tangible medium of expression (whether or not protected under copyright laws),
moral rights, mask works, trademarks, trade names, trade dress, trade secrets,
publicity rights, names, likenesses, know-how, ideas (whether or not protected
under trade secret laws) and all other subject matter protected under patent (or
which is not patented, but is subject matter that is protected under patent
law), copyright, mask work, trademark, trade secret, or other laws, whether
existing now or in the future, whether statutory or common law, in any
jurisdiction in the world, for all media now known or later developed, including
all new or useful art, combinations, discoveries, formulae, algorithms,
specifications, manufacturing techniques, technical developments, systems,
computer architecture, artwork, software, programming, applets, scripts,
designs, processes and methods of doing business.


1.1.9 “Jointly Developed Product(s)” shall mean any product that is jointly
created by both Parties in the course of the collaboration pursuant to a
mutually agreed separate Order Schedule.



Software as a Service (SaaS) Agreement REV. December 2014 Page 2





--------------------------------------------------------------------------------

CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS DOCUMENT, MARKED BY [***],
HAS BEEN OMITTED BECAUSE IT IS NOT MATERIAL AND WOULD LIKELY CAUSE COMPETITIVE
HARM TO THE COMPANY IF PUBLICLY DISCLOSED.


1.1.10 Non-Anthem Blue Plan” means an independent Blue Cross and/or Blue Shield
health plan which is a licensee of the Blue Cross and Blue Shield Association
that is not an Anthem company.



1.1.11  “Nonpublic Personal Financial Information” or “NPFI” shall have the same
meaning as “Nonpublic Personal Information” in 15 USC, Subchapter I, Sec.
6801-6809, of the Gramm-Leach-Bliley Act. NPFI may also be referred to herein as
“Personally Identifiable Information.”


1.1.12 “Notice” shall have the meaning ascribed in Section 18.5 below.


1.1.13 “Order Schedule” shall mean any order document, Statement of Work,
Service Order Form or purchase order executed by the Parties noting the
Subscription Service and/or types of Services Castlight shall provide and
corresponding pricing. Each Order Schedule will incorporate terms of the
Agreement.


1.1.14 “Party” means Anthem or Castlight; “Parties” means Anthem and Castlight.


1.1.15 “Plan” means an Anthem Affiliate that contracts with individuals,
employers, and other entities to administer, arrange, insure, provide, and
underwrite health services for Covered Individuals, as that term is defined
herein.


1.1.16 “Protected Health Information” or “PHI” shall have the same meaning as
the term “Protected Health Information” in 45 C.F.R. § 160.103, limited to the
information created or received by Castlight from or on behalf of Anthem.


1.1.17 “Castlight System” means the software, hardware, middle ware, servers, or
any other item operated by or behalf of Castlight, and communications
connectivity used in conjunction with the foregoing.


1.1.18 “Services” means the services to be provided by Castlight under this
Agreement and any Order Schedule including, without limitation, access to, and
use of, the Subscription Services, technical support and training.


1.1.19 “Service Levels” means those requirements set forth on Exhibit G attached
hereto.


1.1.20 “Subscription Service” shall mean the online services, computer
applications, associated user interfaces, help resources, and any related
technology to be made available by Castlight via the Castlight System and the
Internet that are specified on any Order Schedule to this Agreement, together
with all security devices, and any proprietary third party software that is
provided as part of or that accompanies the Subscription Service.


1.1.21 “Anthem Data” means the data that Anthem agrees to release to Castlight
as needed to provide the Services and which shall consist of the types of data
outlined in the applicable Order Schedule.



Software as a Service (SaaS) Agreement REV. December 2014 Page 3





--------------------------------------------------------------------------------

CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS DOCUMENT, MARKED BY [***],
HAS BEEN OMITTED BECAUSE IT IS NOT MATERIAL AND WOULD LIKELY CAUSE COMPETITIVE
HARM TO THE COMPANY IF PUBLICLY DISCLOSED.


1.2 The definitions contained in this Agreement shall apply to each Exhibit or
Order Schedule.


1.3 Each Order Schedule and each amendment thereto must be signed by both
Parties and must state that it is made pursuant to this Agreement. Each Order
Schedule shall constitute a separate agreement which incorporates the terms and
provisions of this Agreement. The provisions of this Agreement shall control
over any conflicting provisions in an Order Schedule or Exhibit, except to the
extent the Order Schedule or Exhibit indicates the clear intent of the parties
that such conflicting term prevail over a term or condition of this Agreement.
Notwithstanding the foregoing or any other provision of this Agreement to the
contrary, in the event of any inconsistency or conflict between the terms and
conditions of this Agreement and the terms and conditions of any of the
following exhibits, if such Exhibits are attached to this Agreement, then the
terms and conditions of the following specified Exhibits shall prevail over the
terms and conditions of the main body of this Agreement or Order Schedule: ( i)
Business Associate Agreement; (ii) Federal Government Services Addenda; (iii)
Medicare Compliance Specialty; and (iv) Medicaid Requirements. An Order Schedule
may contain additional terms, provided that the terms do not conflict with the
provisions of this Agreement.


1.4 Interpretation. The use of the terms “including,” “include” or “includes”
shall in all cases herein mean “including without limitation,” “include without
limitation” or “includes without limitation,” respectively.


1.5 Number and Gender. Words importing the singular include the plural and words
importing the masculine include the feminine and vice versa where the context so
requires.


1.6 No Primary Drafter. The Parties acknowledge and agree that they have
mutually negotiated the terms and conditions of this Agreement and that any
provision contained herein with respect to which an issue of interpretation or
construction arises shall not be construed to the detriment of the drafter on
the basis that such Party or its professional advisor was the drafter, but shall
be construed according to the intent of the Parties as evidenced by the entire
Agreement.


1.7 Benefits of this Agreement. All rights and benefits granted hereunder to
Anthem may be exercised and enjoyed by any Affiliate of Anthem, and all such
rights and benefits (including without limitation, all licenses granted by
Castlight hereunder) shall be deemed to be granted to all Anthem Affiliates.
Further, for purposes of calculating discounts available under this Agreement
that are based on volume, quantity or other measurement factor, the total volume
of all Anthem Affiliates shall be counted to determine whether the applicable
volume, quantity or other measurement factor has been achieved.


1.8 No Commitment. Unless otherwise agreed to in an executed Order Schedule,
Castlight understands and agrees that Anthem offers no commitments or guarantee
of any minimum volume of purchases or of revenues under this Agreement and that
Castlight may not be Anthem’s sole provider of similar applications or services.
This Agreement is nonexclusive and does not grant Castlight an exclusive right
to provide Anthem with any kind of services, deliverables or licensed products
and Anthem may use its own employees, other independent contractors and/or other
suppliers to perform the same or similar services or provide the same or similar
licensed products as are to be performed and/or provided by Castlight hereunder.


1.9 Anthem Policies and Procedures. In addition to all other obligations
contained herein, Castlight and its subcontractors shall adhere to the Anthem
policies and procedures, as applicable, and further described in this Section
1.9 and this Agreement. The policies and procedures are expressly
Software as a Service (SaaS) Agreement REV. December 2014 Page 4





--------------------------------------------------------------------------------

CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS DOCUMENT, MARKED BY [***],
HAS BEEN OMITTED BECAUSE IT IS NOT MATERIAL AND WOULD LIKELY CAUSE COMPETITIVE
HARM TO THE COMPANY IF PUBLICLY DISCLOSED.


referenced and incorporated into this Agreement and are either attached as
Exhibits to this Agreement and/or provided to Castlight via the web site address
listed below (or any successor site or communicate designated by Anthem).
Castlight shall adhere to policies and procedures as amended subsequent to the
Effective Date of this Agreement necessary for statutory or regulatory
compliance, provided: (a) Castlight is given reasonable written notice (email is
acceptable) of such amendments prior to being required to adhere to such
policies and procedures; and (b) if there are any additional costs for Castlight
to comply with such amended Company policies and procedures, the parties will
confer in good faith to reach a mutually agreeable resolution regarding
Castlight’s additional cost of compliance. To the extent Anthem amends its
policies or procedures other than as necessary for statutory or regulatory or
BCBSA compliance, Anthem will provide Castlight written notice of such
amendments (email is acceptable), and the parties shall discuss in good faith
Castlight’s compliance with such amended policies and/or procedures.


Anthem Supplier Relations webpage:
http://www.antheminc.com/prodcontrib/groups/wellpoint/@wp_suppliers/documents/wlp_assets/pw_e226861.pdf


aProcurement Process Technology and Electronic Signatures
bSupplier Code of Conduct
cReimbursable Expense Guidelines
dExhibit A: The Business Associate Agreement entered into by the Parties on
September 12, 2013 is incorporated herein by reference.
eExhibit B: Intentionally Omitted.
fExhibit C: Intentionally Omitted
gExhibit D: Intentionally Omitted.
hExhibit E: Minority and Women’s Business Enterprise Compliance
iExhibit F: Medicaid Requirements
•Exhibit F-1 California Medicaid Subcontract Exhibit
•Exhibit F-2 Medicaid Exhibit Indiana HHW HIP HCC
•Exhibit F-3 Massachusetts Medicaid Requirements for Vendors
•Exhibit F-4 New York Medicaid Requirements - Vendors
•Exhibit F-5 Medicaid Exhibit South Carolina
•Exhibit F-6 Medicaid Exhibit Texas (Anthem)
•Exhibit F-7 Virginia Medicaid Requirement
•Exhibit F-8 West Virginia Medicaid Requirements - Vendor
•Exhibit F-9 Medicaid Exhibit Wisconsin
•Exhibit F-10 Florida Medicaid Subcontract Exhibit
Software as a Service (SaaS) Agreement REV. December 2014 Page 5





--------------------------------------------------------------------------------

CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS DOCUMENT, MARKED BY [***],
HAS BEEN OMITTED BECAUSE IT IS NOT MATERIAL AND WOULD LIKELY CAUSE COMPETITIVE
HARM TO THE COMPANY IF PUBLICLY DISCLOSED.


•Exhibit F-11 Kansas Medicaid Subcontract Exhibit
•Exhibit F-12 Medicaid Exhibit Louisiana
•Exhibit F-13 Medicaid Exhibit Maryland
•Exhibit F-14 New Jersey Medicaid Subcontract Exhibit
•Exhibit F-15 Medicaid Exhibit Nevada
•Exhibit F-16 Medicaid Exhibit Tennessee
•Exhibit F-17 Medicaid Tennessee BAA – Utilize for all TN Vendors
•Exhibit F-18 Medicaid Exhibit Texas (Amerigroup)
•Exhibit F-19 Medicaid Exhibit Kentucky
•Exhibit F-20 Medicaid Exhibit Washington
•Exhibit F-21 Georgia Medicaid Exhibit


o Exhibit G: Service Levels
o Exhibit H: Required Information Security Controls
o Exhibit I: Qualified Health Plans
o EXHIBIT J: BCBSA Requirements
§ Exhibit J-1: BCBSA Axis Requirements
§ Exhibit J-2: BCBSA Co-Branding Requirements
§ Exhibit J-3: Patient User Review Requirements
o EXHIBIT K: NCQA Requirements – Division of Responsibilities
o EXHIBIT L: Pricing Exhibit
o EXHIBIT M: Jointly Developed Products
o EXHIBIT N: Approved Subcontractors and Service Locations
o Exhibit O: Competitors
o Exhibit P: Medicare Medicaid Dual Integration Regulatory Exhibits
§ Exhibit P -1: New York Dual Integration Regulatory Exhibit
§ Exhibit P-2: Texas Dual Integration Regulatory Exhibit
§ Exhibit P-3: Virginia Dual Integration Regulatory Exhibit


2.SUBSCRIPTION RIGHTS



Software as a Service (SaaS) Agreement REV. December 2014 Page 6





--------------------------------------------------------------------------------

CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS DOCUMENT, MARKED BY [***],
HAS BEEN OMITTED BECAUSE IT IS NOT MATERIAL AND WOULD LIKELY CAUSE COMPETITIVE
HARM TO THE COMPANY IF PUBLICLY DISCLOSED.


2.1 Castlight hereby grants Anthem and its Affiliates and their Authorized
Users, solely to the extent described in an applicable Order Schedule, a
subscription to access that portion of the Castlight System so described and
access and use the Subscription Service and all related Documentation so
described. Castlight acknowledges and agrees that (i) the Castlight System and
Subscription Service may be accessed and used by the number of users, on the
number of computers or equipment, and/or at the number of sites, for the term
and limited to the functionality set forth in the applicable Order Schedule, as
well any other computers owned, leased or otherwise used by Anthem or its
Affiliates, and their respective employees or agents that are electronically
linked to Anthem’s or its Affiliates’ servers; (ii) Anthem’s and Anthem
Affiliates’ agents, contractors, consultants, suppliers, customers and
third-party service providers are authorized to exercise the rights granted to
Anthem and its Affiliates in this Section 2.1 in furtherance of services
provided to Anthem and its Affiliates subject to requirements set forth in
Section 4.3 (Cooperation With and Access by Third Parties); (iii) the Castlight
System and Subscription Service may be used for Anthem’s and Anthem Affiliates’
normal business purposes solely to the extent described in an applicable Order
Schedule.


2.2 Service Levels. Castlight shall provide Subscription Services to Anthem in
accordance with the terms set forth on Exhibit G attached hereto.



3.IMPLEMENTATION; ACCEPTANCE TESTING


3.1 Implementation. A Preliminary Implementation Plan has been developed by the
Parties prior to the Effective Date hereof.  A comprehensive Detailed
Implementation Plan for implementation of the Castlight System (together with
the Preliminary Implementation plan to be referred to collectively as the
“Implementation Workplan”) shall be prepared by Castlight and approved by Anthem
and incorporated into the applicable Order Schedule. The Implementation Workplan
shall include where applicable, but not be limited to management and staffing
resources as required by both Parties, configuration schedule and
specifications, training schedule, testing schedules and implementation budget.
Such project plan shall further detail any other Services to be provided by
Castlight and Anthem. Failure of Castlight to perform its obligations
substantially in accordance with the Implementation Workplan shall constitute a
material breach of this Agreement, provided, however, that Castlight shall not
be responsible for any failure to meet any obligation in the Implementation
Workplan to the extent such failure is caused by the delays or other failure of
Anthem to meet its obligations under the Implementation Workplan.
3.2 Acceptance Testing for Castlight System and Subscription Service. Unless
otherwise specifically indicated herein, Anthem shall have thirty (30) days (the
“Acceptance Period”) after receipt of Castlight’s written notice (which notice
shall be provided in accordance with Section 17.4 and Castight shall use best
efforts to determine that Anthem received such notice) that Anthem has access to
the Castlight System to test, review and evaluate the Castlight System and
Subscription Service (“Acceptance”) for compatibility with Anthem’s relevant
infrastructure and for conformance with the (a) published specifications for the
Castlight System and Subscription Service; (b) representations made to Anthem
regarding such Subscription Service; and (c) operational requirements set forth
by Anthem in the Order Schedule, or if none stated, then the criteria shall be
Anthem’s reasonable acceptance. During the Acceptance Period, Anthem shall
provide Castlight with either written notice of acceptance or, if in Anthem’s
reasonable discretion the Subscription Service does not comply in any material
way with the applicable specifications, written notice of rejection, which shall
specify, in reasonable detail, the reason(s) why the Subscription Service fails
to meet the applicable specifications. Upon receipt of any such notice of
rejection, Castlight shall exercise commercially reasonable efforts to correct
the
Software as a Service (SaaS) Agreement REV. December 2014 Page 7





--------------------------------------------------------------------------------

CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS DOCUMENT, MARKED BY [***],
HAS BEEN OMITTED BECAUSE IT IS NOT MATERIAL AND WOULD LIKELY CAUSE COMPETITIVE
HARM TO THE COMPANY IF PUBLICLY DISCLOSED.


deficiencies at no cost to Anthem, and to provide Anthem with access to the
modified Castlight System and Subscription Service as soon as practicable, but
not to exceed forty five (45)) days from Anthem’s notice. Commencing upon
Castlight’s provision of the modified Subscription Service, Anthem shall have
twenty (20) days to test, review and evaluate such modifications. If Anthem does
not furnish any written notice of acceptance or non-acceptance to Castlight as
required above, prior to the end of the applicable Acceptance Period, then
Castlight will give the Anthem and the SPCC (as defined in Section 17.1.1)
written notice of Anthem’s failure to provide notice of acceptance or
non-acceptance (and Castlight shall again use best efforts to determine that
Anthem and the SPCC have received such notice). In the event that Castlight has
not received written notice of acceptance or non-acceptance of the applicable
Subscription Service within ten (10) business days after Anthem’s receipt of
such notice, then and only then will Anthem will be deemed to have accepted the
applicable Subscription Service. If after repeating the process set forth in the
preceding sentences three times Castlight has not corrected all material
deficiencies, as determined in Anthem’s reasonable good faith discretion, ,
Anthem may (1) terminate this Agreement immediately and/or (2) terminate any
applicable Order Schedule and the Parties agree to meet and confer in good faith
to determine applicable fees Castlight will pay to Anthem as a result of the
failed Services.


4.TRAINING, SUPPORT AND COOPERATION


4.1 Training. Castlight will provide Anthem and its Affiliates and its and their
employees that primarily perform functions in the sales, account management
and/or service operations functions for Anthem) with training on the Core
Transparency Service. The training will consist of Castlight providing such
Anthem employees with “train-the-trainer” type of training with respect to the
functions, features, operation of the Core Transparency Service, which training
may be provided via webinar or other remote means (and which training may be
posted by Anthem and made available to other Anthem employees). Upon mutual
agreement of the Parties, such training will include attendance by
Anthem-identified individuals at Castlight’s internal training programs


4.2 Support. Castlight shall provide Anthem and its Authorized Users technical
support regarding the use of the Castlight System and the Subscription Service.
Such support shall be as described in the applicable Order and as further
described in the Service Levels. Castlight also will provide to Anthem any
revisions to the existing Documentation necessary to reflect the foregoing.


4.3 Cooperation with and Access by Third Parties. Anthem may from time to time
hire outsourcers, subcontractors, consultants, or other third Parties (“Anthem
Third-Party Contractors”) to perform services or provide products relating to
Anthem’s business or the business of an Anthem Affiliate. Such services and
products provided by Anthem Third-Party Contractors, may be integrated with the
Services or Castlight Materials provided by Castlight hereunder (an “Integrated
Project”) upon Castlight’s prior written consent, which may be via email and
which shall not be unreasonably withheld. Castlight shall cooperate with and
work in good faith with any Anthem Third-Party Contractor(s) as requested by
Anthem. Such cooperation may include knowledge sharing of standards, policies,
quality assurance and testing processes, as applicable, to ensure smooth
deployment of Integrated Projects and/or the smooth and efficient transition of
any Services (or component of Services) to, from, or among Anthem, Castlight and
any Third Party Contractor. Castlight may require such Third Party Contractors
to execute direct non-disclosure agreements with terms no more restrictive than
the confidentiality terms contained herein prior to accessing the Services or
Castlight System (such non-disclosure agreements “Castlight NDAs”). Access shall
be limited to Third Party Contractors that: (a) that have executed a Castlight
NDA; (b) need access in connection with the performance of services for Anthem
for an applicable SOF; and (c) are not Competitors (as defined below) of
Castlight. For the purposes of this
Software as a Service (SaaS) Agreement REV. December 2014 Page 8





--------------------------------------------------------------------------------

CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS DOCUMENT, MARKED BY [***],
HAS BEEN OMITTED BECAUSE IT IS NOT MATERIAL AND WOULD LIKELY CAUSE COMPETITIVE
HARM TO THE COMPANY IF PUBLICLY DISCLOSED.


Section 4.3 , Competitors shall mean entities providing direct-to-client
products that enable employers to optimize the delivery of healthcare benefits
and improve employee decision-making. Castlight Materials, and/or Deliverables,
as applicable, as reasonably required for such Third Party Contractors to
perform functions for and on behalf of Anthem or any Anthem Affiliate; and
provided that such Third Party Contractors shall use or access the Castlight
Materials and/or Services solely for Anthem’s benefit and shall have agreed to
confidentiality provisions no less restrictive than those contained in this
Agreement, and Anthem shall remain responsible for such Third Party Contractor’s
use or access to the Castlight Materials and/or Services in accordance with the
terms of this Agreement.


5.BUSINESS CONTINUITY/DISASTER RECOVERY; FLIP-OVER RIGHTS.


5.1 Castlight represents and warrants that its enterprise business continuity
program complies with ISO 22301 standards. Castlight shall also comply with the
business continuity requirements set forth in the Vendor Agreement between the
Parties dated September 12, 2013, as amended, incorporated herein by reference.


5.2 Anthem may exercise Flip-Over Rights (as defined below) at any time during
the period that the Castlight fails to restore Services in accordance with the
applicable and approved BCP and included RTO(s) and, upon written request cannot
provide adequate assurances that restoration of services will occur reasonably
soon (as reasonably determined by Anthem), and, in doing so, may take other
action as is reasonably necessary to provide similar services during the period
the Services are disrupted. Castlight shall cooperate with Anthem and its
agents, as applicable, in the exercise of such Flip-Over Rights and provide
reasonable assistance at no charge to Anthem to promptly restore such disrupted
Services. Castlight shall not be entitled to receive any charges to the extent
they relate to Services performed by Anthem and all costs associated with the
exercise of such Flip-Over Rights shall be borne by Castlight. Such Flip-Over
Rights shall continue until Castlight demonstrates to Anthem’s reasonable
satisfaction that Castlight is able to resume performance of the Services with
appropriate mitigation in place designed to prevent further BCP failures for the
Services. Such exercise of Flip-Over Rights shall not constitute a waiver by
Anthem of any termination rights or rights to pursue a claim for damages arising
out of the failure that led to the Flip-Over Rights being exercised. Flip-Over
Rights shall mean that Anthem may use its own proprietary tools and/or another
website or websites to provide information to Authorized Users as Anthem may
determine is reasonably under the circumstances.



6.INVOICING AND PAYMENT; AUDIT.


6.1 Payment of Fees and Expenses. Castlight shall invoice Anthem for the fees
set forth in each Order Schedule, as applicable (“Fees”). Except for the Fees
and expenses agreed to in an applicable Order Schedule and not otherwise
incurred in violation of this Agreement (“Expenses”), no other amounts shall be
charged by Castlight or payable by Anthem. Neither party shall not have any
right of offset against amounts owed to it by the other party.


6.2 Invoices. Castlight shall invoice Anthem for all Fees and, if applicable,
Expenses via the Anthem Invoice online tool in accordance with the then current
requirements at http://www.Anthem.com/business/policies_procedures.asp and as
stated in the Procurement Process Technology and Electronic Signatures
provisions therein for all invoices less than five hundred thousand dollars
($500,000.00). For all invoices greater than five hundred thousand dollars
($500,000.00), Castlight will retain the right to invoice Anthem directly, not
through Anthem’s Procurement Process
Software as a Service (SaaS) Agreement REV. December 2014 Page 9





--------------------------------------------------------------------------------

CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS DOCUMENT, MARKED BY [***],
HAS BEEN OMITTED BECAUSE IT IS NOT MATERIAL AND WOULD LIKELY CAUSE COMPETITIVE
HARM TO THE COMPANY IF PUBLICLY DISCLOSED.


Technology, and Anthem will pay Castlight directly.   Castlight will be solely
responsible for all expenses associated with transmitting and receiving
documents via Anthem’s Procurement Process Technology. Castlight shall not
charge Anthem for researching, reporting or correcting errors related to
invoices. The invoice date shall not be earlier than the date on which Castlight
is entitled to payment under the applicable Order Schedule, or if not specified
in the Order Schedule, invoices will be issued monthly in advance. Castlight
shall give Anthem at least ninety (90) days prior written notice of any increase
in rate. Anthem shall not be responsible for any Fees or Expenses invoiced more
than four (4) months after the close of the month to which such fees or expenses
relate. Each such invoice shall contain sufficient detail to allow Anthem to
identify all Licensed Products and their corresponding Fee.



6.3 Payment by Anthem. Upon Acceptance of the Subscription Service and/or
Services, in accordance with any acceptance criteria provided in this Agreement
and in each applicable Order Schedule and receipt of a correct and undisputed
invoice, Anthem shall


(i) pay Fees net fifty (50) days with no discount;


(ii) if applicable, pay Expenses net fifty (50) days with no discount; and


6.4 (iii) and pay the amounts in accordance with Anthem’s then-current payment
policies (e.g. payment via ACH electronic payment to Castlight’s financial
institution per instructions in Anthem’s ACH electronic payment form).

6.5 If Anthem in good faith disputes any invoiced amount, Anthem may withhold
the disputed amount and Anthem shall pay per the terms of this Agreement any
undisputed amounts and will notify Castlight in detail in writing as to the
nature of the disputed charges and the reason for Anthem’s disagreement.
Castlight shall respond by providing documentation in reasonable detail for the
disputed charges. The Parties shall make all reasonable attempts to resolve the
dispute as amicably as possible within thirty (30) days. Unless otherwise agreed
to by both Parties, invoices which are not sent via the Anthem invoice online
tool shall automatically be deemed to be in dispute until the invoice is
resubmitted via such online tool.


6.6 Record Retention; Audits.


6.6.1 Billing Audits. Castlight shall maintain complete, accurate and detailed
records regarding all amounts charged to Anthem under this Agreement. Castlight
shall retain such records for no less than three (3) years from date of the
invoice for such amount charged. Castlight shall allow Anthem and/or its
authorized representatives to inspect and conduct audits on such records during
normal business hours upon ten business days’ day’s written notice. If
discrepancies or questions arise with respect to such records, Castlight shall
preserve such records until an agreement is reached with Anthem regarding their
disposition. Each Party shall bear its own expenses in conducting the audit and
responding to information requests and Castlight shall not pass on such costs
(including employee time, overhead, research, copying charges, professional
fees, etc.) to Anthem. If an audit reveals that Castlight overcharged Anthem for
any Fees, expenses or any other charges under this Agreement for any logically
or readily identifiable component of a Service or chargeable material (as
examples for illustrative purposes only: such as a greater than an agreed upon
hourly rate for one or more personnel providing services, billing in excess of
actual hours worked, miscalculation of actual amount of chargeable of supplies
consumed, etc.), Castlight shall promptly reimburse Anthem in full for such
overcharge(s). If such overcharges exceed five percent (5%) of the Fees,
expenses or any other charges under this
Software as a Service (SaaS) Agreement REV. December 2014 Page 10





--------------------------------------------------------------------------------

CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS DOCUMENT, MARKED BY [***],
HAS BEEN OMITTED BECAUSE IT IS NOT MATERIAL AND WOULD LIKELY CAUSE COMPETITIVE
HARM TO THE COMPANY IF PUBLICLY DISCLOSED.


Agreement, Castlight shall also promptly reimburse Anthem for all reasonable
internal and external audit expenses incurred by Anthem, including the
reimbursement for any contingency fees paid by Anthem.


6.6.2 SSAE16 Audit Reports. Castlight shall, at Castlight’s expense, have
conducted a general (i.e., not Anthem specific) SSAE 16 audit (SOC 2, Type II
Statement on Standards for Attestation Engagements) of Castlight annually and
provide Anthem with a summary of the results of such audit. In the event the
nature of the Services includes transactions processing, then the audit report
shall be a SOC 1, Type II , Statement on Standards for Attestation Engagements).
The report of the third-party auditors will be solely for the use of Castlight
and Anthem, its regulators and its independent accountants and will not be
distributed to or used by any other parties unless approved by Castlight, such
approval not to be unreasonably withheld. If such report includes any findings
that Castlight fails to comply with the SSAE16 requirements, or audit tests
results in exceptions, Castlight agrees to remedy such noncompliance. Bridge
letters covering the period from the end of the SSAE16 audit period through the
end of Anthem’s financial reporting period will also be provided by Castlight
upon request by and without cost to Anthem.  Castlight will comply with future
guidance relating to SSAE16 as issued by the AICPA, the Securities and Exchange
Commission or the Public Company Accounting Oversight Board. Both Parties
recognize that the report of the third-party auditor does not constitute a
certification or an attestation by Castlight under the Sarbanes-Oxley Act of
2002 or otherwise, but Castlight acknowledges that such report may be relied
upon by Anthem and Anthem’s auditors as they deem appropriate.


6.7 Performance Audits. Once in each 12 month period, or more frequently if
necessary to comply with regulatory or accrediting agencies’ requests or if
Anthem has a good faith reasonable belief that Castlight is not in material
compliance with this Agreement, Castlight agrees to make available (including
providing copies of documents requested by Anthem auditors at no additional
expense to Anthem), during normal business hours and upon at least 2 weeks prior
notice (unless a shorter period is required for compliance with a request from a
regulatory or accrediting agency) Castlight personnel and any and all books,
records or other documents in its possession pertaining to the performance of
its duties under this Agreement. The foregoing audit rights shall include when
applicable, audits of (i) practices and procedures, (ii) security practices and
procedures, (iii) disaster recovery and backup procedures, and (iv) other areas
necessary to enable Anthem to meet laws applicable to the Services. Such audits
and inspections may address Castlight’s performance of the Services and
compliance with the provisions of this Agreement The auditors and other
representatives of Anthem will be bound by confidentiality obligations related
to Castlight Confidential Information no less restrictive than the
confidentiality terms hereof; provided that if the auditor or other
representative is a third party, Castlight may require a reasonable
confidentiality agreement from such third party.




6.8 Taxes. Anthem shall pay to Castlight all applicable sales or use taxes
assessed by a government authority with respect to Anthem’s use of the
Subscription Service and/or Services provided by Castlight under this Agreement,
provided that Castlight shall separately itemize such taxes on its invoice(s) to
Anthem and that, upon request of Anthem, Castlight shall provide substantiation
to Anthem confirming Castlight’s reporting and remittance of such taxes to the
appropriate government entity. To the extent Anthem has timely paid Castlight
for any sales or use type tax, Castlight shall indemnify, defend, and hold
Anthem harmless for any such tax, and any related penalties and interest arising
from any failure of Castlight to timely report and remit such tax. Anthem shall
not be liable for the payment of taxes imposed upon Castlight or upon
Castlight’s personnel resources, including state and federal income taxes,
franchise taxes, Social Security taxes, welfare taxes, unemployment
contributions, disability insurance, training taxes and any prepayments,
estimated payments, reports, or withholdings required for such taxes.

Software as a Service (SaaS) Agreement REV. December 2014 Page 11





--------------------------------------------------------------------------------

CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS DOCUMENT, MARKED BY [***],
HAS BEEN OMITTED BECAUSE IT IS NOT MATERIAL AND WOULD LIKELY CAUSE COMPETITIVE
HARM TO THE COMPANY IF PUBLICLY DISCLOSED.



6.9 No Effect of Payment on Castlight’s Other Obligations. Any payment by Anthem
shall in no way affect Castlight’s obligations under this Agreement and shall
not be construed as acceptance by Anthem of any Subscription Service or as a
waiver of any of Anthem’s rights.


7.TERM AND TERMINATION; TRANSITION ASSISTANCE.


7.1 Agreement. The initial term of this Agreement (the “Initial Term”) shall
begin on the Effective Date and shall end three (3) years thereafter unless
earlier terminated in accordance with this Agreement; provided however, that the
Term shall be extended to the last completion date of any Order Schedule(s) then
in effect if such Order Schedule(s) have specified a term longer than the Term
stated above. Following the Initial Term of this Agreement, this Agreement shall
automatically renew for an additional one year term (each a “Renewal Term”)
unless either Party provides the other Party with written notice of non-renewal
at least one hundred eighty (180) days prior to the end of the Initial Term or
any Renewal Term. Each Party agrees to commence good faith negotiations on
changes to the terms (excluding pricing for the Core Transparency Functionality)
at least 90 days prior to the expiration of the Initial Term and any Renewal
Term unless otherwise agreed to by the Parties.
7.2 Order Schedules. Each Order Schedule is an independent obligation of the
Parties, and each Order Schedule if not entered into as of the Effective Date
shall commence as of the commencement date set forth in (or if not specified, as
of the date last set forth in the signature area of ) the relevant Order
Schedule.
7.3 Termination for Breach. Either party may terminate this Agreement and any
Order Schedule (in whole or in part) by providing the other party with not less
than sixty (60) days' prior written notice in the event the other party
materially breaches any provision of this Agreement. The notice must specify the
nature of said material breach. The breaching party shall have sixty (60) days
from receipt of the notice to correct the material breach. If the breaching
party fails to cure the material breach within the sixty (60) day period, the
non-breaching party may terminate this Agreement, effective upon completion of
the aforementioned sixty (60) day notice period.
7.4 Additional Termination Rights for Breach. In the event any material breach
by either Party that creates a material violation of law, non-compliance with
any of the organizations in which such Party or its Affiliate holds an
accreditation or a situation whereby either Party is in significant jeopardy as
to its ability to perform under this Agreement, then the non-breaching Party may
give ten (10) business days’ notice of the material breach to the other Party.
If the breaching Party fails to cure the material breach within such ten (10)
business day period, the non-breaching Party may terminate this Agreement
effective at the end of the ten (10) business days, notwithstanding any other
provision in this Agreement.
7.5 Termination Due to Insolvency. Either Party may terminate this Agreement or
any Order Schedule immediately upon the occurrence of any of the following
events with respect to the other Party: (a) the other Party becomes insolvent,
generally unable to pay its debts as they become due, or makes an assignment for
the benefit of its creditors or seeks relief under any bankruptcy, insolvency or
debtor’s relief law; (b) if proceedings are commenced against the other Party
under any bankruptcy, insolvency or debtor’s relief law, and such proceedings
have not been vacated or set aside within sixty (60) days from the date of
commencement thereof; (c) a receiver is appointed for the other Party or its
material assets; or (d) if the other Party is liquidated, dissolved or ceases
operations.

Software as a Service (SaaS) Agreement REV. December 2014 Page 12





--------------------------------------------------------------------------------

CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS DOCUMENT, MARKED BY [***],
HAS BEEN OMITTED BECAUSE IT IS NOT MATERIAL AND WOULD LIKELY CAUSE COMPETITIVE
HARM TO THE COMPANY IF PUBLICLY DISCLOSED.


7.6 Termination Upon Competitor Change of Control of Castlight. Upon a
Competitor Change in Control of Castlight (as defined below), Anthem may at its
option, terminate this Agreement, by giving Castlight at least thirty (30) days’
prior written notice and designating a date upon which such termination will be
effective without the payment of any early termination fees, wind-down charges
or similar costs, and Castlight will make a one-time payment to Anthem to cover
actual switching costs up to ten million dollars ($10,000,000.00) of moving to
another solutions supplier. Any such notice must be given with forty five (45)
days following the later of Castlight’s provision of written notice to Anthem
of, or, if Castlight fails to give such notice, the date on which Anthem learns
of such Competitor Change in Control For this purpose, “Competitor Change in
Control” and its derivatives means a transactions in which a Competitor (as
defined on Exhibit O has obtained the legal, beneficial or equitable ownership,
directly or indirectly, of at least (50.01%) of the aggregate of all voting
equity interests in an entity or equity interests having the right to at least
50.01% of the profits of Castlight or, in the event of dissolution, to at least
50.01% of the assets of an entity and, if Castlight is a partnership, also
includes the holding by an entity of the position of sole general partner in
Castlight.
7.7 Termination for Convenience. Subsequent to the expiration of the Initial
Term, either Party may terminate this Agreement, including any and all Order
Schedules, for its convenience on one hundred eighty (180) calendar days prior
written notice to the other Party without payment of an early termination fee or
similar charges.
7.8 Effect of Termination or Expiration.
7.8.1 In the event that Anthem terminates an Order Schedule pursuant to the
terms contained herein Anthem may, in its sole discretion, simultaneously
terminate other Order Schedules that are materially and adversely affected by
such termination or expiration. Notwithstanding the foregoing, the termination
of a particular Order Schedule shall not result in the termination of the
Agreement unless such termination explicitly provides for termination of the
entire Agreement between the Parties. However, termination of the Agreement
shall serve to terminate all Order Schedules unless such notice of termination
specifies otherwise. All Sections identified as surviving the termination of an
Order Schedule, as well as Sections 6.5 (Record Retention), 8 (Security), 9
(Confidentiality) 12 (Intellectual Property Ownership), 13 (Indemnification), 14
(Limitation of Liability) and 17 (Dispute Resolution) inclusive, shall survive
the expiration or termination of the Agreement.
7.9 Transition Assistance. At Anthem's request, commencing upon the termination
of this Agreement or any Order Schedule hereunder, or other discontinuation of a
component of the Services, for any reason, Castlight shall provide up to
one-hundred eighty (180) days of assistance to Anthem for transition of the
Services to Anthem or a third-party designee of Anthem. Such termination
assistance shall be rendered at $150 per hour. In the event Castlight terminates
the Agreement or an Order Schedule for Anthem’s uncured material breach, Anthem
shall pre-pay for applicable transition assistance. Within ten (10) calendar
days of Anthem’s request for transition assistance, the Parties shall meet to
develop a transition plan. Such transition plan and transition assistance may
include, by way of example: detail of Castlight’s then-current responsibilities
for Anthem; and cooperation sufficient to assure a smooth transition and to
enable Anthem or its designee to provide services similar to the Services with
minimal disruption to Anthem’s business and operations. The Parties may provide
for different transition assistance responsibilities, timing and payment
schedules in an Order Schedule.


8.SECURITY.



Software as a Service (SaaS) Agreement REV. December 2014 Page 13





--------------------------------------------------------------------------------

CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS DOCUMENT, MARKED BY [***],
HAS BEEN OMITTED BECAUSE IT IS NOT MATERIAL AND WOULD LIKELY CAUSE COMPETITIVE
HARM TO THE COMPANY IF PUBLICLY DISCLOSED.


8.1 General. Castlight shall implement reasonable security measures to prevent
unauthorized access to the Castlight System, Subscription Service, Anthem Data
and other Anthem Confidential information and content under Castlight’s control.
Such measures shall in no event be less stringent than those used to safeguard
Castlight’s own property. Such measures shall include, where appropriate, use of
updated firewalls, virus screening software, logon identification and passwords,
encryption, intrusion detection systems, logging of incidents, periodic
reporting, and prompt application of current security patches, virus definitions
and other updates. In no event shall Castlight make less stringent its security
procedures, other procedures, policies or controls currently in place without
the prior written agreement to such modifications by Anthem. Anthem reserves the
right to terminate the Agreement, in its sole discretion and without limitation
or termination liability, if Anthem reasonably determines that Castlight fails
to meet its obligations under this Section. Castlight shall notify Anthem within
24 hours (a) of any breach of the security of the Castlight System or
Subscription Service, (b) if the security of the Anthem Data is compromised in
any way, or (c) of any unauthorized disclosure of the Anthem Data. Castlight
shall cooperate with Anthem in any investigation of the foregoing and shall
provide Anthem with any copies of reports of Castlight’s investigation into, or
remedial efforts with respect to, any of the foregoing.


8.2 Limited Access. To the extent made accessible to Castlight, Castlight shall,
at all times, limit access to Anthem Data and Anthem Confidential information to
those employees or subcontractors that have an actual need to access such data
for purposes of providing the Services. Prior to gaining access to Anthem Data
or Anthem Confidential information, Castlight shall require all employees or
subcontractors to comply with confidentiality, security and intellectual
property provisions no less stringent than the provisions set forth in this
Agreement and, at Anthem’s request, have an officer certify in writing it has
done so.


8.3 Notification of Security Breaches. Castlight shall within 24 hours notify
Anthem should it discover any breach of the Anthem Data and will immediately
coordinate with Anthem to investigate and remedy such breach(es) in a diligent
and timely manner. Except as may be strictly required by applicable law,
Castlight agrees that it will not inform any third party of any such security
breach, without Anthem’s prior written consent; however, if such disclosure is
required by applicable law, Castlight agrees to work with Anthem, at no
additional cost to Anthem, regarding the content of such disclosure so as to
minimize any potential adverse impact upon Anthem and its members.


8.4 Access to Anthem Systems. If Castlight is given access, whether on-site or
through remote facilities, to any Anthem computer or electronic data storage
system, in order for Castlight to perform any of its obligations hereunder,
Castlight shall limit such access and use solely to perform such obligations and
will not attempt to access any computer system, electronic file, software or
other electronic services other than those specifically required to perform the
obligations. Castlight shall limit such access to those of its personnel with an
express requirement to have such access in connection with this Agreement or the
applicable Order Schedule, shall advise Anthem in writing of the name of each
such personnel who will be granted such access (and identifying whether each is
an employee or subcontractor of Castlight), and shall strictly follow all
requirements noted in the Castlight Code of Conduct and/or any other Anthem
policy (including without limitation the Anthem Information Security Policy and
the Required Information Security Controls, attached hereto as Exhibit H), as
made available to Castlight, regarding the use of Anthem’s electronic resources
and systems. All user identification numbers and passwords disclosed to
Castlight and any information obtained by Castlight as a result of Castlight’s
access to, and use of, Anthem computer and electronic storage systems shall be
deemed to be, and shall be treated as Confidential information (under applicable
provisions of this Agreement. Castlight shall cooperate with Anthem in the
investigation of any apparent unauthorized access by Castlight to Anthem
computer or electronic data storage systems or unauthorized release of
Confidential information
Software as a Service (SaaS) Agreement REV. December 2014 Page 14





--------------------------------------------------------------------------------

CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS DOCUMENT, MARKED BY [***],
HAS BEEN OMITTED BECAUSE IT IS NOT MATERIAL AND WOULD LIKELY CAUSE COMPETITIVE
HARM TO THE COMPANY IF PUBLICLY DISCLOSED.


by Castlight. Castlight’s access shall be subject to such other business control
and information protection policies, standards, and guidelines as may be
provided to Castlight by Anthem from time to time. Any other use by Castlight of
any other Anthem assets or property or systems is strictly prohibited. Castlight
warrants and agrees that its personnel will not remotely access Anthem’s system
from a networked computer unless the network is protected from all third party
networks by a firewall that is maintained with all patches up to date by a 7x24
administrative staff. Said firewall must be certified by the International
Computer Security Association (ICSA) (or an equivalent certification as
determined by Anthem) if the connection to Anthem’s network is an ongoing
connection such as frame relay or T1 line.


9.CONFIDENTIALITY AND DATA USE.


9.1 HIPAA, Medicare, FEP, Medicaid. The provisions set forth in this Section 9
are in addition to and not in lieu of any confidentiality, privacy, security and
other requirements imposed on Castlight if Exhibit A (Business Associate
Addendum), Exhibit B (Federal Government Services Addendum for Non-Commercial
Items), Exhibit C (Medicare Compliance Specialty), Exhibit D (Federal Government
Services Addendum for Commercial Items), Exhibit F (Medicaid Requirements),
Exhibit H (Required Information Security Controls) and/or Exhibit I (Qualified
Health Plans) are included among the Exhibits that form part of this Agreement.


9.2 Confidential information.


9.2.1 During the Term, a Party (the “Receiving Party”) may be exposed to or
acquire information regarding the business, projects, operations, finances,
activities, affairs, research, development, products, technology, technology
architecture, business models, business plans, business processes, marketing and
sales plans, customers, finances, personnel data, health plan rating and
reimbursement formulas, computer hardware and software, computer systems and
programs, processing techniques and generated outputs, intellectual property,
procurement processes or strategies or providers of the other Party or their
respective directors, officers, employees, agents or clients (collectively, the
“Disclosing Party”), including, without limitation, any idea, proposal, plan,
procedure, technique, formula, technology, or method of operation (collectively,
“Confidential information”). With respect to Anthem only, Confidential
information shall include all Anthem Data and all Confidential information of
Anthem Affiliates.


9.2.2 In the case of Anthem, “Confidential Information” shall expressly include
the following types of information:


9.2.2.1 Anthem’s proprietary information consisting of non-public, trade secret,
commercially valuable, or competitively sensitive information or other material
and information relating to products, projects, operations, customers, finances,
business, affairs, or activities, including but not limited to: (i) information
about systems, technologies, procedures, methodologies, and practices used in
performing its services; and (ii) financial information, market analyses and
forecasts, sales and marketing research, proposed products or services, provider
and beneficiary demographics, and customer lists and other customer-specific
information; (iii) information about provider networks, provider negotiated
fees, provider discounts, and provider contract terms (including combinations of
data elements that could enable such information to be derived, calculated, or
reverse-engineered); and (iv) information about activities such as underwriting,
claims processing, claims payment, and health care management.


9.2.2.2 Information that Anthem is obligated by law or contract to protect,
including without limitation: (i) Social Security Numbers; (ii) provider tax
identification numbers (TINs);
Software as a Service (SaaS) Agreement REV. December 2014 Page 15





--------------------------------------------------------------------------------

CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS DOCUMENT, MARKED BY [***],
HAS BEEN OMITTED BECAUSE IT IS NOT MATERIAL AND WOULD LIKELY CAUSE COMPETITIVE
HARM TO THE COMPANY IF PUBLICLY DISCLOSED.


(iii) National Provider Identification Numbers (NPIs); (iv) provider names,
provider addresses, and other identifying information about providers; and (v)
drug enforcement administration (DEA) numbers, pharmacy numbers, and other
identifying information about pharmacies.

9.2.3  In the case of Castlight, “Confidential Information” shall expressly
include the following types of information:


9.2.3.1 Castlight’s proprietary information consisting of non-public, trade
secret, commercially valuable, or competitively sensitive information or other
material and information relating to products, projects, operations, customers,
finances, business, affairs, or activities, including but not limited to: (i)
information about systems, technologies, procedures, methodologies, and
practices used in performing its services; and (ii) financial information,
market analyses and forecasts, sales and marketing research, proposed products
or services, provider and beneficiary demographics, and customer lists and other
customer-specific information;.


9.2.4 Confidential information shall not include any information that a Party
can demonstrate: (i) was in the public domain at the time of disclosure to such
Party; (ii) was published or otherwise became part of the public domain after
disclosure to such Party through no fault of such Party; (iii) was previously
disclosed to such Party without a breach of duty owed to the other Party by a
third-party who had a lawful right to such information; or (iv) was
independently developed by such Party without reference to Confidential
information of the other Party.


9.2.5 In addition, either Party may disclose Confidential information to the
extent disclosure is based on the good faith opinion of such Party’s legal
counsel that disclosure is required by law or by order of a court or
governmental agency; provided that, the Party that is the recipient of such
Confidential information shall give prompt notice to the Disclosing Party, use
all commercially reasonable efforts to maintain the confidentiality of the
Confidential information, and cooperate with the owner of such Confidential
information, in efforts to protect the confidentiality of such Confidential
information by an appropriate protective order. The owner of such Confidential
information reserves the right to obtain a protective order or otherwise protect
the confidentiality of such Confidential information. Each Party shall be
responsible for its own costs with respect to the performance of its obligations
under this Section. Either Party may disclose the existence of this Agreement
and the terms of this Agreement to the extent required to enforce its terms or
the rights of such Party hereunder or to comply with its legal obligations (but
in the event either Party files this Agreement or portions thereof with any
public agency it shall redact sensitive portions hereof, to the mutual written
agreement of the other Party, which agreement shall not be unreasonably withheld
or delayed).


9.2.6 Anthem Non-Disclosable Information. With respect to Anthem only,
Confidential information shall also include the following: (i) PHI and NPFI;
(ii) other medical information and personal information regarding Anthem’s or
its Affiliates’ health plan members, employees, or medical or hospital service
providers; (iii) other information that Anthem or its Affiliates are required by
law, regulation or company policy to maintain as confidential; (iv) other
financial information concerning Anthem’s or its Affiliates’ health plan
members, employer groups and other health plan groups or medical or hospital
service providers that is disseminated by Anthem or its Affiliates internally
for staff use; (v) personnel and payroll records, patient accounting and billing
records, and information contained in those records; (vi) Anthem’s or its
Affiliates’ trade secrets; and (vii) information that could aid others to commit
fraud, sabotage or otherwise misuse Anthem’s or its Affiliates’ products or
services or damage their business, including without limitation Exhibit H
attached
Software as a Service (SaaS) Agreement REV. December 2014 Page 16





--------------------------------------------------------------------------------

CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS DOCUMENT, MARKED BY [***],
HAS BEEN OMITTED BECAUSE IT IS NOT MATERIAL AND WOULD LIKELY CAUSE COMPETITIVE
HARM TO THE COMPANY IF PUBLICLY DISCLOSED.


hereto and other Anthem security policies (collectively, the “Anthem
Non-Disclosable Information”). Due to the sensitive nature of the Anthem
Non-Disclosable Information and due to Anthem’s obligations to maintain the
privacy of its customers and providers, Castlight acknowledges and agrees that
Anthem Non-Disclosable Information shall at all times remain confidential and
shall not be subject to exceptions, except as set forth in the BAA.


9.2.7 General Obligations. Each Party agrees to hold the Confidential
information of the other Party in strict confidence, to use such information in
the course of performing its obligations hereunder, and to make no disclosure of
such information except as authorized in accordance with the terms of this
Agreement. To the extent a Party may be exposed to the Confidential information
of a third party (for example, because Castlight may be maintaining Anthem
systems on which third party software is loaded), the Parties agree to accord
such third party Confidential information the same protections accorded a
Party’s Confidential information hereunder. A Party may disclose Confidential
information to its personnel and the personnel of its subcontractors who have an
absolute need to know such Confidential information in order to fulfill its
obligations hereunder and who have previously executed a written confidentiality
agreement imposing confidentiality obligations no less restrictive than those
applicable hereunder. In addition, either Party may disclose Confidential
information of the other Party to third party professional advisors  (including
accountants, auditors, attorneys, financial or other advisors) which are acting
solely for the Party’s benefit and on such Party’s behalf, provided: (i) such
professional advisors have previously executed a written confidentiality
agreement imposing confidentiality obligations no less restrictive than those
applicable hereunder; (ii) such professional advisors have a need to know such
information in order to provide advice or services to the disclosing Party and
agree to use the disclosing party’s Confidential information solely for the
purpose of providing such advice or services; (iii) such professional advisors
agree not to disclose the Confidential information to any other party without
the disclosing Party’s prior written consent; and (iv) notwithstanding anything
to the contrary, no Anthem Non-Disclosable Information is disclosed by the other
Party to its professional advisors. Each Party shall be primarily responsible
and liable for any confidentiality breaches by its personnel and the personnel
of its subcontractors. Each Party shall immediately advise the other Party of
any actual or potential violation of the terms of this Section 10, and shall
reasonably cooperate with the Disclosing Party in relation thereto.


9.2.7.1 Castlight shall not, without Anthem’s advance written consent: (i) use
or display Anthem’s Confidential Information, or reports or summaries arising
therefrom, for any other purpose; (ii) except as permitted by subsection 9.2.7.2
combine Anthem’s Confidential Information with other data to create or add to an
aggregated database for use in producing information, analyses, reports,
extracts, or summaries; (iii) combine Anthem’s Confidential Information provided
under the terms of this Agreement with Confidential Information provided to
Castlight by Anthem under other agreements entered into between Anthem and
Castlight for other purposes, if any; (iv) sell or disclose Anthem’s
Confidential Information to any other person or entity, including without
limitation affiliates of Castlight, except as expressly permitted herein; or (v)
except to provide the Services, use Anthem’s Confidential Information for its
own internal use and analysis.


9.2.7.2 Permitted Aggregation of Health Plan Confidential Information. Castlight
may add Anthem’s Confidential Information to its aggregated database, and, in
addition to the permitted uses of such De-identified Information (as defined
herein) from such database as are set forth in other operative agreements
between Anthem and Castlight, may use and disclose such De-identified
Information to provide the Services. For purposes of this provision,
“De-identified Information” means information that:


Software as a Service (SaaS) Agreement REV. December 2014 Page 17





--------------------------------------------------------------------------------

CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS DOCUMENT, MARKED BY [***],
HAS BEEN OMITTED BECAUSE IT IS NOT MATERIAL AND WOULD LIKELY CAUSE COMPETITIVE
HARM TO THE COMPANY IF PUBLICLY DISCLOSED.


i.Has been de-identified in accordance with the specifications and requirements
set forth in HIPAA, specifically 45 C.F.R. Part 164.514(a)-(c); and


ii.Has been stripped of any identifier(s) that could directly or indirectly be
used to identify: (i) an employer, trade group, union, healthcare purchasing
coalition, or other healthcare purchaser; or (ii) an insurance company, health
maintenance organization, health plan, third party administrator, or other
healthcare payor.


9.2.7.3 BCBSA Permitted Aggregation. If the BCBSA revises the BCBSA Requirements
regarding data aggregation such that aggregation across Blues is permitted, the
Parties will meet and discuss in good faith whether such aggregation may improve
the experience of an Authorized User under any then existing SOF of using the
applicable Castlight Services, and the timing and actual and substantiated
implementation charges by Castlight to Anthem of achieving any such improved
Authorized User experience of the applicable Castlight Services.


9.2.8 Continuing Obligations. A Party’s obligation to maintain the
confidentiality of Confidential information shall remain in force until
information falls within one of the exceptions noted in Section 9.2.2.
Castlight’s obligation to maintain the confidentiality of Anthem Non-Disclosable
Information shall neither terminate nor expire.


9.2.9 Destruction of Confidential information. Promptly following written notice
upon expiration or termination of the entire Agreement or of an Order Schedule
(with regard to the Confidential information disclosed under the Agreement or
through such Agreement or Order Schedule, as the case may be) and the applicable
transition assistance period, the Receiving Party shall destroy within 45 days
(but 135 days for information stored on backup media) all (or, if the Disclosing
Party so requests, any part) of the Confidential information, and all copies,
summaries and redactions thereof and other materials containing such
Confidential information, including deletion from such Party’s files and systems
and the Receiving Party shall certify in writing its compliance with the
foregoing. Notwithstanding the foregoing, except for PHI or NPFI (which shall be
promptly destroyed), each Party may, subject to the obligations of
confidentiality as described in this Section 9, retain (i) one (1) copy of the
other Party’s Confidential information for archival purposes only, but such
retained Confidential information shall only be accessed by the retaining Party
on a limited need basis to, for example, defend a claim by the other Party or
for auditing purposes and (ii) reasonable archival records of payments, invoices
and similar information for tax compliance, regulatory compliance, accounting,
audit or similar purposes but only for the period of time required by this
Agreement or applicable law; in each instance, all such retained Confidential
information shall remain the Confidential information of the Disclosing Party
and shall be subject to all of the restrictions contained in this Agreement.


9.3 Injunctive Relief. Each Party acknowledges that in the event of a breach of
this Section 9 damages may not be an adequate remedy and the Disclosing Party
may be entitled to seek, in addition to any other rights and remedies available
under the Agreement or at law or in equity, injunctive relief to restrain any
such breach, threatened or actual, without proof of irreparable injury and
without the necessity of posting bond even if otherwise normally required.


10.INSURANCE.


10.1 Minimum Requirements. Castlight shall, at all times during the term of this
Agreement keep in force with insurers with an A.M. Best rating of A- or better:



Software as a Service (SaaS) Agreement REV. December 2014 Page 18





--------------------------------------------------------------------------------

CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS DOCUMENT, MARKED BY [***],
HAS BEEN OMITTED BECAUSE IT IS NOT MATERIAL AND WOULD LIKELY CAUSE COMPETITIVE
HARM TO THE COMPANY IF PUBLICLY DISCLOSED.


10.1.1 Commercial General Liability insurance with a limit of $1,000,000 per
occurrence and $2,000,000 in the aggregate for bodily injury and property damage
to include personal injury and contractual liability coverage;


10.1.2 Business Automobile Liability insurance with a $1,000,000 per occurrence
combined single limit for non-owned and hired automobiles;


10.1.3 Workers’ Compensation coverage with statutory limits and employers
liability insurance with a $1,000,000 limit;


10.1.4 Errors and Omissions insurance with a $1,000,000 limit for each wrongful
act and aggregate of $3,000,000, including an extended reporting period
endorsement (“tail policy”) for the term of three years in the amount of not
less than $1,000,000 per claim if professional services are being rendered;


10.1.5 Employee Fidelity Bond with a limit of $500,000; and


10.1.6 Network Security and Privacy liability coverage with a $1,000,000
aggregate limit if Castlight has access to Anthem systems or PHI or Personally
Identifiable Information; and


10.1.7 Umbrella Liability Coverage with a $5,000,000 limit.

The forgoing coverage amounts, with the exception of the Umbrella Liability
coverage, may be met in part by an appropriate umbrella or excess liability
policy.


10.2 Any materials or equipment brought on jobsite shall be insured under an all
risk property insurance policy and shall be the sole responsibility of
Castlight.


10.3 Castlight agrees that any subcontractors coming on the jobsite shall
maintain workers’ compensation insurance coverage. Castlight is solely
responsible and liable for its subcontractors and any actions or inactions,
damages or injuries by or to its subcontractors.


10.4 Proof of Insurance; Notice of Cancellation. Castlight shall, prior to
execution of this Agreement, provide to Anthem certificates of insurance
indicating the coverage required, naming Anthem as an additional insured under
the commercial general liability, and containing a waiver of subrogation with
respect to Anthem for commercial general liability and workers’ compensation.
Also, when applicable, under its commercial crime coverage program, Castlight
will name Anthem, Inc. as Loss Payee to the extent their interests may appear.
Anthem shall be the certificate holder. Promptly upon Anthem’s written request
for same, Castlight shall cause its insurers or insurance brokers to issue
certificates of insurance evidencing that the coverages required under this
Agreement are maintained and in force. In addition, Castlight will use
reasonable efforts to give thirty (30) days prior written notice to Anthem prior
to cancellation or non-renewal of any of the policies providing such coverage;
provided, however that Castlight shall not be obligated to provide such notice
if, concurrently with such cancellation or non-renewal, Castlight provides
self-insurance coverage as described below or obtains coverage from another
insurer meeting the requirements described above.


10.5 Castlight Right to Self-insure Coverage. Notwithstanding the foregoing,
Castlight reserves the right to self-insure coverage, in whole or in part, in
the amounts and categories designated
Software as a Service (SaaS) Agreement REV. December 2014 Page 19





--------------------------------------------------------------------------------

CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS DOCUMENT, MARKED BY [***],
HAS BEEN OMITTED BECAUSE IT IS NOT MATERIAL AND WOULD LIKELY CAUSE COMPETITIVE
HARM TO THE COMPANY IF PUBLICLY DISCLOSED.


above, in lieu of Castlight’s obligations to maintain insurance as set forth
above, at any time. A qualified self-insurance program will include the
following: Actuarially validated reserve adequacy for incurred claims, IBNR
claims and future claims based on past experience; Designated Claim TPA or
appropriately licensed and employed claims professional or attorney; Excess
Insurance/Re-insurance above self insured layer; Self insured retention and
insurance combined must meet minimum limit requirements; and Evidence of Surety
Bond, Reserve or LOC as collateral for the self-insured limit. Promptly upon
Anthem’s written request for same, Castlight shall deliver certificates of
insurance to confirm what coverage is in place. This section does not replace or
otherwise amend, in any respect, the limitations on Castlight’s liability as set
forth elsewhere in this Agreement. Failure to maintain the required insurance
coverage shall be deemed a material breach of the Agreement by Castlight. If
Castlight fails to keep in effect the insurance coverage required, Anthem may,
in addition to and cumulative with any other remedies available at law, equity,
or hereunder, acquire such insurance and deduct the cost thereof from its
payment of any amounts owed Castlight hereunder or terminate this Agreement for
cause.


11.REPRESENTATIONS, WARRANTIES, AND COVENANTS.


11.1 General Warranties of Both Parties


11.1.1 Compliance with Laws. Each Party shall at all times comply with all
applicable laws, rules and regulations in the performance of this Agreement.


11.1.2 Existence. Each party is duly organized and existing and is in good
standing and is qualified to do business under the laws of any jurisdiction
where the ownership of assets or conduct of its business require it to be so
qualified, and each party possesses any and all licenses and/or governmental
approvals required to perform the Services and/or to provide the Subscription
Service contemplated by this Agreement, and is qualified to perform such
Services and/or provide such Subscription Service.


11.1.3 Duly Authorized. Each party’s execution, delivery and performance of this
Agreement has been duly authorized by all appropriate corporate action and this
Agreement constitutes a valid, binding and enforceable obligation.


11.1.4 No Conflict. Neither the execution, delivery, nor performance of this
Agreement will conflict with or violate any other agreement, license, contract,
instrument or other commitment or arrangement to which either party is a party
or is bound.


11.1.5 No litigation. There is no litigation, and neither Party knows of any
material threat of litigation, in each case that will affect the performance of
its obligations hereunder.


11.1.6 Compliance with Laws and Regulations. Each Party shall perform its
obligations hereunder in accordance with all applicable law and regulations, and
shall be responsible for obtaining all licenses, authorizations, permits and the
like required by applicable laws and regulations, and any fees, costs or
expenses incurred by such Party shall be borne solely by such Party. Each Party
shall be solely responsible for any fines and penalties imposed on it or the
other Party resulting from such Party’s failure to comply with any such
applicable laws and regulations.


11.1.7 Data Quality Governance. Anthem and Castlight will establish a data
quality governance and escalation process, to include senior technical
leadership from each organization.


Software as a Service (SaaS) Agreement REV. December 2014 Page 20





--------------------------------------------------------------------------------

CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS DOCUMENT, MARKED BY [***],
HAS BEEN OMITTED BECAUSE IT IS NOT MATERIAL AND WOULD LIKELY CAUSE COMPETITIVE
HARM TO THE COMPANY IF PUBLICLY DISCLOSED.


11.2 Castlight’s Representations, Warranties and Covenants.  Castlight hereby
represents, warrants and covenants:


11.2.1 No Material Defects; Conformity with and Completeness of Documentation.
The Castlight System, Subscription Service and/or Services to be provided shall
be free from material errors or other material defects; and shall substantially
conform to the Documentation. The Documentation and other materials describing
the Services and/or Subscription Service hereunder completely and accurately
reflect their operation and functionality.


11.2.2 All Rights; No infringement. Castlight has all rights and authorizations
necessary to grant access and use rights to the Castlight System and the
Subscription Service, and to perform any Services as contemplated herein.
Further, if applicable, Castlight shall pass through to Anthem any software and
third party end-user warranties and indemnities relating to the Subscription
Services. To the extent Castlight is not permitted to so pass-through, Castlight
agrees to enforce such warranties and indemnities on behalf of Anthem. The
Castlight System, the Subscription Service, and all elements thereof to be
provided by Castlight, and any Services performed by Castlight, will not
violate, misappropriate or infringe upon any Intellectual Property right of any
person or entity; and there are no claims of any third party against Castlight
relating to any Intellectual Property that is the subject of, to be provided
under, or to be used directly or indirectly pursuant to this Agreement.


11.2.3 Performance. To the extent Castlight is performing Services, at all times
during the performance of such Services, Castlight has and will maintain the
experience and skill to perform the Services required to be performed by it
hereunder and will perform such Services in a timely, workmanlike manner. At a
minimum, Castlight will maintain staffing levels and continuity of personnel
consistent with its obligations to perform the Services hereunder and in the
event of a delay or other problem, Castlight will train and staff additional
personnel as needed.


11.2.4 Personnel Qualifications. Each of Castlight’s personnel assigned to
perform Services or any other obligations under the Agreement shall have the
proper skill, training and background so as to be able to perform in a competent
and professional manner and all work will be so performed.


11.2.5 Castlight’s Employees. Castlight shall perform all obligations of an
employer with respect to all personnel hired by Castlight in connection with any
Services to be provided, if any, including, but not limited to the withholding
and reporting of contributions, insurance deductions and applicable taxes
(including payroll and unemployment insurance taxes) required by applicable law.


11.2.6  Subscription Service Functionality. The Subscription Service will accept
input, perform processes, and provide output in a manner that is consistent with
all applicable specifications.


11.2.7  Government Programs; Ineligible Persons. Neither Castlight nor its
employees, subcontractors or agents providing Services or Products under this
Agreement has been, nor shall be during the term of this Agreement, (i) excluded
from participation in the Medicare, Medicaid and/or any state health care
program; (ii) listed on any General Services Administration List of parties
Excluded from Federal Procurement and Non-procurement Programs; (iii) sanctioned
by the United States Department of Health and Human Services, Centers for
Medicare and Medicaid Services, Office of Inspector General, or any other
federal agency; and (iv) under a corporate integrity agreement with the United
States
Software as a Service (SaaS) Agreement REV. December 2014 Page 21





--------------------------------------------------------------------------------

CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS DOCUMENT, MARKED BY [***],
HAS BEEN OMITTED BECAUSE IT IS NOT MATERIAL AND WOULD LIKELY CAUSE COMPETITIVE
HARM TO THE COMPANY IF PUBLICLY DISCLOSED.


Department of Health and Human Services, Office of Inspector General, or any
other federal agency; in the event Castlight or any employees, subcontractors or
agents thereof becomes an ineligible person after entering into this Agreement
or otherwise fails to disclose its ineligible person status, Castlight has an
obligation to (i) immediately notify Anthem of the person’s status as an
ineligible person and (ii) within ten (10) days of Castlight receiving such
notice, Castlight will remove such individual from responsibility for, or
involvement with, Castlight’s business operations related to the federal
government healthcare contracts. Anthem shall have the right to immediately
terminate this Agreement or applicable Order Schedule in the event it receives
notification of the person’s ineligible person status. Castlight also covenants
and represents that it complies with the rules set forth by the Office of
Foreign Assets Control of the United States Department of Treasury.


11.2.8 Criminal Convictions. Neither Castlight nor its employees, subcontractors
or agents has been, nor shall be during the Term, convicted of a criminal
offense related to the delivery of an item or service under Medicare, Medicaid
and/or under any state health care program.


11.2.9 Location of Work. All such locations shall be in the United States and at
no other location, unless otherwise agreed in writing by Anthem in advance in
each instance. Anthem agrees to the locations set forth on Exhibit N.


11.2.10  Warranty against Harmful Code. Castlight warrants that it will use
commercially reasonable efforts to ensure that the Subscription Service will not
relay computer viruses or other harmful code to the network or computing
environment of Anthem of its Affiliates. If the foregoing warranty is breached,
then in addition to any other remedies available to Anthem, Castlight shall at
its expense: (a) reimburse Anthem for all costs (including personnel costs)
incurred by Anthem in restoring all data lost as a result of the breach and/or
removing such harmful code; and (b) if requested by Anthem, provide and install
a new copy of the Subscription Service without the presence of the code that
caused the breach.


11.2.11  Electronic Self-Help. Except for termination by Castlight in accordance
with Article 7 above or as provided in the last sentence of Section 17.4
(Continued Services; Enforcement) (and in either case this Section 11.2.11 shall
not apply), Castlight agrees that in the event of any dispute with Anthem
regarding an alleged breach of this Agreement or for any other reason, Castlight
will not use any type of electronic means to prevent or interfere with Anthem’s
use of the Castlight System or any Subscription Service under this Agreement or
any Order Schedule without first obtaining a valid court order authorizing same.
Anthem shall be given proper notice and an opportunity to be heard in connection
with any request for such a court order. Castlight understands that a breach of
this provision could foreseeably cause substantial harm to Anthem and to
numerous third parties having business relationships with Anthem. No limitation
of liability shall apply to a breach of this paragraph.


11.2.12  Compliance with Foreign Corrupt Practices Act. Castlight and its
subsidiaries, affiliates, directors, officers, shareholders, employees,
representatives and agents have not and shall not, during the term of this
Agreement, in connection with the transactions contemplated by this Agreement or
in connection with any other business transactions involving Anthem, make, or
offer to make, payments of money or anything of value, directly or indirectly,
to a Foreign Official, as that term is defined in the Foreign Corrupt Practices
Act (FCPA), for the purpose of obtaining or retaining business in violation of
the FCPA.



Software as a Service (SaaS) Agreement REV. December 2014 Page 22





--------------------------------------------------------------------------------

CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS DOCUMENT, MARKED BY [***],
HAS BEEN OMITTED BECAUSE IT IS NOT MATERIAL AND WOULD LIKELY CAUSE COMPETITIVE
HARM TO THE COMPANY IF PUBLICLY DISCLOSED.


11.2.13  Certain Employment Obligations. When Castlight provides services or
goods to Anthem relating to one of its federal contracts, Castlight agrees to
comply with the following federal regulations, as applicable: Castlight shall
abide by the requirements of 41 CFR §§ 60-1.4(a), 60-300.5(a) and 60-741.5(a).
These regulations prohibit discrimination against qualified individuals based on
their status as protected veterans or individuals with disabilities, and
prohibit discrimination against all individuals based on their race, color,
religion, sex, or national origin. Moreover, these regulations require that
covered prime contractors and subcontractors take affirmative action to employ
and advance in employment individuals without regard to race, color, religion,
sex, national origin, protected veteran status or disability.


11.2.14  Website Accessibility Standards. To the extent that Castlight is
providing development, design and/or maintenance of any electronic and
information technology, including, without limitation, any consumer facing web
and mobile experiences, Castlight shall ensure that all such electronic and
information technology meets, to the extent possible, the accessibility
requirements set forth in Section 508 of the Rehabilitation Act (29 USC 794(d)),
the related Technical Standards issued by the Architectural and Transportation
Barriers Compliance Board (aka the “Access Board”), success level AA or higher
of the most current Web Content Accessibility Guidelines issued by the Worldwide
Web Consortium, and any other federal or state law which requires specific
design elements to accommodate disabled individuals.


11.2.15  Certification of Compliance. Once in each 12 month period, upon request
by Anthem, Castlight shall provide Anthem with reasonable assurances of
Castlight’s compliance with the terms of this Agreement and any Exhibit(s).
Reasonable assurances may include, but are not limited to, Castlight’s signed
certification of such compliance, as it applies to certain requirements, and/or
the Agreement or Exhibit(s) generally.


11.3 Anthem’s Representations and Warranties. Anthem hereby represents and
warrants that (i) it shall not modify, translate, reverse engineer, decompile or
disassemble the Subscription Service, other than to the extent Castlight is
required by law to permit Anthem to do so; and (iii) it shall use the
Subscription Service in compliance with applicable laws, rules and regulations.


11.3.1 All Rights; No infringement. Anthem has all rights and authorizations
necessary to grant access and use rights to Anthem Data, as contemplated herein.
The Anthem Data and all elements thereof to be provided by Anthem, will not
violate, misappropriate or infringe upon any Intellectual Property right of any
person or entity; and to the best of Anthem’s knowledge, there are no claims of
any third party against Anthem relating to any Anthem Data that is the subject
of, to be provided under, or to be used directly or indirectly pursuant to this
Agreement.
11.3.2 Anthem Data Quality. Anthem represents that Anthem Data shall be at least
the same quality as the data that Anthem uses for its own internal purposes.


11.4 Disclaimer of Warranties. EXCEPT FOR THE EXPRESS WARRANTIES MADE OR
REFERENCED IN THIS AGREEMENT, NEITHER PARTY MAKES ANY WARRANTIES, EXPRESS OR
IMPLIED, INCLUDING WITHOUT LIMITATION ANY IMPLIED WARRANTY OF MERCHANTABILITY OR
OF FITNESS FOR A PARTICULAR PURPOSE.


11.5 Certain Warranty Remedies. Should Anthem be prevented from using the
Castlight System, Subscription Service or receiving any Service due to a breach
of the aforementioned warranties by Castlight, and in addition to all other
obligations and remedies herein, Castlight shall at its expense,
Software as a Service (SaaS) Agreement REV. December 2014 Page 23





--------------------------------------------------------------------------------

CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS DOCUMENT, MARKED BY [***],
HAS BEEN OMITTED BECAUSE IT IS NOT MATERIAL AND WOULD LIKELY CAUSE COMPETITIVE
HARM TO THE COMPANY IF PUBLICLY DISCLOSED.


and in addition to any other rights or remedies available to Anthem under the
Agreement, at law or in equity, promptly remedy the non-compliance Should
Castlight be prevented from providing the Castlight System, Subscription Service
or providing any Service due to a breach of the aforementioned warranties by
Anthem, and in addition to all other obligations and remedies herein, Anthem
shall at its expense, and in addition to any other rights or remedies available
to Castlight under the Agreement, at law or in equity, promptly remedy the
non-compliance


12.INTELLECTUAL PROPERTY OWNERSHIP
 
12.1 Overview of Materials and Ownership. The performance of Castlight Services
may require use of and/or access to intellectual property owned or created (a)
by Anthem, (b) by Castlight independent of its obligations to Anthem, or (c) by
Castlight (either independently or in cooperation with Anthem) pursuant to its
obligations under this Agreement. This Section 12 - Ownership -sets forth the
Party’s respective intellectual property rights of such materials.


12.2 Anthem Materials. In the course of Castlight’s provision of Castlight
Services, Anthem may provide to Castlight Anthem’s proprietary information
and/or Intellectual Property, including, but not limited to, technical data,
creative designs and concepts, web designs, trade secrets and know-how, customer
or vendor lists and information, business plans, software, algorithms,
programming techniques, business rules, business methods, inventions, drawings,
engineering, hardware configuration information, marketing and strategic plans,
financial data, processes, technology and designs which it maintains (the
“Anthem Materials”). As between the parties, Anthem shall own all rights, title,
and interest in and to: (1) the Anthem Materials and (2) any and all Anthem
Data. In addition, all Anthem Material shall be deemed Confidential Information
subject to Section 8 (Security) Security and Section 9 (Confidentiality) -
herein. Anthem hereby grants Castlight a perpetual (during the term of this
Agreement), revocable (to the extent of termination rights in this Agreement),
royalty-free (subject to any payment obligations herein), fully paid-up,
non-transferable (except to permitted Castlight assignees hereunder),
non-sublicensable, non-exclusive, worldwide license to use, the Anthem Data and
Anthem Materials to the extent necessary in a manner consistent with its
intended use as set forth in this Agreement and only during the term of this
Agreement. Except in accordance with this Section 12.2 and Section 12.4 below,
Anthem does not grant Castlight any interests in, or ownership of, any of the
Anthem Data or Anthem Materials and all rights not expressly granted are
reserved by Anthem in Anthem Data and Anthem Materials. The parties recognize
that Castlight may provide services to other Castlight clients and may use or
duplicate certain materials as templates or sources for other projects


12.3 Castlight Materials. The Parties acknowledge that materials provided by
Castlight may incorporate technology or content previously developed by
Castlight, or which Castlight has developed (i) without the use of any Anthem
intellectual property, and (ii) for services unrelated to the Castlight Services
(collectively, the “Castlight Materials”). In addition to the foregoing, for
purposes of this Agreement, “Castlight Materials” shall include: (1) Castlight’s
proprietary technology platform and system (including without limitation
software, algorithms and proprietary and technical information therein) for
gathering, analyzing, modifying and making available to users certain
health-related user and provider data and related information, guidance and
services (the “Castlight Platform”); and (2) Castlight’s technical data,
creative designs and concepts, web designs, trade secrets and know-how, business
plans, software, algorithms, programming techniques, business rules, business
methods, inventions, drawings, engineering, hardware configuration information,
marketing and strategic plans, financial data, processes, technology and designs
which it maintains for purposes of providing its consumer transparency services,
any pre-developed communication and marketing templates (the “Castlight
Service”); and (3) all intellectual property rights within the foregoing. As
between the parties,
Software as a Service (SaaS) Agreement REV. December 2014 Page 24





--------------------------------------------------------------------------------

CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS DOCUMENT, MARKED BY [***],
HAS BEEN OMITTED BECAUSE IT IS NOT MATERIAL AND WOULD LIKELY CAUSE COMPETITIVE
HARM TO THE COMPANY IF PUBLICLY DISCLOSED.


Castlight shall own all rights, title, and interest in and to the Castlight
Materials, and all Castlight Materials shall be deemed Confidential Information
subject to Section 8 (Security) and Section 9 (Confidentiality) - herein.
Subject to the provisions of this Agreement , Castlight hereby grants to Anthem
a perpetual (during the term of this Agreement), revocable (to the extent of
termination rights in this Agreement), royalty-free (subject to any payment
obligations herein), fully paid-up, non-transferable (except to Anthem
Affiliates and assignees), sublicensable (only to Authorized Users, Anthem and
its Affiliates’ employees, agents, contractors, consultants, suppliers and
third-party service providers subject to Section 4.3) ), non-exclusive,
worldwide license to use, reproduce, distribute, display and perform (whether
publicly or otherwise), offer to sell the Buy-Up Products (in conjunction with
Castlight) and otherwise use the Castlight Materials to the extent necessary to
allow Anthem the right to fully enjoy the Castlight Services solely in a manner
consistent with their intended use as set forth in this Agreement and an
applicable SOF provided they are fully paid for by Anthem in accordance with
this Agreement and only during the term of this Agreement. Nothing contained
herein shall restrict Castlight’s use of materials, techniques and skills which
are generic in nature and not specifically related to an Anthem project or do
not incorporate Anthem Confidential Information. Unless otherwise agreed to in
writing by the Parties and subject to Section 12.4 below, it is understood that
Castlight shall own all modifications, improvement, enhancements, derivative
works, additional modules or features made by Castlight to the Castlight
Materials (collectively “Modifications”), whether or not such Modifications were
made by Castlight on the basis of any feedback, ideas, suggestions, or
information provided by Anthem.


12.4 Works. It is not anticipated by either Party that Castlight will ever
create “Works” as defined below. Nonetheless, solely to the extent set forth in
a subsequent writing executed by an authorized officer (or his designee) of each
Party that the Parties intend for Castlight to create Works, the following
provisions shall apply: excluding all Castlight Materials and any Modifications
thereto (as those terms are defined in Section 12.3), “Works” shall mean all
work product and related documentation, if any, in whatever stage of completion,
created in connection with and during the performance of this Agreement. Works,
in whatever stage of completion, shall be deemed a work-made-for-hire specially
ordered and/or commissioned by Anthem. Anthem, its successors and assigns, shall
exclusively own all now known or hereafter existing rights of every kind and
nature throughout the universe (including, but not limited to, all copyrights,
moral rights and mask-works; trademarks, service marks, trade names and similar
rights; patents, design rights, algorithms and other industrial property rights;
trade secret rights; all contract, assignment and licensing rights; and all
rights in registrations, applications, renewals, extensions, continuations,
divisions or reissues thereof now or hereafter in force in the foregoing), in
perpetuity and in all languages, pertaining to the Works, tangible and
intangible, for all now known or hereafter existing uses, and Castlight hereby
irrevocably assigns and agrees to assign to Anthem, in perpetuity, without
additional consideration, all such Works (to the extent and in the event they
are not deemed work-made-for-hire). Castlight shall not have and shall not
purport to have any rights in the Works. In the event Castlight has any rights
in and to the Works (including, but not limited to, the “droit moral” or “moral
rights of authors” or any similar rights in and/or to the Works) that cannot be
assigned to Anthem as provided above, whether now known or hereafter to become
known, Castlight hereby unconditionally waives such rights and the enforcement
thereof, and all claims and causes of action of any kind with respect to any of
the foregoing. In the event Castlight has any rights in and to the Works that
cannot be assigned to Anthem and cannot be so waived, Castlight hereby grants to
Anthem a perpetual, irrevocable, royalty-free, fully paid-up, transferable,
sublicensable, exclusive, worldwide license to use, reproduce, distribute,
display and perform (whether publicly or otherwise), prepare derivative works of
and otherwise modify, make, sell, offer to sell, import and otherwise use and
exploit such Works in a manner consistent with their intended use.



Software as a Service (SaaS) Agreement REV. December 2014 Page 25





--------------------------------------------------------------------------------

CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS DOCUMENT, MARKED BY [***],
HAS BEEN OMITTED BECAUSE IT IS NOT MATERIAL AND WOULD LIKELY CAUSE COMPETITIVE
HARM TO THE COMPANY IF PUBLICLY DISCLOSED.


12.5  Anthem Intellectual Property. Notwithstanding anything to the contrary
contained in Article 12 above, as between Anthem and Castlight, Anthem is deemed
to own the Intellectual Property embodied in the Anthem Data and Anthem
Materials.


12.6 Castlight Intellectual Property. Notwithstanding anything to the contrary
contained in Article 12 above, as between Anthem and Castlight, Castlight is
deemed to own the Intellectual Property embodied in the Castlight Services,
Castlight Materials and Castlight Platform.


13.INDEMNIFICATION


13.1 Indemnification. Anthem and Castlight shall each indemnify, defend and hold
harmless the other party, and its directors, officers, employees, agents,
permitted subcontractors and assignees, subsidiaries, from and against any and
all losses, claims, damages, liabilities, costs and expenses (including, without
limitation, reasonable attorneys’ fees and costs up to one million dollars
($1,000,000.00) per claim) arising from third party claims resulting from (i)
the indemnifying party’s failure to perform or negligent performance of its
obligations under this Agreement, and/or (ii) the indemnifying party’s violation
of any law, statute, ordinance, order, standard of care, rule or regulation,
including Exhibits A (Business Associate Agreement), C (Medicare Compliance
Specialty), F (Medicaid Requirements), Exhibit I (Qualified Health Plan),
Exhibit J (BCBSA Requirements), Exhibit K (NCQA Requirements), and/or Exhibit P
(Medicaid Medicare Dual Integration Regulatory Exhibits) hereunder, and/or (iii)
the indemnifying party's breach of any promise, agreement or representation made
in this Agreement, and/or (iv) in the case of Castlight, (a) any allegation that
any portion of the Subscription Service, Castlight System, Documentation and/or
Services, provided by Castlight to Anthem pursuant to this Agreement, infringes,
misappropriates or violates any intellectual property right of any person or
entity, (b) a breach of Castlight’s security obligations hereunder and/or (c)
any act or conduct by a Castlight subcontractor based on a claim falling within
the foregoing categories (i) through (iv)(b), inclusive; provided that in the
event of a claim for infringement pursuant to this subclause (iv)(a), Castlight
may, at its sole option and expense: (i) procure for Anthem the right to
continue using the Service under the terms of the Agreement or (ii) replace or
modify the Service to be non-infringing; and/or (v) in the case of Anthem, (a)
any allegation that any portion of the Anthem Data provided by Anthem to
Castlight pursuant to this Agreement, infringes, misappropriates or violates any
intellectual property right of any person or entity, and (b) any act or conduct
by an Anthem subcontractor based on a claim falling within the foregoing
categories (i) through (iii) and (v)(a), inclusive.; provided that in the event
of a claim for infringement pursuant to this subclause (v)(a), Anthem may, at
its sole option and expense: (i) procure for Castlight the right to continue
using Anthem Data under the terms of the Agreement or (ii) replace or modify
Anthem Data to be non-infringing.  The obligation to provide indemnification
under this Agreement shall be contingent upon the party seeking indemnification
(i) providing the indemnifying party with prompt written notice of any claim for
which indemnification is sought, (ii) allowing the indemnifying party to control
the defense and settlement of such claim, provided however that the indemnifying
party agrees not to enter into any settlement or compromise of any claim or
action in a manner that admits fault or imposes any restrictions or  obligations
on an indemnified party without that indemnified party’s prior written
consent which will not be unreasonably withheld, and (iii) cooperating fully
with the indemnifying party in connection with such defense and settlement.


13.2 In addition to the indemnification obligations set forth in this Section as
well as any remedies under applicable law or set forth in this Agreement,
including, without limitation, performance guarantees and performance penalties,
in the event of a security breach as described  in this Agreement and to the
extent such breach was caused by Castlight and excluding any breach to the
extent arising from the actions or inactions of Anthem, Castlight shall
indemnify Anthem  for all costs related to the
Software as a Service (SaaS) Agreement REV. December 2014 Page 26





--------------------------------------------------------------------------------

CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS DOCUMENT, MARKED BY [***],
HAS BEEN OMITTED BECAUSE IT IS NOT MATERIAL AND WOULD LIKELY CAUSE COMPETITIVE
HARM TO THE COMPANY IF PUBLICLY DISCLOSED.


investigation as well as, at Anthem’s  election, furnishing notice to affected
Covered Individuals  and/or the offer of ongoing identity theft monitoring
services to such affected Covered  Individuals.


13.3 Notice and Participation. The indemnified Party may, at its own expense,
assist in the defense of any indemnifiable claim described in this Section 13 if
it so chooses, provided that, as long as indemnifying Party can demonstrate
sufficient financial and legal resources, indemnifying Party shall control such
defense and all negotiations relative to the settlement of any such claim, and
further provided that any settlement intended to bind the indemnified Party or
which may adversely affect the indemnified Party shall not be final without such
indemnified Party’s prior written consent, not to be unreasonably withheld or
delayed. Notwithstanding the foregoing, if the claim relates to a violation of
governmental law or regulation or to a breach of Castlight’s obligations
relating to PHI and NPFI under Exhibit A (Business Associate Agreement), and
Anthem determines in its own discretion it has a compelling interest in
conducting its own defense, then Castlight shall indemnify Anthem for Anthem’s
reasonable costs of defense (including attorneys’ fees) and for any final award
of damages, assessment of fines, penalties or other regulatory assessment,
and/or settlement or compromise (and provided Anthem gives Castlight an
opportunity to comment on any proposed settlement or compromise). The
indemnified Party shall provide the indemnifying Party with reasonable written
notice of any claim that such indemnified Party believes falls within the scope
of this Section 13.3. Each Party shall use reasonable efforts to mitigate any
potential damages or other adverse consequences arising from or related to the
Services and/or Subscription Services.


14.LIMITATION OF LIABILITY


14.1 No Consequential Damages. Except as set forth in Section 14.3 below, in no
event shall either Party be liable to the other or to any third party, whether
in contract, tort (including negligence), warranty or otherwise, for any
indirect, incidental, special, consequential, exemplary or punitive damages
(including, without limitation, loss of profits) arising out of or relating to
this Agreement, even if such Party has been advised of the possibility of such
damages.


14.2 14.2 Limit on Direct Damages. Except as set forth in Section 14.3 below, in
no event shall either Party’s aggregate liability exceed three (3) times the
total amounts paid or payable by Anthem to Castlight hereunder. For the
avoidance of doubt, amounts paid or payable include, but are not limited to,
implementation and customization fees paid or payable by Anthem to Castlight.
Any amount owed by Castlight to Anthem in the way of service credits based upon
a failure to meet the Service Levels set forth on Exhibit G attached hereto,
shall not count toward any calculation of damages under this section.


14.3 Exceptions to Limitation of Liability. The limitations of liability in
Sections 14.1 and 14.2 shall not apply to (i) a Party’s indemnification
obligations under this Agreement, (ii) a breach by a Party of its
confidentiality obligations under this Agreement, (iii) claims relating to
willful misconduct, gross negligence, personal injury or damage to property,
(iv) abandonment by Castlight of the Agreement or a breach by Castlight of the
paragraph entitled “Electronic Self-Help”, or (v) any fines or penalties arising
from a Party’s acts or omissions in performing in accordance with this
Agreement.


15.SUBCONTRACTORS


15.1 Subcontractors. Except as to the subcontractors listed in Exhibit N
(Approved Subcontractors), Castlight shall not subcontract any of its
obligations under this Agreement without (i) providing Anthem in writing the
scope of the proposed subcontract and the identity and qualifications of the
proposed subcontractor (and allowing Anthem a reasonable period of time to
evaluate the
Software as a Service (SaaS) Agreement REV. December 2014 Page 27





--------------------------------------------------------------------------------

CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS DOCUMENT, MARKED BY [***],
HAS BEEN OMITTED BECAUSE IT IS NOT MATERIAL AND WOULD LIKELY CAUSE COMPETITIVE
HARM TO THE COMPANY IF PUBLICLY DISCLOSED.


subcontracting proposal), (ii) obtaining Anthem’s prior written approval; and
(iii) causing the approved subcontractor to agree in writing to perform and be
subject to all of Castlight’s obligations under this Agreement; and (iv)
prohibiting the subcontractor from further subcontracting without Anthem’s prior
written approval. Notwithstanding Anthem’s approval of a subcontracting
arrangement, Castlight shall remain primarily liable for the performance of all
subcontracted obligations and shall remain Anthem’s sole point of contact under
this Agreement. At Anthem’s reasonable request, Castlight shall promptly remove
and/or replace any subcontractor.


16.ROUTINE MODIFICATIONS AND ENHANCEMENTS


16.1 Castlight may implement routine enhancements to The Transparency Web Site
and the Core Transparency Functionality when such enhancements are intended to
improve user experience, provided that (i) such modifications and enhancements
have no adverse material impact on the Services or on the security of the Anthem
Data or of Anthem’s systems; and (ii) such modifications and enhancements cause
no increase in fees or other costs chargeable to Anthem hereunder; and (iii)
Anthem has received prior notification of the proposed implementation of such
enhancements. Except for such routine enhancements and other modifications as
may be necessary on an emergency basis as reasonably determined by Anthem, no
changes, modifications or enhancements to the Transparency Web Site or the Core
Transparency Functionality shall be made without Anthem’s prior written consent,
which consent shall not be unreasonably withheld. Changes that are necessary for
the security of the Services or for compliance with applicable laws, licenses,
regulations, or government orders shall be deemed to be changes that are
necessary on an emergency basis. As to any such changes made on an emergency
basis, Castlight shall notify Anthem thereof as soon as practicable, and the
parties shall work together in good faith to resolve any concerns, problems, or
performance issues created by such changes.

If, after the execution of this SOF, Anthem determines that it desires Castlight
to materially customize the Transparency Web Site Core Transparency
Functionality, the parties shall negotiate in good faith and shall memorialize
any further customization and associated cost in writing. Customizations
undertaken by Castlight shall be billed to Anthem on a time and materials basis
at a blended rate not to exceed $150 per hour.


17.DISPUTE RESOLUTION


17.1 Informal Dispute Resolution


17.1.1 Promptly after the Effective Date, the Parties will establish a Services
Planning and Coordination Committee (“SPCC”). The SPCC will include qualified
employees from each Party and will meet regularly as needed during the Term of
the Agreement at a cadence to be mutually agreed upon by the Parties. The SPCC
will consist of three representatives identified by Anthem and three
representatives identified by Castlight, and will be responsible for
establishing and periodically revising implementation timelines and roadmaps for
the Services, that takes into account the requirements the Parties’ respective
product development plans and customer needs. The SPCC will also be responsible
for establishing and periodically revising a sales and marketing activity plan,
for coordinating the Parties’ respective sales and marketing activities. The
SPCC will attempt to reach all decisions on matters under the SPCC’s authority
by unanimous agreement of the SPCC’s members, provided that if the SPCC cannot
unanimously agree on a matter within the SPCC’s authority within ten (10)
business days after a SPCC member has first raised such issue to the SPCC for a
decision, then either Party may, by written or email notice to the other, have
such issue be decided by in accordance with Section 17.1.2 (Good Faith Efforts)
below. Each Party may designate
Software as a Service (SaaS) Agreement REV. December 2014 Page 28





--------------------------------------------------------------------------------

CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS DOCUMENT, MARKED BY [***],
HAS BEEN OMITTED BECAUSE IT IS NOT MATERIAL AND WOULD LIKELY CAUSE COMPETITIVE
HARM TO THE COMPANY IF PUBLICLY DISCLOSED.


and replace its representatives on the SPCC at any time, by written or email
notice to the other Party. For the avoidance of doubt the SPCC has no authority
to alter the terms and conditions of this Agreement and any such change must be
in the form of an amendment to this Agreement signed by both Parties.
17.1.2 Good Faith Efforts The Parties agree that they will make a good faith
attempt to resolve any dispute arising under this Agreement before instituting
legal action. Such good faith attempt shall include, but not be limited to,
elevating the issue to management personnel of each Party who have the power to
settle the dispute on behalf of that Party and, failing that, to a vice
president level executive for each Party, as noted in 16.1.2, below.
17.1.3 Escalation to Executives. To the extent any disagreements arising under
this Agreement are not resolved by the management personnel of each party within
a reasonable time after the occurrence of the disagreement, either Party may
give to the other a Notice that a dispute has arisen. The Notice shall contain
(i) a detailed description of the dispute and all relevant underlying facts, and
(ii) a detailed description of the amount(s) in dispute and how they have been
calculated. Within fourteen (14) days after the date of the Notice, such dispute
shall be referred to a vice president level executive for each Party.
17.1.4 Failure of Informal Efforts. If such executive officers of both Parties
are unable to resolve the dispute within fourteen (14) days of the referral to
them, either Party shall be free to pursue any claim in court.
17.1.5 No Power to Alter Agreement. Either Party may seek interim measures of
protection concerning any subject matter of the dispute subject to arbitration,
including but not limited to interim injunctive relief, in a court of competent
jurisdiction.


17.2 Disputes Involving Confidential information or Intellectual Property.
Notwithstanding the foregoing, in any dispute concerning Confidential
information and Intellectual Property, a Party may elect to have the dispute
resolved by a court of competent jurisdiction in Marion County, Indiana, and
upon a Party’s commencement of any such action, any informal resolution then
pending shall be stayed, insofar as it concerns Confidential information or
intellectual property. Without limiting the generality of the foregoing, each
Party acknowledges that irreparable injury may result to a Party in the event
that the other Party fails to perform its obligations under this Agreement with
respect to Confidential information or Intellectual Property and each Party
agrees that, in such event, each Party shall be entitled, in addition to any
other remedies and damages available to it, to seek interim injunctive relief to
restrain the breach or compel the performance of this Agreement.


17.3 Waiver of Jury Trial. Each of the parties hereby unconditionally waives any
right to a jury trial with respect to and in any action, proceeding, claim,
counterclaim, demand, dispute or other matter whatsoever arising out of this
agreement.


17.4 Continued Services; Enforcement. Notwithstanding any dispute, Castlight
shall continue timely performance of the Services or its other obligations under
this Agreement (including the continued provisions of all rights of access and
use to Anthem, its Affiliates and their Authorized Users) and, if it
discontinues or does not timely perform such obligations, Anthem may seek a
temporary and/or permanent injunction or similar order in any state or federal
court within the State of Indiana for the sole purpose of compelling continued
and timely performance of Castlight’s obligations hereunder. The
Software as a Service (SaaS) Agreement REV. December 2014 Page 29





--------------------------------------------------------------------------------

CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS DOCUMENT, MARKED BY [***],
HAS BEEN OMITTED BECAUSE IT IS NOT MATERIAL AND WOULD LIKELY CAUSE COMPETITIVE
HARM TO THE COMPANY IF PUBLICLY DISCLOSED.


provisions of this Section may be enforced by any court of competent
jurisdiction, and the prevailing Party in any such action shall be entitled to
an award of all costs, fees and expenses, including attorneys’ fees.
Notwithstanding the foregoing, nothing in this section 17.1 shall prohibit
Castlight from suspending Services under an Order Schedule in the event Anthem
has failed to pay any undisputed amounts that are outstanding more than ninety
(90) days under such Order Schedule after Anthem’s receipt of an invoice and
notice of failure to pay on a timely basis from Castlight.




18.MISCELLANEOUS


18.1 Assignment. Neither Party may assign its rights or obligations under the
Agreement to any third party without the prior written consent of the other
Party; provided however, that (i) Anthem may assign this Agreement to any
Affiliate (provided that Anthem shall remain fully liable for the performance of
all obligations hereunder) and (ii) either Party may assign this Agreement
without the consent of the other Party, in the case of a merger or acquisition
of all or substantially all of the assigning Party’s assets. The Agreement shall
be binding upon and inure to the benefit of the Parties and their respective
successors and permitted assigns.


18.2 NCQA Certification. Castlight shall make reasonable efforts to obtain the
NCQA certification applicable to the Castlight Services, shall commence such
efforts within 30 days following the Effective Date of this Agreement, and shall
periodically provide progress updates to Anthem upon request. Castlight shall
also comply with Exhibit K - NCQA Division of Responsibilities, attached hereto.


18.3 Trademarks and Branding/No Publicity.


18.3.1 Except as may be explicitly set forth in this Agreement (or otherwise
expressly approved in writing by Anthem in advance, neither Party shall use the
name, logo, service marks, domain names, symbols or any other name or mark of
the other Party or the other Party’s Affiliates, without the prior written
consent of the other Party (which may be via email). Except: (a) as may be
explicitly set forth in this Agreement; (b) otherwise expressly approved in
writing by Anthem in advance; or (c) as may be required by applicable law or
legal process, Castlight shall not at any time either during the Term or at any
time after any expiration or termination of this Agreement: (i) disclose in
advertising campaigns, public relation campaigns or otherwise publicize or
disclose the existence of this Agreement, or any terms or conditions of this
Agreement, or Anthem’s or its Affiliates’ status as a customer of Castlight or
(ii) provide a hyperlink from any Internet site that it maintains to any
Internet site maintained by Anthem or any Anthem Affiliate. The Parties shall
periodically meet to discuss necessary and appropriate disclosures in connection
with the Parties’ obligations under this Agreement, and agree on talking points
and/or other communications acceptable by the Parties without the need for
further approvals, provided content of and usage parameters for the approved
talking points and communications are not altered prior to re-use. Castlight
shall not extract any information or other data from any Internet site
maintained by Anthem or any Anthem Affiliate, including framing and deep
linking, without the express written consent of Anthem.
18.3.2 In addition, Castlight has no license to use the Blue Cross and/or Blue
Shield names, symbols, or derivative marks (the “Brands”) and nothing in the
Agreement shall be deemed to grant a license to Castlight to use the Brands. Any
references to the Brands made by Castlight in its own materials are subject to
review and approval by Anthem.

Software as a Service (SaaS) Agreement REV. December 2014 Page 30





--------------------------------------------------------------------------------

CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS DOCUMENT, MARKED BY [***],
HAS BEEN OMITTED BECAUSE IT IS NOT MATERIAL AND WOULD LIKELY CAUSE COMPETITIVE
HARM TO THE COMPANY IF PUBLICLY DISCLOSED.


18.3.3 Castlight shall have the sole right to label and brand its services and
products (including all Buy-Up Products, except to the extent that such Buy-Up
Products are co-branded at such time and in such a manner as to be
mutually-acceptable by the Parties and compliant with all then-applicable BCBSA
Requirements) and shall have the sole right to use its service and product names
and brands. Anthem shall have the sole right to label and brand its services and
products that are provided by Castlight or that use Castlight Intellectual
Property as permitted under this Agreement.
18.4 Governing Law and Consent to Jurisdiction. The Agreement shall be governed
by and construed in accordance with the laws of the State of Indiana, without
giving effect to its conflict of laws principles. The Parties consent and agree
to the exclusive jurisdiction of the tribunals Marion County, Indiana and waive
any and all objections to such forums, including but not limited to objections
based on improper venue or inconvenient forum. Notwithstanding the foregoing,
the Parties agree that the Uniform Computer Information Transactions Act (UCITA)
as enacted in any Commonwealth or State of the United States shall not apply to
this Agreement or any performance hereunder and the Parties expressly opt-out of
the applicability of UCITA to this Agreement.


18.5 Notices. All notices, requests, claims, demands, and other communications
(each a “Notice”) under the Agreement shall be in writing and shall be given or
made by delivery in person, by facsimile, by courier service, or by certified
mail (postage prepaid, return receipt requested) to the respective Party at the
following address set forth below or at such other address as such Party may
hereafter notify the other Party in accordance with this Section. Each such
Notice will be effective as follows: (a) as of the day transmitted by facsimile
if receipt has been electronically confirmed; (b) as of the date emailed if
receipt has been electronically confirmed or so long as a duplicate copy is
contemporaneously provided by another Notice methodology set forth in this
Section; (c) as of the date actually delivered if sent by a recognized
commercial express delivery service that uses delivery tracking technology; (d)
four (4) business days after the date actually deposited with the U.S. mail if
sent postage-paid First Class; and (e) as of the date actually delivered if
delivered by personal courier to the office location of the recipient during
normal business hours.


For Anthem:


Anthem, Inc.
120 Monument Circle
Indianapolis, IN 46204
Attention: General Counsel


With a mandatory copy to:


Anthem, Inc.
120 Monument Circle
Indianapolis, IN 46204
Attention: Procurement - Contract Administration




For Castlight:


Castlight Health, Inc.
Two Rincon Center

Software as a Service (SaaS) Agreement REV. December 2014 Page 31





--------------------------------------------------------------------------------

CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS DOCUMENT, MARKED BY [***],
HAS BEEN OMITTED BECAUSE IT IS NOT MATERIAL AND WOULD LIKELY CAUSE COMPETITIVE
HARM TO THE COMPANY IF PUBLICLY DISCLOSED.


121 Spear Street, Suite 300
San Francisco, CA 94105
Attention: CEO
Fax number:


With a courtesy copy to:
Castlight Health, Inc.
Two Rincon Center
121 Spear Street, Suite 300
San Francisco, CA 94105
Attention: Legal


18.6 Modification; Waiver.


18.6.1 No modification to the Agreement shall be valid unless in writing and
signed by each Party. No delay or omission by either Party to exercise any right
or power it has under this Agreement shall impair or be construed as a waiver of
such right or power. A waiver by any Party of any breach or covenant shall not
be construed to be a waiver of any succeeding breach or any other covenant. All
waivers must be in writing and signed by the Party waiving its rights.
18.6.2 Nothing on any invoice, purchase order acknowledgment, click wrap, shrink
wrap license or any other “boilerplate” or standard terms issued by Castlight at
any time during the Term shall contradict, vary or amend the terms of this
Agreement and any contrary or differing term shall have no force or effect.
18.7 No Gratuities or Kickbacks. Anthem may, by written notice to Castlight,
terminate the Agreement, any SOW, and some or all rights of Castlight hereunder,
if Anthem has a reasonable cause to believe that gratuities (in the form of
entertainment, gifts or otherwise that are of inappropriate value and/or not in
accordance with Anthem’s policies in excess of that which is reasonable and
customary in Anthem’s industry, or which would not be considered in good taste
if publicly scrutinized) were offered or given by Castlight, or any employee,
subcontractor, agent or representative of Castlight, to an officer or employee
of Anthem or any Anthem Affiliate in a position to secure or influence the
awarding of, or amendment to, the entire Agreement or any SOW, or any
determination with respect to Castlight’s performance hereunder, or any decision
or action favorable to Castlight.


18.8 Force Majeure.


18.8.1 General. A delay by a Party in the performance of its obligations under
this Agreement shall not be deemed a default of this Agreement to the extent
that such delay is attributable to a Force Majeure Event and could not have been
prevented or minimized by the non-performing Party by means of the exercise of
reasonable precautions, or cannot reasonably be circumvented by the
non-performing Party in a commercially reasonable manner, including through the
use of alternate sources or work-around plans. Notwithstanding the foregoing,
Castlight acknowledges and agrees that this Section 18.8 shall not limit
Castlight’s obligation to initiate and provide timely and effective disaster
recovery or business continuity for the Services described in this Agreement,
the applicable Statement of Work, or any Exhibits and schedules thereto.
18.8.2 Right to Terminate. If a Force Majeure Event prevents, hinders or delays
a Party's ability to perform for more than 45 days and materially and adversely
affects the other Party,
Software as a Service (SaaS) Agreement REV. December 2014 Page 32





--------------------------------------------------------------------------------

CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS DOCUMENT, MARKED BY [***],
HAS BEEN OMITTED BECAUSE IT IS NOT MATERIAL AND WOULD LIKELY CAUSE COMPETITIVE
HARM TO THE COMPANY IF PUBLICLY DISCLOSED.


then in such event the other Party may, in its reasonable discretion, choose to
terminate the applicable Statement of Work upon written notice.
18.8.3 Force Majeure Event. The term “Force Majeure Event” shall mean a fire,
flood, earthquake, terrorism, or similar act beyond the reasonable control of a
Party. A strike, lockout or similar labor dispute by a Party’s personnel shall
be deemed to be within such Party’s reasonable control. In addition, if
Castlight reasonably believes that an act of war, riot, civil disorder, or
rebellion is likely, either Party may request that certain changes to the
Services be proposed in light of such Force Majeure Event. Unless otherwise
mutually agreed by the Parties, if Anthem agrees to changes initiated by
Castlight due to an act of war, riot, civil disorder, or rebellion, Castlight
shall bear all costs and expenses to perform and implement the changes. If
Anthem does not agree to so change the Services, or if the event of war, riot,
civil disorder, or rebellion occurs, such event shall be deemed to be a Force
Majeure Event.
18.8.4 Allocation of Resources. If a Force Majeure Event causes Castlight to
allocate limited resources between or among Castlight’s customers, and if the
Services are disrupted by such Force Majeure event, Castlight shall not treat
any other customer better than Anthem nor reduce process capacity or performance
below the business continuity requirements stipulated above. If a Force Majeure
Event causes Castlight to allocate limited resources between or among
Castlight’s customers, and if the Services are not disrupted by such Force
Majeure Event, Castlight shall not reduce process capacity or performance below
the level of the process capacity and performance immediately prior to the Force
Majeure Event. In addition, Castlight shall not redeploy or reassign any key
personnel to another Castlight account in the event of a Force Majeure Event
without Anthem’s prior written consent.
18.9 Severability. If any provision of the Agreement is held to be invalid,
illegal or unenforceable in any respect under applicable law, such provision
shall be excluded from the Agreement and the balance of the Agreement shall be
interpreted as if such provision were so excluded and shall be enforceable in
accordance with its terms.


18.10 Relationship of Parties. The Parties intend to be, are, and shall at all
times be independent contractors with respect to this Agreement and all
performance under this Agreement. Under no circumstances shall Castlight, any
Castlight personnel, or any other of Castlight’s employees, subcontractors,
agents, or representatives be considered to be employees or agents of Anthem or
any of Anthem’s Affiliates, or be entitled to participate in any of Anthem’s or
its Affiliates’ employee benefit programs including workers compensation and
disability insurance, group health, dental and vision insurance, unemployment
insurance, retirement plans, or stock-based benefits or plans. Neither Party is
an agent, partner or employee of the other Party, or its Affiliates, and neither
Party has any right or any other authority to enter into any agreements or
undertaking in the name of or for the account of the other Party or to create or
assume any obligations of any kind, express or implied, on behalf of the other
Party nor will the act or omissions of either create any liability for the other
Party. No form of joint employer, joint venture, partnership, or similar
relationship between the Parties, or between either Party and any Affiliate of
the other Party, is intended or hereby created. This Agreement shall in no way
constitute or give rise to a partnership or joint venture between the Parties.


18.11 Titles and Subtitles. The titles and subtitles used in the Agreement are
used for convenience only and are not to be considered in construing or
interpreting the Agreement.



Software as a Service (SaaS) Agreement REV. December 2014 Page 33





--------------------------------------------------------------------------------

CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS DOCUMENT, MARKED BY [***],
HAS BEEN OMITTED BECAUSE IT IS NOT MATERIAL AND WOULD LIKELY CAUSE COMPETITIVE
HARM TO THE COMPANY IF PUBLICLY DISCLOSED.


18.12 Counterparts. The Agreement and any Agreement may be executed in two or
more counterparts, each of which shall be deemed an original, but all of which,
when taken together, shall constitute one and the same instrument.


18.13 Electronic Signatures. The Parties agree electronic signatures may be
utilized for execution of this Agreement and any attachments hereto, including
but not limited to, Statements of Work. The Parties acknowledge and agree that
(i) the issuance of an electronic signature shall be valid and enforceable as to
the signing Party to the same extent as an inked original signature; and (ii)
these documents shall constitute “original” documents when printed from
electronic files and records established and maintained by either Party in the
normal course of business. Unless otherwise agreed to by the Parties, the
purchase order number (issued by Anthem) shall constitute Anthem’s electronic
signature and consent to any purchase order and the Castlight’s invoice number
shall constitute Castlight’s electronic signature and consent to provide the
Subscription Service and/or other related services.  Each Party agrees that the
Anthem purchase order number or the Castlight invoice number, as issued by the
respective Party, shall be sufficient to verify that such Party originated the
document.  Neither Party shall disclose to any unauthorized person the purchase
order Number or the invoice number.


18.14 Deficit Reduction Act Notification to Castlight. Section 6032 of the
Deficit Reduction Act of 2005 (“DRA”) and state laws enacted pursuant to the DRA
require certain entities such as Anthem to establish policies and procedures to
help the entity, and its contractors and agents, detect and prevent fraud, waste
and abuse relating to services provided for certain government funded programs,
including Medicaid. The DRA and state laws also require certain entities to make
their suppliers aware: (a) of the provisions of the False Claims Act and similar
state statutes prohibiting anyone from knowingly submitting or causing another
person or entity to submit false claims for payment of government funds; and (b)
that any person in violation is potentially liable for three times the damages
or loss to the government plus substantial civil penalties (currently $5,500 to
$11,000). In addition, the False Statements Act prohibits anyone from making
false statements or withholding material information in connection with the
delivery of services to, or payments from, the government. Violations of these
acts can also result in criminal convictions and imprisonment of up to five (5)
years. As part of Anthem’s policies designed to prevent fraud, waste and abuse,
Anthem does not retaliate against personnel who report violations (or suspected
violations) of state of federal False Claims Acts. .


18.15 Covenant Not to Trade on Insider Knowledge. Each Party acknowledges that
the other Party is a publicly traded corporation. Each Party agrees that it will
not purchase or sell any stock of the other Party based on the other Party’s
Confidential information. Each Party further agrees that, if it discloses the
other Party’s Confidential information to any other person or entity in
accordance with this Agreement, it will advise that other person or entity of
the duty not to trade based on such Confidential information.


18.16 Cumulative Remedies. Except as otherwise expressly provided in this
Agreement, all remedies provided for in this Agreement shall be cumulative and
in addition to, and not in lieu of, any other remedies available to either Party
at law, in equity or otherwise.


18.17 No Third Party Beneficiaries. This Agreement shall not benefit, or create
any right or cause of action in or on behalf of, any person or entity other than
Anthem, its Affiliates and assignees, or Castlight; provided that if either
Party’s Affiliates’ has a cause of action under this Agreement against the other
Party, such action must be initiated by a Party to this Agreement against the
other Party, and not against such Party’s Affiliates directly.



Software as a Service (SaaS) Agreement REV. December 2014 Page 34





--------------------------------------------------------------------------------

CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS DOCUMENT, MARKED BY [***],
HAS BEEN OMITTED BECAUSE IT IS NOT MATERIAL AND WOULD LIKELY CAUSE COMPETITIVE
HARM TO THE COMPANY IF PUBLICLY DISCLOSED.


18.18 Entire Agreement. This Agreement sets forth the entire agreement of the
Parties with respect to the subject matter of such Agreement, and except as set
forth in the following sentence, supersedes any and all prior proposals,
agreements, understandings, and contemporaneous discussions, whether oral or
written, between the Parties with respect to the subject matter of this
Agreement. Notwithstanding the foregoing, that certain Confidentiality Agreement
entered into by the Parties effective March 24, 2011 (the “Confidentiality
Agreement”) shall remain in effect and shall continue to govern Castlight’s uses
and disclosures of Anthem’s Proprietary and Confidential Information when
released thereunder via Data Release Specifications Forms associated with and
incorporated into such Confidentiality Agreement. In addition, the following
other agreements entered into by the Parties (as amended) shall remain in
effect: (1) the Reference-Based Benefits Collaboration Agreement effective as of
January 18, 2013; (2) the Amended and Restated Transparency Data Agreement
effective as of August 31, 2015; (3) the Data Mining and Analytics Services
Agreement effective as of March 1, 2013; (4) the Vendor Agreement effective as
of September 12, 2013; and (5) the Blue Cross and Blue Shield Association Data
Access Agreement for Transparency Services effective as of July 18, 2014.


IN WITNESS WHEREOF, the undersigned have read, understood and executed this
Agreement and agree to be bound by its provisions as of the Effective Date.



Castlight Health, Inc.Anthem, Inc.Anthem, Inc.CastlightAnthem, Inc.Anthem, Inc.
(Procurement)By: /s/ Gio CollelaBy: /s/ Brian GriffinBy: /s/ Shane
O’ReillySignatureSignatureSignatureGio CollelaBrian GriffinShane O’ReillyPrinted
NamePrinted NamePrinted NameCo-Founder and CEOPresident NY and PharmacyStaff VP
Strategic SourcingTitleTitleTitle10/28/201510/29/201510/28/2015DateDateDate





Software as a Service (SaaS) Agreement REV. December 2014 Page 35





--------------------------------------------------------------------------------

CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS DOCUMENT, MARKED BY [***],
HAS BEEN OMITTED BECAUSE IT IS NOT MATERIAL AND WOULD LIKELY CAUSE COMPETITIVE
HARM TO THE COMPANY IF PUBLICLY DISCLOSED.


EXHIBIT E


Diversity Supplier Compliance


The Castlight agrees to comply fully with Anthem’s Castlight Diversity
Initiative, as further described in the Guidelines for Prospective Suppliers
(found at
http://www.Anthem.com/prodcontrib/groups/Anthem/@wp_suppliers/documents/wlp_assets/pw_d015001.pdf)
and any participation plan that may have been submitted to Anthem. The following
certified diverse suppliers will be participating in this Contract.




Diverse Suppliers
Phone
Email
Anthem Name
Scope of Goods and/or Services
Utilization Date
Amount or Percent





The Castlight must obtain the approval of Anthem’s Supplier Diversity Director
before changing any Castlight Diversity participation plan submitted in
connection with this Agreement.



Software as a Service (SaaS) Agreement REV. December 2014 Page 36





--------------------------------------------------------------------------------

CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS DOCUMENT, MARKED BY [***],
HAS BEEN OMITTED BECAUSE IT IS NOT MATERIAL AND WOULD LIKELY CAUSE COMPETITIVE
HARM TO THE COMPANY IF PUBLICLY DISCLOSED.


EXHIBIT F


Medicaid Requirements


The following Attachments are applicable to all of the services performed by
Castlight for any member enrolled in a Medicaid program in the particular state
to which the Attachment pertains.  Notwithstanding the foregoing, all provisions
contained in the Attachments may not be applicable to certain services provided
by administrative services Castlight as certain provisions are applicable solely
to providers of medical services.  Only those provisions applicable to the
specific services provided by Castlight shall be deemed to be incorporated into
the Agreement.  State-specific requirements may be added from time to time
without need for additional amendment when an existing program is expanded to
include a new Affiliate or a new program encompasses a new Affiliate. In the
following documents, “subcontractor”, “Vendor” and “Supplier” refer to the
“Castlight” under the Agreement.




Exhibit F-1 California Medicaid Subcontract Exhibit
Exhibit F-2 Medicaid Exhibit Indiana HHW HIP HCC
Exhibit F-3 Massachusetts Medicaid Requirements for Vendors
Exhibit F-4 New York Medicaid Requirements - Vendors
Exhibit F-5 Medicaid Exhibit South Carolina
Exhibit F-6 Medicaid Exhibit Texas (Anthem)
Exhibit F-7 Virginia Medicaid Requirement
Exhibit F-8 West Virginia Medicaid Requirements - Vendor
Exhibit F-9 Medicaid Exhibit Wisconsin
Exhibit F-10 Florida Medicaid Subcontract Exhibit
Exhibit F-11 Kansas Medicaid Subcontract Exhibit
Exhibit F-12 Medicaid Exhibit Louisiana
Exhibit F-13 Medicaid Exhibit Maryland
Exhibit F-14 New Jersey Medicaid Subcontract Exhibit
Exhibit F-15 Medicaid Exhibit Nevada
Exhibit F-16 Medicaid Exhibit Tennessee
Exhibit F-17 Medicaid Tennessee BAA – Utilize for all TN Vendors
Exhibit F-18 Medicaid Exhibit Texas (Amerigroup)
Exhibit F-19 Medicaid Exhibit Kentucky
Exhibit F-20 Medicaid Exhibit Washington
Exhibit F-21 Georgia Medicaid Exhibit

















Software as a Service (SaaS) Agreement REV. December 2014 Page 37





--------------------------------------------------------------------------------

CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS DOCUMENT, MARKED BY [***],
HAS BEEN OMITTED BECAUSE IT IS NOT MATERIAL AND WOULD LIKELY CAUSE COMPETITIVE
HARM TO THE COMPANY IF PUBLICLY DISCLOSED.


EXHIBIT G
SERVICE LEVELS


I. Castlight Service Levels. Castlight’s performance shall be measured against
the Performance Standards set forth in this Exhibit G and Castlight shall be
assessed penalties, if applicable, as stated below. Performance Standard
measurements and Castlight’s obligation to achieve the Performance Standards set
under this Exhibit G are in addition to any and all other rights and remedies
provided under the Agreement and/or applicable law.


A.Definitions. The capitalized terms used herein shall have the meanings
ascribed to them in this Section A or, if not defined below, in Section 1 of the
Agreement.


1. “Uptime” shall mean all times when the Castlight System is running and is
available to be accessed by Authorized Users.


2. “Available Time” shall mean the number of hours in any given calendar month
less the amount of Downtime (excluding Standard Maintenance Window hours)
related to events outside of Castlight’s control, such as force majeure events,
internet-wide disruptions or denial of service attacks.


3. “Downtime” shall mean all times in which the Castlight System fails HTTP
checks, content verification checks and a service check


4. “Standard Maintenance Window” shall mean a biweekly maintenance period
between 1:00 a.m. and 5:00 a.m. Eastern Time, every second and fourth Friday of
each month. Twice annually this maintenance period may be six hours between
12:00 a.m. and 6:00 a.m. Eastern Time, provided Anthem is notified at least ten
days in advance of the period.


5. “End Users” shall mean Authorized Users for which there is an effective SOF
in place and for which a Launch Date has occurred.


6. “Emergency Maintenance Window” means emergency updates as result of vendor
recommended patches to deal with high risk security threats as well as hardware
replacement, which maintenance Castlight will use commercially reasonable
efforts to perform maintenance during periods of low usage (such as evenings)
and to promptly notify customers of emergency maintenance. Anthem would be
notified within 90 minutes of determination that the emergency maintenance will
occur and before the actual emergency maintenance would begin.  Thereon, Anthem
would be updated regularly throughout the time period through resolution.


B.Measurements and Reporting



Software as a Service (SaaS) Agreement REV. December 2014 Page 38





--------------------------------------------------------------------------------

CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS DOCUMENT, MARKED BY [***],
HAS BEEN OMITTED BECAUSE IT IS NOT MATERIAL AND WOULD LIKELY CAUSE COMPETITIVE
HARM TO THE COMPANY IF PUBLICLY DISCLOSED.


1. Throughout the Term of the Agreement, Castlight shall measure its performance
of Services against the Performance Standards set forth below.


2. Castlight shall report such performance results, and any applicable penalties
incurred, to Anthem via a “Performance Standards Report,” shall be provided in a
template in a format mutually agreed to by the Parties Such Castlight Reporting
shall, when applicable, contain in writing the cause of any performance
failure(s) and the steps taken by Castlight to remediate. With respect to each
Castlight failure to provide the Services in accordance with the applicable
Service Levels, Castlight shall, as soon as reasonably practicable but not later
than five (5) days after such failure unless otherwise agreed to:


a. perform a root-cause analysis to identify the cause of such failure;
b. provide Anthem with a written report detailing the cause of such failure, and
procedure for correcting such failure
c. correct the problem and begin meeting the Service Level; and
d. to the extent within Castlight’s ability to control, take appropriate
preventive measures so that the problem does not reoccur.


Castlight agrees it will inform Anthem of its corrective procedures, and Anthem
can provide input into such procedures. For the avoidance of doubt, if the
root-cause analysis cannot conclusively prove whether Castlight was not the
cause of or responsible for a Service Level failure, then the Parties shall
discuss an appropriate resolution to such failure. As part of such efforts, the
Castlight Personnel shall work in a collaborative environment (including within
reliability meetings and by coordinating with Anthem): (i) to identify offending
system(s) contributing to such failures or outages, and (ii) to determine the
singular point of failure and reason for that failure.


3. Performance Standards Reports shall be furnished to Anthem on a monthly basis
within two (2) weeks after the end of the month (the “Monthly Report Date”), for
results for the preceding month and a year-end review.


C.Calculation and Payment of Penalties


1. If at any time Castlight fails to meet any Performance Guarantee, Castlight
shall calculate the applicable Performance Guarantee Penalty as identified
below.


2. Castlight shall remit the total Performance Guarantee Penalty amount to
Anthem on a quarterly basis following the quarter to which the Penalty applies.


3. If Castlight fails to meet an applicable Performance Standard two (2) times
within a quarter or for two (2) consecutive months, Castlight shall provide
Anthem with a corrective action plan, subject to Anthem’s review, collaboration
and provision of input, which shall include, at a minimum, root cause analysis,
scheduled meetings with Anthem to report on progress, weekly reporting to Anthem
with associated backup information, and service level performance monitoring to
remedy any failures.



Software as a Service (SaaS) Agreement REV. December 2014 Page 39





--------------------------------------------------------------------------------

CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS DOCUMENT, MARKED BY [***],
HAS BEEN OMITTED BECAUSE IT IS NOT MATERIAL AND WOULD LIKELY CAUSE COMPETITIVE
HARM TO THE COMPANY IF PUBLICLY DISCLOSED.


4. Notwithstanding anything herein or in the Agreement to the contrary, the
Parties agree that the Performance Guarantee Penalties described in this Exhibit
G payable by Castlight in any month, shall not exceed [***].


D.Adverse Performance Trends


1. If, during the course of any month (e.g., by reviewing performance data),
Anthem becomes aware of adverse performance trends (e.g., trends indicating
Castlight may not meet the Performance Standards for the month and provided the
adverse trend is not the result of data being received in an incorrect format,
incomplete or not timely), at Anthem’s request, Castlight shall promptly prepare
corrective action plans to address such adverse performance trends, and with
Anthem’s approval, promptly implement such plans, even though the applicable
measurement period has not been completed and, accordingly, there has not yet
been a Performance Standard default.


2. Nothing herein is meant to waive Anthem’s rights to demand corrective action
plans or take any other action that is permitted by the terms of the Agreement.


E.Material Breaches


1. In the event of a material breach of the Agreement by Castlight, Anthem in
its sole discretion may elect to impose a Performance Guaranty Penalty, which
shall be in lieu of any other remedy for such material breach.


2. To make such election, Anthem shall provide written notice to Castlight that:


a. identifies the material breach,
b. provides Castlight with a reasonable cure period or not less than fifteen
(15) calendar days, and
c. informs Castlight of the Performance Guaranty Penalty that will be imposed at
the end of the cure period if the material breach has not been cured.


F.Performance Guarantee Data Requirements. Notwithstanding any provision herein,
the failure by Anthem to provide data to Castlight as set forth in the
Agreement, as applicable, and as required for the Performance Guarantees
contained in this Exhibit G, shall \relieve Castlight of those guarantees under
this Exhibit G that are dependent on Anthem’s provision of such data, for the
period of such failure by Anthem, and only if the lack of or late delivery of
data materially impacts Castlight’s ability to comply with such Performance
Guarantees.


G.Reporting Timeliness Performance Guarantee. The following specifications shall
apply to the timeliness of Castlight’s satisfaction of the reporting
requirements set forth in the Agreement and in this Attachment, including its
Addendum B:


1. Performance Guarantee Standards


a. Monthly Reports – All reports received by Anthem within two (2) weeks after
the end of the month.


Software as a Service (SaaS) Agreement REV. December 2014 Page 40





--------------------------------------------------------------------------------

CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS DOCUMENT, MARKED BY [***],
HAS BEEN OMITTED BECAUSE IT IS NOT MATERIAL AND WOULD LIKELY CAUSE COMPETITIVE
HARM TO THE COMPANY IF PUBLICLY DISCLOSED.


b. Root Cause Analysis Reports – As specified in Section B.2., above.


c. Severity1 Impact Reports – Summarizing the event shall be distributed to the
Anthem Business Lead and IT Lead within one (1) business day of the event.


2. Performance Guarantee Penalty –[***].


H.User Satisfaction Survey Results Performance Guarantee


1.Performance Guarantee Standards. Castlight shall satisfy the following
elements:


a. Evaluate User satisfaction with the Services, using sound mechanisms for data
collection and reliable methodologies for evaluating and analyzing satisfaction
data, including documentation of areas of dissatisfaction. Anthem shall have
reasonable input into the content of the satisfaction survey, if Anthem so
requests.


b. Take actions that Anthem and Castlight mutually agree are likely to improve
the identified areas of dissatisfaction.


2.Performance Guarantee Penalty –[***] .


I.Escalated Issue Response Performance Guarantee. The following specifications
shall apply to the timeliness of Castlight’s response to issues raised by Anthem
Customer Service and Account Management:


1. Performance Guarantee Standards. Except for Severity 1 issues, which must be
reported upon discovery, Castlight must respond to 95% of issues within one (1)
business day after receiving notification thereof, measured monthly. For
ordinary questions, Castlight shall respond in no less than three (3) business
days. In the event Escalation is required for a Severity 1, 2 or 3, Castlight
will escalate the Incident to its management and Castlight’s Anthem account team
for further action, resolution and/or escalation, as necessary to resolve the
Incident. In addition, once the Time Allowed Prior to Escalation has passed,
Anthem may escalate an Incident to the following Castlight personnel, contacting
each escalation point in the order they appear below:


Castlight Account Representative: [***]
email: [***], Phone: m: [***]
Castlight Executive: [***]
email: [***], Phone: m: [***]


2. Performance Guarantee Penalty – [***].


J.System Availability Performance Guarantee. The following specifications shall
apply to the availability of the Castlight Web Site other than during normally
scheduled maintenance and downtime:


Software as a Service (SaaS) Agreement REV. December 2014 Page 41





--------------------------------------------------------------------------------

CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS DOCUMENT, MARKED BY [***],
HAS BEEN OMITTED BECAUSE IT IS NOT MATERIAL AND WOULD LIKELY CAUSE COMPETITIVE
HARM TO THE COMPANY IF PUBLICLY DISCLOSED.


1. Performance Guarantee Standard. In each month during the Term of the
Agreement, Uptime shall constitute at least – 99.9% of Available Time; and


2. Castlight shall remedy Severity 1 defects in an average Mean Time to Recover
(“MTTR”) of 1.68 hours per incident. This shall be measured by dividing the
total number incidents by the total time to recover for all incidents during the
measuring period, excluding any such incidents for which the root cause was
determined as arising from Anthem Data or Anthem systems and services.


3. Performance Guarantee Penalty – [***].


K.Application Maintenance Performance Guarantees.


1. The following specifications shall apply:


Software as a Service (SaaS) Agreement REV. December 2014 Page 42





--------------------------------------------------------------------------------

CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS DOCUMENT, MARKED BY [***],
HAS BEEN OMITTED BECAUSE IT IS NOT MATERIAL AND WOULD LIKELY CAUSE COMPETITIVE
HARM TO THE COMPANY IF PUBLICLY DISCLOSED.



PriorityDescriptionCastlight Response Times
Severity 1
Critical
Anthem
Support
Incidents
Critical Business Impact. A critical problem with the Castlight Services in
which any of the following occur: the Castlight Services are down, inoperable,
inaccessible or unavailable, or otherwise materially cease operation; or the
performance or nonperformance of the Castlight Services prevents useful work
from being done. Complete loss of service or resources & work cannot reasonably
continue, or PHI or sensitive data breaches.
• Within 45 minutes of discovery
• Castlight to provide regular updates (minimum hourly) to Anthem on the issue
identification and resolution status. 
• Web Support tool updated as information is available
• Castlight contact will notify the Anthem contact, who will then join
Castlight’s open conference bridge line, and Castlight will provide Anthem
regular updates to Anthem on the issue identification and resolution status.
Severity 2
High
Urgent
Anthem
Support
Incidents
Serious Business Impact. A problem with the Castlight Services in which any of
the following occur: the Castlight Services are severely limited or degraded,
major functions are not performing properly, the situation is causing a
significant impact to certain portions of Customer and/or Castlight Services
users’ operations or productivity; or the Castlight Services have been
interrupted but recovered, and in Customer’s opinion there is high risk of
reoccurrence.
• If via Phone Hotline: 8 Hours
• If via Web Support: 1 Business Day
• Web Support tool updated as information is available


Severity 3
Medium
Service
Impacting
Minor Business Impact. A minor or cosmetic problem with the Castlight Services
in which any of the following occur: the problem is an irritant, affects
non-essential functions, has minimal impact to business operations; the problem
is localized or has isolated impact; the problem is an operational nuisance; the
problem results in documentation errors; or the problem is any other problem
that is not a Severity 1 or a Severity 2, but is otherwise a failure of the
Castlight Services to conform to its Specifications
• If via Phone Hotline: 5 Business Days
• If via Web Support: 5 Business Days
• Web Support tool updated as information is available
   

a. Performance Guarantee Penalty – For Severity 1, [***].


b. Performance Guarantee Penalty – For Severity 2, [***].


c. Performance Guarantee Penalty – For Severity 3, [***].


2. Eligibility Loading Performance Guarantee


a. Performance Guarantee Standard – Castlight must load 100% of the incremental
changes in Eligibility Data within 85% will be 24 hours (15% at 48 hours) hours
after receipt of such changes from Anthem, measured monthly provided that this
metric shall not apply to the extent that the data is not received in the
agreed-upon format or is incomplete.


Software as a Service (SaaS) Agreement REV. December 2014 Page 43





--------------------------------------------------------------------------------

CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS DOCUMENT, MARKED BY [***],
HAS BEEN OMITTED BECAUSE IT IS NOT MATERIAL AND WOULD LIKELY CAUSE COMPETITIVE
HARM TO THE COMPANY IF PUBLICLY DISCLOSED.


b. Performance Guarantee Penalty – [***].


3. Claim Loading Performance Guarantee


a. Performance Guarantee Standard – Castlight must load 100% of the incremental
changes in Claim Data within 72 hours after receipt of such changes from Anthem,
measured monthly; provided that this metric shall not apply to the extent that
the data is not received in the agreed-upon format or is incomplete. As part of
the monthly reporting package, Castlight shall provide Anthem a file loading
report, including such items as the timestamp of receipt of each file, timestamp
of load of each file, count of records received, updated, and with errors in
each file, and the file identification information. In addition, Castlight shall
notify Anthem within 24 hours of receipt of files for any data formatting issues
or with 24 hours if the file is not received by Castlight from the time agreed
for exchange.


b. Performance Guarantee Penalty –[***] .


L.Client Support. Castlight shall provide the following services in support of
their product:


1.Support Hours: Castlight shall provide Anthem support from 3:00 PM Sunday
through 9:00 PM Friday EST for all Severity levels indicated in Section 1 above.


2.Access to Support; Response Times. Anthem may report Downtime at any time
(“24x7x365”) by telephoning Castlight at [***]for live issue reporting which
shall be staffed with a live individual at Castlight’s Network Operations Center
(“NOC”), or submitting an incident through Castlight’s web-based customer
support portal.


3.Account Support. Castlight will assign an individual to serve as the sole
point of contact for the purposes of minimizing the impact of downtime and
upgrades and maximizing support response times. In addition, Castlight shall not
implement upgrades or migrations during the fourth quarter of any calendar year
that would exceed the maximum duration of any scheduled downtime, unless the
Parties mutually agree in advance prior to such event.


4.Maintenance and Technical Standards. Castlight agrees to maintain the
accessibility and performance of the Hosting Services in a manner consistent
with capacity and performance standards set forth herein and current
telecommunications and Internet industry standards, as the same may change from
time to time. For measurements required herein, Castlight may assume a stable,
standard T1 connection to the Internet and measurements made at random times
throughout the day. Upon request, Castlight will provide Anthem with a list of
minimum recommended and technical PC standards for access to and use of the
Castlight System, and Anthem acknowledges that optimal performance will not be
available if recommended standards are not met by users of the Castlight System.


Software as a Service (SaaS) Agreement REV. December 2014 Page 44





--------------------------------------------------------------------------------

CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS DOCUMENT, MARKED BY [***],
HAS BEEN OMITTED BECAUSE IT IS NOT MATERIAL AND WOULD LIKELY CAUSE COMPETITIVE
HARM TO THE COMPANY IF PUBLICLY DISCLOSED.


5.Hosting Location. The Hosting Services will be rendered in a facility that is
consistent with high industry standards for fireproofing, power and backup
generation, structural integrity, seismic resistance and resistance to other
natural and man-made disruptions (the “Facility”). In addition, the Facility
shall be secured against physical and electronic intrusion in a manner
consistent with high industry standards. Castlight shall provide Anthem with at
least ninety (90) days written notice of a change in the location from which
Castlight delivers the Hosting Services. Upon ten (10) days prior notice, Anthem
may inspect the Hosting location to assess compliance with requirements set
forth in this Agreement.


6.Multiple Telecommunications Providers. The Facility shall be served by no less
than two separate high-speed telecommunications providers and Castlight shall
have the ability to switch between telecommunications providers to reduce
outages.


7.No Commingling. Castlight prevents the co-mingling of data through the use of
logical and technical controls. Anthem Confidential Data from Castlight
production systems shall not be exported for any reasons and shared with any
customers/vendors for any purposes.


8.Performance Guarantee Penalty. Failure to comply with the requirements of this
Section more than one time per calendar month shall result in a penalty of [***]
.


M.Data Load, Back Up and Retention.


1.Back-Up of Anthem Data. Castlight will perform back-up and archiving of Anthem
Data, which includes transactional data (tasks, activities) and documents
(files) according to the schedule set forth in the table below:



Type of Back-UpDescriptionWhen does back-up occur?Daily Incremental Back-UpAll
Anthem DataDailyFull Back-UpFull server backupMonthly



2.Back-Up Retention: Castlight will retain data files and full back-up copies of
the Anthem Data at a secure storage location set forth below and in accordance
with the retention periods set forth in the following table:


Software as a Service (SaaS) Agreement REV. December 2014 Page 45





--------------------------------------------------------------------------------

CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS DOCUMENT, MARKED BY [***],
HAS BEEN OMITTED BECAUSE IT IS NOT MATERIAL AND WOULD LIKELY CAUSE COMPETITIVE
HARM TO THE COMPANY IF PUBLICLY DISCLOSED.



Type of Back-UpRetention PeriodStorage LocationDaily Incremental Files60 days
(i) DData centers: production and DR/BCP
Full Back-Up60 days
(ii) DData centers: production and DR/BCP



3.Recovery of Archived Data: Castlight will restore data files from archived
copies as quickly as reasonably practicable, as necessary as a result of system
failure or data corruption or losses. Anthem acknowledges that the amount of
time required to restore archived data files is dependent upon numerous factors,
including, but not limited, severity or the relevant data corruption or loss.
Notwithstanding the foregoing, per Castlight’s disaster recovery plan, Castlight
shall have systems and processes in place to resume business within forty eight
(48) hours.


4.Data Load Timeliness. Castlight warrants it will load new Anthem Data
(excluding the Data already specified in K(2) and K(3) above) into the Castlight
System within a mutually agreed upon timeline of receipt of Anthem Data pursuant
to a Services Order Form.


5.Performance Guarantee Penalty. Failure to comply with the requirements of this
Section more than one time per calendar month shall result in a penalty of [***]
.


N. Latency Performance Index.


1. Web Page Response Time. Castlight further agrees that Castlight also warrants
to Customer that the monthly average Web Page Response Times for login and basic
search will be under five (5) seconds.  “Web Page Response Times” shall mean the
time measured once the Web transaction of simulated user requests and Web page
refresh requests are within a test account deployed in
the production environment of the Castlight online service and are within
Castlight firewall delivery of corresponding Web pages to users.


2. Performance Guarantee Penalty. [***] .


O. Data Quality Assurance.


Software as a Service (SaaS) Agreement REV. December 2014 Page 46





--------------------------------------------------------------------------------

CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS DOCUMENT, MARKED BY [***],
HAS BEEN OMITTED BECAUSE IT IS NOT MATERIAL AND WOULD LIKELY CAUSE COMPETITIVE
HARM TO THE COMPANY IF PUBLICLY DISCLOSED.


1.Castlight agrees that except as needed to provide the Castlight Services or
except as necessary to correct incomplete data or data provided in an incorrect
format, it will not impair, degrade or otherwise change the data sent to it by
Anthem or by BCBSA on behalf of Anthem for the performance of the Services.
Anthem shall have the right to audit such data upon reasonable notice to
Castlight. Should the data deviate from the source data sent to Castlight other
than as needed to provide the Castlight Services, Castlight shall be in
violation of this provision, unless such deviation is approved or requested by
Anthem, or Anthem otherwise consents to such change.


2.Performance Guarantee Penalty. [***] .





Software as a Service (SaaS) Agreement REV. December 2014 Page 47





--------------------------------------------------------------------------------

CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS DOCUMENT, MARKED BY [***],
HAS BEEN OMITTED BECAUSE IT IS NOT MATERIAL AND WOULD LIKELY CAUSE COMPETITIVE
HARM TO THE COMPANY IF PUBLICLY DISCLOSED.


EXHIBIT H


Required Information Security Controls




Anthem requires all third parties to comply with the goals and objectives of its
Information Security Program, as set forth in this addendum. These are minimum
requirements of Anthem’s Information Security Program. Depending upon the nature
of the engagement or the services provided, other requirements may be added in a
Statement of Work or Master Services Agreement. These requirements are in
addition to any other security requirements specified within the Master Services
Agreement or a Statement of Work. We recognize that sound practices require
continual assessment of evolving risks, technology and relevant issues related
to information security. In the event that our Chief Information Security
Officer deems it necessary to modify these Required Controls in order to
continue to reasonably protect Anthem Confidential Information, then Supplier
will be notified and a remediation plan and timeframe will be mutually agreed
upon. 
SECTION 2. COMPLIANCE
2.1 Supplier will comply with all applicable state and federal data security
regulations and shall abide by all required security controls as stated herein,
based upon the nature of the Services provided, the data involved and/or the
location where such Services are rendered.
SECTION 3. INFORMATION SECURITY PROGRAM
3.1 Supplier shall maintain a written Information Security Program including
documented policies, standards, and operational practices that meet or exceed
the applicable requirements, and controls set forth in this Exhibit to the
extent applicable to the Services, and identify an individual within the
organization responsible for its enforcement. Supplier shall ensure that any of
its subcontractors having greater than incidental access to Anthem Confidential
Information shall also be contractually bound to meet or exceed these
information security provisions. If at any time during the Agreement, Supplier
becomes aware that it or any of its subcontractors will or do not meet the
obligations described within this Exhibit, Supplier will immediately notify
Anthem Information Security at AnthemVendorInfoSec@anthem.com.
SECTION 4. AUDIT PLAN
4.1 Supplier will maintain an audit plan designed to validate compliance with
the controls documented in its Information Security Program by an independent
qualified third party at least annually.
SECTION 5. RIGHT TO ASSESS
5.1 Upon reasonable request, Supplier may be asked to complete a security
assessment questionnaire and/or attestation document designed to assist Anthem
in understanding and documenting Supplier’s security procedures and compliance
with the requirements contained herein. Supplier shall provide Anthem with
information concerning the safeguards detailed in this Exhibit and/or other
information security practices as they pertain to the protection of Anthem
Confidential Information. If Supplier seeks Common Security Framework (CSF)
Certified status performed by
Software as a Service (SaaS) Agreement REV. December 2014 Page 48





--------------------------------------------------------------------------------

CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS DOCUMENT, MARKED BY [***],
HAS BEEN OMITTED BECAUSE IT IS NOT MATERIAL AND WOULD LIKELY CAUSE COMPETITIVE
HARM TO THE COMPANY IF PUBLICLY DISCLOSED.


an approved CSF assessment third party and is awarded certification from the
Health Information Trust Alliance (HITRUST) for the services and/or applications
in scope for the engagement, then that HITRUST certification will be accepted in
lieu of the Anthem assessment.


5.2 From time to time Supplier may be requested to respond to, advise and
provide updates on the specific security gaps or exposures that exist for new or
emerging security vulnerabilities that are made known for systems, applications,
hardware devices, etc. In all instances Supplier will provide a response to any
inquiry within 5 business days, and will provide specific details as to the
questions asked to ensure that Anthem can appropriately evaluate the risk or
exposure to Anthem Confidential Information.
SECTION 6. ENCRYPTION
6.1 Approved Encryption must be used for (i) the electronic transmission of
Anthem Confidential Information to Anthem and/or to any other third party, as
directed by Anthem or permitted in accordance with this Agreement and (ii) on
all workstations, communications or convergence devices, portable media and
backup tapes containing Anthem Confidential Information. The integrity and
confidentiality of Anthem Confidential Information in transit over an open
communication network will be protected through the use of Approved Encryption.
6.2 The following may be used as Anthem Approved Encryption for cryptographic
hash functions:
iSHA-2
iiSHA-3
6.3 The following may be used as Anthem Approved Encryption for symmetric
encryption:
aAdvanced Encryption Standard (AES) - AES 256 or higher.
6.4 The following may be used as Anthem Approved Encryption for public-key
asymmetric encryption:
a. Rivest-Shamir-Adelman (RSA) with a 2048-bit key or higher
bElliptic Curve Cryptosystem (ECC) with a 256-bit key or higher
cEl Gamal with a 2048-bit key or higher
dDiffie-Hellman with a 2048-bit key or higher
6.5 The following may be used as Anthem Approved Encryption for in-transit
encryption:
a128-bit Transport Layer Security (TLS) Version 1.0+
bSecure-HTTP(S)
cIPSec
Software as a Service (SaaS) Agreement REV. December 2014 Page 49





--------------------------------------------------------------------------------

CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS DOCUMENT, MARKED BY [***],
HAS BEEN OMITTED BECAUSE IT IS NOT MATERIAL AND WOULD LIKELY CAUSE COMPETITIVE
HARM TO THE COMPANY IF PUBLICLY DISCLOSED.


dSecure Shell (SSH) Version 2.0+.
SECTION 7. NETWORK AND SYSTEMS SECURITY
7.1 Supplier shall utilize and maintain a commercially available, industry
standard malware detection program which includes an automatic update function
to ensure detection of new malware threats.
7.2 An Intrusion Detection or Prevention System which detects and/or prevents
unauthorized activity traversing the network will be maintained.
7.3 Data Loss Prevention tools will be implemented to detect and prevent the
unauthorized movement of data from Supplier’s control.
7.4 At a minimum, Supplier shall engage a qualified third party to perform
annual penetration testing of Supplier’s networks containing Anthem Confidential
Information. The scope of the penetration testing will include all
internal/external systems, devices and applications that are used to process,
store, transmit Confidential Data, physical security controls for all applicable
facilities, and social engineering tests. Upon request Supplier will provide
Anthem with summary results and a remediation plan if security flaws are
discovered.
7.5 Networks or applications that contain Anthem Confidential Information must
be separated from public networks by a firewall to prevent unauthorized access
from the public network.
7.6 Only authorized services and protocols will be permitted access to such
computing devices. All unnecessary protocols and services must be denied.
SECTION 8. SYSTEM AND APPLICATION CONTROLS
8.1 All Anthem Confidential Information must be securely stored at all times to
prevent loss and unauthorized access or disclosure.
8.2 Laptop and workstation systems that access Anthem Confidential Information
will have encryption at rest and anti-malware protection.
8.3 Operating systems and application software used must be currently supported
by the manufacturer.
8.4 Current versions of operating system and application software must be
maintained, and patches applied in a timely manner for all systems and
applications that receive, maintain, process or otherwise access Anthem
Confidential Information.
8.5 At least quarterly vulnerability scanning will be performed. Medium and high
risk vulnerabilities identified during the scanning will be promptly remediated.
8.6 Anthem Confidential Information must not be used in any non-production
environment such as testing or quality assurance unless de-identification of the
data has been performed. In the event that de-identification is not practical or
feasible compensating controls must be in place protecting the data to the same
level of protection as afforded to production environment.

Software as a Service (SaaS) Agreement REV. December 2014 Page 50





--------------------------------------------------------------------------------

CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS DOCUMENT, MARKED BY [***],
HAS BEEN OMITTED BECAUSE IT IS NOT MATERIAL AND WOULD LIKELY CAUSE COMPETITIVE
HARM TO THE COMPANY IF PUBLICLY DISCLOSED.


8.7 Anthem Confidential Information must be logically or physically segregated
from other data controlled by Supplier or other clients of Supplier in such a
way that the data may be identified as Anthem data and access controls
implemented so that only those users authorized to access the data will be
permitted to do so.
SECTION 9. DATA DESTRUCTION
9.1 All Anthem Confidential Information, whether such information is in paper,
electronic or other form, requires secure disposal or destruction when no longer
required, when requested by Anthem or upon the termination or expiration of the
Agreement. These measures should, at a minimum, include: (i) burning,
pulverizing or cross-cut shredding to a size equal or smaller to 5/8-inch by
2-inches papers or print media so that the information cannot practicably be
read or reconstructed; (ii) ensuring the destruction or erasure of floppy disk,
magnetic tape, tape cartridges, hard drives or other electronic or optical media
so that the information recorded or contained cannot practicably be read,
recovered or reconstructed; and, (iii) ensuring that any third party who
performs the activities described in (i) and (ii) on Supplier’s behalf does so
in a manner consistent with these requirements.
SECTION 10. PHYSICAL CONTROLS FOR THE PROTECTION OF ANTHEM CONFIDENTIAL
INFORMATION
10.1 All Anthem Confidential Information received or created in paper form must
be stored in lockable containers.
10.2 A clean desk policy will be enforced to ensure proper safeguarding of all
hard copy Anthem Confidential Information.
10.3 Supplier must retain visitor logs documenting all individuals who are not
employed by Supplier who gain access to the facility where services are
performed.
10.4 Anthem Confidential Information will not leave control of the Supplier
without the written approval of Anthem.
10.5 Servers, enterprise data storage devices, backup tapes and media, and other
computing devices that contain Anthem Confidential Information used to support
network communications must be located in a secure and restricted access
location within the facility.
10.6 All workstations, portable devices and removable media containing Anthem
Confidential Information or accessing Anthem networks must be encrypted.
SECTION 11. ACCESS CONTROL
11.1 Prior to gaining access to Anthem Confidential Information, workforce
members will have appropriate background checks completed in compliance with
state and federal law with no breach of trust crimes reported.
11.2 Physical and logical access to Anthem Confidential Information and the
systems and workspaces used to support Anthem, will only be granted as a result
of a demonstrated and legitimate need to know based upon job responsibilities.

Software as a Service (SaaS) Agreement REV. December 2014 Page 51





--------------------------------------------------------------------------------

CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS DOCUMENT, MARKED BY [***],
HAS BEEN OMITTED BECAUSE IT IS NOT MATERIAL AND WOULD LIKELY CAUSE COMPETITIVE
HARM TO THE COMPANY IF PUBLICLY DISCLOSED.


11.3 Security awareness training will be completed prior to access being granted
to Anthem Confidential Information, and then completed on an annual basis going
forward so long as access to Anthem Confidential Information continues.
11.4 Physical and logical access will be granted to the minimum Anthem
Confidential Information necessary to meet the requirements of the user’s scope
of responsibilities.
11.5 Access reviews will be performed at least quarterly for privileged user and
twice annually for non-privileged user accounts.
11.6 Only those individuals providing services to Anthem, or those who are
responsible for administering or managing systems that contain Anthem
Confidential Information shall be authorized to access systems containing Anthem
Confidential Information.
11.7 All users that are no longer required or authorized to access Anthem
Confidential Information or systems that contain Anthem Confidential Information
must have access promptly disabled.
11.8 Access to Anthem Confidential Information and systems that contain Anthem
Confidential Information must be access controlled through the use of individual
user IDs and passwords.
11.9 All user passwords must be changed at least every ninety (90) days at a
minimum, or sooner if there is reasonable cause to believe that an unauthorized
person has learned the password.
11.10 Processes must be in place to create the appropriate audit trails to
determine who has accessed Anthem Confidential Information and/or systems that
contain Anthem Confidential Information.
11.11 Remote access to systems or networks that contain Anthem Confidential
Information must use multi-factor authentication and a connection with Approved
Encryption.
11.12 A report listing all individuals who have access to Anthem Confidential
Information and/or systems that contain Anthem Confidential Information and the
level of access granted shall be provided to Anthem within 48 hours upon
request.
11.13 A report listing activity associated with any user ID who has access to
Anthem Confidential Information shall be provided to Anthem within 48 hours upon
request.
SECTION 12. OFFSHORE SECURITY REQUIREMENTS
12.1 Anthem Confidential Information is not permitted to be hosted or stored
offshore. Offshore locations may be utilized for the processing of data.
However, all data must reside on servers located in the United States for the
duration of the processing.
12.2 Backup processes at offshore locations will not receive, maintain, process,
or otherwise access Anthem Confidential Information.
12.3 Offshore workstation computers must adhere to baseline system security
requirements defined by the organization which enforce the most restrictive mode
consistent with operational requirements. All unnecessary services, features and
networks must be disabled on workstations used to support Anthem operations,
including:
Software as a Service (SaaS) Agreement REV. December 2014 Page 52





--------------------------------------------------------------------------------

CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS DOCUMENT, MARKED BY [***],
HAS BEEN OMITTED BECAUSE IT IS NOT MATERIAL AND WOULD LIKELY CAUSE COMPETITIVE
HARM TO THE COMPANY IF PUBLICLY DISCLOSED.


aDisabling workstations from simultaneously connecting to the Anthem network and
other networks (split tunneling)
bDisabling user access to local workstation storage or supplier network storage
(such as that to which Anthem Confidential Information) by employing the
following technical controls:
cPlatform - external and internal firewalls configured for least port access,
traffic load balancing for server masking, network switching with VLAN
segregation, network intrusion detection systems (NIDS), host intrusion
detection systems (HDS), application firewalls (WAF), data leakage protection
(DLP) installed on all servers where Customer data reside and bastion host
configured in blocking mode, server function segregation (web/application,
database), encryption in transit and rest. Privileged access is controlled by a
bastion host gateway, multi-factor access for user identity and authentication
with unique user id’s with a least access utilizing RSA 2F and centralized LDAP.
Access for running privileged activities is authorized using privileged
management tools (sudo) and logged centrally for verification and auditing
including keystroke logging. Change control is strictly enforced for operational
and application code changes with four-eyes principle in review, tracking and
approval.
dCastlight has a formal monitoring policy and procedure for all systems that
process or store Anthem data that employs centralized logging of systems,
network and security devices and keystroke logging.
eWorkstation – Full disk encryption at rest, 10 minute screen lock, DLP,
Anti-Virus, offshore workstations restrict administrators access and read-only
capability for external devices (USB, I/O ports etc)


•For offshore locations, Supplier shall employ a bastion host which includes
technical controls that act as a traditional Citrix environment where the end
user is limited to screen refreshes and the endpoint can do nothing more than
view the information.  All read write and elevated access by the user shall be
initiated within the bastion host user environment.
•No one at any offshore location will access any Anthem systems.
12.4 All work from offshore locations must be performed in facilities that have
received prior written approval. As of the date of the Agreement, Anthem has
approved the subcontractors and locations set forth on Exhibit N of the
Agreement. Any offshore subcontractors that access Anthem Confidential
Information outside of an approved location, would need to be approved by Anthem
Information Security prior.
SECTION 13. CLOUD COMPUTING
Anthem bases the decision of whether a service is considered a cloud based
technology on several factors including the five essential characteristics
defined by the National Institute of Standards and Technology (NIST), Note that
the absence of one or more of these characteristics is not viewed as a final
deciding factor when determining if a service is Cloud based. Cloud Computing is
a model for enabling ubiquitous, convenient, on-demand network access to a
shared pool of configurable computing resources that can be rapidly provisioned
and released with minimal management effort or service provider interaction.
Castlight warrants that it does not utilize or place Anthem Confidential
Information into an environment that meets the definition of Cloud Computing
described herein to provide services to Anthem. Castlight
Software as a Service (SaaS) Agreement REV. December 2014 Page 53





--------------------------------------------------------------------------------

CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS DOCUMENT, MARKED BY [***],
HAS BEEN OMITTED BECAUSE IT IS NOT MATERIAL AND WOULD LIKELY CAUSE COMPETITIVE
HARM TO THE COMPANY IF PUBLICLY DISCLOSED.


will not utilize or place Anthem Confidential Information into a Cloud Computing
environment unless the solution complies with applicable Anthem Workforce
Information Security Policy.
The use of a multi-tenant environment is prohibited for hosting Confidential
Information, unless a risk assessment has been performed and the appropriate
Anthem Information Security approved risk mitigating controls are in place.
Logical controls, virtual machine zoning, virtualization security and
segregation must be in place to help prevent attacks and exposure in
multi-tenancy environments.
Anthem Confidential Information must not be stored on removable or mobile media
with other non- Anthem information (e.g. shared backup tapes).
Anthem Confidential Information included in a cloud computing-based environment
must be protected with Anthem Approved Cryptographic Controls in transit,
storage, and at rest. Appropriate Encryption key management must also be
provided.
All Anthem data hosted in a cloud environment must remain on US-based systems
and may not be stored outside of the United States.
The Cloud Service Provider (CSP) must provide a detailed mechanism for how
litigation holds will be implemented. This will include how metadata will be
created, accessed, and stored in the cloud environment.
Cloud Service Providers must undergo an annual independent audit by an
accredited auditing firm covering the scope of Anthem data. Results of this
audit must be provided to Anthem along with associated remediation decisions and
activities, if applicable.
Key application components must have interoperability and portability
requirements outlined that would allow Anthem to assume these items if needed.
Incident response roles and responsibilities must be clearly outlined between
the cloud service provider and Anthem.
Security-related reports including vulnerability scans, intrusion detection,
identity management must be performed and provided to Anthem on all systems and
components that handle, process, or store Anthem data. This can be accomplished
by the cloud service provider or Anthem performing the scans and generating the
reports. For scans performed by the Cloud Service Provider, the results must be
delivered quarterly to the Anthem Information Security team representatives.
When virtual machines or instances are no longer used, moved from one physical
server to another, or have been decommissioned, all data must be zeroed or
destroyed using Information Security approved techniques.
Identity management for cloud computing-based services and platforms will be in
place establishing the identity of the user and providing for authentication and
authorization.
The CSP must have a system able to enforce or allow Anthem appointed personnel
to enforce the account management capabilities, such as account lockouts for
unsuccessful logon attempts, defined inactivity
Software as a Service (SaaS) Agreement REV. December 2014 Page 54





--------------------------------------------------------------------------------

CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS DOCUMENT, MARKED BY [***],
HAS BEEN OMITTED BECAUSE IT IS NOT MATERIAL AND WOULD LIKELY CAUSE COMPETITIVE
HARM TO THE COMPANY IF PUBLICLY DISCLOSED.


times, remote access allowances, specific success and failure events, and
management of elevated privilege accounts.
All identity credentialing, authentication, authorization, and access control
events must be logged and those logs are subject to periodic audit. At a
minimum, the CSP must produce logs of all specified success and failure events
associated with identity and access management in the cloud environment it
manages. These logs must then be archived for at least twelve months. These
archived logs must be searchable and or discoverable.
The CSP must conduct access reviews quarterly for privileged user accounts and
twice yearly for non-privileged user accounts.
Technology Steering Board If upon review by Anthem’s Technology Steering Board,
items are identified for remediation, such remediation must be completed in
agreed upon timeframes.
SECTION 14. CONTINGENCY PLANNING
14.1 Supplier will have documented Business Continuity and Disaster Recovery
plans in place. Such plans will be tested at least annually.
SECTION 15. INCIDENT RESPONSE
15.1 Supplier will have documented Incident Response Plan. Such plan will be
tested at least annually.
SECTION 16. PAYMENT CARD INDUSTRY DATA SECURITY STANDARD
To the extent that Supplier stores, processes or transmits cardholder Nonpublic
Personal Financial Information as part of the Services, Supplier shall at all
times be compliant with the Payment Card Industry Data Security Standard.










































Software as a Service (SaaS) Agreement REV. December 2014 Page 55





--------------------------------------------------------------------------------

CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS DOCUMENT, MARKED BY [***],
HAS BEEN OMITTED BECAUSE IT IS NOT MATERIAL AND WOULD LIKELY CAUSE COMPETITIVE
HARM TO THE COMPANY IF PUBLICLY DISCLOSED.














EXHIBIT I


Qualified Health Plan
Regulatory Exhibit


The following Qualified Health Plan terms and conditions shall be incorporated
into the Agreement. These provisions shall only apply to services provided by
Vendor to or for Health Plan’s “Qualified Health Plans” as defined in and in
accordance with 45 CFR Parts 155 and 156, and any subsequent amendments or
relevant provision in the regulations.


Federal Requirements - Applicable to all Health Plans that are Qualified Health
Plans


1.Qualified Health Plans. Vendor acknowledges that payments Vendor receives from
Health Plan may be used to provide services to Qualified Health Plan Covered
Individuals. Therefore, Vendor and any of its subcontractors may be subject to
certain laws that are applicable to individuals and entities providing services
to Qualified Health Plans, including but not limited to, 45 CFR §§155.1210 and
156.340. Vendor agrees to comply with the requirements of 45 CFR §§155.1210 and
156.340, including but not limited to those set forth in the following sections
of this Exhibit.


2.Maintenance of Books and Records. In accordance with 45 CFR §§155.1210 and
156.340, Vendor agrees that it will maintain all books and records related to
its provision of services to Qualified Health Plans for ten (10) years.


3.Inspection of Books and Records. In accordance with, 45 CFR §§155.1210 and
156.340, Vendor acknowledges that the State where Health Plan is located, the
Department of Health and Human Services (HHS), the Office of Inspector General,
State regulatory agencies, or their designees have the right to timely access to
inspect, evaluate and audit any books, contracts, medical records, patient care
documentation, and other records of Vendor, or its first tier, downstream and
related entities, including but not limited to subcontractors or transferees
involving transactions related to Health Plan’s Qualified Health Plans through
ten (10) years from the final date of the contract period or from the date of
the completion of any audit. For the purposes specified in this provision,
Vendor agrees to make available Vendor’s premises, physical facilities and
equipment, records relating to Health Plan’s Covered Individuals, including
access to Vendor’s computer and electronic systems and any additional relevant
information that the State, HHS, OIG or their designees may require.


Software as a Service (SaaS) Agreement REV. December 2014 Page 56





--------------------------------------------------------------------------------

CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS DOCUMENT, MARKED BY [***],
HAS BEEN OMITTED BECAUSE IT IS NOT MATERIAL AND WOULD LIKELY CAUSE COMPETITIVE
HARM TO THE COMPANY IF PUBLICLY DISCLOSED.


4.Subcontractors. In accordance with, 45 CFR §§155.1210 and 156.340, Vendor
agrees that if Vendor enters into subcontracts to perform services under the
terms of the Agreement, Vendor’s subcontracts shall include an agreement by the
subcontractor to comply with all of the Vendor obligations in this Qualified
Health Plan Regulatory Exhibit and applicable terms in the attached Agreement.
Such subcontract shall specify the delegated activities and reporting
requirements.


5. Termination-Regulatory Issues. In accordance with 45 CFR §§155.1210 and
156.340, if during the term of the Agreement, the Health Plan concludes that it
is necessary to cancel any of the activities to be performed under this
Agreement in order to comply with Federal or State laws, regulations, or
policies applicable to Qualified Health Plans, Health Plan may, at its
discretion, cancel the activity and be relieved of any related obligations under
the terms of the Agreement. If Health Plan or Vendor concludes that it is
necessary to reorganize or restructure any of the activities to be performed
under this Agreement in order to comply with Federal or State laws, regulations,
or policies applicable to Qualified Health Plans, Health Plan or Vendor may
request to renegotiate such terms.


6.  Revocation. Vendor agrees that Health Plan has the right to revoke this
Agreement for its  Qualified Health Plans if HHS, the applicable State
regulatory agency or Health Plan determines that Vendor or any of its
independent contractors or subcontractors has not performed the services
satisfactorily and/or if requisite reporting and disclosure requirements are not
otherwise fully met in a timely manner. Such revocation shall be consistent with
the termination provisions of the Agreement.


State-Specific Requirements


The following additional provisions apply if and only to the extent that Vendor
provides services to or for Qualified Health Plans in the specified state.




Connecticut - If Vendor is a “Material subcontractor”, Vendor will comply with
all of the applicable provisions of the contract between Health Plan and the
State Exchange Board. “Material subcontractor” means “any entity from which
Health Plan procures or re-procures, or proposes to subcontract with for the
provision of, all or part of its administrative services for any major program
area or function that relates to the delivery of care including but not limited
to behavioral health, claims processing, or pharmacy benefit and/or actuarial
support.”


Nevada - Vendor agrees that if it receives from or creates for Health Plan, as a
Qualified Health Plan in the State of Nevada, any PHI (protected health
information) or PII (personally-identifiable information), Vendor will implement
reasonable and appropriate safeguards to protect such PHI or PII.  Prior to any
Vendor employee or agent receiving or having access to any PHI or PII, Vendor
must first have entered into a business associate agreement with Health Plan. 


New York - Vendor agrees that all work performed by it for Health Plan must be
in accordance with the terms of this contract between Health Plan, as a
Qualified Health Plan, and the State of New York (the “QHP Contract”),
including, without limitation, the confidentiality provisions set
Software as a Service (SaaS) Agreement REV. December 2014 Page 57





--------------------------------------------------------------------------------

CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS DOCUMENT, MARKED BY [***],
HAS BEEN OMITTED BECAUSE IT IS NOT MATERIAL AND WOULD LIKELY CAUSE COMPETITIVE
HARM TO THE COMPANY IF PUBLICLY DISCLOSED.


forth therein. Under no circumstances shall Vendor subcontract any of its duties
or obligations under the Agreement without the prior written approval and
knowledge of the Health Plan and New York Department of Health.


Vendor shall promptly notify Health Plan in writing of any inquiry, audit,
investigation, litigation, claim, examination or other proceeding involving
Vendor, or any of its personnel, that is threatened or commenced by any
regulatory agency or other party that a reasonable person might believe could
materially affect the ability of Vendor to perform in accordance with the terms
set forth in the Agreement or in the QHP Contract. Vendor shall provide such
notice within ten (10) days of the date when Vendor learns of such action/event.
Vendor acknowledges that Health Plan is obligated to notify the State of New
York of such actions/events under the terms of the QHP Contract. Vendor shall
comply with the State of New York's reasonable requests for information relating
to the reported action/event; provided, however than any such exchange of
information shall be subject to compliance with law and shall not occur to the
extent prohibited by order of the court, administrative agency, or other
tribunal or regulatory authority having jurisdiction over the matter or by the
laws and regulations governing the action.




Software as a Service (SaaS) Agreement REV. December 2014 Page 58





--------------------------------------------------------------------------------

CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS DOCUMENT, MARKED BY [***],
HAS BEEN OMITTED BECAUSE IT IS NOT MATERIAL AND WOULD LIKELY CAUSE COMPETITIVE
HARM TO THE COMPANY IF PUBLICLY DISCLOSED.




EXHIBIT J: BCBSA REQUIREMENTS


BCBS AXIS REQUIREMENTS and BCBSA CO-BRANDING REQUIREMENTS








EXHIBIT J-1


BCBS AXIS REQUIREMENTS


The use of data by Castlight is restricted as set forth below. The alteration of
Network Data or BCBS AXIS Data in any manner is prohibited, except as outlined
below.


Network Data


Network Data must only be used for the following:


•Account-specific geographic analyses
•Account-specific disruption analyses
•Provider finder applications
•Call center applications
•UM/UR


Network Data may only be supplemented and used in an integrated display as
follows:


•When Anthem has executed an agreement to supplement the Network Data with each
Non-Anthem Blue Plan; or
•By providing a link to the third party data source. (The source of the data
must be clearly identified in the presentation of the data.)


BCBS AXIS Data


BCBS AXIS Data may only be used for the following:


•Blue Distinction analysis reporting
•Savings opportunity reports provided to national accounts
•Establishing benefit differentials based on the setting of service
•Integrate multiple physician office visit costs for member display
•Member out-of-pocket estimates


BCBS AXIS Data must follow the data use and display standards as outlined by
BCBSA and communicated by Anthem. General categories include:


Software as a Service (SaaS) Agreement REV. December 2014 Page 59





--------------------------------------------------------------------------------

CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS DOCUMENT, MARKED BY [***],
HAS BEEN OMITTED BECAUSE IT IS NOT MATERIAL AND WOULD LIKELY CAUSE COMPETITIVE
HARM TO THE COMPANY IF PUBLICLY DISCLOSED.


•Access and Security
•Overlapping Service Areas
•Procedure Volume
•Treatment Category
•Provider Specific Display
•Office Visit Display
•Out-of-Pocket
•Messages
•Hover Text


In addition, a disclaimer/disclosure statement must be displayed to Anthem Blue
Members or Non-Anthem Blue Members when accessing the BCBS AXIS Data. The
disclosure/disclaimer statement must be present to clarify what the BCBS AXIS
Data is what it is not. Key points must include:


•Explanation of how estimates were developed
•Estimates are a guide
•Estimates vary and actual cost may change
•Coverage, benefits and authorization for services must be checked.
•A statement that the information does not indicate medical advice, actual
costs, guarantee of payment, prior approval for the service or represent an
adjudicated claim.




BCBS Data Access


BCBS data assets must be accessed only via the following methods:
•Transactional web services
•Staged structured data built in a secure BCBSA environment
•Data extracts




Data Aggregation


Until and unless a change in BCBSA Policy permits such aggregation and Anthem
has communicated such change to Castlight in writing, Castlight is prohibited
from aggregating account-specific claims data with data from other BCBS and
non-BCBS accounts for the purpose of consumer transparency solutions.


Software as a Service (SaaS) Agreement REV. December 2014 Page 60





--------------------------------------------------------------------------------

CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS DOCUMENT, MARKED BY [***],
HAS BEEN OMITTED BECAUSE IT IS NOT MATERIAL AND WOULD LIKELY CAUSE COMPETITIVE
HARM TO THE COMPANY IF PUBLICLY DISCLOSED.


EXHIBIT J-2




BCBSA SUMMARY CO-BRANDING REQUIREMENTS
A.Definitions


1.Support Company: a company that the Licensee (Anthem) hires to help deliver
products and services that a Licensee offers under the Blue Cross and Blue
Shield names and symbols (each a “Blue Product”), or services in support of the
Licensee’s Blue Products. For purposes of the Core Transparency Services,
Castlight is a Support Company.


2.Account Vendor: a company that provides its own product or services to the
account or individual without involvement by the Licensee; may have a joint
marketing arrangement with the Licensee. In providing the Castlight Buy-Up
Products under direct contracts with customers, Castlight acts as an Account
Vendor.


2. Requirements


Software as a Service (SaaS) Agreement REV. December 2014 Page 61





--------------------------------------------------------------------------------

CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS DOCUMENT, MARKED BY [***],
HAS BEEN OMITTED BECAUSE IT IS NOT MATERIAL AND WOULD LIKELY CAUSE COMPETITIVE
HARM TO THE COMPANY IF PUBLICLY DISCLOSED.



Co-Branding Requirement CategoriesSupport Company
RequirementAccount Vendor
RequirementLogo ProminenceLicensee symbol/logo must appear to the left of
Support Company logo; Support Company logo may not exceed the height of the
Licensee symbol/ logo (i.e. the Licensee and Support Company logos are permitted
to be the same size)Licensee symbol/logo must appear to the left of Account
Vendor logo; Account Vendor logo may not exceed the height of the Licensee
symbol/ logo (i.e. the Licensee and Account Vendor logos are permitted to be the
same size)Content/ FormatSupport Company co-branded content may not promote or
include information about “other products” of Support Company. Support company
co-branded content cannot display brands of National Competitors or entities in
litigation with BCBSA regarding use of Blue marks. In the course of providing
its services, Support Company may make a factual reference in its materials that
it is providing services in connection with Licensee’s Blue Product(s).Account
Vendor co-branded content must include Account Vendor’s name (i.e. “blind
references” are not permitted except as specifically permitted on ID cards.);
Account Vendor co-branded content cannot display brands of National Competitors
or entities in litigation with BCBSA regarding use of Blue marks.
Co-branded communications and information about Account Vendor’s products must
be presented in a segregated format such that a potential or existing Customer
can discern that the Castlight Buy-Up Product is not a Blue Product.
DisclosuresCo-branded communications must state that Support Company is an
independent or separate company; co-branded communications must elaborate on
nature of services provided by Support Company in supporting Blue product; e.g.,
X, is a separate company that provides xxx services on behalf of
AnthemCo-branded communications must state that Account Vendor is an independent
or separate company; co-branded communications must explicitly state that
product is NOT a BlueCross and/or BlueShield product. Co-branded communications
must state that Account Vendor is solely responsible for product.



3. Castlight’s Role.


Anthem and Castlight acknowledge that Castlight’s activities related to the
overall arrangement contemplated by the Agreement encompass activities of both a
Support Company and Account Vendor. Anthem and Castlight will develop a
framework to determine whether Castlight activity should be governed by BCBSA
Support Company or Account Vendor co-branding communication requirements. For
example:


Software as a Service (SaaS) Agreement REV. December 2014 Page 62





--------------------------------------------------------------------------------

CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS DOCUMENT, MARKED BY [***],
HAS BEEN OMITTED BECAUSE IT IS NOT MATERIAL AND WOULD LIKELY CAUSE COMPETITIVE
HARM TO THE COMPANY IF PUBLICLY DISCLOSED.


Castlight activity:


Definition of Castlight in relation to Anthem for activity:RationaleSales
collateral about the directly-contracted Castlight Buy-Up ProductsAccount
vendorCastlight is selling. No blue brandingTransparency Web SiteSupport
CompanyCastlight is acting as Anthem’s enterprise transparency vendor in this
instance.Castlight Web Site (when/if accessed by Users of groups that have
purchased one or more directly-contracted Castlight Buy-Up ProductsAccount
vendor


Castlight is entering into a direct agreement with the group for the Castlight
Buy-Up Product(s). No blue branding
Member communications about the directly-contracted Buy-Up ProductsAccount
vendorCastlight is the entity responsible for Member engagement activities with
respect to the Buy-Up Products No blue branding













EXHIBIT J-3


Patient User Review Requirements






A.PRP Requirements.  The following requirements apply to the Patient Review of
Physicians (“PRP”) program:
1.Members must be offered a patient review tool s providing them the ability to
read and write reviews about their experiences with providers.
2.Adherence to the Patient Review standards in accordance with the BCBSA
Inter-Plan Programs Manual is required.
3.Participating providers must be educated about the potential for members of
other Blue Plans to read and write reviews about their patient experience.
4.Patient review data must be supplied to the BCBSA in accordance with the BCBSA
Inter-Plan Programs Manual.
5.Patient Review data must be displayed in accordance with the Inter-Plan
Programs Manual.
Software as a Service (SaaS) Agreement REV. December 2014 Page 63





--------------------------------------------------------------------------------

CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS DOCUMENT, MARKED BY [***],
HAS BEEN OMITTED BECAUSE IT IS NOT MATERIAL AND WOULD LIKELY CAUSE COMPETITIVE
HARM TO THE COMPANY IF PUBLICLY DISCLOSED.


B.PRP Standards.  Compliance with the PRP standards for consistent collection of
patient review data is required.  The four PRP standards are common questions,
authentication, validation, and moderation. 


1. Common Questions.  All User Review (PRP) tools must include a minimum set of
common questions in their display to Members that cover the following aspects of
the patient encounter with the provider. Other questions in addition to this set
may be included, but only response data on the common question set or
supplemental question categories are aggregated in the BCBSA’s National Patient
Review Database. The text does not have to be worded exactly the same as the
common question set but must be consistent in meaning with the required topic
categories in order to allow for aggregation of response data from all Plans.





#TopicQuestionResponse TypePlanMember1Overall Experience"How would you rate your
overall experience and satisfaction with this doctor?"Point Scale
(e.g., five-point scale)Display  all six Questions to  Member in tool is
required.Member required to respond to Questions 1 and 2 in order to submit
their review2Recommend"Would you recommend this doctor to your friends/
family?"Yes/No3Communication"How well did the doctor communicate with you about
your health concerns?"Point ScaleOptional for Member to respond4Availability"How
would you rate the doctor's availability for your appointment?"Point
ScaleOptional for Member to respond5Environment"How would you rate the doctor's
overall practice environment?"Point ScaleOptional for Member to respond6Text
Comments"Have additional comments to make about this doctor?"Open Text
FieldOptional for Member to respond





2. Authentication. To ensure validity and integrity, members must be
authenticated through the Anthem portal in order to write a review on a
provider.


3. Validation. Validation that the member writing a review has seen the provider
and determine the encounter validation method for their members is required
(member attestation or claim verification are acceptable methods).


Software as a Service (SaaS) Agreement REV. December 2014 Page 64





--------------------------------------------------------------------------------

CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS DOCUMENT, MARKED BY [***],
HAS BEEN OMITTED BECAUSE IT IS NOT MATERIAL AND WOULD LIKELY CAUSE COMPETITIVE
HARM TO THE COMPANY IF PUBLICLY DISCLOSED.


4. Moderation. Reviews that contains text (non-numeric content such as comments
or screen name) must be moderated (i.e., reviewed by a person) to ensure
appropriateness for display. Additionally, the Restricted Terms list identifies
terms that cannot be submitted to the National PRP Database.  Attempting to
submit reviews containing Restricted Terms will cause a data submission error.




























Software as a Service (SaaS) Agreement REV. December 2014 Page 65





--------------------------------------------------------------------------------

CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS DOCUMENT, MARKED BY [***],
HAS BEEN OMITTED BECAUSE IT IS NOT MATERIAL AND WOULD LIKELY CAUSE COMPETITIVE
HARM TO THE COMPANY IF PUBLICLY DISCLOSED.


EXHIBIT K
NCQA REQUIREMENTS – DIVISION OF RESPONSIBILITIES


Castlight Health, Inc.
Division of Responsibilities for Online directory services, cost estimation, and
provider quality / review
In scope for: NCQA RR4 and MEM 5A


Please note: The Health Plan retains responsibility for all functions unless
designated below.

Basic Compliance Activity StandardCompliance Activity Performance
MeasurementParty Responsible For Compliance Activity
Health


Plan
VendorPhysician directory Data



NCQA RR4A]
The organization has a Web-based physician directory that includes the following
physician information:


1.Name
2.Gender
3.Specialty
4.Hospital affiliations
5.Medical group affiliations, if applicable
6.Board certification
7.Accepting new patients
8.Languages spoken by the physician or clinical staff
9.Office locations

Software as a Service (SaaS) Agreement REV. December 2014 Page 66



--------------------------------------------------------------------------------

CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS DOCUMENT, MARKED BY [***],
HAS BEEN OMITTED BECAUSE IT IS NOT MATERIAL AND WOULD LIKELY CAUSE COMPETITIVE
HARM TO THE COMPANY IF PUBLICLY DISCLOSED.



Physician and Hospital Directories Physician Directory Updates [NCQA RR4B]The
organization updates the physician directory within 30 calendar days of
receiving new information from the physician.

Call out timeframe of both parties to meet the 30 days turnaround timeliness
Anthem is responsible for the intake
X


Vendor is responsible for display and timelinessPhysician Information Validation
[NCQA RR4C]

In each physician listing in its Web-based directory, the organization provides
an explanation of the item, its source, the frequency of validation and
limitations with each of the following:


10.Name
11.Gender
12.Specialty
13.Hospital affiliations
14.Medical group affiliations
15.Board certification
16.Accepting new patients
17.Languages spoken by the physician or clinical staff
18.Office locations


Physician information is accessible from each listing and may be layered (e.g.
pop-up or pull-down windows)




Anthem owns the content
X



They need to provide a location and accept updates as needed.

Software as a Service (SaaS) Agreement REV. December 2014 Page 67



--------------------------------------------------------------------------------

CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS DOCUMENT, MARKED BY [***],
HAS BEEN OMITTED BECAUSE IT IS NOT MATERIAL AND WOULD LIKELY CAUSE COMPETITIVE
HARM TO THE COMPANY IF PUBLICLY DISCLOSED.




searchable Physician Web-Based Directory


NCQA RR4D]
The organization's web-based physician directory includes search functions with
instructions on how to find the following physician information:


19.Name
20.Gender
21.Specialty
22.Hospital affiliations
23.Medical group affiliations
24.Accepting new patients
25.Languages spoken by the physician or clinical staff
26.Office locations



Hospital Directory Data


NCQA RR4E]
The organization has a web-based hospital directory that includes the following
information to help members and prospective members choose a hospital:
27.Hospital name
28.Hospital location
29.Hospital accreditation status
30.Hospital quality data from recognized sources





Factor 4:


Anthem owns the content- Hospital Quality Data


Factor 4:


They need to provide a location and accept updates as needed.
Hospital Directory Updates [NCQA RR4F]The organization updates its hospital
directory information within 30 calendar days of receiving new information from
the hospital.


Call out timeframe of both parties to meet the 30 days turnaround timeliness
Anthem is responsible for the intake
X


Vendor is responsible for display and timeliness








Software as a Service (SaaS) Agreement REV. December 2014 Page 68



--------------------------------------------------------------------------------

CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS DOCUMENT, MARKED BY [***],
HAS BEEN OMITTED BECAUSE IT IS NOT MATERIAL AND WOULD LIKELY CAUSE COMPETITIVE
HARM TO THE COMPANY IF PUBLICLY DISCLOSED.


EXHIBIT L


[***]







Software as a Service (SaaS) Agreement REV. December 2014 Page 69



--------------------------------------------------------------------------------

CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS DOCUMENT, MARKED BY [***],
HAS BEEN OMITTED BECAUSE IT IS NOT MATERIAL AND WOULD LIKELY CAUSE COMPETITIVE
HARM TO THE COMPANY IF PUBLICLY DISCLOSED.


EXHIBIT M
JOINTLY DEVELOPED PRODUCTS








i.Rights and Responsibilities of the Parties. The Parties may elect during the
term of the Agreement to collaboratively develop new products (each a
“Jointly-Developed Product” and collectively the “Jointly-Developed Products”).
Except as set forth in this Agreement, the development responsibilities, pricing
and contracting arrangements, data requirements, ownership and intellectual
property rights, and other terms associated with each Jointly-Developed Product
shall be as mutually agreed by the Parties and memorialized in a writing signed
by both Parties and incorporated herein by reference upon execution by the
Parties.


ii.Exclusivity. During the Exclusivity Period associated with each
Jointly-Developed Product created during the term of the Agreement, the
Jointly-Developed Product shall be made available only to: (a) Plan Sponsors
whose group health plans are administered or insured by Anthem; (b) Anthem, for
any of its customer segments; and (c) customers of Non-Anthem Blue Plans. For
purposes of this provision, “Exclusivity Period” shall mean, with respect to a
Jointly-Develop Product, a period of two (2) years beginning on the date on
which the Parties mutually agree that the Jointly-Developed Product has passed
all quality and testing regimens and is generally ready for production use.


iii.Revenue Share on Jointly-Developed Products. Anthem shall be entitled to an
incentive in the form of a revenue share in the amount of 10-25% of revenue for
Jointly-Developed Products purchased by Anthem clients, including the purchase
of any Jointly-Developed Product(s) by Anthem for any of its customer segments.
The Parties will mutually agree on the revenue share percentage on an Order
basis.






























Software as a Service (SaaS) Agreement REV. December 2014 Page 70



--------------------------------------------------------------------------------

CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS DOCUMENT, MARKED BY [***],
HAS BEEN OMITTED BECAUSE IT IS NOT MATERIAL AND WOULD LIKELY CAUSE COMPETITIVE
HARM TO THE COMPANY IF PUBLICLY DISCLOSED.










EXHIBIT N


APPROVED SUBCONTRACTORS AND SERVICE LOCATIONS




The subcontractors utilized by Castlight in the performance of Castlight’s
services and approved by Anthem are listed in this Exhibit N and such list may
only be modified in accordance with the terms and conditions of the Agreement:






•Persistent Systems - Pune India
•Telerex - Horsham Pennsylvania
•Indmax - Hyderabad India
•Imaginea - Hyderabad India
•AASON - Consulting Chicago, Illinois
•SunGard - Aurora Colorado and Phoenix Arizona
•DatAvail - Broomfield Colorado
•Imperva - Redwood Shores, California
•Mimecast - Watertown, Massachusetts
•Birst - San Francisco, California


Software as a Service (SaaS) Agreement REV. December 2014 Page 71



--------------------------------------------------------------------------------

CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS DOCUMENT, MARKED BY [***],
HAS BEEN OMITTED BECAUSE IT IS NOT MATERIAL AND WOULD LIKELY CAUSE COMPETITIVE
HARM TO THE COMPANY IF PUBLICLY DISCLOSED.


.


EXHIBIT O


COMPETITORS




▪.UnitedHealth Group, Inc. and its subsidiaries and affiliates
▪.Aetna Life Insurance Company and its subsidiaries and affiliates
▪.Cigna and its subsidiaries and affiliates










































































Software as a Service (SaaS) Agreement REV. December 2014 Page 72



--------------------------------------------------------------------------------

CERTAIN CONFIDENTIAL INFORMATION CONTAINED IN THIS DOCUMENT, MARKED BY [***],
HAS BEEN OMITTED BECAUSE IT IS NOT MATERIAL AND WOULD LIKELY CAUSE COMPETITIVE
HARM TO THE COMPANY IF PUBLICLY DISCLOSED.




EXHIBIT P


Medicare Medicaid Dual Integration Regulatory Exhibits






§ Exhibit P -1: New York Dual Integration Regulatory Exhibit
§ Exhibit P-2: Texas Dual Integration Regulatory Exhibit
§ Exhibit P-3: Virginia Dual Integration Regulatory Exhibit














Software as a Service (SaaS) Agreement REV. December 2014 Page 73



--------------------------------------------------------------------------------



AMENDMENT 7 TO THE SAAS AGREEMENT

This Amendment 7 to the SaaS Agreement (this “Amendment”) is made as of October
19, 2019 (“Amendment Effective Date”) and amends that certain SaaS Agreement
executed on November 1, 2015, as amended (the “Agreement”), by and between
Castlight Health, Inc. (“Castlight”) and Anthem, Inc. on behalf of itself and
its Affiliates (collectively, “Anthem”).


The Parties agree as follows:

1.Conflict of Terms, Definitions. In the event of a conflict between the terms
of this Amendment and the terms of the Agreement, the terms of this Amendment
shall control. Unless otherwise specified in this Amendment, all capitalized
terms shall have the meaning given to them in the Agreement.


2.Amendment to Section 14.2 Limit on Direct Damages. Section 14.2 of the
Agreement is hereby replaced in its entirety with the following:


“14.2. Limit on Direct Damages. Except as set forth in Section 14.3 below, in no
event shall either Party’s aggregate liability exceed $20,000,000 (Twenty
Million Dollars). Any amount owed by Castlight to Anthem in the way of service
credits based upon a failure to meet the Service Levels set forth on Exhibit G
attached hereto, shall not count toward any calculation of damages under this
section.”


3.Amendment to Exhibit G: Service Levels. Exhibit G: Service Levels of the
Agreement is hereby amended as follows:


a. Each reference to “Authorized User” in Exhibit G is hereby replaced by a
reference to “User” as defined in the Services Order Form 5 to the Agreement.


b. The definition of “End Users” in Exhibit G is hereby replaced in its entirety
by the following definition of “Impacted Users”. Each reference to “End Users”
in Exhibit G shall be read as a reference to “Impacted Users”.

“Impacted Users” shall mean the Users whose Service was actually affected by the
failure to meet the performance standard in question.”


c. For the avoidance of doubt, where a payment that is due under Exhibit G is
expressed as a percentage of fees, such payment shall be a percentage of the
monthly fee amount unless expressly stated otherwise in Exhibit G.


74



--------------------------------------------------------------------------------



4.Deletion of Exhibit L: Pricing: Exhibit L of the Agreement is hereby deleted
in its entirety.


5.No Other Modifications. Except as provided herein, the terms and conditions of
the Agreement shall remain the same, and in full force and effect.


IN WITNESS WHEREOF, the parties have caused this Amendment to be duly executed
as of the Amendment Effective Date indicated above.



Castlight Health, Inc.
Anthem, Inc.

By:/s/ Siobhan Nolan Mangini
By:/s/ Jim ArdellName:Siobhan Nolan ManginiName:Jim ArdellTitle:President &
CFOTitle:VP, Corporate Real Estate and
CPODate:10/19/2019Date:10/19/2019Address:150 Spear St. Floor 4
San Francisco, CA 94105Address:220 Virginia Ave
Indianapolis, IN 46204






75

