[sncr123117ex12d8001.jpg]
Application Service Provider Agreement Between Verizon Sourcing LLC And
SYNCHRONOSS TECHNOLOGIES, INC. GDSVF&H\3541367.2Application Service Provider
Agreement Synchronoss and Verizon Proprietary and Confidential



--------------------------------------------------------------------------------



 
[sncr123117ex12d8002.jpg]
TABLE OF CONTENTS APPLICATION SERVICE PROVIDER AGREEMENT
...................................................... 1 1. PARTIES
.............................................................................................................
1 2. TERM
..................................................................................................................
1 3. DEFINITIONS
......................................................................................................
1 4. SCOPE/AUTHORIZATION LETTERS
.................................................................. 7 5.
LICENSES...........................................................................................................
9 6. OVERALL PERFORMANCE REQUIREMENT
.................................................. 14 7. HOSTING
..........................................................................................................
15 8. DEVELOPMENT
SERVICES.............................................................................
16 9. SECURITY
........................................................................................................
17 10. ADDITIONAL REQUIREMENTS
....................................................................... 17 11.
FEES/PAYMENT
...............................................................................................
18 12. RECORDS AND REPORTS
..............................................................................
20 13.
DELIVERY.........................................................................................................
21 14. TESTING, EVALUATION AND APPROVAL
..................................................... 21 15. REPRESENTATIONS AND
WARRANTIES ...................................................... 23 16. ESCROW
..........................................................................................................
27 17. TERMINATION
..................................................................................................
30 18. INFRINGEMENT
...............................................................................................
32 19. CONFIDENTIAL INFORMATION
...................................................................... 33 20.
OWNERSHIP
....................................................................................................
34 21. SUBSCRIBER DATA AND CONTENT
............................................................. 36 22. USE OF
TRADEMARKS
...................................................................................
38 23. PUBLICITY AND DISCLOSURE
........................................................................ 39 24.
COMPLIANCE WITH LAWS
..............................................................................
40 GDSVF&H\3541367.2Application Service Provider Agreement Synchronoss and
Verizon Proprietary and Confidential



--------------------------------------------------------------------------------



 
[sncr123117ex12d8003.jpg]
25. FORCE MAJEURE
............................................................................................
42 26. ASSIGNMENT
...................................................................................................
42 27. SUBCONTRACTING
.........................................................................................
43 28. TAXES
...............................................................................................................
44 29. PERMITS
...........................................................................................................
45 30. WORK RULES AND ACCESS REQUIREMENTS
.............................................. 45 31. INDEMNIFICATION
...........................................................................................
49 32. INSURANCE
.....................................................................................................
50 33. RELATIONSHIP OF PARTIES
.......................................................................... 51
34. NOTICES
..........................................................................................................
51 35. NONWAIVER
....................................................................................................
52 36. SEVERABILITY
................................................................................................
52 37. LIMITATION OF LIABILITY
..............................................................................
53 38. DISPUTE RESOLUTION
...................................................................................
53 39. ORDER OF PRECEDENCE
..............................................................................
54 40. SECTION HEADINGS
.......................................................................................
54 41. SURVIVAL OF OBLIGATIONS
......................................................................... 54 42.
CHOICE OF LAW AND JURISDICTION
........................................................... 55 43. GIFTS AND
GRATUITIES AND CONFLICTS OF INTEREST ........................... 55 44. ENTIRE
AGREEMENT
......................................................................................
56 45. SIGNATURES
...................................................................................................
56 EXHIBIT A – FORM OF AUTHORIZATION LETTER
................................................... 57 EXHIBIT B – CHANGE
REQUEST FORM
.................................................................... 59 EXHIBIT
C-1 - BASELINE INFORMATION SECURITY REQUIREMENTS .................. 61 EXHIBIT
C-2 - VERIZON WIRELESS NETWORK SECURITY REQUIREMENTS…….80 EXHIBIT C-3 - CLOUD
SECURITY REQUIREMENTS……………………………………87 GDSVF&H\3541367.2Application Service
Provider Agreement Synchronoss and Verizon Proprietary and Confidential



--------------------------------------------------------------------------------



 
[sncr123117ex12d8004.jpg]
EXHIBIT D - DISASTER RECOVERY PLAN
................................................................ 88 EXHIBIT E –
COMPLIANCE WITH MINORITY, WOMAN-OWNED, AND SERVICE- DISABLED VETERAN BUSINESS
ENTERPRISES (MWDVBE) UTILIZATION ........... 89 EXHIBIT F- NONDISCLOSURE
AGREEMENT ............................................................ 94
EXHIBIT G
....................................................................................................................
97 SUMMARY OF VERIZON’S GUIDELINES
................................................................... 97 FOR
EVALUATING CRIMINAL RECORD REPORTS
.................................................. 97
GDSVF&H\3541367.2Application Service Provider Agreement Synchronoss and Verizon
Proprietary and Confidential



--------------------------------------------------------------------------------



 
[sncr123117ex12d8005.jpg]
APPLICATION SERVICE PROVIDER AGREEMENT 1. PARTIES This Application Service
Provider Agreement is made between Synchronoss Technologies Inc. a Delaware
corporation, with offices at 200 Crossing Blvd, Bridgewater, NJ 08807, on behalf
of itself and for the benefits of its Affiliates (“Supplier"), and Verizon
Sourcing LLC, a Delaware limited liability company, having an office and
principal place of business at One Verizon Way, Basking Ridge, New Jersey 07920,
on behalf of itself and for the benefit of its Affiliates (individually or
collectively “Verizon”), each a Party and together the Parties hereto. NOW
THEREFORE, in consideration of the mutual promises and conditions set forth
herein, receipt of which is hereby acknowledged, and intending to be legally
bound, the Parties hereto agree as follows: 2. TERM This Agreement shall become
effective when fully executed by both Parties hereto (the “Effective Date”), and
the term of the Agreement shall retroactively commence on April 1, 2013 and
shall continue in effect until five years from the Effective Date (the “Initial
Term”). This Agreement shall be automatically renewed for subsequent one-year
periods (each, a “Renewal Term” and together with the Initial Term, the “Term”)
at the end of the Initial Term or any Renewal Term unless written notice of
intent not to renew is given by one Party to the other **** prior to the end of
the Initial Term or any Renewal Term. Notwithstanding anything herein to the
contrary, the Term shall continue in effect so long as any Authorization Letters
are outstanding. 3. DEFINITIONS The terms defined in this Section shall have the
meanings set forth below whenever they appear in this Agreement, unless the
context in which they are used clearly requires a different meaning or a
different definition is described for a particular Section or provision: 3.1
“Acceptance” or “Accepted” means delivery to Supplier by Verizon of its written
notice of acceptance or deemed acceptance as provided in Section 14 or any
Authorization Letter. 3.2 “Affiliate” means, at any time, and with respect to
any corporation, partnership, person or other entity, any other corporation,
partnership, person or entity that at such time, directly or indirectly through
one or more intermediaries, controls, or is controlled by, or is under common
control with, such first corporation, partnership, person, or other entity. As
used in this definition, “control” means the possession, directly or indirectly,
of the power to direct or cause the direction of the management and policies of
a corporation, partnership, person or other entity, whether through the
ownership of voting securities, or by contract or otherwise. 1 Application
Service Provider Agreement - Synchronoss and Verizon Proprietary and
Confidential ****CERTAIN INFORMATION HAS BEEN OMITTED AND FILED SEPARATELY WITH
THE COMMISSION. CONFIDENTIAL TREATMENT HAS BEEN REQUESTED WITH RESPECT TO THE
OMITTED PORTIONS



--------------------------------------------------------------------------------



 
[sncr123117ex12d8006.jpg]
3.3 “Agreement” means this Application Service Provider Agreement, including all
Orders, Statements of Work, Exhibits, attachments and all mutually agreed to
Authorization Letters attached to and made a part of this Agreement. 3.4
“App(s)” means the software applications, including Catalog Apps, developed by
Supplier for distribution to Subscribers for download, installation and use on
such Subscriber’s Wireless Devices. 3.5 “App Store Catalog” means the third
party online repository of applications to which Verizon or Supplier submits for
publication an App subject to this Agreement. Examples of this include the
online Qualcomm Brew Catalog, the Apple iTunes App Store, the Google Play Store,
and the Amazon Kindle Fire Marketplace. 3.6 “App Store Owner” means the third
party that owns or controls a given App Store Catalog. 3.7 “App Store Developer
Agreement” means the agreement (typically a standard- form agreement) governing
the submission, review and publication of applications, including any App, to an
App Store Catalog, entered into between the developer of such application and
the App Store Owner (or its designee), in addition to any policies incorporated
into such App Store Developer Agreement. 3.8 “Application Service Provider” or
“ASP” means a Person who manages and delivers content or application
capabilities to enable Verizon to make such content or application capabilities
available to its Subscribers. 3.9 “Authorization Letter” means a service
agreement, order, statement of work or authorization letter, substantially in
the form of Exhibit A, mutually agreed to between Verizon and Supplier and duly
executed by an authorized representative of each party. 3.10 “Background
Materials” means Supplier’s tangible and intangible materials and intellectual
property that was developed independently from this Agreement or existed before
Supplier commenced work on any Software, or Services provided under this
Agreement or any Authorization Letter, including without limitation reports,
documentation, drawings, computer programs (source code, object code and
listings), inventions, know-how, creations, works, devices, masks, models and
work-in-process, and any enhancements, corrections, Updates or modifications to
such tangible and intangible materials and intellectual property provided it
does not include Verizon Confidential Information and expressly excludes any
Custom Software or Paid Work Product. 3.11 “Call Detail Information” shall be
any information that pertains to the transmission of specific telephone calls,
including: (a) for outbound calls, the number called and the time, location or
duration of any call, and (b) for inbound calls, the number from which the call
was placed and the time, location, or duration of any call. 2 Application
Service Provider Agreement - Synchronoss and Verizon Proprietary and
Confidential



--------------------------------------------------------------------------------



 
[sncr123117ex12d8007.jpg]
3.12 “Catalog App(s)” means any software applications developed by Supplier
using a third party software development kit and tools developed by an App Store
Owner and posted on the online App Store Catalog. 3.13 “Change Request” means a
request to modify a previously agreed upon Authorization Letter, in the form
attached to this Agreement as Exhibit B, sent in writing or via electronic
transmission pursuant to the Change Request Process set forth in Section 4.3 of
this Agreement and mutually agreed to by Verizon and Supplier. 3.14 “Commercial
Service Date” means the first date that Verizon makes a Data Service
commercially available to Subscribers under an Authorization Letter. 3.15
“Content” means digital media objects that Subscribers may preview, download,
display, store or otherwise use via the Verizon Service. For greater certainty,
Content may include audio, pictures, images, text, graphics, video or other
media objects in formats described in the Specifications or as mutually agreed
by the Parties, but shall not include any text or digital media objects
originated by Subscribers. 3.16 “Content Provider” means any third party who has
licensed Content to either Verizon or Supplier. 3.17 “CPNI” or “Customer
Proprietary Network Information” shall be as defined in 47 U.S.C. Section
222(h)(1). 3.18 “Custom Software” means the system software, application
software and other computer programs resulting from the Development Services
provided by Supplier under this Agreement or an Authorization Letter that are
not part of the Platform or Supplier Background Materials. Custom Software
includes both object code and source code. 3.19 “Data Service” means a service
made available by Verizon to Subscribers based upon the Platform, Services,
and/or Software described in an applicable Authorization Letter including all
exhibits attached thereto, as amended by any Change Request. 3.20 “Deliverables”
means all Documentation and other materials, and all Upgrades thereto (i) are
delivered to Verizon as described in an Authorization Letter or (ii) that
Supplier agrees to provide to Verizon in providing Software or in performing the
Services described in an Authorization Letter. For the avoidance of doubt, the
Platform shall not be considered a Deliverable. 3.21 ”Development Services”
means the design, creation, development, modification or enhancement of computer
programs by Supplier pursuant to this Agreement or an Authorization Letter. 3.22
“Documentation” means all documentation containing requirements, technical and
functional specifications, relating to the design, testing, training, operation
and support of a Platform or Software whether in print or in electronic form,
including without limitation, (i) Supplier’s then current specifications
relating to 3 Application Service Provider Agreement - Synchronoss and Verizon
Proprietary and Confidential



--------------------------------------------------------------------------------



 
[sncr123117ex12d8008.jpg]
Platform, Service or Software, (ii) user, maintenance and system administration
documentation including without limitation user guidelines, operating manuals,
training manuals and technical materials relating to Platform or Services; and
(iii) any and all revisions to the above that Supplier provides or agrees to
provide to Verizon in an Authorization Letter. 3.23 “Error” means failure of the
Platform, Software or Services to perform in accordance with its Specifications.
3.24 “Hardware” means the hardware, equipment or facilities furnished by
Supplier or used by Supplier to provide Hosted Services (including the Firmware
licensed to Verizon when such Firmware is in the Hardware) and all additions,
extensions, components, supplies, test equipment, apparatus and parts, as
specified or identified in this Agreement or in an Authorization Letter,
including, without limitation, those set forth or otherwise identified in any
Authorization Letter, and all other Exhibits to this Agreement. 3.25 “Hosting
Service” or “Hosted Service” shall mean the implementation and ongoing operation
of a Platform connected to the Verizon Network by any means, including, without
limitation, wide area data communications network connections to enable a Data
Service to be provided to and used by Subscribers. 3.26 “Indirect Channel
Entity” means any third party whom Verizon has authorized in writing to offer,
promote, market and resell Verizon Services indirectly or through one or more
tiers of indirect distribution, under the Trademarks of Verizon or the
Trademarks of such Indirect Channel Entity. For greater certainty, the term
“Indirect Channel Entity” expressly does not include overseas Affiliates of
Verizon or its parent companies. 3.27 “Intellectual Property Rights” means any
patent, copyright, rights in trademarks, trade secret rights and other
intellectual property or proprietary rights arising under the laws of any
jurisdiction. 3.28 “Milestones” means the schedule of development and delivery
milestones specified in an Authorization Letter. 3.29 “Person” means any natural
person, corporation, partnership, limited liability company or other entity.
3.30 “Platform” means the system comprised of computer equipment, Software and
network interconnections and services, owned, implemented and operated by
Supplier (and any corrections, Updates, enhancements or modifications thereto
which enables Verizon to provide or support a Data Service to Subscribers as
provided in an Authorization Letter. 3.31 “Products” means all Platform,
Software and Services, and all hardware, equipment, supplies, materials, parts,
components and assemblies used to provide the Services described in an
Authorization Letter. 3.32 “Self-Help Code” means (i) any back door, “time
bomb”, drop-dead device, or other software routine designed to disable a
computer program automatically 4 Application Service Provider Agreement -
Synchronoss and Verizon Proprietary and Confidential



--------------------------------------------------------------------------------



 
[sncr123117ex12d8009.jpg]
with the passage of time or under the positive control of a person other than a
licensee of the program and (ii) any digital rights management or copy
protection code for the Software other than as noted in the applicable
Documentation. Self- Help Code does not include software routines in a computer
program designed to permit the licensor of the computer program (or other person
acting by authority of the licensor) to obtain access to a licensee’s computer
system(s) (e.g., remote access via modem) for purposes of maintenance or
technical support. 3.33 “Services” means all installation, implementation,
technical support, maintenance, modification, training, repair, Development
Services, Hosting Services, and other services related to a Data Service or
Software that Supplier will provide to Verizon, as described in an applicable
Authorization Letter including all exhibits attached thereto, as amended by any
Change Request. 3.34 “Service Description” means the document attached to the
applicable Authorization Letter and made a part thereof, that describes the
Service or Software (as applicable) that Supplier will provide to Verizon, as
may be modified by Change Requests agreed to by Supplier and Verizon pursuant to
the Change Request Process. 3.35 “Verizon Service Requirements” means,
collectively, all of the Specifications and all of the requirements for a Data
Service or Software set forth or referenced in the applicable Authorization
Letter, including but not limited to the Service Description, Service Level
Agreement; Security Requirements (as set forth in Exhibit C and as supplemented
or as modified in an applicable Authorization Letter); Training Plan and
Disaster Recovery Requirements documents, as applicable and as amended from time
to time by any mutually agreed upon Change Request, or otherwise upon mutual
written agreement of the Parties. 3.36 “Service Level Agreement” or “SLA” means
the document attached to the applicable Authorization Letter, which defines and
sets forth the service level commitments to be performed by Supplier. 3.37
“Service Web Site” means the location on the Internet or other public data
network accessed via a computing device at a URL specified by Verizon which will
serve as a location and mechanism through which (i) information about a Data
Service or Software may be provided by Verizon, (ii) a Person may elect to
become a Subscriber or modify elections made for such Data Service or Software,
or (iii) Content may be accessed by, transmitted to the Data Service by, or
delivered to Subscribers. With respect to any Web Site maintained on the World
Wide Web, such Web Site includes all HTML Pages (or similar unit of information
presented in any relevant data protocol) that either are identified by the same
second-level domain (such as www.verizonwireless.com) or by an equivalent level
identifier in any relevant address scheme. 3.38 “Software” means on whatever
media provided, a program, or programs, including data files, system software
and application software and firmware consisting of machine readable logical
instructions and tables of information, which guide the functioning of a
processor or which provide functional and operational performance capabilities
and capacities, including all updates, 5 Application Service Provider Agreement
- Synchronoss and Verizon Proprietary and Confidential



--------------------------------------------------------------------------------



 
[sncr123117ex12d8010.jpg]
upgrades and enhancements thereto. The term Software as used in this Agreement
shall include Apps. 3.39 “Source Code” means the human-readable version of
particular Software, as well as associated documentation required or necessary
to enable an independent third party programmer with reasonable programming
skills to compile, create, operate, maintain, modify and improve such Software
and associated documentation without the help of any other Person. 3.40
“Specifications” means the written functional and technical specifications and
requirements for a Platform or Software attached to or referenced in this
Agreement or the applicable Authorization Letter and all Documentation, as
amended from time to time by any mutually agreed upon Change Request or
otherwise by mutual written agreement of the Parties. 3.41 “Subscriber” means a
Person who (i) subscribes, in a manner prescribed by Verizon, to access and use
a Data Service or Software from a Wireless Device and/or (ii) registers in a
manner prescribed by Verizon, to access and use a Data Service or Software from
a personal computer. For greater certainty, a Person may become a Subscriber
either directly through Verizon or indirectly through an Indirect Channel
Entity. 3.42 “Subscriber Data” means information or data that (i) is provided by
Verizon or a Subscriber, or compiled, generated or collected by either Party in
connection with a Data Service or Software, and (ii) identifies the Subscriber
individually, or that when compared to or otherwise combined or processed with
other information enables an individual Subscriber to be identified. For greater
certainty, “Subscriber Data” includes, without limitation, user name or ID,
account number, individual usage data, user profile or preferences, credit card
or other payment information, mailing address, email address, IP address,
landline or cellular telephone numbers, Social Security number and date of
birth. 3.43 “Trademarks” means, with respect to each Party, their trademarks,
service marks, trade names, logos, brands and other proprietary indicia. 3.44
“Unauthorized Code” means any virus, Trojan horse, worm, rootkit, or other
software routine or hardware component designed to enable unauthorized access
to, to disable, to erase, or otherwise to harm software, hardware, or data or to
perform any other such actions. The term Unauthorized Code does not include
Self-Help Code. 3.45 “Updates” means all future releases, patches, fixes,
corrections, enhancements program code changes, improvements, upgrades, updates
and new releases relating to Software, as well as refinements, solutions,
changes and corrections to the Software as are required to keep the Software in
conformance with the applicable Service Requirements and that are created by
Supplier as corrections for defects in the Software, including without
limitation error corrections, installation programs, and data conversion
programs applicable to the Software. 3.46 “Usage Data” means information or data
other than Subscriber Data (as defined above) that describes the operation of a
Data Service for or use of a Data 6 Application Service Provider Agreement -
Synchronoss and Verizon Proprietary and Confidential



--------------------------------------------------------------------------------



 
[sncr123117ex12d8011.jpg]
Service by Verizon, including but not limited to the number of Subscribers
served, the volumes or types of Content stored, downloaded or used, the patterns
or frequency of such use, use by geographic area or other similar analytical
breakdown, financial information, network configurations, characteristics or
capacity, performance metrics, test results, trouble reports and customer
service information. 3.47 “Use” means (i) to read Software into or out of
hardware memory; (ii) to access, use, execute, operate, display, perform, and
store Software, in whole or in part, on any computer system, processor or mobile
devices on which Software will function, and on any number of computer systems,
processors, or mobile devices; (iii) to transfer into, and store in, equipment
all or any portion of the Software; and (iv) to process and execute
instructions, statements and data included in, or output to, the Software, all
without any modifications to the Software. 3.48 “Verizon Content” means Content
(as defined in Section 3.15) that is owned by Verizon or licensed to Verizon by
third parties. 3.49 “Verizon Trademarks” means the Trademarks of Verizon that
are used in a Data Service or Software or by Verizon in connection with Verizon
Services. 3.50 “Verizon Services” means all voice and data communications
services provided by Verizon, including, but not limited to, the wireless
airtime and landline usage incidental to providing such services. 3.51 “Verizon
Network” means the combination of interconnected, integrated telecommunications
equipment owned, operated, licensed or leased by Verizon or its Affiliates, into
which a Data Service will be integrated at one or more specified points as
mutually agreed, that interoperates concurrently and as a whole for the purpose
of transmitting, switching and receiving signals, containing voice messages and
data, by any means, including electromagnetic (i.e., through the air) means.
3.52 “Supplier Content” means Content (as defined in Section 3.15) that is owned
by Supplier or licensed to Supplier by third parties. 3.53 “Wireless Device”
means any communications device that enables Subscribers to access and use a
Data Service or Software. 4. SCOPE/AUTHORIZATION LETTERS 4.1 This Agreement does
not by itself order any Service or Software. Verizon shall order Service or
Software by submitting an Authorization Letter, substantially in the form
attached hereto as Exhibit A, in accordance with the terms of this Agreement.
4.2 Authorization Letters 4.2.1 Supplier shall furnish Service or Software as
specified in Authorization Letters issued from time to time by Verizon and
accepted by Supplier. 7 Application Service Provider Agreement - Synchronoss and
Verizon Proprietary and Confidential



--------------------------------------------------------------------------------



 
[sncr123117ex12d8012.jpg]
Verizon shall from time to time issue Authorization Letters in the form appended
hereto as Exhibit A, setting forth in detail the specific tasks to be performed
and the time frame in which they are to be performed. Authorization Letters for
Development Services shall set forth a description of the services and the
Custom Software or Paid Work Product ordered, if any, including Service
Requirements, Milestones, pricing, and other relevant information, shall be
signed by both parties, and shall be identified as an Authorization Letter
issued pursuant to this Agreement. 4.2.2 Verizon shall appoint a Project Leader
in each Authorization Letter issued by Verizon under this Agreement. 4.3 Change
Requests 4.3.1 Verizon and Supplier may, at any time, agree to make additions,
deletions or other modifications to a previously requested Service or Software
through the Change Request Process set forth in Section 4.3.2 below. Such
requests may include one or more documents appended thereto, all of which
collectively shall comprise the requests. Change Requests shall be in the form
appended hereto as Exhibit B. The parties acknowledge and agree that Change
Requests shall not be used when the work requested will involve creation of new
Custom Software or Paid Work Product, the ownership of which has not been
previously agreed upon in an Authorization Letter. 4.3.2 Upon receipt of any
proposed Change Request from Verizon, Supplier will provide to Verizon (i) a
written a description of the work Supplier anticipates performing in order to
effectuate requested change(s), (ii) a schedule for commencing and completing
such work, and (iii) the costs to Verizon associated with such change(s) or
services. If Verizon elects to have Supplier perform the changes requested,
Verizon will have such Change Request signed by an authorized representative and
Supplier shall then also have such Change Request signed by an authorized
representative. A Change Request shall not be valid and neither Supplier nor
Verizon will incur any liability thereunder until signed and approved by
authorized representatives of both Parties (the “Change Request Process”). 4.3.3
Except as otherwise provided in a Change Request (or the underlying
Authorization Letter), Verizon may cancel or reschedule Change Requests for
convenience, in whole or in part, by providing at least **** written notice to
Supplier. Supplier shall promptly curtail all activities in respect of such
Services in the Change Request. Except as otherwise provided in the Change
Request (or the underlying Authorization Letter), Verizon’s sole liability to
Supplier under such cancelled Change Request will be the payment of all amounts
due Supplier for work performed as supported by reasonable documentation through
the effective date of cancellation. Where such work was to be paid on delivery
of a Milestone or Deliverable, charges for such work shall be based on a time
and materials basis calculated as number of hours 8 Application Service Provider
Agreement - Synchronoss and Verizon Proprietary and Confidential ****CERTAIN
INFORMATION HAS BEEN OMITTED AND FILED SEPARATELY WITH THE COMMISSION.
CONFIDENTIAL TREATMENT HAS BEEN REQUESTED WITH RESPECT TO THE OMITTED PORTIONS



--------------------------------------------------------------------------------



 
[sncr123117ex12d8013.jpg]
worked at $**** (no hours prior to the execution of such Change Request shall be
included) for any work in progress, capped at **** of the payment due for such
work in the applicable Change Request (or the underlying Authorization Letter)
for such Milestone or Deliverable, unless other termination fees or charges are
specified under such Authorization Letter (in which case such stated termination
fees or charges shall be in lieu of any other partial payments). 4.4 Affiliates
An Affiliate that issues an Authorization Letter may enforce the terms and
conditions of this Agreement with respect to any Software or Services purchased
by such Affiliate as though it were a direct signatory to the Agreement. Default
by one Affiliate shall not affect any other Affiliate party to this Agreement.
5. LICENSES 5.1.1 Supplier grants to Verizon and its Affiliates and to its and
their employees, agents and contractors, a non-exclusive, irrevocable (other
than for Verizon’s uncured material breach), worldwide, license and right to Use
and access the Platform, Services and, to the extent Software is provided to
Verizon, an unlimited number of copies of any Software and any Documentation
related thereto required for Use and access to the Platform as specified in an
Authorization Letter during the Term, at the prices set forth in the applicable
Authorization Letter. Where expressly permitted by an Authorization Letter,
Software may be sublicensed by Verizon to its original equipment manufacturers
(“OEMs”), customers and Indirect Channel Entities in accordance with the
foregoing sentence. 5.1.2 Verizon shall also have the right, at no additional
charge, to Use the Software by means of remote electronic access at locations
other than the locations at which the Software is stored. Supplier also grants
to Verizon the right to authorize Use of such license to its subcontractors,
agents, contractors, outsourcing entities and others for use when performing
services for Verizon; provided that Verizon shall remain responsible to any
violation of the Agreement or any Authorization Letter by such parties. In
addition, if Verizon transfers or assigns the Software to an Affiliate or a
third party in connection with the provision or support of network services,
then the license granted hereunder shall extend to such transferee or assignee.
No such authorization, transfer or sublicense shall release Verizon from its
obligations hereunder. 5.2 License Term Except as otherwise set forth herein,
the term of each license of Software granted under this Agreement or any
Authorization Letter shall commence on the applicable delivery date, or such
other date as set forth in an Authorization Letter, and shall remain in effect
perpetually, or for such shorter term as set forth in an Authorization Letter,
or until the Use of the Software, as it may have been updated or enhanced is
permanently discontinued by Verizon, unless such license for Software is
terminated in accordance with Section 17. 9 Application Service Provider
Agreement - Synchronoss and Verizon Proprietary and Confidential ****CERTAIN
INFORMATION HAS BEEN OMITTED AND FILED SEPARATELY WITH THE COMMISSION.
CONFIDENTIAL TREATMENT HAS BEEN REQUESTED WITH RESPECT TO THE OMITTED PORTIONS



--------------------------------------------------------------------------------



 
[sncr123117ex12d8014.jpg]
5.3 Shrink-Wrap Licenses Under no circumstances shall any Supplier shrink-wrap
or click-wrap license be given any force or effect in connection with any
Software and Verizon specifically rejects all such licenses. The Parties agree
to replace the terms of such licenses with the terms of this Agreement or an
Authorization Letter, if applicable. 5.4 Content Licenses 5.4.1 Verizon grants
to Supplier a limited, nonexclusive, non-transferable, royalty-free license to
Verizon Content to copy, store, display, transmit, distribute and sell Content
solely for the purpose of providing Verizon Content via its Platform for
Verizon’s Data Service to Subscribers in accordance with the applicable
Authorization Letter, expressly without the right of further sublicense of any
of the foregoing. Nothing in this Section shall be interpreted as granting
Supplier any greater rights or authorizations than are granted to Verizon
pursuant to its licensing agreements with Content Providers. Supplier shall have
no right to reproduce or sub-license, re-sell or otherwise distribute all or any
portion of Verizon Content to any person in any form or any manner other than as
necessary or appropriate in providing a Service or Software in accordance with
the applicable Service Requirements. Except as otherwise agreed in writing,
Supplier shall not receive, transmit, alter, copy, access, store, or otherwise
use Verizon Content except for purposes of performing its obligations under an
applicable Authorization Letter. Supplier shall protect all Verizon Content from
unauthorized alteration, copying, access, storage, transmittal or use as
required in this Agreement and as provided in the Service Requirements. 5.4.2
Supplier grants to Verizon a limited, nonexclusive, non-transferable license to
Supplier Content to copy, store, display, transmit, distribute and sell Supplier
Content solely for the purpose of providing Supplier Content through the
Platform via a Data Service to Subscribers in accordance with an applicable
Authorization Letter, expressly without the right of further sublicense of any
of the foregoing. Nothing in this Section shall be interpreted as granting
Verizon any greater rights or authorizations than are granted to Supplier
pursuant to its licensing agreements with Content Providers. Verizon shall have
no right to reproduce or sub-license, re-sell or otherwise distribute all or any
portion of Supplier Content to any person in any form or any manner other than
as necessary or appropriate in providing a Data Service in accordance with the
applicable Service Requirements. 5.5 All rights and licenses granted under or
pursuant to this Agreement or any Authorization Letter by Supplier to Verizon
are, and shall otherwise be deemed to be, for the purposes of Section 365(n) of
the United States Bankruptcy Code (“Code”), licenses to rights to “intellectual
property” as defined in the Code. The Parties agree that Verizon, as licensee of
such rights under this Agreement, shall retain and may fully exercise all of its
rights and elections under the Code. The Parties further agree that, in the
event of a bankruptcy proceeding by or against Supplier under the Code, Verizon
shall be entitled to retain all of its rights 10 Application Service Provider
Agreement - Synchronoss and Verizon Proprietary and Confidential



--------------------------------------------------------------------------------



 
[sncr123117ex12d8015.jpg]
(including all licenses) under this Agreement and/or any Authorization Letter.
In the event of filing a petition for relief under the Code, Supplier shall
assume or reject the Agreement within ****. 5.6 Catalog Apps 5.6.1 Additional
License Terms 5.6.1.1 Supplier hereby grants to Verizon and its Affiliates and
to its and their employees, agents and contractors, a non-exclusive license to:
(i) copy, reproduce, display, submit for approval and perform all Apps on the
applicable App Store Catalog, in object code format only; and (ii) exploit, use,
distribute, transmit, and sublicense for download an unlimited number of copies
of all such Apps to Subscribers, in object code format only, such that
Subscribers may access and use the corresponding Data Service in accordance with
the Agreement or an Authorization Letter. 5.6.1.2 With respect to each Apps
submitted to the applicable App Store Catalog, the foregoing license shall
commence on the date the App is submitted to the applicable App Store Catalog
and will terminate on the earlier of (a) the date the App is removed from the
applicable App Store Catalog, or (b) the date of termination of the applicable
Authorization Letter. No such removal or termination will terminate a
Subscriber’s rights or licenses to continue to use those Apps that were
downloaded by the Subscriber prior to such removal or termination. All rights
not granted in this Agreement are hereby reserved by Supplier. 5.6.2 Developer
5.6.2.1 For each App, Supplier agrees and Verizon acknowledges that, unless
otherwise required by the applicable App Store Owner or agreed between the
Parties, for all purposes in connection with the submission of Apps to the
applicable App Store Catalog, Supplier shall be the developer of the Apps and
shall be bound by, and shall comply with, all applicable terms of the applicable
App Store Developer Agreement (and any related submission policies made known to
Supplier by the App Store Owner). 5.6.2.2 Removal by Supplier Notwithstanding
anything to the contrary contained in the App Store Developer Agreement, which
may provide Supplier the ability to request the removal of any Apps from the App
Store Catalog ,Supplier shall not, without Verizon’s prior written consent,
request that Apps be removed from the App Store Catalog. Upon such consent and
removal, Supplier acknowledges and agrees that such removal will terminate the
applicable Authorization Letter with respect to such App, and that the removal
of any Catalog App from the App Store Catalog will not terminate a Subscriber’s
rights or licenses to continue to use such App if the App was downloaded by the
Subscriber prior to removal. The foregoing shall not limit the ability of
Supplier to replace or update an App for a given Wireless Device (eg: provide an
update App to correct an Error). 11 Application Service Provider Agreement -
Synchronoss and Verizon Proprietary and Confidential ****CERTAIN INFORMATION HAS
BEEN OMITTED AND FILED SEPARATELY WITH THE COMMISSION. CONFIDENTIAL TREATMENT
HAS BEEN REQUESTED WITH RESPECT TO THE OMITTED PORTIONS



--------------------------------------------------------------------------------



 
[sncr123117ex12d8016.jpg]
5.6.2.3 Removal by Verizon. Verizon may at any time, at its sole discretion and
for any reason, remove any App that is exclusively used for Verizon and provided
under this Agreement from an App Store catalog and upon doing so will provide
notice to Supplier. The removal of any App from the App Store Catalog will not
terminate a Subscriber’s rights or licenses to continue to use such App if the
App was downloaded by the Subscriber prior to removal. 5.6.2.4 Direct Pay.
Except as expressly set forth in an Authorization Letter, the parties agree that
all payments to Supplier for the download and/or use of Supplier’s Apps shall
come directly from Verizon and Supplier shall not be paid by an App Store Owner
for any Apps downloaded from the App Store Catalog by Subscribers. The fees
payable by Verizon to Supplier as set forth herein shall be in lieu of any and
all amounts that would otherwise have been payable to Supplier by Qualcomm or
Verizon under the Qualcomm App Store Developer Agreement. 5.6.2.5 Qualcomm -
Establishing the DAP. For each Apps that Supplier makes available on the
Qualcomm App Store Catalog, Supplier must submit a pricing template(s),
indicating the agreed upon Developer Application Price (DAP) for such Catalog
App in accordance with the BREW Developer Agreement (the App Store Developer
Agreement applicable to Qualcomm BREW applications). Supplier and Verizon may
choose from time to time to discuss and negotiate a DAP for one or more such
Qualcomm BREW Catalog Apps. If Supplier and Verizon negotiate a DAP for one or
more such Qualcomm BREW Catalog Apps, Supplier must still submit a pricing
template(s) for the Qualcomm BREW Catalog App(s) in accordance with the BREW
Developer Agreement. 5.7 Limited License to Supplier APIs 5.7.1 (a) In addition
to the license rights to the Software granted to Verizon hereunder, Supplier
hereby grants to Verizon, subject to the terms and conditions of this Agreement,
including payment of the fees as set forth therein or in an applicable SOW, if
any, a perpetual, non-exclusive, limited right to use and sublicense Supplier’s
Solution API (as defined below) to those manufacturers of devices supported by
the Solution and developers of software applications that reside and operate on
devices supported by the associated Supplier Platform (each, a “Device
Application Developer”) solely to enable the App to interface and interoperate
with the associated Supplier Platform and access and use the functionality of
such Supplier Platform licensed from Supplier by Verizon solely for the benefit
of Verizon’s Subscribers. Such right includes the right for Device Application
Developers to incorporate the Solution API into an interface of the Device
Application and to support and maintain such interface subject to the
limitations above. 12 Application Service Provider Agreement - Synchronoss and
Verizon Proprietary and Confidential ****CERTAIN INFORMATION HAS BEEN OMITTED
AND FILED SEPARATELY WITH THE COMMISSION. CONFIDENTIAL TREATMENT HAS BEEN
REQUESTED WITH RESPECT TO THE OMITTED PORTIONS



--------------------------------------------------------------------------------



 
[sncr123117ex12d8017.jpg]
(b) In addition, upon termination of this Agreement or the applicable
Authorization Letter (other than for cause by Supplier), provided that such
termination is not due to Verizon’s breach of this Agreement, and Verizon has
paid all fees due, including termination charges due, such license to the
Solution API shall be extended to grant to Verizon the right to use and
sublicense the Solution API to Device Application Developers solely to
incorporate the Solution API into an interface of the Device Applications and
support and maintain such interface with any service offering similar
functionality to the associated Supplier Platform (and not solely to interface
with the associated Supplier Platform) solely for the benefit of Verizon’s
Subscribers (including those Subscribers using the service offering similar
functionality to the associated Supplier Platform referenced in this sentence).
In all cases, Verizon shall inform Supplier in writing of any Device Application
Developer to which Verizon Wireless has provided the Solution API. Verizon shall
be liable for any breach by a Device Application Developer of any of the
covenants and obligations of Verizon hereunder. 5.7.2 During the Term or Renewal
Term, Verizon may provide written notice to Supplier that it wishes to use and
sublicense the Solution API set forth in subsection 5.7.1 to Device Application
Developers to incorporate the Solution API into an interface of the Device
Applications and support and maintain such interface with any service offering
similar functionality to the associated Supplier Platform (and not solely to
interface with the Supplier Platform) solely for the benefit of Verizon
Subscribers because (A) Supplier has been subject to credits for failure to meet
any one service level set forth in an applicable Service Level Agreement for
three (3) consecutive months where each such failure is subjected to a credit of
at least $**** or (B) Supplier’s Platform (or non-Platform Software supporting a
Data Service) is not within Industry-Standards (solely from a technology basis
including without limitation features and functionality) in some or all material
respects and there is another service offering which Verizon wishes to use and
that Verizon in good faith determines such service offering to address the
“Industry Standards” issues identified in the affected Platform (or non-Platform
Software supporting a Data Service). If such notice is pursuant to subsection
(B) and Supplier fails to meet such “Industry Standards” in all material
respects within a reasonable period after the receipt of such notice but no
later than the production release date of the next feature release of the
Platform (or non-Platform Software supporting a Data Service) that will
reasonably accommodate any industry standard issues that may arise or which the
content of such feature release has not yet been finalized, then such license
shall be so extended as set forth herein. For the avoidance of doubt, in the
event of the extension of the license to the Solution API as described above,
this shall not release Verizon of any of its other obligations under this
Agreement, including but not limited any payment obligations and Supplier has
the right to immediately rescind such license in the event of any uncured
material breach by Verizon under this Agreement. In the event that Verizon does
not give notice of its exercise of the right hereunder to Supplier within ****
of the trigger of such 13 Application Service Provider Agreement - Synchronoss
and Verizon Proprietary and Confidential ****CERTAIN INFORMATION HAS BEEN
OMITTED AND FILED SEPARATELY WITH THE COMMISSION. CONFIDENTIAL TREATMENT HAS
BEEN REQUESTED WITH RESPECT TO THE OMITTED PORTIONS



--------------------------------------------------------------------------------



 
[sncr123117ex12d8018.jpg]
right, Verizon shall have been deemed to waive such right with respect to such
triggering event. 5.7.3 Verizon shall enter into an agreement with each Device
Application Developer whereby such Device Application Developer (i) agrees to
keep the Solution API and any Supplier information confidential, and (ii)
disclaims all liability of Supplier with respect to the Solution API. 5.7.4
Supplier shall have no obligation to provide any maintenance or technical or
product support to any Device Application Developer in the event of Section
5.7.1(b) or 5.7.2 above. Any such support provided to Verizon on behalf of a
Device Application Developer or to any Device Application Developer shall be
subject to additional professional service charges from Supplier as agreed upon
in a Change Order. Neither Verizon nor any Device Application Developer shall
have any ownership right to the Solution API. 5.7.5 Definitions. As used herein:
5.7.5.1 “Solution API” means the application programming interfaces ("API") to
the Supplier Software or Platform and related documentation. 5.7.5.2 “Device
Application” means a Verizon or Device Application Developer product or software
application intended for installation and use on a device (such as tablet or
smart phone) that incorporates the Solution API therein, which is designed for,
and usable, in strict accordance within the terms of this Agreement. The Device
Application is distributed to the Subscriber of the applicable device. 6.
OVERALL PERFORMANCE REQUIREMENT Supplier represents, warrants and agrees that it
has the responsibility, duty and obligation to provide, perform, and deliver, to
the extent set forth herein, the Services and/or Software described in any
Authorization Letter(s) pursuant to this Agreement and Supplier further agrees
and acknowledges: 6.1 that it recognizes that the Software and Services which
are to be provided under this Agreement must be delivered in compliance with the
scheduled dates and requirements set forth in the Authorization Letter(s) and
perform in compliance with the Specifications; and 6.2 that Supplier has and
will maintain an organization staffed by qualified personnel, including “key
personnel,” with the knowledge, skill and resources to perform and complete the
work and that there are and will be no commitments, legal, contractual or
otherwise that are in conflict with Supplier’s obligations under this Agreement
and applicable Authorization Letter. 14 Application Service Provider Agreement -
Synchronoss and Verizon Proprietary and Confidential



--------------------------------------------------------------------------------



 
[sncr123117ex12d8019.jpg]
7. HOSTING 7.1 Upon acceptance of an Authorization Letter which includes Hosting
Services, Supplier shall provide, install, maintain and support a Platform,
including all necessary hardware, software, and services for the deployment,
integration (to the extent indicated in an Authorization Letter), maintenance
and management of the Platform or Software as described in the applicable
Authorization Letter and shall provide such Hosting Service to Verizon in
compliance with the Security Requirements set forth in Exhibit C hereto (as may
be modified or supplemented in an Authorization Letter) and the applicable
Authorization Letter, including all attachments thereto. 7.2 In the event
Verizon elects to terminate the Hosting Service only (such date of termination,
the “Hosting Termination Date”), and either internally provide and operate
through its own equipment and facilities, or provide and operate through the
equipment and facilities of its third party vendor, all or any part of such
Hosting Service. In the event Verizon elects to terminate the Hosting Services
as described above (or the Agreement or applicable SOW terminates or expires for
any reason) and subject to payment by Verizon of any applicable fees for early
termination of Hosting Services as set forth in an Authorization Letter: 7.2.1
Supplier shall provide Verizon, or its third party vendor, reasonable assistance
in completing the transition to the internal operation of the Hosting Services
by Verizon; and 7.2.2 Supplier or its successors in interest shall furnish to
Verizon or its designee that is not a competitor of Supplier, the following
documentation and information related to Hosting Services: (1) documentation
regarding system, database and storage administration; (2) features and
technical specifications for the hosting environment; (3) detailed equipment and
software configurations for servers, storage, communications and other systems
supporting the Hosting Services; (4) installation and testing procedures; (5)
operations and provisioning procedures; (6) maintenance procedures and
diagnostics; and (7) such other documentation the parties agree is reasonably
necessary to support the Hosting Services. Verizon or its designee shall use
such information and documentation solely to the extent necessary to support the
Hosting Services. Such information and documentation shall be provided pursuant
to a mutually agreeable statement of work, which shall set forth the specific
tasks to be undertaken by Supplier in connection with such transition, the fees
to be paid by Verizon therefor, and the time period for completing such
transition; and 7.2.3 Verizon shall have the option, to purchase from Supplier
such equipment elements used by Supplier to provide the Hosting Service, to the
extent they are (i) owned by Supplier and no third party limitation or
restriction prohibits such purchase, (ii) dedicated to the Hosting Services and
not shared or used by any other customer of Supplier and (iii) reasonably
necessary or appropriate to provide the Hosting Services internally or through
the facilities of its third party vendor; and 15 Application Service Provider
Agreement - Synchronoss and Verizon Proprietary and Confidential



--------------------------------------------------------------------------------



 
[sncr123117ex12d8020.jpg]
7.2.4 The rights and obligations of the Parties under the provisions of this
Section 7.2, and solely to the extent that they relate to the Hosting Service
all other terms, Exhibits and addenda, shall terminate effective as of the
Hosting Termination Date, provided that any obligation on the part of Verizon
including the obligation to pay any Fees, in respect of the Hosting Service for
periods prior to the Hosting Termination Date, and any applicable early
termination charges as set forth in the Authorization Letter, shall survive the
Hosting Termination Date. In addition, the respective obligations of the Parties
relating to the Hosting Service that by their nature would continue beyond the
Hosting Termination Date, including but not limited to the obligations to
indemnify, maintain confidentiality, maintain records and permit audits, shall
survive the Hosting Termination Date with respect to the Hosting Service. 8.
DEVELOPMENT SERVICES 8.1 Custom Software Development/Paid Work Product Supplier
will design, develop, document, test and deliver the Custom Software or Paid
Work Product identified in an Authorization Letter in accordance with the
Service Requirements, Milestones and other terms of that Authorization Letter.
Supplier shall comply with Verizon’s reasonable requests for changes to the
Service Requirements that do not, either individually or in the aggregate,
require more time, cost or effort from Supplier. 8.2 Background Materials
Supplier will not include any Background Materials in the Custom Software or
Paid Work Product without Verizon’s prior written consent (an express
identification of such Background Materials within the applicable Authorization
Letter shall be acceptable as Verizon’s consent for such purpose). For all
Background Material used or included in Custom Software or Paid Work Product,
Supplier grants to Verizon a royalty free, non-exclusive transferable,
sublicensable irrevocable worldwide license to Use such Background Material
except as set forth in an Authorization Letter. As used herein, to Use the
Background Material means to use, display, perform, modify, enhance, reproduce
and make derivative works for any purpose. 8.3 Status of Information Supplier
shall allow personnel of Verizon to visit Supplier’s place of business at
reasonable times to discuss and inspect the status of the development of the
Custom Software or Paid Work Product upon prior written notice and provided such
visit does not adversely affect or interfere with such development. In addition,
appropriate personnel of the Parties will meet at least weekly during the course
of development to review the status of the development of the Custom Software or
Paid Work Product. 16 Application Service Provider Agreement - Synchronoss and
Verizon Proprietary and Confidential



--------------------------------------------------------------------------------



 
[sncr123117ex12d8021.jpg]
8.4 Documentation Documentation for Custom Software shall be provided in a
machine-readable format unless another format is agreed to by Verizon.
Documentation shall comply with commonly accepted industry standards with
respect to content, size, legibility and reproducibility, and shall include
without limitation the following, as applicable: (i) administration; (ii)
features and technical specifications; (iii) detailed engineering and circuit
design; (iv) installation and testing criteria; (v) operations, provisioning and
translations; (vi) maintenance and diagnostics; and (vii) other documentation
deemed necessary by the parties to support the installation, acceptance testing,
administration, maintenance, engineering and operation of the Custom Software,
and the full exercise of the ownership rights, if any, herein acquired by
Verizon. 9. SECURITY 9.1 Supplier shall put in place and shall maintain physical
and electronic measures and operational procedures to protect the security of
each Platform, and Software in compliance with the security requirements as set
forth in Exhibit C hereto as such may be supplemented or modified in the
applicable Authorization Letter. 9.2 Verizon, at its sole cost, may conduct
reasonable Security Audits of a Platform or Software and related facilities of
Supplier used in connection with Supplier’s performance of any Services (a
“Security Audit”). Such Security Audit shall be performed by Verizon itself or
on its behalf by a reputable security audit company selected by Verizon at
mutually agreed upon times upon reasonable notice and subject to such company
agreeing in writing with Verizon to the protection of any Supplier confidential
information and provided that such Security Audit does not adversely impact
Supplier or any services provided by Supplier to any other customer. 9.3 Each
Party shall be entitled to receive a copy of any initial or final written report
or recommendations resulting from any Security Audit and, unless Supplier
disputes such recommendation on the grounds its implementation would not be in
accordance with industry standards applicable to providers of service or
software comparable to the Services and Software, Supplier shall promptly
implement such recommendations. 10. ADDITIONAL REQUIREMENTS 10.1 Service Level
Agreement Supplier shall comply with all terms of the Service Level Agreement
attached to the applicable Authorization Letter. 10.2 Disaster Recovery 10.2.1
Supplier’s Disaster Recovery Plan is attached hereto as Exhibit D. Supplier
shall exercise such plan on no less than an annual basis. 17 Application Service
Provider Agreement - Synchronoss and Verizon Proprietary and Confidential



--------------------------------------------------------------------------------



 
[sncr123117ex12d8022.jpg]
10.2.2 Supplier shall update the Disaster Recovery Plan as reasonably necessary
during the Term to include a list of all hardware, software and communications
facilities and services used by Supplier to provide the Hosting Service. Verizon
shall have the right to reasonably audit Supplier’s compliance at reasonable
times as Verizon deems necessary provided such audit does not adversely impact
Supplier or any services provided by Supplier to any other customer. Verizon’s
review of any changes to the Disaster Recovery Plan shall not in any way alter
or waive any of Suppliers duties, obligations, representations or warranties
under this Agreement. 10.3 Training Upon request from Verizon, Supplier shall
provide training outlined in the applicable Authorization Letter upon the terms
set forth in such applicable Authorization Letter. Verizon shall have the right
to duplicate or reproduce (including any markings as to confidentiality and
copyrights), for internal usage only, any of the training materials at no
additional cost. 10.4 Branding Unless otherwise stated in the applicable
Authorization Letter, nothing in this Agreement shall be construed to limit or
restrict Verizon’s rights to market and have marketed a Data Service or Software
as Verizon determines, using Verizon own Trademarks or the Trademarks of one or
more Indirect Channel Entities; provided Verizon does not remove any applicable
copyrights. 10.5 International Roaming Access All Software and Services are
intended to be used to enable Verizon to provide the Data Service to Subscribers
who are customers purchasing Verizon Services in the United States. However,
Supplier acknowledges and agrees that Verizon may, in its sole discretion,
enable Subscribers to access and use a Data Service using Wireless Devices while
roaming outside the United States pursuant to international data roaming
agreements that Verizon may enter into with other wireless carriers. 11.
FEES/PAYMENT 11.1 Pricing During the Term of this Agreement, Verizon shall pay
Supplier for Service and/or Software in accordance with each applicable
Authorization Letter. All payments are due in U.S. Dollars. All charges to
Verizon for Services or Software are as set forth in each applicable
Authorization Letter or, for modifications to a Service or Software, in a Change
Request. 11.2 Improvements Supplier and Verizon shall continue to identify areas
for Supplier’s continuous improvement in cost, quality and service over the term
of the Agreement. 18 Application Service Provider Agreement - Synchronoss and
Verizon Proprietary and Confidential



--------------------------------------------------------------------------------



 
[sncr123117ex12d8023.jpg]
Supplier shall afford Verizon the ability to realize the benefit of such
improvements, including price reductions to the extent the Parties mutually
agree in a Change Request. Furthermore, a list of continuous improvement
initiatives shall be created by the Parties. Unless otherwise set forth in this
Agreement, Supplier and Verizon will meet, upon Verizon’s reasonable request, to
assess opportunities to implement potential continuous improvement initiatives,
such initiatives to be mutually agreed to by the parties in a Change Request.
11.3 Invoices Unless otherwise specified in an Authorization Letter , Supplier
shall render invoices following the date of initial Acceptance as set forth in
Section 14; provided, however, where payment is not expressly contingent on
Acceptance or where payment is on a per-subscriber basis, no Acceptance shall be
required. Invoices for charges specified in an Authorization Letter shall be
submitted by Supplier to the address specified in the Authorization Letter.
Invoices shall include, as appropriate, without limitation (i) Authorization
Letter number; (ii) description of Software and Services provided; (iii) ship-to
name and address; (iv) delivery method (i.e., electronic or physical); (v) date
of delivery (vi) quantity shipped and billed or quantity of service units
performed and billed; (vii) maintenance service details; (viii) net unit cost;
(ix) discounts applied; (x) net invoice amount; (xi) contract information for
invoice disputes; and such other details as Verizon may reasonably request. 11.4
Payment Terms Verizon shall remit payment to Supplier within **** of Verizon’s
receipt of Supplier's undisputed invoice, unless otherwise set forth in the
applicable Authorization Letter; provided, however, if Verizon disputes any
charge shown on a Supplier invoice, Verizon shall notify Supplier in writing of
such dispute, and shall pay when due, any undisputed amounts. Supplier will
provide Verizon with notice of any nonpayment if any. Upon request, Verizon will
provide reasonable support for such dispute. 11.5 Electronic Payments At
Verizon’s option Supplier will do the following: Verizon may, at no additional
cost to Verizon, require Supplier to accept purchase orders and submit invoices
via Verizon’s electronic payment system; provided that Supplier is not charged
for the use or access of such system. Any terms or conditions associated with
the use of the electronic payment system shall be negotiated directly between
the Supplier and the electronic payment system provider. Transactions under this
Agreement using the electronic payment system shall be governed by the terms and
conditions of this Agreement. 11.6 Right of Set Off Verizon shall be entitled to
set off any amount Supplier owes Verizon against amounts payable under this or
any other Agreement. Payment by Verizon shall not result in a waiver of any of
its rights under this Agreement. Verizon shall not be obligated to pay Supplier
for Services that are not fully and properly invoiced. 19 Application Service
Provider Agreement - Synchronoss and Verizon Proprietary and Confidential
****CERTAIN INFORMATION HAS BEEN OMITTED AND FILED SEPARATELY WITH THE
COMMISSION. CONFIDENTIAL TREATMENT HAS BEEN REQUESTED WITH RESPECT TO THE
OMITTED PORTIONS



--------------------------------------------------------------------------------



 
[sncr123117ex12d8024.jpg]
11.7 Charges to Subscribers. Supplier acknowledges and agrees that the fees
charged by Verizon to Subscribers for their use of the Data Service or Verizon
Network needed to download the Software required for a Data Service, as well as
the fees charged Subscribers for downloading the Software, will be determined by
Verizon in its sole discretion. Supplier also acknowledges and agrees that
Verizon alone will be responsible for billing Subscribers, as well as for all
associated collection activity, for such fees. 12. RECORDS AND REPORTS 12.1
Supplier shall allow Verizon and its authorized agents and representatives to
audit Supplier’s records (in whatever form kept) to verify Supplier’s compliance
with all provisions of this Agreement provided such agents and representatives
agree with Verizon to keep any such information confidential. At Verizon’s
request, the auditor shall have access to Supplier’s records at reasonable times
during the Term and during periods in which Supplier is required to maintain
records with not less than ten (10) days prior written notice to Supplier and
provided that the timing of such audit does not adversely affect Supplier or its
personnel. Supplier shall maintain complete records of all charges payable by
Verizon under the terms of this Agreement for the later of three (3) years after
termination of the Agreement and any additional period of applicability of the
Agreement to an Authorization Letter placed prior to termination. Such records
shall specifically include, but are not limited to, timesheets. All such records
shall be maintained in accordance with recognized accounting practices. The
correctness of Supplier's billing shall be evaluated by such audits. Unless such
results are reasonably disputed by Supplier in accordance with Section 39,
prompt adjustments shall be made to compensate for any errors or omissions
disclosed by such review or examination. If such review or examination
determines that Verizon has made an overpayment in excess of seven and one-half
percent (7.5%) of the amount properly due, then Supplier shall reimburse Verizon
for the entire reasonable cost and expense of such review and examination. From
time to time, Verizon may request Supplier to provide an Export Control
Classification Number (ECCN) for products, software, reports, technology or
technical data licensed, purchased or available for license or purchase under
this Agreement to the extent applicable. Supplier agrees to promptly, and
without additional cost to Verizon, comply with any such requests. 12.2 If
Supplier is itself a Certified Minority, Woman, Service Disabled Veteran and
Person with Disability Owned and Controlled Business Enterprises (MWDVBE), as
defined herein, Supplier shall retain its MWDVBE certification through the term
of this Agreement. If there is a change in Supplier’s certification status,
Supplier shall notify Verizon, in writing, within five (5) business days of the
date of such change. If the Supplier is not itself a Certified Minority, Woman,
Service Disabled Veteran and Person with Disability Owned and Controlled
Business Enterprises (MWDVBE), then with respect to the Supplier's compliance
(as the Primary Supplier) with Minority, Woman, Service Disabled Veteran and
Person with Disability-Owned Business Enterprises (MWDVBE) Utilization, Supplier
agrees to maintain a plan to provide opportunities for Certified MWDVBE
suppliers and use 20 Application Service Provider Agreement - Synchronoss and
Verizon Proprietary and Confidential



--------------------------------------------------------------------------------



 
[sncr123117ex12d8025.jpg]
commercially reasonable efforts, to the extent consistent with the terms,
pricing and requirements of any SOW under this Agreement to meet the
requirements set forth in Exhibit E, Compliance with Certified Minority, Woman,
Service- Disabled Veteran and Person with Disability-Owned and Controlled
Business Enterprises (MWDVBE) Utilization. For purposes of this Section, the
definitions set forth in Exhibit E shall apply. For the avoidance of doubt,
failure to meet the requirements set forth in Exhibit E shall not be deemed a
breach of this Agreement, so long as commercially reasonable efforts were made.
13. DELIVERY 13.1 Supplier shall make Services and Software available to Verizon
no later than the date mutually agreed to in the applicable Authorization Letter
(the “Delivery Dates”); provided that if Supplier misses a Delivery Date due to
the failure of Verizon or its agents, representatives or contractors to
reasonably meet express dependencies contained in an applicable Authorization
Letter, the parties will discuss whether such Delivery Date shall be extended
accordingly; provided, however, in each case, Supplier shall have no liability
for such delay in the event such Delivery Date is missed due to such Verizon
failure. Notwithstanding such Delivery Dates, Verizon shall have the right to
determine the Commercial Service Date for a Data Service in its sole discretion.
13.2 Packaging Software (where delivery in other than electronic format is
specified in an Authorization Letter) shall be packaged for shipment, at no
additional charge, in commercially suitable containers, consistent with all
applicable laws that provide protection against damage during the shipment,
handling and storage of the Software as specified in an Authorization Letter.
13.3 Risk of Loss Supplier shall bear the risk of loss of or damage to the
Software until receipt of such Software specified in an Authorization Letter.
Supplier shall promptly replace such Software when media on which it is shipped
is lost or damaged at no additional charge. 14. TESTING, EVALUATION AND APPROVAL
14.1 Acceptance 14.1.1 All Software and Services shall be subject to inspection
and Acceptance by Verizon after delivery of the Software and/or Services to
determine conformity with this Agreement, the applicable Authorization Letter
and Service Requirements, as applicable, and any applicable criteria for
Acceptance. If delivery of Software will be made in a series of deliverables
based on Milestones, then each such deliverable shall be inspected and Accepted
individually, and the procedures, obligations and other terms of this Section
shall apply to each deliverable. Inspection or failure to inspect on any
occasion shall not affect Verizon’s rights under the warranty provisions of this
Agreement or any other rights or remedies available to Verizon. Verizon’s right
to inspect and test does not relieve 21 Application Service Provider Agreement -
Synchronoss and Verizon Proprietary and Confidential



--------------------------------------------------------------------------------



 
[sncr123117ex12d8026.jpg]
Supplier from its testing, inspection and quality control obligations. Unless an
alternative Acceptance mechanism or deemed Acceptance procedure is specified in
an Authorization Letter and except as provided under Section 14.1.5, Statement
of Work or elsewhere in this Agreement, Software and Services shall not be
deemed Accepted unless such Acceptance is in writing. 14.1.2 Except as set forth
in an Authorization Letter, Verizon shall have a period of **** following
delivery of the Software and/or Service within which to test the Software and/or
Service for conformity with this Agreement, the applicable Authorization Letter
and Verizon Service Requirements, as applicable, and any applicable criteria for
Acceptance. If the Software and/or Service fails to so conform, Verizon may,
provide written notice (email shall be acceptable for this purpose) to Supplier
rejecting such Software and/or Service. Following such notification, Supplier
shall use commercial reasonable efforts, within ****, at Supplier's risk and
expense, to correct all deficiencies by repairing or replacing any
non-conforming Software. If, after the cure period, the Software and/or Service
still fails to perform in accordance with the applicable criteria for Acceptance
and Supplier is not able to correct such deficiency, it shall require that
Verizon return the impacted Software and/or Service to Supplier at Supplier’s
expense. 14.1.3 If such Software and/or Service is rejected above, any one-time
amounts paid to Supplier by Verizon specifically for the impacted Software
release and/or Service milestone shall be refunded to Verizon within **** after
return of the impacted Software and/or Service; provided, however, in no event
shall this provision apply to a refund of any transaction fees related to the
Platform. The purchase price for such Software and/or Service also shall be
credited against any future volume commitments or applied for evaluation of
attainment of volume discounts under this Agreement applicable to such Software
and/or Service. 14.1.4 Verizon has the right to subject the initial release of
the Software and/or Service, and each subsequent Software release containing new
functionality or enhancements intended for commercial production, to an
operational soak period as part of the Acceptance testing. Soak period means
using the Software and/or Service in a productive operation mode for ****. If
the Software and/or Service does not perform according to the Service
Requirements during the soak period, Supplier, at no additional charge, shall
provide technical support personnel, to perform tuning services in order to meet
the Service Requirements. If such tuning efforts are unsuccessful (i.e., the
Software or Service will not perform to Service Requirements) after a reasonable
period of time, in addition to its other remedies at law, equity or under this
Agreement, (i) Verizon may return the Software release which was subjected to
the soak period, and Supplier shall refund all monies paid for the applicable
Software or Service release that was subjected to the soak period (provided,
however, in no event shall this provision apply to a refund of any transaction
fees related to the Platform) or (ii) Verizon, retaining all rights and remedies
including those under (i), may extend the soak period 22 Application Service
Provider Agreement - Synchronoss and Verizon Proprietary and Confidential
****CERTAIN INFORMATION HAS BEEN OMITTED AND FILED SEPARATELY WITH THE
COMMISSION. CONFIDENTIAL TREATMENT HAS BEEN REQUESTED WITH RESPECT TO THE
OMITTED PORTIONS



--------------------------------------------------------------------------------



 
[sncr123117ex12d8027.jpg]
and tuning-related services until such time as Verizon agrees is required for
the Software and/or Service, as the case may be, to meet the Service
Requirements. 14.1.5 If the Software and/or Service successfully passes
Acceptance testing (including the operational soak period) Verizon shall timely
issue its written notice that the Software and/or Service has successfully
completed such test procedures and Acceptance; provided, however if no notice is
provided by Verizon within the applicable period, such Software and/or Service
shall be deemed accepted. 14.2 Nonconformance After Commercial Service Date
After Commercial Service Date and Acceptance, if a Service or Software does not
conform to the Service Requirements, Verizon shall be entitled to the remedies
set forth in the applicable Service Level Agreement. 15. REPRESENTATIONS AND
WARRANTIES Supplier represents and warrants that: 15.1 In performing Services
and providing Software, Supplier will comply with the descriptions and
representations which appear herein and in the applicable Service Requirements
which shall include, with respect to any Apps, the App Store Developer Agreement
applicable with respect to such App. Without limiting the preceding sentence, or
the applicable Service Level Agreement, Supplier agrees to disclose and report
all Unscheduled Outages, as defined in the applicable Service Level Agreement,
in accordance with such Service Level Agreement and acknowledges that its
failure to do so may degrade service that Verizon may be obligated to provide
Subscribers, may cause adverse publicity regarding the Verizon Service, or
jeopardize the security of the Verizon Network. 15.2 Its employees will perform
Services in accordance with all applicable laws, codes, ordinances, orders,
rules and regulations of local, state, and federal governments and agencies and
instrumentalities, including, but not limited to, applicable wage and hour,
economic and trade sanctions, bribery of foreign officials, safety and
environmental laws, and all applicable standards and regulations of appropriate
regulatory commissions and similar agencies. 15.3 All Services and Software
furnished by Supplier shall be performed and provided (i) in a diligent,
efficient and skillful manner, and (ii) in accordance with industry standards in
the field. 15.4 All Software and Custom Software furnished by Supplier shall be
free of Errors for a period of **** (or such greater period referenced in an
Authorization Letter) following Acceptance of such Software or Custom Software.
If within **** (or such aforementioned greater period) from the Acceptance of
Software and/or Custom Software any Error exists or arises, then, in each such
case, upon receipt of written notice of such Error from Verizon, Supplier will
use commercial reasonable efforts to repair or remedy such Error at Supplier's
sole cost and expense 23 Application Service Provider Agreement - Synchronoss
and Verizon Proprietary and Confidential ****CERTAIN INFORMATION HAS BEEN
OMITTED AND FILED SEPARATELY WITH THE COMMISSION. CONFIDENTIAL TREATMENT HAS
BEEN REQUESTED WITH RESPECT TO THE OMITTED PORTIONS



--------------------------------------------------------------------------------



 
[sncr123117ex12d8028.jpg]
15.5 Supplier, including its employees, agents and contractors, has obtained and
will maintain for the Term of this Agreement, any Permits (as such term is
defined in Section 30) reasonably necessary for the performance of Services.
15.6 Supplier owns the Software and Background Materials (other than third party
components of the Software) and has the right to license the same to Verizon
under the terms of this Agreement. As to Software and Background Materials to
which Supplier does not have title, Supplier represents and warrants that it has
rights in the Software and Background Materials sufficient to permit the license
of the Software to Verizon and that Software has full right, power and authority
to license the Software and Background Materials and other rights granted
hereunder to Verizon. 15.7 Services and Software provided or performed by
Supplier under this Agreement do not and will not give rise to or result in any
infringement or misappropriation of any third party patent, copyright, trade
secret, or any violation of any other intellectual property right of any third
party. 15.8 Forward and Backward Compatibility Except as set forth in an
Authorization Letter, Supplier represents and warrants that, for a period of
**** following the commercial release of any new supported Wireless Device (such
timeframe with respect to each release, the “Rolling Window”), new versions of
Software other than Custom Software with respect to which Verizon has waived in
writing Supplier’s obligations under this Section 15.8 (Verizon acknowledges
that execution of an SOW that expressly excludes support for Custom Software
shall be deemed such waiver and Custom Software may require additional fees to
maintain compatibility as provided in an applicable Authorization Letter), shall
be forward and backward compatible, contain materially similar functionality to
and be substantially compatible with such Wireless Device and their operating
environment(s). If set forth in an Authorization Letter, new versions of
Software, that do not otherwise compromise or break the functionality of the
Software on Wireless Devices released prior to the Rolling Window, are not
required to incorporate all new incremental feature enhancements contained in
such new Software release. The Rolling Window shall apply to any Wireless Device
commercially released after **** and supported by the Platform. In the event
Supplier deploys a server side Software change that causes Supplier to breach
the above warranty in this Section 15.8 with respect to Wireless Device client
Software, Supplier shall upgrade the Software used on the affected Wireless
Device at no additional fee, provided Verizon is current on its Maintenance
payments. 15.9 No Viruses 15.9.1 Supplier represents and warrants to Verizon
that Software does not contain or will not contain any Self-Help Code or any
Unauthorized Code. Supplier shall remove promptly any such Self-Help Code or
Unauthorized Code in the Software of which it is notified or may discover.
15.9.2 Supplier also represents and warrants that there are no copy protections
or similar mechanisms within the Software, which will, either now or in the 24
Application Service Provider Agreement - Synchronoss and Verizon Proprietary and
Confidential ****CERTAIN INFORMATION HAS BEEN OMITTED AND FILED SEPARATELY WITH
THE COMMISSION. CONFIDENTIAL TREATMENT HAS BEEN REQUESTED WITH RESPECT TO THE
OMITTED PORTIONS



--------------------------------------------------------------------------------



 
[sncr123117ex12d8029.jpg]
future, interfere with the grants made in this Agreement. Furthermore, Supplier
represents and warrants that unless otherwise noted in the applicable
Documentation or (a) requested in writing by Verizon and Verizon approves
Supplier’s response, or (b) Supplier advises Verizon in writing that it is
necessary to perform valid duties under this Agreement and authorized in writing
by Verizon, Software shall not: (i) contain hidden malicious files; (ii)
replicate, transmit or activate itself without control of an authorized person
operating computer equipment on which it resides; (iii) alter, damage or erase
any data or computer programs without control of an authorized person operating
the computer equipment on which it resides; and (iv) contain no encrypted
imbedded key, node lock, time out or other function, whether implemented by
electronic, mechanical or other means, which restricts or may restrict Use or
access to any programs or data developed under this Agreement, based on
residency on a specific hardware configuration, frequency or duration of Use, or
other limiting criteria (collectively “Illicit Code”). Should any Software be
found by Verizon or Supplier to contain Illicit Code, Supplier shall immediately
commence the removal, at Supplier’s sole cost, of such Illicit Code.
Notwithstanding anything elsewhere in this Agreement to the contrary, In the
event that Verizon or any Subscriber has been damaged in any material respect by
the access or use of such Illicit Code, or if Supplier activates such Illicit
Code at any time, Supplier shall be in default of this Agreement, and no cure
period shall apply. It is agreed that a breach of the above representation and
warranty may cause irreparable harm and injury and Verizon shall be entitled, in
addition to any other rights and remedies it may have at law or in equity, to
seek an injunction enjoining and restraining Supplier from doing or continuing
to do any such act and any other violations or threatened violations of the
Agreement. In addition to any other remedies available to it under this
Agreement, Verizon reserves the right to pursue any civil and/or criminal
penalties available to it against the Supplier. 15.10 Offshore Restrictions
15.10.1 Except with Verizon’s advance written consent, in no event shall
Confidential Information regarding or pertaining to Verizon’s systems,
infrastructure, employees, or customers be stored, transmitted, or accessed at,
in, through or from a site located outside the United States nor made available
to any person who is located outside the United States unless such Confidential
Information relates solely, directly and independently (i) to Verizon employees
or customers located outside of the United States, or (ii) to voice or data
communications of Verizon or its customers that originate and terminate outside
the United States, or (iii) to Verizon systems and/or infrastructure dedicated
to the provision of Verizon’s voice or data services outside the United States
or, (iv) to be otherwise necessary for storage or access outside the United
States in connection with security, back-up, disaster recovery, or related
purposes as required by Verizon services specifications, security and/or
technical requirements. This subsection shall not apply to Verizon Wireless
Customer Data which shall be solely governed by the provisions of Subsection
15.10.3. 25 Application Service Provider Agreement - Synchronoss and Verizon
Proprietary and Confidential



--------------------------------------------------------------------------------



 
[sncr123117ex12d8030.jpg]
15.10.2 Exceptions to 15.10.1 above will be granted, in Verizon’s sole
discretion, (i) in writing; (ii) on a project-specific or statement-of-work-
specific basis; (iii) following a review of the particular project or statement
of work in accordance with the policies of the relevant Verizon business unit
governing the placement of work with resources located outside the United
States; (iv) subject to any conditions imposed by Verizon on the access to
systems or data by such resources as a result of such review; and (v) in advance
of the commencement of any work by such resources on the relevant project or
statement of work. 15.10.3 Notwithstanding subsection 15.10.1and 15.10.2 above,
unless Supplier secures Verizon Wireless’ further, prior written consent, in no
event (i) shall Supplier provide, direct, control, supervise, or manage any
voice or data communication of Verizon Wireless customers that occurs between
United States locations (or the United States portion of any international
communication that may originate or terminate within the United States) from a
location outside of the United States, nor (ii) shall Verizon Wireless Customer
Data be stored, transmitted, or accessed by Supplier, from, at, in, or through a
site located outside the United Stated without Verizon Wireless’ prior written
consent. “Verizon Wireless Customer Data” shall include (a) any subscriber
information, including, without limitation, name, address, telephone phone
number or other personal information of the Verizon Wireless subscriber; (b) any
call- associated data, including without limitation, the telephone number,
internet address or other similar identifying designator associated with a
communication; (c) any billing records; (d) the time, date, size, duration of a
communication or physical location of equipment used in connection with a
communication; or (e) the content of any Verizon Wireless customer
communication. This section is not intended to limit Subscriber’s access to Data
Services from outside of the United States as permitted pursuant to Section
10.5, and Supplier shall not be in breach of this Section due to such permitted
international roaming by Subscribers. 15.10.4 Nothing in this Section is
intended to nor shall it operate in derogation of any requirement imposed on
Verizon by a governmental body or agency outside the United States. 15.11
Supplier shall remove from the project, at Verizon’s request, any person
furnished by Supplier who, in Verizon’s reasonable opinion, is incapable,
uncooperative or otherwise unacceptable in the execution of the services to be
provided under this Agreement; provided compliance with such request does not
violate any law or regulation. 15.12 Warranty Disclaimer. EXCEPT FOR THOSE
WARRANTIES EXPRESSLY STATED IN THE AGREEMENT OR APPLICABLE AUTHORIZATION LETTER,
SUPPLIER HEREBY DISCLAIMS ALL OTHER WARRANTIES, WHETHER EXPRESS OR IMPLIED, ORAL
OR WRITTEN, WITH RESPECT TO THE PLATFORM, SOFTWARE AND SERVICES INCLUDING,
WITHOUT LIMITATION, ALL 26 Application Service Provider Agreement - Synchronoss
and Verizon Proprietary and Confidential



--------------------------------------------------------------------------------



 
[sncr123117ex12d8031.jpg]
IMPLIED WARRANTIES OF TITLE, NON-INFRINGEMENT, QUIET ENJOYMENT, ACCURACY,
INTEGRATION, MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE AND ALL
WARRANTIES ARISING FROM ANY COURSE OF DEALING, COURSE OF PERFORMANCE OR USAGE OF
TRADE. 16. ESCROW 16.1 Maintenance of Escrow Agreement. Promptly after the
Effective Date, Supplier shall enter into an Escrow Agreement with an escrow
agent approved by Verizon in writing (the “Escrow Agent”) to secure Verizon’s
rights hereunder and to be effective as of the Effective Date (the “Escrow
Agreement”), such Escrow Agreement to be approved by Verizon. The Escrow
Agreement shall be an agreement separate from, but supplemental to, this
Agreement. Such Escrow Agreement shall be established and maintained for the
benefit of Verizon and its Affiliates, and should such Escrow Agreement
terminate or otherwise expire during the Term, the Parties shall immediately
enter into a new Escrow Agreement with an independent escrow agent mutually
satisfactory to Supplier and Verizon in accordance with the provisions of this
Section 16. 16.2 Escrow Deposits. Upon execution of the Escrow Agreement,
Supplier shall deposit copies of the then-current Escrow Materials to the escrow
service provider, subject to the terms and conditions of the Escrow Agreement,
which deposit shall be promptly and routinely supplemented by Supplier and
otherwise kept current so as to accurately reflect the Source Code for the then
current version of the Software under license to Verizon (including Releases or
Updates provided to Verizon hereunder as well as any other material upgrade or
modification of or enhancement thereto), and the same shall be part of the
Escrow Materials. Supplier shall designate a mutually acceptable neutral third
party who, at the expense and request of Verizon made from time to time, shall
audit the materials deposited with the escrow agent for purposes of determining
whether Supplier has fulfilled its deposit obligations. Supplier will promptly
correct any deficiency disclosed by the audit. 16.3 Release Conditions. Release
of the Escrow Materials to Verizon shall be granted on the terms and conditions
(including for notice and redeposit) set forth in the Escrow Agreement and as
otherwise set forth herein, but in any event whenever: 16.3.1 Supplier indicates
to Verizon that it is reasonably likely to materially breach this Agreement with
respect to the continued provision of Maintenance Services or other maintenance
and/or support expressly required by this Agreement and the same is not remedied
within **** after written notice from Verizon; 16.3.2 Supplier applies for or
consents to the appointment of or the taking of possession by a receiver,
custodian, trustee or liquidator of itself or of all 27 Application Service
Provider Agreement - Synchronoss and Verizon Proprietary and Confidential
****CERTAIN INFORMATION HAS BEEN OMITTED AND FILED SEPARATELY WITH THE
COMMISSION. CONFIDENTIAL TREATMENT HAS BEEN REQUESTED WITH RESPECT TO THE
OMITTED PORTIONS



--------------------------------------------------------------------------------



 
[sncr123117ex12d8032.jpg]
or a substantial part of its property; makes a general assignment for the
benefit of creditors; commences a voluntary case under the Federal Bankruptcy
Code or fails to contest in a timely or appropriate manner or acquiesces in
writing to any petition filed against it in an involuntary case under such
Bankruptcy Code or any application filed against it for the appointment of a
receiver, custodian or trustee or for the reorganization, dissolution or
liquidation of itself or all or a substantial part of its property. 16.4
License. Unless other release license rights are specified in an applicable
Authorization Letter, in the event of a release of the Escrow Materials to
Verizon pursuant to the Escrow Agreement, Supplier shall be deemed to have
granted to Verizon a non-transferable, non-exclusive, perpetual, irrevocable,
enterprise wide, worldwide license and right to Use and modify the released
Software and Source Materials and to create derivative works thereof under the
terms and conditions of this Agreement solely to continue to support the
Software consistent with the Maintenance and Support provided under this
Agreement, subject to Verizon’s payment of the applicable fees set forth below.
The Parties agree that any use by Verizon of any Escrow Materials pursuant to
this Agreement and/or any Escrow Agreement will be subject to (a) payment by
Verizon of any License Fees set forth in an Authorization Letter less the
component of such fees attributable to maintenance and support equal to **** of
such License Fees plus an amount attributable to added requirements of Verizon
equal to **** of such License Fees (collectively a reduction of **** of such
License Fees) and (b) all of the terms, restrictions and conditions of the
Agreement, as amended and the following conditions and obligations: Verizon will
(i) treat the source code (and those Escrow Materials that would otherwise be
Confidential Information) as Confidential Information; (ii) use password
protection to limit access to source code to authorized employees, agents and
contractors of Verizon who require access to perform their duties under this
Agreement, as amended; and (iii) make no copies of the source code in
machine-readable or human-readable form except as reasonably required to perform
the activities permitted under this Agreement. Upon such Release Condition,
Supplier shall have no further obligation for maintenance and support of such
Software or providing Hosting Services. Notwithstanding the foregoing, the fees
set forth in (a) above for use of the Escrow Materials shall not apply in the
event of a termination of this Agreement by Verizon due to a material breach by
Supplier. Should Verizon’s Use of the Source Materials involve Use or copying of
copyrighted material or the practice of any invention covered by a patent,
Supplier shall not assert such copyright, patent or other right in intellectual
property against Verizon. 16.5 Bankruptcy. The obligations of Supplier under
this Section 16 (Source Code Escrow) shall extend to any trustee in bankruptcy,
receiver, administrator or liquidator appointed for Supplier, to Supplier as
debtor-in-possession (collectively, the “Trustee”) and to any other successor in
interest to Supplier. Without limiting the generality of the foregoing, upon
written request of Verizon, Supplier shall not interfere with the rights of
Verizon as provided in this Agreement or the Escrow 28 Application Service
Provider Agreement - Synchronoss and Verizon Proprietary and Confidential
****CERTAIN INFORMATION HAS BEEN OMITTED AND FILED SEPARATELY WITH THE
COMMISSION. CONFIDENTIAL TREATMENT HAS BEEN REQUESTED WITH RESPECT TO THE
OMITTED PORTIONS



--------------------------------------------------------------------------------



 
[sncr123117ex12d8033.jpg]
Agreement to obtain the Escrow Materials from the Trustee, the escrowee or any
other person or entity having possession thereof, and shall, if requested under
the conditions specified in the Escrow Agreement for release of the Escrow
Materials, cause a copy of such Escrow Materials to be made available to
Verizon. Notwithstanding anything in this Agreement to the contrary, Verizon
reserves all rights available to it under Section 365(n) of the Federal
Bankruptcy Code, 11 U.S.C. § 365(n) or any equivalent or successor provision
thereto and such rights as may be available under other applicable laws. 16.6
Dispute Resolution. Supplier may dispute in good faith the existence of the
release conditions described in Section 16.3 and such disputes will be subject
to final and binding arbitration by a three-arbitrator panel wherein each party
shall select an arbitrator, and those two arbitrators shall jointly select a
third, and the panel’s written decision must be provided within **** of the date
such arbitration claim is submitted. The panel will be required to furnish,
promptly upon conclusion of the arbitration, a written decision, setting out the
reasons for the decision. The arbitration decision will be final and binding on
the Parties, and the decision may be enforced by either Party in any court of
competent jurisdiction. The arbitration will be conducted in New York, NY under
the then current Commercial Dispute Resolution procedures of the American
Arbitration Association ("AAA"). Each Party will bear its own expenses and an
equal share of the expenses of the third arbitrator and the fees, if any, of the
AAA, unless the arbitrator rules otherwise as detailed above. The effectiveness
of the license described in Section 16.4 (and any release of the Escrow
Materials) shall be delayed until such disputes are resolved in Verizon’s favor
by the arbitrator/panel. 16.7 Survival. The obligations set forth in this
Section shall survive and remain in effect until the later of (i) all
obligations of Supplier to provide maintenance and support for the Software to
Verizon, including to provide Maintenance Services, whether pursuant to this
Agreement or after the expiration or termination of this Agreement, or (ii)
termination or expiration of any separate agreement between the Parties with
respect to maintenance and support for the Software. 16.8 Definitions. For
purposes of this Section 16: 17.6.1 “Escrow Agreement” means an agreement
executed by Supplier and Verizon which is separate from, but supplemental to,
this Agreement and which sets forth the terms and conditions governing release
of the Escrow Materials to Verizon. 16.8.2 “Escrow Materials” means the
then-current Source Code for the Software,, all tools and other software
required to translate or convert the deposited Source Code to executable code
(e.g. software compilers, linkers, assemblers, translators and interpreters)
that are not readily 29 Application Service Provider Agreement - Synchronoss and
Verizon Proprietary and Confidential ****CERTAIN INFORMATION HAS BEEN OMITTED
AND FILED SEPARATELY WITH THE COMMISSION. CONFIDENTIAL TREATMENT HAS BEEN
REQUESTED WITH RESPECT TO THE OMITTED PORTIONS



--------------------------------------------------------------------------------



 
[sncr123117ex12d8034.jpg]
available to Verizon commercially off- the-shelf, and any Custom Software
obtained through this Agreement. 17. TERMINATION 17.1 Supplier shall be in
default if Supplier fails to perform any of its material obligations under this
Agreement , and such failure to perform shall continue for a period of ****
after Supplier's receipt of Verizon's written notice thereof, then, in addition
to all other rights and remedies under this Agreement at law or in equity or
otherwise, Verizon shall have the right, upon written notice, to immediately
cancel any or all affected Orders or, at Verizon’s option, to terminate this
Agreement, without any obligation or liability to Supplier for said termination
or cancellation. 17.2 This Agreement may additionally be terminated, by written
notice only, as follows: 17.2.1 Unless otherwise expressly provided in such
Authorization Letter, Verizon may terminate any or all Authorization Letters
issued hereunder without cause, effective upon **** notice, upon written notice
to Supplier and, in such event, Supplier shall receive payment only in
accordance with Section 17.4 hereof. 17.2.2 Supplier may terminate any affected
Authorization Letter if Verizon fails to make timely payments of those portions
of invoices that are not disputed in good faith as required hereunder, and any
such failure is not remedied within **** after receipt of written notice by
Supplier stating its intention to terminate such Authorization Letter. 17.2.3 By
either party, effective immediately, upon written notice to the other party, if
any of the following events occurs: 17.2.3.1 The other party files a voluntary
petition in bankruptcy. 17.2.3.2 The other party is adjudged bankrupt. 17.2.3.3
A court assumes jurisdiction of the assets of the other party under a federal
reorganization act. 17.2.3.4 A trustee or receiver is appointed by a court for
all or a substantial portion of the assets of the other party. 17.2.3.5 The
other party becomes insolvent or suspends its business. 17.2.3.6 The other party
makes an assignment of its assets for the benefit of its creditors except as
required in the ordinary course of business. 17.3 Upon termination of this
Agreement, Supplier shall deliver to Verizon, and Verizon shall own, all Custom
Software and Paid Work Product created by 30 Application Service Provider
Agreement - Synchronoss and Verizon Proprietary and Confidential ****CERTAIN
INFORMATION HAS BEEN OMITTED AND FILED SEPARATELY WITH THE COMMISSION.
CONFIDENTIAL TREATMENT HAS BEEN REQUESTED WITH RESPECT TO THE OMITTED PORTIONS



--------------------------------------------------------------------------------



 
[sncr123117ex12d8035.jpg]
Supplier (subject to any Background Materials of Supplier incorporated therein)
at and prior to the time of such termination to the extent owned by Verizon
under this Agreement or any Authorization Letter and paid for by Verizon,
including source code and Documentation, whether or not completed. Supplier also
shall deliver to Verizon all Background Materials incorporated in such Custom
Software or Paid Work Product not then in the possession of Verizon; but in no
event shall Verizon’s rights to any Background Materials be deemed to permit
Verizon to access the Platform operated by Supplier after such termination
(subject to Section 17.6). Supplier shall, except as required by law or this
Agreement, also return to Verizon all Verizon Confidential Information and
Verizon will return to Supplier all Supplier Confidential Information. 17.4
Effect of Termination. Upon termination of this Agreement by Verizon for
convenience, Supplier shall immediately curtail all activities hereunder upon
the effective date set forth in the notice of such termination. Upon such
termination, Verizon’s sole liability to Supplier will be the payment of (i) all
amounts due for Services satisfactorily performed up to the effective date of
termination, (ii) any termination fees or other charges set forth in an
Authorization Letter and (iii) respecting Development Services, all amounts due
Supplier for Software Milestones or work Accepted before the date of
termination, plus payment for the next uncompleted Milestone on a time and
materials basis based on number of hours worked (no hours prior to the execution
of such Authorization Letter shall be included) multiplied by $****, capped at
**** of the payment due for such Milestone under the applicable Authorization
Letter; provided, however, in the event an Authorization Letter includes
termination fees or charges, such stated termination fees or charges shall be in
lieu of any other partial payments . Except as set forth above, in no event will
Verizon be liable to Supplier either for compensation or for damages of any kind
or character whatsoever, whether on account of the loss by Supplier of present
or prospective profits on sales or anticipated sales, or expenditures,
investments or commitments, made in connection with the establishment,
development or maintenance of Supplier’s business, or on account of any other
cause or thing whatsoever 17.5 Effect on Licenses. In no event shall termination
of this Agreement (other than by Supplier pursuant to Section 17.2.2) impair
Verizon’s right, title and interest to Custom Software or Paid Work Product
acquired and paid for by Verizon, or other Supplier materials (including
Background Materials or Supplier-retained Work Product) that are licensed on a
perpetual, irrevocable or post-termination basis hereunder. The irrevocable
nature of paid-for such licenses shall not preclude Supplier from seeking
injunctive relief to prevent the reoccurrence or continuing of a breach of this
Agreement by Verizon but such injunction may not restrict or limit Verizon’s use
of the Custom Software or Paid Work Product within the scope of the license
granted herein provided Verizon has fully paid for such Custom Software or Paid
Work Product. 17.6 Upon expiration and/or termination of this Agreement or any
Authorization Letter for any reason (except for termination by Supplier
resulting from breach by Verizon under Section 17.2.2, in which case Supplier
may demand prepayment for such services and any other amounts due hereunder),
and at the request of Verizon, Supplier shall (a) for a period not to exceed
**** after the date of termination (the “Transition Period”), continue to
provide 31 Application Service Provider Agreement - Synchronoss and Verizon
Proprietary and Confidential ****CERTAIN INFORMATION HAS BEEN OMITTED AND FILED
SEPARATELY WITH THE COMMISSION. CONFIDENTIAL TREATMENT HAS BEEN REQUESTED WITH
RESPECT TO THE OMITTED PORTIONS



--------------------------------------------------------------------------------



 
[sncr123117ex12d8036.jpg]
Services and Software to enable Verizon to utilize its Data Service (subject to
the continued payment of undisputed payments by Verizon pursuant to the terms of
this Agreement or as otherwise agreed by the parties) and (b) use reasonable
efforts to assist Verizon to ensure a seamless migration without interruption to
Subscribers (collectively, the “Transition Services”) on mutually agreed pricing
and other terms but in no event shall Supplier be required under this subsection
(b) to license its Platform to Verizon or such third party as part of the
Transition Services. Without limiting the foregoing obligations, to the extent
that any services are required, in addition to and beyond the scope of the
Transition Services, to effect such transition to Verizon or another application
service provider, the parties will mutually agree upon further terms (including
fees) regarding the scope and schedule of such additional services. If Verizon
does not request Transition Services, Supplier will cease providing the
Service(s) at the time termination becomes effective. 17.7 The foregoing rights
are in addition to, and not in limitation of, any other remedy a party may have
at law or equity. 18. INFRINGEMENT 18.1 Supplier shall indemnify, defend and
hold harmless Verizon, its parents, subsidiaries and Affiliates, its OEMs
(subject to the limitations in Section 18.5) and its and their respective
directors, officers, employees, agents, successors and assigns ("IP Indemnified
Parties") from and against any claims, demands, lawsuits, liabilities, loss,
cost or expenses (including, but not limited to, reasonable fees and
disbursements of counsel and court costs), judgments, settlements and penalties
of every kind ("IP Claims") arising from or relating to any actual or alleged
infringement or misappropriation of any patent, trademark, copyright, trade
secret or any actual or alleged violation of any other intellectual property or
proprietary rights arising from or in connection with the Services (including
related products furnished hereunder by Supplier) or Software provided under
this Agreement. Notwithstanding anything to the contrary contained in this
Agreement (including, but not limited to, Section 1), the provisions of this
Section 8, shall govern the rights of Indemnified Parties with respect to
indemnification for IP Claims. 18.2 The procedures, limitations and restrictions
set forth in Section 31 (Indemnification) shall apply in the case of IP Claims
hereunder. 18.3 Without limitation of Sections 18.1 and 18.2, if sale, use or if
applicable, distribution, of the products or Services becomes subject to an IP
Claim, Supplier shall, at Supplier’s option and Supplier’s expense: 18.3.1
Procure for Verizon the right to use the Services or Software (including related
products furnished hereunder); 18.3.2 If 18.3.1 is not possible modify the
Services or Software (including related products furnished hereunder) so they
become non-infringing; 32 Application Service Provider Agreement - Synchronoss
and Verizon Proprietary and Confidential



--------------------------------------------------------------------------------



 
[sncr123117ex12d8037.jpg]
18.3.3 If neither 18.3.1 or 18.3.2 is possible replace the Services or Software
(including related products furnished hereunder) with substantially equivalent,
non-infringing products and/or Services; or 18.3.4 If none of the above, are
commercially feasible (for the purposes of this Section 18.3.4, the cost of the
remedy shall be deemed “commercially feasible” if the costs of implementation
thereof are less than the amount paid by Verizon to Supplier hereunder during
the prior twelve months prior to such date for such impacted Service or
Software), Supplier shall terminate the Services or Software (including related
products furnished hereunder) and refund the purchase price paid therefor. 18.4
Exclusions. The obligations under Section 18.1 shall not apply with respect to
any claim based upon (i) any use of the Software or Services not in accordance
with this Agreement or the applicable Application Letter, if such infringement
results solely from such use not in accordance with this Agreement or the
applicable Application Letter, (ii) use of any Software or Services in an
application or environment or on a platform or with devices for which it was not
designed or contemplated in a Specification or Authorization Letter or otherwise
authorized by Supplier, (iii) alterations, modifications or enhancements of the
Software not created by or on behalf of Supplier where the unmodified Software
would have avoided the claim; (v) combination of Software with software or other
materials not provided or specified by or through Supplier, where the
combination itself causes the infringement; (v); that portion of any Software
which implements an IP Indemnified Party's (including an OEM’s) requirements
where there was no non-infringing way to implement such requirement or (iv) IP
Indemnified Party's continuing allegedly infringing activity after a reasonable
period (which shall in no event be less than **** with respect to claims
regarding Apps, and **** for all other claims) after being provided without
charge Software modifications (without degradation of function or performance)
that would have avoided the alleged infringement. 18.5 The indemnification
obligations directly in favor of OEMs shall only apply where the Supplier’s
technology has been pre-loaded on to such OEM’s device by mutual agreement.
Further, for the avoidance of doubt, Supplier acknowledges and agrees that each
OEM is an intended third party beneficiary of the indemnification obligations
hereunder and, provided such OEM (as a precondition) makes no voluntary
admission in respect of any IP Claim, grants to Supplier the exclusive right to
defend and settle any IP Claim and affords such assistance to Supplier (at
Supplier's cost) in the defense and settlement of such IP Claim as Supplier may
reasonably require, then OEM shall be entitled to enforce this indemnity
directly against Supplier. 19. CONFIDENTIAL INFORMATION The non-disclosure
provisions set forth as Exhibit F shall apply to this Agreement. 33 Application
Service Provider Agreement - Synchronoss and Verizon Proprietary and
Confidential ****CERTAIN INFORMATION HAS BEEN OMITTED AND FILED SEPARATELY WITH
THE COMMISSION. CONFIDENTIAL TREATMENT HAS BEEN REQUESTED WITH RESPECT TO THE
OMITTED PORTIONS



--------------------------------------------------------------------------------



 
[sncr123117ex12d8038.jpg]
20. OWNERSHIP 20.1 Retention of Title by Verizon 20.1.1 Title to all materials
and property Verizon provides to Supplier in connection with this Agreement
shall remain in Verizon or, if applicable, its licensors or lessors. Without
limitation of the foregoing, all Verizon Content, all Subscriber Data, all Usage
Data, all Web Site style and design guides provided by Verizon, all Verizon
Trademarks, and any alterations and/or modifications to the foregoing shall be
and remain the proprietary information of Verizon, or, as the case may be, its
Content Providers, its Subscribers or other third parties having rights therein.
20.1.2 Any materials or property Verizon provides Supplier, and any materials or
property of Verizon or its Subscribers or Indirect Channel Entities that
otherwise comes into Supplier’s possession or control in connection with a Data
Service under this Agreement shall be used only in the performance of this
Agreement, unless otherwise authorized in writing by Verizon. Supplier shall
adequately protect all such material and property, and shall deliver or return
it to Verizon or otherwise dispose of such individual and property as directed
by Verizon. Supplier shall be responsible for any loss of or damage to tangible
materials or tangible property owned by Verizon, or its licensors or lessors
while in Supplier's possession or control. 20.2 Ownership Rights 20.2.1 The
Platform and Background Materials (and any corrections, enhancements or
modifications thereto but excluding Custom Software or Paid Work Product) shall
be owned by Supplier. 20.2.2 For the purposes of this Agreement, “Work Product”
shall mean all designs, models, prototypes, drawings, data storage media,
listings, deliverables, technical data, inventions, improvements, discoveries,
computer software (including firmware), and other forms of technology or
intellectual property made, conceived, developed or actually or constructively
reduced to practice by Supplier in connection with or pursuant to the terms and
conditions of this Agreement, whether solely or jointly with others, and which
are associated with, refer to, are suggested by, or result from any services
which Supplier may perform pursuant to this Agreement, or from any information
obtained by Supplier from Verizon or in discussions and meetings with employees
of Verizon or any of its Affiliates including any reports to be prepared by
Supplier for Verizon under this Agreement. For the avoidance of doubt, Work
Product shall not include the Platform, Background Materials or any
Documentation associated with the foregoing. 20.2.3 Rights in Work Product:
20.2.3.1 Subject to the last sentence of Section 20.2.2, Supplier hereby agrees
that (i) Custom Software, and (ii) other creative 34 Application Service
Provider Agreement - Synchronoss and Verizon Proprietary and Confidential



--------------------------------------------------------------------------------



 
[sncr123117ex12d8039.jpg]
works that VZ specifically pays for and is identified in an Authorization Letter
as a Paid Work Product (“Paid Work Product”), are works made for hire
exclusively for Verizon under the patent or copyright laws of the United States
and shall become and remain the exclusive property of Verizon, and Verizon shall
have the rights to use such for any purpose without any additional compensation
to Supplier. In the event any Custom Software or Paid Work Product produced
under this Agreement shall not be deemed to be a work made for hire exclusively
for Verizon under the patent or copyright laws of the United States, Supplier
hereby grants and assigns to Verizon all right, title and interest in and to
(including the right to reproduce, modify, display, produce derivative works of,
translate, publish, sell, use, dispose of, and to authorize others so to do, and
the right to patent or copyright and to register such patent or copyright in
Verizon’s or its nominee's name) all Custom Software or Paid Work Product,
subject to Section 20.2.1. Supplier further agrees to assist Verizon in every
proper way to protect Custom Software or Paid Work Product, including, but not
limited to, signing patent and copyright applications, oaths or declarations,
and assignments in favor of Verizon relating to the Custom Software or Paid Work
Product, as well as such ancillary and confirmatory documents as may be required
or appropriate to insure that such title is clearly and exclusively vested in
Verizon, within the United States and in any and all foreign countries. Supplier
further agrees to assist and cooperate with all efforts to enforce the rights of
Verizon in such property against any third parties. 20.2.3.2 (a) Ownership of
all Work Product that is not Custom Software or Paid Work Product shall be
retained by Supplier (“Supplier-retained Work Product”). With respect to such
Supplier-retained Work Product, Supplier grants to Verizon a nonexclusive,
perpetual, fully paid up, royalty free, worldwide, irrevocable license under
such Supplier-retained Work Product to make/have made, use, sell, have sold and
otherwise provide Verizon products (through one or more intermediaries) to
Verizon’s end-user customers. For the avoidance of doubt, the foregoing license
rights to Supplier-retained Work Product shall not apply or extend to Verizon a
license to Background Materials or to the Platform. (b) With respect to Custom
Software or Paid Work Product consisting of/including improvements or
enhancements to Supplier’s Background Materials (“Verizon-Owned Improvements to
Background Materials”), such Verizon-Owned Improvements to Background Materials
must be expressly identified as such in the applicable Authorization Letter in
accordance with Section 20.2.6. 20.2.4 Supplier grants to Verizon a
royalty-free, nonexclusive, transferable, sublicensable, and irrevocable license
during the Term to any and all Background Materials which are incorporated in
any Custom Software, 35 Application Service Provider Agreement - Synchronoss and
Verizon Proprietary and Confidential



--------------------------------------------------------------------------------



 
[sncr123117ex12d8040.jpg]
Paid Work Product or other materials licensed to Verizon hereunder (provided,
with respect to such other licensed materials, such license to incorporated
Background Materials shall be coterminous with the license to such other
licensed materials) under this Agreement to Verizon by Supplier, provided that
such license shall only be to the extent that Supplier has, or prior to
completion of final settlement of this Agreement, may acquire, the right to
grant such license without becoming liable to pay compensation to others solely
because of such grant. For the avoidance of doubt, but without limitation of the
foregoing, Supplier retains ownership of all right, title and interest in and
to, including any and all Intellectual Property Rights it may have, in
Background Materials. 20.2.5 Supplier warrants and represents that it has or
will have the right, through written agreements with all employees performing
Services under or in connection with this Agreement, to secure for Verizon the
rights called for in this Section. Further, in the event Supplier uses any
subcontractor, consultant or other third party to perform any of the Services
contracted for by this Agreement, Supplier agrees to enter into such written
agreements with such third party, and to take such other steps as are or may be
reasonably required to secure for Verizon the rights called for in this Section.
20.2.6 Identification Requirements. The parties shall identify Custom Software
and Paid Work Product in each applicable Authorization Letter, which shall
contain the following provisions to state the Parties’ intent as to the use of
such Work Product: “OWNERSHIP OF WORK PRODUCT: For Custom Software, Paid Work
Product or Verizon-Owned Improvements to Background Materials of Supplier:
[LIST/DESCRIBE, IF ANY] CHOOSE 1: (a) Exclusive to Verizon. (b) Non-Exclusive.
Verizon grants to Supplier a nonexclusive, perpetual, fully paid up, royalty
free, worldwide, irrevocable license under such Improvements to Background
Materials to make/have made, use, sell, have sold and otherwise provide Supplier
products (through one or more intermediaries) to Supplier customers. 21.
SUBSCRIBER DATA AND CONTENT 21.1 Subscriber Privacy Supplier shall (i) protect
the privacy of Subscribers to the full extent legally required, (ii) promptly
implement and comply with all policies and practices adopted by Verizon
concerning the collection, storage, or use of Subscriber Data to the extent such
policies have been provided in writing to Supplier and (iii) treat 36
Application Service Provider Agreement - Synchronoss and Verizon Proprietary and
Confidential



--------------------------------------------------------------------------------



 
[sncr123117ex12d8041.jpg]
Subscriber Data as “Confidential Information” in accordance with Section 20 of
this Agreement. As between the Parties, Verizon shall have the sole right to
adopt and communicate to Subscribers statements about and descriptions of such
policies and practices or any breach thereof. 21.2 Ownership of Data As between
Supplier and Verizon, Verizon owns all right, title, and interest, including
copyright and other proprietary rights, in CPNI, Subscriber Data and Usage Data,
whether collected by Verizon or Supplier. 21.3 Use of Data In the event Services
hereunder require Supplier access to and/or use of any CPNI, Subscriber Data or
Usage Data, such shall be used only in the performance of Services hereunder and
only to the extent necessary to provide such Services. Supplier shall have no
right to record, monitor, reproduce, disclose, sub-license, re-sell or otherwise
distribute all or any portion of CPNI, Subscriber Data or Usage Data to any
person in any form or any manner other than as necessary or appropriate in
providing Services hereunder. 21.4 Use of Content Except to the extent required
to meet the Service Requirements, Supplier will not record, monitor or disclose
any Subscriber’s use of any Content unless instructed to do so in writing by
Verizon, or as required by law, regulation, or court order or as necessary to
cooperate with a lawful order or demand of law enforcement officials. 21.5
Certain Confidential Information For greater certainty, and without limiting the
terms of Exhibit F, all CPNI, Subscriber Data and Usage Data shall be
Confidential Information of Verizon under the terms of Exhibit F. 21.6 Return or
Destruction Upon the expiration or earlier termination of this Agreement
Supplier shall deliver to Verizon all copies of Content, CPNI, Subscriber Data
and Usage Data in the possession or control of Supplier and deliver a
certificate of an officer certifying that Supplier has retained no copies
thereof other than copies required to be retained under applicable law.
Alternatively, Verizon shall have the right to instruct Supplier to delete and
destroy, in a nonrecoverable manner, all copies of such information, and to
witness and supervise such deletion and destruction, directly or using
appropriately qualified agents designated by Verizon. Notwithstanding anything
to the contrary in this Agreement or Exhibit F, for so long as any CPNI,
Subscriber Data and Usage Data remains in the possession or control of Supplier,
it shall be deemed “customer information” of Verizon for purposes of Section 2
of Exhibit F. 37 Application Service Provider Agreement - Synchronoss and
Verizon Proprietary and Confidential



--------------------------------------------------------------------------------



 
[sncr123117ex12d8042.jpg]
21.7 No Advertising Except as otherwise provided in an Authorization Letter,
Supplier shall not place or display, allow third parties to place or display, or
otherwise enable or allow transmission to Subscribers via Platform of any
advertisements, announcements, or other messages without the prior written
consent of Verizon. 21.8 Unsolicited Commercial Messages Supplier shall use
commercially reasonable efforts to ensure that no unauthorized third parties are
able to gain access to and/or utilize a Platform to generate and send content of
any kind, including, but not limited to, unsolicited commercial messages. For
purposes of this Section, “commercially reasonable efforts” include, by way of
example and not limitation, the prompt removal by Supplier of any content it
learns violates this Section, with written notice to Verizon of such removal(s).
22. USE OF TRADEMARKS 22.1 Grant to Verizon: Supplier hereby grants Verizon a
non-exclusive, limited- term, non-transferable, revocable right and license to
use, reproduce, publish, perform and display the Supplier Trademarks in
connection with the development, use, reproduction in promotional and marketing
materials, and electronic and printed advertising, publicity, newsletters and
mailings about the Data Services. Verizon hereby acknowledges Supplier's
exclusive ownership of and title to the Supplier Trademarks and the goodwill
attaching thereto. Verizon agrees that the use of Supplier Trademarks will
conform with usage guidelines that Supplier provides in writing to Verizon from
time to time. 22.2 Grant to Supplier. 22.2.1 License. 22.2.1.1 Subject to the
terms and conditions of this Agreement, Verizon hereby grants to Supplier a
limited, nonexclusive, nontransferable, royalty-free right and license to use
the Verizon Marks solely in connection with connection with providing the
Services. 22.2.1.2 Except as provided in 22.2.1.1 above, Supplier shall not use,
nor permit any other person or entity to use, the Verizon Marks in any manner,
including, without limitation, as part of a corporate name, trademark, service
mark, domain name, trade dress or logo. 22.2.1.3 Supplier shall have no right to
grant sublicenses of the Verizon Marks. 22.2.2 Quality Standards. 38 Application
Service Provider Agreement - Synchronoss and Verizon Proprietary and
Confidential



--------------------------------------------------------------------------------



 
[sncr123117ex12d8043.jpg]
22.2.2.1 Supplier agrees that the nature and quality of all use by Supplier of
the Verizon Marks shall conform to such reasonable guidelines and standards as
are provided in writing from time to time by Verizon. 22.2.2.2 Supplier shall
submit to Verizon for review and approval, at least **** prior to proposed use,
all materials, in which the Verizon Marks are used. Subsequent changes to
previously submitted materials still in the approval process will be approved
within ****. Supplier hall not publish, distribute or use any such materials, in
which the Verizon Marks are used without the prior written approval of the
following representative of Verizon: ****, email ****. 22.2.2.3 Notwithstanding
the foregoing, Supplier may designate at the time of submission that the
requested approval is for multiple/repetitive, identical uses on the same
medium. Supplier may request approval for such multiple/repetitive, identical
use for a period not to exceed the end of the term of this Agreement. 22.2.2.4
Verizon reserves the right, in its sole discretion and without cause, to refuse
to approve any proposed Supplier use of the Verizon Marks. 22.2.2.5 Ownership
and Goodwill. Supplier acknowledges that, as between Verizon and Supplier,
Verizon’s affiliate Verizon Trademark Services LLC (“VTS”) is the sole and
exclusive owner of rights in the Verizon Marks, and Supplier undertakes not to
challenge the validity of the Verizon Marks or VTS’s registration and ownership
of the Verizon Marks, and agrees that it will do nothing inconsistent with such
ownership. Supplier further acknowledges and agrees that all use of the Verizon
Marks by Supplier and all goodwill generated by and developed therefrom shall
inure to the benefit of and be on behalf of VTS. Supplier agrees that nothing in
this Agreement shall give Supplier any right, title or interest in or to the
Verizon Marks other than the right to use the Verizon Marks in connection with
the Licensed Use in the manner contemplated by this Agreement and only for so
long as this Agreement is in force. 23. PUBLICITY AND DISCLOSURE Each party
agrees not to provide copies of this Agreement, or otherwise disclose the terms
of this Agreement, to any third party without the prior written consent of the
other party, except as required by law. Except as required by law, each party
further agrees to submit to the contacts below, for written approval, all
advertising, sales promotion, press releases and other publicity matters
relating to the product furnished and/or the Service performed pursuant to this
Agreement, when a name or mark or the name or mark of the other party or any of
its partners or Affiliates is mentioned or language from which the connection of
39 Application Service Provider Agreement - Synchronoss and Verizon Proprietary
and Confidential ****CERTAIN INFORMATION HAS BEEN OMITTED AND FILED SEPARATELY
WITH THE COMMISSION. CONFIDENTIAL TREATMENT HAS BEEN REQUESTED WITH RESPECT TO
THE OMITTED PORTIONS



--------------------------------------------------------------------------------



 
[sncr123117ex12d8044.jpg]
said name or mark may be inferred or implied. Such requests shall be sent to
each of the following: If to Verizon: If related to Verizon Wireless products or
services, to Vice President -- Corporate Communications Verizon Wireless One
Verizon Way VC43E062 Basking Ridge, New Jersey 07920 If related to Verizon
Wireline products or services, to Vice President -- Media Relations Verizon
Telecom One Verizon Way VC31W467 Basking Ridge, NJ 07920 If related to Verizon
Business products or services, to Vice President -- Media Relations Verizon
Business One Verizon Way VC31W461 Basking Ridge, NJ 07920 If to Supplier:
Synchronoss Technologies, Inc. 200 Crossing Boulevard Bridgewater, NJ 08807
Attention: President With a copy to Supplier’s General Counsel at the same
address. 24. COMPLIANCE WITH LAWS 24.1 Supplier represents and warrants (i) that
it and, to the best of its knowledge, its directors, shareholders, officers,
employees, agents and all permitted subcontractors are currently in compliance
and (ii) that it and its directors, shareholders, officers, employees, agents
and all permitted subcontractors will remain in compliance with, the provisions
of all applicable federal, state and local laws, including rules, regulations
and orders decree or direction of the U.S. or applicable foreign jurisdictions
(collectively “laws”) in performance of this Agreement, , including but not
limited to any laws pertaining: 24.1.1 to the employment of labor, hours of
labor, health and safety, payment of wages, payment of taxes, employment
eligibility status and verification (I- 9); in this regard, Supplier shall not
discriminate against any employee or 40 Application Service Provider Agreement -
Synchronoss and Verizon Proprietary and Confidential



--------------------------------------------------------------------------------



 
[sncr123117ex12d8045.jpg]
applicant for employment because of race, color, religion, disability, sex,
national origin, age, physical or mental disability, veteran status or other
unlawful criterion, and it shall comply with all applicable laws against
discrimination. (If applicable, the Equal Opportunity Clauses set forth in 41
C.F.R. §§60-1.4(a), 60-250.5(a), and 60-741.5(a) are incorporated by reference
herein.); 24.1.2 to the safeguarding, protection, privacy, security, encryption,
unauthorized disclosure, breach notification and disposal of personal or similar
information used, maintained, and/or accessed on Verizon’s behalf including,
without limitation, the Standards for Protection of Personal information of the
Residents of the Commonwealth of Massachusetts 201 CMR17:00; California Civil
Code §1798.82 and the Fair and Accurate Credit Transactions Act of 2003, Public
Law 108-159; 24.1.3 to directly or indirectly, making, offering, causing to be
made, accepting, requesting, suggesting, directing or otherwise inducing any
bribe, payment, loan, commission, hospitality, gift of money, kick-back,
inducement or anything of value or other advantage (individually or collectively
“Bribery”) to any official, employee, agent or instrumentality of any
government, including legislative, administrative or judicial positions, or any
public international organization or any other person, company or legal entity
to gain any advantage for Verizon or Supplier, or which is in violation of any
economic or trade sanctions, in connection with any transaction relating to this
Agreement that could result in a violation of any laws relating to Bribery,
including without limitation the Foreign Corrupt Practices Act and the U.K.
Bribery Act 2010 (“U.K. Bribery”). Notwithstanding any other provisions in this
Agreement, Verizon may suspend performance or terminate this Agreement
immediately upon written notice, if Supplier breaches any of the terms set forth
in sections above. Following notice of termination, Verizon shall not be
responsible for any payments due under the Agreement, and shall not be required
to complete any order or take any other action pursuant to this Agreement, if it
has reasonable basis to believe that such payment, completion of order, or other
action would violate any applicable law, including but not limited to the
Foreign Corrupt Practices Act, or the UK Bribery. In the event of an
unauthorized disclosure of personal or similar information or any other
violation of the foregoing pertaining to Verizon, Supplier shall provide notice
of same by e-mail to security.issues@verizon.com within forty-eight (48) hours,
and to the notice addressee set forth in the Notices section of this Agreement
by the means set forth therein. Supplier shall also procure any required permits
or certificates necessary to perform its obligations under this Agreement. 24.2
Software furnished shall comply, to the extent applicable, with the requirements
of the Federal Communications Commission’s Rules and Regulations, as may be
amended, including those sections concerning the labeling of such Software and
the suppression of radiation to specified levels to the extent applicable. If
the Software generates interference harmful to radio communications, and such
Software was installed in accordance with such Rules and Regulations, then 41
Application Service Provider Agreement - Synchronoss and Verizon Proprietary and
Confidential



--------------------------------------------------------------------------------



 
[sncr123117ex12d8046.jpg]
Supplier shall provide to Verizon methods for suppressing the interference. If
the interference cannot be reasonably suppressed, Supplier shall accept return
of the Software, refund to Verizon the price paid for the Software and bear all
expenses for removal and shipment of such Software. Nothing herein shall be
deemed to diminish or otherwise limit Supplier’s obligations under Section 31,
Indemnification or any other rights or remedies available to Verizon, whether at
law or in equity. 24.3 Supplier represents and warrants to Verizon that at the
time of delivery, the Platform delivered, or Software delivered, hereunder shall
be “CALEA Compliant”, meaning that they will comply with the provisions of the
Communications Assistance for Law Enforcement Act (Pub L. 103-414, Title 1,
October 25, 1994, 108 Stat 4279, as amended), as well as any regulations
implementing the provisions of the law. . 24.4 Notwithstanding Section 24.1, it
shall not be considered a material breach of this Agreement if a Party is not in
compliance with an Applicable Law if such non- compliance is not material to a
Party’s performance under this Agreement. 25. FORCE MAJEURE Neither Party shall
be responsible for any delay or failure in performance of any part of this
Agreement to the extent that such delay is caused by reason of acts of God,
wars, revolution, civil commotion, acts of public enemy, embargo, acts of
government in its sovereign capacity, or any other circumstances beyond the
reasonable control and to the extent not involving any fault or negligence of
the Delayed Party ("Condition"). If any such Condition occurs, the Party delayed
or unable to perform ("Delayed Party"), upon giving prompt notice to the other
Party, shall be excused from such performance on a day-to-day basis during the
continuance of the impacts of such Condition (and the other Party shall likewise
be excused from performance of its obligations on a day-to-day basis during the
same period); provided, however, that the Party so affected shall use its best
reasonable efforts to avoid or remove such Condition, and both Parties shall
proceed immediately with the performance of their obligations under this
Agreement whenever such causes are removed or cease. Labor difficulties,
including without limitation, strikes, slowdowns, work stoppage, picketing or
boycotts, shall not constitute a Condition that excuses a party from performance
of its obligations under this Agreement. In the event of such labor difficulties
affecting a party, the other party shall use all lawful means to perform
Services or meet obligations agreed to under this Agreement. If the Condition
continues for more than ****, then the Party affected may terminate this
Agreement or any Authorization Letter. 26. ASSIGNMENT The rights, obligations,
and other interests of Supplier shall not be assigned by Supplier, in whole or
in part, without the prior written consent of Verizon and any purported
assignment of same shall be void and ineffective; provided, however, no consent
shall be required in the event of the sale of all of the capital stock or 42
Application Service Provider Agreement - Synchronoss and Verizon Proprietary and
Confidential ****CERTAIN INFORMATION HAS BEEN OMITTED AND FILED SEPARATELY WITH
THE COMMISSION. CONFIDENTIAL TREATMENT HAS BEEN REQUESTED WITH RESPECT TO THE
OMITTED PORTIONS



--------------------------------------------------------------------------------



 
[sncr123117ex12d8047.jpg]
substantially all of the assets to another party. provided, that such acquiring
third party: (a) agrees to be bound by all of the terms and conditions of this
Agreement, and (b) meets none of the following criteria: i. Such acquiring third
party is a competitor of Verizon or is owned by a competitor of Verizon; ii.
Such acquiring third party does not have substantially equal or greater
financial wherewithal as compared to Supplier; or iii. Verizon has been in
litigation with such entity in the past over one or more of the following
topics: Intellectual Property Rights, confidential information, data protection,
or a material breach of a services agreement. 26.1 If Verizon sells, exchanges
or otherwise disposes of all or a portion of the assets of, or Verizon’s
interest in, any business unit in which Services are used, then Verizon shall
have the right to assign to such third party all applicable licenses,
warranties, maintenance schedules and rights granted under this Agreement with
respect to such Service; provided that the third party agrees to be bound by all
obligations of Verizon to Supplier that pertain to the Service. Notwithstanding
the foregoing, Verizon shall have the right to assign this Agreement to any
Affiliate.]] 27. SUBCONTRACTING Supplier shall not use subcontractors to perform
the Services under this Agreement except by prior written consent of Verizon.
Requests by Supplier to Verizon to use subcontractors shall be in writing and
shall specify the Services to be subcontracted and the identity of the proposed
subcontractors. It shall be Supplier’s responsibility to update Verizon as it
adds or deletes subcontractors and to ensure that the subcontractors it uses are
in all cases approved by Verizon. Supplier accepts full responsibility for the
acts and omissions of subcontractors and of persons either directly or
indirectly employed by them in connection with performing Services hereunder to
the same extent as Supplier is responsible for the acts and omissions of persons
directly employed by Supplier. In the event Verizon approves the use of a
Subcontractor, for all subcontractors, including, without limitation, any
application provider or Content provider, that directly or indirectly furnish
hardware, facilities, software, data files, or services that are elements of, or
support, the Hosted Services (“Third Party Providers”), Supplier shall contract
with such Third Party Providers (other than Terremark or any other affiliate of
Verizon) on terms and conditions that are the same as, or no less stringent and
beneficial to Verizon than the terms and conditions of Sections 5, 19, 20, 21,
24.1.2 (if the Subcontractor will have access to Massachusetts customer
information described in such Section) and 26 and the applicable SLA; and
further as and for an inducement to Verizon to enter into this Agreement,
Supplier shall make Verizon a third party beneficiary in all respects under such
contracts between or among Supplier and such Third Party Providers in order to
43 Application Service Provider Agreement - Synchronoss and Verizon Proprietary
and Confidential



--------------------------------------------------------------------------------



 
[sncr123117ex12d8048.jpg]
pass through to Verizon all rights and remedies against such Third Party
Providers as may be beneficial to Verizon. Verizon’s rights and remedies under
all such Third Party Provider contracts shall be supplemental to its rights and
remedies against Supplier. 28. TAXES 28.1 Verizon shall, as required by law, pay
all state and local sales and use tax or other similar tax (each, a "Tax"),
which is directly and solely attributable to purchases by Verizon from Supplier
for consideration under this Agreement. Supplier shall bill such Tax to Verizon
in the amount required by law, separately stating the amount and type of the
billed Tax on the applicable invoice; Verizon shall pay such billed amount of
Tax to Supplier; and Supplier shall remit such billed amount of Tax to the
appropriate tax authorities as required by law; provided, however, that Supplier
shall not bill to or otherwise attempt to collect from Verizon any Tax with
respect to which Verizon provides Supplier with (i) an exemption certificate
prepared in accordance with applicable law, (ii) a direct pay number, or (iii)
other evidence, reasonably acceptable to Supplier, that such Tax does not apply.
Except as provided in this Section 28.1, Supplier shall bear the costs of all
import and export duties and other governmental fees of whatever nature (other
than taxes) with respect to all Software and Services supplied under this
Agreement. For the avoidance of doubt, Supplier shall be solely responsible for
any taxes, tax-like charges or tax-related or other surcharges determined by
Supplier's income, net worth, franchise or property. Supplier will bear any and
all financial responsibility for interest, and penalties resulting from its
failure to comply with applicable law. 28.2 Supplier shall be responsible for
any sales, use, excise, value added, service, consumption, property, franchise,
income, or other taxes and duties based upon or measured by Supplier’s cost in
acquiring goods or services furnished or used by Supplier in the Software and
services supplied under this Agreement. 28.3 Supplier shall reasonably cooperate
with Verizon so as to minimize the tax liability of Verizon, including, without
limiting the generality of the foregoing, liability for Tax to be billed and
collected under Section 28.1. Such cooperation shall include, without limiting
the generality of the foregoing: (i) the delivery of Software and Documentation
from Supplier to Verizon via electronic transmission; (ii) the separate
statement of Tax charges on all invoices (including, without limiting the
generality of the foregoing, charges for installation, assembly, configuration,
freight, insurance and shipping); (iii) the maintenance and invoicing of
separate prices for Software and Services; (iv) providing Verizon, upon request,
with a written opinion as to (a) the percentage of the value of the Software or
Services supplied under this Agreement, (b) the percentage breakdown of value
among such categories of Software as Verizon may identify in its request, and
(c) such supporting documentation and information with respect to such opinion
as Verizon may request; and (v) upon request from Verizon, certifying in writing
whether and, if applicable, to what extent, any particular Software is custom or
pre-written. 28.4 Supplier shall cooperate with all reasonable requests of
Verizon in connection with any contest or refund claim with respect to taxes. If
applicable law places 44 Application Service Provider Agreement - Synchronoss
and Verizon Proprietary and Confidential



--------------------------------------------------------------------------------



 
[sncr123117ex12d8049.jpg]
the responsibility on Supplier to collect a Tax from Verizon and Supplier fails
to do so, Verizon will not be responsible for any interest or penalties
associated with Supplier’s failure to invoice such Tax solely due to its error.
If Supplier incorrectly (in the reasonable opinion of Verizon) bills and
collects Tax from Verizon and the taxing authority requires that any refund from
the taxing authority be sought by the billing party, then, upon request from
Verizon (together with reasonable supporting documentation), Supplier shall seek
the refund and remit to Verizon the amount of the refund actually obtained,
together with interest, if any, actually received, promptly upon receiving such
refund and interest, if any, from the taxing authority. If the Supplier agrees
with a tax authority to waive the Supplier’s statute of limitations as to its
audit period, Verizon will not be responsible for any portion of tax audit
assessments on Supplier beyond Supplier’s original applicable statute of
limitations, nor, will Verizon be responsible for any portion of tax audit
assessments on Supplier for any period for which Verizon’s statute of
limitations is closed due to expiration or audit settlement. 28.5 If any payment
to be made in respect of any invoice is subject, under the law of any foreign
tax jurisdiction, to any withholding tax, notwithstanding any provision of this
Agreement to the contrary, Verizon shall make payment to Supplier of the amount
owing on the invoice, less a deduction for the withholding tax, and shall
account to the relevant tax authority for the withheld tax. Payments of the net
sum to Supplier and the withholding tax to the relevant tax authority shall
constitute, for purposes of this Agreement, full settlement of the amount owing
under the invoice. Verizon will, upon written request from Supplier and at
Supplier’s expense, furnish any necessary evidence that may reasonably be
required to establish the payment of the withholding tax to the relevant tax
authority. 29. PERMITS Unless otherwise specifically provided for in this
Agreement, Supplier (including any employees, agents and contractors) shall
obtain and keep in full force and effect, at its expense, any permits, licenses,
consents, approvals and authorizations (“Permits”) necessary for the performance
of Services. Upon request, Supplier must submit to Verizon evidence of any
Permits required for Supplier to perform Services in a given location. 30. WORK
RULES AND ACCESS REQUIREMENTS 30.1 Supplier shall comply with Verizon security
rules to the extent provided to Supplier or with respect to which Supplier has
actual or reasonable constructive notice as well as all governmental security
regulations including, but not limited to U.S. governmental regulations
governing security clearances. 30.2 Supplier shall permit reasonable access to
employees or subcontractors (for purposes of this Section, Verizon shall be
responsible for such Verizon subcontractors as if they were Verizon employees)
of Verizon during normal working hours to its facilities to the extent
reasonably required in connection with the Service. 45 Application Service
Provider Agreement - Synchronoss and Verizon Proprietary and Confidential



--------------------------------------------------------------------------------



 
[sncr123117ex12d8050.jpg]
30.3 Supplier shall provide its employees, subcontractors, and agents and work
vehicles with identification in accordance with current generally applicable
Verizon supplier requirements 30.4 If Supplier is given access, whether on-site
or through remote facilities, to any Verizon computer or electronic data storage
system in order for Supplier to accomplish the Services called for in this
Agreement, Supplier shall limit such access and use solely to perform Services
within the scope of this Agreement, shall not without the prior written
authorization of Verizon export or transmit any computer system, electronic
file, software or other electronic services, or data therein contained, to
entities or locations other than those specified in this Agreement and shall not
access or attempt to access any computer system, electronic file, software or
other electronic services other than those specifically required to accomplish
the work required under this Agreement and only as permitted in this Agreement.
Supplier shall limit such access to those of its employees who are qualified and
required, subject to Verizon requiring written authorization, to have such
access in connection with this Agreement, and shall strictly follow all
Verizon’s security rules for use of Verizon’s electronic resources. All user
identification numbers and passwords disclosed to Supplier and any information
obtained by Supplier as a result of Supplier’s access to and use of Verizon’s
computer and electronic data storage systems shall be deemed to be, and shall be
treated as, Verizon Confidential Information under applicable provisions of this
Agreement. Verizon reserves the right to monitor such actions by Supplier and
Supplier agrees to cooperate with Verizon in the investigation of any apparent
unauthorized access by Supplier to Verizon’s computer or electronic data storage
systems or unauthorized release of Confidential Information by Supplier. 30.5 If
Supplier is given such access to any Verizon computer or electronic storage
system, or if Supplier otherwise exchanges electronic messages or communications
with Verizon (including but not limited to Verizon accessing any of Supplier’s
data bases or systems on-site or remotely), or if Supplier furnishes software or
other electronic transmissions to Verizon, (i) Supplier shall not transmit or
introduce any virus, worm or other malicious code to Verizon or into its
network, computers, electronic storage systems or other systems (the foregoing
shall not apply where Subscriber Data as transmitted by Verizon to Supplier
contains such a virus, worm or other malicious code) and (ii) any Software
provided to Verizon by Supplier for use by Supplier or Verizon shall (a) contain
no hidden files; (b) not replicate, transmit, or activate itself without control
of a person operating computing equipment on which it resides; (c) not alter,
damage, or erase any data or computer programs without control of a person
operating the computing equipment on which it resides unless such practice is
consistent with Specifications or Service Requirements; (d) contain no encrypted
imbedded key unknown to Verizon, node lock, time-out or other function, whether
implemented by electronic, mechanical or other means, which restricts or may
restrict use or access to any programs or data developed under this Agreement,
based on residency on a specific hardware configuration, frequency of duration
of use, or other limiting criteria (“Illicit Code”) unless such practice is
consistent with Specifications or Service Requirements. 46 Application Service
Provider Agreement - Synchronoss and Verizon Proprietary and Confidential



--------------------------------------------------------------------------------



 
[sncr123117ex12d8051.jpg]
30.6 Verizon reserves the right to reasonably request at any time and for any
reason that specific employees, subcontractors, and agents of Supplier be
removed from and not assigned by Supplier to perform Services for Verizon, and
Supplier acknowledges, agrees and understands that Supplier will immediately
comply with such request by Verizon. 30.7 Background Checks. 30.7.1 For each of
the employees that Supplier wishes to assign to perform Services for Verizon,
Supplier shall certify to Verizon that it has conducted (or caused to be
conducted) a background check as described herein (collectively referred to as
“background checking”) to the extent permitted by applicable law. For purposes
of this Section, “employee” shall include Supplier’s employees and any of
Supplier’s contract personnel; and “assign” shall include training for Services
to be provided to Verizon, unless otherwise agreed to by Verizon. 30.7.1.1 Where
permitted by law, the criminal history check shall consist of a federal and
state check for felony criminal convictions (or the equivalent thereof under
relevant law) in all locations where the assigned employee has resided, has been
employed, or has attended school in the immediately preceding seven (7) years,
and a check of U.S. Government Specially Designated National (OFAC) and export
denial lists. This criminal history check shall include, to the extent available
and permitted by law, a check for outstanding warrants and a check for pending
felony charges in all such locations. Statewide county searches shall be
performed in all states where such search mechanism is available without
requiring specialized data (such as fingerprints or DNA), and the National
Criminal File database shall also be searched. 30.7.1.2 The employee will be
checked against the National/State Sex Offender Registry
(http://www.familywatchdog.us/ with no state selected) or the equivalent, to
yield a national and all-states search. 30.7.1.3 The name to which employee’s
Social Security Number is attributed shall be verified. 30.7.1.4 The employee’s
citizenship, most recent country of permanent residence, and legal right to work
in the jurisdiction in which the employee will be performing Services for
Verizon shall be verified. 30.7.2 For any period of time encompassed in the
foregoing background check requirement when the employee was resident outside of
the United States, such background checking shall be conducted by a reputable
investigative agency that conducts background checking in the relevant
country(ies) for transnational technology firms comparable to Verizon, utilizing
database checking, field checking and interviews as needed to 47 Application
Service Provider Agreement - Synchronoss and Verizon Proprietary and
Confidential



--------------------------------------------------------------------------------



 
[sncr123117ex12d8052.jpg]
the extent permitted by applicable law. The criminal convictions check shall
include the equivalent, under relevant non-US law, of those convictions
described in 30.7.1 to the extent permitted by applicable law 30.7.3 Supplier
shall comply with all applicable laws in conducting the background check
specified in this Section 30.7 including but not limited to, where required,
securing from each employee who provides Services to Verizon such employee’s
written consent to perform the background checking specified in this Section
30.7 and to disclose the results thereof to Verizon upon Verizon’s request to
the extent permitted by applicable law. Without limitation of the foregoing,
Supplier will make all written disclosures to and obtain written consent from
each employee to obtain consumer reports as defined in and required by the Fair
Credit Reporting Act to the extent permitted by applicable law. Supplier shall
provide such results and written consent to Verizon upon request from Verizon.
Supplier may be required to recertify on an annual basis that such Background
Checks were performed for any employee who has performed Services and was not
included in the prior certification. 30.7.4 Without prior review with and
consent of Verizon, Supplier shall not assign any employee to provide Services
to Verizon if such employee: 30.7.4.1 has been convicted of a felony (or the
equivalent thereof under relevant law) within the last seven (7) years which,
following a review under applicable law and applying the guidelines set forth in
Exhibit G, Supplier concludes the circumstances of which are directly
job-related to the assignment at Verizon and therefore makes the employee
unsuitable for that assignment at Verizon, or for whom a warrant is outstanding,
or for whom a felony charge is currently pending, or is on a U.S. Government
Specially Designated National or export denial list. The foregoing shall not
apply to a minor traffic violation (a moving traffic violation other than
reckless driving, hit and run, driving to endanger, vehicular homicide, driving
while intoxicated or other criminal offense involving gross negligence,
recklessness, intentional or willful misconduct while operating a motor
vehicle), to a conviction that has been legally expunged, or to a conviction for
a misdemeanor that occurred while the employee was under the age of twenty-one
years; or 30.7.4.2 is on the national or any state Sex Offender Registry which,
following a review under applicable law and applying the guidelines set forth in
Exhibit G, Supplier concludes the circumstances of which are directly
job-related to the assignment at Verizon and therefore makes the employee
unsuitable for that assignment at Verizon 30.7.4.3 does not have the legal right
to work in the jurisdiction in which the employee will be performing Services
for Verizon. 48 Application Service Provider Agreement - Synchronoss and Verizon
Proprietary and Confidential



--------------------------------------------------------------------------------



 
[sncr123117ex12d8053.jpg]
30.7.5 Supplier shall certify to Verizon that Supplier has caused the foregoing
background checking to be performed for each employee assigned to provide
Service for Verizon within **** of the Effective Date; further, upon request,
Supplier shall annually certify no later than the anniversary of the Effective
Date that it has met the foregoing background checking requirements for all
employees then assigned to provide Service for Verizon. Such certifications
shall be sent via electronic mail to Verizon’s in accordance with the Notice
provision in the Agreement. 31.8 Supplier agrees to comply with Verizon's
Supplier Code of Conduct located at http://www22.verizon.com/ethics, which may
be updated from time to time to the extent Verizon notifies Supplier in writing
of such update. 31. INDEMNIFICATION 31.1 Supplier shall defend, indemnify and
hold harmless Verizon, its parents, subsidiaries and Affiliates, and its and
their respective directors, officers, partners, members, employees, agents,
successors and assigns (“Indemnified Parties”) from and against any claims,
demands, lawsuits, damages, liabilities, loss, costs or expenses (including, but
not limited to, reasonable fees and disbursements of counsel and court costs),
judgments, settlements and penalties of every kind (“Claims”), that may be made:
(a) by anyone for injuries (including death) to persons or damage to tangible
property, including theft, resulting in whole or in part from the acts or
omissions of Supplier or those persons furnished by Supplier, including its
subcontractors (if any); (b) by persons furnished by Supplier and its
subcontractors (if any) under Worker's Compensation or similar acts; (c) by
anyone in connection with or based upon Services or Software (including products
furnished hereunder) provided by Supplier and its subcontractors, if any, or
contemplated by this Agreement, including Claims regarding the adequacy of any
disclosures, instructions or warnings related to any such Services; (d) under
any federal securities laws or under any other statute, at common law or
otherwise arising out of or in connection with the performance by Supplier
contemplated by this Agreement or any information obtained in connection with
such performance and (e) for any breach by Supplier of Section 15.9.1. The
foregoing indemnification shall apply whether Supplier or an Indemnified Party
defends such Claim and whether the Claim arises or is alleged to arise out of
the sole acts or omissions of the Supplier (and/or any subcontractor of
Supplier) or out of the concurrent acts or omissions of Supplier (and/or any
subcontractor of Supplier) and any Indemnified Parties. Supplier further agrees
to bind its subcontractors, if any, to similarly indemnify, hold harmless, and
defend the Indemnified Parties. 31.2 Verizon will provide Supplier with prompt,
written notice of any written Claim covered by this indemnification and will
cooperate appropriately with Supplier in connection with Supplier’s evaluation
of such Claim. Promptly after receipt of such request, Supplier shall assume the
sole control and defense of such Claim. Supplier shall not settle or compromise
any such Claim or consent to the entry of any judgment without the prior written
consent of each Indemnified Party and without an unconditional release of all
claims by each claimant or plaintiff in favor of each Indemnified Party. 49
Application Service Provider Agreement - Synchronoss and Verizon Proprietary and
Confidential ****CERTAIN INFORMATION HAS BEEN OMITTED AND FILED SEPARATELY WITH
THE COMMISSION. CONFIDENTIAL TREATMENT HAS BEEN REQUESTED WITH RESPECT TO THE
OMITTED PORTIONS



--------------------------------------------------------------------------------



 
[sncr123117ex12d8054.jpg]
32. INSURANCE 32.1 Supplier shall secure and maintain at its expense during the
term of this Agreement: 32.1.1 Commercial General Liability insurance
(including, but not limited to, premises-operations, products/completed
operations, contractual liability, independent contractors, personal and
advertising injury) with limits of at least $****, combined single limit for
each occurrence and $**** general aggregate. 32.1.2 Commercial Automobile
Liability insurance with limits of at least $**** combined single limit for each
accident covering all owned, non-owned hired and leased vehicles. 32.1.3
Workers' Compensation insurance, in compliance with the statutory requirements
of the state(s) of operation and Employer's Liability insurance with limits of
not less than $**** each accident/disease/policy limit. 32.1.4 A combination of
primary and excess/umbrella liability policies will be acceptable as a means to
meet the limits specifically required hereunder. THE REQUIRED MINIMUM LIMITS OF
COVERAGE SHOWN ABOVE, HOWEVER, WILL NOT IN ANY WAY RESTRICT OR DIMINISH
SUPPLIER’S LIABILITY UNDER THIS AGREEMENT. 32.1.5 Professional Liability/Errors
and Omissions insurance, with limits of not less than $**** each claim. 32.2
Supplier represents and warrants that it will obtain upon or prior to the
effective date of the agreement a policy or policies of insurance from an
insurer(s) that (i) is licensed, authorized or permitted to do business in the
state(s) where service is to be provided, and (ii) has a Best’s Rating “A- VII”
or better. Supplier shall deliver a Certificate of Insurance on which Verizon
Communications Inc., its subsidiaries and Affiliates are named as additional
insureds and listed as a Certificate Holder to the following address: ****
Verizon Sourcing LLC One Verizon Way Mailcode **** Basking Ridge, NJ USA 07920
or via Verizon’s vSource supplier portal. Supplier’s insurer or its authorized
representative shall provide no less than **** prior written notice of intent to
non- renew, cancellation or material adverse change, except **** notice for
nonpayment of premium shall apply. 32.3 Supplier shall waive its rights of
subrogation against Verizon for all claims, as permitted by law. 50 Application
Service Provider Agreement - Synchronoss and Verizon Proprietary and
Confidential ****CERTAIN INFORMATION HAS BEEN OMITTED AND FILED SEPARATELY WITH
THE COMMISSION. CONFIDENTIAL TREATMENT HAS BEEN REQUESTED WITH RESPECT TO THE
OMITTED PORTIONS



--------------------------------------------------------------------------------



 
[sncr123117ex12d8055.jpg]
32.4 Supplier agrees that Supplier's policy is primary and non-contributory with
any insurance or program of self-insurance that may be maintained by Verizon.
32.5 Supplier is responsible for determining whether the above minimum insurance
coverages are adequate to protect its interests. The above minimum coverages do
not constitute limitations upon Supplier’s liability. 32.6 Self-Insure. Should
Supplier elect to self-insure any portion of the insurance required to be
maintained, Supplier shall maintain a senior unsecured credit rating from
Standard & Poor’s, Moody’s of at least BBB- or Baa2 or commensurate rating
respectively. If Supplier’s senior unsecured credit rating falls below either of
these thresholds during the term of this Agreement, Supplier will procure
insurance for the risks it is self-insuring as soon as possible but no later
than **** from the date of such event. If Supplier does not have a senior
unsecured credit rating described above, a minimum net worth of $**** will be
required to self-insure and shall be maintained throughout the term of this
Agreement. If Supplier’s net worth falls below $****during the term of this
Agreement Supplier will procure and maintain insurance for the risk it is self-
insuring as soon as possible. 33. RELATIONSHIP OF PARTIES In providing any
Services or Software under this Agreement, Supplier is acting solely as an
independent contractor and not as an agent of any other Party. Persons furnished
by the Supplier shall be solely the employees or agents of the Supplier and
shall be under the sole and exclusive direction and control of such Party. They
shall not be considered employees of Verizon for any purpose. Supplier shall be
responsible for compliance with all laws, rules and regulations involving its
respective employees or agents, including (but not limited to) employment of
labor, hours of labor, health and safety, working conditions and payment of
wages. Supplier shall also be responsible, respectively, for payment of taxes,
including federal, state, and municipal taxes, chargeable or assessed with
respect to its employees or agents, such as social security, unemployment,
worker's compensation, disability insurance and federal and state income tax
withholding. Neither Party undertakes by this Agreement or otherwise to perform
or discharge any liability or obligation of the other Party, whether regulatory
or contractual, or to assume any responsibility whatsoever for the conduct of
the business or operations of the other Party. Nothing contained in this
Agreement is intended to give rise to a partnership or joint venture between the
Parties or to impose upon the Parties any of the duties or responsibilities of
partners or joint venturers. 34. NOTICES With the exception of invoices pursuant
to Section 11 (Fees/Payment); requests for publicity consent under Section 23
(Publicity and Disclosure), and MWDBVE matters under Exhibit E (Primary Supplier
Commitment), Notices concerning this Agreement shall be in writing and shall be
given or made by means of telegram, facsimile transmission, certified or
registered mail, express mail or other 51 Application Service Provider Agreement
- Synchronoss and Verizon Proprietary and Confidential ****CERTAIN INFORMATION
HAS BEEN OMITTED AND FILED SEPARATELY WITH THE COMMISSION. CONFIDENTIAL
TREATMENT HAS BEEN REQUESTED WITH RESPECT TO THE OMITTED PORTIONS



--------------------------------------------------------------------------------



 
[sncr123117ex12d8056.jpg]
overnight delivery service, or hand delivery, proper postage or other charges
paid and addressed or directed to the respective Parties as follows. A notice
that is sent by facsimile shall also be sent by one of the other means set out
by this Section: To Supplier: Synchronoss Technologies, Inc. 200 Crossing Blvd.
Bridgewater, NJ 08807 Attention: President Fax: **** With a copy to: Synchronoss
Technologies, Inc. 200 Crossing Blvd. Bridgewater, NJ 08807 Attention: General
Counsel Fax: **** To Verizon: Verizon One Verizon Way Basking Ridge, NJ USA
07920 Attention: **** With a copy to: Verizon Sourcing LLC One Verizon Way
Basking Ridge, New Jersey 07920 Attention: Vice President and Deputy General
Counsel - Sourcing Fax: **** Notices for change in ownership, change in name of
firm, or change in mailing address must be given by each party by mailing to the
other party within **** of such change. Notices for change in ownership must
include the names of all new owners or officers, registered agent for service of
process and state of incorporation or organization. 35. NONWAIVER Either party’s
failure to enforce any of the provisions of this Agreement or any Authorization
Letter, or to exercise any option, shall not be construed as a waiver of such
provisions, rights, or options, or affect the validity of this Agreement. 36.
SEVERABILITY If any provision of this Agreement shall be invalid or
unenforceable, then such invalidity or unenforceability shall not invalidate or
render unenforceable the entire Agreement. The entire Agreement shall be
construed as if not containing the particular invalid or unenforceable provision
or provisions, and the rights and obligations of the Parties shall be construed
and enforced accordingly. 52 Application Service Provider Agreement -
Synchronoss and Verizon Proprietary and Confidential ****CERTAIN INFORMATION HAS
BEEN OMITTED AND FILED SEPARATELY WITH THE COMMISSION. CONFIDENTIAL TREATMENT
HAS BEEN REQUESTED WITH RESPECT TO THE OMITTED PORTIONS



--------------------------------------------------------------------------------



 
[sncr123117ex12d8057.jpg]
37. LIMITATION OF LIABILITY EXCEPT FOR CLAIMS UNDER SECTION 19 (CONFIDENTIAL
INFORMATION), IN NO EVENT SHALL EITHER PARTY BE LIABLE TO THE OTHER PARTY, ITS
EMPLOYEES, SUBCONTRACTORS, AND/OR AGENTS, OR ANY THIRD PARTY, FOR ANY INDIRECT,
INCIDENTAL, SPECIAL, CONSEQUENTIAL, PUNITIVE DAMAGES, OR LOST PROFITS FOR ANY
CLAIM OR DEMAND OF ANY NATURE OR KIND, ARISING OUT OF OR IN CONNECTION WITH THIS
AGREEMENT OR THE PERFORMANCE OR BREACH THEREOF. THE AGGREGATE LIABILITY OF
EITHER PARTY FOR ALL CLAIMS MADE IN ANY CALENDAR YEAR UNDER OR IN CONNECTION
WITH THIS AGREEMENT, IRRESPECTIVE OF THE BASIS OF CLAIM (WHETHER WARRANTY, TORT
(INCLUDING NEGLIGENCE) OR OTHERWISE) SHALL BE LIMTED TO ****. ****. The Parties
acknowledge that the fees paid hereunder reflect the foregoing allocation of
risk. 38. DISPUTE RESOLUTION 38.1 The Parties desire to resolve certain
disputes, controversies and claims arising out of this Agreement without
litigation. Accordingly, except in the case of a suit, action or proceeding to
compel either Party to comply with the dispute resolution procedures set forth
in this Section the Parties agree to use the following alternative procedure
with respect to any dispute, controversy or claim arising out of or relating to
this Agreement or its breach. The term "Dispute" means any dispute, controversy
or claim to be resolved in accordance with the dispute resolution procedure
specified in this Section. 38.2 At the written request of a Party, each Party
shall appoint a knowledgeable, responsible representative to meet and negotiate
in good faith to resolve any Dispute arising under this Agreement. The Parties
intend that these negotiations 53 Application Service Provider Agreement -
Synchronoss and Verizon Proprietary and Confidential



--------------------------------------------------------------------------------



 
[sncr123117ex12d8058.jpg]
be conducted by non-lawyer, business representatives. The discussions shall be
left to the discretion of the representatives. Upon agreement, the
representatives may utilize other alternative dispute resolution procedures such
as mediation to assist in the negotiations. Discussions and correspondence among
the representatives for purposes of these negotiations shall be treated as
confidential information developed for purposes of settlement, shall be exempt
from discovery and production, and shall not be admissible in any lawsuit
without the concurrence of all Parties. Documents identified in, or provided
with, such communications, which are not prepared for purposes of the
negotiations are not so exempted and may, if otherwise admissible, be admitted
in evidence in the lawsuit. 38.3 If the negotiations do not resolve the Dispute
within **** of the initial written request, the Parties may pursue their
available remedies at law or in equity. 39. ORDER OF PRECEDENCE All quotations,
Authorization Letters, Change Orders, acknowledgments, and invoices issued
pursuant to this Agreement shall be subject to the provisions contained in this
Agreement. In the event of any conflict between a specific term or condition of
this Agreement and a specific term or condition contained in an Authorization
Letter or Change Order, the specific term or condition of the Authorization
Letter or applicable Change Order shall control and take precedence where the
Agreement provides that this Agreement is subject to such Authorization Letter
or Change Order or where it is stated in a clear and unambiguous matter in the
Authorization Letter or Change Order that the specific term or condition of the
Exhibit is in conflict with the Agreement and takes precedence. The terms and
conditions of this Agreement and its Exhibits will control over any additional,
conflicting or inconsistent terms contained in any Authorization Letter, Change
Order, quotation, acknowledgment or invoice, unless agreed in writing by
authorized representatives of the Parties; provided that, the following
provisions, as they to Services or Software ordered pursuant to a particular
Authorization Letter, can be changed by language contained in that Authorization
Letter or Change Order: (i) the quantity, (ii) special quoted price, (iii)
payment terms, (iv) warranty period, or (v) delivery date. 40. SECTION HEADINGS
The headings of the several sections are inserted for convenience of reference
only and are not intended to be a part of or to affect the meaning or
interpretation of this Agreement. 41. SURVIVAL OF OBLIGATIONS The respective
obligations of the Parties under this Agreement that by their nature would
continue beyond the termination, cancellation or expiration, shall survive any
termination, cancellation or expiration, including, but not limited to,
obligations to indemnify, insure and maintain confidentiality. 54 Application
Service Provider Agreement - Synchronoss and Verizon Proprietary and
Confidential ****CERTAIN INFORMATION HAS BEEN OMITTED AND FILED SEPARATELY WITH
THE COMMISSION. CONFIDENTIAL TREATMENT HAS BEEN REQUESTED WITH RESPECT TO THE
OMITTED PORTIONS



--------------------------------------------------------------------------------



 
[sncr123117ex12d8059.jpg]
42. CHOICE OF LAW AND JURISDICTION The construction, interpretation and
performance of this Agreement shall be governed by and construed in accordance
with the laws of the State of New York without regard to any conflicts of law
principles that would require the application of the laws of any other
jurisdiction and subject to the exclusive jurisdiction of the federal or state
courts in New York. The Parties hereby consent to the exclusive jurisdiction of
the courts in the State of New York and agree to accept the service of process
of such courts such that any suit brought by either Party against the other
Party for claims arising out of this Agreement shall be brought in the Supreme
Court of the State of New York, New York County, and/or, if applicable, the
United States District Court for the Southern District of New York. The
application of the United Nations Convention on Contracts for the International
Sale of Goods is specifically excluded from this Agreement. 43. GIFTS AND
GRATUITIES AND CONFLICTS OF INTEREST 43.1 Supplier certifies that, to the best
of Supplier’s knowledge and belief, no economic, beneficial, employment or
managerial relationship exists between Supplier and any employee of Verizon, or
between Supplier and any relative of an employee of Verizon, that would tend in
any way to influence such employee in the performance of his or her duties on
behalf of Verizon in connection with the awarding, making, amending or making
determinations concerning the performance of this or any other agreement. 43.2
The exchange or offering of any money, gift item, personal service,
entertainment or unusual hospitality by Supplier to Verizon is expressly
prohibited. This prohibition is equally applicable to both Parties’ officers,
employees, agents or immediate family members. Any violation of this provision
constitutes a material breach of this Agreement. 55 Application Service Provider
Agreement - Synchronoss and Verizon Proprietary and Confidential



--------------------------------------------------------------------------------



 
[sncr123117ex12d8060.jpg]
44. ENTIRE AGREEMENT This Agreement together with its exhibits constitutes the
entire agreement between the Parties and cancels all contemporaneous or prior
agreements, whether written or oral, with respect to the subject matter of this
Agreement. No modifications shall be made to this Agreement unless in writing
and signed by authorized representatives of the Parties 45. SIGNATURES IN
WITNESS WHEREOF, the Parties hereto have caused this Agreement to be executed by
their duly authorized officers or representatives. VERIZON SOURCING LLC
SYNCHRONOSS TECHNOLOGIES, INC. By: /s/ Marc C. Reed By: /s/ Stephen G. Waldis
Name: Marc C. Reed Name: Stephen G. Waldis Title: EVP & CAO Title: CEO Date:
12/20/13 Date: 12/16/13 56 Application Service Provider Agreement - Synchronoss
and Verizon Proprietary and Confidential



--------------------------------------------------------------------------------



 
[sncr123117ex12d8061.jpg]
EXHIBIT A – FORM OF AUTHORIZATION LETTER Date Contact Name Supplier Name Address
City, State Re: This Application Service Provider Agreement between Verizon and
_____________________ (“Supplier”) Verizon Contract No. Authorization Letter
Number: Dear __________________: This authorization is pursuant to the terms and
conditions of the above-referenced agreement (the “Agreement”). The services to
be performed are described in the attached “Statement of Work” (Schedule 1)
(“Project”). The schedule of pricing is set forth in the attached Statement of
Work. The Verizon Project Leader will be: __________________________________
Invoices shall be billed on a monthly basis and addressed to: Verizon [INSERT
APPROPRIATE ADDRESS] ______________________ _______________________ Attn:
_________________________ The payment terms shall be as defined in the
Agreement. Supplier shall not issue its invoice for the Project until the
earlier of Verizon’s written acceptance of the Project or the expiration of the
acceptance period set forth in the Statement of Work. The Services will be
performed at the Verizon facilities located at ____________. Travel time to and
from this location will not be billable. Out-of-pocket expenses, authorized in
advance by Verizon, will be billed to Verizon in accordance with the Agreement.
The maximum amount authorized under this letter is $___________ (“Amount
Authorized”). Services authorized by this letter will commence on
_______________ and will continue until _____________, subject to the earlier of
1) completion of the Project; or 2) termination of Services under the Agreement.
The Verizon Project Leader will specify standards and/or other constraints to be
applied to work being performed. 57 Application Service Provider Agreement -
Synchronoss and Verizon Proprietary and Confidential



--------------------------------------------------------------------------------



 
[sncr123117ex12d8062.jpg]
Supplier will provide the Verizon Project Leader with a weekly status report
indicating hours worked by day and status of assigned tasks. Please indicate
your acceptance of this Authorization Letter by having it signed by an
authorized representative of Supplier and return a fully executed original and a
copy of your insurance certificate to ________________________ at the address
stated above with copies to ______________. Sincerely, (Name) Verizon (Title)
Agreed to and accepted by Supplier: BY: ____________________________ NAME:
____________________________ TITLE: ____________________________ DATE:
____________________________ 58 Application Service Provider Agreement -
Synchronoss and Verizon Proprietary and Confidential



--------------------------------------------------------------------------------



 
[sncr123117ex12d8063.jpg]
EXHIBIT B – CHANGE REQUEST FORM CHANGE REQUEST FORM CUSTOMER PROVIDED
INFORMATION Originator’s Name: Date: Telephone: Email: Customer Name:
Application Name: Description of Problem or Desired Changes (Attach Additional
sheets as Necessary): Recommended Action/Solution (Attach Additional sheets as
Necessary): TO BE COMPLETED BY SUPPLIER Functional Areas Affected: Application
Development Production Operations Project Management Office Network Engineering
QA Legal Data Base Management Other Content Management Marketing Written
description of the work Supplier anticipates performing in order to effectuate
such change(s) requested: Schedule for commencing and completing such work: 59
Application Service Provider Agreement - Synchronoss and Verizon Proprietary and
Confidential



--------------------------------------------------------------------------------



 
[sncr123117ex12d8064.jpg]
The number of person hours expected to be expended and the costs to Customer
associated with such change(s): Analysis/Evaluation/Comments: Reviewed/Verified
By: Project Manager _________________________ Date: ________________ Business
Unit Manager _________________________ Date: ________________ Other
_________________________ Date: ________________ Change Management Team Target
Release Date: Recommendation: Work Defer Close Agreed to and accepted by
Supplier: Agreed to and accepted by Verizon: BY: ____________________________
BY: ____________________________ NAME: ____________________________ NAME:
____________________________ TITLE: ____________________________ TITLE:
____________________________ DATE: ____________________________ DATE:
____________________________ 60 Application Service Provider Agreement -
Synchronoss and Verizon Proprietary and Confidential



--------------------------------------------------------------------------------



 
[sncr123117ex12d8065.jpg]
EXHIBIT C-1 - BASELINE INFORMATION SECURITY REQUIREMENTS This Baseline
Information Security Requirements for Suppliers (“Exhibit”) defines certain
minimum physical and logical information security controls and requirements for
Suppliers performing services for or providing services to Verizon. This Exhibit
supplements all security requirements set forth in the Agreement, and statements
of work and Orders thereunder (collectively or individually, the
“Agreement(s)”). This exhibit does not limit other rights of Verizon or
obligations of Supplier that otherwise exist under applicable laws or
agreements, including, but not limited to, additional security requirements that
may be imposed to address protection of specific information, specific
agreements, specific engagements, or changes in applicable law; and any security
protection requirements in such laws and agreements that are more stringent than
those set forth in this Exhibit shall replace and supersede the corresponding
terms of this Exhibit. Any exceptions to the following requirements must be
approved in writing by Verizon in advance of implementation. Unless expressly
stated otherwise in the Agreement(s), the terms of this Exhibit shall take
precedence and prevail over any conflicting or inconsistent provisions in the
Agreement(s) only to the extent that they are more stringent than the
conflicting or inconsistent provisions of the Agreement(s). As used in this
Exhibit, compliance is required with those requirements that are preceded by the
words “shall” or “must.” Those requirements that are preceded by the word
“should” are important, however Supplier is free to adopt alternatives that
result in information protection and security that is at least equivalent to
conformance to those requirements. 1) Definitions: a) Information Definitions
Confidential Defined in the Agreement(s) Information CPNI Privacy One or more of
the following CPNI related personal information Information (CPNI-PI) data
elements that may be combined with a person’s identifying information (name,
telephone number, email address, driver’s license number, internet address,
etc.): (1) Call detail records (2) Credit information (3) Internet Usage
Information (4) Video Viewership Information Personally Identifiable Information
capable of being associated with a particular Information (PII) individual
through one or more identifiers, including but not limited to: (1) Military ID
number (2) Passport Number (if applicable) (3) Work Visa Number (if applicable)
(4) Access Codes, Pin, Password, challenge responses for individual user access
to information systems (5) Mother's Maiden Name 61 Application Service Provider
Agreement - Synchronoss and Verizon Proprietary and Confidential



--------------------------------------------------------------------------------



 
[sncr123117ex12d8066.jpg]
(6) Federal Tax ID (Social Security Number) in many cases) (7) Driver’s license
number (8)) State identification card number (9) An account number or credit or
debit card number (10) Alien registration number (11) Health insurance
identification number “Personally Identifiable Information” does not include
publicly available information that is lawfully made available to the general
public from federal, state, or local government records. Sensitive Information
Any SPI, PII or CPNI-PI, collectively or individually. Sensitive Personal One or
more of the following personal data elements that may Information (SPI) be
combined with a person’s identifying information (name, telephone number, email
address, driver’s license number, internet address, etc.): (1) Social Security
number, (2) driver’s license number or state-issued identification card number,
(3) financial account number, or credit or debit card number, with our without
any required security code, access code, personal identification number (PIN) or
password that would permit access to that person’s financial account, (4)
medical information (including, but not limited to, any information regarding an
individual’s medical history, mental or physical condition, or medical treatment
or diagnosis by a health care professional), (5) health insurance information
(i.e., an individual’s health insurance policy number or subscriber
identification number, any unique identifier used by a health insurer to
identify the individual, or any information in an individual’s application and
claims history, including any appeals records). “Sensitive Personal Information”
does not include publicly available information that is lawfully made available
to the general public from federal, state, or local government records. b)
General Definitions Industry Standard “Industry Standard” means: ) actually used
or adopted by a substantial number of comparable companies working with
comparable information of a comparable nature; ) prescribed for use by an a
governing industry standards body or group; or ) assessed by recognized experts
in the field as acceptable and reasonable. Media Destruction A process that
destroys media on which information is located 62 Application Service Provider
Agreement - Synchronoss and Verizon Proprietary and Confidential



--------------------------------------------------------------------------------



 
[sncr123117ex12d8067.jpg]
and thereby makes recovery of such information impossible, and means “destroyed”
as specified in Guidelines for Media Sanitization, National Institute of
Standards and Technology, NIST Special Publication 800-88 (NIST 800-88).
Incineration, shredding and pulverizing are all permissible physical destruction
methods in accordance with minimum standards specified in NIST 800-88. Media
that have been subject to such Destruction are “Destroyed” under these Baseline
Security Requirements. Storage Encryption Data encryption using at least using a
non-proprietary industry standard algorithm that has not been broken (AES and
3Des are acceptable encryption methods). Verizon Sensitive Information stored by
Supplier shall be protected using the following minimum encryption standards:
**** Sanitization “Sanitized” or “sanitization” is a process that removes
information from media or that renders such information irretrievable, such that
data recovery is not possible, and means “sanitized” no less effectively than as
specified in Guidelines for Media Sanitization, National Institute of Standards
and Technology, NIST Special Publication 800-88 (NIST 800-88). 63 Application
Service Provider Agreement - Synchronoss and Verizon Proprietary and
Confidential ****CERTAIN INFORMATION HAS BEEN OMITTED AND FILED SEPARATELY WITH
THE COMMISSION. CONFIDENTIAL TREATMENT HAS BEEN REQUESTED WITH RESPECT TO THE
OMITTED PORTIONS



--------------------------------------------------------------------------------



 
[sncr123117ex12d8068.jpg]
Secure Transportation Transport utilizing a licensed, bonded, secure carrier
that implements and adheres to a "chain of custody program", approved by
Verizon, for tracking the movement and disposition of storage media or other
equipment from receipt to final disposition, including tracking the following
specific items: ) Ownership of the media ) Serial number of the media )
Verification at collection/pick-up location (owner/end user) ) Driver name, date
and time Stamp ) Receipt at Supplier's location (date and time Stamp); Security
Breach The unauthorized acquisition or unauthorized use of unencrypted data, or
the unauthorized acquisition or unauthorized use of encrypted data along with
the confidential process or key that is capable of compromising the security,
confidentiality, or integrity of such encrypted data. Strong Authentication
Authentication is a process for verifying an individual and/or the individual’s
electronic identity. An individual or the individual’s electronic identity can
be certified by positively identifying any one of the following: Something they
know (an authentication code), such as a password; Something they have (an
authentication device), such as a proximity door card or a SecurID1 card; or
Something they are (physical characteristics), such as facial features, retina
pattern, or a fingerprint Strong Authentication occurs when a user is required
to submit or use at least two of these identification indicators for
verification. Supplier Devices Servers, computers, mobile devices (other than
mobile workstations), and communications equipment provided by Supplier in
connection with work under the Agreement. Supplier Staff Supplier staff includes
employees, contract employees, temporary staff, authorized subcontractors, and
employees, contract employees and temporary staff of the foregoing
subcontractors. Transport Encryption Transport encryption shall be no less
secure than encryption consisting of SSL v3 or TLS protected by a minimum of 128
bit encryption with a 1024 bit keys using Verizon approved digital certificates.
Public certificates must be used for all web-based servers. If other transport
encryption methods are utilized, they must conform to these minimum standards.
2) Information Security Program Requirements: 1 SecurID is a registered
trademark of RSA Security, Inc. 64 Application Service Provider Agreement -
Synchronoss and Verizon Proprietary and Confidential



--------------------------------------------------------------------------------



 
[sncr123117ex12d8069.jpg]
Supplier is required to maintain an information security program that at minimum
includes the following: a) One or more designated qualified employees must be
responsible to maintain the Supplier information security program. b) Supplier
must maintain written information security policies and standards that address
all information security requirements contained in the Agreement(s); that are at
minimum consistent in all material respects with the requirements of this
Exhibit and with applicable Industry Standards; and that support the
confidentiality, integrity and availability of Supplier systems, information and
business operations and the confidentiality, integrity and availability of
Verizon Sensitive Information and Confidential Information. In addition, such
policies and standards must conform to all applicable data protection laws and
regulations. c) Supplier executive management must endorse information security
polices and standards; d) Supplier Staff must receive periodic training (at
least annually) to understand Supplier’s security policies, and must acknowledge
their adherence to Supplier’s security policies. Written certification of the
periodic training and of the acknowledgement of information security policies by
Supplier employees and permitted contractors must be maintained by supplier for
inspection by Verizon upon reasonable request. e) Non-compliance with Supplier’s
information security policies must result in meaningful discipline. f) Supplier
Information Security program must include periodic education and awareness
messages to Supplier Staff that consist of relevant and timely information to
sensitize such staff to the importance of security for Sensitive Information and
Confidential Information, complying with applicable use requirements and
limitations, the proper use of Supplier’s security systems, and the requirements
of Supplier’s information security program. g) Supplier must review its security
measures on an ongoing basis, at least annually and whenever there is a material
change in business practices that may implicate the security or integrity of
records containing Sensitive Information. Such review will identify and assess
reasonably foreseeable internal and external risks to the security,
confidentiality and/or integrity of any electronic, paper or other records
containing Sensitive Information. h) Supplier must regularly monitor its
security measures to identify and assess reasonably foreseeable risks to the
security, confidentiality and/or integrity of Sensitive Information and to
ensure that its information security program is operating in a manner reasonably
calculated to prevent unauthorized access to or unauthorized use of Sensitive
Information, and to ensure that the security program continues to comply with
applicable laws. Supplier will promptly notify Verizon of any findings of
deficiencies in its security program and of its plans mitigating such
deficiencies, and Supplier will upgrade its information security safeguards as
necessary to minimize the risks associated with those deficiencies. 65
Application Service Provider Agreement - Synchronoss and Verizon Proprietary and
Confidential



--------------------------------------------------------------------------------



 
[sncr123117ex12d8070.jpg]
i) Supplier must, no less often than annually, audit each computer (PC or
workstation) that is connected to the Verizon corporate network or to Verizon
servers to verify that each such computer has the antivirus and firewall
capabilities and the periodic updates thereto required in this Exhibit. Supplier
must immediately remedy any non-conforming computer before it is reconnected
with the Verizon corporate network or a Verizon server. Supplier must maintain
the results of such audits, including records of non-conformities found and
their remediation, for no less than three years, and provide those results to
Verizon on request. j) Supplier must flow down to all permitted subcontractors
the obligation to comply with this Exhibit. 3) Physical Security Requirements
(Suppliers conducting information processing of Verizon Sensitive Information at
Supplier Premises) a) Personnel Security i) To the extent Supplier Staff are
provided access to Verizon computers, systems, servers, systems and resources
(“Verizon Resources”) in order to perform services for Verizon, Supplier must
ensure that such staff are notified that they are not entitled to privacy
protection if they access such Verizon Resources, and that access to and
communications with Verizon Resources may be monitored by Verizon. b) Facilities
Access Control i) Supplier must have controls in place to allow only authorized
individuals into Supplier facilities where Verizon Sensitive Information and/or
Confidential Information is stored or is accessible. ii) Facility access control
systems must be secured from tampering, circumvention or destruction. iii)
Facility access control systems must be maintained at all times in functional
order and must be updated or changed if they become compromised or ineffective
(for example, if keys are stolen, the locks should be changed). iv) Facility
access controls must be Industry Standard, and should include some or all of the
following elements: (1) Issuance of employee or contractor identification
badges; (2) Use of smartcards or other electronic or physical identity
verification systems (pin/key access locks, biometrics, etc.); (3) Use of
dedicated security personnel who control access to the Supplier’s facilities;
(4) 24x7 main lobby security guard station; (5) Locks on all ground floor
windows; (6) Alarmed locks on all external doors; and (7) Use of CCTV on all
entrances and entrances to data computing facilities, to include ninety (90)
days of video storage. 66 Application Service Provider Agreement - Synchronoss
and Verizon Proprietary and Confidential



--------------------------------------------------------------------------------



 
[sncr123117ex12d8071.jpg]
v) Visitors accessing the facility must be managed in accordance with the
following practices: (1) Visitors to Supplier facilities must be registered in a
visitor log. The log should document the visitor’s name, the firm represented,
and the employee authorizing physical access on the log. The log should be
retained for inspection by Verizon for a minimum of three months, unless
otherwise restricted by law. (2) Visitors should be issued temporary
identification badges specific to the length of the expected visit in the
facility. Visitor identification badges must be returned upon the visitor’s
departure. (3) Temporary visitor identification should be noticeably different
from Supplier’s normal employee and contractor identification. (4) Supplier must
inform employees of the approved formal policies for granting access to visitors
at Supplier facilities. (5) Any visitor to a Supplier facility that accesses
areas where Verizon Sensitive Information and/or Confidential Information is
stored, processed or transmitted must be accompanied and supervised at all times
by a Supplier employee who is specifically authorized to access confidential
Verizon data. (6) Prior to granting a visitor to a Supplier facility access to
any computer, server or system containing Verizon Sensitive Information and/or
Confidential Information, access by each such visitor must be approved in
writing by the designated Verizon contact, and the visitor must be positively
identified as the person for whom Verizon has given such approval. (7) Under no
circumstances may visitors be left unattended in an area where they have
physical access to equipment that handles Verizon Sensitive Information and/or
Confidential Information. c) Facilities Access Monitoring: i) The Supplier
should utilize appropriate levels of monitoring equipment in public areas of
their facilities to ensure the auditing of Supplier facility entry and exit
activity can be performed. ii) For all Supplier access control and monitoring
installations, appropriate safeguards and retention of records should be
implemented to ensure the integrity of the systems and the availability of the
records if the need arises. d) Separate Information Processing Environments At a
minimum, the following physical security and access controls must be implemented
and maintained throughout the terms of the engagement: i) Verizon Sensitive
Information and/or Confidential Information must not be processed on servers
that are accessible in general business areas of Supplier’s facility and must be
isolated in dedicated information processing areas with independent physical,
monitoring, environmental and health and human safety systems (referred to as a
“Computer Room”). 67 Application Service Provider Agreement - Synchronoss and
Verizon Proprietary and Confidential



--------------------------------------------------------------------------------



 
[sncr123117ex12d8072.jpg]
ii) Access to any information processing area where Verizon Confidential and/or
Sensitive information is processed must be restricted to authorized Supplier
personnel only. iii) Supplier must implement physical access policies and
procedures to ensure that physical access is revoked when it is no longer needed
or appropriate (for example, immediately removing access for separated employees
or removing access for employees who are no longer authorized to access Verizon
Confidential and/or Sensitive Information). Removal of Physical Access should
occur in a timely manner not to exceed 24 hours. iv) Supplier must employ
technical and organizational mechanisms to prevent unauthorized copying of
Sensitive Information within Information Processing Environments. These
mechanisms shall include disabling/restricting local ports so as to prevent
downloading of data onto removable USB drives, MP3 players or similar devices,
restrictions on uploading or file transfer from the facility to unauthorized
recipients, and a prohibition on the use of cameras (excluding CCTV security
unit) and other screen capture devices. e) Computer Room Physical Security
Requirements Computer room facilities where Verizon Sensitive Information and/or
Confidential Information is stored, processed or transmitted must implement the
following information security controls: i) All computer room doors must be
secured to prevent unauthorized access into the room. ii) Each computer room
door must have signs on both sides indicating it is to be closed and locked with
a contact to notify if it is found unsecured. iii) Supplier Staff must be
instructed to immediately report unsecured doors. iv) Supplier must implement a
reliable process of designating staff access to Computer Rooms. v) Supplier
Staff should only be authorized to enter a Computer Room for a legitimate
business need and a record of the individual’s identity, justification and
duration of access should be maintained. vi) A separate electronic access
control system utilizing strong authentication should be installed on Computer
Room doors that will only allow authorized personnel access to the room, unless
access to the room is controlled 24 hours a day, 7 days a week, by a guard. (1)
The access control system must be secured against tampering. (2) The access
control system must log the entry and exit of staff for each time the door is
opened. Entry and exit logs should contain a reliable time stamp, room location
and identification of the person who gained access or exited the room. (3) The
access control system should alert security staff in the event that a secured
door has been open beyond a reasonable amount of time (for example, by being
propped open and unattended). 68 Application Service Provider Agreement -
Synchronoss and Verizon Proprietary and Confidential



--------------------------------------------------------------------------------



 
[sncr123117ex12d8073.jpg]
vii) Supplier should periodically review access records to ensure that access
controls are being enforced effectively. Any discrepancies or unauthorized
access must be investigated immediately by Supplier information security
personnel and reported to the Verizon Sponsor. viii) Supplier should
periodically review CCTV video storage to ensure that access controls are being
enforced effectively to prevent unauthorized entry. Any unauthorized access must
be investigated immediately by Supplier information security personnel and
Supplier must provide Verizon notice of such breach of security in accordance
with this Exhibit. f) Asset Disposal and Reclamation i) Upon conclusion or
termination of Supplier’s work for Verizon, at Verizon’s option Supplier must
either: (1) Sanitize or Destroy all copies of all Verizon information maintained
under the Agreement or an applicable Order or Statement of Work (collectively,
“work agreement”), including all backup and archival copies, or (2) return to
Verizon all copies of all Verizon information maintained under work agreement,
as well as all backup and archival copies. ii) When no longer required for
performance under the Agreement and prior to disposition, recycle, or resale,
electronic and non-electronic (hardcopy) media containing Verizon Sensitive
Information and/or Confidential Information shall be rendered unreadable and
unrecoverable by Sanitization or Destruction. iii) All non-electronic media
containing Verizon Sensitive Information and/or Confidential Information must be
Destroyed utilizing a cross cut shredder. iv) All electronic media containing
Verizon Sensitive Information and/or Confidential Information shall be destroyed
or rendered unusable when such information is no longer required for performance
under this agreement and prior to disposition, recycle or resale, using methods
that prevent access to information stored in that type of media. At minimum,
media containing Verizon Sensitive Information and/or Confidential Information
shall be “sanitized” in accordance with NIST Special Publication 800-88.
Although Verizon prefers that data be disposed of in a manner consistent with
“Destruction”, at a minimum, electronic media that at any point contains Verizon
Confidential and/or Sensitive Information must be disposed in a manner
consistent with “Sanitization” requirements in the NIST standard. Additionally
the following minimum standards must be met: (1) All tape must be incinerated or
degaussed with a degausser that meets the performance standards provided by the
US National Security Agency (NSA) which can be found at
http://www.nsa.gov/ia/_files/Government/MDG/NSA_CSS-EPL- 9-12.PDF. (2) When
Sanitizing magnetic or flash media, the preferred method of Sanitization is to
perform a Secure Erase (to be used only for ATA Drives and SCSI drives, where
technically feasible - available from the University of San Diego CMRR, at 69
Application Service Provider Agreement - Synchronoss and Verizon Proprietary and
Confidential



--------------------------------------------------------------------------------



 
[sncr123117ex12d8074.jpg]
http://cmrr.ucsd.edu/people/Hughes/SecureErase.shtml). Alternatively, if Secure
Erase is technically inappropriate or is not used, a minimum of a three pass
block erasure shall be utilized that removes the data from magnetic disk media
by sequentially overwriting all addressable locations in the following manner,
and then verifying the same by a disk read: (i) overwriting with a random
pattern; (ii) overwriting with binary zeros; and (iii) overwriting with binary
ones. The National Institute of Standards and Technology and Federal Agencies
Security Practices initiative (FASP) have specified the Active KillDisk
software, http://www.killdisk.com/eraser.htm, as a compliant sanitization tool
for IDE, SCSI and ATA drives. (3) Optical Disk media must be destroyed. (4)
Removal of non-functional electronic storage media: Non- functional electronic
storage media (e.g., a failed drive) may not be capable of Sanitization, and
therefore must be either returned to Verizon or Destroyed. When removing
non-functional electronic storage media from a Verizon or Supplier facility,
Supplier may Destroy the media onsite prior to removal as specified herein. If
the electronic storage media are not Sanitized or Destroyed, and must be removed
from the Verizon or Supplier premises without such sanitization or destruction,
Supplier shall utilize Secure Transportation to a Verizon or other disposal
site. Supplier shall track disposition of the media (e.g., Destroyed by
Supplier, Sanitized by Supplier, conveyed to a Verizon-authorized third party
for Destruction, etc.) and provide to Verizon a Certificate of Sanitization
(COS) and/or Certificate of Destruction (COD) upon completion of the
Sanitization, or Destruction. v) Required Records: Supplier shall maintain
records at the serial number level for four years of all receipts and
disposition which identify the media (or computing assets) being processed. All
records pertaining to the disposition of each of the media or computing assets
must be available for audit and verification by Verizon during this four year
period. The Supplier must provide reports monthly to Verizon g) Shipment of
Sensitive Information: i) Non-Electronic Sensitive Information: Whenever
possible, Sensitive Information in non-electronic form should be converted to
electronic form for secure transmission in accordance with this Exhibit, and all
non-electronic hard copies Destroyed as specified in this Exhibit. If such
conversion is impracticable, Sensitive Information in non-electronic hardcopy
form must be shipped in the United States using U.S. Postal Service Registered
Mail with return receipt, or the substantial equivalent thereof by a licensed
overnight courier or delivery service. Any shipment of Sensitive Information in
non- electronic (hardcopy) form between a United States and foreign point must
be specifically pre-approved by Verizon in writing and must be shipped in
accordance with such instructions as Verizon provides in its approval. 70
Application Service Provider Agreement - Synchronoss and Verizon Proprietary and
Confidential



--------------------------------------------------------------------------------



 
[sncr123117ex12d8075.jpg]
ii) Electronic Media containing Sensitive Information: If electronic media
containing Sensitive Information are shipped, the Sensitive Information must be
encrypted using Storage Encryption unless shipped in accordance with the Secure
Transportation requirements herein. 4) Logical Security Requirements (Suppliers
conducting information processing of Verizon Information) a) Logical Access
Control Supplier must develop logical access controls for all computing systems
handling Verizon Confidential and/or Sensitive Information. Logical Access
controls must include: i) The assured enforcement of authentication controls to
limit access to information systems to only those individuals who are currently
active and who are authorized to access a given information system. ii) A secure
and reliable method of enforcing authorization controls which limit access to
Verizon Sensitive Information and Verizon Confidential Information to only
previously-authorized Supplier Staff. iii) Use of the “principle of least
privilege” model for access, enabling Supplier personnel to access only such
information and resources as are necessary when they perform under the Agreement
for the role assigned to the authorized user, iv) A process of controlling User
IDs and other identifiers to ensure they are unique among users and are not
shared. Note: Sensitive Personal Information must not be used as an
authentication or an authorization mechanism to obtain a password, or for log in
rights or for access to any application, system, website or database owned or
operated by Verizon or on Verizon’s behalf. The last four digits of a Social
Security number, passwords, PINs, challenge responses and/or access codes are
permitted to be used for such purposes in conjunction with other data. v) A
process which will immediately terminate access by an employee or contractor who
no longer requires access to perform under the Agreement (e.g., a terminated or
reassigned employee/contractor). vi) Periodic review of access, authorization
and other applicable monitoring logs on all systems to ensure the access control
and authentication systems are performing as expected. vii) Processes that
utilize industry standard password selection and aging procedures to limit
opportunities for compromise of password security. Such password procedures
should include but not be limited to the following: (1) A process to ensure that
no user or information system may utilize Supplier-supplied default account
passwords. (2) A secure method of assigning and selecting passwords or other
unique identity validation values, such as biometric registration values or the
issuance of one-time-password token devices. 71 Application Service Provider
Agreement - Synchronoss and Verizon Proprietary and Confidential



--------------------------------------------------------------------------------



 
[sncr123117ex12d8076.jpg]
(3) Limit repeated access attempts by locking out the user ID after not more
than six (6) attempts with a thirty (30) minute minimum lockout duration (4)
Verification of user identity before password resets; (5) All passwords must be
have first-time passwords set to a unique value for each user and change
immediately after the first use; (6) Inactive accounts must be disabled after 90
days; (7) Password must be changed at least every ninety (90) days; (8)
Passwords must be at least eight (8) characters and must include letters and
numbers; (9) Supplier must require users to submit passwords that are different
than any of the last four (4) passwords the individual has used; (10) If a
session has been idle for more than fifteen (15) minutes, require the user to
re-enter the password to reactivate the terminal. (11) Control and encrypt with
a 1-way hash, data security passwords to ensure that such passwords are kept in
a location and/or format that does not compromise the security of the data they
protect. b) Access Logging and Monitoring i) Supplier must maintain electronic
logs of persons accessing Verizon Confidential and/or Sensitive Information
depicting the details of the access and transactional changes made. ii) Logs
must be maintained for inspection by Verizon for a minimum of ninety (90) days.
iii) Logs shall be stored centrally on Supplier owned or controlled systems that
cannot be altered by users or privileged users. iv) At a minimum logs shall
capture the following information for all access to Verizon Confidential and/or
Sensitive Information: (1) Unique user ID; (2) Login/Logout time; (3)
System/data set accessed; (4) Failed login attempts; (5) Activity (for
privileged users such as data base administers, system administrators, etc.)
including changes to permissions, changes to data, etc.) v) Access logs shall be
reviewed by Supplier at least daily and provided to Verizon for inspection upon
reasonable request. Alternatively, log parsing tools which automatically
generate alerts based on information security rules 72 Application Service
Provider Agreement - Synchronoss and Verizon Proprietary and Confidential



--------------------------------------------------------------------------------



 
[sncr123117ex12d8077.jpg]
may be utilized provided that alerts are reviewed and appropriate action is
taken, at least daily. c) Network and Communications Security The Supplier must
develop and implement network and communications security policies, procedures
and technology to control and detect potential network and communications
information security system issues and failures. At a minimum, Supplier must
have: i) Firewall controls at appropriate points in the Supplier network to
control the ingress and egress of communications and data to environments
containing Verizon Sensitive Information and/or Confidential Information. At a
minimum, Network Firewalls must protect all connections to open, public
networks. System Security Patches and updates for Firewalls must be implemented
in a timely manner not to exceed 30 days following release. ii) Supplier must
employ industry standard intrusion detection systems (IDS) for any environment
into which Sensitive Information will be placed. (1) Network IDS must be placed
on network connection points between the Supplier environment containing the
Verizon Confidential and/or Sensitive Information and other network
environments. Alternatively, Host- Based IDS may be placed on all computing
assets storing, processing or transmitting Verizon Confidential and/or Sensitive
Information. (2) IDS must be configured with business rules appropriate to the
environment and must be configured to generate alerts immediately. (3)
Signatures and software for IDS must be kept current and up to date. (4) IDS
alerts must be reviewed at least daily by trained security personnel. iii)
System Segmentation (1) Information systems storing, processing or transmitting
Sensitive Information must be logically isolated from systems that handle other
companies’ information. For example, Supplier must use separate database server
instances for the processing of Verizon data or must use separate virtual
operating system images than those used or accessed by other companies who the
Supplier may also service. (2) At no time may Verizon Sensitive Information
and/or Confidential Information be housed on a server shared by companies other
than the contracting Supplier. For example, a shared web server that is used by
several companies and maintained by an Internet Service Provider must not be
used to house Verizon data. This requirement also applies to “cloud-based”
services. (3) Internet-facing web servers must be dedicated to this task, and
must not host internal (intranet) applications for the Supplier. 73 Application
Service Provider Agreement - Synchronoss and Verizon Proprietary and
Confidential



--------------------------------------------------------------------------------



 
[sncr123117ex12d8078.jpg]
iv) Transport Encryption for all electronic communications that contain
Sensitive Personal Information, and Transport Encryption for Verizon
Confidential and/or Sensitive Information that traverses networks outside of the
direct control of the Supplier or Verizon (including, but not limited to, the
Internet, WI-FI and mobile phone networks). v) Transport encryption of all data
containing Sensitive Information to be transmitted wirelessly. vi) Policies,
procedures and appropriate technology solutions to ensure all systems receive
and apply the most current security updates on a regular basis. vii) No remote
access to Sensitive Information, from home or other location that is not at the
premises of the Supplier or Verizon shall be permitted without the specific
authorization of Verizon, and such authorization will be conditioned on measures
that maintain the security of such Sensitive Information and that prevent
unauthorized access thereto, or unauthorized copying or retention thereof. All
remote access to Sensitive Information must require Strong Authentication and
Encrypted transmissions. viii) Logical Security Requirements when connecting
Supplier controlled devices to Verizon Networks (1) All Supplier Devices to be
used to connect to the Verizon Network must be either provided by Verizon or
alternative must be owned or leased by the Supplier (personally-owned equipment
may not be used to perform work for Verizon). (2) Supplier personnel accessing
Verizon networks must not have any concurrent access to other non-Verizon
networks from their workstation(s) while connected to Verizon’s Network unless
that access is through the Verizon Network. (3) All computing device remote
access to the Verizon Network must utilize approved Verizon Virtual Private
Networks including Client-based access, transport encryption and strong
authentication. (4) Supplier Devices must not traverse any unencrypted wireless
networks while attaching to the Verizon network. All wireless connections should
utilize transport encryption utilizing WPA2 in enterprise or PSK mode at a
minimum (WEP encryption is not permitted). d) Information Systems and Device
Management i) General Requirements (1) All Supplier Devices used to store,
process or transmit Verizon Confidential and/or Sensitive Information, and/or to
provide information services to Verizon in connection with work under the
Agreement, must either be provided by Verizon or alternatively, must be owned or
leased by the Supplier (personally-owned equipment may not be used to perform
work for Verizon). 74 Application Service Provider Agreement - Synchronoss and
Verizon Proprietary and Confidential



--------------------------------------------------------------------------------



 
[sncr123117ex12d8079.jpg]
(2) All assets controlled by Supplier used to perform work for Verizon must be
tracked using an inventory management system including the following
information. a. Name, location, retention schedule, and Verizon-assigned data
classification level (as described in the Verizon Data Classification in Section
6 of CPI-810) of the information asset such as a database or file system. b. A
knowledgeable individual owner of each information asset (the default owner of
an information asset is its creator) c. Computer systems (i.e. Servers – Host
Name/IP Address) that house Verizon data d. Storage encryption status for any
Sensitive Information (both at rest and on any back up media). (3) All Supplier
Devices used to perform work for Verizon should be centrally managed by the
Supplier. (4) All Supplier Devices used to perform work for Verizon must be
managed for the application of operating system and applicable software patches.
Critical operating system and software security patches must be installed in a
timely manner not to exceed one (1) month following release for public
availability. (5) All Critical Security Patches for workstations shall be
installed within 7 days of publication from the software or hardware vendor. (6)
All Supplier Devices shall have current antivirus software installed (if
technically feasible) and configured to check for updates on a daily basis at a
minimum. (7) All Supplier Devices that connect to the Internet shall have a
personal firewall or its equivalent enabled and configured to only allow
connections to authorized business applications. By default, the personal
firewall must use a default deny rule that blocks inbound traffic that is not
specifically allowed in the course of a specific communication (8) All Supplier
mobile computing devices (notebook computers, PDAs, etc.) and portable storage
devices (portable drives, flash drives, thumb drives, optical disc media, etc.)
used to store or process Verizon Sensitive Information and/or Confidential
Information must have “whole disc” or other device Storage Encryption enabled
for internal as well as peripheral and removable media. Encryption keys for
mobile computing devices and portable storage devices must be kept in escrow and
sufficiently protected by the Supplier to enable forensic recovery of data on
any protected device. Whole disk Encryption should be implemented with a
Pre-Boot authorization configuration. (9) Supplier personnel must not
communicate, store or process any Verizon confidential data on any email,
storage or processing 75 Application Service Provider Agreement - Synchronoss
and Verizon Proprietary and Confidential



--------------------------------------------------------------------------------



 
[sncr123117ex12d8080.jpg]
repository that is outside of the direct ownership and control of Supplier. For
example, the use of personal web email accounts, web-based backup services,
Internet-based document editing or public cloud-based computing services are
prohibited without express written permission from the Verizon Sponsor. (10)
Sensitive Information data should not be stored or used in testing or other
non-production environments. If this use is required, an authorized exception
permitting such use must granted in writing by Verizon, and such data must
either be (a) masked so that it no longer meets the definition of Sensitive
Information, or (b) protected using controls against unauthorized access,
copying or viewing that are comparable to those required for the protection of
Sensitive Information in production environments. ii) Data Storage Requirements
(1) Data Obfuscation a. All Sensitive Personal Information and Personally
Identifiable Information at rest must be encrypted using Storage Encryption.
CPNI-PI should also be encrypted using Storage Encryption. Storage Encryption of
the device on which such information is stored will satisfy these requirements.
b. Data Replacement (e.g. SAFE) or field level masking may be acceptable methods
of obfuscation. Such methods must be approved in writing by Verizon prior to
implementation. (2) Encryption Key Management a. Supplier shall implement key
and seed management procedures that enable Verizon Confidential or Sensitive
Information to be retrieved if the person who encrypted such data is unable or
unwilling to decrypt the data. b. Keys and seeds shall be properly protected,
using either physical procedures including very limited access control,
separation of duties and logging/monitoring key access or encryption no less
robust than is required for Supplier’s own most highly confidential or Sensitive
Personal Information and not accessible by unauthorized personnel. c.
Additionally, Supplier shall require split keys for all key encryption such that
one person does not have the full key for any data encrypted at rest. Generally,
Encryption Keys should also be encrypted. d. Supplier shall maintain a written
and tested process for key rotation on a periodic basis (at least annually) or
in event of compromise (does not apply to keys for data stored in offsite
backup). iii) Data Backup Requirements 76 Application Service Provider Agreement
- Synchronoss and Verizon Proprietary and Confidential



--------------------------------------------------------------------------------



 
[sncr123117ex12d8081.jpg]
(1) Verizon Sensitive Information and/or Confidential Information must be backed
up on separate tapes/drives than data belonging to or accessed by other
companies. (2) Backups must be encrypted with Storage Encryption that
accommodates key escrow by supplier (3) Backup media must be physically secured
against theft or tampering and must implement physical controls that comply with
all applicable state and federal requirements. (4) Chain of custody records must
be maintained for all backup media containing Verizon Sensitive Information
and/or Confidential Information moving to offsite storage of backups (5)
Supplier must ensure that all backup media is tracked and must ensure that
contractual data destruction requirements can be met. 5) Coding Practices a)
Supplier must disclose to Verizon all open source code utilized to develop
custom code and provide Verizon an opportunity to review all such open source
code prior to its utilization within or with custom developed code. b) Supplier
shall implement peer review throughout the development process and make use of
code review tools to ensure secure coding and to identify malicious code or code
misconfigurations. 6) Business Continuity Planning/Disaster Recovery (BCP/DR)
for Suppliers performing Information Processing at Supplier Locations a) So that
the business processes may be quickly re-established following a disaster or
outage, Supplier must maintain an updated inventory of all critical production
systems and supporting hardware, applications and software, projects, data
communications links, and critical staff at both primary and secondary sites. b)
To the extent Verizon has contracted for BCP/DR services from Supplier, Supplier
must ensure preparation, maintenance, and regular test of a BCP/DR plan that
ensures that all critical computer and communication systems will be available
in the event of emergency or a disaster, and meet service level and recovery
time and recovery point objectives. c) To the extent Verizon has contracted for
BCP/DR services from Supplier, BCP/DR plans must be tested at least annually,
and all test results must be periodically reported to Verizon. d) Any emergency
event-related disruption of business activities must be reported forthwith to a
designated Verizon contact. 7) Notification of Breach of Security a) Supplier
must maintain an internal or third-party professional security service with the
capability of investigating, responding to and mitigating any potential or
actual security incidents within Supplier’s area of operations that involves
Verizon Sensitive Information and/or Confidential Information throughout the
period of 77 Application Service Provider Agreement - Synchronoss and Verizon
Proprietary and Confidential



--------------------------------------------------------------------------------



 
[sncr123117ex12d8082.jpg]
time in which Supplier maintains such information in its systems or facilities
(or those of permitted subcontractors). b) The supplier’s incident response team
must have documented formal procedures that comply with Industry Standards and
applicable laws addressing investigation and response to information security
incidents. The procedures must include documentation describing the steps taken
to correct discovered breaches. c) Supplier’s information security policies and
procedures must require the immediate reporting of suspected or actual
violations of policy to an appropriate Supplier security contact. d) Supplier
must establish and maintain an easily understandable procedure for Supplier
Staff to report security incidents to an appropriate Supplier security contact,
and for such information to be reported to a designated Verizon contact. e)
Supplier must as soon as practicable, not to exceed two hours following
discovery of an unauthorized disclosure or security breach, notify and update
Verizon via electronic mail to security.issues@verizon.com such of such
disclosure or breach, with confirmation sent to the contract notice addressee
set forth in the Agreement by the means set forth therein, of: i) Any Security
Breach or other actual or threatened unauthorized access or release of Verizon
Sensitive Information or Confidential Information or to the systems holding or
providing access to such Verizon information. ii) Any occurrences of viruses and
malicious code, not mitigated by deployed detection and protection measures, on
any workstation or server used to provide services under the Agreement or
applicable statement of work or Order thereunder. f) Following notification to
Verizon in accordance with the previous subsection, or notification to Supplier
by Verizon of a security incident or breach that Verizon reasonably believes was
caused by Supplier, Supplier must: provide regular updates to Verizon;
investigate the incident or potential breach of security; report the results of
such investigation to Verizon; cooperate with Verizon in any Verizon
investigation of the breach and the effects thereof; allow Verizon to inspect
Supplier computers that Verizon reasonably believes caused or were involved in
the breach; and implement corrective measures to prevent future breaches. g)
Notwithstanding its notification(s) to Verizon, Supplier must comply with all
applicable notification requirements imposed by law, including but not limited
to notification requirements under federal and state laws protecting privacy. 8)
Audit Compliance and Verizon’s Right to Audit Supplier Operations a) Supplier
must be prepared to provide necessary confirming documentation in support of
Verizon’s external audits (such as Sarbanes-Oxley or PCI) upon Verizon’s request
pursuant to the terms of the Agreement. b) Supplier must permit Verizon to audit
its security controls periodically, not more than once per calendar year or
other period specified in the Agreement, and reasonably cooperate with Verizon
in such audit. c) Supplier must provide copies of relevant security policy,
process, and procedure documents to Verizon for review and audit purposes upon
request. Verizon may 78 Application Service Provider Agreement - Synchronoss and
Verizon Proprietary and Confidential



--------------------------------------------------------------------------------



 
[sncr123117ex12d8083.jpg]
review and recommend reasonable changes, and Supplier must amend the policies or
respond with mitigating controls and responses within a reasonable time period
for mutually agreed to changes. 79 Application Service Provider Agreement -
Synchronoss and Verizon Proprietary and Confidential



--------------------------------------------------------------------------------



 
[sncr123117ex12d8084.jpg]
EXHIBIT C- 2 – VERIZON WIRELESS NETWORK SECURITY REQUIREMENTS 1. DEFINITIONS The
terms defined in this Section shall have the meanings set forth below whenever
they appear in this Exhibit, unless the context in which they are used clearly
requires a different meaning or a different definition is described for a
particular Section or provision: 1.1. “Confidential Information” shall mean:
Verizon customer data and proprietary network information, data pertaining to
Verizon systems, networks, services, and the security controls implemented on
those systems and networks, data pertaining to Verizon employees, Verizon
proprietary and/or trade secret information, and any other information or data
labeled as confidential or proprietary under the terms of the Agreement. 1.2.
“Industry-standard” shall mean: an accepted set of best practices that are (1)
used or adopted by a substantial number of companies that are engaged in a
similar type of business (“comparable companies”) to manage information of a
similar type; (2) prescribed for use by a governing industry standards body or
group; or (3) established by recognized experts in the field as being acceptable
and reasonable. 1.3. “Penetration Test” shall mean: part of the Risk Assessment
Process whereby highly skilled, experienced and trained person(s), known as
“white-hat hackers”, engage in a coordinated and planned attack on computer
systems and networks to discover potential vulnerabilities and ensure the
logical controls can withstand deliberate attempts to be circumvented. 1.4.
“Program” shall mean: the documented and exercised processes and procedures for
accomplishing common objectives and monitoring such accomplishment, which may be
updated from time to time. 1.5. “Risk Assessment Process” and “Risk Assessment”
shall mean: a documented and exercised process used to identify the risks to
system security and determine the probability of occurrence, the resulting
impact, and identify additional safeguards or modifications that would eliminate
and/or adequately mitigate this impact. 1.6. “Risk Management Program” shall
mean: the documented and exercised process for identifying, controlling, and
mitigating information system related risks. It includes Industry-standard
qualitative and/or quantitative Risk Assessment Process; cost-benefit analysis;
and the selection, implementation, testing, and evaluation of safeguards,
including a determination of steps required to meet the four security goals of
Security Assurance. 1.7. “Security Assurance” shall mean: grounds for confidence
that the four security goals (i.e., integrity, availability, confidentiality,
and accountability) have been adequately met by a specific computer system.
“Adequately met” includes (1) functionality that performs correctly, (2)
sufficient protection against unintentional errors (by users or software), and
(3) sufficient resistance to intentional penetration or bypass. 80 Application
Service Provider Agreement - Synchronoss and Verizon Proprietary and
Confidential



--------------------------------------------------------------------------------



 
[sncr123117ex12d8085.jpg]
1.8. “Threat-source” shall mean: either (1) intent and method targeted at the
intentional exploitation of a Vulnerability or (2) a situation and method that
may accidentally trigger a Vulnerability. 1.9. “Threat Analysis” shall mean: the
examination and documentation of threat-sources against system Vulnerabilities
to determine the potential threats applicable to a specific computer system in a
particular operational environment. 1.10. “Vulnerability” (or “Vulnerabilities”
in the plural) shall mean: a flaw or weakness in computer system functionality,
design, implementation, internal controls, or security procedures that could be
exercised (accidentally triggered or intentionally exploited) and result in a
security breach or a violation of the system’s security policy. 2. GENERAL
REQUIREMENTS 2.1. This Security Requirements Exhibit (“Exhibit”) is applicable
to all relevant aspects of Supplier’s performance under the Agreement ,
including without limitation the development, offering, use and/or maintenance
of any service, software or other product there under, and any future releases,
versions, updates, enhancements and modifications thereto (“Software” or
“Hardware”, as the case may be). 2.2. Supplier will at all times implement and
maintain Industry-Standard administrative, physical and technical security
controls, which will be followed in all relevant aspects of Supplier’s
performance under the Agreement. Such controls will be sufficient in nature and
scope to protect (1) the confidentiality, integrity and availability of
Verizon’s Confidential Information as well as (2) the availability and integrity
of Verizon’s service, network and operations. 2.3. Supplier shall comply with
the administrative, physical and technical security controls as described in
this Exhibit and in Verizon’s Security Standards & Policies (“Verizon
Policies”). Supplier shall request from Verizon all revised and additional
Verizon Policies applicable to Supplier’s Software and Hardware before execution
of each new work order. 2.4. Notwithstanding anything to the contrary, for such
changes or additions to Verizon Policies applicable to Supplier’s Software and
Hardware, the parties shall review such documentation for change and exceptions
that impact the Software or Hardware. A Change Request may be required for
implementation by Supplier of any such changes to the Verizon Policies. 2.5. For
each given Authorization Letter, Verizon Policies applicable to the Software and
Hardware supporting the Platform under such Authorization Letter shall be set
forth in an exhibit to the Authorization Letter as well as any exceptions to
this Exhibit or other terms and conditions agreed upon by the Parties pertaining
to Verizon Policies or the Information Security Policy. 3. CONFIDENTIAL
INFORMATION 3.1. Supplier warrants that Verizon’s Confidential Information shall
only be used for the purposes specified under the Agreement. Supplier’s
obligation to 81 Application Service Provider Agreement - Synchronoss and
Verizon Proprietary and Confidential



--------------------------------------------------------------------------------



 
[sncr123117ex12d8086.jpg]
protect Verizon’s Confidential Information in accordance with the provisions of
this Exhibit shall survive indefinitely. Upon expiration or termination of the
Agreement, Supplier shall promptly return and/or securely destroy all Verizon
Confidential Information except as required by law. 3.2. Supplier shall take
appropriate measures to secure Verizon Confidential Information, both during
transit and in storage by using Industry-standard mechanisms for protection
(e.g., encryption). This protection shall also include all forms of portable
media (e.g. flash/usb drive, laptop, CD, DVD, Blu-ray, portable hard drive,
cell/smart phone, MP3 player and etc.) 4. INFORMATION SECURITY POLICIES AND
PROGRAM Supplier shall implement and maintain a comprehensive and
Industry-standard Risk Management Program, including without limitation the
following: 4.1.1. Supplier shall have an information security policy which
describes the security and privacy controls that Supplier currently implements
in its operations to comply with all applicable Verizon Policies and this
Exhibit (“Information Security Policy”). Supplier shall establish and maintain a
Risk Management Program to implement its Information Security Policy, which
shall include without limitation the following: 4.1.1.1. A Risk Assessment
Process which shall ensure that Supplier’s operating environment, development
environment, systems, applications, networks and procedures are regularly
evaluated to identify and remediate security Vulnerabilities. 4.1.1.2. A Program
for intrusion and security breach detection, prevention and incident response.
4.1.1.3. A Program for configuration management of systems, network and
applications. 4.1.1.4. A Program for the implementation and administration of
logical access control(s) to data, systems and network. 4.1.1.5. A Program for
the implementation and administration of physical access control(s) to
facilities and data. 4.1.1.6. Supplier shall, at minimum, annually review the
Risk Management Program using an internal or external auditor to assess
compliance with the requirements under its Information Security Policy. 5.
SECURE DEVELOPMENT LIFECYCLE Supplier’s controls associated with the
development, pre-production testing and delivery of any and all Software and
Hardware shall include, without limitation, Supplier’s obligation to: 5.1.
Implement Industry-standard security controls for its operating environment,
systems, networks and all facilities in which the Software is being developed
and/or hosted. 82 Application Service Provider Agreement - Synchronoss and
Verizon Proprietary and Confidential



--------------------------------------------------------------------------------



 
[sncr123117ex12d8087.jpg]
5.2. Develop, implement, and comply with Industry-standard secure coding best
practices. 5.3. Establish processes, including as appropriate, using
Vulnerability source code scanners, operating system security benchmarking
tools, web application scanners or other tools or techniques, or information
acquired through Industry-standards organizations, to assess the Software or
Hardware for security Vulnerabilities prior to production release. 5.4. Follow
Industry-standard practices to mitigate and protect against all known and
reasonably predictable security Vulnerabilities, including but not limited to:
(1) unauthorized access, (2) unauthorized changes to system configurations or
data, (3) disruption, degradation, or denial of service, (4) unauthorized
escalation of user privilege, (5) service theft, and (6) unauthorized disclosure
of Confidential Information. 5.5. Supplier must ensure all security features and
configurations survive any update, modification or upgrade to Software and
Hardware or are replaced with features and configurations that meet the
requirements of this Exhibit, unless prior written consent is obtained from
Verizon. 6. SECURITY ASSURANCE Supplier shall maintain a Risk Assessment Process
which demonstrates the Security Assurance of Supplier’s Software and Hardware.
This Process shall include, but is not limited to: 6.1. Supplier must, at
Verizon’s cost, coordinate and conduct a Risk Assessment of its Software and
Hardware using a Certified Verizon third- party security testing vendor. This
Risk Assessment must be completed **** prior to the initial delivery of Supplier
Software and Hardware, respectively or as otherwise agreed upon by the Parties
in writing. Supplier shall thereafter, at Verizon’s cost and discretion, repeat
this Risk Assessment at the earlier of (1) every major version release or (2)
annually for all Software and Hardware deployed in the Verizon network or hosted
by Supplier. This Risk Assessment shall include the following: 6.1.1. A Threat
Analysis of the Software and Hardware 6.1.2. A Penetration Test of the Software
and Hardware 6.1.3. A Risk Assessment of the administrative, technical, logical
and physical security controls of the pertinent operating environment, systems,
networks, and facilities where Software and Hardware is hosted, if hosted by
Supplier. 6.2. Supplier must resolve all high and medium risk Vulnerabilities
identified in the Risk Assessment Process prior to production release except as
otherwise specified by Verizon in writing. At Verizon request, Supplier shall
provide to Verizon a documented resolution timeline **** before production
release for all remaining Vulnerabilities to be remediated post production. This
document shall include the date by which each Vulnerability will be remediated.
83 Application Service Provider Agreement - Synchronoss and Verizon Proprietary
and Confidential ****CERTAIN INFORMATION HAS BEEN OMITTED AND FILED SEPARATELY
WITH THE COMMISSION. CONFIDENTIAL TREATMENT HAS BEEN REQUESTED WITH RESPECT TO
THE OMITTED PORTIONS



--------------------------------------------------------------------------------



 
[sncr123117ex12d8088.jpg]
6.3. Verizon may request a copy of the scope of work from the above third- party
Risk Assessment Process (Section 6.1). Supplier shall deliver this document to
Verizon within **** of the initial request. 7. SECURITY BREACH AND INCIDENT
RESPONSE 7.1. Supplier shall establish and maintain documented escalation
processes for any security breaches and incident responses, including procedures
for notifying Verizon within twenty-four (24) hours after a security breach is
discovered where such breach may negatively affect Verizon’s reputation,
Confidential Information, systems, network, services, data, assets, and/or
customers. 7.2. Supplier shall not notify any other parties that an actual or
suspected security breach affects Verizon without prior written consent by
Verizon, except to the extent required by law. 7.3. Supplier shall cooperate and
provide information as required by Verizon and any authorized consultants,
contractors, attorneys, or other third parties hired by Verizon to investigate a
security breach of Supplier’s operating environment. 7.4. In the event of a
security breach affecting Verizon, Supplier must issue a post mortem report to
Verizon within forty-eight (48) hours of breach discovery that includes (1) the
identification of all Verizon information potentially compromised by such
breach; (2) the actions taken by Supplier to mitigate damage caused by the
breach; and (3) safeguards implemented to prevent a recurrence of such breach.
8. RIGHT TO RISK ASSESSMENT 8.1. Verizon, at its sole cost, reserves the right
to perform a Risk Assessment of Supplier Software and Hardware. At the
discretion of Verizon, the Risk Assessment may occur on an annual basis, or upon
each new release of Software and/or Hardware and may include without limitation,
Vulnerability assessments and Penetration Tests of: (1) the Software and/or
Hardware; (2) the underlying infrastructure and operational environment in which
the Software and/or Hardware is running or hosted; (3) network and facilities
related to the operation or maintenance of the Software and/or Hardware; and (4)
Supplier’s administrative, technical and/or physical controls related to such
Software and/or Hardware. For Risk Assessments or Penetration Tests that require
Supplier’s involvement, resources, facilities or systems, the parties will
mutually agree as to (1) the extent of Supplier’s involvement; (2) those
resources, facilities or systems of Supplier’s that would be required; and (3)
the schedule for such Risk Assessment or Penetration Tests. 8.2. Verizon’s
asserted right to conduct its own Risk Assessment shall in no way replace or
substitute for Supplier’s own Risk Assessment Process or the requirements
contained within this Exhibit. At the discretion of Verizon, 84 Application
Service Provider Agreement - Synchronoss and Verizon Proprietary and
Confidential ****CERTAIN INFORMATION HAS BEEN OMITTED AND FILED SEPARATELY WITH
THE COMMISSION. CONFIDENTIAL TREATMENT HAS BEEN REQUESTED WITH RESPECT TO THE
OMITTED PORTIONS



--------------------------------------------------------------------------------



 
[sncr123117ex12d8089.jpg]
a third party security vendor may be used to conduct such Verizon Risk
Assessment. 85 Application Service Provider Agreement - Synchronoss and Verizon
Proprietary and Confidential



--------------------------------------------------------------------------------



 
[sncr123117ex12d8090.jpg]
9. VULNERABILITY MANAGEMENT Supplier shall implement and maintain a
comprehensive and Industry-standard Vulnerability Management Program. Supplier
shall maintain dedicated employee(s) to monitor pertinent channels of public
vulnerability disclosure (e.g. the NIST National Vulnerability Database) which
affect Supplier Software or Hardware. This Program shall include, but is not
limited to (1) the underlying platform (e.g., operating system, database
product, web server and etc.); (2) all third-party and (3) open- source software
included as part of Supplier Software and Hardware. This Program shall include,
but is not limited to: 9.1. Supplier shall provide dedicated employee(s) to
liaison with the Verizon Vulnerability Management personnel. 9.2. Supplier shall
resolve identified Vulnerabilities in Supplier Hardware and Software at Supplier
expense. 9.3. For Supplier Software or Hardware within the Verizon network and
managed by Verizon, Supplier shall deliver to Verizon a regression tested patch
within **** from the date the Vulnerability was initially disclosed or the date
Supplier was notified by Verizon. 9.4. For Supplier Software or Hardware hosted
within the Verizon network and managed by Supplier, Supplier shall implement in
production a regression tested patch within **** from the date the Vulnerability
was initially disclosed or the date Supplier was notified by Verizon. 9.5. For
Supplier Software or Hardware hosted externally to the Verizon Network, Supplier
Shall implement in production a regression tested patch within **** from the
date the Vulnerability was initially disclosed or the date Supplier was notified
by Verizon. 86 Application Service Provider Agreement - Synchronoss and Verizon
Proprietary and Confidential ****CERTAIN INFORMATION HAS BEEN OMITTED AND FILED
SEPARATELY WITH THE COMMISSION. CONFIDENTIAL TREATMENT HAS BEEN REQUESTED WITH
RESPECT TO THE OMITTED PORTIONS



--------------------------------------------------------------------------------



 
[sncr123117ex12d8091.jpg]
EXHIBIT C-3 CLOUD SECURITY REQUIREMENTS Production / Non-Production Segregation
of Cloud Duties: Production and non- production cloud environments shall be kept
separate to prevent unauthorized access or changes to information assets,
particularly in the case of Cloud and virtualization administrators with
privileged access. Wireless Security. Policies and procedures shall be
established and mechanisms implemented to protect access to cloud architectures
from unauthorized wireless access, including the following: 1) Firewalls
implemented and configured to restrict unauthorized traffic 2) Essential
security settings enabled with strong encryption for authentication and
transmission, replacing vendor default settings (e.g., encryption keys,
passwords, SNMP community strings, etc.). 3) Logical and physical user access to
wireless access points restricted to authorized personnel 4) The capability to
detect the presence of unauthorized (rogue) wireless network devices for a
timely disconnect from the network Shared Networks and/or Applications. Access
to systems with shared infrastructure shall be restricted to authorized
personnel in accordance with security policies, procedures and standards.
Networks and/or applications shared with external entities shall have a
documented plan detailing the compensating controls used to separate network
traffic and application access between organizations. Clock Synchronization. A
standard NTP time source must be used to synchronize the system clocks of all
cloud-based information processing systems within the organization or explicitly
defined security domain to facilitate tracing and reconstitution of activity
timelines. Mobile Code. Mobile code (i.e. code shared between cloud and client
devices or software) shall be authorized before its installation and use, and
the configuration shall ensure that the authorized mobile code operates
according to a clearly defined security policy. All unauthorized mobile code
shall be prevented from executing. GDSVF&H\3541367.2 87 Application Service
Provider Agreement - Synchronoss and Verizon Proprietary and Confidential



--------------------------------------------------------------------------------



 
[sncr123117ex12d8092.jpg]
EXHIBIT D - DISASTER RECOVERY PLAN GDSVF&H\3541367.2 88 Application Service
Provider Agreement - Synchronoss and Verizon Proprietary and Confidential



--------------------------------------------------------------------------------



 
[sncr123117ex12d8093.jpg]
EXHIBIT E – COMPLIANCE WITH MINORITY, WOMAN-OWNED, AND SERVICE- DISABLED VETERAN
BUSINESS ENTERPRISES (MWDVBE) UTILIZATION Primary Supplier Commitment A.
Supplier Commitment. 1. The Supplier (hereinafter “Primary Supplier”) agrees to
provide opportunities for suppliers identified and Certified as a Minority,
Woman, and Service-Disabled Veteran - owned and controlled Business Enterprises
(hereinafter “MWDVBE”), in accordance, at a minimum, with the terms and
conditions of this Exhibit. 2. In addition, if the scope of this Agreement
includes the provision of products or performance of services for or in
conjunction with a Verizon Federal government agreement, the then-current
Federal Acquisition Regulations (FAR) requirements regarding MWDVBE
subcontracting and reporting shall also apply. 3. In the event that a change in
ownership results in a change of Supplier or subcontractor’s status as a
Certified MWDVBE, Supplier shall notify Verizon in writing within **** of such
change. B. Definitions. 1. Certified - Currently certified as MWDVBE by an
authorized certifying body, such as the National Minority Supplier Development
Council (NMSDC) or its affiliate regional councils, the Women’s Business
Enterprise National Council (WBENC) or its affiliate regional councils, the
California Public Utility Commission (CPUC) Clearinghouse, or other similar
local, state, or federal certifying body. 2. Control - Having overall
fiscal/legal responsibility and exercising the power to make policy decisions.
3. Owned - At least fifty-one percent (51%) of the business or, in the case of a
publicly owned business, at least fifty-one percent (51%) of the stock is owned
by a minority, woman or service-disabled veteran. Transfer of ownership to or
purchase of an existing business by a minority, woman, or service-disabled
veteran by a non-minority who remains actively involved in the operation of the
business does not qualify as a MWDVBE. 4. Minority–owned Business Enterprise
(MBE) - A business concern in which at least fifty-one percent (51%) of the
ownership and control is held by individuals who are members of a minority group
and of which at least fifty-one percent (51%) of the net profits accrue to
members of a minority group. Such persons include, but are not limited to, Black
Americans, Hispanic Americans, Asian Pacific Americans (persons with origins
from Japan, China, the Philippines, Vietnam, Korea, Samoa, Guam, the former U.S.
Trust Territory of the Pacific Islands (Republic of Palau, the Commonwealth of
the Northern Mariana Islands, Republic of the Marshall Islands, Federated States
of Micronesia) Laos, Cambodia (Kampuchea), Taiwan, Burma, Thailand, Malaysia,
Indonesia, Singapore, Brunei, Macao, Hong Kong, Fiji, Tonga, Kiribati, Tuvalu,
or Nauru); Subcontinent Asian Americans (persons with origins from India,
Pakistan, Bangladesh, 89



--------------------------------------------------------------------------------



 
[sncr123117ex12d8094.jpg]
Sri Lanka, Bhutan, the Maldives Islands or Nepal); Native Americans (American
Indians, Eskimos, Aleuts, and Native Hawaiians); and members of other groups
designated by the U. S. Small Business Administration as minorities. 5.
Women-owned Business Enterprise (WBE) - A business concern which is at least
fifty-one percent (51%) owned and controlled by a woman or women; or, in the
case of any publicly owned business, at least fifty-one percent (51%) of the
stock is owned by a woman or by women. Such women's business enterprise shall
further be classified as either minority or non-minority women-owned business,
depending upon the greater portion of ownership. 6. Vietnam Era Veteran-owned
Business Enterprise (VBE) - A business concern that is at least fifty-one
percent (51%) owned and controlled, or in the case of a publicly owned business,
at least fifty-one percent (51%) of the stock is owned, by an owner or owners
who are veterans of the U.S. military, ground, navel, or air service, any part
of whose service was during the period August 5, 1964 through May 7, 1975, who
(1) served on active duty for a period of more than one hundred and eighty (180)
days and were discharged or released with other than a dishonorable discharge,
or (2) were discharged or released from active duty because of a
service-connected disability. “Vietnam-Era Veteran” also includes any veteran of
the U.S. military, ground, navel, or air service who served in the Republic of
Vietnam between February 28, 1961 and May 7, 1975. 7. Service-disabled
Veteran-owned Business Enterprise (SDVBE) - (1) A business concern that is (a)
at least fifty-one percent (51%) owned by one or more service-disabled veterans
or, in the case of any publicly owned business, at least fifty-one percent (51%)
of the stock of which is owned by one or more service-disabled veterans or, in
the case of a veteran with a permanent and severe disability, the spouse or
permanent caregiver of such veteran. (2) “Service-disabled veteran” means a
veteran, as defined in 38 U.S.C. 101(2), with a disability that is service-
connected as defined in 38 U.S.C. 101(16). 8. Persons with Disabilities-owned
Business Enterprise (DBE) - a business concern that is at least fifty-one
percent (51%) owned and controlled, or in the case of a publicly owned business,
at least fifty-one percent (51%) of the stock of which is owned by an owner or
owners who are disabled as defined by the Americans With Disabilities Act (ADA).
This classification can also include agencies that employ fifty-one percent
(51%) or more disabled persons. C. Supplier Diversity Utilization Plan. 1. The
Primary Supplier shall submit a Supplier Diversity Utilization Plan (“Plan”) for
approval by Verizon prior to the execution of this Agreement. The Plan must
include a statement that the Primary Supplier will (i) achieve the MWDVBE
Percent Commitment as defined in Section E, below, entitled “Primary Supplier
MWDVBE Percent Commitment,” and (ii) report results utilizing the reporting
method described below in Section D, entitled “Reporting.” 90 Application
Service Provider Agreement - Synchronoss and Verizon Proprietary and
Confidential



--------------------------------------------------------------------------------



 
[sncr123117ex12d8095.jpg]
2. The list of MWDVBE suppliers to be used by the Primary Supplier in its
(Contract-Specific) Plan form shall constitute the following: (a) A
representation by the Primary Supplier to Verizon in regard to the MWDVBE
supplier(s) that (a) it intends to use the firm for the work specified in the
Plan; (b) on the basis of information known to it and after reasonable inquiry,
it believes such MWDVBE supplier(s) to be technically and financially qualified
to perform the work specified, and that the firm is available to perform the
work; and (c) the MWDVBE supplier(s) identified is currently Certified as an
MWDVBE by an authorized certifying body. (b) A commitment that the Primary
Supplier will enter into a contract with each such MWDVBE supplier (or approved
substitutes) in accordance with its Plan. (c) A commitment by the Primary
Supplier that it will not substitute a MWDVBE supplier listed in its Plan
without prior written notification to Verizon. Unless the Primary Supplier has a
reasonable belief that use of a designated MWDVBE supplier will potentially
cause personal injury or damage to property, or that such MWDVBE Supplier has
engaged in illegal or unethical behavior, no substitution(s) of MWDVBE
supplier(s) designated on the Plan form may be made without notifying Verizon in
writing, citing the specific reason(s) for substitution. D. Reporting. 1. The
Primary Supplier shall report quarterly MWDVBE expenditures by using the “Prime
Supplier MWDVBE Quarterly Report” and reporting format specified on the Verizon
website at http://www22.verizon.com/suppliers/. For assistance with such
reporting, contact Verizon Supplier Diversity at DSR@verizon.com. 2. The Prime
Supplier MWDVBE Quarterly Report shall include a) MWDVBE expenditures specific
to Verizon contracts (herein, "Direct Expenditures"); and b) Verizon's prorated
share of the Primary Supplier’s non-contract specific MWDVBE expenditures
(herein, "Indirect Expenditures"). Verizon's prorated share of such Indirect
Expenditures for the applicable calendar quarter shall be equal to the
percentage derived from the following formula: Sales to Verizon / Sales to all
customers. 3. Such reports shall be submitted by no later than thirty (30) days
following the end of each calendar quarter. 4. This report is intended to
provide a mechanism to monitor the Prime Supplier’s compliance and progress in
achieving its MWDVBE commitments as set forth in this Exhibit. 5. The Primary
Supplier will provide: (a) A list of the name(s) and address(s) of the Certified
MWDVBE suppliers the Primary Supplier has identified to be used in support of
this Agreement; 91 Application Service Provider Agreement - Synchronoss and
Verizon Proprietary and Confidential



--------------------------------------------------------------------------------



 
[sncr123117ex12d8096.jpg]
(b) A description of the products/services or scope of work performed by MWDVBE
suppliers; and (c) The percentage or volume of contract work performed by each
such firm. E. Primary Supplier MWDVBE Percent Commitment. The Primary Supplier
shall engage the services of Certified MWDVBE suppliers for an amount equivalent
to at least seven percent (7%) of dollars spent under this Agreement during the
first year of the Term. F. Primary Supplier Compliance; Standards and Remedies.
1. Compliance Standards. Verizon has the right to determine compliance by the
Primary Supplier with the Plan and the MWDVBE Percent Commitments (hereinafter
collectively the “MWDVBE Commitments”) established in this Exhibit. Verizon may
determine that the Primary Supplier is achieving its MWDVBE Commitments by
examining reports received from the Primary Supplier, performing on-site
inspections, conducting progress meetings regarding work required by the
Agreement, contacting involved MWDVBE suppliers, or through other Verizon
actions taken in the ordinary course of administering the Agreement. 2. Updates.
An annual update of the Primary Supplier’s Plan will be required to ensure
compliance with this Agreement’s provision for continuous year-over-year
improvement. 3. Commitments Not Achieved. In the event that the Primary
Supplier’s MWDVBE Commitments hereunder are not achieved and the Primary
Supplier cannot demonstrate to the reasonable satisfaction of Verizon that
commercially reasonable efforts were made to accomplish such MWDVBE Commitments,
such failure shall constitute default by the Primary Supplier, and Verizon
reserves the right and shall have the option to invoke the termination
provisions of this Agreement. Such documentary evidence of commercially
reasonable efforts shall include but are not limited to a) advertisement in
general circulation media, trade publications and small business media
soliciting the performance of services of Certified MWDVBE suppliers related to
the field of business regarding the products and/or services which are the
subject matter of this Agreement; b) written notification to Certified MWDVBE
suppliers requesting proposals specific to the products provided for and/or
services performed under this Agreement; and c) written acknowledgment that the
Certified MWDVBE suppliers’ interest in providing such products and/or
performing such services is under consideration. The foregoing rights are in
addition to, and not in limitation of, any other remedy Verizon may have at law
or in equity. Verizon may also require that, upon request, the Primary Supplier
submit additional documentation and information concerning the Primary
Supplier’s performance in achieving its MWDVBE Commitments and compliance with
its Plan. 4. Cure Period for Commitments Not Achieved. Should the Primary
Supplier continue to fail in achieving the MWDVBE Commitments of this Agreement,
including as amended, after having been given notice of such failure to meet its
MWDVBE Commitments, and failing to cure such 92 Application Service Provider
Agreement - Synchronoss and Verizon Proprietary and Confidential



--------------------------------------------------------------------------------



 
[sncr123117ex12d8097.jpg]
MWDVBE Commitments within thirty (30) days of receiving such notice by achieving
its requirements, the Primary Supplier shall be in default and no further cure
shall be permitted. 5. Supplier Report Card. In addition, the Primary Supplier’s
ability to achieve its MWDVBE Commitments shall reflect upon and shall
contribute to the Primary Supplier’s overall grade on the Supplier Report Card
or other performance measurement(s). 93 Application Service Provider Agreement -
Synchronoss and Verizon Proprietary and Confidential



--------------------------------------------------------------------------------



 
[sncr123117ex12d8098.jpg]
EXHIBIT F- NONDISCLOSURE AGREEMENT 1. To facilitate discussions, meetings and
the conduct of business between the parties with respect to this Agreement, it
may be necessary for one party to disclose confidential information to the
other. All information of any type or character that is either disclosed to the
other party or with which the other party comes into contact shall be considered
as the confidential information of the disclosing party including without
limitation technical, customer, personnel and/or business information in
written, graphic, oral or other tangible or intangible form (“Confidential
Information”). Such Confidential Information may include proprietary material as
well as material subject to and protected by laws regarding secrecy of
communications or trade secrets. 2. Each party acknowledges and agrees as
follows: a. All Confidential Information acquired by either party from the other
shall be and shall remain the exclusive property of the source; b. To inform the
receiving party, in advance of any disclosure of Confidential Information, in
non-confidential and non-proprietary terms, of the nature of the proposed
disclosure, and to afford the receiving party the option of declining to receive
the Confidential Information; c. Information which is disclosed orally shall not
be considered Confidential Information unless it is reduced to writing or to a
written summary which identifies the specific information to be considered as
Confidential Information, and such writing is provided to the receiving party at
the time of disclosure or within thirty (30) days; d. To receive in confidence
any Confidential Information; to use such Confidential Information only for
purposes of work, services or analysis related to the matter of mutual interest
described above and for other purposes only upon such terms as may be agreed
upon between the parties in writing; e. To limit access to such Confidential
Information to a party’s employees, contractors, and agents who (i) have a need
to know the Confidential Information in order for such party to participate in
the matter of mutual interest described above; and (ii) have also entered into a
written agreement with the receiving party which provides the same or greater
protections to any Confidential Information provided hereunder. Upon request,
Supplier shall provide a copy of such agreements to Verizon; and f. At the
disclosing party's request, to return promptly to the disclosing party or to
destroy any copies of such Confidential Information that is in written, graphic
or other tangible form, and provide to the disclosing party a list of all such
material destroyed. 94 Application Service Provider Agreement - Synchronoss and
Verizon Proprietary and Confidential



--------------------------------------------------------------------------------



 
[sncr123117ex12d8099.jpg]
3. These obligations do not apply to Confidential Information which, as shown by
reasonably documented proof: a. Was in the other's possession prior to receipt
from the disclosing party; or b. Was received by one party in good faith from a
third party not subject to a confidential obligation to the other party; or c.
Now is or later becomes publicly known through no breach of confidential
obligation by the receiving party; or d. Is disclosed to a third party by the
source without a similar nondisclosure restriction; or e. Was developed by the
receiving party without the developing person(s) having access to any of the
Confidential Information received from the other party; or f. Is authorized in
writing by the disclosing party to be released or is designated in writing by
that party as no longer being confidential or proprietary. 4. Supplier agrees
that either party may disclose Confidential Information to an Affiliate, subject
to the terms and conditions set forth herein. For purposes of this Agreement, an
Affiliate shall be defined as an entity that controls, is controlled by, or is
under common control with such party. 5. Other than as required by law or as set
forth in 2(e) or under the Agreement, neither party shall, without the other
party’s prior written consent, disclose to any person, or make a public
announcement of, the existence of discussions or negotiations or any of the
terms relating to the matter of mutual interest described above or any
Confidential Information. 6. If a party (“Ordered Party”) receives a request to
disclose any Confidential Information of the other party, whether pursuant to a
valid subpoena or an order issued by a court or regulatory body (“Ordering
Party”), and on advice of legal counsel that disclosure is required by law, then
prior to disclosure, the Ordered Party shall (i) notify the other party of the
terms of such request and advice, (ii) cooperate with the other party in taking
lawful steps to resist, narrow, or eliminate the need for such disclosure, and
(iii) if disclosure is nonetheless required, work with the other party to take
into account the other party’s reasonable requirements as to its timing, content
and manner of making or delivery and use best efforts to obtain a protective
order or other binding assurance from the Ordering Party that confidential
treatment shall be afforded to such portion of the Confidential Information as
is required to be disclosed. The foregoing is without limitation of the other
party’s ability to seek a protective order or other relief limiting such
disclosure; in such a case, the Ordered Party shall cooperate in such efforts by
the other party. 95 Application Service Provider Agreement - Synchronoss and
Verizon Proprietary and Confidential



--------------------------------------------------------------------------------



 
[sncr123117ex12d8100.jpg]
7. Supplier acknowledges that the proprietary data, know-how, software or other
materials or information obtained from a party under this Agreement may be
commodities and/or technical data that may be subject to the Export
Administration Regulations (the “EAR”) of the United States Department of
Commerce as well as trade and economic sanctions subject to the Trading With the
Enemy Act (TWEA) and the International Emergency Economic Powers Act (IEEPA) of
the Office of Foreign Asset Control within the Department of Commerce, and that
any export or re-export thereof must be in compliance with the EAR, TWEA and
IEEPA. Each party agrees that it shall not export or re- export, directly or
indirectly, either during the term of this Agreement or after its expiration,
any commodities and/or technical data (or direct products thereof) provided
under this Agreement in any form to destinations in or nationals of Country
Groups D:1 or E, as specified in Supplement No. 1 to Part 740 of the EAR, and as
modified from time to time by the U.S. Department of Commerce, or to
destinations that are otherwise controlled or embargoed under U.S. law in
contravention of the EAR or any of the above statutes. 8. It is agreed that a
violation of any of the provisions of this Agreement will cause irreparable harm
and injury to the non-violating party and that party shall be entitled, in
addition to any other rights and remedies it may have at law or in equity, to
seek an injunction enjoining and restraining the violating party from doing or
continuing to do any such act and any other violations or threatened violations
of this Agreement. Absent a showing of willful violation of this Agreement,
neither party shall be liable to the other, whether in contract or in tort or
otherwise, for special, indirect, incidental or consequential damages including
lost income or profits of any kind, even if such party has been advised of the
possibility thereof. In no event shall either party be liable to the other for
punitive or exemplary damages. 96 Application Service Provider Agreement -
Synchronoss and Verizon Proprietary and Confidential



--------------------------------------------------------------------------------



 
[sncr123117ex12d8101.jpg]
EXHIBIT G SUMMARY OF VERIZON’S GUIDELINES FOR EVALUATING CRIMINAL RECORD REPORTS
1. Information regarding criminal offenses that is provided by or received about
candidates who are under consideration for assignment to provide services to
Verizon (the “Candidate”) will not necessarily bar their assignment with
Verizon. Each Candidate must be considered on a case-by-case basis. 2. If a
Candidate has a criminal record, Supplier must determine whether the disclosed
criminal conviction will impair the Candidate’s ability to successfully perform
the services that he/she may be assigned. Thus, a conviction may only be used to
disqualify a Candidate from assignment if the criminal conviction is related to
the nature of the services that he/she may be assigned to perform for Verizon.
When determining whether a Candidate should be disqualified from assignment to
Verizon due to a criminal record, Supplier must consider the below Mitigating
Factors. Although this is not an exhaustive list of factors, these factors must
be evaluated along with any other associated extenuating circumstances. 3. These
additional guidelines should be used in combination with the Mitigating Factors
listed in Section 4 below: • Look at each case individually. • Consider each
factor and decision point carefully. • Consider state law requirements - for
example, certain states may not allow consideration of misdemeanor convictions.
• If additional information is needed, actual court records may be pulled and
reviewed prior to making a decision to hire. Additionally, consult Supplier’s
background check supplier or counsel if a Candidate has: • Expunged or Sealed
Records (Note: certain states do not permit inquiries into expunged or sealed
records) • Parolee Status • Pending Charges/Arrests (Note: certain states do not
permit inquiries into arrests that have not resulted in a conviction) • Juvenile
Records 97 Application Service Provider Agreement - Synchronoss and Verizon
Proprietary and Confidential



--------------------------------------------------------------------------------



 
[sncr123117ex12d8102.jpg]
4. Mitigating Factors Factors to be Decision Points Considered For all criminal
convictions, the nature of the job applied for must be considered. This factor
considers the nature and gravity of the offense as it relates to the nature of
the position sought. Is the nature of the conviction such that there is a
concern for the safety of Verizon employees/customers, protection of company
assets, or the confidentiality/sanctity of Verizon records including
confidential consumer information? • For jobs involving direct personal contact
with Job Relatedness - Nature customers, other employees, or the public, careful
of job and crime consideration should be given to whether a Candidate convicted
of a crime involving violence presents a significant risk to Verizon, its
employees or its customers. • Criminal convictions involving integrity, fraud or
theft of property could weigh against Candidates applying for positions with
financial responsibility (e.g., cash, etc.) and responsibility for handling
proprietary and confidential information (e.g., customer &/or employee
information). Was the Candidate a teenager or close to one when s/he committed
the crime? If the Candidate was a minor at the Age at time of crime time of the
criminal offense, this could weigh in the Candidate’s favor Efforts at
rehabilitation and If sentencing required probation, community service or
successful completion of other, has the Candidate completed the service?
sentencing Time elapsed since If significant time has elapsed since the crime
was conviction or final committed, this could weigh in the Candidate’s favor.
adjudication If the crime was committed under extenuating Candidate’s
explanation of circumstances, which would not be present in the reason crime was
workplace, this could weigh in the Candidate’s favor. committed Court records
should be pulled and reviewed to validate Candidate’s explanation. 98
Application Service Provider Agreement - Synchronoss and Verizon Proprietary and
Confidential



--------------------------------------------------------------------------------



 
[sncr123117ex12d8103.jpg]
Successful employment Has the individual held steady employment since the
following criminal conviction? Satisfactory employment history since the
conviction crime was committed could weigh in the Candidate’s favor. Has the
Candidate had additional convictions? Number of criminal If the Candidate is a
repeat offender, this could weigh convictions against the Candidate. 99
Application Service Provider Agreement - Synchronoss and Verizon Proprietary and
Confidential



--------------------------------------------------------------------------------



 
[sncr123117ex12d8104.jpg]
100 Application Service Provider Agreement - Synchronoss and Verizon Proprietary
and Confidential



--------------------------------------------------------------------------------



 