Common use of USER’S UNDERSTANDINGS Clause in Contracts

USER’S UNDERSTANDINGS. User understands that any User who engages in electronic communications with people or entities in other states or countries, or on other systems or networks, are on notice that they may also be subject to the laws of those other states and countries and the rules and policies of those other systems and networks. User is responsible for obtaining, understanding, and complying with the laws, rules, policies, contracts, and licenses applicable to their particular uses. User understands that the confidentiality and privileged nature of AGO files and information/data must be respected and protected. User understands that the AGO retains the right, and has the capability, among other security measures, to review, audit, or monitor the User’s directories, files, e-mails (both sent and received), as well as Internet usage to ensure maintenance of information/data integrity. User also understands that the AGO has the right to remove or destroy unauthorized materials found on AGO networks and to terminate User’s employment relationship with the AGO for breach of this Policy. User understands that, among other security measures, the AGO makes backup copies and stores User information. User activities are therefore not private and User content is potentially stored on AGO servers. User also understands that the AGO is subject to public records disclosure and to discovery requests and that the User’s activities and information may be released pursuant to a public records or discovery request. User understands that web browsers leave “footprints” that provide a record of all site visits. Access to, and use of, the Internet is not confidential and may be a public record. User understands that all Users and their employers will be held responsible and liable to the fullest extent of the law for actions while using the AGO’s network resources, computers, and Internet. User Acknowledgement By signing below, you, as a User, acknowledge that you have read and understand this Policy, and you, the User, agree to comply with the terms of this Policy. Printed Name of User: Title: User’s Employer: Contract End Date: ______________________ User’s Phone Number: _________________________ User’s E-mail: ___________________________ Requested Period of Access: From: To: Application or resources requested: (VPN, AGO Domain Account, systems support, etc.) __________________________________________________________________________________ __________________________________________________________________________________ Public IP: ___________________________________ User’s Signature: Date: Account Identity Control Information (1):________________________(mother’s maiden name, etc.) Account Identity Control Information (2):________________________(first car owned, etc.) The above Account Identity Control Information will be used to identify you in the event that you have lost or do not remember your account ID or password. The User must provide two unique pieces of information as a shared secret with the AGO to verify your identity when account resets and other services that require identity verification are needed. It is the User’s obligation to provide and secure these shared secrets in the same manner that is required for account credentials. Employer Acknowledgement By signing below, you, as the User’s employer, acknowledge that you are a duly authorized representative of the User’s employer able to bind the employer to the terms of this Acknowledgement. By signing below, you, as the User’s employer, also agree that access by the employer may be rescinded at the discretion of the AGO, with prior notice, if the employer fails to take reasonable precautions, as defined above, to avoid a breach of this Policy and/or to ensure that the employer’s Users do not breach this Policy. Printed Name: ______________________________ Title: __________________________________ Employer’s Signature: _________________________ Date: __________________________________ Employer’s Phone Number: ____________________ Employer’s E-mail: ___________________________ Official AGO Use Only: AGO Contract #:_______________________ AGO ITS Work Order Number: ___________________________________________________ AGO issued username: ____________________________________________________________ AGO issued rights: _______________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ AGO Chief Information Officer, Chief Information Security Officer, or their designee Name: Title: Signature: Date: Comments: _________________________________________________________________________ ___________________________________________________________________________________ ___________________________________________________________________________________ ___________________________________________________________________________________ ___________________________________________________________________________________ ___________________________________________________________________________________ ___________________________________________________________________________________

USER’S UNDERSTANDINGS.  User understands that any User who engages in electronic communications with people or entities in other states or countries, or on other systems or networks, are on notice that they may also be subject to the laws of those other states and countries and the rules and policies of those other systems and networks. User is responsible for obtaining, understanding, and complying with the laws, rules, policies, contracts, and licenses applicable to their particular uses.  User understands that the confidentiality and privileged nature of AGO files and information/data must be respected and protected. User understands that the AGO retains the right, and has the capability, among other security measures, to review, audit, or monitor the User’s directories, files, e-mails (both sent and received), as well as Internet usage to ensure maintenance of information/data integrity. User also understands that the AGO has the right to remove or destroy unauthorized materials found on AGO networks and to terminate User’s employment relationship with the AGO for breach of this Policy.  User understands that, among other security measures, the AGO makes backup copies and stores User information. User activities are therefore not private and User content is potentially stored on AGO servers. User also understands that the AGO is subject to public records disclosure and to discovery requests and that the User’s activities and information may be released pursuant to a public records or discovery request.  User understands that web browsers leave “footprints” that provide a record of all site visits. Access to, and use of, the Internet is not confidential and may be a public record.  User understands that all Users and their employers will be held responsible and liable to the fullest extent of the law for actions while using the AGO’s network resources, computers, and Internet. User Acknowledgement By signing below, you, as a User, acknowledge that you have read and understand this Policy, and you, the User, agree to comply with the terms of this Policy. Printed Name of User: Title: User’s Employer: Contract End Date: ______________________ User’s Phone Number: _________________________ User’s E-mail: ___________________________ Requested Period of Access: From: To: Application or resources requested: (VPN, AGO Domain Account, systems support, etc.) __________________________________________________________________________________ __________________________________________________________________________________ Public IP: ___________________________________ User’s Signature: Date: Account Identity Control Information (1):________________________(mother1): (mother’s maiden name, etc.) Account Identity Control Information (2):________________________(first 2): (first car owned, etc.) The above Account Identity Control Information will be used to identify you in the event that you have lost or do not remember your account ID or password. The User must provide two unique pieces of information as a shared secret with the AGO to verify your identity when account resets and other services that require identity verification are needed. It is the User’s obligation to provide and secure these shared secrets in the same manner that is required for account credentials. Employer Acknowledgement By signing below, you, as the User’s employer, acknowledge that you are a duly authorized representative of the User’s employer able to bind the employer to the terms of this Acknowledgement. By signing below, you, as the User’s employer, also agree that access by the employer may be rescinded at the discretion of the AGO, with prior notice, if the employer fails to take reasonable precautions, as defined above, to avoid a breach of this Policy and/or to ensure that the employer’s Users do not breach this Policy. Printed Name: ______________________________ Title: __________________________________ Employer’s Signature: _________________________ Date: __________________________________ Employer’s Phone Number: ____________________ Employer’s E-mail: ___________________________ Official AGO Use Only: AGO Contract #:_______________________ : AGO ITS Work Order Number: ___________________________________________________ AGO issued username: ____________________________________________________________ AGO issued rights: _______________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ AGO Chief Information Officer, Chief Information Security Officer, or their designee Name: Title: Signature: Date: Comments: _________________________________________________________________________ ___________________________________________________________________________________ ___________________________________________________________________________________ ___________________________________________________________________________________ ___________________________________________________________________________________ ___________________________________________________________________________________ ___________________________________________________________________________________EXHIBIT 7 HIPAA Terms In the course of providing the services to the Attorney General set forth in this Agreement, Consultant may have access to Protected Health Information (“PHI”) that is subject to federal privacy and security regulations contained in the Health Insurance Portability and Accountability Act (“HIPAA”), codified at 45 C.F.R. Parts 160, 162 and 164. For purposes of this Exhibit , Consultant will be referred to as Subcontractor, as that term is defined in HIPAA. In the performance of this Agreement, Consultant agrees to comply with and assume responsibility for compliance by his or her employees and subcontractors with the following requirements:

USER’S UNDERSTANDINGS. User understands that any User who engages in electronic communications with people or entities in other states or countries, or on other systems or networks, are on notice that they may also be subject to the laws of those other states and countries and the rules and policies of those other systems and networks. User is responsible for obtaining, understanding, and complying with the laws, rules, policies, contracts, and licenses applicable to their particular uses. • User understands that the confidentiality and privileged nature of AGO files and information/data must be respected and protected. User understands that the AGO retains the right, and has the capability, among other security measures, to review, audit, or monitor the User’s directories, files, e-mails (both sent and received), as well as Internet usage to ensure maintenance of information/data integrity. User also understands that the AGO has the right to remove or destroy unauthorized materials found on AGO networks and to terminate User’s employment relationship with the AGO for breach of this Policy. • User understands that, among other security measures, the AGO makes backup copies and stores User information. User activities are therefore not private and User content is potentially stored on AGO servers. User also understands that the AGO is subject to public records disclosure and to discovery requests and that the User’s activities and information may be released pursuant to a public records or discovery request. • User understands that web browsers leave “footprints” that provide a record of all site visits. Access to, and use of, the Internet is not confidential and may be a public record. • User understands that all Users and their employers will be held responsible and liable to the fullest extent of the law for actions while using the AGO’s network resources, computers, and Internet. User Acknowledgement By signing below, you, as a User, acknowledge that you have read and understand this Policy, and you, the User, agree to comply with the terms of this Policy. Printed Name of User: Title: User’s Employer: Contract End Date: ______________________ User’s Phone Number: _________________________ User’s E-mail: ___________________________ Requested Period of Access: From: To: Application or resources requested: (VPN, AGO Domain Account, systems support, etc.) __________________________________________________________________________________ __________________________________________________________________________________ Title: Contract End Date: User’s E-mail: To: Public IP: ___________________________________ User’s Signature: Date: Account Identity Control Information (1):________________________(mother1): (mother’s maiden name, etc.) Account Identity Control Information (2):________________________(first 2): (first car owned, etc.) The above Account Identity Control Information will be used to identify you in the event that you have lost or do not remember your account ID or password. The User must provide two unique pieces of information as a shared secret with the AGO to verify your identity when account resets and other services that require identity verification are needed. It is the User’s obligation to provide and secure these shared secrets in the same manner that is required for account credentials. Employer Acknowledgement By signing below, you, as the User’s employer, acknowledge that you are a duly authorized representative of the User’s employer able to bind the employer to the terms of this Acknowledgement. By signing below, you, as the User’s employer, also agree that access by the employer may be rescinded at the discretion of the AGO, with prior notice, if the employer fails to take reasonable precautions, as defined above, to avoid a breach of this Policy and/or to ensure that the employer’s Users do not breach this Policy. Printed Name: ______________________________ Title: __________________________________ Employer’s Signature: _________________________ Date: __________________________________ Employer’s Phone Number: ____________________ Employer’s E-mail: ___________________________ Date: Official AGO Use Only: AGO Contract #:_______________________ : AGO ITS Work Order Number: ___________________________________________________ AGO issued username: ____________________________________________________________ AGO issued rights: _______________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ AGO Chief Information Officer, Chief Information Security Officer, or their designee Name: Title: Signature: Date: Comments: _________________________________________________________________________ ___________________________________________________________________________________ ___________________________________________________________________________________ ___________________________________________________________________________________ ___________________________________________________________________________________ ___________________________________________________________________________________ ___________________________________________________________________________________EXHIBIT 7‌ HIPAA Terms In the course of providing the services to the Attorney General set forth in this Agreement, Consultant may have access to Protected Health Information (“PHI”) that is subject to federal privacy and security regulations contained in the Health Insurance Portability and Accountability Act (“HIPAA”), codified at 45 C.F.R. Parts 160, 162 and 164. For purposes of this Exhibit , Consultant will be referred to as Subcontractor, as that term is defined in HIPAA. In the performance of this Agreement, Consultant agrees to comply with and assume responsibility for compliance by his or her employees and subcontractors with the following requirements:

USER’S UNDERSTANDINGS. User understands that any User who engages in electronic communications with people or entities in other states or countries, or on other systems or networks, are on notice that they may also be subject to the laws of those other states and countries and the rules and policies of those other systems and networks. User is responsible for obtaining, understanding, and complying with the laws, rules, policies, contracts, and licenses applicable to their particular uses. • User understands that the confidentiality and privileged nature of AGO files and information/data must be respected and protected. User understands that the AGO retains the right, and has the capability, among other security measures, to review, audit, or monitor the User’s directories, files, e-mails (both sent and received), as well as Internet usage to ensure maintenance of information/data integrity. User also understands that the AGO has the right to remove or destroy unauthorized materials found on AGO networks and to terminate User’s employment relationship with the AGO for breach of this Policy. • User understands that, among other security measures, the AGO makes backup copies and stores User information. User activities are therefore not private and User content is potentially stored on AGO servers. User also understands that the AGO is subject to public records disclosure and to discovery requests and that the User’s activities and information may be released pursuant to a public records or discovery request. • User understands that web browsers leave “footprints” that provide a record of all site visits. Access to, and use of, the Internet is not confidential and may be a public record. • User understands that all Users and their employers will be held responsible and liable to the fullest extent of the law for actions while using the AGO’s network resources, computers, and Internet. User Acknowledgement By signing below, you, as a User, acknowledge that you have read and understand this Policy, and you, the User, agree to comply with the terms of this Policy. Printed Name of User: Title: User’s Employer: Contract End Date: ______________________ User’s Phone Number: _________________________ User’s E-mail: ___________________________ Requested Period of Access: From: To: Application or resources requested: (VPN, AGO Domain Account, systems support, etc.) __________________________________________________________________________________ __________________________________________________________________________________ Title: Contract End Date: User’s E-mail: To: Public IP: ___________________________________ User’s Signature: Date: Account Identity Control Information (1):________________________(mother1): (mother’s maiden name, etc.) Account Identity Control Information (2):________________________(first 2): (first car owned, etc.) The above Account Identity Control Information will be used to identify you in the event that you have lost or do not remember your account ID or password. The User must provide two unique pieces of information as a shared secret with the AGO to verify your identity when account resets and other services that require identity verification are needed. It is the User’s obligation to provide and secure these shared secrets in the same manner that is required for account credentials. Employer Acknowledgement By signing below, you, as the User’s employer, acknowledge that you are a duly authorized representative of the User’s employer able to bind the employer to the terms of this Acknowledgement. By signing below, you, as the User’s employer, also agree that access by the employer may be rescinded at the discretion of the AGO, with prior notice, if the employer fails to take reasonable precautions, as defined above, to avoid a breach of this Policy and/or to ensure that the employer’s Users do not breach this Policy. Printed Name: ______________________________ Title: __________________________________ Employer’s Signature: _________________________ Date: __________________________________ Employer’s Phone Number: ____________________ Employer’s E-mail: ___________________________ Official AGO Use Only: AGO Contract #:_______________________ AGO ITS Work Order Number: ___________________________________________________ AGO issued username: ____________________________________________________________ AGO issued rights: _______________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ AGO Chief Information Officer, Chief Information Security Officer, or their designee Name: Title: Signature: Date: Comments: _________________________________________________________________________ ___________________________________________________________________________________ ___________________________________________________________________________________ ___________________________________________________________________________________ ___________________________________________________________________________________ ___________________________________________________________________________________ ___________________________________________________________________________________:

USER’S UNDERSTANDINGS. User understands that any User who engages in electronic communications with people or entities in other states or countries, or on other systems or networks, are on notice that they may also be subject to the laws of those other states and countries and the rules and policies of those other systems and networks. User is responsible for obtaining, understanding, and complying with the laws, rules, policies, contracts, and licenses applicable to their particular uses. • User understands that the confidentiality and privileged nature of AGO files and information/data must be respected and protected. User understands that the AGO retains the right, right and has the capability, among other security measures, to review, audit, or monitor the User’s directories, files, e-mails (both sent and received), as well as Internet usage ) to ensure maintenance of information/data integrity. User also understands that the AGO has the right to remove or destroy unauthorized materials found on AGO networks and to terminate the User’s employment relationship with the AGO for breach of this Policy. • User understands that, among other security measures, the AGO makes backup copies and stores User information. User activities are therefore not private and User content is potentially stored on AGO servers. User also understands that the AGO is subject to public records disclosure and to discovery requests and that the User’s activities and information may be released pursuant to a public records or discovery request. User understands that web browsers leave “footprints” that provide a record of all site visits. Access to, and use of, the Internet is not confidential and may be a public record. • User understands that all Users and their employers will be held responsible and liable to the fullest extent of the law for actions while using the AGO’s network resources, computers, and Internet. User Acknowledgement By signing below, you, as a User, acknowledge that you have read and understand this Policy, and you, the User, agree to comply with the terms of this Policy. Printed Name of User: Title: User’s Employer: Contract End Date: ______________________ User’s Phone Number: _________________________ User’s E-mail: ___________________________ Requested Period of Access: From: To: Application or resources requested: Title: Contract End Date: User’s E-mail: To: (Client view, VPN, AGO Domain Account, systems supportCollections PayPortal, etc.) __________________________________________________________________________________ __________________________________________________________________________________ ): Public IP: ___________________________________ User’s Signature: Date: Account Identity Control Information (1):________________________(mother1): (mother’s maiden name, etc.) Account Identity Control Information (2):________________________(first 2): (first car owned, etc.) The above Account Identity Control Information will be used to identify you in the event that you have lost or do not remember your account ID or password. The User must provide two unique pieces of information as a shared secret with the AGO to verify your identity when account resets and other services that require identity verification are needed. It is the User’s obligation to provide and secure these shared secrets in the same manner that is required for account credentials. Employer Acknowledgement By signing below, you, as the User’s employer, acknowledge that you are a duly authorized representative of the User’s employer able to bind the employer to the terms of this Acknowledgement. By signing below, you, as the User’s employer, also agree that access by the employer may be rescinded at the discretion of the AGO, with prior notice, if the employer fails to take reasonable precautions, as defined above, to avoid a breach of this Policy and/or to ensure that the employer’s Users do not breach this Policy. Printed Name: ______________________________ Title: __________________________________ Employer’s Signature: _________________________ Date: __________________________________ Employer’s Phone Number: ____________________ Employer’s E-mail: ___________________________ Date: Official AGO Use Only: AGO Contract #:_______________________ AGO ITS Work Order Number: ___________________________________________________ AGO issued username: ____________________________________________________________ AGO issued rights: _______________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ AGO Chief Information Officer, Chief Information Security Officer, or their designee Name: Title: Signature: Date: Comments: _________________________________________________________________________ ___________________________________________________________________________________ ___________________________________________________________________________________ ___________________________________________________________________________________ ___________________________________________________________________________________ ___________________________________________________________________________________ ___________________________________________________________________________________

USER’S UNDERSTANDINGS. User understands that any User who engages in electronic communications with people or entities in other states or countries, or on other systems or networks, are on notice that they may also be subject to the laws of those other states and countries and the rules and policies of those other systems and networks. User is responsible for obtaining, understanding, and complying with the laws, rules, policies, contracts, and licenses applicable to their particular uses. • User understands that the confidentiality and privileged nature of AGO files and information/data must be respected and protected. User understands that the AGO retains the right, and has the capability, among other security measures, to review, audit, or monitor the User’s directories, files, e-mails (both sent and received), as well as Internet usage to ensure maintenance of information/data integrity. User also understands that the AGO has the right to remove or destroy unauthorized materials found on AGO networks and to terminate User’s employment relationship with the AGO for breach of this Policy. • User understands that, among other security measures, the AGO makes backup copies and stores User information. User activities are therefore not private and User content is potentially stored on AGO servers. User also understands that the AGO is subject to public records disclosure and to discovery requests and that the User’s activities and information may be released pursuant to a public records or discovery request. • User understands that web browsers leave “footprints” that provide a record of all site visits. Access to, and use of, the Internet is not confidential and may be a public record. • User understands that all Users and their employers will be held responsible and liable to the fullest extent of the law for actions while using the AGO’s network resources, computers, and Internet. User Acknowledgement By signing below, you, as a User, acknowledge that you have read and understand this Policy, and you, the User, agree to comply with the terms of this Policy. Printed Name of User: Title: User’s Employer: Contract End Date: ______________________ User’s Phone Number: _________________________ User’s E-mail: ___________________________ Requested Period of Access: From: To: Application or resources requested: (VPN, AGO Domain Account, systems support, etc.) __________________________________________________________________________________ __________________________________________________________________________________ Public IP: ___________________________________ User’s Signature: Date: Account Identity Control Information (1):________________________(mother1): (mother’s maiden name, etc.) Account Identity Control Information (2):________________________(first 2): (first car owned, etc.) The above Account Identity Control Information will be used to identify you in the event that you have lost or do not remember your account ID or password. The User must provide two unique pieces of information as a shared secret with the AGO to verify your identity when account resets and other services that require identity verification are needed. It is the User’s obligation to provide and secure these shared secrets in the same manner that is required for account credentials. Employer Acknowledgement By signing below, you, as the User’s employer, acknowledge that you are a duly authorized representative of the User’s employer able to bind the employer to the terms of this Acknowledgement. By signing below, you, as the User’s employer, also agree that access by the employer may be rescinded at the discretion of the AGO, with prior notice, if the employer fails to take reasonable precautions, as defined above, to avoid a breach of this Policy and/or to ensure that the employer’s Users do not breach this Policy. Printed Name: ______________________________ Title: __________________________________ Employer’s Signature: _________________________ Date: __________________________________ Employer’s Phone Number: ____________________ Employer’s E-mail: ___________________________ Date: Official AGO Use Only: AGO Contract #:_______________________ : AGO ITS Work Order Number: ___________________________________________________ AGO issued username: ____________________________________________________________ AGO issued rights: _______________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ AGO Chief Information Officer, Chief Information Security Officer, or their designee Name: Title: Signature: Date: Comments: _________________________________________________________________________ ___________________________________________________________________________________ ___________________________________________________________________________________ ___________________________________________________________________________________ ___________________________________________________________________________________ ___________________________________________________________________________________ ___________________________________________________________________________________EXHIBIT 7 HIPAA Terms In the course of providing the services to the Attorney General set forth in this Agreement, Consultant may have access to Protected Health Information (“PHI”) that is subject to federal privacy and security regulations contained in the Health Insurance Portability and Accountability Act (“HIPAA”), codified at 45 C.F.R. Parts 160, 162 and 164. For purposes of this Exhibit , Consultant will be referred to as Subcontractor, as that term is defined in HIPAA. In the performance of this Agreement, Consultant agrees to comply with and assume responsibility for compliance by his or her employees and subcontractors with the following requirements:

USER’S UNDERSTANDINGS. User understands that any User who engages in electronic communications with people or entities in other states or countries, or on other systems or networks, are on notice that they may also be subject to the laws of those other states and countries and the rules and policies of those other systems and networks. User is responsible for obtaining, understanding, and complying with the laws, rules, policies, contracts, and licenses applicable to their particular uses. User understands that the confidentiality and privileged nature of AGO files and information/data must be respected and protected. User understands that the AGO retains the right, and has the capability, among other security measures, to review, audit, or monitor the User’s directories, files, e-mails (both sent and received), as well as Internet usage to ensure maintenance of information/data integrity. User also understands that the AGO has the right to remove or destroy unauthorized materials found on AGO networks and to terminate User’s employment relationship with the AGO for breach of this Policy. User understands that, among other security measures, the AGO makes backup copies and stores User information. User activities are therefore not private and User content is potentially stored on AGO servers. User also understands that the AGO is subject to public records disclosure and to discovery requests and that the User’s activities and information may be released pursuant to a public records or discovery request. User understands that web browsers leave “footprints” that provide a record of all site visits. Access to, and use of, the Internet is not confidential and may be a public record. User understands that all Users and their employers will be held responsible and liable to the fullest extent of the law for actions while using the AGO’s network resources, computers, and Internet. User Acknowledgement By signing below, you, as a User, acknowledge that you have read and understand this Policy, and you, the User, agree to comply with the terms of this Policy. Printed Name of User: Title: User’s Employer: Contract End Date: ______________________ User’s Phone Number: _________________________ User’s E-mail: ___________________________ Requested Period of Access: From: To: Application or resources requested: (VPN, AGO Domain Account, systems support, etc.) __________________________________________________________________________________ __________________________________________________________________________________ Public IP: ___________________________________ User’s Signature: Date: Account Identity Control Information (1):________________________(mother’s maiden name, etc.) Account Identity Control Information (2):________________________(first car owned, etc.) The above Account Identity Control Information will be used to identify you in the event that you have lost or do not remember your account ID or password. The User must provide two unique pieces of information as a shared secret with the AGO to verify your identity when account resets and other services that require identity verification are needed. It is the User’s obligation to provide and secure these shared secrets in the same manner that is required for account credentials. Employer Acknowledgement By signing below, you, as the User’s employer, acknowledge that you are a duly authorized representative of the User’s employer able to bind the employer to the terms of this Acknowledgement. By signing below, you, as the User’s employer, also agree that access by the employer may be rescinded at the discretion of the AGO, with prior notice, if the employer fails to take reasonable precautions, as defined above, to avoid a breach of this Policy and/or to ensure that the employer’s Users do not breach this Policy. Printed Name: ______________________________ Title: __________________________________ Employer’s Signature: _________________________ Date: __________________________________ Employer’s Phone Number: ____________________ Employer’s E-mail: ___________________________ Official AGO Use Only: AGO Contract #:_______________________ AGO ITS Work Order Number: ___________________________________________________ AGO issued username: ____________________________________________________________ AGO issued rights: _______________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ AGO Chief Information Officer, Chief Information Security Officer, or their designee Name: Title: Signature: Date: Comments: _________________________________________________________________________ ___________________________________________________________________________________ ___________________________________________________________________________________ ___________________________________________________________________________________ ___________________________________________________________________________________ ___________________________________________________________________________________ ____________________________________________________________________________________ EXHIBIT 7

USER’S UNDERSTANDINGS.  User understands that any User who engages in electronic communications with people or entities in other states or countries, or on other systems or networks, are on notice that they may also be subject to the laws of those other states and countries and the rules and policies of those other systems and networks. User is responsible for obtaining, understanding, and complying with the laws, rules, policies, contracts, and licenses applicable to their particular uses.  User understands that the confidentiality and privileged nature of AGO files and information/data must be respected and protected. User understands that the AGO retains the right, and has the capability, among other security measures, to review, audit, or monitor the User’s directories, files, e-mails (both sent and received), as well as Internet usage to ensure maintenance of information/data integrity. User also understands that the AGO has the right to remove or destroy unauthorized materials found on AGO networks and to terminate User’s employment relationship with the AGO for breach of this Policy.  User understands that, among other security measures, the AGO makes backup copies and stores User information. User activities are therefore not private and User content is potentially stored on AGO servers. User also understands that the AGO is subject to public records disclosure and to discovery requests and that the User’s activities and information may be released pursuant to a public records or discovery request.  User understands that web browsers leave “footprints” that provide a record of all site visits. Access to, and use of, the Internet is not confidential and may be a public record.  User understands that all Users and their employers will be held responsible and liable to the fullest extent of the law for actions while using the AGO’s network resources, computers, and Internet. User Acknowledgement By signing below, you, as a User, acknowledge that you have read and understand this Policy, and you, the User, agree to comply with the terms of this Policy. Printed Name of User: Title: User’s Employer: Contract End Date: ______________________ User’s Phone Number: _________________________ User’s E-mail: ___________________________ Requested Period of Access: From: To: Application or resources requested: (VPN, AGO Domain Account, systems support, etc.) __________________________________________________________________________________ __________________________________________________________________________________ Title: Contract End Date: User’s E-mail: To: Public IP: ___________________________________ User’s Signature: Date: Account Identity Control Information (1):________________________(mother1): (mother’s maiden name, etc.) Account Identity Control Information (2):________________________(first 2): (first car owned, etc.) The above Account Identity Control Information will be used to identify you in the event that you have lost or do not remember your account ID or password. The User must provide two unique pieces of information as a shared secret with the AGO to verify your identity when account resets and other services that require identity verification are needed. It is the User’s obligation to provide and secure these shared secrets in the same manner that is required for account credentials. Employer Acknowledgement By signing below, you, as the User’s employer, acknowledge that you are a duly authorized representative of the User’s employer able to bind the employer to the terms of this Acknowledgement. By signing below, you, as the User’s employer, also agree that access by the employer may be rescinded at the discretion of the AGO, with prior notice, if the employer fails to take reasonable precautions, as defined above, to avoid a breach of this Policy and/or to ensure that the employer’s Users do not breach this Policy. Printed Name: ______________________________ Title: __________________________________ Employer’s Signature: _________________________ Date: __________________________________ Employer’s Phone Number: ____________________ Employer’s E-mail: ___________________________ Official AGO Use Only: AGO Contract #:_______________________ : Date: AGO ITS Work Order Number: ___________________________________________________ AGO issued username: ____________________________________________________________ AGO issued rights: _______________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ AGO Chief Information Officer, Chief Information Security Officer, or their designee Name: Title: Signature: Date: Comments: _________________________________________________________________________ ___________________________________________________________________________________ ___________________________________________________________________________________ ___________________________________________________________________________________ ___________________________________________________________________________________ ___________________________________________________________________________________ ___________________________________________________________________________________Information Technology Services Office of the Chief Information Officer Office 000-000-0000 Fax 000-000-0000 000 Xxxx Xxx Xxxxxx, 00xx Xxxxx Xxxxxxxx, Xxxx 00000 Form ITSSEC03 Rev. 01-15-2019 xxx.XxxxXxxxxxxxXxxxxxx.xxx Ohio Attorney General Non-Employee Network Access Policy Acknowledgement This Ohio Attorney General (“AGO”) Non-Employee Network Access Policy Acknowledgement (the “Acknowledgement”) sets forth the policies and procedures for network use by all non-AGO personnel and their employers accessing the AGO’s network (each a “User”). Any violation of this Policy may result in, among other penalties and liabilities, immediate removal of User access to all AGO systems and notification to the User’s employer of the violation. Some circumstances may justify termination of this Agreement for cause by the AGO. The AGO may temporarily suspend or block a User’s access to an account when it appears reasonably necessary to do so to protect the security of the AGO network or to protect the AGO from liability. All Users will be held personally responsible and liable, to the fullest extent of the law, for actions in violation of this Policy.

USER’S UNDERSTANDINGS.  User understands that any User who engages in electronic communications with people or entities in other states or countries, or on other systems or networks, are on notice that they may also be subject to the laws of those other states and countries and the rules and policies of those other systems and networks. User is responsible for obtaining, understanding, and complying with the laws, rules, policies, contracts, and licenses applicable to their particular uses.  User understands that the confidentiality and privileged nature of AGO files and information/data must be respected and protected. User understands that the AGO retains the right, right and has the capability, among other security measures, to review, audit, or monitor the User’s directories, files, e-mails (both sent and received), as well as Internet usage ) to ensure maintenance of information/data integrity. User also understands that the AGO has the right to remove or destroy unauthorized materials found on AGO networks and to terminate the User’s employment relationship with the AGO for breach of this Policy.  User understands that, among other security measures, the AGO makes backup copies and stores User information. User activities are therefore not private and User content is potentially stored on AGO servers. User also understands that the AGO is subject to public records disclosure and to discovery requests and that the User’s activities and information may be released pursuant to a public records or discovery request. User understands that web browsers leave “footprints” that provide a record of all site visits. Access to, and use of, the Internet is not confidential and may be a public record.  User understands that all Users and their employers will be held responsible and liable to the fullest extent of the law for actions while using the AGO’s network resources, computers, and Internet. User Acknowledgement By signing below, you, as a User, acknowledge that you have read and understand this Policy, and you, the User, agree to comply with the terms of this Policy. Printed Name of User: Title: User’s Employer: Contract End Date: ______________________ User’s Phone Number: _________________________ User’s E-mail: ___________________________ Requested Period of Access: From: To: Application or resources requested: Title: Contract End Date: User’s E-mail: To: (Client view, VPN, AGO Domain Account, systems supportCollections PayPortal, etc.) __________________________________________________________________________________ __________________________________________________________________________________ ): Public IP: ___________________________________ User’s Signature: Date: Account Identity Control Information (1):________________________(mother1): (mother’s maiden name, etc.) Account Identity Control Information (2):________________________(first 2): (first car owned, etc.) The above Account Identity Control Information will be used to identify you in the event that you have lost or do not remember your account ID or password. The User must provide two unique pieces of information as a shared secret with the AGO to verify your identity when account resets and other services that require identity verification are needed. It is the User’s obligation to provide and secure these shared secrets in the same manner that is required for account credentials. Employer Acknowledgement By signing below, you, as the User’s employer, acknowledge that you are a duly authorized representative of the User’s employer able to bind the employer to the terms of this Acknowledgement. By signing below, you, as the User’s employer, also agree that access by the employer may be rescinded at the discretion of the AGO, with prior notice, if the employer fails to take reasonable precautions, as defined above, to avoid a breach of this Policy and/or to ensure that the employer’s Users do not breach this Policy. Printed Name: ______________________________ Title: __________________________________ Employer’s Signature: _________________________ Date: __________________________________ Employer’s Phone Number: ____________________ Employer’s E-mail: ___________________________ Date: Official AGO Use Only: AGO Contract #:_______________________ : AGO ITS Work Order Number: ___________________________________________________ AGO issued username: ____________________________________________________________ AGO issued rights: _______________________________________________________________ _______________________________________________________________________________ _______________________________________________________________________________ AGO Chief Information Officer, Chief Information Security Officer, or their designee Name: Title: Signature: Date: Comments: _________________________________________________________________________ ___________________________________________________________________________________ ___________________________________________________________________________________ ___________________________________________________________________________________ ___________________________________________________________________________________ ___________________________________________________________________________________ ___________________________________________________________________________________Information Technology Services Office of the Chief Information Officer Office 000-000-0000 Fax 000-000-0000 000 Xxxx Xxx Xxxxxx, 00xx Xxxxx Xxxxxxxx, Xxxx 00000 Form ITSSEC01 Rev. 01-15-2019 xxx.XxxxXxxxxxxxXxxxxxx.xxx Ohio Attorney General Products and Services Standards of Conduct Policy User Acknowledgement The purpose of this Acknowledgement is to ensure that any individual (the “User”) accessing products and services of the Ohio Attorney General (“AGO”) (including all AGO network services and data which may include, but is not limited to, FTPS, e-mail, source data, database services, and user account management (“Products and Services”)) on AGO electronic networks become familiar with and acknowledge awareness of this Standards of Conduct Policy (the “Policy”) when connecting to the AGO network from any host to utilize AGO Products and Services. This Policy is designed to minimize the AGO and the State of Ohio’s potential exposure to damages which may result from unauthorized use of AGO Products and Services. Such damages include, but are not limited to, the loss or dissemination of sensitive or confidential data, loss or dissemination of intellectual property, damage to public image, and damage to critical AGO internal systems. Any violation of this Policy may result in immediate termination of User access to any or all AGO Products and Services and notification of the violation to the User’s employer signing this Policy in conjunction with the User. All Users will be held personally responsible and liable, to the fullest extent of the law, for actions in violation of this Policy. This Standards of Conduct Policy must be followed at all times. Therefore, all Employers and Users shall:  Utilize AGO’s network resources, applications, systems and any information provided therefrom for authorized use only.  Take reasonable precautions to ensure that the computer used to connect to AGO Products and Services is secure and free of malicious code. Examples of reasonable precautions include, but are not limited to: o Endpoint protection (e.g. anti-malware, user controls, etc.), o Perimeter protection (e.g. firewall, Host/Network Intrusion Detection System, Host/Network Intrusion Protection System, Demilitarized Zone, Universal Threat Management, etc.), o Audit logs, o Adequate physical security for data and systems, o System monitoring and auditing of the logs, o Incident response policy, and o Data safeguarding procedures appropriate for the type of data and access.  Protect against improper access, use, loss alteration or destruction of any AGO data. Examples of this protection include, but are not limited to: o Never sharing an account, o Reporting if the User has more access than needed, o Lock or log out of workstations when not actively using them, o Ensure workspaces are set up to prevent passersby from viewing any information, o Only using data or access to the data for the express authorized purpose, o Preventing the introduction of malicious code, Exhibit AGO Contract #: o Ensuring data is backed up or replicated, and o Ensuring data is not copied or does not leave the work environment.  Promptly notify the AGO if a Security Event has occurred or if suspicion of a Security Event has been identified. A Security Event includes, but is not limited to: o Any abnormality in the environment that could lead to a compromise of the system integrity or result in disclosure of data, o Hack attempts, o Malware, o Changes in security infrastructure, o System failures, o Compromised user accounts, and o Lost/stolen laptop or media.  Promptly notify the AGO of the date of separation if User leaves the employer or if access to AGO networks, applications, systems and/or AGO data is no longer required. Access to AGO Products and Services may be rescinded for failure to provide such notice.  Create a password in compliance with the AGO password criteria set forth below. The AGO reserves the right to change the password criteria from time to time. Compliance with the AGO password criteria will be enforced via automated password authentication or public/private keys with strong pass-phrases. The AGO password criteria are as follows: o Minimum 12 characters, o Must include 3 of the 4: a-z, A-Z, 0-9, and special characters, o Passwords will require being reset based on level of access at the AGO’s discretion, o Passwords must be kept securely by the account owner, and never be shared, o Passwords must not contain sequences 01, 123, abc, etc., o Passwords must not contain properly spelled dictionary words, and o Passwords must not be directly identifiable to the user (e.g. social security number, date of birth, spouse’s name, username, etc.). Password history will be retained for 24 changes to ensure unique passwords. Inactive accounts will be disabled at 90 days, and removed at 120 days. Users of accounts that reach 120 days of inactivity must reapply for an account.  Comply with all federal, Ohio and any other applicable law, including, but not limited to: Internal Revenue Service Publication 1075 which is based on United States Code Title 26, Section 6103; Ohio Revised Code Chapter 1347; the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the associated omnibus rule to modify the HIPAA Privacy, Security and Enforcement Rules; and the Health information Technology for Economic and Clinical Health (“HITECH”) Act.  Comply with all applicable contracts and licenses.