HomeMy WebLinkAboutFIR 07-25Report to Council
Report Number: FIR 07-25
Date: December 15, 2025
From: Steve Boyd
Fire Chief
Subject: Ontario Power Generation Memorandum of Understanding for Fire Protection and Emergency Management File: A-1440
Recommendation:
1. That Report FIR 07-25, regarding the Memorandum of Understanding for Fire Protection
and Community Emergency Management between The Corporation of the City of
Pickering and Ontario Power Generation Inc., be received;
2. That the Mayor and City Clerk be authorized to execute the Memorandum of Understanding with Ontario Power Generation Inc., as set out in Attachment 1 of this report, subject to such revisions as may be required by the Fire Chief and the Director,
Corporate Services & City Solicitor; and
3. That the appropriate City of Pickering officials be authorized to take the necessary actions to implement the recommendations in this report.
Executive Summary: The purpose of this report is to seek Council's approval to execute a new five-year Memorandum of Understanding (MOU) with Ontario Power Generation Inc. (OPG), effective January 2025. This MOU clarifies the cooperative relationship for fire protection services, coordinated emergency response, and community emergency
management for the OPG Pickering Nuclear Generating Station (PNGS) and the Pickering
Waste Management Facility (PWMF). Key elements include reciprocal mutual aid, compatibility of firefighting equipment, commitment to joint training and exercises, and significant annual financial support from OPG to Pickering Fire Services (PFS). The agreement ensures an important level of cooperation, additional resources for major incidents, and strengthens public
safety assurance.
Relationship to the Pickering Strategic Plan: The recommendations in this report respond to the Pickering Strategic Plan Priority of Advocate for an Inclusive, Welcoming, Safe &
Healthy Community; and Strengthen Existing & Build New Partnerships.
Financial Implications: The MOU provides substantial and critical financial support from
OPG to the City of Pickering, allocated to PFS for emergency response and training. The
financial commitment spans the five-year initial term (2025-2029) and is detailed in Appendix A of the MOU.
FIR 07-25 December 15, 2025
Page 2
Discussion: The purpose of this report is to seek Council's approval to execute a new five-year MOU with OPG, effective January 2025. The MOU is for an initial term of five years,
commencing in January 2025 and terminating on December 31, 2029, with automatic one-year
renewals thereafter unless terminated.
Key Provisions of the MOU:
• Mutual Aid: The agreement formalizes reciprocal mutual aid. In the event of an on-site
incident:
o PFS will respond as secondary responders to the PNGS Protected Area.
o PFS will respond as primary responders to the PNGS Controlled Area and the PWMF, assuming incident command.
o For major off-site incidents, OPG agrees to provide assistance (personnel and
equipment support) to Pickering upon request, within regulatory limitations.
• Equipment Compatibility: The parties agree that, to the extent of practicability, equipment shall be fully compatible. Specific commitment is made for self-contained breathing apparatus interchangeability, and compatibility of all fire hose threads and
fittings.
• Training & Exercises: PFS commits to annual familiarization tours, joint fire training activities, and joint fire response exercises at PNGS, PWMF, and potentially the Wesleyville Fire Training Academy. PFS participation in drills is conditional on the availability of overtime staffing and fire vehicles and must maintain minimum
complement at all Pickering fire stations.
• Fire Safety Plan: OPG and PFS commit to jointly signing and annually reviewing the fire safety plans for the PNGS Site, PNGS Facilities, and PWMF, consistent with the
National Fire Code of Canada.
• Liabilities & Insurance: The MOU contains detailed clauses on liability and indemnification for both parties, as well as a requirement for both OPG and Pickering to maintain Commercial General Liability insurance of at least $25 million and Motor
Vehicle Liability insurance of at least $2 million.
This MOU provides a robust framework for a continued productive working relationship with OPG, securing resources and capabilities essential for the community's safety.
Attachment:
1. Memorandum of Understanding for Fire Protection and Community Emergency Management dated January 1, 2025, to December 31, 2029
FIR 07-25 December 15, 2025
Page 3
Prepared By/Endorsed By:
Original Signed By
Steve Boyd
Fire Chief
:sb
Recommended for the consideration
of Pickering City Council
Original Signed By
Marisa Carpino, M.A. Chief Administrative Officer
Attachment 1 to Report FIR 07-25
P-CORR-09076-XXXXXXX
Memorandum of Understanding
Fire Protection and Community Emergency Management
Between
The Corporation of the City of Pickering and
Ontario Power Generation Inc.
January 2025
2
Memorandum of Understanding
Fire Protection and Community Emergency Management
Between The Corporation of the City of Pickering ("Pickering")
and Ontario Power Generation Inc. ("OPG")
1. Application
This Memorandum of Understanding ("MOU) applies to the provision of fire protection services, including fire safety planning, fire inspections and coordinated emergency response between Pickering, and OPG Pickering Nuclear Generating Station ("PNGS"),
OPG Pickering Waste Management Facility (“PWMF”), and financial support for
Pickering's Community Emergency Management Program ("CEMP"). The parties hereto intend this to be a binding document.
2. Purpose
It is understood that OPG and the Canadian Nuclear Safety Commission ("CNSC") are
solely accountable for all fire safety provisions at PNGS. Nonetheless, it is recognized
that there exists a cooperative and collaborative relationship between OPG and Pickering with respect to fire protection, emergency response, and community emergency management and that relationship should be maintained and enhanced.
In order to clarify and strengthen the co-operative working relationship between OPG
and Pickering, it is appropriate that the two parties execute this MOU concerning fire
protection and community emergency management.
This MOU recognizes the significant benefits to be gained by both parties in developing and maintaining a co-operative working relationship with respect to community emergency management and fire safety.
In summary, the MOU provides for a high level of cooperation between the parties and
will assist in providing a strong foundation for continued productive working relationships between Pickering and OPG. More importantly, it provides the local community with access to additional resources from OPG to deal with major incidents, improved training for emergency response staff and confidence that public safety is
assured at all times.
Additionally, this agreement recognizes the reciprocal level of expertise that Pickering Fire Service (“PFS”) provides to OPG through its emergency response, incident management, and emergency preparedness activities.
3. Mutual Aid Arrangements for on-site and off-site Emergencies
Both Pickering and PNGS have substantial firefighting and emergency response
3
resources at their disposal. It is acknowledged that the combined resources are a significant force that should be made available to help safeguard the community in the event of a major incident. It is also recognized that a major incident, either on-site or off-
site, would tax the resources of the respective fire and emergency crews either at
PNGS or Pickering.
In the event of a major off-site incident, OPG agrees to provide assistance to Pickering, if requested, and within the limitations of the Pickering Power Reactor Operating License (“PROL”), the PWMF Waste Facility Operating License (“WFOL”), OPG's
regulatory commitments to the CNSC, all applicable CNSC regulatory guidance
documents and all laws in force at the time the assistance is sought. This assistance may include personnel (e.g. drivers for OPG vehicles), equipment and supplies to support Pickering in their efforts to control and/or mitigate an emergency.
Notwithstanding the foregoing, it is acknowledged that OPG personnel will not engage
in active firefighting activities off OPG property but will provide assistance in a support
capacity.
PNGS is staffed with full-time National Fire Protection Association 1081 qualified emergency response personnel available 24 hours a day, seven days a week.
PFS fire department training meets the mandatory certification and implementation plan
as per Ontario O. Reg 343/22 Fire Fighter Certification which bounds the CSA N293
requirements for an Industrial Fire Brigade. PFS is staffed with NFPA 1001 and 1002 qualified fire fighters, NFPA 1021 Level 1 Captains, and NFPA 1021 Level 2 Platoon Chiefs.
In the event of an on-site incident concerning PNGS, OPG will respond as the primary
responder and assume incident command. Pickering Fire Service will be called to fire
events to provide assistance as required. PNGS shall provide clearly marked access routes for responding emergency vehicles and shall provide an escort as required to the fire location.
In the event of an on-site incident concerning PWMF, PFS will respond as the primary
responders and assume incident command. PNGS shall provide clearly marked access
routes for responding emergency vehicles and shall provide an escort as required to the fire location.
4. Equipment and Supplies
It is recognized that if equipment and supplies are to be shared as agreed above, then
such equipment and supplies should be fully compatible as possible.
It is agreed that, to the extent practicable, equipment and supplies purchased and used at PNGS shall be fully compatible with equipment and supplies used by PFS.
Every commercially reasonable effort will be made by OPG to ensure full compatibility with equipment used by PFS. Self-contained breathing apparatus shall be the same and
4
air cylinders shall be interchangeable. All fire hose threads and fittings shall be compatible, or adapters purchased to ensure that all PFS hoses, nozzles and related equipment are interchangeable.
5. Fire Safety Plan
Subsection 2.8.2 of the National Fire Code of Canada (“NFCC”) requires the preparation of a fire safety plan in cooperation with the fire services and other applicable regulatory authorities, in order to protect people and property from fire and its effects. To this end, OPG shall prepare a fire safety plan that is consistent with the requirements
of NFCC.
The Manager of Fire Protection - OPG, or an authorized delegate, and the Fire Chief - PFS, or an authorized delegate, shall jointly sign the fire safety plans for
• PNGS Site,
• PNGS Facilities, and
• PWMF.
In order to ensure the fire safety plan remains current and up-to-date, it shall be
reviewed at least once a year and amendments shall be made as required. These
amendments shall be approved by the Manager - Fire Protection Operations OPG, or an authorized delegate, and the Fire Chief - PFS, or an authorized delegate.
6. Mutual Work Plan
In every calendar year to which this MOU applies, OPG and PFS will collaborate and
agree on the joint activities which PFS and OPG propose to undertake during the year.
7. Financial Support
In every calendar year to which this MOU applies, OPG shall provide an annual payment to Pickering in accordance with Appendix A of this Agreement, subject to any payment adjustment as contemplated and required by the last paragraph in this section.
The financial support will be allocated to PFS emergency response and training. In
exchange for the annual payments by OPG, PFS agrees to respond to fires and emergencies at PNGS Protected Area (as secondary respondents), PNGS Controlled Area (as primary respondents), and PWMF (primary respondents). PFS will also commit to annual familiarization tours, joint fire training activities and joint fire response
exercises at PNGS, the PWMF, and Wesleyville Fire Training Academy.
OPG and PFS recognize that drills and exercises contribute toward creating a robust joint response capability and unified command structure. In support of this, PFS agrees to participate in 1 drill annually jointly with OPG at PNGS, and 1 drill annually at the PWMF. PFS will jointly participate with OPG in the planning of response drills,
exercises, tours and training, but it is understood that the implementation of response
drills, exercises, tours and training shall be the responsibility of OPG and PNGS. Drill
5
participation may include up to 2 PFS trucks fully staffed and a PFS Incident Commander where drill scope and municipal staffing supports.
Notwithstanding the foregoing, it shall be understood that participation by PFS in
response drills, exercises, tours and training is conditional on the availability of overtime
staffing and fire vehicles, but Pickering agrees to use best efforts to participate in such response drills, exercises, tours and training. All PFS and OPG emergency responses shall take precedence over any response drills, exercises, tours and training.
PFS has a responsibility to maintain minimum response capability to Pickering and
therefore, PFS staffing shall remain at least at minimum complement at all Pickering fire
stations during any response drills, exercises, tours and training, and that any staff that participate in response drills, exercises, tours and training shall be called in on overtime or taken from on duty complement provided minimum complement at all Pickering fire stations is met, and subject to approval by the Fire Chief - PFS.
PFS staff will actively participate in interior firefighting response protocol drills with OPG
industrial fire brigade. The intention is that these drills will provide learning opportunities for all participants and promote team culture. PFS participation in fire drills or training activities at Wesleyville Fire Training Academy is in addition to the PNGS, and PWMF and is at the sole discretion of PFS.
PFS will forward to OPG on or before the 1st day of December each year, a brief program report in such form and detail as may reasonably be requested by OPG, showing:
A. The financial allocation of that current calendar year, including a high-level summary of costs spent on relevant staff positions; participation in exercises, and
meetings; and any relevant program enhancements; and,
B. A brief summary of the relevant work expected to be conducted in the subsequent calendar year
The amount of any payment(s) to be made by OPG under this Agreement will increase by a percentage equal to the percentage of any increase in Pickering Firefighters’
wages during the term of this Agreement which is agreed to in a collective bargaining process. The City of Pickering will provide proof of such wage increase(s) as it becomes available. Any payment increases which are required under this section will be retroactive to the date that the City is required to commence paying Pickering Firefighters an increased wage amount. Any retroactive amounts owing by OPG as a
result of this section shall be payable upon the City providing proof to OPG of a wage increase resulting from the collective bargaining process”.
8. Employees
Notwithstanding any provisions or arrangements contained within this MOU, all
6
employees of Pickering and all employees of the OPG shall remain employees of their respective organizations. Furthermore, all collective agreements and terms of employment of the respective organizations shall remain in full force and effect.
9. Liabilities
(a) OPG shall indemnify and save harmless Pickering from and against all claims, losses, damages, actions, suits or proceedings arising out of this MOU and resulting from acts or omissions of OPG, its employees, agents and contractors involving gross negligence or misconduct in responding to a request for
assistance by Pickering and acts or omissions of Pickering or its employees,
agents or contractors related to any involvement at PNGS, other than acts or omissions involving gross negligence or willful misconduct of Pickering, or its employees, agents or contractors.
(b) Subject to the application of the Nuclear Liability and Compensation Act, S.C.
2015 (the “Nuclear Liability Act"), Pickering shall indemnify and save harmless
OPG from and against all claims, losses, damages, actions, suits or proceedings arising out of this MOU and resulting from acts or omissions of Pickering , its employees, agents and contractors involving gross negligence or misconduct related to any involvement at PNGS and acts or omissions of OPG, or its
employees, agents, or contractors in responding to a request for assistance by
Pickering, other than acts or omissions involving gross negligence or willful misconduct of OPG, or its employees, agents, or contractors. Further, and notwithstanding the limitations of liability at sections 9(c) and 9(d), Pickering shall indemnify and save harmless OPG from and against all claims, losses, damages,
actions, suits or proceedings resulting from Pickering employees’, agents’ or
contractors’ access to, or participation in, any training exercises at the Wesleyville Fire and Rescue Yard, located at 2655 Lakeshore Road, Port Hope, Ontario, save and except claims resulting from the gross negligence or willful misconduct of OPG, its employees, agents or contractors.
(c) Subject to section 9(b), in no event whatsoever will either OPG or Pickering be
liable for
i. indirect, special, incidental, contingent or consequential damages including loss of goodwill, loss or damage to data, or any information, loss of actual or anticipated revenue or profits, failure to realize expected
savings, loss of use or any other economic loss whatsoever, even if OPG
or Pickering, as the case may be, has been advised of the potential for such damages. However, Pickering shall be reimbursed for replacement and rental costs incurred pending delivery of new vehicle(s) and/or associated equipment in the event that any vehicle and/or associated
equipment related to any involvement at PNGS become(s) unusable as a
result of contamination; and
7
ii. Punitive, exemplary or aggravated damages.
(d) Additionally, in no event whatsoever will Pickering be liable for:
i. direct physical damage to the radioactive or non-conventional (nuclear)
parts of PNGS; and
ii. direct physical damage to the conventional (non-nuclear) parts of PNGS or PNGS property, provided that the damage or loss is not covered by conventional Commercial General Liability and/or Motor Vehicle Liability insurance policies.
10. Insurance
OPG and Pickering shall each maintain in effect Commercial General Liability insurance in the amount of at least $25 million dollars and Motor Vehicle Liability insurance in the amount of at least $2 million dollars. Pickering and OPG shall be named as additional insured on the respective Commercial General Liability insurance
policies and supply a certificate of insurance evidencing such coverage and shall further
provide certified copies of insurance policies upon request, such request only to be made in the event of a potential claim situation where OPG's or Pickering's interests may be insured by the insurance coverage noted herein.
The Commercial General Liability insurance coverage shall not be cancelled by either
party without providing the other party with 60 days written notice. The party's insurers
shall provide a waiver of subrogation to the other party, its employees, agents or contractors for such liability as the parties have assumed under this provision of the MOU.
11. Confidentiality of Security Related Information
All information obtained by Pickering in the course of carrying out the terms of this MOU
and which is identified as confidential by OPG because of its security implications, shall not be disclosed by Pickering to third parties except with the prior written consent of OPG and except in accordance with applicable law. Without limiting the generality of the foregoing, such information may include the type, location and operation of the
emergency systems of all buildings, the nature and location of any hazardous materials
and the operation, features and location of security equipment. Pickering shall make its employees who are likely to become involved in the activities contemplated in this MOU aware of Pickering's non-disclosure obligations as stated herein.
12. Cyber Security
Pickering will, at all times throughout the Term, maintain or cause to be maintained
those cyber security requirements as outlined in Schedule 12.
8
13. Term of this Memorandum
This MOU is effective as of the date first noted and, unless terminated earlier as provided hereunder, will remain in full force and effect for a term of 5 years terminating
on December 31, 2029 (the Initial Term"). The Initial Term will thereafter automatically
renew for additional 1-year periods (the Initial Term and any renewal thereof being collectively referred to herein as the "Term") unless either party terminates this MOU by no less than 30 days written notice prior to the end of the then current Term.
14. Termination of this Memorandum
Either party to this MOU may provide written notice of intent to terminate this MOU to
the other party at any time. A copy of the written notice of intent shall be forwarded to the CNSC. Immediately following the expiry of 180 days after such notice the MOU shall no longer be in effect.
15. Amendments
Except as otherwise expressly provided in this Agreement, no supplement, restatement
or termination of this MOU in whole or in part is binding, unless it is in writing and signed by each party.
As material circumstances change, parties agree to work together to align on changes needed to address any unique items not originally considered under this MOU.
16. Authorization
Pickering has duly and validly authorized the execution, delivery and performance of this MOU and no other approvals are necessary to authorize this MOU.
17. Severability
If any term of this MOU is or becomes illegal, invalid or unenforceable, the illegality,
invalidity or unenforceability of that term will not affect the legality, validity or
enforceability of the remaining terms of this MOU and the parties will, if necessary, amend this MOU to accomplish the intent of the parties as originally set out in this Agreement to the maximum extent allowed by applicable laws.
18. Governing Law
This MOU is intended to be legally binding between the parties. This MOU and each of
the documents contemplated by this MOU are governed by and are to be construed and interpreted in accordance with, the laws of Ontario and the laws of Canada applicable in Ontario. Each of the parties irrevocably submits to the non-exclusive jurisdiction of the
9
courts of Ontario. No party will oppose the enforcement against it in any other jurisdiction of any judgment or order duly obtained from an Ontario court respecting this MOU. A party may affect service of summons or any other legal process that may be
served in any action, suit or other proceeding by delivering any such process to another
party in accordance with Section 20.
19. Counterparts
This MOU and any amendment, restatement or termination of this MOU in whole or in part may be signed and delivered electronically or in any number of counterparts, each
of which when signed and delivered is an original but all of which taken together
constitute one and the same instrument. Any counterpart signature transmitted by sending a scanned copy by electronic mail or similar electronic transmission will be deemed to be an original signature.
20. Notices
Any communication concerning this MOU shall be issued in writing and delivered or
mailed to the following addresses of the parties respectively:
If to Pickering: The City of Pickering Attention: Fire Chief Cc:
If to OPG:
Ontario Power Generation Attention: VP Security and Emergency Services
In Witness Whereof the parties have executed this MOU through their officers duly authorized on that behalf.
10
Ontario Power Generation Inc.
By: Name: Andy Owen Title: Vice President, Security and Emergency Services
The City Of Pickering
By: Name:
Title:
11
Schedule 12
Cyber Security
1.1 Certain Definitions. For the purposes of this Schedule 12:
(a) "Cyber Asset" means:
1. any asset designated by OPG as a Cyber Asset; or
2. any computing hardware, software, firmware or other computing or information technology that:
A. is transferred, licensed, made available or otherwise provided by
Pickering to OPG under this MOU, or is used exclusively by Pickering for OPG under this MOU, and
B. has the ability to impact the availability, integrity or confidentiality of OPG Systems and Information,
unless OPG expressly specifies that such computing hardware, software,
firmware or other computing or information technology is not considered a Cyber Asset under this MOU.
(b) "Cyber Equipment" means any of Pickering 's computing hardware, software, firmware or other computing or information technology that is:
1. not a Cyber Asset; and
2. connected to any OPG Systems and Information or is used to access,
create, modify, store, process or transmit OPG Data in the course of performing Pickering's obligations under this MOU.
(c) "Cyber Services" means any application, infrastructure or related service provided by Pickering in relation to:
1. any asset designated by OPG as a Cyber Asset; or
2. any computing hardware, software, firmware or other computing or information technology that has the ability to impact the availability, integrity or confidentiality of OPG Systems and Information, unless OPG expressly specifies that such application, infrastructure or related service
is not considered Cyber Services under this MOU.
(d) "OPG Data" means all information relating to OPG, its business, financial position, assets, technology, operations, activities or proposed activities and prospects, including any technical, commercial, legal, financial, strategic, tactical,
regulatory or governmental information, reports, drawings, specifications,
contracts, business plans, projections, forecasts or other documents or
12
information, whether Written or oral, and including such information that is provided to Pickering by OPG or its representatives, or otherwise received or accessed by Pickering, under this MOU, or created or provided to OPG by
Pickering under this MOU.
(e) "OPG Systems and Information" means OPG's networks, information systems, industrial control systems, or any components thereof (including computing hardware, software, firmware or other computing or information technology), or any OPG Data.
1.2 Cyber Security Requirements. Pickering:
(a) represents and warrants to OPG that: (i) Pickering has a written and enforceable cyber security policy, and has established and maintains a cyber security program that is designed and implemented to prevent, detect and respond to cyber-attacks that may impact OPG Systems and Information; and (ii) Pickering
's personnel (which, for the purposes of these requirements, includes any Pickering personnel having access to OPG Systems and Information) have completed position appropriate cyber security training;
(b) will immediately revoke all access to OPG Systems and Information for any of Pickering's personnel who are terminated or no longer need access to OPG
Systems and Information;
(c) will notify OPG by sending an email to sccs@opg.com within 48 hours after discovering any security breach, incident or vulnerability impacting or otherwise involving OPG Systems and Information (including any Cyber Equipment if Pickering acting reasonably, believes any such security breach, incident or
vulnerability may have impacted or may potentially impact OPG Systems and Information), and furthermore if such security breach, incident or vulnerability relates to any Cyber Asset, Cyber Equipment, or Cyber Services, Pickering will also: (i) include in such written notification of any security breach, incident or vulnerability to OPG a description of the breach, incident or vulnerability, its
potential security impact, its root cause, a remediation plan, and recommended mitigating or corrective actions; and (ii) promptly and continuously cooperate and coordinate with OPG to prevent, stop, contain, mitigate, resolve, recover from, respond to, and otherwise deal with any security breach, incident or vulnerability, including by providing OPG with ongoing status reports;
(d) will (i) ensure that no contaminants, including viruses, worms, Trojan horses, adware, spyware, trackware, hack tools, dialers, joke programs, time locks or other software routines, codes or instructions of a similar nature are placed on, or allowed access to, any OPG Systems and Information; and (ii) perform patching and. testing on any Cyber Equipment, including through the performance of anti-
malware and vulnerability scans, in order to identify and correct or mitigate any cyber security weaknesses or vulnerabilities;
13
(e) will, if OPG provides specific personnel of Pickering with a unique user identification (ID) to access OPG Systems and Information ("Designated Named Account(s)") (i) ensure only Pickering 's personnel designated by name may use
the Designated Named Account(s); (ii) ensure the Designated Named Account(s)
are not shared with any individual or entity other than Pickering 's designated personnel; and (iii) notify OPG immediately after becoming aware of a decision to terminate or re-assign any of Pickering 's personnel to whom OPG provided Designated Named Account(s) to allow OPG to revoke such Pickering 's
personnel's access on a timely basis;
(f) will, if OPG provides Pickering with a generic user identification (ID) to access OPG Systems and Information ("Generic Account"), (i) ensure only Pickering 's personnel authorized by OPG may use the Generic Account; (ii) ensure the Generic Account is not shared with any individual or entity other than Pickering's
designated personnel; (iii) change the password for the Generic Account on a periodic basis in accordance with best practices; and (iv) notify OPG immediately after becoming aware of a decision to terminate or re-assign any of Pickering 's personnel authorized by OPG and change the password for the Generic Account immediately following such termination or re-assignment;
(g) will, if remote access (such as Pickering -initiated interactive remote access or system-to-system remote access) is required to access OPG Systems and Information, (i) only use those internet protocol (IP) addresses, ports, and minimum privileges required for the remote access as mutually agreed by the parties; (ii) only use Designated Named Account(s); and (iii) in case of system-to-
system connections that may limit OPG's capability to authenticate the personnel connecting from Pickering 's systems, maintain complete and accurate books, user logs, access credential data, records, and other information applicable to connection access activities for the entire Term of this MOU;
(h) will ensure that OPG Data is properly safeguarded; and
(i) will, if Pickering is required by OPG to dispose of OPG Systems and Information,
ensure that (i) the disposal is done securely and in a timely manner and in compliance with applicable laws; and (ii) if Pickering retains any OPG Data created on Pickering 's Cyber Equipment by its normal back-up procedures, Pickering: (a) has restricted access to any backed-up OPG Data; (b) does not
intentionally attempt to recover such OPG Data, unless directed by OPG or
required by applicable laws; and (c) if Pickering does recover any such OPG Data (including as a result of a disaster recovery procedure), Pickering will immediately dispose of such OPG Data, unless directed by OPG or required by applicable laws, provided that if Pickering is required by applicable laws to
recover or disclose any such OPG Data, Pickering will provide OPG prompt
notice of such requirement and the details thereof so that OPG may challenge such requirement or seek an appropriate protective order; consult with OPG on the advisability of taking legally available steps to resist or narrow such requirement; disclose only such OPG Data as is required by applicable law; and
14
use best efforts to obtain an order or other reliable assurance that confidential treatment will be accorded to such OPG Data.
1.3 Cyber Assets or Cyber Services. If Pickering is providing any Cyber Asset or
Cyber Service to OPG, in addition to the foregoing, Pickering will:
(a) provide to OPG: (i) documentation that describes Pickering's applicable aspects of its system development lifecycle and patch management program and update processes; (ii) documentation that describes the cyber security features and wireless or remote networking capabilities of the Cyber Asset; and (iii) cyber
security-focused instructions, including manuals, for the maintenance, support and reconfiguration of the Cyber Asset, and best practice recommendations for hardening of the Cyber Asset and, as applicable, OPG Systems and Information;
(b) provide to OPG the appropriate patches and/or updates to remediate any security vulnerabilities in the Cyber Asset within seven days after becoming
aware of any vulnerabilities, disclose to OPG its mechanisms to deliver software,
firmware and patches, including checksums, digital signatures or other means of identification for all software, patches and configuration files, and ensure its controls will enable OPG to verify the authenticity and integrity of the patches delivered through these mechanisms. lf patches and/or updates cannot be made
available by Pickering within the specified period, Pickering will provide
mitigations and/or workarounds until the patches and/or updates are available and provided. This provision also applies to all third-party components used in the Cyber Asset;
(c) if applicable, use tamper-evident packaging when supplying to OPG any
computing hardware and, at OPG's request, provide copies of any
documentation to show the chain-of-custody for such hardware; and
(d) use information technology security best practices in the development of the Cyber Asset and will ensure that: (i) there are no hardcoded passwords utilized in the Cyber Asset; (ii) there are no accounts or known methods that are able to
bypass authentication in the Cyber Asset, unless Pickering has made OPG aware of, and OPG has accepted in writing, such accounts or methods; and (iii) the most critical cyber security weaknesses are addressed in Pickering 's system development life cycle (Pickering will refer to applicable standards, such as the SANS Top 25 Most Dangerous Software Errors, the OWASP Top 10, or their
successors).
Appendix A Payment Schedule
Year Inflation Increase Amount payable to Pickering by January 1*
2025 $ 292,550
2026 102% $ 298,401
2027 102% $ 304,369
2028 102% $ 310,456 2029 102% $ 316,665
* Note: Subject to adjustments required by section 7