Meridian Systems

Cloud & Infrastructure

Statement of Work SOW-2026-0417

Statement of Work

Core Banking Private-Cloud Migration

This Statement of Work defines the migration of Coastal Credit Union's core banking platform from on-premise infrastructure to a dedicated private cloud, executed across five governed milestones with full parallel-run validation, a rehearsed cutover, and a 30-day hypercare window before decommissioning legacy systems.

Provider

Meridian Systems, LLC

1400 Tech Center Pkwy, Suite 600, Austin, TX 78759

Referred to herein as the "Provider."

Client

Coastal Credit Union

88 Seabright Ave, Wilmington, NC 28401

Referred to herein as the "Client."

Total Fee

$184,000

Duration

16 weeks

Milestones

5

Effective

Mar 2, 2026

This SOW is issued under and governed by the Master Services Agreement dated MSA-CCU-2025-11

Scope at a Glance Five governed milestones · each gated on signed acceptance

M1 Discovery & Architecture Reference architecture, network topology, and a step-by-step migration runbook with named owners and rollback paths.

M2 Environment Build Production and pre-production tenancies provisioned, segmented, encrypted, and monitored — backups tested end-to-end.

M3 Workload Migration Core database, application tier, and nightly batch/reporting jobs migrated and reconciled to the record against legacy.

M4 Parallel Run & Validation A 10-day supervised parallel run proving transaction, statement, and regulatory-report parity to the cent.

M5 Cutover & Hypercare Rehearsed go-live with a documented rollback, a 30-day hypercare window, and the operations handoff to the Client's team.

SOW-2026-0417 · Coastal CU · Core Banking Migration Page 1 of 5

01

Scope of Work

What this engagement covers — the boundary, and how the work is governed

Provider will design, provision, and operate a dedicated private-cloud environment for the Client's core banking platform, migrate all production and reporting workloads, validate functional parity through a supervised parallel run, and execute a rehearsed weekend cutover. Work is delivered in five milestones, each gated on signed acceptance before the next begins, and each carrying a documented rollback path so the Client is never exposed to an unrecoverable state.

In Scope

+Architecture and provisioning of the dedicated private-cloud tenancy, network segmentation, and encryption at rest and in transit.

+Migration of the core banking database, application tier, and nightly batch/reporting jobs to the new environment.

+A 10-business-day supervised parallel run validating transaction, statement, and regulatory-report parity against legacy.

+A rehearsed go-live cutover with a documented rollback plan and a 30-day hypercare support window.

+Knowledge transfer and an operations runbook handed to the Client's infrastructure team at close.

Out of Scope

–Member-facing online and mobile banking front-ends (covered under a separate SOW).

–New feature development or business-logic changes to the core banking application.

–Third-party processor and card-network re-certification, owned by the Client.

–Hardware disposal and physical decommissioning of the legacy data-center footprint.

–Member communications, branch training, and regulatory examiner liaison, owned by the Client.

Cadence & Reporting

A weekly 30-minute steering checkpoint with the named sponsors, a written status report each Friday with risk/issue log and burn-down, and a milestone-exit review before any acceptance sign-off. <b>RAG status</b> escalates to the executive sponsors on any amber held two weeks running.

Roles & Decisions

Provider supplies a migration lead, a solutions architect, and a DBA; the Client names a technical sponsor (decisions), a DBA (production access), and a compliance reviewer (regulatory sign-off). Acceptance decisions sit with the <b>Client technical sponsor</b>; scope changes require both sponsors.

Assumptions & Dependencies

The Client will provide read access to production schemas, a named technical sponsor, and a maintenance window for the cutover weekend. Provider's timeline assumes the existing data model is documented to the level supplied in discovery; material undocumented dependencies surfaced after Milestone 1 are handled via the change-control process on the execution sheet. Regulatory examiners are notified by the Client at least 30 days before go-live, and a frozen change window applies to the legacy platform for the duration of the parallel run.

SOW-2026-0417 · Core Banking Migration Initials Page 2 of 5

02

Deliverables & Acceptance Criteria

Each deliverable is "done" only when its acceptance test is signed

Standard of Acceptance

Every deliverable below is submitted in writing with its evidence package. The Client has five business days to test against the stated criteria and either accept or return a written defect list; silence past five days is deemed acceptance. A deliverable not yet accepted does not release its milestone payment, and no later milestone begins until its predecessor is accepted.

D1

Target Architecture & Migration Runbook

Approved private-cloud reference architecture, network topology, security controls map, and a step-by-step migration runbook covering the data, application, and batch tiers with named owners and rollback steps.

Accept whenArchitecture review board signs off; the runbook passes a tabletop walkthrough with zero unresolved P1 gaps; delivered as a versioned PDF within two business days of the review.

D2

Provisioned Private-Cloud Environment

Fully provisioned production and pre-production tenancies with network segmentation, encryption, monitoring, alerting, and automated backup policies live and documented.

Accept whenInfrastructure-as-code applies cleanly to a fresh tenancy; the CIS-benchmark scan returns no high findings; a backup restore test completes successfully end-to-end and is witnessed by the Client DBA.

D3

Migrated Core Banking Workloads

Core database, application tier, and nightly batch/reporting jobs migrated and operating in the new environment, with monitoring dashboards and runbooks updated to match.

Accept whenAll nightly batch jobs complete within the legacy time window ±10%; row-count and checksum reconciliation matches source to the record; no data-integrity exceptions are logged across three consecutive runs.

D4

Parallel-Run Validation Report

A signed report from the 10-business-day supervised parallel run proving functional parity for transactions, member statements, and regulatory reports, with a defect register and disposition for each item.

Accept whenTransaction, statement, and NCUA-report outputs match legacy to the cent across the run; every defect is triaged and either resolved or formally waived in writing by the Client sponsor.

D5

Production Cutover & Hypercare Handoff

Executed go-live cutover, a 30-day hypercare window with priority response, and an operations handoff package transferring run responsibility to the Client's infrastructure team.

Accept whenCutover completes inside the maintenance window with rollback unused; the first 30 days run with no Sev-1 incidents attributable to migration; runbooks and the on-call handoff are accepted in writing.

SOW-2026-0417 · Core Banking Migration Initials Page 3 of 5

03

Milestones & Investment

Five governed milestones over 16 weeks — billed against signed acceptance

Total Fixed FeeInclusive of labor, tooling, and the listed cloud-tenancy build

$184,000

1WK 1–3

Discovery & Architecture

Mar 2 – Mar 20, 2026

Closes on acceptance of D1 — Target Architecture & Migration Runbook.

$27,600

15% · on D1

2WK 4–6

Environment Build

Mar 23 – Apr 10, 2026

Closes on acceptance of D2 — Provisioned Private-Cloud Environment.

$36,800

20% · on D2

3WK 7–10

Workload Migration

Apr 13 – May 8, 2026

Closes on acceptance of D3 — Migrated Core Banking Workloads.

$46,000

25% · on D3

4WK 11–13

Parallel Run & Validation

May 11 – May 29, 2026

Closes on acceptance of D4 — Parallel-Run Validation Report.

$46,000

25% · on D4

5WK 14–16

Cutover & Hypercare

Jun 1 – Jun 19, 2026

Closes on acceptance of D5 — Production Cutover & Hypercare Handoff.

$27,600

15% · on D5

Invoicing

Invoices issue on signed acceptance of each milestone and are payable Net-30. Provider may pause work on any invoice more than 15 days past due, and the schedule shifts one-for-one for any such pause.

Change Requests

Work outside the scope on Sheet 01 is estimated and approved via a written change order before it begins, billed at $185/hr or a fixed fee as agreed by both sponsors.

Expenses & Schedule

The fee is all-inclusive; no travel pass-throughs are anticipated. Dates assume a Monday start each week and exclude federal banking holidays; Milestone 4 is the long pole and any slip there moves the cutover one-for-one.

SOW-2026-0417 · Core Banking Migration Initials Page 4 of 5

04

Authorization & Change Control

Signed below, this SOW is incorporated into the governing MSA

Engagement

Core Banking Cloud Migration

Total Fee

$184,000

Duration

16 wk

Milestones

5

General Provisions

Change control. Any change to the scope, deliverables, schedule, or fee in this SOW takes effect only through a written change order signed by both named sponsors. Verbal or informal requests do not alter this SOW, and Provider is not obligated to perform unscoped work without one.

Governing agreement. This SOW is incorporated into and governed by the Master Services Agreement referenced on the title sheet. Where this SOW and the MSA conflict, the MSA controls except as to scope, deliverables, fees, and schedule, which this SOW controls.

Acceptance. A deliverable is accepted when the Client signs its acceptance criteria or fails to respond within five business days of submission. Provider warrants each deliverable against material defects for 30 days after acceptance and will remediate at no charge within that window.

Confidentiality & data. All member data accessed during migration is Confidential Information under the MSA. Provider holds no copies beyond the active environments and certifies destruction of migration staging data within 30 days of go-live.

Term & termination. This SOW commences on the effective date and remains in force until the final deliverable is accepted and the hypercare window closes, unless terminated under the MSA. On termination for convenience, the Client pays for all accepted milestones plus work in progress to the date of notice.

Notices. Formal notices under this SOW are sent to the named sponsors at the addresses on the title sheet, in writing, by email with read receipt and confirmed by a copy sent by recognized courier. A change of notice contact is itself a notice.

By signing below, the named representatives confirm the scope, deliverables, milestones, and fee schedule above and authorize work to begin under SOW SOW-2026-0417. Each signatory warrants they are authorized to bind their organization.

Provider

Meridian Systems, LLC

Printed Name

Title

Signature

Date

Client

Coastal Credit Union

Printed Name

Title

Signature

Date

This Statement of Work, SOW-2026-0417, comprises five pages and supersedes prior drafts upon signature by both parties.

SOW-2026-0417 · Core Banking Migration Page 5 of 5