|
Page 29 of 48
<br />d) Pursuant to the audit provisions of the Master Agreement, upon the request of NASPO ValuePoint, the
<br />Lead State, or a Participating Entity, Contractor must provide an historic version of any Baseline Price List.
<br /> Purchase Orders.
<br />There will be no minimum order requirements or charges to process an individual purchase order. The Participating
<br />Addendum number and the PO number must appear on all documents (e.g., invoices, packing slips, etc.). The Ordering
<br />Entity’s purchase order constitutes a binding contract.
<br /> Risk of Loss or Damage.
<br />The Purchasing Entity is relieved of all risks of loss or damage to the goods or equipment during periods of
<br />transportation, and installation by the Contractor and in the possession of the Contractor or their authorized agent.
<br /> Payment Card Industry Data Security Standard and Cardholder Information Security.
<br />Contractor assures all of its Network Components, Applications, Servers, and Subcontractors (if any) comply with the
<br />Payment Card Industry Data Security Standard (“PCIDSS”). “Network Components” shall include, but are not limited to,
<br />Contractor’s firewalls, switches, routers, wireless access points, network appliances, and other security appliances;
<br />“Applications” shall include, but are not limited to, all purchased and custom external (web) applications. “Servers” shall
<br />include, but are not limited to, all of Contractor’s web, database, authentication, DNS, mail, proxy, and NTP servers.
<br />“Cardholder Data” shall mean any personally identifiable data associated with a cardholder, including, by way of
<br />example and without limitation, a cardholder’s account number, expiration date, name, address, social security number,
<br />or telephone number.
<br />Subcontractors (if any) must be responsible for the security of all Cardholder Data in its possession; and will only use
<br />Cardholder Data for assisting cardholders in completing a transaction, providing fraud control services, or for other uses
<br />specifically required by law. Contractor must have a business continuity program which conforms to PCIDSS to protect
<br />Cardholder Data in the event of a major disruption in its operations or in the event of any other disaster or system
<br />failure which may occur to operations; will continue to safeguard Cardholder Data in the event this Agreement
<br />terminates or expires; and ensure that a representative or agent of the payment card industry and a representative or
<br />agent of the Purchasing Entity shall be provided with full cooperation and access to conduct a thorough security review
<br />of Contractor’s operations, systems, records, procedures, rules, and practices in the event of a security intrusion in order
<br />to validate compliance with PCIDSS.
<br /> Foreign Outsourcing of Work.
<br />Upon request, the Contractor is required to provide information regarding the location of where services, data storage,
<br />and location of data processing under the Master Agreement will be performed.
<br /> State Audits (Minn. Stat. § 16C.05, subd. 5).
<br />The books, records, documents, and accounting procedures and practices of the Contractor or other party, that are
<br />relevant to the Master Agreement or transaction are subject to examination by the contracting agency and either the
<br />Lead State’s Legislative Auditor or State Auditor as appropriate for a minimum of six years after the end of the Master
<br />Agreement or transaction. The Lead State reserves the right to authorize delegate(s) to audit this Master Agreement and
<br />transactions.
<br /> Certification of Nondiscrimination (in accordance with Minn. Stat. § 16C.053).
<br />If the value of this Contract, including all extensions, is $50,000 or more, Contractor certifies it does not engage in and
<br />has no present plans to engage in discrimination against Israel, or against persons or entities doing business in Israel,
<br />when making decisions related to the operation of the contractor's business. For purposes of this section,
<br />"discrimination" includes but is not limited to engaging in refusals to deal, terminating business activities, or other
<br />actions that are intended to limit commercial relations with Israel, or persons or entities doing business in Israel, when
<br />such actions are taken in a manner that in any way discriminates on the basis of nationality or national origin and is not
<br />based on a valid business reason.
<br />DocuSign Envelope ID: 87F53414-136E-413E-907B-A408CF7AA97C
|