|
L. Software Piracy Prohibition. State or other public funds payable under this PO shall not be used
<br /> for the acquisition, operation, or maintenance of computer software in violation of federal copyright laws
<br /> or applicable licensing restrictions. Vendor hereby certifies and warrants that, during the term of this
<br /> PO and any extensions, Vendor has and shall maintain in place appropriate systems and controls to
<br /> prevent such improper use of public funds. If the State determines that Vendor is in violation of this
<br /> provision, the State may exercise any remedy available at law or in equity or under this PO, including,
<br /> without limitation, immediate termination of this PO and any remedy consistent with federal copyright
<br /> laws or applicable licensing restrictions.
<br /> M. Information Technology. To the extent that Vendor provides physical or logical storage of State
<br /> Records; Vendor creates, uses, processes, discloses, transmits, or disposes of State Records; or
<br /> Vendor is otherwise given physical or logical access to State Records in order to perform Vendor's
<br /> obligations under this PO, Vendor shall, and shall cause its subcontractors, to: (a) provide physical and
<br /> logical protection for all hardware, software, applications, and data that meets or exceeds industry
<br /> standards and the requirements of this PO; (b) maintain network, system, and application security,
<br /> which includes, but is not limited to, network firewalls, intrusion detection (host and network), annual
<br /> security testing, and improvements or enhancements consistent with evolving industry standards; (c)
<br /> comply with State and federal rules and regulations related to overall security, privacy, confidentiality,
<br /> integrity, availability, and auditing; (d) provide that security is not compromised by unauthorized access
<br /> to workspaces, computers, networks, software, databases, or other physical or electronic
<br /> environments; (e) promptly report all Incidents, including Incidents that do not result in unauthorized
<br /> disclosure or loss of data integrity, to a designated representative of the OIS; and (f) comply with all
<br /> rules, policies, procedures, and standards issued by the Governor's Office of Information Technology
<br /> (OIT), including project Iifecycle methodology and governance, technical standards, documentation,
<br /> and other requirements posted at https://oit.colorado.gov/standards-policies-guides/technical-
<br /> standards-policies. Vendor shall not allow remote access to State Records from outside the United
<br /> States, including access by Vendor's employees or agents, without the prior express written consent
<br /> of OIS. Vendor shall communicate any request regarding non-U.S. access to State Records to the
<br /> State. The State, acting by and through OIS, shall have sole discretion to grant or deny any such
<br /> request.
<br /> N. Accessibility. Vendor shall comply with and the Work Product provided under this PO shall be in
<br /> compliance with all applicable provisions of §§24-85-101, et seq., C.R.S., and the Accessibility
<br /> Standards for Individuals with a Disability, as established by OF pursuant to Section §24-85-103 (2.5)7
<br /> C.R.S. Vendor shall also comply with all State of Colorado technology standards related to technology
<br /> accessibility and with Level AA of the most current version of the Web Content Accessibility Guidelines
<br /> (WCAG), incorporated in the State of Colorado technology standards. Vendor shall indemnify, save,
<br /> and hold harmless the Indemnified Parties against any and all costs, expenses, claims, damages,
<br /> liabilities, court awards and other amounts (including attorneys' fees and related costs) incurred by any
<br /> of the Indemnified Parties in relation to Vendor's failure to comply with §§24-85-101 , et seq., C.R.S., or
<br /> the Accessibility Standards for Individuals with a Disability as established by OF pursuant to Section
<br /> §24-85-103 (2.5)7 C.R.S. The State may require Vendor's compliance to the State's Accessibility
<br /> Standards to be determined by a third party selected by the State to attest to Vendor's Work Product
<br /> and software is in compliance with §§24-85-101, et seq., C.R.S., and the Accessibility Standards for
<br /> Individuals with a Disability as established by OF pursuant to Section §24-85-103 (2.5)7 C.R.S.
<br /> Page 10of10
<br /> Effective 7/1/2022
<br />
|