CU 麻豆影院 requires the following accessibility and security compliance provisions to be included in all acquisitions of digital goods or services. 听It is highly recommended that the required contract language be provided to prospective suppliers before negotiations begin.
Standard ICT Accessibility Provision:
The university affords equal opportunity to individuals in its employment, services, programs, and activities in accordance with federal and state laws. This includes effective communication and access to electronic and information communication technology resources for individuals with disabilities. [Supplier] shall: (1) deliver all applicable services and products in reasonable compliance with applicable university standards (for example, Web Content Accessibility Guidelines, Level AA or Section 508 Standards for Electronic and Information Technology as applicable); (2) upon request, provide the university with its accessibility testing results and written documentation verifying accessibility途 (3) promptly respond to and resolve accessibility complaints途 and (4) indemnify and hold the university harmless in the event of claims arising from inaccessibility.
Custom Web Content/Software Development Accessibility Provision
The university affords equal opportunity to individuals in its employment, services, programs, and activities in accordance with the laws. This includes effective communication and access to electronic and information communication technology resources for individuals with disabilities pursuant to CU-麻豆影院鈥檚 Accessibility of Information and Communication Technology Policy (鈥淧olicy鈥) and CU-麻豆影院 Campus Standards for the Accessibility of Information and Communication (鈥淪tandards鈥). To this end, [Software Developer] shall: (1) read, review, and understand the Policy and Standards; (2) develop software with intent to comply with the Policy and Standards (which currently require compliance with WCAG 2.0 Level AA); (3) prior to delivery of any software, test it for compliance with the applicable Standards and report testing results to university in a VPAT or other format specified by the university途 (4) use best commercial efforts to modify the software to maximize accessibility compliance and otherwise resolve any identified accessibility compliance issues; and (5) ultimately deliver software that complies with the Policy and Standards, to the extent feasible as determined by the university. Pending verification of compliance with this provision, the University is authorized, but not required, to withhold any payment to [Software Developer] pursuant to this agreement. 听[Software shall not be considered in compliance with this provision unless or until the university Chief Digital Accessibility Officer, the ICT Accessibility Program Manager, or designee has approved.]
Standard ICT Security Provision:
鈥淚n providing services hereunder, Contractor agrees to comply with all applicable requirements of the Family Educational Rights and Privacy Act (鈥淔ERPA鈥), Gramm-Leach-Bliley Act (鈥淕LBA鈥) and the Health Insurance Portability and Accountability Act (鈥淗IPAA鈥), together hereinafter the 鈥淎cts鈥, and guarantees that all 听information covered by the Acts and provided to Contractor 听by the University (鈥淯niversity Information鈥) will be used only in conjunction with the product or service being provided, that it will not be used for any other purpose, or be released by Contractor or copied in any manner for any other use and will be promptly returned or destroyed upon termination of this Agreement. 听Contractor shall use commercially reasonable efforts to notify all of its foreseeable agents, employees, subcontractors and assigns who will come into contact with University Information that they shall comply with, and are subject to the confidentiality requirements set forth in the Acts and shall provide each with a written explanation of the Acts鈥 requirements for confidentiality before they are permitted to access the University Information. 听Contractor shall provide and maintain a secure environment that ensures confidentiality of all University Information wherever located. 听No University Information shall be distributed or sold to any third party or used by Contractor or its agents in any way, except as authorized by the Agreement and as approved by the University. Contractor agrees to notify the University, within seventy-two (72) hours, of any security breach that could result in the unauthorized disclosure of University Information. 听University Information shall not be retained in any files or otherwise by Contractor or its agents, except as set forth in this Agreement and approved by the University. 听Disclosure of University Information may be cause for legal action against Contractor or its agents. 听Defense of any such action shall be the sole responsibility of Contractor.鈥
Ownership of Data
All data and/or content collected, created or prepared by the University and provided to Contractor in the performance of its obligations under the Agreement shall be the exclusive property of the University. Contractor shall not use, willingly allow or cause to have such data used for any purpose other than the performance of the University鈥檚 obligations under the Agreement without the prior written consent of the University. This provision shall survive the termination of this agreement.
Data Security and Control
- Contractor attests that it has implemented administrative, physical and technical safeguards for its data security that at a minimum meet industry best practices. Contractor shall ensure that all such safeguards, including the manner in which data is collected, accessed, used, stored, processed, disposed of and disclosed, comply with applicable data protection and privacy laws, as well as the terms and conditions of this Agreement. 听Contractor further attests that all University data shall be stored in the United States.
- Contractor shall timely notify University of any data breach whether or not it is University data, including a data breach involving any of Contractor third-party service providers that process, store or transmit data.
- Contractor grants permission to University to perform an assessment, audit, examination or review of all controls in Contractor鈥檚 physical and/or technical environment in relation to all data being handled and/or services being provided to University pursuant to this Agreement. Contractor shall fully cooperate with such assessment by providing access to knowledgeable personnel, physical premises, documentation, infrastructure and application software that processes, stores or transmits data pursuant to this Agreement.
- If at any time, University wants to change or remove data and/or content on the 听听website, University shall notify Contractor. 听Contractor will use its best efforts to immediately respond to the request and at a minimum change or remove data and/or content within 24 hours.