Common use of Contractor Compliance and Warranty Relating to Cloud Computing Services Clause in Contracts

Contractor Compliance and Warranty Relating to Cloud Computing Services. The Texas Department of Information Resources (DIR) has established and implemented a state risk and authorization management program providing a standardized approach for security assessment, authorization, and continuous monitoring of cloud computing services (CCSs) that process (including storing or transmitting) the data of Texas state agencies (TX-RAMP). The requirements of TX-RAMP include Section 2054.0593 of the Texas Government Code, Title 1, Rule 202.77 of the Texas Administrative Code, and DIR’s TX-RAMP Manual. Contractor represents and warrants that throughout the term of this Agreement it will comply with the requirements of TX-RAMP and that all CCSs subject to TX-RAMP will comply with the requirements of and be certified under TX-RAMP. The CCSs subject to TX-RAMP include those provided by Contractor either through this Agreement or in furtherance of this Agreement, including CCSs provided through Contractor’s subcontractors or third-party providers. A CCS used in furtherance of this Agreement includes a CCS that Contractor or its subcontractors or third-party providers use to process (including storing or transmitting) University data, even if the University itself does not access or use that CCS. Contractor’s subcontractors or third-party providers responsible solely for servicing or supporting a CCS provided by Contractor or another Contractor subcontractor or third-party provider shall not be required to provide evidence of TX-RAMP certification; instead, Contractor will be responsible for providing such evidence. The list of current TX-RAMP certified CCSs and DIR’s TX-RAMP Manual are set forth at xxxxx://xxx.xxxxx.xxx/txramp. Contractor further represents and warrants that the following are the only CCSs that it will provide either through this Agreement or in furtherance of this Agreement as provided above, and Contractor’s representations, warranties, and obligations under this Section include the following CCSs: Contractor understands and agrees that the University may not enter into or renew a contract with Contractor to purchase CCSs that are subject to TX-RAMP unless Contractor demonstrates compliance with TX-RAMP requirements. Contractor acknowledges this Agreement may be terminated and payment withheld if Contractor does not comply with TX-RAMP or this Section.

Contractor Compliance and Warranty Relating to Cloud Computing Services. The Texas Department of Information Resources (DIR) has established and implemented a state risk and authorization management program providing a standardized approach for security assessment, authorization, and continuous monitoring of cloud computing services (CCSs) that process (including storing or transmitting) the data of Texas state agencies (TX-RAMP). The requirements of TX-RAMP include Section 2054.0593 of the Texas Government Code, Title 1, Rule 202.77 of the Texas Administrative Code, and DIR’s TX-RAMP Manual. Contractor represents and warrants that throughout the term of this Agreement it will comply with the requirements of TX-RAMP and that all CCSs subject to TX-RAMP will comply with the requirements of and be certified under TX-RAMP. The CCSs subject to TX-RAMP include those provided by Contractor either through this Agreement or in furtherance of this Agreement, including CCSs provided through Contractor’s subcontractors or third-party providers. A CCS used in furtherance of this Agreement includes a CCS that Contractor or its subcontractors or third-party providers use to process (including storing or transmitting) University data, even if the University itself does not access or use that CCS. Contractor’s subcontractors or third-party providers responsible solely for servicing or supporting a CCS provided by Contractor or another Contractor subcontractor or third-party provider shall not be required to provide evidence of TX-RAMP certification; instead, Contractor will be responsible for providing such evidence. The list of current TX-RAMP certified CCSs and DIR’s TX-RAMP Manual are set forth at xxxxx://xxx.xxxxx.xxx/txramp. Contractor further represents and warrants that the following are the only CCSs that it will provide either through this Agreement or in furtherance of this Agreement as provided above, and Contractor’s representations, warranties, and obligations under this Section include above are the following CCSsfollowing: _ _ _ _ _ _ Contractor understands and agrees that the University may not enter into or renew a contract with Contractor to purchase CCSs that are subject to TX-RAMP unless Contractor demonstrates compliance with TX-RAMP requirements. Contractor acknowledges this Agreement may be terminated and payment withheld if Contractor does not comply with TX-RAMP or this Section.. University and Contractor have executed and delivered this Agreement to be effective as of the Effective Date. UNIVERSITY: CONTRACTOR: THE UNIVERSITY OF TEXAS PERMIAN BASIN By: By: Name: Name: Title: Title: Attest: Corporate Secretary Attach: EXHIBIT A – Scope of Work EXHIBIT B – Schedule EXHIBIT C – Payment for Work EXHIBIT E – HUB Subcontracting Plan EXHIBIT A SCOPE OF WORK EXHIBIT B SCHEDULE . EXHIBIT C PAYMENT FOR WORK EXHIBIT E

Contractor Compliance and Warranty Relating to Cloud Computing Services. The Texas Department of Information Resources (DIR) has established and implemented a state risk and authorization management program providing a standardized approach for security assessment, authorization, and continuous monitoring of cloud computing services (CCSs) that process (including storing or transmitting) the data of Texas state agencies (TX-RAMP). The requirements of TX-RAMP include Section 2054.0593 of the Texas Government Code, Title 1, Rule 202.77 of the Texas Administrative Code, and DIR’s TX-RAMP Manual. Contractor represents and warrants that throughout the term of this Agreement it will comply with the requirements of TX-RAMP and that all CCSs subject to TX-RAMP will comply with the requirements of and be certified under TX-RAMP. The CCSs subject to TX-RAMP include those provided by Contractor either through this Agreement or in furtherance of this Agreement, including CCSs provided through Contractor’s subcontractors or third-party providers. A CCS used in furtherance of this Agreement includes a CCS that Contractor or its subcontractors or third-party providers use to process (including storing or transmitting) University data, even if the University itself does not access or use that CCS. Contractor’s subcontractors or third-party providers responsible solely for servicing or supporting a CCS provided by Contractor or another Contractor subcontractor or third-party provider shall not be required to provide evidence of TX-RAMP certification; instead, Contractor will be responsible for providing such evidence. The list of current TX-RAMP certified CCSs and DIR’s TX-RAMP Manual are set forth at xxxxx://xxx.xxxxx.xxx/txramp. Contractor further represents and warrants that the following are the only CCSs that it will provide either through this Agreement or in furtherance of this Agreement as provided above, and Contractor’s representations, warranties, and obligations under this Section include the following CCSs: Contractor understands and agrees that the University may not enter into or renew a contract with Contractor to purchase CCSs that are subject to TX-RAMP unless Contractor demonstrates compliance with TX-RAMP requirements. Contractor acknowledges this Agreement may be terminated and payment withheld if Contractor does not comply with TX-RAMP or this Section. APPENDIX THREE HUB SUBCONTRACTING PLAN APPENDIX FOUR ACCESS BY INDIVIDUALS WITH DISABILITIES Access by Individuals with Disabilities: Contractor represents and warrants (EIR Accessibility Warranty) the electronic and information resources and all associated information, documentation, and support Contractor provides to University under this Agreement (EIRs) comply with applicable requirements in 1 TAC Chapter 213 and 1 TAC §206.70 (ref. Subchapter M, Chapter 2054, Texas Government Code). To the extent Contractor becomes aware the EIRs, or any portion thereof, do not comply with the EIR Accessibility Warranty, then Contractor represents and warrants it will, at no cost to University, either (1) perform all necessary remediation to make the EIRs satisfy the EIR Accessibility Warranty or (2) replace the EIRs with new EIRs that satisfy the EIR Accessibility Warranty. If Contractor fails or is unable to do so, University may terminate this Agreement and, within thirty (30) days after termination, Contractor will refund to University all amounts University paid under this Agreement. Contractor will provide all assistance and cooperation necessary for performance and documentation of accessibility testing, planning, and execution criteria conducted by University or University’s third party testing resources, as required by 1 TAC §213.38(g).

Contractor Compliance and Warranty Relating to Cloud Computing Services. The Texas Department of Information Resources (DIR) has established and implemented a state risk and authorization management program providing a standardized approach for security assessment, authorization, and continuous monitoring of cloud computing services (CCSs) that process (including storing or transmitting) the data of Texas state agencies (TX-RAMP). The requirements of TX-RAMP include Section 2054.0593 of the Texas Government Code, Title 1, Rule 202.77 of the Texas Administrative Code, and DIR’s TX-RAMP Manual. Contractor represents and warrants that throughout the term of this Agreement it will comply with the requirements of TX-RAMP and that all CCSs subject to TX-RAMP will comply with the requirements of and be certified under TX-RAMP. The CCSs subject to TX-RAMP include those provided by Contractor either through this Agreement or in furtherance of this Agreement, including CCSs provided through Contractor’s subcontractors or third-party providers. A CCS used in furtherance of this Agreement includes a CCS that Contractor or its subcontractors or third-party providers use to process (including storing or transmitting) University data, even if the University itself does not access or use that CCS. Contractor’s subcontractors or third-party providers responsible solely for servicing or supporting a CCS provided by Contractor or another Contractor subcontractor or third-party provider shall not be required to provide evidence of TX-RAMP certification; instead, Contractor will be responsible for providing such evidence. The list of current TX-RAMP certified CCSs and DIR’s TX-RAMP Manual are set forth at xxxxx://xxx.xxxxx.xxx/txramp. [Option: Include if greater specificity is desired: Contractor further represents and warrants that the following are the only CCSs that it will provide either through this Agreement or in furtherance of this Agreement as provided above, and Contractor’s representations, warranties, and obligations under this Section include above are the following CCSsfollowing: _________________________________ _________________________________ _________________________________ ] Contractor understands and agrees that the University may not enter into or renew a contract with Contractor to purchase CCSs that are subject to TX-RAMP unless Contractor demonstrates compliance with TX-RAMP requirements. Contractor acknowledges this Agreement may be terminated and payment withheld if Contractor does not comply with TX-RAMP or this Section.]

Contractor Compliance and Warranty Relating to Cloud Computing Services. The Texas Department of Information Resources (“DIR”) has established and implemented a state risk and authorization management program providing a standardized approach for security assessment, authorization, and continuous monitoring of cloud computing services (“CCSs”) that process (including storing or transmitting) the data of Texas state agencies (“TX-RAMP”). The requirements of TX-RAMP include Section 2054.0593 of the Texas Government Code, Title 1, Rule 202.77 of the Texas Administrative Code, and DIR’s TX-RAMP Manual. Contractor represents and warrants that throughout the term of this Agreement it will comply with the requirements of TX-RAMP and that all CCSs subject to TX-RAMP will comply with the requirements of and be certified under TX-RAMP. The CCSs subject to TX-RAMP include those provided by Contractor either through this Agreement or in furtherance of this Agreement, including CCSs provided through Contractor’s subcontractors or third-party providers. A CCS used in furtherance of this Agreement includes a CCS that Contractor or its subcontractors or third-party providers use to process (including storing or transmitting) University UT data, even if the University UT itself does not access or use that CCS. Contractor’s subcontractors or third-party providers responsible solely for servicing or supporting a CCS provided by Contractor or another Contractor subcontractor or third-party provider shall not be required to provide evidence of TX-RAMP certification; instead, Contractor will be responsible for providing such evidence. The list of current TX-RAMP certified CCSs and DIR’s TX-RAMP Manual are set forth at xxxxx://xxx.xxxxx.xxx/txramp. [Option: Include if greater specificity is desired: Contractor further represents and warrants that the following are the only CCSs that it will provide either through this Agreement or in furtherance of this Agreement as provided above, and Contractor’s representations, warranties, and obligations under this Section include above are the following CCSsfollowing: _________________________________ _________________________________ _________________________________ Contractor understands and agrees that the University UT may not enter into or renew a contract with Contractor to purchase CCSs that are subject to TX-RAMP unless Contractor demonstrates compliance with TX-RAMP requirements. Contractor acknowledges this Agreement may be terminated and payment withheld if Contractor does not comply with TX-RAMP or this Section.]

Contractor Compliance and Warranty Relating to Cloud Computing Services. The Texas Department of Information Resources (DIR) has established and implemented a state risk and authorization management program providing a standardized approach for security assessment, authorization, and continuous monitoring of cloud computing services (CCSs) that process (including storing or transmitting) the data of Texas state agencies (TX-RAMP). The requirements of TX-RAMP include Section 2054.0593 of the Texas Government Code, Title 1, Rule 202.77 of the Texas Administrative Code, and DIR’s TX-RAMP Manual. Contractor represents and warrants that throughout the term of this Agreement it will comply with the requirements of TX-RAMP and that all CCSs subject to TX-RAMP will comply with the requirements of and be certified under TX-RAMP. The CCSs subject to TX-RAMP include those provided by Contractor either through this Agreement or in furtherance of this Agreement, including CCSs provided through Contractor’s subcontractors or third-party providers. A CCS used in furtherance of this Agreement includes a CCS that Contractor or its subcontractors or third-party providers use to process (including storing or transmitting) University data, even if the University itself does not access or use that CCS. Contractor’s subcontractors or third-party providers responsible solely for servicing or supporting a CCS provided by Contractor or another Contractor subcontractor or third-party provider shall not be required to provide evidence of TX-RAMP certification; instead, Contractor will be responsible for providing such evidence. The list of current TX-RAMP certified CCSs and DIR’s TX-RAMP Manual are set forth at xxxxx://xxx.xxxxx.xxx/txramp. [Option: Include if greater specificity is desired: Contractor further represents and warrants that the following are the only CCSs that it will provide either through this Agreement or in furtherance of this Agreement as provided above, and Contractor’s representations, warranties, and obligations under this Section include above are the following CCSsfollowing: _________________________________ _________________________________ _________________________________ ] Contractor understands and agrees that the University may not enter into or renew a contract with Contractor to purchase CCSs that are subject to TX-RAMP unless Contractor demonstrates compliance with TX-RAMP requirements. Contractor acknowledges this Agreement may be terminated and payment withheld if Contractor does not comply with TX-RAMP or this Section.] [Note: Delete all bracketed ([ ]) and highlighted text before sending this Agreement to Contractor.] University and Contractor have executed and delivered this Agreement to be effective as of the Effective Date. UNIVERSITY: CONTRACTOR: THE UNIVERSITY OF TEXAS At Tyler By: By: ___________________________ Name: Xxxx Xxxxxxxx, Ph.D. Name: ________________________ Title: Xxxxxxx and EVP for Academic Affairs Title: __________________________ [Option (Include if Contractor is a corporation.): Attest: ________________________ Corporate Secretary] Attach: EXHIBIT A – Scope of Work EXHIBIT B – Schedule EXHIBIT C – Payment for Work [Option (Include if HUB Subcontracting Plan was prepared in connection with Work covered by this Agreement.): EXHIBIT D – HUB Subcontracting Plan] [Option (Include if federal contract provisions are included in this Agreement.): EXHIBIT ___ – Affirmative Action Compliance Program] [Option: (Include if this Agreement relates to electronic and information resources, including hardware, software or related services.): EXHIBIT ___ – Environment Specifications] [Option: (Include if this Agreement relates to electronic and information resources, including hardware, software or related services.): EXHIBIT ___ – Security Characteristics and Functionality of Contractor’s Information Resources] [Option: (Include if Contractor will receive, create and/or maintain for or on behalf of University FERPA Data.): EXHIBIT ___ – FERPA Confidentiality and Security Addendum] [Option: (Include if Contractor will trigger GDPR provisions with the services provided to University or on behalf of University: EXHIBIT ____ – GDPR Data Protection Addendum] EXHIBIT A SCOPE OF WORK [Note: Provide a detailed description and break-down of all tasks Contractor is to perform and technical standards for the tasks, if appropriate.] EXHIBIT B SCHEDULE [Note: Describe specific time deadlines and due dates for each phase of Work and, if appropriate, for Work as a whole.] EXHIBIT C PAYMENT FOR WORK WORK FEES: [Note: Identify below all fees that your UT institution will pay to the Contractor for the Work. If the fee is not a stipulated lump sum, include a “not to exceed” fee cap amount.] _________________ _________________ _________________ _________________ Notwithstanding the foregoing, the total cumulative amount paid by University to Contractor will not exceed $_______________ (Fee Cap) without the prior written approval of University. In addition, total fees for each Phase of Work will not exceed the following specified amounts without the prior written approval of University: _________________ _________________ If University submits, in advance, a written request for additional work or services not contemplated or reasonably inferred by this Agreement, Contractor will be paid for actual hours incurred by Contractor’s personnel directly and solely in support of the additional work or services at the Work Fees provided above. [Note: Air Travel and Rental Car At this time, Contractor may not book air travel or rental car directly with travel vendors and obtain the State rates. If the UT institution books air travel and rental car for Contractor and pays the travel vendor directly (direct bill to UT), then the UT institution will receive the State rate for Contractor’s airfare and rental car. Hotel Reservations

Contractor Compliance and Warranty Relating to Cloud Computing Services. The Texas Department of Information Resources (DIR) has established and implemented a state risk and authorization management program providing a standardized approach for security assessment, authorization, and continuous monitoring of cloud computing services (CCSs) that process (including storing or transmitting) the data of Texas state agencies (TX-RAMP). The requirements of TX-RAMP include Section 2054.0593 of the Texas Government Code, Title 1, Rule 202.77 of the Texas Administrative Code, and DIR’s TX-RAMP Manual. Contractor represents and warrants that throughout the term of this Agreement it will comply with the requirements of TX-RAMP and that all CCSs subject to TX-RAMP will comply with the requirements of and be certified under TX-RAMP. The CCSs subject to TX-RAMP include those provided by Contractor either through this Agreement or in furtherance of this Agreement, including CCSs provided through Contractor’s subcontractors or third-party providers. A CCS used in furtherance of this Agreement includes a CCS that Contractor or its subcontractors or third-party providers use to process (including storing or transmitting) University data, even if the University itself does not access or use that CCS. Contractor’s subcontractors or third-party providers responsible solely for servicing or supporting a CCS provided by Contractor or another Contractor subcontractor or third-party provider shall not be required to provide evidence of TX-RAMP certification; instead, Contractor will be responsible for providing such evidence. The list of current TX-RAMP certified CCSs and DIR’s TX-RAMP Manual are set forth at xxxxx://xxx.xxxxx.xxx/txramp. [Option: Include if greater specificity is desired: Contractor further represents and warrants that the following are the only CCSs that it will provide either through this Agreement or in furtherance of this Agreement as provided above, and Contractor’s representations, warranties, and obligations under this Section include above are the following CCSsfollowing: _________________________________ _________________________________ _________________________________ ] Contractor understands and agrees that the University may not enter into or renew a contract with Contractor to purchase CCSs that are subject to TX-RAMP unless Contractor demonstrates compliance with TX-RAMP requirements. Contractor acknowledges this Agreement may be terminated and payment withheld if Contractor does not comply with TX-RAMP or this Section.] [Note: Delete all bracketed ([ ]) and highlighted text before sending this Agreement to Contractor.] University and Contractor have executed and delivered this Agreement to be effective as of the Effective Date. UNIVERSITY: CONTRACTOR: THE UNIVERSITY OF TEXAS AT TYLER Enter Contractor’s Legal Name By: By: ___________________________ Name: Xxxx Xxxxxxxx, Ph.D. Name: ________________________ Title: Xxxxxxx and EVP for Academic Affairs Title: __________________________ [Option (Include if Contractor is a corporation.): Attest: ________________________ Corporate Secretary] Attach: EXHIBIT A – Scope of Work EXHIBIT B – Schedule EXHIBIT C – Payment for Work [Option (Include if HUB Subcontracting Plan was prepared in connection with Work covered by this Agreement.): EXHIBIT D – HUB Subcontracting Plan] [Option (Include if federal contract provisions are included in this Agreement.): EXHIBIT ___ – Affirmative Action Compliance Program] [Option: (Include if this Agreement relates to electronic and information resources, including hardware, software or related services.): EXHIBIT ___ – Environment Specifications] [Option: (Include if this Agreement relates to electronic and information resources, including hardware, software or related services.): EXHIBIT ___ – Security Characteristics and Functionality of Contractor’s Information Resources] [Option: (Include if Contractor will receive, create and/or maintain for or on behalf of University FERPA Data.): EXHIBIT ___ – FERPA Confidentiality and Security Addendum] [Option: (Include if Contractor will trigger GDPR provisions with the services provided to University or on behalf of University: EXHIBIT ____ – GDPR Data Protection Addendum] EXHIBIT A SCOPE OF WORK [Note: Provide a detailed description and break-down of all tasks Contractor is to perform and technical standards for the tasks, if appropriate.] EXHIBIT B SCHEDULE [Note: Describe specific time deadlines and due dates for each phase of Work and, if appropriate, for Work as a whole.] EXHIBIT C PAYMENT FOR WORK WORK FEES: [Note: Identify below all fees that your UT institution will pay to the Contractor for the Work. If the fee is not a stipulated lump sum, include a “not to exceed” fee cap amount.] _________________ _________________ _________________ _________________ Notwithstanding the foregoing, the total cumulative amount paid by University to Contractor will not exceed $_______________ (Fee Cap) without the prior written approval of University. In addition, total fees for each Phase of Work will not exceed the following specified amounts without the prior written approval of University: _________________ _________________ If University submits, in advance, a written request for additional work or services not contemplated or reasonably inferred by this Agreement, Contractor will be paid for actual hours incurred by Contractor’s personnel directly and solely in support of the additional work or services at the Work Fees provided above. [Note: Air Travel and Rental Car At this time, Contractor may not book air travel or rental car directly with travel vendors and obtain the State rates. If the UT institution books air travel and rental car for Contractor and pays the travel vendor directly (direct bill to UT), then the UT institution will receive the State rate for Contractor’s airfare and rental car. Hotel Reservations

Contractor Compliance and Warranty Relating to Cloud Computing Services. The Texas Department of Information Resources (DIR) has established and implemented a state risk and authorization management program providing a standardized approach for security assessment, authorization, and continuous monitoring of cloud computing services (CCSs) that process (including storing or transmitting) the data of Texas state agencies (TX-RAMP). The requirements of TX-RAMP include Section 2054.0593 of the Texas Government Code, Title 1, Rule 202.77 of the Texas Administrative Code, and DIR’s TX-RAMP Manual. Contractor represents and warrants that throughout the term of this Agreement it will comply with the requirements of TX-RAMP and that all CCSs subject to TX-RAMP will comply with the requirements of and be certified under TX-RAMP. The CCSs subject to TX-RAMP include those provided by Contractor either through this Agreement or in furtherance of this Agreement, including CCSs provided through Contractor’s subcontractors or third-party providers. A CCS used in furtherance of this Agreement includes a CCS that Contractor or its subcontractors or third-party providers use to process (including storing or transmitting) University data, even if the University itself does not access or use that CCS. Contractor’s subcontractors or third-party providers responsible solely for servicing or supporting a CCS provided by Contractor or another Contractor subcontractor or third-party provider shall not be required to provide evidence of TX-TX- RAMP certification; instead, Contractor will be responsible for providing such evidence. The list of current TX-RAMP certified CCSs and DIR’s TX-RAMP Manual are set forth at xxxxx://xxx.xxxxx.xxx/txramp. Contractor further represents and warrants that the following are the only CCSs that it will provide either through this Agreement or in furtherance of this Agreement as provided above, and Contractor’s representations, warranties, and obligations under this Section include the following CCSs: Contractor understands and agrees that the University may not enter into or renew a contract with Contractor to purchase CCSs that are subject to TX-RAMP unless Contractor demonstrates compliance with TX-RAMP requirements. Contractor acknowledges this Agreement may be terminated and payment withheld if Contractor does not comply with TX-RAMP or this Section.:

Contractor Compliance and Warranty Relating to Cloud Computing Services. The Texas Department of Information Resources (DIR) has established and implemented a state risk and authorization management program providing a standardized approach for security assessment, authorization, and continuous monitoring of cloud computing services (CCSs) that process (including storing or transmitting) the data of Texas state agencies (TX-RAMP). The requirements of TX-RAMP include Section 2054.0593 of the Texas Government Code, Title 1, Rule 202.77 of the Texas Administrative Code, and DIR’s TX-RAMP Manual. Contractor represents and warrants that throughout the term of this Agreement it will comply with the requirements of TX-RAMP and that all CCSs subject to TX-RAMP will comply with the requirements of and be certified under TX-RAMP. The CCSs subject to TX-RAMP include those provided by Contractor either through this Agreement or in furtherance of this Agreement, including CCSs provided through Contractor’s subcontractors or third-party providers. A CCS used in furtherance of this Agreement includes a CCS that Contractor or its subcontractors or third-party providers use to process (including storing or transmitting) University data, even if the University itself does not access or use that CCS. Contractor’s subcontractors or third-party providers responsible solely for servicing or supporting a CCS provided by Contractor or another Contractor subcontractor or third-party provider shall not be required to provide evidence of TX-RAMP certification; instead, Contractor will be responsible for providing such evidence. The list of current TX-RAMP certified CCSs and DIR’s TX-RAMP Manual are set forth at xxxxx://xxx.xxxxx.xxx/txramp. Contractor further represents and warrants that the following are the only CCSs that it will provide either through this Agreement or in furtherance of this Agreement as provided above, and Contractor’s representations, warranties, and obligations under this Section include above are the following CCSsfollowing: _ _ _ _ _ _ Contractor understands and agrees that the University may not enter into or renew a contract with Contractor to purchase CCSs that are subject to TX-RAMP unless Contractor demonstrates compliance with TX-RAMP requirements. Contractor acknowledges this Agreement may be terminated and payment withheld if Contractor does not comply with TX-RAMP or this Section. University and Contractor have executed and delivered this Agreement to be effective as of the Effective Date. UNIVERSITY: CONTRACTOR: THE UNIVERSITY OF TEXAS PERMIAN BASIN By: By: Name: Name: Title: Title: Attest: Corporate Secretary Attach: EXHIBIT A – Scope of Work EXHIBIT B – Schedule EXHIBIT C – Payment for Work EXHIBIT E – HUB Subcontracting Plan EXHIBIT – Affirmative Action Compliance Program EXHIBIT – Environment Specifications EXHIBIT – Security Characteristics and Functionality of Contractor’s Information Resources EXHIBIT A SCOPE OF WORK EXHIBIT B SCHEDULE . EXHIBIT C PAYMENT FOR WORK EXHIBIT E HUB SUBCONTRACTING PLAN EXHIBIT ENVIRONMENT SPECIFICATIONS EXHIBIT SECURITY CHARACTERISTICS AND FUNCTIONALITY OF CONTRACTOR’S INFORMATION RESOURCES EXHIBIT FERPA CONFIDENTIALITY AND SECURITY ADDENDUM This FERPA Confidentiality and Security Addendum (Addendum) is made and entered into effective as of [ ] (Effective Date) by and between The University of Texas Permian Basin a state agency and institution of higher education established under the laws of the State of Texas (University) and [ ] (Contractor), (collectively, Parties). The purpose of this Addendum is to provide the terms under which Contractor is required to maintain the confidentiality and security of any and all University records subject to the Family Educational Rights and Privacy Act, 20 United States Code §1232g (FERPA) which Contractor will create, receive, or maintain on behalf of University pursuant to (Underlying Agreement).

Contractor Compliance and Warranty Relating to Cloud Computing Services. The Texas Department of Information Resources (DIR) has established and implemented a state risk and authorization management program providing a standardized approach for security assessment, authorization, and continuous monitoring of cloud computing services (CCSs) that process (including storing or transmitting) the data of Texas state agencies (TX-RAMP). The requirements of TX-RAMP include Section 2054.0593 of the Texas Government Code, Title 1, Rule 202.77 of the Texas Administrative Code, and DIR’s TX-RAMP Manual. Contractor represents and warrants that throughout the term of this Agreement it will comply with the requirements of TX-RAMP and that all CCSs subject to TX-RAMP will comply with the requirements of and be certified under TX-RAMP. The CCSs subject to TX-RAMP include those provided by Contractor either through this Agreement or in furtherance of this Agreement, including CCSs provided through Contractor’s subcontractors or third-party providers. A CCS used in furtherance of this Agreement includes a CCS that Contractor or its subcontractors or third-party providers use to process (including storing or transmitting) University data, even if the University itself does not access or use that CCS. Contractor’s subcontractors or third-party providers responsible solely for servicing or supporting a CCS provided by Contractor or another Contractor subcontractor or third-party provider shall not be required to provide evidence of TX-RAMP certification; instead, Contractor will be responsible for providing such evidence. The list of current TX-RAMP certified CCSs and DIR’s TX-RAMP Manual are set forth at xxxxx://xxx.xxxxx.xxx/txramp. Contractor further represents and warrants that the following are the only CCSs that it will provide either through this Agreement or in furtherance of this Agreement as provided above, and Contractor’s representations, warranties, and obligations under this Section include above are the following CCSsfollowing: Contractor understands and agrees that the University may not enter into or renew a contract with Contractor to purchase CCSs that are subject to TX-RAMP unless Contractor demonstrates compliance with TX-RAMP requirements. Contractor acknowledges this Agreement may be terminated and payment withheld if Contractor does not comply with TX-RAMP or this Section. University and Contractor have executed and delivered this Agreement to be effective as of the Effective Date. UNIVERSITY: CONTRACTOR: THE UNIVERSITY OF TEXAS PERMIAN BASIN By: By: Name: Name: Title: Title: Attest: Corporate Secretary Attach: EXHIBIT A – Scope of Work EXHIBIT B – Schedule EXHIBIT C – Payment for Work EXHIBIT E – HUB Subcontracting Plan EXHIBIT – Affirmative Action Compliance Program EXHIBIT – Environment Specifications EXHIBIT – Security Characteristics and Functionality of Contractor’s Information Resources EXHIBIT A SCOPE OF WORK EXHIBIT B SCHEDULE . EXHIBIT C PAYMENT FOR WORK EXHIBIT E HUB SUBCONTRACTING PLAN EXHIBIT ENVIRONMENT SPECIFICATIONS EXHIBIT SECURITY CHARACTERISTICS AND FUNCTIONALITY OF CONTRACTOR’S INFORMATION RESOURCES EXHIBIT FERPA CONFIDENTIALITY AND SECURITY ADDENDUM This FERPA Confidentiality and Security Addendum (Addendum) is made and entered into effective as of [ ] (Effective Date) by and between The University of Texas Permian Basin a state agency and institution of higher education established under the laws of the State of Texas (University) and [ ] (Contractor), (collectively, Parties). The purpose of this Addendum is to provide the terms under which Contractor is required to maintain the confidentiality and security of any and all University records subject to the Family Educational Rights and Privacy Act, 20 United States Code §1232g (FERPA) which Contractor will create, receive, or maintain on behalf of University pursuant to (Underlying Agreement).