Common use of Hosting Requirements Clause in Contracts

Hosting Requirements. 1. The Licensor or its subcontractor shall supply all hosting equipment (hardware and software) required for the cloud services and performance of the software and services set forth in the Quote and Statement of Work. 2. The Licensor shall provide secure access to applicable levels of users via the internet. 3. The Licensor shall use commercially reasonable resources and efforts to maintain adequate internet connection bandwidth and server capacity. 4. The Licensor or its subcontractors shall maintain all components of the hosted solution with commercially reasonable support and replace as necessary to maintain compliance. 5. The Licensor shall monitor, prevent and deter unauthorized system access. The Licensor shall use all commercially reasonable methods to confirm suspected breaches. In the event of any impermissible disclosure unauthorized loss or destruction of Confidential Information, the receiving Party must immediately notify the disclosing Party and take all reasonable steps to mitigate any potential harm or further disclosure of such Confidential Information. In addition, pertaining to the unauthorized access, use, release, or disclosure of data, the Licensor shall comply with state and federal data breach notification statutes and regulations, and shall report security incidents to the Commonwealth within one (1) hour of when the Licensor has reasonable confirmation of such unauthorized access, use, release, or disclosure of data. 6. The Licensor or the Licensor’s subcontractor shall allow the Commonwealth or its delegate, at times chosen by the Commonwealth, and with at least three (3) business days’ notice, to review the hosted system’s data center locations and security architecture. 7. The Licensor’s employees or subcontractors, who are directly responsible for day- to-day monitoring and maintenance of the hosted system, shall have industry standard certifications applicable to the environment and system architecture used. 8. The Licensor or the Licensor’s subcontractor shall locate servers in a climate- controlled environment. The Licensor or the Licensor’s contractor shall house all servers and equipment in an operational environment that meets industry standards including climate control, fire and security hazard detection, electrical needs, and physical security. 9. The Licensor shall examine applicable system and error logs daily to minimize and predict system problems and initiate appropriate action. 10. The Licensor shall completely test and apply patches for all third-party software products in the server environment before release. 11. The Licensor shall provide all Commonwealth data to the Commonwealth, upon request, in a form acceptable to the Commonwealth, at no cost to the Commonwealth.

Hosting Requirements. 1. The Licensor or its subcontractor shall supply all hosting equipment (hardware and software) required for the cloud services and performance of the software and services set forth in the Quote and Statement of Work. 2. The Licensor shall provide secure access to applicable levels of users via the internet. 3. The Licensor shall use commercially reasonable resources and efforts to maintain adequate internet connection bandwidth and server capacity. 4. The Licensor or its subcontractors shall maintain all components of the hosted solution with commercially reasonable support hosting equipment (hardware and software) and replace as necessary to maintain compliance. 5compliance with the Service Level Agreements. The Licensor shall monitor, prevent and deter unauthorized system access. The Licensor shall use Any and all commercially reasonable methods known attempts must be reported to confirm suspected breachesthe Agency within forty-eight hours. In the event of any impermissible disclosure unauthorized loss or destruction of Confidential Information, the receiving Party must immediately notify the disclosing Party and take all reasonable steps to mitigate any potential harm or further disclosure of such Confidential Information. In addition, pertaining to the unauthorized access, use, release, or disclosure of data, the Licensor shall comply with state and federal data breach notification statutes and regulations, and shall report security incidents to the Commonwealth Agency within one (1) hour of when the Licensor has reasonable confirmation of such unauthorized access, use, release, or disclosure of data. 6. The Licensor or the Licensor’s subcontractor shall allow the Commonwealth Agency or its delegate, at times chosen by the CommonwealthAgency, and with within at least three (3) business days’ notice, to review the hosted system’s data center locations and security architecture. 7. The Licensor’s employees or subcontractors, who are directly responsible for day- day-to-day monitoring and maintenance of the hosted system, shall have industry standard certifications applicable to the environment and system architecture used. 8. The Licensor or the Licensor’s subcontractor shall locate servers in a climate- climate-controlled environment. The Licensor or the Licensor’s contractor shall house all servers and equipment in an operational environment that meets industry standards including climate control, fire and security hazard detection, electrical needs, and physical security. 9. The Licensor shall examine applicable system and error logs daily to minimize and predict system problems and initiate appropriate action. 10. The Licensor shall completely test and apply patches for all third-party software products in the server environment before release. 11. The Licensor shall provide all Commonwealth data to the Commonwealth, upon request, in a form acceptable to the Commonwealth, at no cost to the Commonwealth.

Hosting Requirements. 1. The Licensor or its subcontractor shall supply all hosting equipment (hardware and software) required for the cloud services and performance of the software and services set forth in the Quote and Statement of Work. 2. The Licensor shall provide secure access to applicable levels of users via the internet. 3. The Licensor shall use commercially reasonable resources and efforts to maintain adequate internet connection bandwidth and server capacity. 4. The Licensor or its subcontractors shall maintain all components of the hosted solution with commercially reasonable support hosting equipment (hardware and software) and replace as necessary to maintain compliancecompliance with the Service Level Agreements. 5. The Licensor shall monitor, prevent and deter unauthorized system access. The Licensor shall use Any and all commercially reasonable methods known attempts must be reported to confirm suspected breachesthe Commonwealth within two (2) business days. In the event of any impermissible disclosure unauthorized loss or destruction of Confidential Information, the receiving Party must immediately notify the disclosing Party and take all reasonable steps to mitigate any potential harm or further disclosure of such Confidential Information. In addition, pertaining to the unauthorized access, use, release, or disclosure of data, the Licensor shall comply with state and federal data breach notification statutes and regulations, and shall report security incidents to the Commonwealth within one (1) hour of when the Licensor has reasonable confirmation of such unauthorized access, use, release, or disclosure of data. 6. The Licensor or the Licensor’s subcontractor shall allow the Commonwealth or its delegate, at times chosen by the Commonwealth, and with within at least three (3) business days’ notice, to review the hosted system’s data center locations and security architecture. 7. The Licensor’s employees or subcontractors, who are directly responsible for day- to-day monitoring and maintenance of the hosted system, shall have industry standard certifications applicable to the environment and system architecture used. 8. The Licensor or the Licensor’s subcontractor shall locate servers in a climate- controlled environment. The Licensor or the Licensor’s contractor shall house all servers and equipment in an operational environment that meets industry standards including climate control, fire and security hazard detection, electrical needs, and physical security. 9. The Licensor shall examine applicable system and error logs daily to minimize and predict system problems and initiate appropriate action. 10. The Licensor shall completely test and apply patches for all third-party software products in the server environment before release. 11. The Licensor shall provide all Commonwealth data to the Commonwealthcomply with Attachment 2-B, upon request, in a form acceptable to the Commonwealth, at no cost to the CommonwealthSOC Reporting Requirements.

Hosting Requirements. 1. The Licensor or its subcontractor shall supply all hosting equipment (hardware and software) required for the cloud services and performance of the software and services set forth in the Quote and Statement of Work. 2. The Licensor shall provide secure access to applicable levels of users via the internet. 3. The Licensor shall use commercially reasonable resources and efforts to maintain adequate internet connection bandwidth and server capacity. 4. The Licensor or its subcontractors shall maintain all components of the hosted solution with commercially reasonable support hosting equipment (hardware and software) and replace as necessary to maintain compliance.compliance with the Service Level Agreements 5. The Licensor shall monitor, prevent and deter unauthorized system access. The Licensor shall use Any and all commercially reasonable methods known attempts must be reported to confirm suspected breachesthe Commonwealth within two (2) business days. In the event of any impermissible disclosure unauthorized loss or destruction of Confidential Information, the receiving Party must immediately notify the disclosing Party and take all reasonable steps to mitigate any potential harm or further disclosure of such Confidential Information. In addition, pertaining to the unauthorized access, use, release, or disclosure of data, the Licensor shall comply with state and federal data breach notification statutes and regulations, and shall report security incidents to the Commonwealth within one (1) hour of when the Licensor has reasonable confirmation of such unauthorized access, use, release, or disclosure of data. 6. The Licensor or the Licensor’s subcontractor shall allow the Commonwealth or its delegate, at times chosen by the Commonwealth, and with within at least three (3) business days’ notice, to review the hosted system’s data center locations and security architecture. 7. The Licensor’s employees or subcontractors, who are directly responsible for day- to-day monitoring and maintenance of the hosted system, shall have industry standard certifications applicable to the environment and system architecture used. 8. The Licensor or the Licensor’s subcontractor shall locate servers in a climate- controlled environment. The Licensor or the Licensor’s contractor shall house all servers and equipment in an operational environment that meets industry standards including climate control, fire and security hazard detection, electrical needs, and physical security. 9. The Licensor shall examine applicable system and error logs daily to minimize and predict system problems and initiate appropriate action. 10. The Licensor shall completely test and apply patches for all third-party software products in the server environment before release. 11. The Licensor shall provide all the Commonwealth data with its annual American Institute of Certified Public Accountants (AICPA) Attestation Standard (AT) Sec. 101 Service Organization Control (“SOC”) 2, Type 2 certification (AT Sec. 101 SOC 2, Type 2), or an equivalent certification approved by the Commonwealth. Equivalent certifications include, but are not limited to: International Organization of Standards (ISO) 2700x certification; certification under the Federal Information Security Management Act (FISMA); and AT Sec. 101 SOC 3 (SysTrust/WebTrust) certification. Annually, Licensor shall provide an AT Sec. 101 SOC 2, Type 2 audit report, or its equivalent, to the Commonwealth, Commonwealth upon request, in a form acceptable to the Commonwealth, at no cost to the Commonwealth.

Hosting Requirements. 1. The Licensor or its subcontractor shall supply all hosting equipment (hardware and software) required for the cloud services and performance of the software and services set forth in the Quote and Statement of Work. 2. The Licensor shall provide secure access to applicable levels of users via the internet. 3. The Licensor shall use commercially reasonable resources and efforts to maintain adequate internet connection bandwidth and server capacity. 4. The Licensor or its subcontractors shall maintain all components of the hosted solution with commercially reasonable support hosting equipment (hardware and software) and replace as necessary to maintain compliance. 5. compliance with the Service Level Agreements The Licensor shall monitor, prevent and deter unauthorized system access. The Licensor shall use Any and all commercially reasonable methods known attempts must be reported to confirm suspected breachesthe Commonwealth within two (2) business days. In the event of any impermissible disclosure unauthorized loss or destruction of Confidential Information, the receiving Party must immediately notify the disclosing Party and take all reasonable steps to mitigate any potential harm or further disclosure of such Confidential Information. In addition, pertaining to the unauthorized access, use, release, or disclosure of data, the Licensor shall comply with state and federal data breach notification statutes and regulations, and shall report security incidents to the Commonwealth within one (1) hour of when the Licensor has reasonable confirmation of such unauthorized access, use, release, or disclosure of data. 6. The Licensor or the Licensor’s subcontractor shall allow the Commonwealth or its delegate, at times chosen by the Commonwealth, and with within at least three (3) business days’ notice, to review the hosted system’s data center locations and security architecture. 7. The Licensor’s employees or subcontractors, who are directly responsible for day- day-to-day monitoring and maintenance of the hosted system, shall have industry standard certifications applicable to the environment and system architecture used. 8. The Licensor or the Licensor’s subcontractor shall locate servers in a climate- climate-controlled environment. The Licensor or the Licensor’s contractor shall house all servers and equipment in an operational environment that meets industry standards including climate control, fire and security hazard detection, electrical needs, and physical security. 9. The Licensor shall examine applicable system and error logs daily to minimize and predict system problems and initiate appropriate action. 10. The Licensor shall completely test and apply patches for all third-party software products in the server environment before release. 11. The Licensor shall provide all the Commonwealth data with its annual American Institute of Certified Public Accountants (AICPA) Attestation Standard (AT) Sec. 101 Service Organization Control (“SOC”) 2, Type 2 certification (AT Sec. 101 SOC 2, Type 2), or an equivalent certification approved by the Commonwealth. Equivalent certifications include, but are not limited to: International Organization of Standards (ISO) 2700x certification; certification under the Federal Information Security Management Act (FISMA); and AT Sec. 101 SOC 3 (SysTrust/WebTrust) certification. Annually, Licensor shall provide an AT Sec. 101 SOC 2, Type 2 audit report, or its equivalent, to the Commonwealth, Commonwealth upon request, in a form acceptable to the Commonwealth, at no cost to the Commonwealth.