OPERATIONAL TECHNOLOGY SYSTEMS. OWNER agrees that the effectiveness of operational technology systems and features designed, recommended or assessed by ENGINEER (collectively “OT Systems”) are dependent upon OWNER’s continued operation and maintenance of the OT Systems in accordance with all standards, best practices, laws, and regulations that govern the operation and maintenance of the OT Systems. OWNER shall be solely responsible for operating and maintaining the OT Systems in accordance with applicable laws, regulations, and industry standards (e.g. ISA, NIST, etc.) and best practices, which generally include but are not limited to, cyber security policies and procedures, documentation and training requirements, continuous monitoring of assets for tampering and intrusion, periodic evaluation for asset vulnerabilities, implementation and update of appropriate technical, physical, and operational standards, and offline testing of all software/firmware patches/updates prior to placing updates into production. Additionally, OWNER recognizes and agrees that OT Systems are subject to internal and external breach, compromise, and similar incidents. Security features designed, recommended or assessed by ENGINEER are intended to reduce the likelihood that OT Systems will be compromised by such incidents. However, ENGINEER does not guarantee that OWNER’s OT Systems are impenetrable and OWNER agrees to waive any claims against ENGINEER resulting from any such incidents that relate to or affect OWNER’s OT Systems.
OPERATIONAL TECHNOLOGY SYSTEMS. OWNER agrees that the effectiveness of operational technology systems (“OT Systems”) and features designed, recommended or assessed by ENGINEER are dependent upon OWNER’s continued operation and maintenance of the OT Systems in accordance with all standards, best practices, laws, and regulations that govern the operation and maintenance of the OT Systems. OWNER shall be solely responsible for operating and maintaining the OT System in accordance with applicable industry standards (i.e. ISA, NIST, etc.) and best practices, which generally include but are not limited to, cyber security policies and procedures, documentation and training requirements, continuous monitoring of assets for tampering and intrusion, periodic evaluation for asset vulnerabilities, implementation and update of appropriate technical, physical, and operational standards, and offline testing of all software/firmware patches/updates prior to placing updates into production. Additionally, OWNER recognizes and agrees that OT Systems are subject to internal and external breach, compromise, and similar incidents. Security features designed, recommended or assessed by ENGINEER are intended to reduce the likelihood that OT Systems will be compromised by such incidents.
