Common use of Software As A Service, Support, And Services To Be Performed Clause in Contracts

Software As A Service, Support, And Services To Be Performed. Vendor, under the general direction of, and in coordination with, Xxxxxxxx’x Information Technology Director or other designated supervisory personnel (the “IT Director”) agrees to provide the Services listed on Exhibit B and perform the technology related services described on attached Exhibit B (the “Vendor’s Scope of Work” or “SOW”). The Parties acknowledge that Vendor and Xxxxxxxx may work to further define the SOW, in which case that Work product (“Follow-Up SOW”) will become a part of this Agreement by incorporation. If the Follow-Up SOW materially alters the attached SOW the Parties agree to amend this Agreement in writing through a written change order. As the IT Director directs, the Vendor shall diligently undertake, perform, and complete all of the technology related services and produce all the Deliverables set forth in the Agreement’s Exhibits listed below and to Xxxxxxxx’x satisfaction. Vendor is ready, willing, and able to provide the technology related services and the Services required by this Agreement. Vendor shall faithfully perform the technology related services in accordance with the standards of care, skill, training, diligence, and judgment provided by highly competent individuals performing services of a similar nature to those described in the Agreement and in accordance with the terms of the Agreement. User ID Credentials. Internal corporate or customer (tenant) user account credentials shall be restricted as per the following, ensuring appropriate identity, entitlement, and access management and in accordance with established policies and procedures: Identity trust verification and service-to-service application (API) and information processing interoperability (e.g., SSO and Federation); Account credential lifecycle management from instantiation through revocation; Account credential and/or identity store minimization or re-use when feasible; and Adherence to industry acceptable and/or regulatory compliant authentication, authorization, and accounting (AAA) rules (e.g., strong/multi-factor, expirable, non-shared authentication secrets). Vendor Supported Releases. Vendor shall maintain the currency of all Third-Party software used in the development and execution or use of the Service(s) including, but not limited to: all code libraries, frameworks, components, and other products (e.g., Java JRE, code signing certificates, .NET, jQuery plugins, etc.), whether commercial, free, open-source, or closed-source, with Third-Party vendor approved and supported releases. Identity Management. Xxxxxxxx’x Identity and Access Management (IdM) system is an integrated infrastructure solution that enables many of Xxxxxxxx’x services and online resources to operate more efficiently, effectively, economically and securely. All new and proposed applications must utilize the authentication and authorization functions and components of the IdM (e.g., Two and Multifactor Authentication, Active Directory Federation Services, etc.). Strong authentication is required for privileged accounts or accounts with access to sensitive information. This technical requirement applies to all solutions, regardless of where the application is hosted.