DPA Definitions The definition of terms used in this DPA is found in Exhibit “C”. In the event of a conflict, definitions used in this DPA shall prevail over terms used in any other writing, including, but not limited to the Service Agreement, Terms of Service, Privacy Policies etc.
Key Definitions As used herein, the following terms shall have the following respective meanings:
Term Definition Consensus Assessments Initiative Questionnaire (CAIQ) As established by the Cloud Security Alliance (CSA). The Cloud Security Alliance Consensus Assessments Initiative (CAI) was launched to perform research, create tools and create industry partnerships to enable Cloud computing assessments. Consulting The providing of expert knowledge by a third party for a fee. Continental United States (CONUS) The 48 contiguous States, and the District of Columbia. Contract Term The initial term of the Contract and any renewals and/or extensions. Copyright Copyright is a legal concept, enacted by most governments, that grants the creator of an original work exclusive rights to its use and distribution, usually for a limited time, with the intention of enabling the creator of intellectual wealth (e.g. the photographer of a photograph or the author of a book) to receive compensation for their work and be able to financially support themselves. Custom Software Software that does not meet the definition of COTS Software. Customization Customization of Product is the modification of packaged Product to meet the individual requirements of an Authorized User. Customized Training Training that is designed to meet the special requirements of an Authorized User. Data Any information, Analytic Derivatives, formula, algorithms, or other content that the Authorized User may provide to the Contractor pursuant to this Contract. Data includes, but is not limited to, any of the foregoing that the Authorized User and/or Contractor (i) uploads to the Cloud Service, and/or (ii) creates and/or modifies using the Cloud Service. See also Analytic Derivatives. Data Breach Data Breach refers to unauthorized access by any person, including employees, officers, partners or subcontractors of Contractor, who have not been authorized to access such Data. Data Center The term "Data center" applies to all facilities which Authorized User Data is processed or stored. Data Categorization Data categorization is the process of risk assessment of Data. See also “High Risk Data”, “Moderate Risk Data” and “Low Risk Data”. Data Conversion The conversion of computer data from one format to another. Data Mining Data Mining is the computational process of discovering patterns in large data sets involving methods at the intersection of artificial intelligence, machine learning, statistics, and database systems. The overall goal of the data mining process is to extract information from a data set and transform it into an understandable structure for further use. Aside from the raw analysis step, it involves database and data management aspects, data pre-processing, model and inference considerations, interestingness metrics, complexity considerations, post-processing of discovered structures, visualization, and online updating. Database A single collection of Data stored in one place that can be used by personnel to make decisions and assist in analysis. Deliverable Products, Software, Information Technology, telecommunications technology, Hardware, and other items (e.g. reports) to be delivered pursuant to this Contract, including any such items furnished within the provision of services. Device A piece of electronic equipment (such as a laptop, server, hard drive, USB drive) adapted for a particular purpose. Discount An allowance, reduction or deduction from a selling price or list price extended by a seller to a buyer in order for the net price to become more competitive. More common forms of discounts include trade discounts, quantity discounts, seasonal discounts and cash discounts. Discount from List Mathematical calculation to determine the buyer’s price from a manufacturer’s price list. Encryption A technique used to protect the confidentiality of information. The process transforms ("encrypts") readable information into unintelligible text through an algorithm and associated cryptographic key(s). Equal Employment Opportunity (EEO) Policies and procedures of the jurisdiction to ensure non-discrimination and equal opportunity to all employees, especially women, minorities, and persons with disabilities. Equipment An all-inclusive term which refers either to individual Machines or to a complete Data Processing System or Subsystem, including its Hardware and Operating Software (if any). See also “device, “appliance,” and “hardware,” “machine.” Term Definition Federal Information Security Management Act (FISMA) The Federal Information Security Management Act of 2002 ("FISMA", 44 U.S.C. § 3541, et seq.) is a United States federal law enacted in 2002 as Title III of the E-Government Act of 2002 (Pub.L. 107–347, 116 Stat. 2899). The act recognized the importance of information security to the economic and national security interests of the United States. The act requires each federal agency to develop, document, and implement an agency-wide program to provide information security for the information and information systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor, or other source. Fleet Management The development and management of inventory (e.g. Software inventory, Hardware inventory, Cloud inventory). Follow the Sun Follow-the-sun is a type of global workflow in which tasks are passed around daily between work sites that are many time zones apart. General Services Administration (GSA) The department within the U.S. government that is responsible for procurement of goods and services. Government Entity A federal, state or municipal entity located in the United States. Hardware Refers to IT Equipment and is contrasted with Software. See also Equipment. High Risk Data Is as defined in FIPS PUB 199, Standards for Security Categorization of Federal Information and Information Systems (“High Impact Data”). Implementation Implementation refers to post sales process of guiding a client from purchase to use of the Product that was purchased. This may include but is not limited to post sales requirements analysis, scope analysis, limited customizations, systems integrations, data conversion/migration, business process analysis/improvement, user policy, customized user training, knowledge transfer, project management and system documentation. Information Technology (IT) Includes, but is not limited to, all electronic technology systems and services, automated information handling, System design and analysis, conversion of data, computer programming, information storage and retrieval, telecommunications which include voice, video, and data communications, requisite System controls, simulation, electronic commerce, and all related interactions between people and Machines. Information Technology Services (ITS) New York State Office of Information Technology Services (xxxx://xxx.xxx.xx.xxx/). It is the responsibility of ITS to provide centralized IT services to the State and its governmental entities with the awareness that our citizens are reliant on those services. Infrastructure as a Service (IaaS) The capability provided to the Authorized User is to provision processing, storage, networks, and other fundamental computing resources where the Authorized User is able to deploy and run arbitrary Software, which can include operating systems and applications. The Authorized User does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, deployed applications; and possibly limited control of select networking components (e.g., host firewalls). Installation The act or process of making Products ready to be used. Installation does not include Configuration. Installation Date The date specified in the Authorized User Agreement by which the Contractor must have the ordered Equipment ready for use by the Authorized User. Installation of Hardware Involves physically installing various types of computer systems and/or adding new components to an already existing system. Installation set up of computer systems includes the initial installation of Hardware and other components that are or may be part of a larger system. Intellectual Property (IP) Includes inventions, patents, copyrights, trade secrets, trademarks, technical Data, industrial designs that are generally protected and proprietary. Internet Access Connection to the internet through an Internet Service Provider (ISP). Internet Service Provider (ISP) An ISP is an organization that provides services for accessing, using, or participating in the Internet. Interoperability The capability to communicate, to execute programs, or to transfer Data among various functional units under specified conditions Term Definition Legacy Systems Any outdated Hardware/Software system that remains in use despite the availability of more current technology. It usually is an archaic Data management platform that may contain proprietary custom designed Software (e.g. An old database management system running on mainframes). Logical Partition (LPAR) A logical partition is a subset of computer's Hardware resources, virtualized as a separate computer. Low Risk Data Is as defined in FIPS PUB 199, Standards for Security Categorization of Federal Information and Information Systems (“Low Impact Data”). Machine An individual unit of a Data processing system or subsystem, separately identified by a type and/or model number, comprised of but not limited to mechanical, electro-mechanical, and electronic parts, microcode, and special features installed thereon and including any necessary Software, e.g., central processing unit, memory module, tape unit, card reader, etc. Maintenance The upkeep of Product that keeps the Product operating in accordance with the Manufacturer’s specification. Mandatory Refers to items or information that the State has deemed that a Vendor must submit as compulsory, required and obligatory. These items or information are noted as such, or the requirements may be phrased in terms of “must” or “shall”. Mandatory requirements must be met by the Vendor for Vendor’s Submission to be considered responsive. Manufacturer A person or business entity that creates, makes, processes, or fabricates a Product or something of value, which changes a raw material or commodity from one form to another or creates a new Product or commodity. Manufacturer - Software An organization that creates, programs, or develops proprietary Software that are branded, warranted, supported, and maintained by the entity that creates it and holds all intellectual property rights of the assembled solution. Manufacturer - Cloud An organization that creates, programs, or develops a proprietary system that is delivered as a subscription service that is branded, warranted, supported, and maintained by the entity that creates it. It may or may not be hosted by the Manufacturer, but the Manufacturer will be held responsible for the performance of the service provided regardless of the owner of the support infrastructure. Manufacturer - Hardware An organization that creates or assembles Hardware components into an integrated proprietary system that is branded, warranted, supported, and maintained by the entity that creates it and holds all intellectual property rights of the assembled solution. Manufacturer Part Number (SKU) An identification number assigned to an individual part by the Manufacturer or distributor of that part; usually includes a combination of alpha and/or numeric characters. Manufacturer’s Price List A price list published in some form by the Manufacturer and available to and recognized by the trade. May Denotes the permissive in a contract clause or specification. Refers to items or information that the State has deemed are worthy of obtaining, but not required or obligatory. Mean The arithmetic average. The average value of a set of numbers. Minority and/or Woman- Owned Business (MWBE) A business certified with Empire State Development (ESD) as a Minority and/or Woman-Owned Business. Model Number An identification number assigned to describe a style or class of item, such as a particular design, composition or function, by the Manufacturer or distributor of that item. Moderate Risk Data Is as defined in FIPS PUB 199, Standards for Security Categorization of Federal Information and Information Systems (“Moderate Impact Data”). Must Denotes the imperative in a Contract clause or specification. Means required - being determinative/mandatory, as well as imperative. National Institute of Standards and Technology (NIST) NIST is the federal technology agency that works with industry to develop and apply technology, measurements, and standards. xxxx://xxx.xxxx.xxx Term Definition New York State Small Business Enterprise (NYS SBE) A “New York State Small Business” is defined as a company that is a resident to New York State, independently owned and operated, with 100 or fewer employees, and not dominant in its field. See State Finance Law §160(8). Non-State Agencies Political subdivisions and other entities authorized by law to make purchases from OGS Centralized Contracts other than those entities that qualify as State Agencies. This includes all entities permitted to participate in centralized contracts per Xxxxxxxx X, §00(x), Xxx-Xxxxx Agency Authorized Users and §39(c), Voluntary Extension and State Finance Law Section 163(1)(k). NYS Procurement The New York State Office of General Services that is authorized by law to issue centralized, statewide contracts for use by New York State agencies, political subdivisions, schools, libraries and others authorized by law to participate in such contracts. xxxx://xxxxxx.xxx.xx.xxx Office of the State Comptroller (OSC) The New York State Office of the State Comptroller. xxxx://xxx.xxx.xxxxx.xx.xx/ Operating System (OS) Those routines, whether or not identified as program Products, that reside in the Equipment and are required for the Equipment to perform its intended function(s), and which interface the operator, other Contractor-supplied programs, and user programs to the Equipment. Personally Identifiable Information (PII) As defined in NIST Special Publication 800-122 “Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)”, Platform as a Service (PaaS) The capability provided to the Authorized User to deploy onto the Cloud, infrastructure Authorized User-created or acquired applications created using programming languages and tools supported by the Vendor. The Authorized User does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly application hosting environment configurations. Preventive Maintenance Maintenance, performed on a scheduled basis by the Contractor, which is designed to keep the Equipment in proper operating condition.
Basic Definitions 1.1.9.1 Addenda. Written or graphic instruments issued prior to the opening of bids that clarify, correct, or change any of the component parts of the Bidding documents.
SECTION I - DEFINITIONS As used in this Agreement, the following terms shall have the meanings ascribed herein unless otherwise stated or reasonably required by the Agreement, and other forms of any defined words shall have a meaning parallel thereto.
Specific Definitions The following terms used in this Agreement shall have the following meanings: