1. PURCHASE ORDER DEFINED: The term "purchase order" as used in these terms and conditions means the document entitled "Purchase Order" that the Coconino County Community College District dba Coconino Community College (“CCC”) issues to the contractor (“Contractor”) (collectively, “Parties”).
2. CONTRACT DEFINED: The term “Contract” as used in the Purchase Order Terms and Conditions means one of the following, as applicable:
2.1 Where the Purchase Order is the sole document that CCC authorizes to describe the terms of the contract between the Contractor and CCC (such as scope of work, deliverables, price) the Purchase Order will be the sole document constituting the contract between the Parties;
2.2 Where CCC issues a solicitation (request for proposal (RFP), invitation for bids (IFB), request for qualifications (RFQu), or request for quotations (RFQ)), the solicitation and amendments to it, the Contractor’s response (proposal, bid, or quote), any statements of work or other similar documents and the Purchase Order Terms and Conditions along with any engagement letter, if applicable;
2.3 Where CCC and the Contractor sign a CCC-template contract, that contract, any amendments to it and the Purchase Order Terms and Conditions;
2.4 Where CCC signs a contract template that the Contractor provides, the contract template, as CCC may modify it, any amendments to it, and these Purchase Order Terms and Conditions. If a Contractor supplies a contract template in its bid or proposal in response to a formal solicitation (that is, under an IFB, RFP, RFQu or RFQ), or after CCC notifies it that it has been selected for contract award, the contract template is subject to and must explicitly incorporate solicitation terms and conditions into it.
3. “DAYS” DEFINED: The term “days” as used in the Purchase Order Terms and Conditions means calendar days, unless otherwise specified.
4 ORDER OF PRECEDENCE: A solicitation, amendments to it, and the Purchase Order Terms and Conditions take precedence over any inconsistent or materially different terms in the Contractor’s response to a solicitation or other Contractor-supplied contract documents. Additionally, CCC does not agree to, and will not be bound by, Contractor terms and conditions that a representative of CCC not authorized to sign contracts has approved and signed.
TERMS AND CONDITIONS APPLICABLE TO CONTRACTS INVOLVING THE PURCHASE OF GOODS
5. ACCEPTANCE AND REJECTION: Regardless of any terms or conditions to the contrary in Contractor forms or documents, CCC shall have the all the rights and remedies specified in this paragraph. CCC shall have a reasonable time after delivery of goods to inspect them. CCC is not obligated to pay for those goods until it has had the opportunity to inspect them, and has accepted them. CCC may reject goods if, prior to final acceptance, the goods are found to be defective or not as specified. In the case of services, CCC is not obligated to pay for them until it has finally accepted the services and, in the case of construction, is occupying or otherwise using the facility where the construction occurred. CCC is entitled to all other remedies under applicable law, including the right to revoke acceptance of nonconforming goods. Contractor shall reimburse CCC for all direct, indirect, incidental, and consequential costs related to nonconforming goods or services. Notwithstanding final acceptance and payment, Contractor shall be liable for latent defects, fraud, or such gross mistakes as amount to fraud. Acceptance of performance shall not waive the right to claim damages for breach, negligence, product liability, or any other act or omission covered by the indemnity provisions of these Purchase Order Terms and Conditions.
6. INSPECTIONS: The Contractor agrees to permit access to its facilities, subcontractor facilities and the Contractor's processes for producing the goods, at reasonable times for inspection of the goods covered under this Contract. CCC shall also have the right to test at its own cost the goods to be supplied under this Contract. Neither inspection at the Contractor's facilities nor testing shall constitute final acceptance of the goods. If CCC determines non-compliance of the goods, the Contractor shall be responsible for the payment of all costs incurred by CCC for testing and inspection.
7. RISK OF LOSS: The Contractor shall bear all loss of conforming material covered under this Contract until received by authorized personnel at the location designated in the Contract. Mere receipt does not constitute final acceptance. The risk of loss for nonconforming goods shall remain with the Contractor regardless of receipt.
8. SUBSTITUTIONS: Contractor may not substitute goods required under this Contract. Providing substitutions or any attempt to do so will be considered a breach of the Contract.
9. TITLE AND DELIVERY: Unless stated otherwise in the Contract, all prices shall be F.O.B. Destination and shall include all delivery and unloading at the destination identified in the Contract. Title to the goods shall pass to CCC upon acceptance at the F.O.B. point specified, subject to the right of CCC to reject. For any exception to the delivery date specified, Contractor shall give prior notification and obtain approval from CCC's Purchasing Services. Time is of the essence and the Contract is subject to termination for failure to deliver on time.
10.1 Liens: The Contractor warrants that the goods supplied under this Contract are free of liens.
10.2 Quality: Unless otherwise modified elsewhere in these terms and conditions, the Contractor warrants that, for one year after acceptance by CCC of the goods, they shall be:
10.2.1 Of a quality to pass without objection in the trade under the Contract description;
10.2.2 Fit for the intended purposes for which the goods are used.
10.2.3 Within the variations permitted by the Contract and are of even kind, quantity, and quality within each unit and among all units;
10.2.4 Adequately contained, packaged and marked as the Contract may require; and
10.2.5 Conform to the written promises or affirmations of fact made by the Contractor.
10.3 Fitness. The Contractor warrants that any material supplied to CCC shall fully conform to all requirements of the Contract and all representations of the Contractor, and shall be fit for all purposes and uses required by the Contract.
10.4 Inspection/Testing. Inspection or testing of or payment for the goods does not affect the warranties set forth in subparagraphs 10.2.1 through 10.2.5 of this paragraph by CCC.
TERMS AND CONDITIONS APPLICABLE TO CONTRACTS INVOLVING THE PURCHASE OF SERVICES
11. CONTRACTOR PERSONNEL POLICIES: Contractor will maintain personnel policies that appropriately check the backgrounds of its employees who will be providing services to CCC on site in accordance with CCC policy. Contractor will supply the appropriate CCC representative with copies of those policies upon request.
12. FINANCIAL TRANSACTIONS: If Contractor is responsible for handling any type of financial transaction for CCC, the Contractor shall demonstrate annually, as applicable, that it complies with the Statement on Standards for Attestation Engagements (SSAE) No. 16, known as SSAE 16, established by the Auditing Standards Board (ASB) and the American Institute of Certified Public Accountants (AICPA). The Contractor shall provide its annual report, as applicable, on a reporting form or forms adopted as part of SSAE 16 no later than 30 days after CCC requests in writing.
13. PERFORMANCE STANDARDS: Contractor shall, at all times during this Contract, provide the services within the highest standards of its profession. Contractor certifies that it shall maintain all applicable licenses/certifications and must provide notice immediately to CCC of any change in any license/certification. Contractor warrants that the services provided shall conform to the Contract.
14. PROVISION OF SUPPLIES, MATERIALS AND LABOR: The Contractor shall furnish all supplies, equipment, and all management and labor necessary for the efficient and sound provision of the services or goods it supplies under this Contract, or in subsequent extensions or amendments.
TERMS AND CONDITIONS APPLICABLE TO ALL CONTRACTS
15. ADVERTISING AND PROMOTION: The name or logos of CCC or those of any entity under CCC’s jurisdiction shall not be used by Contractor except as may be required to perform this Contract and only as approved in writing by CCC.
16. APPLICABLE LAWS: The laws of the State of Arizona apply to every aspect of this Contract. Any provision required to be included in a contract of this type by any applicable and valid Executive Order, federal, state or local law, ordinance, rule or regulation shall be deemed to be incorporated into this Contract.
17. ARBITRATION: In accordance with ARS § 12-1518, the parties agree to resolve all disputes arising out of or relating to this Contract through arbitration, after exhausting applicable administrative review except as may be required by other applicable statues.
18. AUDITS: To the extent required by A.R.S. § 35-214, the Contractor shall retain and shall contractually require each subcontractor to retain all data, books and other records (“records”) relating to this Contract for a period of five (5) years after completion of the Contract. All records shall be subject to inspection and audit by CCC at reasonable times. Upon request, the Contractor shall produce the original of any or all such records.
19. BILLING: If CCC permits the Contractor to receive progress payments, Contractor may only invoice in increments of 30 days or more. The monthly billings should be submitted to the “BILL TO” address shown on the Contract.
20. BUSINESS CONTINUITY PLAN: Contractor will provide to CCC, within 30 days after such request, a comprehensive plan for continuing the performance of its obligations (the Business Continuity Plan) during a Public or Institutional Emergency. A Public or Institutional Emergency means a natural or human made event that creates a substantial risk to the public, that causes or threatens death or injury to the general public, or that causes a significant disruption to the day-to-day business operations of CCC. The Business Continuity Plan, at a minimum, will address the following: 1) identification of response personnel by name; 2) key succession and performance responses in the event of sudden and significant decrease in workforce; 3) contingency plans for the Contractor to continue the performance of its obligations under the Agreement, despite the emergency; and 4) if Contractor will store, have access to, or otherwise process any CCC Data, a data recovery plan that includes the following: identification of data recovery personnel by name, how CCC Data will be recovered, recovery point and recovery time objectives, and steps to be taken to recover CCC Data. If CCC requires a data recovery plan, upon CCC’s request, Contractor will provide CCC with evidence that Contractor annually tests the data recovery plan. In the event of a Public or Institutional Emergency, Contractor will implement the applicable actions set forth in the Business Continuity Plan and will make other commercially practicable efforts to mitigate the impact of the event. For clarification of intent, Contractor will not be entitled to any additional compensation or extension of time by virtue of having to implement a Business Continuity Plan, unless otherwise agreed to by CCC in writing.
21. CHANGES: An authorized CCC representative from Purchasing Services may make changes within the general scope of this purchase order by giving notice to Contractor and subsequently confirming such changes in writing. If such changes affect the cost of, or the time required for performance of this purchase order, an appropriate equitable adjustment shall be made. No change by Contractor shall be recognized without written approval of an authorized CCC representative. Any claim of Contractor for an adjustment under this Paragraph must be made in writing within thirty (30) days from the date of receipt by Contractor of notification of such change. Nothing in this paragraph shall excuse Contractor from proceeding with performance of the purchase order as modified.
22. COMPLIANCE WITH IMMIGRATION LAWS; LEGAL WORKER’S ACT: The Contractor shall at all times comply with the Federal Immigration Reform and Control Act of 1986 (and by any subsequent amendments) and shall indemnify, hold harmless, and defend CCC from any and all costs or expenses whatsoever arising out of Contractor's noncompliance. To the extent applicable to this Contract under A.R.S. § 41-4401, Contractor warrants on behalf of itself and its subcontractors that it verifies the employment eligibility through the E-verify program of any employee it hires and complies with federal immigration laws and regulations relating to their employees. The Contractor shall at all times comply with the Federal Immigration Reform and Control Act of 1986 (and by any subsequent amendments to it) and shall indemnify, hold harmless, and defend CCC from any and all costs or expenses whatsoever arising out of Contractor's compliance or noncompliance with that law. Additionally, Contractor agrees to abide by all applicable laws that apply to it and this Contract, including executive orders of the Governor of the State of Arizona.
23. CONFIDENTIAL INFORMATION
23.1 Confidential Information Defined: For purposes of this Contract, Confidential Information, including data, is defined as any and all CCC information and data whose collection, sharing, dissemination, use, preservation, disclosure, protection, storage, destruction, and/or disposition is governed by federal, state, local and/or international law or regulation. Confidential Information includes, but is not limited to, Social Security Numbers, student records, student financial records regarding students (or their parents or sponsors), financial and personal information regarding CCC employees and students, protected health information (as identified by the Health Information Portability and Accountability Act), and other personally identifiable information protected by applicable law or regulation. In addition, Confidential Information includes data and other information that is proprietary to or developed by CCC such as institutional financial and performance records. Confidential Information does not include information the receiving party already knows; information that becomes available to the public except as a result of disclosure by the receiving party in violation of this Contract; and information that becomes known to the receiving party from a source other than the disclosing party on a non-confidential basis.
23.2 Use of Confidential Information: Contractor agrees that the Confidential Information provided to it during the Contract or to which it may potentially have access, during the provision of services related therein, shall be used only and exclusively to support this Contract, service and service execution and not for any other purpose. The receiving party will limit access to Confidential Information to its employees whom need to know the Confidential Information in order to carry out the activities under this Purchase Order, and will instruct those employees to keep the information confidential.
23.3 Contractor Safeguards: At all times during this Purchase Order, Contractor will maintain appropriate administrative, technical and physical safeguards to protect the security and privacy of Confidential Information in use, in motion, or in rest. The safeguards include, but are not limited to, implementation of adequate privacy and security policies and data breach response plans that comply with industry standards and the requirements of applicable laws and the regulatory agencies responsible for enforcing them.
23.4 Reporting Incidents: Contractor shall inform CCC’s Chief Information Security Officer and Director of Purchasing Services by sending an email to
23.5 Transmission Outside of The United States: To the extent that the Contractor transmits or processes CCC Confidential Information outside of the United States, it agrees to comply with the data security and privacy laws of each country through which such information is transmitted or processed, as well as the data security and privacy laws of the jurisdiction of residence for the individuals whose data is used by the Contractor. If Contractor, employees, or any tier of the Contractor’s agent(s) in the performance of this Purchase Order hosts or maintains CCC Confidential Information on its technology, Contractor warrants and confirms that the hosting or maintenance of that information meets the applicable legal and industry security standards, including qualifying for the “safe harbor” rules under applicable data breach laws.
24. CONTRACT ASSIGNMENT: Contractor may not, in part or in whole, subcontract (except as otherwise specified in Contractor’s proposal to the CCC solicitation), delegate or assign this Contract without the prior written permission of a representative of CCC authorized to sign contracts.
25. CONTRACT TERMINATION:
25.1 Termination for Bankruptcy: CCC may terminate the resulting contract immediately if the Contractor files for bankruptcy or receivership, or takes any actions relating to insolvency, such as an assignment for the benefit of creditors.
25.2 Termination for Conflict of Interest: Pursuant to A.R.S. 38-511, the resulting contract and/or any Purchase Order(s) issued against it is subject to cancellation by CCC if any personnel significantly involved in the resulting contract are found to be in conflict of interest.
25.3 Termination for Convenience. CCC reserves the right to terminate the Contract, in whole or in part at any time, when in the best interests of CCC without penalty recourse. Upon receipt of the written notice, the Contractor shall immediately stop all work as directed in the notice, notify all subcontractors of the effective date of the termination and minimize all further costs to CCC. In the event of termination under this paragraph, all documents, data and reports prepared by the Contractor under the Contract shall become the property of and be delivered to CCC. The Contractor shall be entitled to receive just and equitable compensation for work in progress, work completed, and materials accepted before the effective date of the termination. CCC shall receive refund of any prepaid payments and fees covering the remainder of the term after the effective date of the termination.
25.4 Termination of Default: In the event that the Contractor breaches any of the terms and provisions of the Contract, CCC reserves the right to accurately and specifically describe the unsatisfactory performance or condition in a written notice by email or registered or certified mail to the Contractor requiring that this be corrected within a ten (10) day period from the date said notice is received by the Contractor. If the condition is not remedied within this time period, failure to do so on the part of the Contractor may result in CCC resorting to any single or combination of the following remedies:
25.4.1 Reserve all rights or claims to damage for breach of any covenants of the contract;
25.4.2 Perform any test or analysis on materials (equipment/products) for compliance with the specifications of the contract. If the results of any test or analysis find a non‑compliance with the specifications, the actual expense of testing shall be borne by the Contractor;
25.4.3 In case of default, CCC reserves the right to purchase materials and/or services, or to complete the required work in accordance with the needs of CCC. CCC may recover any actual excess costs from the Contractor by:
- Deduction from an unpaid balance;
- Refund of prepaid payments and fees covering the remainder of the term after the effective date of the termination;
- Collection against the bid and/or performance bond, or;
- Any combination of the above or any other remedies as provided by law.
25.5 Termination for Gratuities: CCC may, by written notice, terminate this Contract, in whole or in part, if CCC determines that employment or gratuity was offered or made by the Contractor or a representative of the Contractor to any officer or employee of CCC for the purpose of influencing the outcome of the procurement or securing the Contract, including the making of any determination or decision about Contract performance. CCC, in addition to any other rights or remedies, shall be entitled to recover exemplary damages in the amount of three (3) times the value of the gratuity offered by the Contractor.
25.6 Termination for Non-Appropriation: The resulting Contract shall be in force until the expiration date. However, CCC is a State Agency subject to State appropriation of funds. If the Coconino Community College District Governing Board determines, at its sole discretion, not to allocate sufficient funds for CCC to uphold this agreement, CCC has the right to terminate this agreement upon (30) thirty-days written notice.
25.7 Termination for Suspension or Debarment: CCC may, by written notice to the Contractor, immediately terminate this Contract if CCC determines that the Contractor has been debarred, suspended or otherwise lawfully prohibited from participating in any public procurement activity, including but not limited to, being disapproved as a subcontractor of any public procurement unit or other governmental body. Submittal of an offer or execution of a contract shall attest that the Contractor is not currently suspended or debarred. If the Contractor becomes suspended or debarred, the Contractor shall immediately notify CCC.
26. DATA USE, OWNERSHIP, PRIVACY, and PROTECTION. The terms of this section apply if Contractor receives, has access to, stores, or analyzes any CCC Data.
a. As between the parties, CCC will own, or retain all of its rights in, all data and information that CCC provides to Contractor, as well as all data and information managed by Contractor on behalf of CCC, including all output, reports, analyses, and other materials relating to, derived from, or generated pursuant to the Agreement, even if generated by Contractor, as well as all data obtained or extracted through CCC’s or Contractor’s use of such data or information (collectively, CCC Data). CCC Data includes all data and information provided directly to Contractor by CCC, its students, or employees; and may include personal data, operational data, security data, metadata, and user-created content.
b. CCC Data will be CCC’s Intellectual Property and Contractor will treat it as confidential information. Contractor will not use, access, disclose, license, or provide to third parties, any CCC Data, except: (i) to fulfill Contractor’s obligations to CCC hereunder; or (ii) as authorized in writing by CCC. Without limitation, Contractor will not use any CCC Data, whether or not aggregated or de-identified, for product development, marketing, profiling, benchmarking, or product demonstrations, without, in each case, CCC’s prior written consent. Contractor will not, directly or indirectly: (iii) attempt to re-identify or de-aggregate de-identified or aggregated information; or (iv) transfer deidentified and aggregated information to any third party unless that third party agrees not to attempt re-identification or de-aggregation. For CCC Data to be considered de-identified all direct and indirect personal identifiers must be removed, including names, ID numbers, dates of birth, demographic information, location information, and school information. Upon request by CCC, Contractor will deliver, destroy, and/or make available to CCC any or all CCC Data. Upon termination of the Contract, CCC Data will be returned to CCC in a non-proprietary format that preserves its structure and utility to CCC. Unless otherwise notified in writing, Contractor must destroy all CCC Data on its systems, including that stored on backup media, 30 days after the termination of the Contract.
c. Contractor will ensure that all services undertaken pursuant to the Agreement are performed in compliance with applicable privacy and data protection laws, rules, and regulations. In addition, Contractor is responsible to CCC for compliance with the Agreement by all Contractor Parties. If Contractor will serve as a Processor of CCC Data that includes Personal Data of Data Subjects in the European Union, Contractor will cooperate with CCC to comply with the General Data Protection Regulation (GDPR) with respect to such Personal Data and Data Subjects. This includes ensuring that all Data Subjects have signed appropriate Consents, and signing and complying with all documents and agreements reasonably requested by CCC, including any data processing agreements. All capitalized terms in this section not otherwise defined in the Agreement are defined in the GDPR.
27. DISABILITY STANDARDS: If applicable to the work of the Contractor under this Contract, Contractor warrants that it complies with Arizona and federal disabilities laws and regulations. Contractor warrants that the products or services to be provided under this Contract comply with the accessibility requirements of the Americans with Disabilities Act of 1990, as amended (42 U.S.C. §12101 et seq.) and its implementing regulations set forth at Title 28, Code of Federal Regulations, Parts 35 and 36, Section 508 of the Rehabilitation Act of 1973, as amended (29 U.S.C. §794d) and its implementing regulations set forth at Title 36, Code of Federal Regulations, Part 1194; and maintain, if applicable, Web Content Accessibility Standards 2.0 at Level AA. Contractor agrees to promptly respond to and resolve any complaint regarding accessibility of its products or services. Contractor must provide, on request, accessibility testing results and written documentation verifying accessibility. Contractor further agrees to indemnify and hold harmless CCC from any claims arising out of its failure to comply with the aforesaid requirements. Failure to comply with these requirements shall constitute a material breach and be grounds for termination of this Contract.
28. ENTIRE AGREEMENT: The resulting contract expresses the totality of the terms of the agreement between the parties. Any verbal representation shall have no force or effect whatsoever. Any amendment to this contract upon agreement by both parties shall supersede and replace any and all prior agreements between the parties with respect to the subject matter covered by the resulting contract. The parties each represent that no promises, representations or inducements have been made by the other party with respect to the subject matter of the resulting contract, except as specifically set forth herein. The resulting contract may not be changed, altered, modified or amended except by an agreement in writing signed by both parties.
29. FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT: If Contractor has access to students' educational records, Contractor shall safeguard those records and limit its employees' and/or agents’ access to the records to those persons for whom access is essential to the performance of this Contract.
- Contractor is prohibited from disclosing those records without the prior written authorization of the student and/or the parent of a student who is a minor permitting CCC and Contractor to release the information according to the authorization. At all times during this Contract, Contractor shall comply with the terms of the Family Educational Rights and Privacy Act of 1974 (“FERPA”) in all respects and shall be responsible for ensuring that any subcontractors involved in the Contract work also comply.
- Student educational records are protected by the U.S. Family Educational Rights and Privacy Act, 20 U.S.C. § 1232g (FERPA). Contractor will not require any CCC students, faculty or employees to waive any privacy rights (including FERPA or the European Union’s General Data Protection Regulation) as a condition for receipt of any educational services, and any attempt to do so will be void. If Contractor requires CCC students, faculty or employees to accept a clickwrap, click-through, end user license agreement, or other similar agreement (End User Agreement), the terms of the End User Agreement that conflict or are inconsistent, with these terms will be void.
- Contractor will comply with FERPA and will not access or make any disclosures of student educational records to third parties without prior notice to and consent from CCC or as otherwise provided by law. If the Agreement contains a scope of work or other provision that requires or permits Contractor to access or release any student records, then, for purposes of the Agreement only, CCC designates Contractor as a “school official” for CCC under FERPA, as that term is used in FERPA and its implementing regulations. In addition, any access or disclosures of student educational records made by Contractor must comply with CCC’s definition of legitimate educational interest. If Contractor violates the terms of this section, Contractor will immediately provide notice of the violation to CCC.
30. FORCE MAJEURE: If the performance of a party under this Contract is interrupted or suspended due to riots, war, public emergencies or calamities, fires, earthquakes, Acts of God, government restrictions, labor disturbances or strikes, civil tumult, epidemic, pandemic or another condition beyond any control of that party (“Force Majeure”), performance by that party will be suspended for the reasonable duration of the Force Majeure. The party claiming that its performance is interrupted or prevented must promptly deliver written notice to the other party identifying the Force Majeure and use its best efforts to perform to the extent that it is able. If the Force Majeure does not abate within a reasonable amount of time, then either party may terminate this Contract by providing written notice to the other party. In the event of non-performance, payments by CCC shall be suspended and excused and any deposit payment(s) advanced by CCC shall be returned promptly. In the event of performance, Contractor shall be entitled to receive just and equitable compensation for work in progress, work completed, and materials accepted before the effective date of Force Majeure written notice. Alternatively, the parties may agree to extend the term of the Contract for a mutually agreed upon period of time.
31. FORCED LABOR OF ETHNIC UYGHURS IN THE PEOPLE’S REPUBLIC OF CHINA. In compliance with A.R.S. § 35-394, to the extent applicable, Contractor warrants that it does not use, and agrees not to use during the term of the Contract any of the following:
- Forced labor of ethnic Uyghurs in the People’s Republic of China;
- Any goods or services produced by the forced labor of Ethnic Uyghurs in the People’s Republic of China; or
- Any Contractors, Subcontractors, or suppliers that use the forced labor or any goods or services produced by the forced labor of ethnic Uyghurs in the People’s Republic of China.
32. HEALTH INSURANCE PORTIABILITY AND ACCOUNTABILITY ACT. To the extent applicable, Contractor will abide by all laws and regulations that protect the privacy of healthcare information to which Contractor obtains access under the Agreement. Certain portions of the Administrative Simplification section of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), as codified at 42 U.S.C. § 1320d through d-8, and the federal privacy regulations as contained in 45 CFR Part 164 may apply to Contractor and CCC, and their relationships and operation under the Agreement. If necessary, Contractor and CCC will enter into a standard Business Associate Agreement, and any other required HIPAA agreements. To the extent the terms thereof relate to Contractor’s performance under the Agreement, the provisions of the Business Associate Agreement will control.
33. INDEMNIFICATION AND LIABILITY LIMITATIONS: To the fullest extent permitted by law, Contractor shall defend, indemnify, and hold harmless CCC, its agents, officers, officials, employees, and volunteers from and against all claims, damages, losses, and expenses (including but not limited to attorney fees and court costs) arising from breach of a material term of this Contract, or from the negligent or intentional acts or omissions of the Contractor, its agents, employees, or any tier of Contractor's subcontractors in the performance of the Contract. The amount and type of insurance coverage requirements set forth above will in no way be construed as limiting the scope of indemnification in this paragraph. If applicable, Contractor shall also indemnify, defend and hold harmless CCC and its officers, officials, employees and agents against any claim (including but not limited to attorney fees and court costs) that their authorized use of Contractor’s services or goods under this Contract violates the claimant’s property rights. Contractor shall be responsible for obtaining any copyright, patent, trademark or intellectual property consents for goods or services that it provides under this Contract.
Because CCC is a public institution, any indemnification, liability releases, or hold harmless provisions are limited as required by Arizona law. CCC’s liability under any claim for indemnification is limited to claims for property damage, personal injury, or death to the extent caused by negligent or intentional acts or omissions of CCC. Any indemnity obligation of CCC is further subject to and conditioned by available insurance coverage.
34. INDEPENDENT CONTRACTOR: Contractor is an independent contractor. Neither CCC nor Contractor may bind the other. None of the Contractor Parties will be employees, agents, partners, or joint ventures of CCC. None of the Contractor Parties will be eligible for any benefits from CCC, including worker’s compensation coverage. Contractor will determine Contractor’s hours of work, and will provide all tools, equipment, and supplies Contractor determines to be necessary to deliver and perform the Goods/Services. Contractor will maintain all business registrations and licenses required to deliver and perform the Goods/Services. Contractor is using its own knowledge, skill, and technical know-how in the delivery and performance of the Goods/Services and is not being supervised by CCC. The conduct and control of Services lies solely with Contractor, and CCC is interested only in final results.
35. INFORMATION SECURITY. The terms of this section apply if: 1) Coconino Community College (herein referred to as CCC) is purchasing or leasing software, or processing a software renewal; 2) Contractor is creating any code for CCC; 3) Contractor receives, stores, analyzes, or processes CCC Data (including if the data is not online) 4) Contractor is hosting, or managing via infrastructure outside of CCC, including in the cloud, CCC Data or 5) Contractor is collecting PII or CCC Data via a link on a coconino.edu or another CCC managed webpage.
All systems, software, services, and devices that store, transmit or otherwise process CCC Data must be designed, managed, and operated in accordance with information security best practices and in compliance with all applicable laws, rules, and regulations. CCC Data means: all data and information that CCC provides to Contractor, as well as all data and information managed by Contractor on behalf of CCC, including all output, reports, analyses, and other materials relating to, derived from, or generated pursuant to this Agreement, even if generated by Contractor, as well as all data obtained or extracted through CCC’s or Contractor’s use of such data or information. CCC Data includes all data and information provided directly to Contractor by CCC students and employees, and includes personal data, metadata, and user content.
a. With respect to each System, Contractor and its contractors at all tiers (directly and through their third-party service providers) will meet the following requirements:
- Access Control. Control access to CCC's resources, including CCC Data, limiting access to legitimate business need based on an individual’s job-related assignment, approve and track access to ensure proper usage and accountability, and make such information available to CCC for review, upon CCC’s request.
- Incident (Breach) Reporting. Report information security incidents that affect CCC Data within 48 hours of incident awareness to CCC (including those that involve information disclosure incidents, unauthorized disclosure of CCC Data, successful network intrusions, malware infection, and unauthorized access or modifications). Contractor shall cooperate fully with Client's investigation of and response to the incident. Except as otherwise required by law, Contractor shall not provide notice of the incident directly to the persons whose data were involved, without prior written permission from Client.
- Off Shore. Ensure (i) that all development or modification of software for CCC is performed only within the borders of the United States, and (ii) all CCC Data (including backup copies) are stored, accessed from, and otherwise processed only within the borders of the United States.
- Patch Management. Carry out updates and patch management for all Systems in a timely manner and to the satisfaction of CCC. Updates and patch management must be deployed using an auditable process that can be reviewed by CCC upon CCC’s request.
- Encryption. Ensure all Systems use an industry standard encryption protocol for sensitive data, personal data or personally identifiable data, as those terms may be defined in applicable laws, rules and regulations (PII) in transit and at rest (as documented in NIST 800-57 or equivalent).
- Notifications. Notify CCC immediately if Contractor receives any kind of subpoena for or involving CCC Data, if any third-party requests CCC Data, or if Contractor has a change in the location or transmission of CCC Data. All notifications to CCC that are required in this Information Security paragraph will be sent to CCC Information Security at
- Regulatory Compliance. Contractor shall meet applicable regulatory requirements for CCC Data provided as part of this Agreement, including but not limited to:
- Student Education Records: The Family Education Rights and Privacy Act (“FERPA”), 20 USC 1232g et seq., and related regulations at 34 CFR Part 99;
- Financial Information including credit card and financial account numbers: The Financial Modernization Act of 1999, 15 USC 6803 et seq.; and the Safeguards Rule at 16 CFR Part 314.
- Protected Health Information: The Health Insurance Portability and Accountability Act ("HIPAA”), 42 USC 1320d-2 (note); implementing privacy and security regulations at 45 CFR Parts 160 and 164, and related agency guidance.
- Data Protections and Rights for European Union Residents: The General Data Protection Regulation (“GDPR”).
- Backup and Restoration. Ensure that all CCC Data is available and accessible, and that adequate systems are in place to restore the availability and accessibility of all CCC Data in a timely manner in the event of a physical or technical threat.
- Privacy by Design. When developing, designing, selecting, and using Systems for processing sensitive data, personal data, or personally identifiable data, as those terms may be defined in applicable laws, rules and regulations (PII), Contractor will, with due regard to the state of the art, incorporate and implement data privacy best practices.
b. In addition to Section 1 (a) above, the following provisions apply if (i) Contractor receives, stores, or analyzes CCC Data (including if the data is not online); or (ii) Contractor is hosting or managing by infrastructure outside of CCC, including in the cloud, CCC Data:
- Third Party Security Audits. Complete certified third-party audit (such as SOC2 Type II or substantially equivalent) in accordance with then current industry standards, which audits are subject to review by CCC upon CCC’s request. Currently, no more than two audits per year are required.
- Penetration Tests. Perform periodic third-party scans, including penetration tests, for unauthorized applications, services, code, and system vulnerabilities on each System in accordance with industry standards and CCC standards, and Contractor must provide proof of testing to CCC upon CCC’s request.
- Vulnerability Scanning. All web-based Systems are required to have a remediation plan and third-party web application security scans in accordance with then current industry best practices or when required by applicable industry regulations or standards. Contractor must correct weaknesses within a reasonable period of time, consistent with applicable industry regulations or standards, and consistent with the criticality of the risk, and Contractor must provide proof of testing to CCC upon CCC’s request.
c. In addition to Sections 1 (a)-(b) above, the following provision applies if: (i) CCC is purchasing or leasing software or processing a software renewal; (ii) Contractor is creating any code for CCC; (iii) Contractor is hosting, or managing by infrastructure outside of CCC, including in the cloud, CCC Data; or (IV) Contractor is collecting PII or CCC Data via a link on an coconino.edu or other CCC managed webpage:
- Secure Development. Use secure development and coding standards including secure change management procedures in accordance with industry standards. Prior to releasing new software versions, Contractor will perform quality assurance testing and penetration testing and/or scanning. Contractor will provide to CCC for review upon CCC request, evidence of a secure Software Development Life Cycle (SDLC).
36. INSURANCE REQUIREMENTS: The Contractor shall maintain during the term of the resulting contract the following insurance policies issued by companies licensed in Arizona with a current A.M. Best rating of A: VII or better. Prior to commencing work or services, Contractor shall furnish the College’s Purchasing Services
36.1 Commercial General Liability insurance with a limit of not less than $2,000,000 per occurrence for bodily injury, property damage, personal injury, products and completed operations, and blanket contractual coverage, including but not limited to, the liability assumed under the indemnification provisions of the resulting contract.
36.2 Automobile Liability insurance with a combined single limit for bodily injury and property damage of not less than $2,000,000.00 each occurrence with respect to the Contractor’s owned, hired, and non-owned vehicles.
36.3 Worker’s Compensation insurance with limits statutorily required by any Federal or State law and Employer’s Liability insurance of not less than $1,000,000 for each accident, $100,000 disease for each employee, and $500,000 disease policy limit.
36.4 Professional Liability insurance covering acts, errors, mistakes, and omissions arising out of the work or services performed by the Contractor, or any person employed by the Contractor, with a limit of not less than $1,000,000 each claim.
36.5 Certificates: Successful bidder shall furnish annually to the College, a certificate or certificates of insurance from an insurance company licensed to do business in the State of Arizona showing that the prescribed policies are in force and effect and each certificate shall provide that the insurance company shall not change or cancel any insurance until the College has been notified, in writing, at least thirty (30) days before the date of change or cancellation. Submission of the required documents shall be due before the start of each contract year.
36.6 No Warrant: CCC in no way warrants that the minimum limits set forth above are sufficient to protect the Contractor from liabilities that may arise of out Contractor’s services. The insurance requirements are minimum and in no way limit the indemnity covenants contained in an Agreement between CCC and the Contractor.
36.7 Network Security and Privacy Liability (if applicable): Coverage in an amount not less than $2,000,000 per claim and annual aggregate, covering all acts, errors, omissions, negligence, infringement of intellectual property (except patent and trade secret); network security and privacy risks, including but not limited to unauthorized access, failure of security, breach of privacy perils, wrongful disclosure, collection, or other negligence in handling of confidential information , privacy perils, and including coverage for related regulatory defense and penalties; data breach expenses, in an amount not less than $2,000,000 and payable whether incurred by CCC or Contractor including but not limited to consumer notification, whether or not required by law, computer forensic investigations, public relations and crisis management firm fees, credit file or identity monitoring or remediation services in the performance of services for CCC or on behalf of CCC hereunder. The policy shall contain an affirmative coverage grant for contingent bodily injury and property damage emanating from the failure of the technology services or an error or omission in the content/information provided. Such insurance shall be maintained in force at all times during the term of the agreement and for a period of three years thereafter for services completed during the term of the agreement. CCC shall be given 30 days’ notice of the cancellation or expiration of the aforementioned insurance for any reason.
37. LIABILITY FOR TAXES: The Contractor is responsible for paying all taxes applicable to its operations, business property, and income. CCC shall not be liable for any tax imposed either directly or indirectly upon the Contractor, except that CCC will pay as part of the Contract price any transaction privilege or use tax assessed on Contractor’s provision of the services or goods under the Contract.
38. NO WAIVER OF SOVEREIGN IMMUNITY: Nothing in this Contract shall be interpreted or construed to waive CCC’s sovereign immunity under the laws of the State of Arizona.
39. NO BOYCOTT OF GOODS OR SERVICES FROM ISRAEL. If the goods/services provided under this Agreement include the acquisition of services, supplies, information technology or construction with a value of at least $100,000 and Contractor is engaged in for-profit activity and has 10 or more full-time employees, then, to the extent required by ARS § 35-393, Contractor certifies it is not currently engaged in, and during the term of this Agreement will not engage in, a boycott of goods or services from Israel.
40. NON-DISCRIMINATION: Contractor will comply with all applicable state and federal law, rules, regulations and executive orders governing equal employment opportunity, immigration, and nondiscrimination, including the Americans with Disabilities Act. If applicable, the parties will abide by the requirements of 41 CFR § 60-1.4(a), 60-300.5(a) and 60-741.5(a). These regulations prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities, and prohibit discrimination against all individuals based on their race, color, religion, sex, age, or national origin. Moreover, these regulations require that covered prime contractors and subcontractors take affirmative action to employ and advance in employment individuals without regard to race, color, religion, sex, national original, protected veteran status or disability. CCC also prohibits discrimination on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, citizenship status, disability, veteran status or genetic information.
41.1 CCC will pay for services or goods under the Contract after the Contractor has supplied them and only after the Contractor submits a detailed invoice referencing a valid Purchase Order number, itemizing the services/deliverables or goods provided and specifying the dates that they were provided. The invoice must match the description and dollar amount referenced in the Purchase Order. CCC may request supporting documentation for an invoice. CCC will not provide any portion of the payment up front. Payments will be made via Purchase Order. Payment terms are net 30 days. Additionally, If CCC has agreed in writing to reimburse the travel expenses of the Seller, CCC will do so according to its policies and rates applicable to its employees. Seller must submit an invoice for any travel reimbursement requested, specifying its expenses, and attach original receipts for airfare and hotel expenses.
41.2 Where the Contractor is to provide services or goods over a period of time, such as for a project, an authorized representative of CCC may agree to pay progress payments. If approved, progress payments will be paid in arrears and require that the Contractor submit the detailed invoice specified in this clause.
41.3 CCC reserves the right to dispute an invoice or make partial payment based on the Contractor’s failure to perform the Contractor’s work according to the Contract, including for lack of timeliness or failure to provide deliverables.
41.4 CONTRACTOR MAY NOT BEGIN WORK UNDER THE CONTRACT NOR WILL ANY PAYMENT BE MADE WITHOUT THE CONTRACTOR RECEIVING A SIGNED PURCHASE ORDER FROM CCC PURCHASING SERVICES.
41.5 If prompt payment discounts apply to this purchase, any discount time will not begin until the goods or services have been received and accepted and correct invoice received by the appropriate CCC department. In the event testing is required prior to acceptance, the discount time shall begin upon completion of the tests.
41.6 CCC is exempt from Federal Excise Tax.
41.7 CCC is not tax exempt and pays out-of-state use tax directly to the State of Arizona.
42. PAYMENT CARD INDUSTRY DATA SECURITY STANDARD (PCI DSS). The terms of this section apply if Contractor is processing credit or debit card transactions as part of the Agreement. For e-commerce business and/or payment card transactions, Contractor will comply with the requirements and terms of the rules of all applicable payment card industry associations or organizations, as amended from time to time (PCI Security Standards), and be solely responsible for security and maintaining confidentiality of payment card transactions processed by means of electronic commerce up to the point of receipt of such transactions by a qualified financial institution.
Contractor will, at all times during the Contract, be in compliance with the then current standard for Payment Card Industry Data Security Standard (PCI DSS), Payment Application Data Security Standard (PA-DSS) for software, and PIN Transaction Security (PCI PTS) for hardware. Contractor will provide attestation of compliance to CCC annually by delivering to CCC current copies of the following: (i) Contractor’s “Attestation of Compliance for Onsite Assessments – Service Providers;” (ii) an attestation that all CCC locations are being processed and secured in the same manner as those in Contractor’s “PCI Report on Compliance;” and (iii) a copy of Contractor’s PCI Report on Compliance cover letter. Contractor will notify CCC immediately if Contractor becomes non-compliant, and of the occurrence of any security incidents (including information disclosure incidents, network intrusions, successful virus attacks, unauthorized access or modifications, and threats and vulnerabilities).
Contractor’s services must include the following:
a. Contractor maintains its own network operating on its own dedicated infrastructure. Contractor’s network includes a firewall that (i) includes access control rules that separate Contractor’s PCI network from CCC, and (ii) restricts any communication between Contractor’s network devices and CCC systems.
b. Contractor treats the CCC network as an untrusted network and no unencrypted cardholder data traverses or otherwise is stored on CCC’s network, and CCC has no ability to decrypt cardholder data.
c. All devices must be Secure Reading and Exchange of Data (SRED); Europay, MasterCard and VISA (EMV); and Payment Card Industry Point of Interaction (PTS POI) compliant.
43. PROPERTY RIGHTS: Except for pre-existing works of the Contractor or works of third parties for which Contractor has the permission to supply to CCC under this Contract, CCC shall, at all times, retain ownership in and the rights to any creative works, research data, reports, designs, recordings, graphical representations, or works of similar nature (“Works”) to be developed and delivered under this Contract. Contractor agrees that the Works are “works for hire” and assigns all of the Contractor’s right, title, and interest to CCC.
44. RECORD AND DATA RETENTION, OWNERSHIP, ACCESS AND DECOMMISSIONING: As a political subdivision of the State of Arizona, CCC is subject to applicable laws related to the inspection and production of public records. A public record entails any record, either paper or electronic, made by a public officer (including members of the Governing Board, faculty, staff, and administrators) and kept as a memorial of an official transaction. Pursuant to Arizona Revised Statutes § 41-151.12, CCC must retain records according to established retention periods.
45. REGISTERED SEX OFFENDER NOTIFICATION RESTRICTION: Contractor represents and warrants that no employee, or employee of its subcontractor(s), who has been adjudicated to be a registered sex offender will perform work on CCC premises or equipment at any time. Contractor further agrees by acceptance of the Purchase Order that a violation of this condition shall be considered a material breach and may result in a cancellation of the order at CCC’s discretion.
46. SAFETY AND HAZARDOUS: All equipment supplies and services sold to CCC shall conform to the general safety regulations of the State of Arizona and OSHA.
47. UNAUTHORIZED COSTS OR COSTS OUTSIDE SCOPE OF AGREEMENT: Costs or expenses of the Contractor relating to its performance of this Contract that are not included in the Contract price or are not authorized by the Contract are the sole responsibility of the Contractor and not of or reimbursable by CCC. If the Contract specifies that CCC will reimburse the Contractor a specific cost, Contractor may not charge CCC that cost without CCC approving a prior estimate of it.
48. WORK TO BE PERFORMED BY OTHERS: CCC reserves the right to perform any and all services in-house or to utilize the services of other firms on unrelated projects.
Affirmative Action/Equal Opportunity College