Procurement | Finance Division site logo

Procure-to-Pay

Finance Division

Standard Purchase Order Terms and Conditions

Standard Purchase Order Terms and Conditions (PDF)

​These Terms and Conditions (“Terms and Conditions”) and the Purchase Order or other separate written agreement provided by Supplier and accepted by the University (together with any and all appendices, and/or exhibits attached hereto or otherwise issued by the University in connection herewith, collectively, known hereunder as this “Purchase Order”) by and between the George Washington University (“University”) and Supplier (as defined in the Purchase Order) (University and Supplier, collectively, the “Parties,” and each a “Party”), constitute the entire agreement between University and Supplier and supersede and replace any and all prior documents, writings, representations, agreements, proposals, promises, or other understandings, oral or otherwise, between the Parties, including but not limited to any prior or subsequent price quote, invoice, or other document furnished by Supplier.

  1. Formation of Contract. By performing under this Purchase Order (in full or in part), Supplier agrees to and accepts all the provisions in this Purchase Order and agrees to perform. This Purchase Order is hereby accepted on the terms set forth herein and these terms shall govern. This Purchase Order may not be modified, amended, or in any way varied with any additional or different terms unless the University specifically and expressly agrees in writing that such other terms are accepted.
  2. Change or Cancellation. University may for any reason and at any time by written notice, change, cancel or terminate all or any part of this Purchase Order, and upon University’s request Supplier shall deliver (to the extent reasonably possible) any goods or other deliverables that have been prepared up until the date of such termination. Termination for convenience shall not relieve Supplier or University of its obligations incurred prior to the date of termination. After a termination pursuant to University’s notice, Supplier may request an equitable adjustment on a time and materials basis (but not to include standard stock) for any work then in progress. Supplier shall not be paid for any amount of lost profits on canceled orders, or for any avoidable costs incurred after the date of termination. Any request for an equitable adjustment must be made within thirty (30) days after the date of Supplier's receipt of notice of cancellation, with reasonable support for the amount requested, and shall be negotiated by the Parties in good faith on an expedited basis.
  3. Termination for Cause. By written notice, the University may terminate this Purchase Order, in whole or in part, for failure of Supplier to comply with any of the terms and conditions of this Purchase Order. In the event of termination for cause, the Supplier shall be liable to University for any and all damages sustained (a) by reason of the default which gave rise to the termination or (b) as a result of the early termination, including without limitation any incremental cost of re-procuring similar goods or services. This right of termination is in addition to and not in place of any other rights or remedies that the University may have at law or in equity.
  4. Inspection. All goods and services are subject to University’s right of inspection for 30 days after receipt; payment for goods and services prior to inspection will not constitute acceptance by University. The University may elect to reject all or a portion of goods or services that, in University’s sole judgment, are found to be non-conforming or inadequate. Acceptance by University of all or any part of the goods or services will not be deemed a waiver to make a claim for damages or a settlement.
  5. Warranties. In addition to Supplier’s standard warranties applicable to the goods or services furnished hereunder, Supplier expressly represents and warrants that the goods or services
    (a) comply with all applicable laws, codes and regulations, and conform to all specifications and industry standards; (b) are merchantable; (c) are fit for the particular needs or purpose of University as would be reasonably expected for such goods or services, or as otherwise communicated to Supplier; (d) conform in all respects to samples, advertisements and other forms of representation made by Supplier orally or in written documentation provided to, made available to, or in the possession of University; and (e) are not restricted in any way by patents, copyrights, trade or service marks, trade secrets, or any other rights of third parties. If any of the foregoing warranties are breached, Supplier agrees to promptly replace or correct defects and non-conformities, to be liable for all direct, indirect, consequential and other damages suffered by University and any other persons, and to defend and indemnify University from any claim asserted by any person resulting in whole or in part from such breach.
  6. Delivery. Supplier agrees to on-time delivery based upon the date or time for the delivery of goods and services set forth in this Purchase Order. If the Purchase Order does not specify a delivery date, Supplier shall provide the goods or service as if time is of the essence. The University may regard the failure to deliver in a timely manner as a breach of these terms and conditions, entitling the University to all rights and remedies at law, in equity, and under the specific remedies of this Purchase Order. Changes, modifications or other delays resulting directly from University’s actions and that prevent Supplier from delivering in a timely manner shall not be considered a breach. If Supplier anticipates a delay in delivery, Supplier shall notify University immediately and shall take all commercially reasonable steps, at Supplier’s own cost, to avoid or mitigate the effect of such delay.
  7. Shipping. Title and risk of loss or damage to items ordered herein shall remain with Supplier until delivered to and accepted by the University. All packaging, carting, transportation, and insurance charges are to be paid for by the Supplier, unless otherwise specifically stated in the Purchase Order. All goods shipped shall be free of liens or encumbrances. Upon request, the Supplier shall furnish satisfactory evidence of freedom from any such liens or encumbrances. The Parties will assist each other in the prosecution of claims against carriers.
  8. Hazardous Substance. Supplier is given notice hereby that the University has a Hazardous Waste Management Plan (HWMP) pursuant to the RCRA 1976 enactment and in compliance with EPA and District of Columbia regulations. If Supplier intends to bring onto the University’s premises or remove from the University’s premises any hazardous substances or intends to engage in any activities involving hazardous substances that might reasonably be expected to create a danger or hazard to employees or other persons at the University, then in advance of any such activity Supplier shall submit to the University’s Office of Health and Safety for review and approval its program for compliance with the University's HWMP and its schedule and methods for performing such activities. Supplier will adhere to its approved program in the performance of all work to be done on University premises. Supplier should obtain further information regarding the University's HWMP by emailing the University’s Office of Health and Safety at [email protected]. Suppliers shipping goods to the University pursuant to this Purchase Order that contain a hazardous substance must provide a Safety Data Sheet. “Hazardous substance” means any pollutant, contaminant, hazardous or toxic substance or waste, solid waste, petroleum or any byproduct thereof, or any other chemical, substance or material listed or identified in or regulated by any federal, state, local or other governmental statute, regulation, law or ordinance dealing with the protection of human health, natural resources and/or the environment now or hereafter in effect including, without limitation, any and all claims or causes of action based upon such governmental statute, regulation, law or ordinance. Supplier shall comply with all federal and state environmental laws.
  9. Export Controls. The Parties shall comply with all applicable U.S. export control laws and regulations, including but not limited to the International Traffic in Arms Regulations (ITAR), 22 CFR Parts 120 through 130, the Export Administration Regulations (EAR), 15 CFR Parts 730 through 799 and/or other restrictions imposed by the Treasury Department’s Office of Foreign Asset Controls, in the performance of this Purchase Order. Supplier shall not disclose or provide to the University or any employee or agent of University any data or technology subject to the licensing provisions of ITAR and EAR, without prior written notice to and advance written approval by the University. If the Supplier sends any such data or technology that is subject to export control, without notice of the applicability of such export control, University has the right to immediately terminate this Purchase Order.
  10. Indemnification.
    a. Supplier shall defend and indemnify the University and the University’s trustees, officers, employees, agents and representatives (collectively, the “University Indemnitees”) against, and shall hold the University Indemnitees harmless from, any claims and demands made by any person or entity as a result of injuries, damages, expenses and losses incurred by such a person or entity, including without limitation such person's or entity's and the University's legal costs and attorney's fees (hereinafter collectively "Liabilities"), arising out of or relating to Supplier's (i) performance or failure to perform pursuant to this Purchase Order or (ii) misrepresentation or breach of any representation, warranty, obligation, or covenant of this Purchase Order, except to the extent that the Liabilities are a result of the direct and sole negligence of the applicable University Indemnitee. This provision shall survive the delivery of the goods, the termination or completion of the services, or the expiration of this Purchase Order.
    b. Supplier, at its expense, shall defend and indemnify the University Indemnitees against, and shall hold the University Indemnitees harmless from all claims and demands made by any person or entity as a result of Liabilities arising out of or relating to a claim that anything furnished under this Purchase Order infringed a patent, copyright, trademark, service mark, trade secret, or other legally protected propriety right. Supplier shall pay all costs, fees, and damages which may be incurred by the University Indemnitee for any such claim or action or the settlement thereof.
    c. Supplier, at its expense, shall defend and indemnify the University Indemnitees against, and shall hold the University Indemnitees harmless from all claims and demands made by any person or entity as a result of Liabilities arising out of or relating to any product liability claim relating to or arising from any goods supplied by Supplier hereunder. Supplier shall pay all costs, fees, and damages which may be incurred by the University Indemnitee for any such claim or action or the settlement thereof.
  11. Insurance. Upon the Parties’ entry into this Purchase Order, and from time to time upon request, Supplier will provide to University a Certificate of Insurance with proof of maintaining, at a minimum, the following amounts of coverage, it being acknowledged and agreed that the existence and maintenance of this coverage shall in no way limit Supplier's obligations or liabilities hereunder:
    a. Commercial General Liability: On occurrence basis with the following limits:
    General Aggregate Limit                                       $2,000,000
    Products/Completed Operations                      $2,000,000 aggregate
    Personal Injury and Adv. Injury Limit                  $1,000,000 ea. person/organization
    Bodily Injury & Property Damage Limit             $1,000,000 each occurrence
    Fire Damage                                                                $1,000,000 (any one fire)
    Medical Expense                                                       $5,000 (any one person)
    (Pollution Liability Endorsement of $1,000,000 per occurrence will also be needed in the event hazardous materials are to be involved. If this contract requires the disposal of hazardous materials, all disposal locations must be approved by the Office of Risk Management.)
    No exclusions for: Product/Completed Operations; Contractual Liability; Independent Suppliers; Personal & Advertising Injury.
    b. Automobile Liability:
    Any Auto Owned, Hired and Non-Owned Combined Single Limit for Bodily Injury & Property Damage $1,000,000.
    For Transportation of Hazardous Materials: Automobile liability insurance with an MCS-90 endorsement for $5,000,000 and Pollution Liability of $1,000,000 each accident.
    c. Excess "Umbrella" Liability: $2,000,000 ea. occurrence/aggregate. The umbrella coverage should be no more restrictive than underlying coverage.
    d. Workers' Compensation Statutory Coverage: As required by law.
    e. Employers’ Liability: $1,000,000 each accident; $1,000,000 each employee – disease; $1,000,000 aggregate disease.
    f.  Professional Liability: If applicable, see Attachment A: Service Terms, Section A.8.  

    "The George Washington University" is to be named as an additional insured on all liability policies, except for Workers Compensation, and each insurer shall expressly waive any right of subrogation against University (or such waiver of subrogation shall be included in the policy). Each policy of insurance shall be issued in a company or companies licensed to do business in the District of Columbia, maintaining a rating of A-, VII or better in the Best Guide. Each policy shall also provide written notice to the University at least thirty (30) days prior to termination or any material amendment of any policy. The certificate holders’ name must be shown as: "The George Washington University, Office of Risk Management, 2033 K Street, NW, Suite 220, Washington, DC 20052." 
                                                                                                                                                                                                                                                                                                                                                                        These insurance requirements are subject to change based on the contract amount and the type of activity. Refer to the updated Contract Insurance Matrix maintained by the University's Office of Risk Management for more contract specific requirements at www.gwu.edu/~riskmgnt/insurance/contract_matrix.pdf.
  12. Cancellation for Conflict of Interest. This Purchase Order is subject to cancellation if there is found to be a conflict of interest between any University employee and Supplier. University policy requires avoidance of conflicts of interest. No University employee shall knowingly participate in a transaction with a Supplier where employee, any member of employee’s immediate family, or any business or financial interest of employee or employee’s immediate family, has a material interest in the Supplier. Additionally, except as provided in University conflict of interest policies, no employee of University will either solicit or accept gratuities, favors or anything of monetary value from Supplier.
  13. Debarment. Supplier certifies that neither it nor any of its principals (officers, directors, owners, partners, key employees, principal investigators, researchers or management or supervisory personnel) is presently debarred, suspended, proposed for debarment, declared ineligible or excluded from participation in this transaction or in any grant, benefit, contract or program by any U.S. federal or state agency.
  14. Nondiscrimination. Supplier will not discriminate against any qualified employee or applicant for employment in the performance of this Purchase Order, with respect to hire, tenure, terms, conditions, or privileges of employment, or any matter directly or indirectly related to employment because of race, religion, color, sex, age, national origin or ancestry, disability, veteran status, sexual orientation, gender identity or expression, or any other basis prohibited by applicable law. Supplier agrees to comply with all applicable federal equal opportunity laws, orders and regulations, including without limitation, Executive Order 11246, as amended, the Civil Rights Act of 1964, the Age Discrimination in Employment Act of 1972, the Rehabilitation Act of 1973, the Vietnam Era Veterans Readjustment Assistance Act of 1974, the Americans With Disabilities Act of 1990, and the Civil Rights Act of 1991.
  15. Remedies not Exclusive. The remedies available to University under this Purchase Order are not exclusive, but are in addition to such other remedies available to University by law, or in any way arising out of Supplier’s performance under this Purchase Order.
  16. Governing Law. Except as otherwise provided herein, this Purchase Order, and all disputes arising hereunder, shall be governed by the laws of the District of Columbia, without regard for the conflict of law rules thereof, and (unless Attachment D: Terms Applicable to Non- US Suppliers or US Suppliers Providing Non-US Goods and Services applies to this Purchase Order) the Parties commit to the exclusive jurisdiction and venue of the courts located in the District of Columbia to adjudicate any dispute arising under or relating to this Purchase Order. With respect to any suit, action or proceeding arising pursuant to this Purchase Order, each Party hereby irrevocably submits to the jurisdiction of the courts located in the District of Columbia, which submission shall be exclusive unless none of such courts has lawful jurisdiction over such proceedings.
  17. Force Majeure. A Force Majeure will excuse University’s obligations under this Purchase Order for as long as the Force Majeure persists. “Force Majeure” shall mean any act, event, cause, or occurrence rendering the University unable to perform its obligations that is not within the reasonable control of the University, including governmental action, and anything related to the consummations of the transactions contemplated by this Purchase Order that would, in the University’s good faith determination, jeopardize the University’s licensure in the District of Columbia, its state, regional or national accreditation, federal, state or local tax exemptions (including, without limitation, the University’s non-profit status under Section 501(c)(3) of the Internal Revenue Code of the United States), or eligibility of its students for financial assistance from the U.S. Department of Education, U.S. Department of Health and Human Services, and District of Columbia, but, in all cases, excluding any act, event, cause or occurrence caused by the University’s own financial condition or negligence.
  18. Conflict with Provisions in Written Agreement. In the event of a conflict between the terms of this Purchase Order and the terms and conditions of a separate written agreement executed by the University and Supplier in connection with a transaction governed hereby, the terms which are most favorable to the University shall prevail.
  19. Assignment. None of Supplier's duties to perform its obligations under this Purchase Order may be delegated or assigned to another person or party without the prior written consent of the University's Procure-to-Pay Department. Any attempted assignment by Supplier without such consent will be null and void for all purposes. The University may assign this Purchase Order to any affiliate or successor in interest to all or any part of its operations without prior notice to Supplier.
  20. Sales and Use Taxes. University is a 501(c)(3) organization and is exempt from sales and use taxes. A Federal Tax Exemption Certificate and other tax exemption are available at University’s Tax Department website http://taxdepartment.gwu.edu/tax-forms-and- exemptions, or such other website designated by University.
  21. Invoicing. Each order must be accompanied by an original invoice, clearly displaying the corresponding Purchase Order number(s). Supplier will either email to [email protected] (preferred) or mail invoices to: "THE GEORGE WASHINGTON UNIVERSITY – PAYABLES, 44983 Knoll Square, Suite 225, Ashburn, VA 20147". University Payables may return invoices that do not comply with University policy and procedures. Questions regarding University invoicing policies or procedures should be directed to University Payables at [email protected].
  22. Payment. The University reserves the right to pay any or all amounts due under this Purchase Order by using either a procurement card (p-card) or a Single Use Account (SUA) method of payment. The Supplier must accept the University's p-card or an SUA method of payment, as applicable. Supplier is prohibited from charging the University any additional fee, charge, or other obligation related to the University's use of either a p-card or an SUA method of payment.
  23. Set-off. All claims for money due or to become due to the University from Supplier may be subject to deduction or set-off by the University against any amounts owed to Supplier from University arising out of this or any other transaction with Supplier. The University may exercise its set-off rights without prior notice to Supplier.
  24. Access to Records. Supplier shall preserve and permit University or any of University's duly- authorized representatives to examine and audit all directly pertinent books, documents, papers and records of Supplier involving transactions related to this Purchase Order for the purpose of making audits, examinations, excerpts and transcripts for a period of three (3) years after final payment hereunder. Supplier agrees to refund to University any overpayments disclosed by any audit.
  25. Publicity. Supplier shall not, in any way or in any form, publicize or advertise the fact that Supplier is supplying goods or providing services to University, nor otherwise use the name or the registered marks of the University (or any college, school, division, unit, employee or student thereof), without the prior express written approval of the University. This prohibition extends to inclusion of the name of the University in client lists or press releases.
  26. Miscellaneous. If any provision of this Purchase Order is determined to be invalid, void or unenforceable in any respect, the remaining provisions hereof will continue in full force and effect. The University's delay or failure to enforce any term or condition of this Purchase Order shall not operate to waive such term or condition. Any such waiver must be expressed by the University in an authorized writing. This Purchase Order is not for the benefit of any third parties. All provisions that logically ought to survive termination of this Purchase Order shall survive.
  27. Additional Terms for Suppliers of Web or Digital Content Products or Services:
    If this Purchase Order involves web or digital content services or products, Supplier shall create, develop, and deliver services, deliverables, and/or products, and shall coordinate with the University to ensure that such services, deliverables, and/or products are accessible and in compliance with applicable law including, but not limited to, the Americans with Disabilities Act and Sections 504 and 508 of the Rehabilitation Act. To this end, Supplier shall (i) develop and provide the services, deliverables, and/or products in reasonable compliance with the Web Content Accessibility Guidelines (“WCAG”) 2.1, level AA developed by the World Wide Web Consortium (“W3C”), or any other accessibility standards developed in the future that the parties mutually identify and agree as applicable, whichever affords greater accessibility standards for end users, and (ii) to use reasonable efforts to promptly respond and resolve any identified accessibility compliance issue. The University and Supplier each agree to provide reasonable cooperation to the other with regard to such responses and resolutions. Additionally, Supplier will immediately notify the University of any requests for accommodation received by Supplier related to the services or products. The University and Supplier each agree to provide reasonable cooperation to the other with regard to such requests for reasonable accommodations. Upon request, Supplier will provide information about conformance with applicable accessibility standards via the Voluntary Product Accessibility Template (VPAT).
  28. Telecommunications and Video Surveillance Services and Equipment. If this Purchase Order involves the purchase of telecommunications or video surveillance services or equipment, Supplier represents and warrants that it complies with Section 889(f)(3) of the John S. McCain National Defense Authorization Act for Fiscal Year 2019 (Public Law 115-232) (“NDAA”) and 2 CFR. § 200.216 regarding the prohibition of certain telecommunications and video surveillance services and equipment, and will provide services and/or equipment that do not contain a substantial or essential component of any system, or as critical technology as part of any system, including componentry or software, from any of the “Prohibited Entities,” as identified on the General Services Administration’s NDAA Section 889 webpage: https://smartpay.gsa.gov/ndaa-section-889. The Supplier is required to monitor the Prohibited Entities related to NDAA to ensure continued compliance with all related prohibitions, including among any subcontracts.
  29. Additional Terms for Service Providers. If this Purchase Order involves the delivery of services, Supplier will comply with the provisions attached hereto as Attachment A: Service Terms.
  30. Additional Terms for Federal Funded Purchases. If this Purchase Order involves funds from the United States Government pursuant to a contract with or grant from the United States Government, Supplier will comply with the United States Government Funding provisions attached hereto as Attachment B: Federal Compliance Terms.
  31. Additional Terms for Suppliers with Access to Non-Public Information. If this Purchase Order involves access to regulated data or other information not generally available outside of the University, Supplier will comply with the provisions attached hereto as Attachment C: Terms Applicable to Suppliers with Access to Non-Public Information.
  32. Additional Terms for Non-U.S. Suppliers. If this Purchase Order involves a Supplier that is outside of the U.S., or a U.S. Supplier that is providing non-U.S. goods or services hereunder, then Supplier will comply with the provisions attached hereto as Attachment D: Terms Applicable to Non-US Suppliers or US Suppliers Providing Non-US Goods and Services.
  33. Additional Terms for Suppliers Processing European Personal Data. If this Purchase Order involves processing European personal data, then Supplier will comply with the provisions of Attachment E: Terms for Suppliers Processing Data Subject to Data Protection Regulations located at https://procurement.gwu.edu/purchase-orders, which are made a part thereof by reference.
  34. Conflicts of Interpretation. If the terms or conditions of any applicable Attachment conflict with this Purchase Order, the terms and conditions of such Attachment shall control except where such provision would result in a breach or violation of this Purchase Order.

Attachment A: Service Terms (Applicable to All Suppliers Providing Services)


If the Purchase Order is issued to a Supplier that is providing Services, Supplier agrees it will comply with the terms and conditions included in this Attachment A.

A.1. Independent Supplier. Supplier is an independent Supplier, and under no circumstances will Supplier or any of its employees, agents, or representatives be considered an employee, agent, or representative of the University, or act or purport to act as an agent, representative or employee of the University. Supplier will determine the means and methods of performing its services. Supplier is directly responsible for professional quality, timeliness, coordination of activities, and completeness of the services and will supply all equipment, tools, materials, parts, supplies and labor (and the transportation of the same) required to perform except as the University has otherwise agreed in writing. Supplier is solely responsible for payment of income, social security, and other employment taxes due to the proper taxing authorities. No payroll or employee taxes of any kind shall be withheld or paid with respect to payments to Supplier. The payroll or employment taxes that are subject of this paragraph include but are not limited to FICA, FUTA, federal personal income tax, state personal income tax, state disability insurance tax, and state unemployment insurance tax.
A.2. Standard of Care. Supplier warrants that all services hereunder shall be performed by personnel experienced and highly skilled in their profession and in accordance with the highest applicable standards of professionalism for comparable or similar services. Supplier will provide adequate and competent personnel and supervision thereof, and will in all respects perform with at least that degree of care, skill and diligence normally exercised by persons regularly engaged in Supplier's business or profession. Supplier shall use only personnel required for the performance of the services who are qualified by education, training and experience to perform the tasks assigned to them. Supplier agrees to replace any of its personnel whose work is considered by the University to be unsatisfactory or contrary to the requirements of the services to be performed hereunder.
A.3. Personal Property/Equipment. University shall have no responsibility for the loss, theft, mysterious disappearance of, or damage to equipment, tools, materials, supplies, and other personal property of Supplier or its agents or employees that are brought onto University premises or stored at University, except for damage caused by the direct and sole negligence of University.
A.4. Sanitation and Cleanliness. With respect to catering or other food-related services, Supplier will at all times maintain clean, orderly, and sanitary conditions (satisfactory to University in all respects) in all kitchens, food preparation areas, service areas, loading dock areas, cooking equipment, floors, chairs, tables, and any other locations associated with the Services under this Purchase Order. Supplier will leave University's premises in as clean a condition, or cleaner condition, than existed prior to the Supplier's entry onto University's premises.
A.5. Alcoholic Beverages. For catering services that include alcohol, Supplier agrees with the following:
     A.5.a. Required Permits, Licenses, Registrations. Supplier warrants, represents, and agrees that Supplier and all Supplier staff providing Services hereunder will obtain and maintain, at Supplier’s sole cost and expense, any and all approvals, licenses, filings, registrations, and permits required by the District of Columbia, Virginia, Maryland, and/or any other jurisdiction where the services are provided, for the service of alcoholic beverages.
     A.5.b. University Approvals and Procedures. Supplier represents, warrants, and agrees that alcoholic beverages may be served and sold only in accordance with the terms of service for the event and only when service of alcohol has been approved in writing by University prior to the catered event.
     A.5.c. Certified Training. Should service of alcohol be necessary and approved in writing by University prior to the specific catered event, Supplier will require that all catering staff serving alcoholic beverages in the performance of the services have completed all bartender and server training certifications, such as Training for Intervention Procedures (TIPS®), in accordance with the laws and regulations of the jurisdiction in which the services are provided. Supplier will provide proof of certification at each function.
A.6. IP Ownership. Supplier agrees that the University will own all rights, title and interest in any and all intellectual property rights created in the performance of the services or otherwise arising from the purchased services. Such work shall be deemed to be a work made for hire and specifically ordered and commissioned by the University. To the extent any background intellectual property rights of Supplier are necessary for the University to fully exploit the goods or services provider under this Purchase Order, Supplier agrees they must be disclosed to the University prior to Supplier’s commencement of work hereunder, and Supplier agrees to grant the University non- exclusive license rights thereto, sufficient for it to fully exploit the goods or services, without additional consideration. Supplier agrees that it will execute any assignments or other documents needed for the University to perfect such rights, provided that, for research collaboration pursuant to subcontracts under sponsored research agreements administered by the University's Office of Sponsored Projects, intellectual property rights will be governed by the terms of the grant or contract to the University to the extent such grant or contract requires intellectual property terms to apply to subcontractors.
A.7. Lawful Compliance. Supplier and its employees will comply with all applicable laws, ordinances, and regulations of governmental authorities and with the policies, rules and regulations of the University and its insurers, while performing services for the University and when on the University's premises. To verify compliance with the foregoing, Supplier will permit University officials to inspect Supplier's on-site operations at any time.
A.8. Licensed Professions. Supplier represents and warrants that Supplier (and each person or entity, if any, acting for or on behalf of Supplier) has all licenses, certificates, and other professional credentials required by law to perform the purchased services. If Supplier, persons in Supplier's employ, or persons otherwise acting for or on behalf of Supplier are so required to maintain professional licensure, certification or similar credentials in order to perform the purchased services, then in addition to the requirements set forth in Section 11 of the Purchase Order Terms and Conditions, Supplier must maintain Professional Liability coverage on all professionals with limits of at least $1,000,000 per occurrence and $3,000,000 aggregate. If the terms of this Attachment A are applicable to this Purchase Order, then proof of professional liability insurance coverage shall be included in Supplier's certificate of Insurance.
A.9. Background Checks. Supplier shall also be responsible for ensuring that appropriate background checks are conducted in advance on its personnel who will regularly perform work for the University in connection with this Purchase Order. Supplier, at a minimum, shall conduct a social security trace, criminal history background check, and a sex offender registry search on all such persons, searching federal, state, district, and county of residence records and verify that such background checks and searches have been conducted. Supplier shall not knowingly assign any such person who has a history of conduct unacceptable for a university environment to provide any direct services under this Purchase Order. Supplier shall be solely responsible for conducting proper background checks from a reputable consumer reporting agency and for securing any necessary consent from its personnel. Supplier shall abide by all applicable federal, state or local laws, rules, and regulations, including but not limited to the Fair Credit Reporting Act and/or equal opportunity laws and regulations, when conducting the background. Supplier agrees to indemnify and hold University harmless for any and all claims relating to the conducting of such checks and any adverse action that may be taken as a result of such checks. Upon a showing by Supplier that it is impracticable for the Supplier to be responsible for conducting a background check of its personnel, such personnel may be required to submit to a background check conducted by the University. Supplier will be invoiced for the cost of the background check incurred by the University.
A.10. Work Authorization. Supplier will ensure that if any employee assigned to work under this Purchase Order is not a US worker (i.e., US citizen, lawful permanent resident, temporary legal resident, refugee, or asylee), the terms of his/her visa status will permit the employee to perform and accept payments legally for services provided as an independent Supplier under this Purchase Order. Supplier warrants further to the University that it will properly complete I-9 forms for each employee Supplier hires or retains to perform services for the University during the period of this Purchase Order. Supplier hereby indemnifies the University for any costs, expenses, penalties and damages, including reasonable attorneys' fees, arising out of Supplier's failure to comply with its obligations under the U.S. Immigration Reform and Control Act relating to the hiring and employment of unauthorized aliens.

Attachment B: Federal Compliance Terms (Applicable To Suppliers Paid With Federally- Sourced Funds)


If the Purchase Order is issued using funds from a United States Government grant or contract, Supplier agrees it will comply with the terms and conditions included in this Attachment B. If Supplier is not otherwise aware of whether the funds are sourced from a federal grant or contract, then Supplier shall inquire of the University. Supplier agrees to flow down all applicable clauses to lower-tier subcontractors, if any.

B.1. Flow Down Clauses Applicable to Purchases Involving Funds from a Federal Government Grant
If the Purchase Order is issued using funds from a United States Government grant, Supplier agrees it will comply with the terms and conditions included in this Attachment B, Article I. The following are selected clauses from the Uniform Administrative Requirement, Cost Principles, and Audit Requirements for Federal Awards (“Uniform Guidance”), Appendix II (Contract Provisions for Non- Federal Entity Contracts Under Federal Awards). The full text of the Uniform Guidance may be found at 2 CFR Part 200.
Additionally, when the Purchase Order involves the use of funds from the US Department of Health and Human Services (“HHS”), applicable HHS terms will apply. Where the Purchase Order involves the use of funds from the National Institutes of Health (“NIH”), applicable NIH terms will apply. Where the Purchase Order involves the use of funds from the National Science Foundation (“NSF”), applicable NIH terms will apply. Supplier agrees to comply with such terms and flow down all applicable clauses to lower-tier subcontractors, if any.
In the event of any conflict between the clauses applicable to the Purchase Order, including those not applicable solely to federal grants, the most stringent clauses will apply.
     B.1.a. Equal Employment Opportunity. Applies to all Purchase Orders that qualify as “federally assisted construction contracts as defined in 41 CFR part 60-1.3. Supplier agrees to comply with Executive Order 11246, ‘‘Equal Employment Opportunity,” as amended by Executive Order 11375, ‘‘Amending Executive Order 11246 Relating to Equal Employment Opportunity,’’ and implementing regulations at 41 CFR part 60, ‘‘Office of Federal Contract Compliance Programs, Equal Employment Opportunity, Department of Labor.’’
     B.1.b. Davis-Bacon Act, as amended (40 USC 3141-3148). If the Purchase Order qualifies as a prime construction contract and is in excess of $2,000, and is required by Federal programs legislation, Supplier shall comply with the Davis-Bacon Act, as supplemented by Department of Labor regulations at 29 CFR part 5 (“Labor Standards Provisions Applicable to Contracts Covering Federally Financed and Assisted Construction”). Under this law, Supplier is required to pay wages to laborers and mechanics at a rate not less than the minimum wage specified in a wage determination made by the Secretary of Labor. In addition, Supplier is required to pay wages not less than once a week.
     B.1.c. Copeland “Anti-Kickback" Act (40 USC 3145). If the Purchase Order qualifies as a prime construction contract and is in excess of $2,000, Supplier shall comply with the Copeland “Anti-Kickback" Act, as supplemented by Department of Labor Regulations at 29 CFR, part 3 (“Suppliers and Subcontractors on Public Building or Public Work Financed in Whole or in Part by Loans or Grants from the United States”). The Act provides in part that Supplier is prohibited from inducing, by any means, any person employed in the construction, completion, or repair of public work, to give up any part of the compensation to which the person is otherwise entitled.
     B.1.d. Contract Work Hours and Safety Standards Act (40 USC 3701-3708). If the Purchase Order is in excess of $100,000 and involves the employment of mechanics or laborers, the Supplier shall comply with the Contract Work Hours and Safety Standards Act, as supplemented by Department of Labor regulations at 29 CFR part 5. Under the Act, the Supplier is required to compute the wages of every mechanic and laborer on the basis of a standard forty- hour work week. Work in excess of the standard work week is permissible provided that the worker is compensated at a rate of not less than one and a half times the basic rate of pay for all hours worked in excess of 40 hours. The requirements of 40 U.S.C. 3704 are applicable to construction work and provide that no laborer or mechanic must be required to work in surroundings or under working conditions which are unsanitary, hazardous or dangerous. These requirements do not apply to the purchases of supplies or materials or articles ordinarily available on the open market, or contracts for transportation or transmission of intelligence.
     B.1.e. Rights to Inventions Made Under a Contract or Agreement. If the Purchase Order is for the performance or assignment of experimental, developmental, or research work that is under a “funding agreement” Supplier will provide for the rights of the Federal Government and the University with respect to any resulting invention by complying with 37 CFR part 401 (“Rights to Inventions Made by Nonprofit Organizations and Small Business Firms Under Government Grants, Contracts and Cooperative Agreements”), and any implementing regulations issued by the awarding agency.
     B.1.f. Clean Air Act (42 USC 7401 et seq.) and the Federal Water Pollution Control Act (33 USC 1251 et seq.), as amended. If the Purchase Order is in an amount in excess of
$150,000, Supplier shall comply with all applicable standards, orders or regulations issued pursuant to the Clean Air Act and the Federal Water Pollution Control Act. Violations must be reported to the Federal awarding agency and the Regional Office of the Environmental Protection Agency.
     B.1.g. Energy Policy and Conservation Act (42 USC 6201). Supplier shall comply with all mandatory standards and policies relating to energy efficiency which are contained in the state energy conservation plan issued in compliance with the Energy Policy and Conservation Act.
     B.1.h. Byrd Anti-Lobbying Amendment (31 USC 1352). If the Purchase Order is in an amount of $100,000 or more, the Supplier and each subcontractor of the Supplier shall file the certification required under this Amendment. Each tier shall certify to the tier above that it will not and has not used Federal appropriated funds to pay any person or organization for influencing or attempting to influence an officer or employee of any agency, a member of Congress, officer or employee of Congress, or an employee of a member of Congress in connection with obtaining any Federal contract, grant or any other award covered by 31 U.S.C. 1352. Each tier must also disclose any lobbying with non-Federal funds that takes place in connection with obtaining any Federal award. Such disclosures are forwarded from tier-to-tier up to the University.
     B.1.i. Debarment and Suspension (Executive Orders 12549 and 12689). Supplier represents and warrants that it is not listed on the government-wide Excluded Parties List System in the System for Award Management, in accordance with the OMB guidelines at 2 CFR 180 that implement Executive Orders 12549 and 12689. The Excluded Parties List contains the names of parties debarred, suspended, or otherwise excluded by agencies, as well as parties declared ineligible under statutory or regulatory authority other than Executive Order 12549.
     B.1.j. Compliance with HHS, NIH and NFS Requirements. When applicable, Supplier shall comply with the terms and conditions required by the policy requirements as set
forth in the HHS Grants Policy Statement, available at http://www.hhs.gov/grants/grants/grants-policies-regulations/, the NIH Grants Policy Statement, available at http://grants.nih.gov/policy/nihgps/index.htm, and the NFS Grant General Conditions, available at https://www.nsf.gov/awards/managing/ .
B.2. Federal Government Contract Provisions. If the Purchase Order is issued using funds from a Federal government contract, the following provisions from the Federal Acquisition Regulations (“FAR”) and the Defense Federal Acquisition Regulation Supplement (“DFARS”), as in effect or as updated, amended, or revised from time to time, are incorporated into the Purchase Order by this reference where applicable and form a part of the terms and conditions of the Purchase Order.

The full text (as updated, amended, or revised) of the FAR clauses may be found at https://www.acquisition.gov/far/ and the DFARS clauses may be found at https://www.acquisition.gov/dfars. By their terms, not all listed provisions apply to this transaction. The University may choose to flow down additional clauses when necessary to satisfy the University’s contractual obligations.

Where necessary to make the language of the FAR and the DFARS clauses applicable to the Purchase Order, the term “Supplier” shall mean “Supplier,” and the term “contract” or “subcontract” shall mean “Purchase Order,” and the terms “government,” “contracting officer,” and equivalent terms and phrases shall mean “University.”

Provisions Applicable to Purchases of “Commercial Items.” Only the following provisions are required for Purchase Orders involving the acquisition of "commercial items" (as defined at FAR 52.202-1). In general, a “commercial item” is a product or service that is available to the general public in the commercial marketplace.

FAR 52.202-1 Definitions (Nov. 2013)
FAR 52.203-13 Supplier Code of Business Ethics and Conduct (Oct. 2015)
FAR 52.203-17 Supplier Employee Whistleblower Rights and Requirement To Inform Employees of Whistleblower Rights (Apr. 2014)
FAR 52.204-24 Representation Regarding Certain Telecommunications and Video Surveillance Services or Equipment (Oct. 2020)
FAR 52.204-25 Prohibition on Contracting for Certain Telecommunications and Video Surveillance Services or Equipment (Aug. 2020)
FAR 52.219-8 Utilization of Small Business Concerns (Nov. 2016)
FAR 52.222-26 Equal Opportunity (Sept. 2016)
FAR 52.222-35 Equal Opportunity for Special Disabled Veterans, Veterans of the Vietnam Era, and Other Eligible Veterans (Oct. 2015)
FAR 52.222-36 Affirmative Action for Workers with Disabilities (Jul. 2014)
FAR 52.222-37 Employment Reports on Veterans (Feb. 2016)
FAR 52.222-40 Notification of Employee Rights Under the National Labor Relations Act (Dec 2010)
FAR 52.222-50 Combating Trafficking in Persons (Mar. 2015)
FAR 52.222-54 Employment Eligibility Verification (Oct. 2015)
FAR 52.225-26 Suppliers Performing Private Security Functions Outside The United States (Oct. 2016)
FAR 52.232-40 Providing Accelerated Payments to Small Business Subcontractors (Dec. 2013)
FAR 52.244-6 Subcontracts for Commercial Items (Jan. 2017)
FAR 52.247-64 Preference for Privately Owned U.S.-Flag Commercial Vessels (Feb. 2006)
DFARS 252.211-7003 Item Identification and Valuation (Mar. 2016)
DFARS 252.219-7004 Small Business Subcontracting Plan (Test Program) (Oct. 2014)
DFARS 252.223-7008 Prohibition on Hexavalent Chromium (Jun. 2013)
DFARS 252.225-7009 Restriction on Acquisition of Certain Articles Containing Specialty Metals (Oct. 2014)
DFARS 252.225-7013 Duty-Free Entry (May 2016)
DFARS 252.227-7015 Technical Data – Commercial Items (Feb. 2014)
DFARS 252.227-7037 Validation of Restrictive Markings on Technical Data (Sept. 2016)
DFARS 252.229-7011 Reporting of Foreign Taxes – U.S. Assistance Programs (Sep. 2005)
DFARS 252.235-7002 Animal Welfare (Dec. 2014)
DFARS 252.235-7004 Protection of Human Subjects (Jul. 2009)
DFARS 252-236-7013 Requirement for Competition Opportunity for American Steel Producers, Fabricators, and Manufacturers (Jun. 2013)
DFARS 252.244-7000 Subcontracts for Commercial Items (Jun. 2013)
DFARS 252.246-7003 Notification of Potential Safety Issues (Jun. 2013)
DFARS 252.247-7003 Pass-Through of Motor Carrier Fuel Surcharge Adjustment to the Cost Bearer (June. 2013)
DFARS 252.247-7023 Transportation of Supplies by Sea (Apr. 2014)
DFARS 252.247-7024 Notification of Transportation of Supplies by Sea (March 2000)

Attachment C: Terms Applicable to Suppliers with Access to Non-Public Information


If the Purchase Order is issued for goods or services that require Supplier to access certain information not generally available outside of the University, hereinafter referred to as Non-Public Information, Supplier agrees it will comply with the terms and conditions included in this Attachment C.

C.1. Conflict. If any conflict exists between the terms of this Purchase Order and this Addendum, the terms of this Addendum shall govern.
C.2. Definitions.
     C.2.a. For purposes of this Attachment C, Non-Public Information includes the following:
                i. Personally Identifiable Information (hereinafter “PII”) is all information, relating to students, alumni, faculty, staff, users of University services and facilities, that (i) identifies or can be used to identify, contact or locate an individual, (ii) pertains in any way to an identified individual or (iii) falls within the meaning of “personal data” or “personal information” as such term is defined under any applicable Privacy Law (defined below).
Examples of PII include but are not limited to, common individual identifiers, such as names, street and email addresses, phone numbers and identification numbers, identifiable health information, student information contained in student education records, financial information, such as account numbers, credit card numbers and tax identification numbers, as well as personal characteristics and biometric information. Additionally, PII can also include any information that identifies an individual’s computer or mobile device as well as their use of technology, including, for example, Internet Protocol addresses, media access control addresses and other unique device identifiers.
               ii. Regulated Information is information that is protected by local, national, or international statute or regulation mandating certain restrictions. Examples of regulated information include, but are not limited to:
     • Student academic and financial records, regulated by the Family Educational Rights and Privacy Act (FERPA),
     • Protected health information (PHI), regulated by the Health Insurance Portability and Accountability Act (HIPAA),
     • Government-issued identification numbers, including social security numbers, driver license numbers, and passport numbers. individuals'
     • Financial account numbers, including credit card numbers and bank account numbers.
     • Data, information, or technical specifications not in the public domain that are regulated by export control laws, excluding technology or software that arises during, or results from, fundamental research under Section 734.8 of the Export Administration Regulations (EAR)
     • Personally identifiable information, which is generally protected by local, national, international statutes or regulations, which mandate certain restrictions.
             iii. Restricted Information is defined as all university information, excluding Regulated Information, that is not generally available to the public, but deemed confidential due to university policies, contracts, regulations or due to proprietary considerations. By way of illustration only, some examples of university Restricted Information include: employment data, payroll records, tax information, and university telephone and directory information. This definition of Restricted Information can be found in the GW Data Classification Guide (https://privacy.gwu.edu/data-classification-levels).
     C.2.b. Privacy Laws means all applicable laws, statutes, ordinances, rules, regulations, and judicial and administrative orders and decrees that regulate the collection and use of PII. In particular, Privacy Laws includes (as applicable), the Family Educational Rights and Privacy Act (FERPA), 34 C.F.R. § 99.3, the Health Insurance Portability and Accountability Act (HIPAA), 45 C.F.R. § 160.103, the Gramm-Leach-Bliley Financial Modernization Act of 1999, 15 U.S.C. § 6809, European Union’s General Data Protection Regulation (GDPR), the United Kingdom’s GDPR, and any other applicable laws (foreign and domestic) that specify privacy, security, or security breach notification obligations that affect the PII collected and processed by the University in the course of its operations.
     C.2.c. Processing means any operation or set of operations which is performed upon PII, whether or not by automatic means, such as collection, compilation, use, disclosure, duplication, organization, storage, alteration, transfer, transmission, combination, redaction, erasure, or destruction.
C.3. Rights to Non-Public Information. The parties agree that as between them, all rights, including all intellectual property rights, in and to University Non-Public Information shall remain the exclusive property of the University.
C.4. Compliance with Laws. Supplier agrees that, during the performance of Supplier’s obligations under this Agreement, Supplier will comply in all material respects with all applicable state, federal and international Privacy Laws. Notwithstanding any other provision of this Purchase Order, Supplier shall not take or direct any action that would contravene, or cause the other to contravene, applicable Privacy Laws.
C.5. Prohibition on Unauthorized Disclosure of Non-Public Information. Supplier acknowledges that in the course of its performance under the Purchase Order, it, its agents, and employees may have access to University Non-Public Information. Supplier agrees to hold the Non-Public Information in strict confidence. Supplier shall not disclose Non-Public Information received from or on behalf of the University, except as permitted or required by the Purchase Order or this Addendum, as compelled by law, or as otherwise authorized in writing by the University.
Supplier further agrees that no Non-Public Information of any kind shall be transmitted, exchanged, or otherwise passed to any third parties except on a case-by-case basis as specifically agreed to in writing by the University. Supplier will ensure that its employees and agents who will perform services under the Purchase Order have read, understood, and agree to comply with the terms of this Addendum.
C.6. Disclosure of Non-Public Information as Required by Law. If Supplier is compelled by law, governmental rule or regulation, or order of a court with competent jurisdiction to disclose Non-Public Information, the Supplier shall, unless expressly prohibited by law, promptly provide written notice to the University of any such requirement to allow the University, in its discretion, to either (i) reach an agreement as to the timing and content of such disclosure, or (ii) enable the University to seek an appropriate protective order or other protection for the confidentiality of such information.
C.7. Data Use. Supplier agrees that any and all Non-Public Information received from or created on behalf of the University shall be used expressly and solely for the purposes enumerated in the Purchase Order and this Addendum. Supplier shall not otherwise distribute, reuse, repurpose or share any Non Public Information across other applications, environments, or business units of Supplier.
C.8. Reporting of Unauthorized Disclosures, Loss or Misuse of University’s Non-Public Information. Supplier agrees to comply with all applicable Privacy Laws and the University policies (https://privacy.gwu.edu/privacy-policies) that require notification of individuals in the event of unauthorized release of any Non-Public Information, or other event requiring notification. Supplier further assumes responsibility for informing all such individuals in accordance with applicable laws and recognizes that the University, in its sole discretion, may elect to assist the Supplier in the notification process and procedure. Supplier shall send written notification to the University Privacy Office, via email at [email protected], of any acquisition or access to University Non-Public Information not authorized (i) by the Purchase Order or this Addendum, (ii) in writing by, or (iii) by applicable federal or state law. Supplier shall make the report to the University no more than twenty-four (24) hours after Supplier learns of such use or disclosure. Supplier's report shall identify: (i) the nature of the unauthorized use or disclosure,
(ii) the Non-Public Information used or disclosed, (iii) who made the unauthorized use or received the unauthorized disclosure, (iv) what Supplier has done or shall do to mitigate any deleterious effect of the unauthorized use or disclosure, and (v) what corrective action Supplier has taken or shall take to prevent future similar unauthorized use or disclosure. Supplier shall provide such other information, including a written report, as reasonably requested by the University.
C.9. Return or Destruction of Non-Public Information.
     C.9.a. Upon termination, cancellation, expiration or other conclusion of the Services pursuant to the Purchase Order, Supplier shall return to the University or, if return is not feasible, destroy all Non-Public Information in whatever form or medium that Supplier received from or created on behalf of the University. .
     C.9.b. In such case, Supplier shall retain no copies of such information, including any compilations derived from and allowing identification of Non-Public Information. Unless otherwise requested in writing by the University, Supplier shall complete such return or destruction as promptly as possible, but not more than thirty (30) days after the effective date of the conclusion of the Services pursuant to the Purchase Order. Supplier agrees to return or destroy such Non-Public Information within seven (7) days of a request in writing by the University.
     C.9.c. Within the thirty (30) day period following termination or written request, Supplier shall certify in writing to the University that such return or destruction has been completed. Written confirmation of the destruction of the Non Public Information in the Suppliers possession or on Supplier computer systems should include standards used for the destruction; such standards should meet National Institute of Standards, Guidelines for Media Sanitization, see http://csrc.nist.gov/.
     C.9.d. If Supplier believes that the return or destruction of Non-Public Information is not feasible, Supplier shall provide written notification of the conditions that make return or destruction infeasible and justification as to why destruction is not possible. Upon mutual agreement of the parties that return or destruction is not feasible, Supplier shall extend the protections of this Addendum to Non-Public Information received from or created on behalf of the University, and limit further uses and disclosures of such Non-Public Information, for so long as Supplier maintains the Non-Public Information.
     C.9.e. This provision shall also apply to all Non-Public Information that is in the possession of Supplier’s or agents and it shall be the responsibility of Supplier to ensure Supplier’s Contractors and agents comply.
C.10. Term and Termination.
     C.10.a. This Addendum shall take effect upon execution and shall continue through the expiration or termination of the Purchase Order (except as otherwise provided herein).
     C.10.b. In addition to the rights of the parties established by the underlying Agreement, if the University reasonably determines in good faith that Supplier has materially breached any of its obligations under this Addendum, the University, in its sole discretion, shall have the right to: (i) exercise any of its rights to reports, access and inspection under this Addendum; and/or (ii) require Supplier to submit to a plan of monitoring and reporting, as the University may determine necessary to maintain compliance with this Addendum; and/or (iii) provide Supplier with a fifteen (15) day period to cure the breach; and/or (iv) terminate the Services pursuant to the Purchase Order immediately if Supplier has breached a material term of this Addendum and cure is not possible.
     C.10.c.Before exercising any of these options, the University shall provide written notice to Supplier describing the violation and the action it intends to take.
C.11. Subsuppliers and Agents. If Supplier provides any Non-Public Information which was received from, or created on behalf of the University to a subcontractor or agent, then Supplier shall require such subcontractor or agent to agree to the same restrictions and conditions as are imposed on Supplier by this Addendum.
C.12. Indemnity. Supplier shall defend and hold the University harmless from all claims, liabilities, damages, or judgments involving a third party, including the University's costs and attorney fees, which arise as a result of Supplier's failure to meet any of its obligations under this Addendum.
C.13. Right to Audit. The University or an appointed audit firm (“Auditors”) has the right to audit the Supplier and the Supplier’s Sub-Suppliers or affiliates that provide a service for the processing, transport or storage of Regulated Information.
     C.13.a. Audit Notice. The University will announce their intent to audit the Supplier by providing at a minimum of ten (10) business days’ notice to the Supplier. A scope document along with a request for deliverables will be provided at the time of notification of an audit and may request information regarding Supplier’s security policies, standards, and procedures, including summaries of test results, if any, of Supplier network or computer systems, the loss or disruption of which would have a material impact on the services. If the documentation requested cannot be removed from the Supplier’s premises, the Supplier will allow the Auditors access to their site.
     C.13.b. On-Site Audits. The Supplier will provide a private accommodation on site for data analysis and meetings; the accommodation will allow for a reasonable workspace, with appropriate lighting, electrical, a printer, and Internet connectivity. The Supplier will make necessary employees or Suppliers available for interviews in person or on the phone during the time frame of the audit.
     C.13.c. Third Party Audits. In lieu of the University or its appointed audit firm performing their own audit, if the Supplier has engaged an external audit firm to perform an audit, the University shall be permitted to review the controls tested as well as the results.
     C.13.d. Audit Costs. Audits will be at the University’s sole expense, except where the audit reveals material noncompliance with the requirements of this Addendum, in which case the costs will be borne by the Supplier.
C.14.Supplier Representations. Supplier represents and warrants that there are no notices, claims, investigations or proceedings pending, or, to the knowledge of Supplier, threatened, by state or federal agencies, or private parties involving notice or information to individuals that any data held or stored by Supplier has been compromised, lost, acquired, accessed or misused. If Supplier receives notice regarding any violation of any local, state, federal or foreign privacy or information security laws, has reason to believe such notice will be received or has reason to believe that the security of any records containing Non-Public Information that Supplier maintains has been breached or potentially breached, Supplier shall immediately provide notice and additional requested information to the University regarding such notice or knowledge
C.15. Survival. The respective rights and obligations of Supplier hereunder shall survive the termination of the Purchase Order.
C.16. Information Security
Supplier shall use appropriate administrative, technical and physical security measures to safeguard and preserve the confidentiality, integrity, and availability of all Non-Public Information received, processed, stored or transmitted from or on behalf of the University, and protect the University Non-Public Information from unauthorized access, disclosure, acquisition, destruction, use, or modification. At a minimum, the Supplier shall adhere to requirements outlined below.
     C.16.a. Information Security Requirements for Non-Public Information Supplier agrees that it will protect the Non-Public Information it receives from or on behalf of the University according to applicable information security laws and regulations and leading commercially acceptable standards, including but not limited to:.
   • Center for Internet Security Standards for applications and operating systems - https://www.cisecurity.org
   • Payment Card Industry/Data Security Standards (PCI/DSS) - https://www.pcisecuritystandards.org/
   • National Institute for Standards and Technology - https://csrc.nist.gov (non-exhaustive)
   • NIST 800-40 - Guide to Enterprise Patch Management Technologies
   • NIST 800-53 - Security and Privacy Controls for Information Systems and Organizations
   • NIST 800-171 - Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations
   • NIST 800-207 - Zero Trust Architecture
   • NIST 800-210 - General Access Control Guidance for Cloud Systems
   • NIST 800-52 – Guidelines for TLS Implementations
   • ISO/IEC 27000-series - https://www.iso.org/standard/iso-iec-27000-family
     C.16.b. Security of Electronic Information.
                  i. Network Security. Supplier agrees at all times to maintain network security that, at a minimum, includes: network firewall provisioning, intrusion detection, vulnerability scanning, and regular (at a minimum annual) third party penetration testing. Likewise, Supplier agrees to maintain network security that conforms to generally recognized industry standards (as described in Section C.16.a. of this Addendum) and leading practices.
                ii. Application and System Security. Supplier agrees to engage in, at a minimum annually, external application penetration testing and/or Service Organization Control audits. Supplier agrees to provide, maintain and support software releases and subsequent updates, upgrades, and bug fixes free from known vulnerabilities applicable to the products utilized by the Supplier by adhering to generally recognized industry best practices and standards in Section C.16.a. of this Addendum.
               iii. Secure Patching Program. Supplier agrees to maintain a secure processing environment, including but not limited to active vulnerability management, timely application of patches, fixes and updates to operating systems and applications as provided by Supplier.
                iv. Data Storage. Supplier agrees that all the University Non-Public Information will be stored, processed, and maintained solely on designated target servers. Additionally, Supplier agrees that the University Non-Public Information will not at any time be processed, transferred or stored on any portable computing device (e.g., laptop, mobile phone, tablet) or other portable storage medium (e.g., USB drive) unless that device or storage medium is in use as part of the Supplier’s designated backup and recovery processes and is encrypted in accordance with Subsection C.16.b.vi. of this Addendum. Supplier agrees not to transfer, process or store the University PII or the University Restricted Information outside of the United States without prior written consent from the University.
                  v. Data Transmission. Supplier agrees that any and all electronic transmission, transfer or exchange of system and application data with the University and/or any other third parties when such third-party exchanges have been approved in writing by the University shall take place via secure means (using HTTPS or SFTP or equivalent) and solely in accordance with Section C.5 of the Addendum.
                  vi. Data Encryption. Supplier agrees to encrypt all the University Restricted Information stored on its servers or in the Cloud using a commercially supported encryption solution. This includes any backup of that information as part of its designated backup and recovery processes. , Supplier further agrees that any and all the University PII or the University Restricted Information, as defined herein or under applicable laws or regulations, stored on any portable or laptop computing device is likewise encrypted. Supplier agrees that no University PII or University Restricted Information, will be stored on any portable storage medium.
                  vii. Malicious Code. Supplier represents and warrants that in performance of its services, Supplier will not knowingly introduce into the University’s systems any malware, known vulnerabilities, or any other computer programming devices that may damage the University’s systems or data or prevent the University from operation or use of its systems, data or the like. Supplier further agrees to apply standards based protection against external malicious code being introduced into systems or applications being provided to the University. Should Supplier become aware of malicious code being present in their application, systems, data or the like, they agree to notify the University within 24 hours of discovery of vulnerabilities that may impact the University’s network or university IT resources.

Attachment D: Terms Applicable to All Non-U.S. Suppliers or U.S. Suppliers Providing Non-U.S. Goods or Services

D.1. Compliance with Law. Supplier will comply with all laws and regulations applicable to its performance hereunder, including applicable laws and regulations of the United States, the jurisdiction in which Supplier performs under this Purchase Order or in which the goods are manufactured, assembled or obtained, and other jurisdictions to which the Supplier is otherwise subject. Without limiting the foregoing:
     D.1.a. Anti-Corruption. Supplier represents, warrants, and agrees that
             (i) neither Supplier nor any of Supplier’s employees, directors, agents, or other persons acting on Supplier’s behalf have taken or will take any action related to or arising out of this Purchase Order that violates the United States Foreign Corrupt Practices Act or any applicable anti- corruption laws of any country; and
             (ii) neither Supplier nor any employees, directors, agents, or other persons acting on Supplier’s behalf have or will, in connection with this Purchase Order, directly or indirectly request, give, offer or promise to give, or authorize another person or entity to give any money or anything of value to any person (whether or not such person is a government official) for the purpose of inducing such person to improperly take or improperly omit to take any action in order to secure a business advantage. Upon request by the University from time to time, Supplier shall certify in writing its compliance with the foregoing obligations.
     D.1.b. Compliance with Trade Control Laws. Supplier will comply with all applicable U.S. and non-U.S. export controls, economic sanctions, import and customs laws and regulations in the supply, export, re-export, import and other transfer of the goods and services hereunder. Supplier hereby acknowledges and confirms that neither Supplier nor any of its subcontractors (if applicable) (i) is included on, owned or controlled by an individual or entity included on, or is acting on behalf of an individual or entity included on any of the restricted party lists maintained by the U.S. Government (e.g., Specially Designated Nationals List, Foreign Sanctions Evader List, Sectoral Sanctions Identification List, Denied Persons List, Unverified List, Entity List or List of Statutorily Debarred Parties) (collectively, “Restricted Parties”); or (ii) is located in, organized under the laws of, acting on behalf of, or owned or controlled by the government of or entities organized under the laws of countries or territories subject to U.S. economic sanctions (e.g., Crimea (region of Ukraine), Cuba, Iran, North Korea, or Syria). No Party shall be required to take or refrain from taking any action inconsistent with or penalized under the anti-boycott laws of the United States, including without limitation anti-boycott laws administered by the U.S. Commerce and Treasury Departments. Supplier represents and warrants that it has all necessary export or import authorizations for the supply of the goods or services to the University hereunder, shall comply with any import or export formalities, and shall at its own expense pay any duties, taxes or other fees with respect to the supply of goods and services to the University hereunder.
     D.1.c. Child Labor. Supplier represents and warrants that it is and will at all times be in compliance with all applicable laws that prohibit child labor or other exploitation of children in the manufacturing and delivery of any goods hereunder, consistent with the International Labor Organization’s Minimum Age Convention of 1973.
     D.1.d. Tropical Hardwood. If applicable for the goods to be provided hereunder, Supplier represents and warrants that all wood products to be used and provided under this Purchase Order will be in accordance with the specifications and provisions of applicable state and federal laws that restrict or prohibit the purchase and use of tropical hardwoods. Qualification for an exemption under any such law will be the responsibility of Supplier, and proof of such qualification for exemption shall be provided to the University prior to the delivery of any applicable tropical hardwood products.
D.2. Required Permits, Licenses, and Registrations. Unless otherwise agreed in writing, nothing in this Purchase Order constitutes or implies the University’s agreement to obtain, or
undertake filings related to, licenses, registrations, permissions, exemptions, or any approvals or authorizations, from any governmental or regulatory authorities outside the United States.
D.3. Currency of Payment. Unless otherwise agreed by the Parties, University will make payment to Supplier in U.S. Dollars by check, wire transfer, or other agreed means. Supplier represents that it is able to receive the U.S. Dollar payments from University legally, without violating any applicable law, including foreign exchange control and taxation law and regulations in the location where Supplier receives payment. If payment to Supplier will be converted into local currency, University will be responsible only to send the payment amount in U.S. Dollars, and shall have no responsibility whatsoever to compensate Supplier for any fees or taxes arising from any foreign exchange transaction or for any exchange rate differences, including differences arising from the time of contracting or invoicing until the time of payment.
D.4. Taxes. Supplier will be solely responsible for, and will pay when due, all taxes, charges, and assessments under any applicable law in connection with University’s payments to Supplier or Supplier’s performance hereunder. Supplier will also timely provide, upon request by University, a completed taxpayer identification form and other such forms (e.g., Form W-8 series) in order to be eligible for payments under this Purchase Order. Supplier’s services will be performed outside the United States.
D.5. Safety and Security. Supplier understands the risks associated with travel and performance in all of the countries relevant to this Purchase Order. Supplier will use its best judgment to assess the safety and security risks, if any, involved in performing hereunder and shall be responsible for determining whether it is safe to proceed with performance in any given circumstances. Supplier assumes all risk to its employees, property, or privacy that may arise from the performance of its obligations hereunder.
D.6. Dispute Resolution. The Parties will use their best efforts to negotiate in good faith and settle any dispute or difference that may arise out of or relate to this Purchase Order. Any dispute arising out of or in connection with this Purchase Order that is not resolved by the Parties within a reasonable period of time shall, upon the application of either Party, be finally settled under the Rules of Arbitration of the International Centre for Dispute Resolution by a single arbitrator appointed in accordance with the said Rules. The arbitration shall be conducted in the District of Columbia, with the seat of arbitration to be the District of Columbia. English will be the language of the arbitration. The arbitrator will be empowered to award specific performance, injunctive relief, and other equitable remedies as well as damages, but will not be empowered to award punitive or exemplary damages. To the extent that Supplier may in any jurisdiction claim for itself or its assets immunity from suit, execution, attachment, or other legal process, Supplier hereby agrees not to claim, and irrevocably and fully waives, such immunity for purposes of any arbitration and arbitration award hereunder.
D.7. Controlling Language. In the event that a translation of this Purchase Order is prepared or signed by the Parties in any other language, the English language version of this Purchase Order will govern in the event of a conflict between the English language version and such translation.
D.8. Convention on Contracts for the International Sale of Goods. The United Nations Convention on Contracts for the International Sale of Goods shall not apply to this Purchase Order.
4846-1323-6257