Purchase Order Terms and Conditions

Revised 01/31/2023

These Terms and Conditions ("T&Cs") apply to the following: written offers, purchase orders, and other documents issued by the Arizona Board of Regents for and on behalf of the University of Arizona ("the University") to a supplier ("Supplier") for furnishing equipment, materials, or supplies ("Goods") and/or services ("Services") to the University (the "Goods/Services"). These T&Cs together with any Purchase Order issued by the University (the "PO"), any other written agreements signed by both parties, and any other documents incorporated by reference therein or herein collectively constitute the "Agreement". Any terms not defined in these T&Cs will have the meanings set forth in the Agreement.

1. Offer and Acceptance. The Agreement is subject to cancellation by the University at any time prior to acceptance by Supplier. Supplier accepts all of the Agreement’s terms and conditions, without qualification, upon the sooner of the following: 1) any written acceptance by Supplier; or 2) shipment, delivery, or performance of all or any of the Goods/Services. Any term or condition in any invoice, offer, or other document issued by Supplier that modifies, adds             to, or changes the Agreement is rejected, and will not be part of the Agreement unless agreed by the University in writing.
2. Order of Precedence. In the event of an inconsistency or conflict between or among the provisions of the Agreement, the inconsistency or conflict will be resolved by giving precedence in the following order: i) the PO; ii) these T&Cs; and iii) any other agreement or document signed by authorized signatories of both the parties.
3. Modifications. Any modification to the PO, including changes to quantity, price, terms of payment, delivery terms, specifications, etc. must be in an updated PO signed by the parties. If a delivery must differ from the PO, do not ship, deliver, or perform the Goods/Services and instead contact the appropriate University Buyer.
4. Term and Termination.
   1. The "Term" of the Agreement is as stated in the Agreement. If the Agreement is silent as to the Term, the Term will extend from the date of acceptance of the Agreement by Supplier to the earlier of: (i) the final delivery, acceptance, and payment of the Goods/Services, or (ii) 5 years after the date of acceptance of the Agreement by Supplier. Following the Term, the Agreement may be extended by mutual written agreement.
   2. The University may terminate the Agreement, in whole or in part, with or without cause, upon 30 days written notice to Supplier. Subject to the provision of any Transition Services (as defined below), upon termination, Supplier will refund to the University all prepaid amounts for Goods/Services not delivered or performed. If the Agreement is terminated pursuant to this section, subject to the provision of any Transition Services, the University will pay Supplier, as full compensation under the Agreement: (1) the portion of Goods/Services delivered or performed and accepted prior to the effective date of termination based on the unit prices in the Agreement, or, if no unit prices are provided, the pro rata amount of the total order price based on the amount delivered or performed; and (2) a reasonable amount, not otherwise recoverable from other sources by Supplier, and as approved by the University, with respect to the undelivered, unperformed, or unacceptable portion of the Good/Services. In no event will compensation paid previously under the Agreement together with compensation paid under this section exceed the total PO or Agreement price.
   3. The University may terminate the Agreement, in whole or in part, if Supplier defaults on any of its obligations in the Agreement and fails to cure such default within 7 days after receiving notice of default from the University. In the event of such a default, the University may procure the Goods/Services from other sources and Supplier will be liable to the University for any excess costs the University incurs.
   4. The University may terminate the Agreement at any time if Supplier files a petition in bankruptcy, or is adjudicated bankrupt; or if a petition in bankruptcy is filed against Supplier and not discharged within 30 days; or if Supplier becomes insolvent or makes an assignment for the benefit of its creditors or an arrangement pursuant to any bankruptcy law; or if a receiver is appointed for Supplier or its business.
   5. Transition Services. Upon termination of the Agreement or termination of any Services (regardless of the reason for termination), the parties will work in good faith to transition the terminated Services to the University or its designees, with minimum interruption to the University’s business. At the University’s option, Supplier will continue to provide Services and will provide transition support at rates consistent with the terms of the Agreement for a period of no longer than 180 days following the termination date (the "Transition Period"). Supplier will provide the post-termination Services (the" Transition Services") at least at the same levels of quality and timeliness of performance as Services were provided prior to termination, in a professional manner, with high quality, and in accordance with industry standards. The parties may, by written agreement, modify the Transition Services to be provided and the length of the Transition Period.
5. Survival. All provisions of the Agreement that anticipate performance after the termination of the Agreement, and all provisions necessary or appropriate to interpret and enforce such provisions, will survive termination of the Agreement.
6. Prices. All Prices will be as listed in the PO or, if not listed in the PO, will be as otherwise set forth in the Agreement. Unless otherwise specified in the Agreement: 1) all prices are in US Dollars; 2) prices include any cost for shipping, and handling; and 3) prices will include any travel, labor, interest, import/export fees, and other costs associated with providing the Goods/Services. The University will reimburse Supplier for expenses that are specifically identified in the PO. To obtain reimbursement for pre-approved expenses, Supplier must submit all receipts and any required backup documentation to the University within 60 days after the applicable expenses were incurred. If any reimbursable expenses include travel expenses, all reimbursable travel expenses must be authorized in writing by the University in advance of the planned travel and must be consistent with Financial Policy 9.12 Independent Contractor Services, items 33-42.
7. Settlement Method and Terms. Payment will be subject to the provisions of Title 35 of the Arizona Revised Statutes ("ARS"), as amended from time to time, relating to time and manner of submission of claims. The University's obligation will be payable only and solely from funds appropriated for the purpose of the Agreement. After delivery and acceptance of the Goods/Services, Supplier will submit an acceptable invoice to the University. Invoices must be itemized, reference the Agreement or PO number, and include sufficient detail to document the invoiced amount. Unless otherwise specified on the PO, the University will pay Supplier for the Goods/Services delivered and accepted net 30 days after receipt by the University of an invoice meeting the requirements of this section.
8. Taxes. Unless otherwise specified in the Agreement, prices will include all taxes and fees, including, without limitation, sales, use, or excise taxes, import duties, value added taxes, permit fees, license fees, or similar charges ("Taxes"). Taxes do not include University income taxes or taxes related to the University’s employees.
9. Inspection. Supplier will supply the Goods/Services to the University exactly as specified in the Agreement. The Goods/Services will meet the highest and best industry practices. The University will have the right to inspect any Goods/Services prior to and a reasonable amount of time after delivery. If the University determines that any Goods/Services are incomplete, defective, or not in compliance with the specifications or other requirements of the Agreement, the University may reject such Goods/Services in whole or in part.
10. Warranties. In addition to any implied warranties, Supplier warrants to the University that: 1) the Goods/Services will be free from any defects in design, workmanship, materials, or labor; 2) all of the Services will be performed in a professional and workmanlike manner and in conformity with highest and best industry standards by persons reasonably suited by skill, training and experience for the type of services  they are assigned to perform;  3)  Supplier  will comply,  and  will  be responsible for ensuring Supplier Parties, as defined below, comply with all applicable laws, rules, and regulations, including any policies of the Arizona Board of Regents and the University in the performance of the Agreement; 4) Supplier owns or has sufficient rights in the Goods/Services that they do not infringe upon or violate any Intellectual Property, as defined below, of any third parties, and are free and clear of any liens or encumbrances; 5) any data, code, or software developed or delivered by Supplier to the University will not contain any viruses, worms, Trojan Horses, or other disabling  devices  or  code; 6) all sensitive data, personal  data, and personally identifiable data , as those terms may be defined in applicable laws, rules and regulations ("PII") provided by Supplier to the University was obtained legally and Supplier has obtained all requisite permissions from the individuals whose PII is being provided for (a) Supplier to provide the PII to the University, and (b) the University to use the PII for the purposes and in the jurisdictions set forth in the Agreement; 7) the prices of Goods/Services in the Agreement are the lowest prices at which these or similar goods or services are sold by the Supplier to similar customers in similar quantities. In the event of any price reduction between execution of the Agreement and delivery of the Goods/Services, the University shall be entitled to such reduction, and 8) all Goods/Services delivered by Supplier will conform to the specifications, drawings, and descriptions set forth in the Agreement, and to any samples furnished by Supplier. In the event of a conflict among the specifications, drawings, samples, and description, the specifications will govern.
11. Indemnification. Contractor shall indemnify, defend, and hold harmless to the fullest extent allowed by law the State of Arizona, the Arizona Board of Regents and the University, its officers, agents, and employees (“Indemnitees”) from any and all claims, demands, suits, actions, proceedings, loss, cost, and damages of every kind and description, including attorney’s fees and/or litigation expenses, which may be brought or made against or incurred on account of breach, or loss of or damage to any property, or for injuries to or death of any person, or financial loss incurred by Indemnitees, caused by, arising out of, or contributed to, in whole or in part, by reasons of any act, omission, professional error, fault, mistake, or negligence of Contractor, its employees, agents, representatives, or subcontractors, their employees, agents, or representatives in connection with or incident to the performance of the Agreement, or arising out of Workers Compensation claims, Unemployment Compensation claims, or Unemployment Disability Compensation claims of employees of Contractor and/or its subcontractors of claims under similar such laws and obligations. Contractor’s obligation under this provision shall not extend to any liability caused by the sole negligence of the State of Arizona, Arizona Board of Regents, University or its officers, agents, and employees. Such indemnification shall specifically include infringement claims made against any and all intellectual property supplied by Contractor and third party infringement under the Agreement.
12. Responsibility. Each party is responsible for the negligent or willful acts or omissions of its employees and contractors when acting under such party’s direction and supervision. In addition, Supplier is responsible to the University for compliance with the Agreement by the Supplier Parties. The University recognizes an obligation to pay attorneys’ fees or costs only when assessed by a court of competent jurisdiction. Notwithstanding the terms of the Agreement or any other document: (i) other than for employees and contractors acting under the University’s direction and supervision, the University is not responsible for any actions of any third parties, including its students; and (ii) no person may bind the University unless they are an authorized signatory in Purchasing Policy 1.1.
13. Intellectual Property Ownership. All Intellectual Property (as defined below) that Supplier or any of the Supplier Parties make, conceive, discover, develop or create, either solely or jointly with any other person or persons including the University, specifically for or at the request of the University in connection with the Agreement ("Contract IP"), will be owned by the University. To the extent any Contract IP is not considered work made for hire for the University (or if ownership of all rights therein does not otherwise vest exclusively in the University), Supplier hereby irrevocably assigns, and will cause the Supplier Parties to so assign, without further consideration, to the University all right, title and interest in and to all Contract IP, including all copyright rights of ownership. "Intellectual Property" means all University Data, as defined below, any and all inventions, designs, original works of authorship, formulas, processes, compositions, programs, databases, data, technologies, discoveries, ideas, writings, improvements, procedures, techniques, know-how, and all patent, trademark, service mark, trade secret, copyright and other intellectual property rights (and goodwill) relating to the foregoing. Supplier will make full and prompt disclosure of the Contract IP to the University. Supplier will, and will cause the Supplier Parties to, as and when requested by the University, do such acts, and sign such instruments to vest in the University the entire right, title and interest to the Contract IP, and to enable the University to prepare, file, and prosecute applications for, and to obtain patents and/or copyrights on, the Contract IP, and, at the University’s expense, to cooperate with the University in the protection and/or defense of the Contract IP.
14. Supplier’s Intellectual Property. Supplier will retain ownership of its pre-existing Intellectual Property, including any that may be incorporated into the Contract IP, provided that Supplier informs the University in writing before incorporating any pre-existing Intellectual Property into any Contract IP. Supplier hereby grants to the University a perpetual, irrevocable, royalty- free, worldwide right and license (with the right to sublicense), to freely use, make, have made, reproduce, disseminate, display, perform, and create derivative works based on such pre-existing Intellectual Property as may be incorporated into the Contract IP or otherwise provided to the University in the course of performing under the Agreement.
15. Data Use, Ownership, and Privacy.  The terms of this section apply if Supplier receives, has access to, stores, or analyzes any University Data (as defined below). As between the parties, the University will own, or retain all of its rights in, all data and information that the University provides to Supplier, as well as all data and information managed by Supplier on behalf of the University, including all output, reports, analyses, and other materials relating to, derived from, or generated pursuant to the Agreement, even if generated by Supplier, as well as all data obtained or extracted through the University’s  or Supplier’s use of such data or information (collectively, "University Data"). University Data also includes all data and information provided directly to Supplier by University students and employees, and includes personal data, metadata, and user content.
    
    University Data will be the University’s Intellectual Property and Supplier will treat it as University Confidential Information (as defined below). Supplier will not use, access, disclose, or license, or provide to third parties, any University Data, except: (i) to fulfill Supplier’s obligations to the University hereunder; or (ii) as authorized in writing by the University. Without limitation, Supplier will not use any University Data, whether or not aggregated or de-identified, for product development, marketing, profiling, benchmarking, or product demonstrations, without, in each case, the University’s prior written consent. Supplier will not, directly or indirectly: (i) attempt to re-identify or de-aggregate de-identified or aggregated information; or (ii) transfer de-identified and aggregated information to any third party unless that third party agrees not to attempt re-identification or de-aggregation. For University Data to be considered de-identified, all direct and indirect personal identifiers must be removed, including names, ID numbers, dates of birth, demographic information, location information, and school information. Upon request by the University, Supplier will deliver, destroy, and/or make available to the University, any or all University Data.
    
    Notwithstanding the foregoing, if the Agreement allows Supplier to provide aggregated and de-identified data to third parties, then Supplier may provide such data solely to the extent allowed in the Agreement, and, unless otherwise stated herein, only if such data is aggregated with similar data of others (i.e. is not identified as the University, ABOR, or Arizona-specific).
16. Nondisclosure and Trade Secrets. Supplier may receive (or has received) from the University and otherwise be exposed to confidential and proprietary information relating to the University’s business practices, strategies, and technologies, University Data, as well as confidential information of the University necessary to perform and/or provide the Goods/Services (collectively, "University Confidential Information"). University Confidential Information may include, but is not limited to, confidential and proprietary information supplied to Supplier with the legend “University Confidential and Proprietary,” or other designations of confidentiality. As between Supplier and the University, the University Confidential Information is the sole, exclusive, and valuable property of the University. Accordingly, Supplier will not reproduce or otherwise use any of the University Confidential Information except in the performance or provision of the Goods/Services, and will not disclose any of the University Confidential Information in any form to any third party, either during or after the Term, except with the University’s prior written consent. Upon termination of the Agreement, Supplier will cease using, and will return to the University, all originals and all copies of the University Confidential Information, in all forms and media, in Supplier’s possession or under Supplier’s control.
    
    Supplier will not disclose or otherwise make available to the University any confidential information of Supplier or received by Supplier from any third party.
    
    Supplier will have no obligation to maintain as confidential University Confidential Information (other than University Data) that Supplier can show: (i) was already lawfully in the possession of or known by Supplier before receipt from the University; (ii) is or becomes generally known in the industry through no violation of the Agreement or any other agreement between the parties; (iii) is lawfully received by Supplier from a third party without restriction on disclosure or use; (iv) is required to be disclosed by court order following notice to the University sufficient to allow the University to contest such order; or (v) is approved in writing by the University for release or other use by Supplier.
17. Information Security.
    1. Definitions
       • Authorized Users. Authorized users means and is limited to (1) Authorized Employees; and (2) Vendor’s subcontractors, agents, and auditors who have a need-to-know or otherwise access data to enable the Vendor to comply with the Agreement, and who are bound in writing by confidentiality obligations sufficient to protect University Data in accordance with the terms hereof.
       • Confidential Information. Confidential information means any nonpublic information that is confidential or proprietary to a party and is disclosed or becomes known pursuant to this agreement.  Except to the extent information is required to be kept private or confidential pursuant to other law, regulation, or policy, “Confidential Information” does not include information that is or becomes generally available or known to the public through no act of omission of the receiving party; was received lawfully from a third-party through no breach of any obligations of confidentiality owed to the disclosing party; or created by a party independently of its access to or use of other party’s information.
       • University Data. University Data means any and all data, information, text, graphics, works and other materials that are collected, loaded, stored, accessible, transferred through and/or accessed by the University in the course of using Vendor’s services, including, but not limited to: (1) updates, modifications and/or deletions; (2) all of the results from the use of services; and (3) all information and materials that you develop or acquire prior to, or independently of, the Agreement. University Data is Confidential Information.
       • Data Compromise. Data compromise means any actual or reasonably suspected unauthorized access to, or acquisition of, data that compromises the security, confidentiality or integrity of the data or the ability of the University to access the data.
       • Information Security Incident. Information security incident means any actual or reasonably suspected incident, or imminent threat of unauthorized access, use, disclosure, breach, modification, or destruction of University Data; interference with information technology operations; or significant violation of the University’s information security policy or the information security provisions of this Agreement.
    2. Concepts
       • University Data Protection. All facilities used by or on behalf of the Vendor to store and process University Data will implement and maintain administrative, physical, technical, and procedural safeguards in accordance with industry best practices at a level sufficient to secure such data from unauthorized access, destruction, use, modification or disclosure. Such measures will be no less protective than those used to secure the Vendor’s own data of a similar type, and in no event, less than reasonable in view of the type and nature of the data involved. The Vendor must maintain the administrative, physical, technical and procedural infrastructure associated with the provision of services to the University in a manner that is, at all times during the term of this Agreement, at a level equal to or more stringent than those specified by the parties to this Agreement.
         • Access Control.  The Vendor will control access to the University’s Data, limiting access to Authorized Users who have a legitimate need to know based on individual work assignment for the Vendor.  The Vendor will trace approved access to ensure proper usage and accountability, and the Vendor will make such information available to the University for review, upon the University’s request and not later than five (5) business days after the request is made in writing.
         • Patch Management.  Vendor will carry out updates and patch management for all systems and devices in a timely manner, applying security patches within five (5) business days or less based on reported criticality.  Updates and patch management must be deployed using an auditable process that can be reviewed by the University upon the University’s request and not later than five (5) business days after the request is made in writing.  An initial report of patch status must be provided to the University prior to the effective date of this Agreement.
         • Scanning and Penetration Testing. Prior to the Effective Date of this Agreement, and at regular intervals of no less than annually, and whenever a change is made which may impact the confidentiality, integrity, or availability of University Data, and in accordance with industry standards and best practices, Vendor will, at its expense, perform scans for unauthorized applications, services, code and system vulnerabilities on the networks and systems used to perform services related to this Agreement. An initial report must be provided to the University prior to the Effective Date of this Agreement. Vendor will provide the University the reports or other documentation resulting from the audits, certifications, scans and tests within five (5) business days of Vendor’s generation or receipt of such results. The Vendor will, if such results so require, within thirty (30) calendar days of receipt of such results, promptly modify its security measures in order to meet its obligations under this Agreement and provide the University with written evidence of remediation. The following audits, certifications, scans, and tests are required:
           • A vulnerability scan performed by a third-party of the Vendor’s systems and facilities that are used in any way to deliver services under this Agreement;
           • A formal penetration test performed by qualified personnel of the Vendor’s systems and facilities in use in any way to deliver services under this Agreement; and
           • The University may require the Vendor to perform additional audits and tests, the results of which will be provided to University within seven (7) business days of Vendor’s receipt of such results.
         • Encryption. All systems and devices that store, process and/or transmit Confidential Information must use an industry standard encryption protocol for data in transit and at rest.
         • Security Development. Vendor will use secure development and coding standards; including secure change management procedures in accordance with industry standards. The Vendor’s web applications must meet OWASP Application Security Verification Standards (ASVS). The Vendor will perform penetration testing and/or scanning prior to releasing new software versions. Vendor will provide internal standards and procedures to the University for review upon the University’s request.
         • Deterioration and Degradation. Vendor will protect University Data against deterioration or degradation of quality and authenticity, including, but not limited to, annual data integrity audits performed by an independent, external organization.
    3. Notification. Any notices or communications required or permitted to be given to the University under this Agreement must be (i) given in writing and (ii) transmitted by electronic mail transmission (including PDF), to the University Information Security Office at security@arizona.edu. Any such notice or communication must be deemed to have been given on the day such notice or communication is sent electronically, provided that the sender has received a read receipt or other replied acknowledgement of such electronic transmission.
       • Notification and Data Compromise. Unauthorized access or disclosure of nonpublic data is considered to be a breach. The Vendor will provide notification, as soon as it is aware of the Data Compromise or breach, to  the University Information Security Office at security@arizona.edu. When the Vendor is liable for the loss, the Vendor must bear all costs associated with the investigation, response and recovery from the breach, including, but not limited to, credit monitoring services with a term of at least three (3) years, mailing costs, website and toll-free telephone call center services. Any limitation on liability in this Agreement or elsewhere is void to the extent that it relieves a Vendor from its own negligence or to the extent that it creates an obligation on the University to hold the Vendor harmless.
       • Incident Reporting. Vendor will report all other Information Security Incidents to the University within 24 hours of discovery.
       • Third-Party Requests. The Vendor will notify the University immediately if the Vendor receives any third-party request for  University Data, including but not limited to a subpoena, a court order, a public records request, a request directly from a data subject, or other type of inquiry or demand; or the location or method of transmission of  University Data is changed. All notifications to the University required in this Information Security paragraph will be sent to the University Information Security Office at security@arizona.edu, in addition to any other notice addresses in this Agreement. In all such instances, to the extent legally feasible, the Vendor will not provide any  University Data to such third-party and will instead direct the requestor to the University.
    4. Workforce Security and Location. The Vendor will comply with workforce location and security clauses as outlined in this Agreement. Additionally, the Vendor will ensure their workforce is properly trained on information security and privacy practices of the University and on any information security or privacy regulations, as required by applicable rules. The Vendor must promote and maintain an awareness of the importance of securing University Data to Employees and agents.
       • Offshore. The University may select or restrict where University Data will be stored and where University Data can be processed, and the Vendor will store and/or process it there in accordance with the service terms. If a data location selection is not covered by the service terms (or a Data Location Selection is not made by the University with respect to any University Data), the Vendor will not be restricted in the selection of the University storage or processing facilities. Any services that are described in this Agreement that directly serve the University and may involve access to sensitive University Data or development or modification of software for the University will be performed within the borders of the United States. Unless stated otherwise in this Agreement, this requirement does not apply to indirect or “overhead” services, redundant back-up services or services that are incidental to the performance of this Agreement. This provision applies to work performed by subcontractors at all tiers and to all University Data.
       • Background Checks. The Vendor must conduct background checks and not utilize any individual to fulfill the obligations of this Agreement, including subcontractors, if such individual has been convicted of any crime involving dishonesty or false statement including, but not limited to fraud and theft, or otherwise convicted of any offense for which incarceration for a minimum of one (1) year is an authorized penalty. Any such individual may not be an “Authorized User” under this Agreement.
    5. Audit. The Vendor will, at its expense, conduct or have conducted such audits and certifications as defined under this section at least annually, and immediately after any actual or reasonably suspected breach. The Vendor will provide the University the results of any such audits as defined under this section, along with the Vendor’s plan for addressing or resolving any shortcomings identified by such audits, within seven (7) business days of the Vendor’s receipt of such results.
       • Security Reviews. The Vendor will complete one of the following audits at least annually and immediately after any actual or reasonably suspected Data Compromise: SOC 2 Type I or II, SOC for Cybersecurity, or an accepted Higher Education Cloud Vendor Assessment Tool. Evidence must be provided to the University prior to the Effective Date of this Agreement and at least annually thereafter.
       • Reports.  The University reserves the right to annual, at a minimum, review of: Vendor access reports related to access to University Data; Vendor patch management process, schedules, and logs; findings of vulnerability scans and/or penetration tests of Vendor systems; and Vendor development standards and processes.
       • Additional Audits at University Request.  The University may require the Vendor to perform additional audits and tests, the results of which will be provided to the University within five (5) business days of the Vendor’s receipt of such results.
    6. Destruction and Return of University Data.  Except as permitted in other areas of the Agreement, the Vendor will promptly return the University’s Confidential Information upon termination of this Agreement, the final performances of services under this Agreement, or upon the request of the University, whichever comes first. In the event the Vendor has non-unique copies of the University’s Confidential Information that are also held by or returned to the University, the Vendor may, in lieu of returning such non-unique copies, destroy such Confidential Information in all forms and types of media and provide written confirmation or certification of such destruction.
18. Privacy; No Waivers or End User Agreements. Supplier will not require any University faculty, staff, or students to waive any privacy rights (including under FERPA or the European Union’s General Data Protection Regulation ("GDPR")) as a condition for receipt of any Goods/Services, and any attempt to do so will be void. If Supplier requires University faculty, staff or students to accept a clickwrap, click-through, end user license, or other similar agreement ("End User Agreement"), the terms of the End User Agreement that conflict or are inconsistent, with the terms of the Agreement or the University’s Privacy Statement will be void.
19. Background Checks. Supplier will exclude from any direct participation in Supplier’s performance under the Agreement, any unqualified persons. In addition, at the request of the University, Supplier will, at Supplier’s expense, conduct reference checks and employment, education, SSN trace, National Sex Offender Registry, and criminal history record checks (collectively, "Screenings") on requested persons employed or contracted by Supplier to perform work under the Agreement. Supplier will maintain as part of the records Supplier is required to maintain hereunder, all Screening information and all documentation relating to work performance for each employee or contractor who performs work hereunder. Supplier will abide by all applicable laws, rules and regulations including the Fair Credit Reporting Act and any equal opportunity laws, rules, and regulations.
20. Payment Card Industry Data Security Standard. Contractor acknowledges, warrants, and will maintain all applicable PCI DSS requirements to the extent the service provider handles, has access to, or otherwise stores, processes, transmits or provides the service that controls or could impact the security of the cardholder data.
    
    Furthermore, Contractor must certify at time of contract/agreement to be in compliance and continue to meet all applicable requirements by providing validation either by appearing on the VISA Global Registry of Service Providers (CISP), Payment Card Industry Security Standards Council Validated Payment Applications list (if applicable), or provide a completed and signed Attestation of Compliance (AOC) signed by a PCI approved Quality Security Assessor (QSA).  Any change in Contractor’s certification requires prompt (within thirty (30) days) written notification to the University.
    
    Furthermore, Contractor agrees to provide to the University upon request, any supporting compliance documentation such as but not limited to Approved Scan Vendor (ASV) Attestation of Compliance (AOC), external scan results, penetration testing results, and/or a completed Service Provider Self Assessment Questionnaire (SAQ) D (if not completing a third-party assessment).
    
    Contractor agrees to indemnify the University for any breach of its cardholder data attributed to the application, system, or Contractor controlled interface to CHD or service provided by the Contractor. Contractor agrees to notify the University authorized representative within 24 hours in the event of unauthorized release of cardholder data.
    
    Contractor must provide written documentation, which outlines the specific PCI DSS compliance responsibilities of both the Contractor and the University.
21. Americans with Disabilities Act and Rehabilitation Act. To the extent applicable, Supplier will comply with all applicable provisions of the Americans with Disabilities Act, the Rehabilitation Act of 1973, and all applicable federal regulations, as amended from time to time ("ADA Laws"). All electronic and information technology and products and services to be used by University faculty/staff, students, program participants, or other University constituencies must be compliant with ADA Laws. Compliance means that a disabled person can acquire the same information, engage in the same interactions, and enjoy the same services as a nondisabled person, in an equally effective and integrated manner, with substantially equivalent ease of use.
22. Foreign Corrupt Practices Act/UK Bribery Act/ Local Anti-corruption Law Compliance. Supplier warrants that it is familiar with the U.S. laws prohibiting corruption and bribery under the U.S. Foreign Corrupt Practices Act and the United Kingdom laws prohibiting corruption and bribery under the UK Bribery Act. In connection with Supplier’s work under the Agreement, Supplier will not offer or provide money or anything of value to any governmental official or employee or any candidate for  political office in order to influence their actions  or decisions, to obtain or retain business arrangements, or to secure favorable treatment  in  violation  of  the Foreign Corrupt Practices Act, the UK Bribery Act, or any other local anti-corruption law, either directly or indirectly. Any breach of the U.S. Foreign Corrupt Practices Act, the UK Bribery Act, or other local anti-corruption law, will be a material breach of the Agreement.
23. Export Controls. Each party shall comply with all applicable export control laws and economic sanctions programs. Applicable export control or economic sanctions programs may include U.S. export control laws such as the Export Administration Regulations and the International Traffic in Arms Regulations, and U.S. economic sanctions programs that are or may be maintained by the U.S. Government. The parties will comply with U.S. export control and U.S. economic sanctions laws with respect to the export (including a deemed export) or re-export of U.S. origin goods, software, services and/or technical data, or the direct product thereof.
24. Assignment. Supplier may not transfer or assign the Agreement or any of Supplier’s rights or obligations thereunder, either directly or indirectly, or by operation of law, without the University’s prior written consent, and any attempt to the contrary will be void.
25. Governing Law and Venue. The Agreement will be governed by the laws of the State of Arizona without regard to any conflicts of laws principles. The University’s obligations hereunder are subject to the regulations/policies of the Arizona Board of Regents. Any proceeding arising out of or relating to the Agreement will be conducted in Maricopa County, Arizona. Each party consents to such jurisdiction, and waives any objection it may now or hereafter have to venue or to convenience of forum.
26. Packaging. Supplier will package the Goods in accordance with good commercial practice. Each shipping container will be clearly and permanently marked as follows: (i) Supplier's name and address; (ii) the University's name, address, and purchase order number; (iii) container number and total number of containers, e.g., box 1 of 4 boxes; and (iv) the number of the container bearing the packing slip. Supplier will bear cost of packaging unless otherwise provided.
27. Shipment Under Reservation Prohibited. Supplier will not ship the Goods under reservation and no tender of a bill of lading will operate as a tender of the Goods.
28. Title and Risk of Loss. The title and risk of loss of the Goods will not pass to the University until they are delivered, received, and the contract of coverage has been completed. All risk of transportation and all related charges will be the responsibility of Supplier. Supplier will insure and file all claims for visible and concealed damage. The University will notify Supplier promptly of any damaged Goods and will assist Supplier in arranging for inspection. Notice of rejection may be made to Supplier at any time within 1 month after delivery to the University.
29. No Replacement of Defective Tender. Every tender of Goods will fully comply with all provisions of the Agreement as to time of delivery, quantity, quality, and the like. If a tender is made that does not fully conform, this will constitute a breach and Supplier will not have the right to substitute a conforming tender.
30. Business Continuity Plan. If requested by the University, Supplier will provide to the University, within 30 days after such request, a comprehensive plan for continuing the performance of its obligations during a Public or Institutional Emergency (the "Business Continuity Plan"). The Business Continuity Plan, at a minimum, will address the following: 1) identification of response personnel by name; 2) key succession and performance responses in the event of sudden and significant decrease in workforce; 3) contingency plans for the Supplier to continue the performance of its obligations under the Agreement, despite the emergency and 4) if Supplier will store, have access to, or otherwise process any University Data, a data recovery plan that includes the following: identification of data recovery personnel by name, how University Data will be recovered, recovery point and recovery time objectives, and steps to be taken to recover University Data. If the University requires a data recovery plan, upon the University’s request, Supplier will provide the University with evidence that Supplier annually tests the data recovery plan. In the event of a Public or Institutional Emergency, Supplier will implement the applicable actions set forth in the Business Continuity Plan and will make other commercially practicable efforts to mitigate the impact of the event. For clarification of intent, Supplier will not be entitled to any additional compensation or extension of time by virtue of having to implement a Business Continuity Plan, unless otherwise agreed to by the University in writing. A "Public or Institutional Emergency" means a natural or human made event that creates a substantial risk to the public, that causes or threatens death or injury to the general public, or that causes a significant disruption to the day-to-day business operations of the University.
31. Gratuities. Supplier will not give or offer any gratuities, in the form of entertainment, gifts or otherwise, or use an agent or representative of Supplier to give or offer a gratuity, to any officer or employee of the State of Arizona with a view toward securing an agreement or securing favorable treatment with respect to the awarding or amending, or the making of any determinations with respect to the performing of such Agreement. If the University determines that Supplier has violated this section, the University may, by written notice to Supplier, cancel the Agreement. If the Agreement is canceled by the University pursuant to this section, the University  will be entitled, in addition to any other rights and remedies, to recover or withhold  the amount of the costs incurred by Supplier in providing gratuities.
32. Modifications. The Agreement may be modified or rescinded only by a writing signed by both parties.
33. Interpretation-Parol Evidence. The Agreement is intended by the parties as a final expression of their agreement and is intended to be a complete and exclusive statement of the terms of their agreement. No course of prior dealings between the parties and no usage of the trade will be relevant to supplement or explain any term used in the Agreement. Acceptance or acquiescence in a course of performance rendered under the Agreement will not be relevant to determine the meaning of the Agreement even though the accepting or acquiescing party has knowledge of the nature of the performance and opportunity for objection.
34. No Waiver. No waiver by the University of any breach of the provisions of the Agreement by Supplier will be construed to be a waiver of any future breach or bar the University's right to insist on strict performance of the Agreement.
35. Assignment of Anti-Trust Overcharge Claims. In actual economic practice, overcharges resulting from anti- trust violations are borne by the ultimate purchaser. Therefore, Supplier hereby assigns to the University any and all claims for such overcharges.
36. Sales and Use Tax. Supplier will comply, and require all of the Supplier Parties to comply, with all applicable state and sales excise tax laws and compensation use tax laws and all amendments to same. Supplier will indemnify, defend, and hold harmless the University, for, from, and against any and all claims and demands made against it by virtue of the failure of Supplier or any subcontractor to comply with the provisions of any or all tax laws and amendments. The University is not exempt from state sales excise tax and compensation use tax.
37. Parking. Supplier will obtain all parking permits and/or decals required while performing any work on the University premises. If needed, Supplier should contact the University Parking and Transportation.
38. Campus Deliveries and Mall Access. Supplier will familiarize itself with UA parking, campus delivery options, and loading zones. Not all campus buildings are directly accessible and some require Supplier to unload at lots or loading areas that may not be adjacent to the delivery or work location. As a result, Supplier must then transport Goods by using electric style golf carts, dolly, or other manual device across pedestrian pathways. For details about parking permits, supplier permits and loading zones, go to parking.arizona.edu.
39. Health Insurance Portability and Accountability Act. To the extent applicable, Supplier will abide by all laws and regulations that protect the privacy of healthcare information to which Supplier obtains access under the Agreement. Certain portions of the Administrative Simplification section of the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), as codified at 42 U.S.C. § 1320d through d-8, and the federal privacy regulations as contained in 45 CFR Part 164 may apply to Supplier and the University, and their relationships and operation under the Agreement. If necessary, Supplier and the University will enter into a standard Business Associate Agreement, and any other required HIPAA agreements. To the extent the terms thereof relate to Supplier’s performance under the Agreement, the provisions of the Business Associate Agreement will control.
40. Liens. All Goods/Services delivered and performed under the Agreement will be free of all liens and, if the University requests, Supplier will deliver to the University a formal release of all liens.
41. Performance and Payment Bonds. At the request of the University, Supplier will provide and pay for performance and payment bonds. Bonds will cover the faithful performance (100%) of the Agreement and the payment of all obligations (100%) thereunder, in such form as the University may prescribe. Supplier will deliver the required bonds to the University not later than the date of executing the Agreement. Supplier will require the  attorney in fact who executes  the required bonds  on behalf of surety to affix thereto a certified and current copy of his/her power of attorney indicating the monetary limit of  such power. Surety will be a company licensed to do business in the State of Arizona and will be acceptable to the University. Supplier will increase the bond amount to include any change order, at 100% of the total value amount of each change order.
42. Price Adjustment. The University normally considers price changes at the end of one contract period and the beginning of another. Price change requests will be supported by evidence of increased costs to Supplier. The University will not approve price increases that will merely increase gross profitability of Supplier at the expense of the University. Price change requests will be a factor in the contract extension review process. The University will determine whether any requested price increase or an alternate option is in the best interest of the University. Any price adjustment to the Agreement will require an updated PO.
43. Academic Freedom and Accreditation. The University will maintain ultimate authority over all curriculum.  Nothing in the Agreement will limit the University’s academic freedom or require the University to violate any of the policies, standards, and requirements of ABOR or any accrediting entities.
44. Essence of Time. Time will be of the essence as to matters contemplated by the Agreement.
45. Non-Discrimination. The parties will comply with all applicable laws, rules, regulations, and executive orders governing equal employment opportunity, immigration, and nondiscrimination, including the Americans with Disabilities Act. If applicable, the parties will abide by the requirements of 41 CFR §§ 60- 1.4(a), 60-300.5(a) and 60-741.5(a). These regulations prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities and prohibit discrimination against all individuals based on their race, color, religion, sex or national origin. Moreover, these regulations require that covered prime contractors and subcontractors take affirmative action to employ and advance in employment individuals without regard to race, color, religion, sex, national origin, protected veteran status or disability.
46. Conflict of Interest. If within 3 years after the execution of the Agreement, Supplier hires as an employee or agent any University representative who was significantly involved in negotiating, securing, drafting, or creating the Agreement, then the University may cancel the Agreement as provided in ARS § 38-511.
47. Arbitration. The parties agree to arbitrate disputes filed in Arizona Superior Court that are subject to mandatory arbitration pursuant to ARS § 12-133.
48. Dispute Resolution. If a dispute arises under the Agreement, the parties will exhaust all applicable administrative remedies provided for under Arizona Board of Regents Policy 3-809.
49. Records. To the extent required by ARS § 35-214, Supplier will retain all records relating to the Agreement. Supplier will make those records available at all reasonable times for inspection and audit by the University or the Auditor General of the State of Arizona during the term of the Agreement and for 5 years after the completion of the Agreement. The records will be provided at the University in Tucson, Arizona, or another location designated by the University on reasonable notice to Supplier.
50. Failure of Legislature to Appropriate. In accordance with ARS § 35-154, if the University’s performance under the Agreement depends on the appropriation of funds by the Arizona Legislature, and if the Legislature fails to appropriate the funds necessary for performance, then the University may provide written notice of this to Supplier and cancel the Agreement without further obligation of the University. Appropriation is a legislative act and is beyond the control of the University.
51. Weapons, Explosives, and Fireworks. The University’s Weapons, Explosives, and Fireworks Policy prohibits the use, possession, display or storage of any weapon, explosive device or fireworks on all land and buildings owned, leased, or under the control of the University or its affiliated entities, in all University residential facilities (whether managed by the University or another entity), in all University vehicles, and at all University or University affiliate sponsored events and activities, except as provided in ARS § 12- 781, or unless written permission is given by the University’s Police Chief or a designated representative. Supplier will notify all persons or entities who are employees, officers, subcontractors, consultants, agents, guests, invitees or licensees of Supplier of this policy and Supplier will enforce this policy against all such persons and entities.
52. Confidentiality. The University, as a public institution, is  subject to  ARS  §§ 39-121  to 39-127 regarding public records.  Any provision regarding confidentiality is limited to the extent necessary to comply with Arizona law.
53. Indemnification and Liability Limitations. Because the University is a public institution, any indemnification, liability limitation, releases, or hold harmless provisions are limited as required by Arizona law, including Article 9, Sections 5 and 7 of the Arizona Constitution and ARS §§ 35-154 and 41-621. The University’s liability under any claim for indemnification is limited to claims for property damage, personal injury, or death to the extent caused by acts or omissions of the University.
54. Advertising, Publicity, Names and Marks. Supplier will not do any of the following, without, in each case, the University’s prior written consent: (i) use any names, service marks, trademarks, trade names, logos, or other identifying names, domain names, or identifying marks of the University ("University Marks"), including online, advertising, or promotional purposes; (ii) issue a press release or public statement regarding the Agreement; or (iii) represent or imply any University endorsement or support of any product or service in any public or private communication. Any permitted use of University Marks must comply with the University’s requirements, including using the ® indication of a registered mark.
55. Privacy; Educational Records. Student educational records are protected by the U.S. Family Educational Rights and Privacy Act, 20 U.S.C. § 1232g and its implementing regulations ("FERPA"). Supplier will not require any University students or employees to waive any privacy rights (including FERPA or the European Union’s General Data Protection Regulation ("GDPR")) as a condition for receipt of any educational services, and any attempt to do so will be void. Supplier will comply with FERPA and will not access or make any disclosures of student educational records to third parties without prior notice to and consent from the University or as otherwise provided by law. If the Agreement requires or permits Supplier to access or release any student records, then, for purposes of the Agreement only, the University designates Supplier as a “school official” for the University under FERPA, as that term is used in FERPA. In addition, any access or disclosures of student educational records made by Supplier or any Supplier Parties must comply with the University’s definition of legitimate educational purpose in FERPA: Release of Student Information. If Supplier violates the terms of this section, Supplier will immediately provide notice of the violation to the University.
    
    Supplier will continually monitor its operations and take any action necessary to assure that the FERPA Records are safeguarded in accordance with the terms of this Agreement. At the request of the University, Supplier agrees to provide the University with a written summary of the procedures Supplier uses to safeguard the FERPA Records.
56. Data Protection. Supplier will ensure that all services undertaken pursuant to the Agreement are performed in compliance with applicable privacy and data protection laws, rules, and regulations. In addition, Supplier is responsible to University for compliance with the Agreement by all Supplier Parties. If Supplier will serve as a Processor of University Data that includes Personal Data of Data Subjects in the European Union, Supplier will cooperate with University to comply with the GDPR with respect to such Personal Data and Data Subjects. This includes ensuring that all Data Subjects have signed appropriate Consents and signing and complying with all documents and agreements reasonably requested by University, including any data processing agreements. All capitalized terms in this section not otherwise defined in the Agreement are defined in the GDPR.
57. Authorized Presence Requirements. As required by ARS § 41-4401, the University is prohibited from awarding a contract to any contractor or subcontractor that fails to comply with ARS § 23-214(A) (verification of employee eligibility through the e-verify program). Supplier warrants that it and its subcontractors comply fully with all applicable immigration laws, rules, and regulations that relate to their employees and their compliance with ARS § 23-214(A). A breach of this warranty will be a material breach of the Agreement that is subject to penalties up to and including termination of the Agreement. The University retains the legal right to inspect the papers of any contractor or subcontractor employee who works hereunder to ensure that the contractor or subcontractor is complying with the above warranty.
58. Small Business. If subcontracting (Tier 2 and higher) is necessary, Supplier will make commercially reasonable efforts to use Small Business (SB) and Small Diverse Business (SDB) in the performance of the Goods/Services. The University may request a report at each annual anniversary date and at the completion of the Agreement indicating the extent of SB and SDB participation.
59. Tobacco Free. The University is tobacco-free. For details visit the Smoking and Tobacco Policy.
60. Title IX Obligation. Title IX protects individuals from discrimination based on sex, including sexual harassment. The University fosters a learning and working environment built on respect and free of sexual harassment. The University’s Title IX Guidance is available online. Supplier will: (i) comply with the University’s Title IX Guidance; (ii) provide the University’s Title IX Guidance to any Supplier Parties reasonably expected to interact with University students or employees, in person or online; and (iii) ensure that all Supplier Parties comply with the University’s Title IX Guidance.
61. No Boycott of Israel. If the Goods/Services provided under this Agreement include the acquisition of services, supplies, information technology or construction with a value of at least $100,000 and Supplier is engaged in for-profit activity and has 10 or more full-time employees, then, to the extent required by ARS § 35-393.01, Supplier certifies it is not currently engaged in, and during the term of this Agreement will not engage in, a boycott of goods or services from Israel.
62. Insurance Requirements. Without limiting any liability of or any other obligation of Supplier, Supplier will purchase and maintain (and cause its subcontractors to purchase and maintain), until all of their obligations have been discharged or satisfied, including any warranty periods under the Agreement, insurance against claims that may arise from or in connection with the performance of the work hereunder by Supplier, its agents, representatives, employees or subcontractors, as described at PO Insurance Requirements. In addition, Supplier and the University will reasonably cooperate to reach mutual agreement if the State of Arizona requires modification or variation from the Insurance Requirements.
63. Provision of Goods/Services to the University Component Units. In addition to providing the Goods/Services to the University, Supplier will provide some or all of the Goods/Services to each of the University’s Component Units that so requests. Supplier will enter into a Consent and Agreement to be Bound with each such requesting Component Unit, and except as may be set forth in the Consent and Agreement to be Bound, Supplier will provide the Goods/Services to each such Component Unit to the same extent and on the same terms provided to the University under this Agreement. The University’s "Component Units" are described in the University’s Comprehensive Annual Financial Reports (Note B to Financial Statements).
64. Third Party Arrangements. From time to time, the University may enter into arrangements with third parties that may require Supplier to work cooperatively with and/or connect and use infrastructure with third parties. On a case-by-case basis, the University and Supplier will work cooperatively, timely, and in good faith to take such actions as may be necessary or appropriate to give effect to the University’s third party agreements. Supplier will not be bound to terms and conditions of a third party that are different from this Agreement unless expressly agreed in writing. If the third party terms and conditions conflict with this Agreement’s terms, impact Supplier’s ability to meet service level agreements of this Agreement, or may cause Supplier to incur additional costs, then the parties will enter into good faith negotiations for an amendment to this Agreement prior to Supplier agreeing to compliance with the third party terms and conditions.
65. Independent Contractor. Supplier is an independent contractor. Neither the University nor Supplier may bind the other. None of the Supplier Parties will be employees, agents, partners, or joint venturers of the University. None of the Supplier Parties will be eligible for any benefits from the University, including worker’s compensation coverage. Supplier is responsible to the University for compliance with the Agreement by the Supplier Parties. Supplier will determine Supplier’s hours of work, and will provide all tools, equipment, and supplies Supplier determines to be necessary to deliver and perform the Goods/Services. Supplier will maintain all business registrations and licenses required to deliver and perform the Goods/Services. Supplier is using its own knowledge, skill, and technical know-how in the delivery and performance of the Goods/Services and is not being supervised by the University. The conduct and control of Services lies solely with Supplier, and the University is interested only in final results.
66. No Forced Labor of Ethnic Uyghurs. To the extent required by A.R.S. § 35-394, Supplier certifies it is not currently, and during the term of this Agreement will not use: 1) the forced labor of ethnic Uyghurs in the People’s Republic of China; 2) any goods or services produced by the forced labor of ethnic Uyghurs in the People’s Republic of China; or 3) any contractors, subcontractors or suppliers that use the forced labor or any goods or services produced by the forced labor of the ethnic Uyghurs in the People’s Republic of China. If Supplier becomes aware during the term of the agreement that it is not in compliance with this written certification, it shall notify the University within five (5) business days of becoming aware of the noncompliance.
67. Expense Reimbursements. If authorized as part of any resulting contract, all reimbursable travel expenses must be authorized in writing by the University in advance of the planned travel and must be consistent with Financial Policy 9.12 Independent Contractor Services, items 33-42. Each request for reimbursement shall be itemized and accompanied by copies of original receipts. If applicable, reimbursements for airfare shall be for standard airline coach travel only. If applicable, reimbursement for auto travel and per diem shall be made at the rate permitted for State of Arizona employees. Note that the purchase of alcohol shall not be permitted as a reimbursable expense under this Contract. Vendor will submit all receipts and any required backup documentation to the University within 90 days after the applicable expenses were incurred. The University will not be required to reimburse Vendor for any expenses, invoices, or receipts for expenses received after that time.
68. Federal Funding Provisions. If the Agreement involves the use of United States federal funds, including from a government grant or funds from a subcontract at any tier relating to a federal government grant, the following terms apply to the Agreement:
    1. Byrd Anti-Lobbying Amendment. If the Agreement is for $100,000 or more, Supplier will file the certifications required by 31 U.S.C 1352 and associated regulations. Each tier certifies to the tier above that it will not or has not used federal appropriated funds to pay any person or organization for influencing or attempting to influence an officer or employee of any agency, a member of Congress, officer or employee of Congress, or an employee of a member of Congress in connection with obtaining any federal contract, grant, or any other award covered by 31U.S.C. 1352. Each tier will also disclose any lobbying with non-federal funds that takes place in connection with obtaining a federal award. Such disclosures are forwarded from tier to tier up to the University.
    2. Debarment & Suspension. Supplier represents and warrants that neither it nor any of its subcontractors supplying the Goods/Services have either directly or indirectly or through subcontractors, been suspended, debarred, or otherwise excluded from participation in or penalized by any federal or state procurement, non- procurement, or reimbursement program. Supplier affirms that it has confirmed the above statement by checking The System for Award Management (SAM) www.uscontractorregistration.com within 180 days prior to commencing work under the Agreement. Supplier will provide immediate written notice to the University upon learning that it or any of its subcontractors are under any investigation or proposed action that could result in such exclusion, suspension, or debarment.
    3. Rights to Inventions Made Under an Agreement or Agreement. If this Agreement is a “funding agreement” under 37 CFR 401.3, the Parties agree to incorporate by this reference the standard patent rights clause found in 37 CFR 401.14 and any implementing regulations issued by the awarding agency.
    4. Contract Provisions for Non-Federal Entity Contracts Under Federal Awards. To the extent any of the provisions of 2 CFR Appendix II to Part 200 apply to this Agreement, such provisions are incorporated by reference.
69. Government Subcontract Provisions. If this order is a subcontract under a U.S. government prime contract, the clauses referenced below of the Federal Acquisition Regulations (FAR) and the Defense Federal Acquisition Regulations ("DFAR"), or the Armed Services Procurement Regulations (ASPR) are incorporated into the Agreement by this reference. Each regulation contains criteria for determining applicability of the regulation to a particular contract.
    
    In the following clauses, the terms "Government" and "Contracting Officer" will mean the University; the term "Agreement" will mean the Agreement and the term “Contractor" will mean Supplier. Supplier will comply with all applicable federal laws and regulations, including but not limited to Uniform Guidance (2 CFR Part 200) and Debarment and Suspension (45 CFR 620).
    
    For purchases funded with federal funds, the following provisions are incorporated into the Agreement by reference where applicable and form a part of the terms and conditions of the Agreement. Supplier agrees to flow down all applicable clauses to lower-tier entities.

Federal Acquisition Regulations ("FAR")*

52.202-1 Definitions
52.203-3 Gratuities
52.203-5 Covenant Against Contingent Fees
52.203-6 Restrictions on Subcontractor Sales to the Government
52.203-7 Anti-Kickback Procedures
52.203-12 Limitation on Payments to Influence Certain Federal Transactions
52.204-2 Security Requirements
52.204-24 Representation Regarding Certain Telecommunications and Video Surveillance Services or Equipment
52.204-25 Prohibition on Contracting for Certain Telecommunications and Video Surveillance Services or Equipment
52.204-26 Covered Telecommunications Equipment or Services - Representation  
52.209-6 Protecting the Government’s Interest When Subcontracting with Contractors Debarred, Suspended or Proposed for Debarment
52.211-15 Defense Priority and Allocation Requirements
52.214-27 Price Reduction For Defective Cost or Pricing Data
52.215-1 Instructions to Offerors—Competitive Acquisition.
52.215-2 Audit and Records - Negotiation
52.215-12 Subcontractor Cost or Pricing Data
52.215-13 Subcontractor Cost or Pricing Data – Modifications
52-215-14 Integrity of Unit Prices
52-219-8 Utilization of Small Business Concerns
52-219-9 Small Business Subcontracting Plan
52.222-1 Notice to the Government of Labor Disputes
52.222-4 Contract Work Hours and Safety Standards Act Overtime Compensation
52.222-6 Davis-Bacon Act [Construction Wage Rate Requirements]
52.222-20 Walsh Healey Public Contracts Act [Contracts for Materials, Supplies, Articles, and Equipment Exceeding $15,000.]
52.222-21 Prohibition of Segregated Facilities
52.222-26 Equal Opportunity
52.222-35 Equal Opportunity for Veterans
52.222-36 Equal Opportunity for Workers with Disabilities
52.222-37 Employment Reports on Veterans
52.222-40 Notification of Employee Rights Concerning Payment of Union Dues or Fees
52.222-41 Service Contract Act of 1965, as Amended
52.222-50 Combating Trafficking in Persons
52.223-3 Hazardous Material Identification and Material Safety Data
52.223-6 Drug-Free Workplace
52.225-1 Buy American Act – Supplies
52.225-13 Restrictions on Certain Foreign Purchases
52.227-1 Authorization and Consent (Alt I in all R&D)
52.227-2 Notice and Assistance Regarding Patent and Copyright Infringement
52.227-3 Patent Indemnity
52.227-10 Filing of Patent Applications--Classified Subject Matter
52.227-11 Patent Rights – Ownership by the Contractor (Alt I-V)
52.227-13 Patent Rights - Ownership by the Government
52.227-14 Rights in Data – General
52.233-1 Disputes
52.233-99 Ensuring Adequate COVID-19 Safety Protocols for Federal Contractors
52.242-1 Notice of Intent to Disallow Costs
52.242-15 Stop-work order
52.243-1 Changes - Fixed Price (43.205 (a) (1) Alts may apply)
52.243-2 Changes - Cost Reimbursement (43.205 (b) (1) Alts may apply)
52.244-2 Subcontracts
52.244-5 Competition in Subcontracting
52.244-6 Subcontracts for Commercial Items
52.245-2 Government Property – Installation Operation Services
52.246-15 Certificate of Conformance
52.247-63 Preference for U.S. Flag Air Carriers
52.247-64 Preference for U.S. Flag Commercial Vessels
52.249-1 Termination for Convenience of the Government (Fixed Price) less than simplified acquisition threshold 52.249-2 Termination for Convenience of the Government (Fixed Price) more than simplified acquisition threshold
52.249-4 Termination for Convenience of the Government (Services)
52.249-5 Termination for the Convenience of the Government (Educational and Other Nonprofit Institutions)
52.249-14 Excusable Delays

Defense Federal Acquisition Regulations ("DFAR")** DFAR CIT. TITLE

252.203-7001 Prohibition on Persons convicted of Fraud or Other Defense-Contract-Related Felonies
252.222-7000 Restrictions on Employment of Personnel
252.225-7000 Buy American Act and Balance of Payments program
252.227-7013 Rights in Technical Data and Computer Software
252.227-7016 Rights in Bid or Proposal Information
252.227-7018 Rights in Noncommercial Technical Data and Computer Software
252.227-7019 Validation of Asserted Restrictions – Computer Software
252.227-7037 Validation Technical Data
252.243-7001 Pricing of Agreement Modifications
252.244-7000 Subcontracts for Commercial Items and Commercial Components

* See full text of the FAR clauses
** See full text of the DFAR clauses