Common use of Information Technology Security Clause in Contracts

Information Technology Security. The University acknowledges that, in connection with the services being provided hereunder, the Contractor may need to operate certain information technology systems, including, but not limited to, point-of-sale devices, e-commerce solutions, and computer hardware and software services and applications (collectively the “Non-University Systems”). The University further acknowledges that the Non-University Systems may need to interface with or connect to the University’s networks and information technology systems (collectively the “University Systems”). The University shall be solely responsible for all University Systems, and the Contractor shall be responsible for all non-University Systems, including taking reasonable security and privacy precautions including, but not limited to, network firewall protections, anti-virus software and the ability to maintain regular patching levels of mission-critical software. If the Contractor serves as the merchant-of-record for any credit or debit card transactions in connection with any of the services provided hereunder, the Contractor shall comply with all applicable laws, regulations and payment card industry data security standards related to the protection of cardholder data (collectively the “Data Protection Rules”). At the request of the Contractor, the University shall implement such changes to the University Systems as are necessary to enable the Contractor to comply with the Data Protection Rules.