StateRAMP Progressing Security Snapshot Terms & Conditions

This Professional Service Contract (“this Contract”), entered into by and between GuideSoft, Inc. dba Knowledge Services (“PMO”) and (the “Service Provider”), is executed pursuant to the terms and conditions set forth herein.

  1. Duties of PMO. The PMO shall create a repository in Box for the service provider, and request artifacts from the below list summary of criteria to be uploaded and/or screenshots taken by the PMO in the intake call. The PMO will review the artifacts collected and make a determination whether the artifacts meet or do not meet the criteria and the associated points.  Points will be tallied and provided to the Service Provider in the form of a Snapshot Score letter.  Score letters and points are not posted or disclosed by the PMO to any other entities without the express permission of the service provider.  The Service Provider may choose to share or not share the associated snapshot score letter with state procurement.  Consultative calls will be scheduled each month by the member engagement specialist between the service provider and the PMO.

StateRAMP Progressing Security Snapshot Methodology:

The intent of the security snapshot criteria is to provide Service Providers a first step toward achieving a verified StateRAMP Security status. The criteria are designed to provide a gap analysis, that goes beyond self- attestation to validate a product’s current maturity in relation to meeting the Minimum Mandatory Requirements for StateRAMP Ready. The StateRAMP Progressing Security Snapshot methodology, as referenced in this Agreement, may be subject to periodic updates and changes. The PMO will make reasonable efforts to relay any changes or updates to the methodology to the Service Provider as they may occur; however, changes to the methodology do not constitute a material change to this Contract.

The current StateRAMP Security Snapshot Criteria and Score Requirements may be found HERE.

  1. Duties of the Service Provider.The Service Provider shall provide all required documentation and fees to the PMO, at which time the PMO will start the StateRAMP Security Snapshot once all of the artifacts are uploaded to the secure portal.  The Service Provider will adhere to the project timeline, agenda, and expectations outlined in the intake and scheduling email.
  2. Knowledge Services shall be paid for performance of duties set forth in this document as published and agreed upon prior to performance of duties.  The Service Provider enters into this agreement for a period of 1 year.
  3. No termination of the contract will occur within the first sixty (60) days of the agreement period. The parties may terminate this Contract with thirty (30) days’ notice to the other party, provided that payment for the Services herein are nonrefundable once Services have commenced under this Contract. Payments scheduled within the 30-day notice will be paid and services will be delivered. By agreeing to these terms and conditions, you acknowledge and understand that your subscription will be automatically renewed unless explicitly canceled by you prior to the renewal date.
  4. Assignment; Successors.Service Provider binds its successors and assignees to all the terms and conditions of this Contract. Service Provider may assign its right to remit payments to PMO to such third parties as the Service Provider may desire without the prior written consent of PMO, provided that the Service Provider gives written notice (including evidence of such assignment) to PMO thirty (30) days in advance of any payment so assigned. The assignment shall cover all unpaid amounts under this Contract and shall not be made to more than one party.
  5. Changes in Work; Work Standards.The parties shall not commence any additional work or change the scope of the work until authorized in writing by the signatories hereto. This Contract may only be amended, supplemented, or modified by a written document executed in the same manner as this Contract.

The PMO represents that the Services will be performed in a workmanlike and professional manner.

Service Provider agrees that the PMO will not be responsible for nonconformities or any errors in deliverables resulting from the PMO’s reliance on inaccurate, inauthentic or incomplete data or information provided by Service Provider.  Service Provider will cooperate with the PMO, take all actions reasonably necessary to enable PMO to perform the Services, and adhere to the timeline set up at the in-take call.  To that end, Service Provider will provide, on a timely basis, all information requested by the PMO to enable the PMO to provide the Services.  While the PMO’s goal is to deliver a Snapshot in a timely manner, there is no guarantee of a timeframe for delivery of StateRAMP Security Snapshot scoring.

Service Provider further acknowledges and agrees that (a) any outcome of the Services is limited to a point-in-time examination, (b) the outcome of any review, audits, assessments, and the opinions, advice, recommendations and/or authorization of, PMO does not constitute any form of representation, warranty or guarantee that Service Provider’s systems are secure from every form of attack, and PMO is not making any assertions by provide Services under this Contract, (c) in examining Service Provider’s status, PMO relies upon accurate and complete information provided by Service Provider, and (d) Service Provider is solely responsible for the scope, goals and overall direction of the Services.  Any jurisdiction who utilizes the StateRAMP Security Snapshot for evaluation for award of a contract or for determination of suitability for work is in no way controlled by PMO or StateRAMP.  Furthermore, neither PMO nor StateRAMP is responsible for the way in which the StateRAMP Security Snapshot is evaluated or utilized by any jurisdiction or outside organization.

  1. No Implied Warranties.Other than those expressly contained in this Section, neither Party makes any other representations or warranties, implied, statutory or otherwise, with respect to the Services or Deliverables.  PMO EXPRESSLY DISCLAIMS ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  2. Limitations on Liability. Neither Party nor its employees, officers and directors, on the one hand, nor PMO and its employees, officers and directors will be liable to the other Party under the Contract for commercial loss and lost profits or any consequential, incidental, indirect, punitive or special damages, or any other similar damages under any theory of liability whether in contract, tort or strict liability, however caused and regardless of legal theory or foreseeability, directly or indirectly, arising under this Contract. In no event shall liability of PMO under this Contract exceed those fees payable to PMO by Service Provider.
  3. Compliance with Laws. The Service Provider shall comply with all applicable federal, state, and local laws, rules, regulations, and ordinances, and all provisions required thereby to be included herein are hereby incorporated by reference. The enactment or modification of any applicable state or federal statute or the promulgation of rules or regulations thereunder after execution of this Contract shall be reviewed by PMO and the Service Provider to determine whether the provisions of this Contract require formal modification.
  4. Confidentiality of Information; Legal Requests.The parties understand and agree that data, materials, and information disclosed may contain confidential and protected information. The parties covenant that data, material, and information gathered, based upon or disclosed for the purpose of this Contract will not be disclosed to or discussed with third parties without the prior written consent of the disclosing party.

If either party is requested or required by deposition or written questions, interrogatories, requests for production of documents, subpoena, investigative demand or similar process to disclose any information originating with the other party, the party in receipt of such request or requirement will provide prompt written notice to the other party and will cooperate with the other party’s efforts to obtain an appropriate protective order or other reasonable assurance that such information will be accorded confidential treatment that the other party may deem necessary.

  1. Should any disputes arise with respect to this Contract, the Service Provider and PMO agree to act immediately to resolve such disputes. Time is of the essence in the resolution of disputes. PMO agrees that, the existence of a dispute notwithstanding, it will continue without delay to carry out all of its responsibilities under this Contract that are not affected by the dispute. The Service Provider may not withhold payments on disputed items.
  2. Force Majeure.In the event that either party is unable to perform any of its obligations under this Contract or to enjoy any of its benefits because of natural disaster or decrees of governmental bodies not the fault of the affected party (hereinafter referred to as a “Force Majeure Event”), the party who has been so affected shall immediately or as soon as is reasonably possible under the circumstances give notice to the other party and shall do everything possible to resume performance.  Upon receipt of such notice, all obligations under this Contract shall be immediately suspended. If the period of nonperformance exceeds thirty (30) days from the receipt of notice of the Force Majeure Event, the party whose ability to perform has not been so affected may, by giving written notice, terminate this Contract.
  3. Governing Law.This Contract shall be governed, construed, and enforced in accordance with the laws of the State of Indiana, without regard to its conflict of laws rules. Suit, if any, must be brought in the State of Indiana.
  4. Merger; Modification; Waiver of Rights. This Contract constitutes the entire agreement between the parties. No understandings, agreements, or representations, oral or written, not specified within this Contract will be valid provisions of this Contract. This Contract may not be modified, supplemented, or amended, except by written agreement signed by all necessary parties. No right conferred on either party under this Contract shall be deemed waived, and no breach of this Contract excused, unless such waiver is in writing and signed by the party claimed to have waived such right.
  5. Ownership of Documents and Materials.
     Service Provider Materials Provided to PMO; Ownership Remains with the Service Provider. All documents, records, programs, applications, code, data, algorithms, film, tape, articles, memoranda, and other materials delivered to PMO by the Service Provider in the performance of this Contract (the “Service Provider Materials”) shall be and remain the property of the Service Provider. Use of the Service Provider Materials, other than related to contract performance by PMO, without the prior written consent of the Service Provider, is prohibited. During the performance of this Contract, PMO shall be responsible for any loss of or damage to the Service Provider Materials while the Service Provider Materials are in the possession of PMO.  Any loss or damage thereto shall be restored at PMO’s expense. PMO shall provide the Service Provider full, immediate, and unrestricted access to the Service Provider Materials during the term of this Contract.
    B. PMO Materials Provided to the Service Provider; Ownership Remains with PMO. All documents, records, programs, applications, code, data, algorithms, film, tape, articles, memoranda, and other materials delivered to the Service Provider by PMO in the performance of this Contract (the “PMO Materials”) shall be and remain the property of PMO. Use of the PMO Materials, other than related to contract performance by the Service Provider, without the prior written consent of PMO, is prohibited. During the performance of this Contract, the Service Provider shall be responsible for any loss of or damage to the PMO Materials while the PMO Materials are in the possession of the Service Provider.  Any loss or damage thereto shall be restored at the Service Provider’s expense. The Service Provider shall provide PMO full, immediate, and unrestricted access to the PMO Materials during the term of this Contract.
  6. Penalties/Interest/Attorney’s Fees. PMO will in good faith perform its required obligations hereunder and does not agree to pay any penalties, liquidated damages, interest, or attorney’s fees.
  7. Reference to the Service Provider in PMO Marketing. Service Provider agrees that the PMO may refer to Service Provider in a published list of StateRAMP Authorized service providers.