Master Service Agreement Review

MSA Quick Links

    Questions or comments? Contact Contracts & Procurement

    SAMPLE MASTER SERVICE AGREEMENT


    MASTER SERVICE AGREEMENT

    THIS AGREEMENT, updated on March 19, 2018, is entered into between Consolidated Technology Services "CTS", also known as Washington Technology Solutions "WaTech" and you as the "Customer."

    Consolidated Technology Services is authorized under RCW 43.105.052 to provide information services. This Master Service Agreement sets out the general terms and conditions under which CTS provides and Customer receives CTS services. Service specific terms and details will be set forth in a Terms of Service (TOS) for each Service. All TOS are incorporated as addenda to this Master Service Agreement.

    This MSA supersedes any previously signed Customer Service Agreement.

    1. TERM

    This Agreement is effective on the date of execution by both parties and remains in full force and effect until terminated by either party in accordance with the TERMINATION provision herein.

    2. TERMINATION

    1. TERMINATION FOR CONVENIENCE - Either party may terminate this upon 90 calendar days written notice to the other.
    2. TERMINATION FOR CAUSE - If for any cause, Customer or WaTech does not fulfill in a timely and proper manner its performance obligations under this Agreement, or if either party violates any of these terms and conditions, the aggrieved party will give the other party written notice of such failure or violation. The responsible party will correct the violation or failure within 15 business days or by a later deadline as agreed to by both parties. If the failure or violation is not corrected, this Agreement may be terminated immediately by written notice from the aggrieved party to the other party.
      Upon termination of this Agreement, Customer will pay for services rendered prior to the effective date of the termination.
    3. TERMINATION FOR LOSS OF NON-PROFIT STATUS - Prior to initiating services, if Customer seeks to qualify as a public benefit non-profit organization, Customer shall provide to WaTech proof of its government funding and a copy of its Internal Revenue Service form showing current tax exempt status, that meets the requirements of RCW 43.105.052 and RCW 24.03.005. Customer shall notify WaTech within five (5) business days of loss of tax exempt status or loss of all government funding.

    3. PAYMENT

    1. SERVICE CHARGES - Charges for products and services provided by WaTech will be based either on the then current published WaTech rate schedule, or on a specific quotation described in Service specific Terms of Service. Rate schedules are subject to change. The current rate schedule supersedes and replaces all previous published rate schedules.
    2. ESTIMATES - WaTech may provide, upon Customer request, an estimate of cost for proposed products and services. Specific agreements addressing costs, schedules, and other factors will be described in the associated TOS. Customer is responsible for paying the agreed amount set forth in the TOS.
    3. TAXES - If WaTech is required to pay sales or use tax in order to provide service under this Agreement, such taxes will be added to the Customer invoice.
    4. INVOICES AND LATE PAYMENT - WaTech will invoice Customer monthly detailing charges for services rendered during the preceding month. Payment is due upon receipt of invoice by Customer and becomes delinquent 30 calendar days thereafter.

      A late payment charge may be applied to any remaining balance 60 calendar days after invoice. Late payment charges, if any, will be imposed on the unpaid balance at the rate of 1% per month. Agreements with balances more than 90 calendar days past due may be terminated under the TERMINATION FOR CAUSE provision of this Agreement, and services discontinued.

      Amounts disputed by Customer under Section 3.5 are not subject to late payment charges.

    4. LIMITATION OF LIABILITIES AND REMEDIES

    1. NON-CONFORMING SERVICES - For any WaTech-provided services which fail to conform to the specifications of this Agreement or a TOS, and such failure is caused solely by the negligence of WaTech, no charge will be invoiced. If both parties are negligent, the parties agree to apportion between them the damage attributable to the actions of each. Customer is solely responsible for any damage caused in whole or in part by inaccurate or inadequate data, programs, or software furnished by Customer to WaTech.
    2. LOSS OR DAMAGE TO CUSTOMER SUPPLIED DATA - For any loss or damage to Customer supplied data or programs due to negligence of WaTech, WaTech' s liability shall be limited to the replacement or regeneration of lost or damaged data from Customer's supporting material. Customer will retain sufficient supporting material, as specified in Service Level Agreements/Order Supplements, to enable WaTech to regenerate card, tape, or dis files, printer output, or any other data furnished to WaTech by Customer.
    3. EQUIPMENT DAMAGE - For any equipment damaged as the result of negligence by either party, that party will be obligated to pay for repair or replacement of that equipment. If both parties are negligent, the parties agree to apportion between them the damage attributable to the actions of each.
    4. SOFTWARE - Computer application programs and other software systems furnished to Customer by WaTech at no charge to Customer are furnished on an "as is" basis with no representations or warranties regarding use or results.
    5. DAMAGES - Neither party will seek damages, either direct, consequential, or otherwise against the other in addition to the remedies stated herein.
    6. THIRD PARTY CLAIMS - In the event that either party is found liable for damages to third parties as a result of the performance of services under this Agreement, each party will be financially responsible for the portion of damages attributable to its own acts and responsibilities under this Agreement.

    5. DISPUTES

    1. NOTICE OF DISPUTE - Customer will promptly notify WaTech of disputes regarding invoices, or of services which Customer believes do not conform with the agreed upon terms of this Agreement or a TOS, within 30 calendar days of receipt of invoice or performance of services whichever occurs later. Failure to give written notice within 30 calendar days after receipt of invoice or performance of services constitutes waiver of any objection to services or invoices.
    2. DISPUTE RESOLUTION - When a dispute arises concerning provision of information technology goods or services, the parties will first attempt to negotiate a mutually satisfactory solution. In the event the dispute cannot be resolved between the parties, they may agree to an alternative dispute resolution process. The parties agree to proceed diligently with the performance of services requested under any TOS while any dispute is pending.

      Neither party will sue the other for claims arising from dispute arising under this Agreement, except that WaTech may pursue collection actions if necessary to recover charges for services, and if such action is taken, venue lies in Thurston County Superior Court. This agreement is governed by the laws of the State of Washington.

    6. ASSIGNMENT

    This Agreement may not be assigned by either party to a third party without the prior written consent of WaTech and Customer.

    7. WAIVER

    If a breach of a provision of this Agreement is waived for a particular transaction or occurrence, waiver for a similar breach in a subsequent similar transaction or occurrence may not be implied.

    8. SEVERABILITY

    If any term or condition of this Agreement or application thereof is held invalid, such invalidity shall not affect other terms, conditions, or applications which can be given effect without the invalid term, condition, or application.

    9. NOTICES

    All notices and communications which may be required by this Agreement shall be in writing and sent to the person named in the Order form. Service specific communications will be sent to the identified contact in the specific Terms of Service.

    10. CONFLICTS

    In the case of a conflict between this Agreement and Terms of Service issued hereunder, the Terms of Service will prevail.

    11. TREATMENT OF ASSETS

    1. PROPERTY TITLE - Title to all property furnished by WaTech shall remain in WaTech. Title to all property purchased by the Customer for which the Customer is entitled to be reimbursed as a direct item of cost under this contract shall pass to and vest in WaTech upon completion, termination, or cancellation of this contract. Title to all property purchased by the Customer directly shall remain with the Customer.
    2. USE OF PROPERTY - Any property of WaTech furnished to the Customer shall, unless otherwise provided in this contract, or approved by the owner, be used only for the performance of this contract.
    3. LOSS OR DAMAGE - The Customer shall be responsible for any loss or damage to property of WaTech which results from negligence of the Customer or which results from the failure on the part of the Customer to maintain and administer the property in accordance with sound management practices. WaTech shall be responsible for any loss or damage to property of Customer which results from negligence of WaTech or which results from the failure on the part of the WaTech to maintain and administer the property in accordance with sound management practices.
    4. NOTIFICATION - If any WaTech property is lost, destroyed, or damaged, the Customer shall immediately notify WaTech and shall take all reasonable steps to protect the property from further damage.
    5. SURRENDER OF PROPERTY - The Customer shall surrender to WaTech all property of WaTech prior to settlement upon completion, termination, or cancellation of this Agreement.
    6. CUSTOMER EMPLOYEES OR AGENTS - All reference to the Customer under this clause shall include any of his or her employees or agents.

    12. SERVICE MANAGEMENT

    1. AVAILABILITY MANAGEMENT - WaTech follows Availability Management practices as outline in the Information Technology Service Management Operations Manual (ITSMOM).

      WaTech provides server support 24x7 including State holidays. The system(s) defined in this Service Level Agreement will be available 24x7 with the exception of scheduled maintenance as defined herein.

      WaTech staff provides 24x7 electronic monitoring of managed system availability using:
      1. Tools that automate testing the services provided by each system and generate alerts and reports on failures;
      2. Tools that provide central reporting on the status of server hardware;
      3. Application and system event logs providing date, time, and name of process monitored;
      4. Tools that identify hardware failure and pre-failure conditions;
      5. Software that measures the availability and responsiveness of servers, applications, and databases
    2. CHANGE MANAGEMENT
      1. All changes to State Data Center computing and network environments are managed to promote or provide stability and minimize the impact of the changes to its customers. All changes to the WaTech computing and network environments are implemented in accordance with the Information Technology Service Management Operations Manual (ITSMOM).
    3. PROBLEM MANAGEMENT
      1. WaTech provides automated event-driven problem management through use of monitoring tools.
      2. WaTech provides Customer notification as soon as practicable of identified events that have or may have an adverse effect on service delivery to customers.
      3. WaTech provides Customer notification of system failures and outages.
      4. WaTech provides Customer problem resolution satisfaction by tracking, alerting, escalating, and solving problems.
      5. The WaTech Support Center is the single point of contact for Customer problem reporting, escalation, and notification.
      6. WaTech will make all attempts to provide customer information on problem cause, corrective action taken, and prevention of reoccurrence within 72 hours of a failure or outage.
    4. SECURITY MANAGEMENT
      1. WaTech provides a security system infrastructure that protects its Customers from unauthorized external access to or broadcast on the Internet of the Customer's intellectual property, proprietary, and confidential data.
      2. The current access control method is through the use of the Enterprise Active Directory, in accordance with the Washington State Information Services Board.
      3. WaTech technician's access to data is in accordance with OCIO Standards.
      4. All remote access (e.g., Blackberry, OWA) is in accordance with OCIO Standards.
      5. WaTech provided security system infrastructure is located within the State Data Center.
      6. Physical access to the State Data Center is granted to personnel who have been authorized by WaTech.
      7. WaTech will secure the platform against known security risks. Any observed security breaches or suspicious activity will be reported to the Customer.
      8. WaTech and the Customer will cooperate in efforts to maintain platform and network security including patch management.
    5. PHYSICAL ENVIRONMENT MANAGEMENT
      1. Rack mounted computer systems;
      2. Environmental controls and monitoring of State Data Center physical environment;
      3. Fire detection and suppression systems;
      4. Conditioned power;
      5. Un-interruptible power supply;
      6. Raised floor; and
      7. Physical access to State Data Center restricted and electronically monitored.
    6. SCHEDCULED MAINTENANCE
      1. WaTech will notify Customer, as specified in ITSMOM, in advance of any scheduled maintenance that will affect Customer. The scheduled maintenance window will only be used when necessary (hardware and software upgrades, software patches, faulty hardware replacement, application changes, etc.). A weekly maintenance window for this service is established between Saturday 8:00 AM to Sunday 6:00 PM, unless indicated otherwise in Service specific Terms of Service.
    7. SERVICE RESTORATION
      1. The service is highly available and designed with multiple standby copies of the mail data stores maintained online. Disaster recovery will entail the activation of connectivity to the appropriate standby copy of the data stores.
      2. Service restoration is agency independent. With all agencies merged into a single environment all agencies will become available simultaneously.
      3. WaTech performs backups (in multiple formats such as log shipping, configuration file export, etc.) of systems and applications for onsite and/or offsite storage for all WaTech managed servers.
      4. n the event system restoration is needed, WaTech shall restore systems as required.

    13. ACCESS TO SOFTWARE

    Customer acknowledges that WaTech licenses third party software for the purpose of providing services to its customers. Customer may access such software as part of the services provided to the Customer hereunder. Customer agrees they will not, nor will they allow their agents, employees or authorized third parties to decompile, disassemble, reverse engineer or otherwise access the source code of any software provided by WaTech whether the software is developed for WaTech or licensed by WaTech from a third party provider. Customer shall be liable to WaTech and/or any third party provider of software for any breach of this provision.

    14. DATA

    You reserve all right, title and interest (including all intellectual property and proprietary rights) in and to Your data, and any and all data that is produced pursuant to any processing that occurs on the WaTech systems. You retain all responsibility for compliance with the applicable retention and other regulatory requirements. In the event that WaTech/CTS Services are required to meet those obligations, the Parties will execute an amendment to the Terms of Service to state the specific obligations. Otherwise, WaTech will keep the data confidential to the extent allowed by law, may use the data solely for the purposes of providing services to You.

    If there is a security breach involving your data, WaTech will notify the Customer immediately upon discovery and provide the Customer with the information needed about the breach necessary to meet the Customer's responsibilities and business needs.

    15. EXPORT CONTROL LAW COMPLIANCE

    Customer, its Contractors, employees, agents or other third parties may not download, use, or otherwise export or re-export any Software associated with a Service provided by WaTech or any underlying information or technology except in full compliance will all United State and other applicable foreign laws and regulations. By installing or downloading the Licensed Programs, you represent and warrant that you are not located in, under the control of or a national or resident of any country on the U.S. Treasury Departments Specially Designated Nationals list or the U.S. Commerce Department Denied Persons List.

    16. PUBLIC RECORDS REQUESTS

    If WaTech receives a Public Records request under Chapter 42.56 RCW for Customer records or data, WaTech will refer the requester to the Customer's Public Records Officer. Customer is responsible for providing WaTech with current contact information for the Customer's Public Records Officer.

    At the request of the Customer's Public Records Officer, WaTech will assist the Customer in fulfilling the request. Such consulting and assistance may include such tasks as: restoring mailboxes, desktop support, advice on processing of Public Records, analysis and redaction of WaTech data within responsive Public Records. For WaTech technical assistance, contact the WaTech Support Center.

    Costs incurred by WaTech in assisting with public records requests are Customer's responsibility. Prior to undertaking any such requested assistance, WaTech will confirm the Customer request and provide an estimate of the tasks and charges, if any, associated with WaTech's assistance.

    17. SUBPOENAS, INVESTIGATIONS, OTHER LEGAL PROCESSES

    1. (a) Upon service on WaTech of valid legal process for Customer Records:
    • WaTech will promptly notify the Customer's Public Records Officer.
    • WaTech will seek advice of, and respond as directed by, WaTech assigned assistant attorney general (AAG).
    • WaTech will encourage its AAG to consult with Customer legal counsel about compliance with legal process. To the extent permitted by law or court order, WaTech will notify Customer's Public Records Officer of its planned response in advance.
    1. (b) If WaTech is contacted by a law enforcement agency in connection with Customer Records or data, WaTech will refer the law enforcement agency to the Customer's Public Records Officer.
    1. (c) WaTech will respond to a request in connection with an internal Customer investigation or personnel matter only if received from an authorized Customer Representative. Customer is responsible for providing WaTech with current contact information for the Customer representative (s) authorized to make such requests.

    18. PERFORMANCE BASED CONTRACT

    All work performed under this Contract shall be performance based and payment shall be structured to assure successful performance of expectations prior to payment.

    19. SECURITY

    WaTech recognizes its responsibility to provide a secure services infrastructure and WaTech strongly encourages Customer to understand its role in providing proper stewardship as well. WaTech strives to assure that its services protect and preserve the confidentiality, integrity, and availability of information technology infrastructure resources that are critical to the provision of enterprise services. WaTech complies with the Washington State Office of the Chief Information Officer (OCIO) IT Security Policy.

    20. AMENDMENT

    WaTech reserves the right to update the MSA and associated Terms of Service through an amendment as may be needed. Customer's continued use of the service is acceptance of the new terms after the effective date of the amendment. Notification will be sent out when these updates are made.

    ADDENDUM

    Data Sharing Addendum to Master Service Agreement

    The purpose of this Data Sharing Addendum (Addendum) is to identify, describe, and protect Confidential Information disclosed by a Customer to Consolidated Technology Services (CTS) during the provisioning of CTS services pursuant to an executed Master Service Agreement (MSA) and one or more Terms of Service (TOS).

    Additional terms describing the protection of Customer data may be specified in the one or more TOS applicable to the provisioning of service(s) to Customer or in the MSA between CTS and Customer.

    In the event of a conflict between any term in the Addendum with any term in either the MSA or any TOS, the MSA and/or TOS will take precedence.

    1. DEFINITIONS

    • “Authorized User” means an individual or individuals with an authorized business need to access Confidential Information under this Addendum, the MSA, or TOS.
    • “Confidential Information” means information that is exempt from disclosure to the public or other unauthorized persons under Chapter 42.56 RCW or other federal or state laws.
    • Confidential Information comprises both Category 3 and Category 4 Data as described in Section 3, Data Classification, which includes, but is not limited to, Personal Information. For purposes of this Addendum, Confidential Information means the same as “Data.”
    • “Customer” means the agency receiving services from CTS through an MSA or one or more TOS.
    • “Data” means the information that is disclosed or exchanged as described by this Addendum. For purposes of this Data Sharing Addendum, Data means the same as “Confidential Information.”
    • “Disclosing Party” means the Customer disclosing Confidential Information pursuant to this Addendum, and includes the entity’s owners, members, officers, directors, partners, trustees, employees, and Subcontractors and their owners, members, officers, directors, partners, trustees, and employees.
    • “Disclose” or “Disclosure” means the release, transfer, provision of, access to, or divulging in any other manner of information outside the entity holding the information.
    • “RCW” means the Revised Code of Washington. All references in this Addendum to RCW chapters or sections will include any successor, amended, or replacement statute. Pertinent RCW chapters can be accessed at: http://apps.leg.wa.gov/rcw/.
    • “Regulation” means any federal, state, or local regulation, rule, or ordinance.
    • “Receiving Party” means any party receiving Confidential Information pursuant to this Addendum, and includes the entity’s owners, members, officers, directors, partners, trustees, employees, and Subcontractors and their owners, members, officers, directors, partners, trustees, and employees.
    • “Subcontract” means any separate agreement or contract between a Receiving Party and an individual or entity (“Subcontractor”) to perform any duties that give rise to a business requirement to access the Data that is the subject of this Addendum.
    • “Subcontractor” means a person or entity that is not in the employment of the Receiving Party, who is performing services or any duties that give rise to a business requirement to access the Data that is the subject of this Addendum.

    2. Description of Data to be shared.

    The Data that may be shared may include Customer data that is transmitted pursuant to the provisioning and Customer’s use of CTS services - Services | Washington Technology Solutions.

    3. Data Classification

    The State classifies data into categories based on the sensitivity of the data pursuant to the Washington state Security Policy and Standards. CTS acknowledges that Customer may elect to transmit Confidential Information to CTS that is classified as Category 3 or Category 4 during the provisioning and use of CTS services. Depending on Customer’s use of CTS services, and without limitation, this Confidential Information may include the following:

    • Protected health information.
    • Information that may lead to serious consequences in the event of unauthorized disclosure, such as threats to health and safety or legal sanctions.
    • Student education records.
    • Personal information, including social security numbers, driver’s license numbers, or financial account numbers.
    • Information regarding infrastructure and security of computer and telecommunication networks.
    • Information in personnel files, including residential addresses and phone numbers, personal wireless phone numbers and email addresses, or emergency contact information.

    4. Constraints on use of Data.

    The Data being shared is owned by the Disclosing Party that created it. In some cases, the Data may represent Confidential Information of multiple Disclosing Parties.

    This Addendum does not constitute a release of the Data for the Receiving Party’s discretionary use. The Receiving Party must use the Data received or accessed under this Addendum only to carry out the purpose and justification of this Addendum, the MSA, and TOS. Any analysis, use, or reporting of Data that is not within the purpose of this Addendum, the MSA, TOS, or other data sharing agreement is not permitted.

    5. Security of Data.

    5.1 Data Protection

    CTS will protect and maintain all Confidential Information gained by reason of this Addendum against unauthorized use, access, disclosure, modification or loss. This duty requires CTS to employ reasonable security measures, which include restricting access to the Confidential Information by:

    • Allowing access only to Authorized Users.
    • Physically securing any computers, documents, or other media containing Confidential Information.

    5.2 Data Security Standards

    CTS will comply with the Data Security Requirements set out in the Washington state Security Policies which are hereby incorporated by reference into this Addendum.

    5.3 Data Disposition

    Upon receipt of a request by the Customer, Confidential Information/Data will be securely disposed of as agreed to by the Parties. The Receiving Party will provide written certification of disposition upon request using Exhibit A, Certification of Disposal.

    6. Data Confidentiality and Non-Disclosure

    6.1 Data Confidentiality

    CTS will not use, publish, transfer, sell, or otherwise disclose any Confidential Information gained by reason of this Addendum except: (1) as Customer directs; (2) for any purpose related to the provisioning of services as provided in this Addendum, the MSA, the TOS, or other data sharing agreement; and (3) as required by law.

    6.2 Non-Disclosure of Data

    CTS will ensure that all employees or Subcontractors who will have access to the Data described in this Addendum are Authorized Users and made aware of the use restrictions and protection requirements of this Addendum before gaining access to the Data identified herein. CTS will also instruct and make any new employee aware of the use restrictions and protection requirements of this Addendum before they gain access to the Data.

    CTS will ensure that each Subcontractor who will access the Data signs a non-disclosure agreement or can verify that a substantially equivalent agreement or obligation has been secured. CTS will retain the signed copy of the Non-Disclosure Agreement for a minimum of six years from the date the Subcontractor’s access to the Data ends.

    If law enforcement contacts CTS with a demand for Confidential Information, CTS will attempt to redirect the law enforcement agency to request that data directly from Customer. If compelled to disclose or provide access to any Confidential Information to law enforcement, WaTech will promptly notify Customer and provide a copy of the demand unless legally prohibited from doing so.

    6.3 Penalties for Unauthorized Disclosure of Data

    State and federal laws may prohibit unauthorized access, use, or disclosure of Confidential Information. Violation of these laws may result in criminal or civil penalties or fines.

    7. Data Shared with Subcontractors

    If Data access is to be provided to a Subcontractor under the MSA and one or more TOS, or data sharing agreement, CTS will include all of the Data constraints, conditions and requirements set forth in this Addendum in any such Subcontract or verify that a substantially equivalent term is included.

    8. Inspection

    No more than once annually while the MSA or TOS is effective and for six (6) years following termination or expiration, the Disclosing Party will have the right upon no less than five (5) business days prior written notice to access CTS’ records for the purpose of auditing and evaluating CTS’s compliance with this Addendum and applicable laws and regulations.

    9. Legal Notices

    Any other notice or demand or other communication required or permitted to be given under this Addendum or applicable law will be effective only if it is in writing and signed by the applicable party, properly addressed, and either delivered in person, or by a recognized courier service, or deposited with the United States Postal Service as first-class mail, postage prepaid certified mail, return receipt requested, to the Customer name appearing on the order form. Notices sent to CTS shall be sent to: Consolidated Technology Services, Attn: Contracts & Procurement Manager, 1500 Jefferson St. SE, Olympia WA, 98501.

    Notices will be effective upon receipt or four (4) Business Days after mailing, whichever is earlier. The notice address and information provided above may be changed by written notice given as provided above.

    10, Maintenance of Records

    All Parties must maintain records related to compliance with this Addendum for six (6) years after expiration or termination of MSA or one or more TOS. Each Party will have the right to access those records during that six-year period for purposes of auditing as described above.

    11. Responsibility

    Each Party will be responsible for the negligent acts or omissions of its own employees, officers, or agents in the performance of this Addendum. No Party will be considered the agent of another Party and no Party assumes any responsibility to another Party for the consequences of any act or omission of any person, firm, or corporation not a party to the MSA.

    12. Severability

    The provisions of this Addendum are severable. If any provision is held invalid by any court of competent jurisdiction, that invalidity will not affect the other provisions and the invalid provision will be considered modified to conform to the existing law.

    13. Survival Clauses

    The terms and conditions contained in this Addendum that by their sense and context are intended to survive the expiration or other termination of the MSA must survive. Surviving terms include but are not limited to: Constraints on Use of Data, Security of Data, Data Confidentiality and Non-Disclosure, Inspection, Maintenance of Records, and Responsibility.

    14. Waiver

    Waiver of any breach or default on any occasion will not be deemed to be a waiver of any subsequent breach or default. Any waiver will not be construed to be a modification of the terms and conditions of this Addendum or the MSA.

    Master Service Agreement Exhibit A