Amazon Web Services (AWS) Appendix
Please reference this appendix for all materials included in the zip file.
CDTS/AWS Cloud Services Agreement/Terms & Conditions Attachments:
1. Contract User Instructions- 1-17-70-50A
2. Appendix A- AWS Seller Direct Terms
3. Exhibit A-AWS Service Agreement
4. Exhibit B-AWS GovCloud (US) Terms and Conditions
5. Exhibit C-Mutual NDA
6. Attachment 1-Contract Pricing
7. Attachment 2-Technical Requirements
8. OTECH Customer ID Code Request
State of California
CONTRACT USER INSTRUCTIONS
****NON-MANDATORY****
CONTRACT NUMBER:
1-17-70-50A
DESCRIPTION:
Platform as a Service and Infrastructure
as a Service Cloud Services – Amazon
Web Services
CONTRACTOR(S):
JHC Technology, Inc.
CONTRACT TERM:
06/15/2017 through 06/14/2020
STATE CONTRACT
ADMINISTRATOR:
Sarah Samaan
(916) 375-4432
The contract user instructions, products, and pricing are included herein. All purchase documents
issued under this contract incorporate the contract terms per AWS Seller Direct General and Special
provisions, Exhibit A- AWS Service Agreement, Exhibit B AWS GovCloud (US) Terms and Conditions,
and Exhibit C- Mutual NDA.
Cal eProcure link: www.caleprocure.ca.gov
ORDER PLACEMENT INFORMATION
JHC Technology, Inc.
U.S. Mail
Contact
Contractor Contract Manager
JHC Technology, Inc.
401 Post Office Road, Suite 201
Waldorf, Md., 20602
JHC Technology, Inc.
401 Post Office Road, Suite 201
Waldorf, Md., 20602
Keith Irizarry:
609-780-2710
301-965-0918
kirizarry@jhctechnology.com
JHC Technology, Inc.
401 Post Office Road, Suite 201
Waldorf, Md., 20602
Matt Jordan
814-421-0617
301-965-0918
mjordan@jhctechnology.com
Contractor Website:
____Signature on File__________________________ Date: 6/15/2017
Sarah Samaan, Contract Administrator
Department of General Services
Procurement Division
707 Third Street, 2
nd
Floor
West Sacramento, CA 95605-2811
STATE OF CALIFORNIA
DEPARTMENT OF GENERAL SERVICES
PROCUREMENT DIVISION
Contract User Instructions
Contract 1-17-70-50B Page 2 6/15/2017
User Instructions
1. SCOPE
The State’s contract with JHC Technology, Inc. (Contractor) provides FedRAMP High Platform as a Service
(PaaS) and Infrastructure as a Service (IaaS) Cloud Services at contracted pricing to the State of California
and local governmental agencies via the California Department of Technology (CDT) in accordance with the
requirements of Contract # 1-17-70-50A. The Contractor shall supply the entire portfolio of products as
identified in the contract and will be the primary point of contact for data collection, reporting, and provision of
Platform as a Service and Infrastructure as a Service Cloud Services – Amazon Web Services
to the State.
The contract term is for three (3) years with an option to extend the contract for two (2) additional one-year
periods or portion thereof. The terms, conditions, and prices for the contract extension option shall be by
mutual agreement between the contractor and the State. If a mutual agreement cannot be met the contract
may be terminated at the end of the current contract term.
2. CONTRACT USAGE/RULES
A. All Users
All State of California departments and Local Government agencies MUST purchase through the CDT
per Attachment 3, Tech Alert 17-(TBD).
B. State Departments
• The use of this contract is non-mandatory for all State of California departments.
• Ordering departments must adhere to all applicable State laws, regulations, policies, best
practices, and purchasing authority requirements, e.g. California Codes, Code of Regulations,
State Administrative Manual, Management Memos, and State Contracting Manual Volume 2 and
3, as applicable.
• Prior to placing orders against this contract, departments must have been granted IT purchasing
authority by the Department of General Services, Procurement Division (DGS/PD) for the use of this
statewide contract. The department’s current purchasing authority number must be entered in the
appropriate location on each purchase document. Departments that have not been granted
purchasing authority by DGS/PD for the use of the State’s statewide contracts may access the
Purchasing Authority Application at http://www.dgs.ca.gov/pd/Programs/Delegated.aspx
or may
contact DGS/PD’s Purchasing Authority Management Section by e-mail at [email protected].gov.
• Departments must have a Department of General Services (DGS) agency billing code prior to
placing orders against this contract. Ordering departments may contact their Purchasing Authority
contact or their department’s fiscal office to obtain this information.
C. Local Governmental Agencies
• Local governmental agency use of this contract is optional.
• Local government agencies are defined as “any city, county, city and county, district or other
governmental body or corporation, including the California State Universities (CSU) and University
of California (UC) systems, K-12 schools and community colleges’’, empowered to expend public
funds for the acquisition of products, per Public Contract Code Chapter 2, Paragraph 10298 (a)
(b). While the State makes this contract available to local governmental agencies, each local
governmental agency should determine whether this contract is consistent with its procurement
policies and regulations.
• Local governmental agencies shall have the same rights and privileges as the State under the
terms of this contract. Any agencies desiring to participate shall be required to adhere to the same
STATE OF CALIFORNIA
DEPARTMENT OF GENERAL SERVICES
PROCUREMENT DIVISION
Contract User Instructions
Contract 1-17-70-50B Page 3 6/15/2017
User Instructions
responsibilities as do State agencies and have no authority to amend, modify or change any
condition of the contract.
• Local governmental agencies must have a DGS agency billing code prior to placing orders against
this contract. DGS agency billing codes may be obtained by emailing the DGS billing code contact
with the following information:
o Local governmental agency
o Contact name
o Telephone number
o Mailing address
o Facsimile number and e-mail address
DGS Billing Code Contact: 916-375-4400
D. Unless otherwise specified within this document, the term “ordering agencies” will refer to all State
departments and/or local governmental agencies eligible to utilize this contract. Ordering and/or usage
instructions exclusive to State departments or local governmental agencies shall be identified within each
article.
3. ADMINISTRATIVE FEES
A. State Departments
The DGS and CDT will bill each State department an administrative fee for use of this statewide
contract. The administrative fee should NOT be included in the order total, nor remitted before an
invoice is received from DGS.
Current fees are available online in the Price Book & Directory of Services located at:
http://www.dgs.ca.gov/ofs/home.aspx
(Go to Price Book and click on “Purchasing” under Procurement
Division.)
B. Local Governmental Agencies
For all local government agency transactions issued against the contract, the Contractor is required to
remit the DGS/PD an Incentive Fee of an amount equal to 1% of the total purchase order amount
excluding taxes and freight. This Incentive Fee shall not be included in the agency’s purchase price, nor
invoiced or charged to the purchasing entity. All prices quoted to local governmental agency customers
shall reflect State contract pricing, including any and all applicable discounts, and shall include no other
add-on fees.
4. SB/DVBE OFF-RAMP PROVISION
There is no SB/DVBE off ramp associated with this contract.
5. EXEMPT PURCHASES
There are no Exempt Purchases associated with this contract.
6. PROBLEM RESOLUTION/SUPPLIER PERFORMANCE
Ordering agencies and/or contractors shall inform the State Contract Administrator of any technical or
contractual difficulties encountered during contract performance in a timely manner. This includes and is not
limited to informal disputes, supplier performance, outstanding deliveries, etc.
STATE OF CALIFORNIA
DEPARTMENT OF GENERAL SERVICES
PROCUREMENT DIVISION
Contract User Instructions
Contract 1-17-70-50B Page 4 6/15/2017
User Instructions
For contractor performance issues, ordering agencies must submit a completed Attachment 4, Supplier
Performance Report via email or facsimile to the State Contract Administrator identified in Article 34,
Contract Administration. The ordering agency should include all relevant information and/or documentation
(i.e. Purchase documents).
7. CONTRACT ITEMS
This contract includes PaaS and IaaS cloud services, limited to those rated FedRAMP high. They are
offered at a discount off list price per Attachent 1, Contract Pricing. List prices may fluctuate through the life
of the contract. Higher discount percentages may be offered by the Contractor but under no circumstances
shall the discount percentage decrease. No other cloud services are offered under this contract.
8. SPECIFICATIONS
All products listed on Attachment A, Contract Pricing, must conform to Attachment B, Technical
Requirements.
9. CUSTOMER SERVICE
Contractor will provide office and personnel resources for responding to requests, including telephone
coverage weekdays during the hours of 8:00 AM through 5:00 PM (PT).
Contact
Phone
Email
Keith Irizarry
(609) 780-2710
kirizarry@jhctechnology.com
10. ELECTRONIC CATALOG/CONTRACT WEBSITE
A contract website for PaaS and IaaS Cloud Services is available at www.aws.amazon.com/pricing
. Only
FedRAMP High PaaS and IaaS services are applicable to this contract.
11. PRE-ORDER CONFIGURATION CONSULTATION
Ordering agencies will consult with the CDT to identify and purchase the appropriate Cloud Services under
this contract.
12. OFFER FORMAT
Not applicable.
13. ELECTRONIC WASTE RECYCLING FEE
Not applicable.
14. SERVICE LEVEL AGREEMENT SUBSTITUTIONS
Service Level Agreements (SLAs) meeting or exceeding the Technical Requirements shall be available
throughout the duration of the contract term. The contract provides for technology refresh as SLAs are
discontinued.
The Contractor will maintain the contract discount as bid throughout the original term of the contract and any
extension, including upon SLA substitution.
15. PROMOTIONAL PRICING
Not applicable.
16. STATE AGENCY INFORMATION TECHNOLOGY CERTFICATION REQUIREMENT
STATE OF CALIFORNIA
DEPARTMENT OF GENERAL SERVICES
PROCUREMENT DIVISION
Contract User Instructions
Contract 1-17-70-50B Page 5 6/15/2017
User Instructions
Not applicable.
STATE OF CALIFORNIA
DEPARTMENT OF GENERAL SERVICES
PROCUREMENT DIVISION
Contract User Instructions
Contract 1-17-70-50B Page 6 6/15/2017
User Instructions
17. PURCHASE EXECUTION
All contract purchases will be made though the CDT. Ordering Agencies will consult with and place orders
through the CDT, who will then purchase the applicable Cloud Services from the Contractor.
A. State Departments
1) Std. 65 Purchase Documents
The CDT may use the Purchasing Authority Purchase Order (Std. 65) for purchase execution.
All Purchasing Authority Purchase Orders (Std. 65) must contain the following:
• Agency Order Number (Purchase Order Number)
• Ordering Agency Name
• Agency Billing Code
• Purchasing Authority Number
• Leveraged Procurement Number (Contract Number)
• Supplier Information (Contact Name, Address, Phone Number, Fax Number, E-mail)
• Line Item number
• Quantity
• Unit of Measure
• Commodity Code Number
• Product Description
• Unit Price
• Extension Price
2) FI$CAL Purchase Documents
State departments transacting in FI$CAL will follow the FI$CAL procurement and contracting
procedures.
3) Blanket Orders
The use of blanket orders against this statewide contract is allowed.
B. Local Governmental Agencies
Local Governmental agencies will consult with and place orders through the CDT, who will then
purchase the applicable Cloud Services from the Contractor.
18. MINIMUM ORDER
There is no minimum order for this contract.
19. ORDERING PROCEDURE
A. Ordering Agencies
Ordering agencies shall submit their Service Requests to the CDT contact below:
Contact
Phone
Email
Office of Customer Engagement
(916) 431-5476
Account Lead Directory
STATE OF CALIFORNIA
DEPARTMENT OF GENERAL SERVICES
PROCUREMENT DIVISION
Contract User Instructions
Contract 1-17-70-50B Page 7 6/15/2017
User Instructions
B. CDT Ordering Methods:
The CDTwill submit appropriate purchase documents directly to the Contractor via one of the following
ordering methods:
• U.S. Mail
• Facsimile
• Email
• Online
The Contractor’s Order Placement Information is as follows:
ORDER PLACEMENT INFORMATION
U.S. Mail
Facsimile
Email
JHC Technology, Inc.
401 Post Office Road,
Suite 201
Waldorf, Md., 20602
(301) 965-0918 awsresell@jhctechnology.com
Note: When using any of the ordering methods specified above, all State departments must conform to
proper State procedures.
20. ORDER ACCEPTANCE
The Contractor shall accept orders from the CDT only. The Contractor shall not accept purchase documents
for this contract that:
• Are submitted by an Ordering Agency other than the CDT;
• Are incomplete;
• Contain non-contract items; or
• Contain non-contract terms and conditions.
The Contractor must not refuse to accept orders from the CDT for any other reason without written
authorization from the CA.
21. ORDER RECEIPT CONFIRMATION
The Contractor will provide CDT with an order receipt confirmation, via e-mail or facsimile, within one (1)
business day after receipt of an order. The Order Receipt Confirmation shall include the following
information:
• Ordering Agency Name
• Agency Order Number
• Purchase Order Total Cost
22. OUT OF STOCK REMEDY
Not applicable.
STATE OF CALIFORNIA
DEPARTMENT OF GENERAL SERVICES
PROCUREMENT DIVISION
Contract User Instructions
Contract 1-17-70-50B Page 8 6/15/2017
User Instructions
23. DISCONTINUED ITEM REMEDY
Not applicable.
24. DELIVERY SCHEDULES
Not applicable.
25. EMERGENCY/EXPEDITED ORDERS
Not applicable.
26. FREE ON BOARD (F.O.B.) DESTINATION
Not applicable.
27. PALLETS
Not applicable.
28. SHIPPED ORDERS
Not applicable.
29. PACKING SLIP
Not applicable.
30. PACKING LABEL
Not applicable.
31. HAZARDOUS MATERIALS DOCUMENTATION
Not applicable.
32. INSTALLATION
Not applicable.
33. INSPECTION AND ACCEPTANCE
Not applicable.
34. CONTRACT ADMINISTRATION
Both the State and the Contractor have assigned contract administrators as the single points of contact for
problem resolution and related contract issues.
STATE OF CALIFORNIA
DEPARTMENT OF GENERAL SERVICES
PROCUREMENT DIVISION
Contract User Instructions
Contract 1-17-70-50B Page 9 6/15/2017
User Instructions
Administrator
Information
DGS/PD
(State Contract Administrator)
JHC Technology, Inc.
(Contractor)
Contact Name:
Sarah Samaan
Matt Jordan
Telephone:
(916) 375-4432
(814) 421-0617
Email:
Sarah.Samaan@dgs.ca.gov
mjordan@jhctechnology.com
Address:
DGS/Procurement Division
Attn: Sarah Samaan
707 Third Street, 2
nd
Floor, MS 201
West Sacramento, CA 95605
JCH Technology, Inc.
Attn: Matt Jordan
401 Post Office Road, Suite 201, Waldorf,
Md., 20602
35. RETURN POLICY
Not applicable.
36. CREDIT POLICY
The State reservers the right to take credits in the event the Contractor fails to meet and applicable SLA.
37. RESTOCKING FEES
Not applicable.
38. PAYMENT
A. Terms
Payments are to be made in accordance with Appendix A, Exhibit 1, paragraph 23, Required Payment
Date.
B. CAL-Card Use
Use of the CAL-Card for payment of invoices is not allowed under this statewide contract.
C. State Financial Marketplace
The State reserves the right to select the form of payment for all procurements, be it either an outright
purchase with payment rendered directly by the State, or a financing/lease-purchase or operating lease
via the State Financial Marketplace (GS $Mart and/or Lease $Mart). If payment is via the financial
marketplace, the Supplier will invoice the State and the State will approve the invoice and the selected
Lender/Lessor for all product listed on the State's procurement document will pay the supplier on behalf
of the State.
D. Payee Data Record
Each State accounting office must have a copy of the Payee Data Record (Std. 204) in order to process
payments. State departments should forward a copy of the Std. 204 to their accounting office(s).
Without the Std. 204, payment may be unnecessarily delayed.
39. CAL-CARD INVOICING
Use of the CAL-Card for payment of invoices is not allowed under this statewide contract.
40. CALIFORNIA USE TAX PERMIT
STATE OF CALIFORNIA
DEPARTMENT OF GENERAL SERVICES
PROCUREMENT DIVISION
Contract User Instructions
Contract 1-17-70-50B Page 10 6/15/2017
User Instructions
The California use tax permit number for the contractor is listed below. Ordering agencies can verify that
permits are currently valid at the following website: www.boe.ca.gov
.
Contractor Name
Use Tax Permit #
JCH Technology, Inc. 103-091924
41. ACCESSIBILITY COMPLIANCE/ VOLUNTARY PRODUCT ACCESSIBILITY TEMPLATE (VPAT)
Accessibility is in accordance with Appendix A, Exhibit 1, paragraph 42, Americans with Disabilities Act.
42. WARRANTY
Warranty requirements shall be in accordance Appendix A, Exhibit 1, paragraph 12, Warranty.
43. QUALITY ASSURANCE GUARANTEES
The terms of this contract will supersede any language to the contrary on purchase orders, invoices, or other
sources.
44. EQUIPMENT REPLACEMENT DURING WARRANTY
Not applicable.
45. PRINCIPAL PERIOD OF MAINTENANCE
Not applicable.
46. RECYCLED CONTENT
There is no recycled content associated with this contract.
47. SMALL BUSINESS/DISABLED VETERAN BUSINESS ENTERPRISE PARTICIPATION
There is no small business (SB) or disabled veteran business enterprise (DVBE) participation for this
contract.
48. BIDDER DECLARATION/COMMERCIALLY USEFUL FUNCTION (CUF)
There are no certified firms participating in this contract.
49. TAKE BACK/TRADE IN
Not applicable.
50. ELECTRONIC WASTE RECYCLING
Not applicable.
51. ATTACHMENTS
Appendix A – AWS Seller Direct General and Special provisions
Exhibit A- AWS Service Agreement
Exhibit B - AWS GovCloud (US) Terms and Conditions
Exhibit C - Mutual NDA
STATE OF CALIFORNIA
DEPARTMENT OF GENERAL SERVICES
PROCUREMENT DIVISION
Contract User Instructions
Contract 1-17-70-50B Page 11 6/15/2017
User Instructions
Attachment 1 – Contract Pricing
Attachment 2 – Technical Requirements
Attachment 3 – Tech Alert 17-(TBD)
Attachment 4 – Supplier Performance Report
AWS Seller Direct General Provisions—Cloud Computing
Page 1
APPENDIX A: AWS SELLER DIRECT GENERAL PROVISIONS -- CLOUD COMPUTING
1. DEFINITIONS: Unless otherwise specified in the Statement of Work, the following terms shall be given
the meaning shown, unless context requires otherwise.
a. "Application Program" means a computer program which is intended to be executed for the
purpose of performing useful work for the user of the information being processed. Application
programs are developed or otherwise acquired by the user of the Hardware/Software system, but
they may be supplied by the Contractor.
b. “AWS GovCloud(US) Terms” means the AWS GovCloud(US) Terms and Conditions attached
to the Service terms as Exhibit B.
c. “Business entity” means any individual, business, partnership, joint venture, corporation, S-
corporation, limited liability company, sole proprietorship, joint stock company, consortium, or
other private legal entity recognized by statute.
d. “Buyer” means the State’s authorized contracting official.
e. “Contract” means this Contract or agreement (including any purchase order), by whatever name
known or in whatever format used.
f. “Contractor” means the Business Entity with whom the State enters into this Contract.
Contractor shall be synonymous with “supplier”, “vendor” or other similar term.
g. "Documentation" shall have the same meaning as that term in the Service Agreement (Exhibit
A).
h. “Eligible Public Entity” means each of the California public entities authorized to purchase the
Services offered hereunder which will be documented at the time of contract execution, and
which the parties agree may be amended as needed from time to time in order to accommodate
reorganization of the State government. Eligible Public Entities shall be “Customers” under the
Service Agreement. “Public Entity”, as used in this part, means the state, county, city, city and
county, district, public authority, public agency, municipal corporation, or any other political
subdivision or public corporation in the state. “Public Entity” also means a federally-recognized
tribal entity acting in its tribal governmental capacity.
i. “Goods” means all types of tangible personal property, including but not limited to materials,
supplies, and equipment (including computer and telecommunications equipment).
j. "Hardware" usually refers to computer equipment and is contrasted with Software. See also
equipment.
k. "Information Technology" includes, but is not limited to, all electronic technology systems and
services, automated information handling, system design and analysis, conversion of data,
computer programming, information storage and retrieval, telecommunications which include
voice, video, and data communications, requisite system controls, simulation, electronic
commerce, and all related interactions between people and machines.
l. “Infrastructure as a Service” means commercial services offered for sale to the State and are
defined by the National Institute of Standards and Technology (NIST) Special Publication 800-
145 or its successors.
AWS Seller Direct General Provisions—Cloud Computing
Page 2
m. “Nondisclosure Agreement” (or “NDA”) means the Nondisclosure Agreement attached to the
Service terms as Exhibit C.
n. "Platform as a Service" means commercial services offered for sale to the State and are
defined by the National Institute of Standards and Technology (NIST) Special Publication 800-
145 or its successors.
o. "Maintenance" means that maintenance performed by the Contractor which results from a
Services failure, and which is performed as required, i.e., on an unscheduled basis.
p. “Service Agreement” means the AWS Service Agreement attached to these terms as Exhibit A,
which is hereby incorporated by reference into these terms.
q. “Service Level Agreement” (SLA) shall have the same meaning as that term under the Service
Agreement.
r. "Services" shall have the same meaning as “Service Offerings” under the Service Agreement
and includes the cloud computing services, including Infrastructure as a Service and Platform as
a Service offered to the State by the Contractor herein.
s. "Software" means an all-inclusive term which refers to any computer programs, routines, or
subroutines supplied by the Contractor, including operating Software and Application Programs
t. “Special Provisions” means the Seller Direct Cloud Computing Services Special Provisions
incorporated into this Contract.
u. "State" means the government of the State of California, its employees and authorized
representatives, including without limitation any department, agency, or other unit of the
government of the State of California.
v. "State Data" shall have the same meaning as “Customer Content” under the Service Agreement.
w. “Statement of Work” means any schedule for Professional Services work to be performed by
Contractor subject to the terms of this agreement.
x. “Subcontract” means a contract awarded by Contractor to a Subcontractor requiring the
Subcontractor to perform Services for the State on the Contractor’s behalf, specifically required
by and in connection with the Contract.
y. “Subcontractor” means a business entity holding a Subcontract with Contractor.
Subcontractors shall not include suppliers that support Contractor’s Services not specifically in
connection with this Contract.
z. "User" shall have the same meaning as “End User” under the Service Agreement and includes
any individual, organization, or system that accesses the Contractor’s Services under this
Contract, including but not limited to State employees, contractors, customers, and constituents.
aa. “U.S. Intellectual Property Rights” means intellectual property rights enforceable in the United
States of America, including without limitation rights in trade secrets, copyrights, and U.S.
patents.
2. CONTRACT FORMATION:
a) If this Contract results from a sealed bid offered in response to a solicitation conducted pursuant to
Chapters 2 (commencing with Section 10290), 3 (commencing with Section 12100), and 3.6
(commencing with Section 12125) of Part 2 of Division 2 of the Public Contract Code (PCC), then
AWS Seller Direct General Provisions—Cloud Computing
Page 3
Contractor's bid is a firm offer to the State which is accepted by the issuance of this Contract and no
further action is required by either party.
b) If this Contract results from a solicitation other than described in paragraph a), above, the Contractor's
quotation or proposal is deemed a firm offer unless otherwise withdrawn prior to the close of final bid
opening and this Contract document is the State's acceptance of that offer.
c) If this Contract resulted from a joint bid, it shall be deemed one indivisible Contract. Each such joint
Contractor will be jointly and severally liable for the performance of the entire Contract. The State
assumes no responsibility or obligation for the division of orders or purchases among joint Contractors.
3. COMPLETE INTEGRATION: This Contract, including any documents incorporated herein by express
reference, is intended to be a complete integration and there are no prior or contemporaneous different or
additional agreements pertaining to the subject matter of the Contract.
4. SEVERABILITY: The Contractor and the State agree that if any provision of this Contract is found to
be illegal or unenforceable, such term or provision shall be deemed stricken and the remainder of the
Contract shall remain in full force and effect. Either party having knowledge of such term or provision shall
promptly inform the other of the presumed non-applicability of such provision.
5. INDEPENDENT CONTRACTOR: Contractor and the agents and employees of the Contractor, in the
performance of this Contract, shall act in an independent capacity and not as officers or employees or
agents of the State.
6. APPLICABLE LAW: This Contract shall be governed by and shall be interpreted in accordance with
the laws of the State of California; venue of any action brought with regard to this Contract shall be in
Sacramento County, Sacramento, California. Notwithstanding the forgoing, either party may seek
injunctive relief in any court of competent jurisdiction in California for any actual or alleged infringement of
such party’s, its Affiliates’ or any third party’s intellectual property or other proprietary rights. The United
Nations Convention on Contracts for the International Sale of Goods shall not apply to this Contract.
7. COMPLIANCE WITH STATUTES AND REGULATIONS:
a) The State and the Contractor warrant and certify that in the performance of this Contract, they will
comply with all statutes and regulations of the United States and the State of California. For clarity, the
Contractor will comply with such statutes and regulations applicable to the provision of Services, and the
State and Eligible Public Entities are solely responsible for compliance with laws that apply to the State
and Eligible Public Entities and that would not ordinarily apply to the Contractor.
b) If this Contract is in excess of $554,000, it is subject to the requirements of the World Trade
Organization (WTO) Government Procurement Agreement (GPA).
c) The State and Eligible Public Entities have an obligation to ensure that information technology is
accessible to individuals with disabilities in accordance with the accessibility standards adopted under
section 508 of the federal Rehabilitation Act of 1973, as amended, and its implementing regulations
(“Section 508”). To the extent that this Contract falls within the scope of Government Code Section
11135, the Contractor hereby agrees to respond to and resolve any complaint brought to its attention
regarding accessibility of its Services. Upon request, Contractor may provide Eligible Public Entities with a
completed Voluntary Product Accessibility Template (VPAT) of the specific product (or a URL to the
VPAT) for reviewing compliance with Section 508 requirements. If Contractor is unable to provide a
VPAT for a product or service, the parties acknowledge that the products or services may not be eligible
for purchase by the Eligible Public Entity. .
8. CONTRACTOR’S POWER AND AUTHORITY: The Contractor warrants that it has full power and
authority to grant the rights herein granted. Further, the Contractor avers that it will not enter into any
arrangement with any third party which might abridge any rights of the State under this Contract.
AWS Seller Direct General Provisions—Cloud Computing
Page 4
9. ASSIGNMENT: This Contract shall not be assignable by either party in whole or in part without the
written consent of the other party. The parties’ consent, where required, shall not be unreasonably
withheld or delayed. For the purpose of this paragraph, the State will not unreasonably prohibit the
Contractor from freely assigning its right to payment, provided that the Contractor remains responsible for
its obligations hereunder. Subject to the Contract, the Service Agreement (Exhibit A) will be binding
upon, and inure to the benefit of the parties and their respective permitted successors and assigns.
10. WAIVER OF RIGHTS: Any action or inaction by either party or the failure of either party on any
occasion, to enforce any right or provision of the Contract, shall not be construed to be a waiver by that
party of its rights hereunder and shall not prevent that party from enforcing such provision or right on any
future occasion. The rights and remedies of the parties herein are cumulative and are in addition to any
other rights or remedies that the parties may have at law or in equity.
11. ORDER OF PRECEDENCE: In the event of any inconsistency between the articles, attachments,
specifications or provisions which constitute this Contract, the following order of precedence shall apply:
a) These General Provisions – Cloud Computing (In the instances provided herein where the paragraph
begins: “Unless otherwise specified in the Statement of Work” provisions specified in the Statement of
Work replacing these paragraphs shall take precedence over the paragraph referenced in these General
Provisions Cloud Computing);
b) Other Special Provisions
c) Contract form, i.e., Purchase Order STD 65, Standard Agreement STD 213, etc., and any
amendments thereto;
d) The Service Agreement and attachments;
e) Cost worksheets; and
f) All other attachments incorporated in the Contract by reference.
12. WARRANTY:
a) Limited Warranty for Services. In addition to the limited warranties in the Service Agreement,
Contractor warrants that Services will perform in accordance with the applicable Service Level
Agreement.
b) Such Limited Warranty will be for the duration of Customer’s use of the Services, subject to the notice
requirements in the applicable Service Level Agreement. This Limited Warranty is subject to the following
limitations, in addition to those warranty disclaimers set forth in the Service Agreement:
(i) any implied warranties, guarantees or conditions not able to be disclaimed as a matter of law last for
one year from the start of the limited warranty;
(ii) the limited warranty does not cover problems caused by accident, abuse or use of Services by the
State in a manner inconsistent with this agreement or the Service Agreement, or resulting from events
beyond Contractor’s reasonable control;
(iii) the limited warranty does not apply to components of Software products that the Eligible Public Entity
may be permitted to redistribute;
(iv) the limited warranty does not apply to free, trial, pre-release, or beta Services; and
(v) the limited warranty does not apply to problems caused by the failure to meet minimum system
requirements.
AWS Seller Direct General Provisions—Cloud Computing
Page 5
c) Remedies for breach of limited warranty. If Contractor fails to meet any of the above limited
warranties and Customer notifies Contractor within the warranty period, then Contractor will provide the
remedies identified in the Service Level Agreement for the affected Service. These are Customer’s only
remedies for breach of the limited warranty, unless other remedies are required to be provided under
applicable law or as may be specifically provided in the Service Agreement, the Statement of Work or
elsewhere in this Contract.
d) DISCLAIMER OF OTHER WARRANTIES. OTHER THAN THIS LIMITED WARRANTY,
CONTRACTOR PROVIDES NO OTHER EXPRESS OR IMPLIED WARRANTIES OR CONDITIONS.
CONTRACTOR DISCLAIMS ANY IMPLIED REPRESENTATIONS, WARRANTIES OR CONDITIONS,
INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE,
SATISFACTORY QUALITY, OR TITLE. THESE DISCLAIMERS WILL APPLY UNLESS APPLICABLE
LAW DOES NOT PERMIT THEM.
e) Contractor shall use commercially reasonable efforts to ensure that those portions of the Services that
are of a type ordinarily affected by viruses utilize enterprise-grade security software designed to detect
and remove malicious or hidden mechanisms or code designed to damage or corrupt the Services or
State Data.
f) Unless otherwise specified in the Statement of Work:
(i) The Contractor does not warrant that any Software provided hereunder is error-free or that it will run
without immaterial interruption.
(ii) The Contractor does not warrant and will have no responsibility for a claim to the extent that it arises
directly from (A) a modification made by the State, unless such modification is approved or directed by
the Contractor, (B) use of Software in combination with or on products other than as specified by the
Contractor, or (C) misuse by the State.
g) All warranties, including special warranties specified elsewhere herein, shall inure to the State, its
successors, assigns, customer agencies, and Eligible Public Entities using the Services under this
Contract.
13. SUBSTITUTIONS: Substitution of Services may not be tendered without advance written consent of
the Buyer. The Contractor shall not use any specification in lieu of those contained in the Contract without
written consent of the Buyer. The State acknowledges that this Contract contemplates dynamic Services,
which may change with regularity. This section shall not be construed prohibit the addition, modification,
or deprecation of Services pursuant to the Service Agreement and Contractor’s ordinary business
practices in connection with the Services.
14. SAFETY AND ACCIDENT PREVENTION: In performing work under this Contract on State premises
(“Onsite Work”), the Contractor shall conform to any specific safety requirements contained in the
Contract or as required by law or regulation (“Onsite Requirements”), and the Contractor shall take any
additional precautions as the State may reasonably require for safety and accident prevention purposes.
Contractor will be notified of any Onsite Requirements reasonably in advance of any Onsite Work and
have an opportunity to either (a) refuse to perform Onsite Work, without penalty, or (b) agree to the
Onsite Requirements, which will only apply if agreed upon in a formal written and signed instrument. Any
violation of such Onsite Requirements, unless promptly corrected upon reasonable notice, shall be
grounds for termination of this Contract in accordance with the default provisions hereof. The parties
acknowledge that delivery of cloud computing services under this Contract shall not be construed as
performing work on State premises.
15. TERMINATION FOR NON-APPROPRIATION OF FUNDS:
a) If the term of this Contract extends into fiscal years subsequent to that in which it is approved, such
continuation of the Contract is contingent on the appropriation of funds for such purpose by the
Legislature. If funds to effect such continued payment are not appropriated, the Contractor agrees to
AWS Seller Direct General Provisions—Cloud Computing
Page 6
terminate any Services supplied under this Contract, and relieve the State of any further obligation
therefor.
b) The State agrees that if it appears likely that subsection a) above will be invoked, the State shall take
all reasonable steps to prioritize work and minimize the incurrence of costs prior to the expiration of
funding for this Contract. Nothing in this provision implies that the State intends to consume Services and
incur fees beyond what it intends to pay under this Contract.
16. TERMINATION FOR THE CONVENIENCE OF THE STATE:
The State may terminate performance of work under this Contract for its convenience in whole or, from
time to time, in part, if the Department of General Services, Deputy Director Procurement Division, or
designee, determines that a termination is in the State’s interest. The Department of General Services,
Deputy Director, Procurement Division, or designee, shall terminate by delivering to the Contractor a
Notice of Termination specifying the extent of termination and the effective date thereof.
Upon
termination, the “Effect of Termination” provisions of the Service Agreement will apply.
17. TERMINATION FOR DEFAULT:
a) The State may, subject to the clause titled “Force Majeure”, by written notice of default to the
Contractor, terminate this Contract in whole or in part if the Contractor fails to
i) Perform the Services within the time specified in the Contract or any amendment thereto;
iii) Perform any of the other provisions of this Contract.
b) The parties’ right to terminate this Contract under subsection a) above may be exercised only if the
failure constitutes a material breach of this Contract and the breaching party does not cure such failure
within the time frame stated in a cure notice, which in no event will be less than thirty (30) days, unless
the Statement of Work calls for a different period.
d) Both parties, State and Contractor, upon any termination for default, have a duty to mitigate the
damages suffered by it. The State shall pay Contract price for Services provided.
e) The rights and remedies of the parties in this clause are in addition to any other rights and remedies
provided by law or under this Contract, and are subject to the clause titled “Limitation of Liability.”
18. FORCE MAJEURE:
The Contractor shall not be liable for any excess costs if the failure to perform the Contract arises from
causes beyond the control and without the fault or negligence of the Contractor. Examples of such
causes include, but are not limited to:
a) Acts of God or of the public enemy, and
b) Acts of the federal or State government in either its sovereign or contractual capacity.
If the failure to perform is caused by the default of a subcontractor at any tier, and if the cause of the
default is beyond the control of both the Contractor and subcontractor, and without the fault or negligence
of either, the Contractor shall not be liable for any excess costs for failure to perform.
19. [RESERVED]
20. LIMITATION OF LIABILITY:
a) Except for the State’s liability under Section 9 of the Service Agreement, each party’s aggregate
liability under this Contract for damages, shall be limited to the lesser of (i) the amounts paid in aggregate
by the State and all Eligible Public Entities for all Services purchased over the 12 months before the
liability arose; or (ii) $20 million (USD). Contractor’s aggregate liability to the State under Section 29
AWS Seller Direct General Provisions—Cloud Computing
Page 7
arising out of the Services’ alleged infringement or violation of intellectual property rights will not exceed
$3 million.
b) Nothing herein shall be construed to waive or limit the State’s sovereign immunity or any other
immunity from suit provided by law.
c) IN NO EVENT WILL EITHER THE CONTRACTOR OR THE STATE BE LIABLE FOR
CONSEQUENTIAL, INCIDENTAL, INDIRECT, SPECIAL, OR PUNITIVE DAMAGES, EVEN IF
NOTIFICATION HAS BEEN GIVEN AS TO THE POSSIBILITY OF SUCH DAMAGES.
21. [RESERVED]
22. INVOICES: Fees for Services shall be billed and paid in accordance with the Service Agreement.
Invoices shall be sent to the email address specified in the Purchase Order. Invoices shall include the
PO number; release order number (if applicable); item number extended item price, and invoice total
amount. Customer billing information and individual Enterprise Account information will be available
through the AWS console. State sales tax and/or use tax shall be itemized separately and added to each
invoice as applicable.
23. REQUIRED PAYMENT DATE: Payment will be made in accordance with the provisions of the
California Prompt Payment Act, Government Code Section 927 et. seq. Unless expressly exempted by
statute, the Act requires State agencies to pay properly submitted, undisputed invoices not more than 45
days after:
(i) the date of acceptance of Deliverables or performance of services; or
(ii) receipt of an undisputed invoice, whichever is later.
24. TAXES: Unless otherwise required by law, the State of California is exempt from Federal excise
taxes. The State will only pay for any State or local sales or use taxes (or federal excise taxes, if required
by law) on the Services rendered or Goods supplied to the State pursuant to this Contract.
25. CONTRACT MODIFICATION: No amendment or variation of the terms of this Contract shall be valid
unless made in writing, signed by the parties and approved as required. No oral understanding or
agreement not incorporated in the Contract is binding on any of the parties. For clarity, the State
acknowledges that this Contract contemplates dynamic Services and terms and conditions in linked URL
web addresses (collectively referred to as “Policies” under the Service Agreement), which may change
from time to time. This section shall not be construed prohibit the addition, modification, or deprecation of
Services or Policies pursuant to the Service Agreement and Contractor’s ordinary business practices in
connection with the Services.
26. CONFIDENTIALITY OF DATA: The provisions of the Service Agreement relating to ”Privacy and
Security” and the Special Provisions relating to ”Data Protection” (and not the NDA), define the
protections against improper use, disclosure, and confidentiality of State Data.
27. NEWS RELEASES: Unless otherwise exempted, news releases, endorsements, advertising, and
social media content pertaining to this Contract shall not be made without prior written approval of the
Department of General Services.
28. PROTECTION OF PROPRIETARY SOFTWARE AND OTHER PROPRIETARY DATA:
a) The Nondisclosure Agreement (“NDA”) between the parties is hereby incorporated into this Contract.
The State agrees that all proprietary or confidential material furnished by the Contractor in connection
with this Contract are provided for the State’s exclusive use for the purposes of this Contract only. All
such proprietary data shall remain the property of the Contractor. As set forth in the NDA, the State
agrees to take all reasonable steps to insure that such proprietary data are not disclosed to others,
without prior written consent of the Contractor, subject to the California Public Records Act. If a request
for the contents of, or other information relating to, this Contract is made under the California Public
AWS Seller Direct General Provisions—Cloud Computing
Page 8
Records Act, the State or relevant Eligible Public Entity will provide the Contractor with reasonable written
notice to permit the Contractor to prevent the disclosure of such information to the maximum extent
permitted under applicable law.
b) The State agrees that it will take appropriate action by instruction, agreement or otherwise with its
employees or other persons permitted access to proprietary data to satisfy its obligations in this Contract
with respect to use, copying, modification, protection and security of proprietary materials and data,
subject to the California Public Records Act.
29. PATENT, COPYRIGHT AND TRADE SECRET INDEMNITY:
a) Subject to damage limitations and warranty disclaimers under this Contract , Contractor will reimburse
the State, its officers, agents, and employees, for their respective out-of-pocket costs (including without
limitation reasonable attorneys’ fees)incurred to defend any lawsuit brought against the State by an
unaffiliated third party for infringement or violation of any U.S. Intellectual Property Right by Services
provided hereunder (“IP Claim”), and will indemnify the State, its officers, agents, and employees for the
amount of any adverse final judgment or settlement arising out of an IP claim (“Final Awards”).
The payment obligations set forth in this Section will be conditional upon the following:
(i) The State will notify the Contractor of any such claim in writing and tender the defense thereof within a
reasonable time; and
(ii) The State may not consent to the entry of any judgment or enter into any settlement with respect to
the claim without prior written notice to Contractor. The Contractor may assume control of or otherwise
participate in the defense of any action on such claim and all negotiations for its settlement or
compromise; provided that (a) when substantial principles of government or public law are involved, when
litigation might create precedent affecting future State operations or liability, or when involvement of the
State is otherwise mandated by law, the State may participate in such action at its own expense with
respect to attorneys’ fees and costs (but not liability); (b) where a settlement would impose liability on the
State, affect principles of California government or public law, or impact the authority of the State, the
Department of General Services will have the right to approve or disapprove any settlement or
compromise, which approval will not unreasonably be withheld or delayed; and (c) the State will
reasonably cooperate in the defense and in any related settlement negotiations.
b) Should the Services, or the operation thereof, become, or in the Contractor's opinion are likely to
become, the subject of a claim of infringement or violation of a U.S. Intellectual Property Right, the State
shall permit the Contractor, at its option and expense, either (i) procure the right to continue using the
Services alleged to be infringing, (ii) replace or modify the same so that they become non-infringing, or
(iii) immediately terminate the alleged infringing portion of the Services. If none of these options can
reasonably be taken, or if the use of such Services by the State shall be prevented by injunction, the
Contractor agrees to make every reasonable effort to assist the State in procuring substitute Services. If,
in the sole opinion of the State, the use of other Services acquired from the Contractor under this
Contract is impractical, the State shall then have the option of terminating such Contracts or orders, or
applicable portions thereof, without penalty or termination charge. The Contractor agrees to refund any
sums the State has paid the Contractor for unused Services.
c) This section constitutes the State’s sole and exclusive remedy and Contractor’s entire obligation to the
State with respect to any claim that the Services infringe the rights of any third party. The Contractor shall
have obligations under this provision only for IP Claims and Final Awards for the infringement of
intellectual property rights caused solely by the Services, and shall have no liability to the State under any
provision of this clause with respect to any claim of patent, copyright or trade secret infringement which is
based upon:
(i) The combination or utilization of Services furnished hereunder with any other equipment, service, data,
Software or devices not made or furnished by the Contractor (including Third Party Content as defined in
the Service Agreement);
AWS Seller Direct General Provisions—Cloud Computing
Page 9
(ii) The modification initiated by the State, User, or a third party at the State’s direction, of any Service
furnished hereunder;
(iii) The combination or utilization of Software furnished hereunder with non-contractor supplied Software;
(iv) Any use of the Services, or any other act, that is in breach of this Agreement;
(v) Any claim of inducement or contributory infringement;
(vi) Any claim of willful infringement directed at anyone other than AWS; or
(vii) Any use of the Services after AWS has notified the State or Eligible Public Entity to discontinue such
use.
30. DISPUTES:
For disputes involving purchases made under this Agreement, to the extent permitted by applicable law,
the Department of General Services, Procurement Division ("DGS") shall act on behalf of the State party
or entity involved with the dispute. DGS in cooperation with the State party or entity involved with the
dispute shall seek to resolve the dispute with Contractor on behalf of the State party or entity. The
Contractor and DGS shall deal in good faith and attempt to resolve potential disputes informally through
face-to-face negotiations with persons fully authorized to resolve the dispute or through non-binding
mediation utilizing a mediator agreed to by the parties, rather than through litigation. No formal
proceedings for the judicial resolution of such dispute, except for the seeking of equitable relief may begin
until either such persons conclude, after a good faith effort to resolve the dispute, that resolution through
continued discussion is unlikely.
Notwithstanding the existence of a dispute under, related to or involving this Contract, the parties shall
continue without delay to carry out all of their responsibilities, including providing of Services in
accordance with this Contract, except as the Contractor is otherwise permitted to suspend Services under
this Contract or the Service Agreement.
31. EXAMINATION AND AUDIT: The Contractor agrees that the State or its designated representative
shall have the right to review and copy any records and supporting documentation directly pertaining to
the performance of this Contract. The parties recognize that some of the documentation may be
available and accessible online. The Contractor agrees to maintain such records for possible audit for a
minimum of three (3) years after final payment, unless a longer period of records retention is stipulated.
Provided electronic versions of documentation are not available, the Contractor agrees to allow the
auditor(s) access to its business offices and to allow interviews of any employees or others who might
reasonably have information related to such records to the extent necessary to verify the accuracy of
such statements. Any such audit must: (i) not be disruptive to Contractor business and must take place
at a mutually agreed time during Contractor’s normal business hours; and (ii) take place on at least thirty
(30) days’ prior written notice. The State agrees that any information learned or disclosed by the State’s
auditor in connection with any such audit is Confidential Information of the Contractor and subject to
nondisclosure and nonuse obligations under the NDA except as such disclosure or use is required by the
California Public Records Act or other applicable law. The State will be solely responsible for all costs of
any audit he State conducts. Further, the Contractor agrees to include a similar right of the State to audit
records and interview staff in any subcontract for performance of this Contract. Audits of data centers
shall be in accordance with the Data Center Audit provisions in the Special Provisions.
32. PRIORITY HIRING CONSIDERATIONS: If this Contract includes services in excess of $200,000, the
Contractor shall give priority consideration in filling vacancies in positions funded by the Contract to
qualified recipients of aid under Welfare and Institutions Code Section 11200 in accordance with PCC
Section 10353. The State acknowledges that no positions are funded by the Contract within the meaning
of this provision.
AWS Seller Direct General Provisions—Cloud Computing
Page 10
33. COVENANT AGAINST GRATUITIES: The Contractor warrants that no gratuities (in the form of
entertainment, gifts, or otherwise) were offered or given by the Contractor, or any agent or representative
of the Contractor, to any officer or employee of the State with a view toward securing the Contract or
securing favorable treatment with respect to any determinations concerning the performance of the
Contract. For breach or violation of this warranty, the State shall have the right to terminate the Contract,
either in whole or in part, and any loss or damage sustained by the State in procuring on the open market
any items which the Contractor agreed to supply shall be borne and paid for by the Contractor. The rights
and remedies of the State provided in this clause shall not be exclusive and are in addition to any other
rights and remedies provided by law or in equity.
34. NONDISCRIMINATION CLAUSE:
a) During the performance of this Contract, the Contractor and its subcontractors shall not unlawfully
discriminate, harass or allow harassment, against any employee or applicant for employment because of
sex, sexual orientation, race, color, ancestry, religious creed, national origin, disability (including HIV and
AIDS), medical condition (cancer), age, marital status, and denial of family care leave. The Contractor
and subcontractors shall insure that the evaluation and treatment of their employees and applicants for
employment are free from such discrimination and harassment. The Contractor and subcontractors shall
comply with the provisions of the Fair Employment and Housing Act (Government Code, Section 12990 et
seq.) and the applicable regulations promulgated thereunder (California Code of Regulations, Title 2,
Section 7285.0 et seq.). The applicable regulations of the Fair Employment and Housing Commission
implementing Government Code Section 12990 (a-f), set forth in Chapter 5 of Division 4 of Title 2 of the
California Code of Regulations are incorporated into this Contract by reference and made a part hereof as
if set forth in full. The Contractor and its subcontractors shall give written notice of their obligations under
this clause to labor organizations with which they have a collective bargaining or other agreement.
b) The Contractor shall include the nondiscrimination and compliance provisions of this clause in all
subcontracts to perform Services under the Contract.
35. NATIONAL LABOR RELATIONS BOARD CERTIFICATION: The Contractor swears under penalty
of perjury that no more than one final, unappealable finding of contempt of court by a federal court has
been issued against the Contractor within the immediately preceding two-year period because of the
Contractor’s failure to comply with an order of the National Labor Relations Board. This provision is
required by, and shall be construed in accordance with, PCC Section 10296.
36. ASSIGNMENT OF ANTITRUST ACTIONS: Pursuant to Government Code Sections 4552, 4553, and
4554, the following provisions are incorporated herein:
a) In submitting a bid to the State, the supplier offers and agrees that if the bid is accepted, it will assign
to the State all rights, title, and interest in and to all causes of action it may have under Section 4 of the
Clayton Act (15 U.S.C. 15) or under the Cartwright Act (Chapter 2, commencing with Section 16700, of
Part 2 of Division 7 of the Business and Professions Code), arising from purchases of Goods, material or
other items, or services by the supplier for sale to the State pursuant to the solicitation. Such assignment
shall be made and become effective at the time the State tenders final payment to the supplier. The State
acknowledges that the Contract is only for Contractor’s Services and that Contractor does not purchase
goods, material, other items, or services and then resell the same to the State under this Contract.
b) If the State receives, either through judgment or settlement, a monetary recovery for a cause of action
assigned under this chapter, the assignor shall be entitled to receive reimbursement for actual legal costs
incurred and may, upon demand, recover from the State any portion of the recovery, including treble
damages, attributable to overcharges that were paid by the assignor but were not paid by the State as
part of the bid price, less the expenses incurred in obtaining that portion of the recovery.
c) Upon demand in writing by the assignor, the assignee shall, within one year from such demand,
reassign the cause of action assigned under this part if the assignor has been or may have been injured
by the violation of law for which the cause of action arose and
AWS Seller Direct General Provisions—Cloud Computing
Page 11
(i) the assignee has not been injured thereby, or
(ii) the assignee declines to file a court action for the cause of action.
37. DRUG-FREE WORKPLACE CERTIFICATION: The Contractor certifies under penalty of perjury
under the laws of the State of California that the Contractor will comply with the requirements of the Drug-
Free Workplace Act of 1990 (Government Code Section 8350 et seq.) and will provide a drug-free
workplace by taking the following actions:
a) Publish a statement notifying employees that unlawful manufacture, distribution, dispensation,
possession, or use of a controlled substance is prohibited and specifying actions to be taken against
employees for violations, as required by Government Code Section 8355(a).
b) Establish a Drug-Free Awareness Program as required by Government Code Section 8355(b) to inform
employees about all of the following:
(i) the dangers of drug abuse in the workplace;
(ii) the person's or organization's policy of maintaining a drug-free workplace;
(iii) any available counseling, rehabilitation and employee assistance programs; and,
(iv) penalties that may be imposed upon employees for drug abuse violations.
c) Provide, as required by Government Code Section 8355(c), that every employee who works on the
proposed or resulting Contract:
(i) will receive a copy of the company's drug-free policy statement; and,
(ii) will agree to abide by the terms of the company's statement as a condition of employment on the
Contract.
38. FOUR-DIGIT DATE COMPLIANCE: Contractor warrants that the Services can be used by the State
to provide only Four-Digit Date Compliant (as defined below) Services. “Four Digit Date Compliant”
Services can accurately process, calculate, compare, and sequence date data, including without limitation
date data arising out of or relating to leap years and changes in centuries. This warranty and
representation is subject to the warranty terms and conditions of this Contract and does not limit the
generality of warranty obligations set forth elsewhere herein.
39. COMPLIANCE WITH PUBLIC CONTRACT CODE SECTION 6108
Contractor agrees that it complies with Public Contract Code Section 6108, to the extent applicable.
40. [RESERVED]
41. CHILD SUPPORT COMPLIANCE ACT: For any Contract in excess of $100,000, the Contractor
acknowledges in accordance with PCC Section 7110, that:
a) The Contractor recognizes the importance of child and family support obligations and shall fully comply
with all applicable State and federal laws relating to child and family support enforcement, including, but
not limited to, disclosure of information and compliance with earnings assignment orders, as provided in
Chapter 8 (commencing with Section 5200) of Part 5 of Division 9 of the Family Code; and
b) The Contractor, to the best of its knowledge is fully complying with the earnings assignment orders of
all employees and is providing the names of all new employees to the New Hire Registry maintained by
the California Employment Development Department.
AWS Seller Direct General Provisions—Cloud Computing
Page 12
42. AMERICANS WITH DISABILITIES ACT: The Contractor assures the State that the Contractor
complies with the Americans with Disabilities Act of 1990 (42 U.S.C. 12101 et seq.).
43. [RESERVED]
44. [RESERVED]
45. EXPATRIATE CORPORATIONS: Contractor hereby declares that it is not an expatriate corporation
or subsidiary of a non-US expatriate corporation within the meaning of PCC Sections 10286 and 10286.1,
and is eligible to contract with the State.
46. DOMESTIC PARTNERS: For contracts over $100,000 executed or amended after January 1, 2007,
the contractor certifies that the Contractor is in compliance with Public Contract Code Section 10295.3.
47. SMALL BUSINESS PARTICIPATION AND DVBE PARTICIPATION REPORTING
REQUIREMENTS:
a) If for this Contract the Contractor made a commitment to achieve small business participation, then the
Contractor must within 60 days of receiving final payment under this Contract (or within such other time
period as may be specified elsewhere in this Contract) report to the awarding department the actual
percentage of small business participation that was achieved. (Govt. Code § 14841.)
b) If for this Contract the Contractor made a commitment to achieve disabled veteran business enterprise
(DVBE) participation, then Contractor must within 60 days of receiving final payment under this Contract
(or within such other time period as may be specified elsewhere in this Contract) certify in a report to the
awarding department: (1) the total amount the prime Contractor received under the Contract; (2) the
name and address of the DVBE(s) that participated in the performance of the Contract; (3) the amount
each DVBE received from the prime Contractor; (4) that all payments under the Contract have been
made to the DVBE; and (5) the actual percentage of DVBE participation that was achieved. A person or
entity that knowingly provides false information shall be subject to a civil penalty for each violation. (Mil. &
Vets. Code § 999.5(d); Govt. Code § 14841.)
48. LOSS LEADER: It is unlawful for any person engaged in business within this state to sell or use any
article or product as a “loss leader” as defined in Section 17030 of the Business and Professions Code.
(PCC 12104.5(b).).
REMAINDER OF PAGE INTENTIONALLY LEFT BLANK
AWS Seller Direct IaaS and PaaS Special Provisions Page 1
AWS SELLER DIRECT CLOUD COMPUTING SERVICES SPECIAL PROVISIONS
Infrastructure as a Service and Platform as a Service
THESE SPECIAL PROVISIONS ARE ONLY TO BE USED FOR INFRASTRUCTURE AS A SERVICE (IaaS) AND
PLATFORM AS A SERVICE (PaaS), AS DEFINED BELOW. THESE SPECIAL PROVISIONS ARE TO BE
ATTACHED TO THE SELLER DIRECT GENERAL PROVISIONS -- CLOUD COMPUTING (THE “GENERAL
PROVISIONS”) AND ACCOMPANIED BY, AT MINIMUM, A STATEMENT OF WORK (SOW) AND SERVICE
LEVEL AGREEMENT (SLA).
STATE AGENCIES MUST FIRST:
A. CLASSIFY THEIR DATA PURSUANT TO THE CALIFORNIA STATE ADMINISTRATIVE MANUAL
(SAM) 5305.5;
B. CONSIDER THE FACTORS TO BE TAKEN INTO ACCOUNT WHEN SELECTING A PARTICULAR
TECHNOLOGICAL APPROACH, IN ACCORDANCE WITH SAM 4981.1, 4983 AND 4983.1 AND
THEN;
C. MODIFY THESE SPECIAL PROVISIONS THROUGH THE SOW AND/OR SLA TO MEET THE NEEDS
OF EACH ACQUISITION.
1. DEFINITIONS: Capitalized terms not defined below shall have the same meaning set forth in the
General Provisions.
a. “AWS GovCloud(US)” means the covered US Region and Services available therein. Eligible
Public Entities shall enter into the AWS GovCloud(US) terms to use the Services in the AWS
GovCloud(US) Region.
b. “Business Associate Agreement” means an AWS Business Associate Addendum between the
Contractor and the State or Eligible Public Entity (if any) incorporated by reference into these
terms.
c. “General Provisions” means the “Seller Direct General Provisions—Cloud Computing”
incorporated into the Contract.
d. “Security Incident” means a breach of the security measures described in the AWS Security
Standards that resulted in either (a) any unlawful access to any State Data stored on AWS’s
equipment or in AWS’s facilities, or (b) any unauthorized access to such equipment or facilities,
where in either case such access results in loss, disclosure, or alteration of State Data.
e. “Security Standards” means the AWS Security Standards attached to the Service Agreement
(Exhibit A).
f. “Service Provider” means the Contractor.
g. “State Data” shall have the same meaning as “Customer Content” under the Service Agreement
2. DATA OWNERSHIP:
The State will own all right, title and interest in all State Data. The Service Provider shall not access,
move, use, or disclose Eligible Public Entity accounts or State Data, except as set forth in the
Service Agreement.
3. DATA PROTECTION:
The Service Provider and the State recognize that security responsibilities are shared. The Service
Provider is responsible for implementing security measures and providing a secure infrastructure
(i.e., the AWS Network) as set forth in the Service Agreement and AWS Security Standards
attached thereto. The State is responsible for all other data protection and security controls,
including its secure guest operating system, firewalls and other logs captured within the guest
operating system. Specific shared responsibilities are identified within the Service Agreement, the
SOW and/or SLA.
AWS Seller Direct IaaS and PaaS Special Provisions Page 2
a. All State Data obtained by the Service Provider within its control in the performance of this
Contract shall become and remain the property of the State.
b. The Service Agreement, SOW and/or SLA will specify which party is responsible for encryption
and access control of the State Data for the service model under Contract. If the Service
Agreement, SOW and/or SLA and the Contract are silent, then the State is responsible for
encryption and access control.
c. At no time shall any State Data or processes — which either belong to or are intended for the
use of State or its officers, agents or employees — be copied, disclosed or retained by the
Service Provider or any party related to the Service Provider for subsequent use in any
transaction without the express written consent of the State except as permitted by the Service
Agreement or Section 2 above.
d. The State and Eligible Public Entities shall enter into and comply with a Business Associate
Agreement in using the Services to store or transmit any Protected Health Information.
e. As of the Addendum Effective Date, the Service Provider is authorized under FedRAMP High
(“FedRAMP” for the purpose of this section) in accordance with Exhibit B and as provided in
https://aws.amazon.com/compliance/services-in-scope/ or its successor webpage designated
by the Service Provider (the “Services in Scope Site”) for ATOs by Service, region, and impact
level. AWS GovCloud (US), has been granted a Joint Authorization Board Provisional
Authority-To-Operate (JAB P-ATO) and multiple Agency Authorizations (A-ATO) for moderate
and high impact levels. The services in scope of the AWS GovCloud (US) JAB P-ATO
boundary at high baseline security categorization can be found within the Services in Scope
Site.
The Service Provider achieves FedRAMP compliance by addressing the FedRAMP security
controls (based on NIST SP 800-53), using required FedRAMP templates for the security
packages posted in the secure FedRAMP Repository, completing FedRAMP accredited
independent third party (3PAO) security testing and evaluation and submitting continuous
monitoring requirements of FedRAMP to the Joint Authorization Board (JAB). It is exclusively
the State’s and Eligible Public Entities’ responsibility to leverage the relevant FedRAMP
authorized Services and to select and maintain all State Data within the relevant authorized
regions in order to leverage the foregoing authorizations.
4. DATA LOCATION:
Eligible Public Entities shall utilize the AWS GovCloud(US) region as set forth in the AWS GovCloud
Terms, the Service Provider shall provide its Services to the State (including storage at rest) solely
from data centers in the continental United States. The Service Provider, except as directed by the
state, shall not allow its personnel or contractors to store State Data on portable devices, including
personal computers, except for devices that are used and kept only at its U.S. data centers. The
Service Provider shall permit its personnel and contractors to access State Data remotely only as
required to provide technical user support or other customer support, or as otherwise set forth in
the Service Agreement. The Service Provider may provide technical user support or other customer
support on a 24/7 basis using a Follow the Sun model, unless otherwise prohibited in this Contract.
5. SECURITY INCIDENT NOTIFICATION:
The Service Provider shall inform the State of any Security Incident related to State Data within
the possession or control of the Service Provider and related to the service provided under this
Contract.
a. Security Breach Reporting Requirements: If Service Provider has actual knowledge of the
unauthorized access to or acquisition of any record containing State Data that is subject to
applicable data breach notification law and such access or acquisition is caused by a confirmed
AWS Seller Direct IaaS and PaaS Special Provisions Page 3
breach of the security measures described in the Security Standards that renders misuse of the
information reasonably likely, Service Provider will (a) promptly notify the Eligible Public Entity,
as required by applicable law, and (b) take commercially reasonable measures to address the
breach in a timely manner.
b. Security Incident Reporting Requirements: If the Service Provider has actual knowledge of a
confirmed Security Incident, Service Provider shall (1) promptly notify the Eligible Public Entity
using the email address listed in the Eligible State Entity’s account within 72 hours or sooner,
after Service Provider confirms the Security Incident (provided the Eligible Public Entity’s
account is enrolled in a Business or Enterprise-level AWS Support plan), unless otherwise
required by court order, applicable law, or other legal requirement, and (2) take commercially
reasonable measures to mitigate the effects and to minimize any damage resulting from the
Security Incident in a timely manner.
6. SECURITY INCIDENT RESPONSIBILITIES:
If requested by the Eligible Public Entity by contacting the Service Provider Contracts Management
team at: aws-californiastate@amazon.com
(or other email address as may be specified by AWS),
Service Provider will provide the Eligible Public Entity with reasonable and appropriate details
relevant to the cause, nature and Eligible Public Entity impact of the Security Incident; provided that
Service Provider will not be required to provide this information if the Service Provider reasonably
determines the disclosure would prejudice Service Provider’s security or violate applicable law.
Service Provider will reasonably cooperate with Eligible Public Entities to support inquiries following
a Security Incident as permitted under the circumstances.
7. NOTIFICATION OF LEGAL REQUESTS:
Service Provider shall not respond to legal requests directed at the State on behalf of the State,
unless authorized in writing to do so by the State. Unless otherwise prohibited by law or relevant
court or governmental order, the Service Provider shall contact the State or relevant Eligible Public
Entity within a reasonable time before disclosing State Data in response to any electronic
discovery, litigation holds, discovery searches and expert testimonies directed at the Service
Provider requesting that the Service Provider disclose State Data under this Contract.
8. DATA PRESERVATION AND RETRIEVAL:
a. For ninety (90) days following the termination of this Contract (the “Transition Period”), Eligible
Public Entities will be entitled to retrieve any remaining State Data from the Services as set forth
in the Post-Termination Retrieval provisions of the Service Agreement.
b. The Transition Period may be modified in the SOW and/or SLA or as agreed upon in writing by
the parties in a Contract amendment.
c. During the Transition Period, access to the Services and State Data shall continue to be made
available to the State without alteration, except as specifically provided in the Service
Agreement.
d. During any period of suspension, the Service Provider shall not take any action to intentionally
erase any State Data except as necessary to maintain or provide the Services, or as necessary
to comply with the law or a binding order of a governmental body.
e. Except as specified in the Service Agreement, the Service Provider will impose no additional fees
for access and retrieval of State Data by the State during the Transition Period.
f. Eligible Public Entities are responsible for retrieving and/or deleting State Data stored using the
Services when no longer required, including when required by law, by taking such steps as are
within their control to destroy any State Data that includes personal information or to ensure that
such information is de-identified. The following process may be used by Eligible Public Entities
to delete State Data stored on the Services so that it will not be retrievable, readable or otherwise
AWS Seller Direct IaaS and PaaS Special Provisions Page 4
accessible:
(1) encrypt the State Data and destroy related encryption keys; and
(2) delete the State Data.
9. BACKGROUND CHECKS:
The Service Provider has in place pre-employment screening practices pertaining to criminal
background checks (as permitted by applicable law) for employees and contractors. Such checks
are commensurate with the employee’s or contractor’s position and level of access to the Service
Provider’s facilities. The Service Provider’s policies do not permit an employee or contractor to have
access to State Data if such employee or contractor has failed to pass relevant background checks.
10. ACCESS TO SECURITY LOGS AND REPORTS:
As described in the Documentation, the Services shall provide Eligible Public Entities with the ability
to produce reports regarding a history of all Application Program Interface (API) calls regarding the
relevant account that includes the identity of the API caller, the time of the API call, the source IP
address of the API caller, the request parameters and the response elements returned by the
Service Provider. The report will help the Eligible Public Entity perform security analysis, resource
change tracking, and compliance auditing.
11. CONTRACT AUDIT:
The Service Provider shall allow the State to audit conformance to the Contract terms as specified
in the General Provisions. The State may perform this audit or Contract with a third party at its
discretion and at the State’s expense.
12. DATA CENTER AUDIT:
From time to time, but at least once per year, the Service Provider shall retain external auditors to
verify its security measures (e.g., in a Statement on Standards for Attestation Engagements (SSAE)
No. 16 Service Organization Control (SOC) 2 Type II audit of its data centers, or its successor or
similar audit as determined by Service Provider) at its own expense. The Service Provider shall
provide a version of the report(s) issued by the external auditors (which may or may not be redacted)
upon request. The Service Provider may or may not remove its proprietary information from the
redacted version; the State acknowledges that such information is Confidential Information and
subject to the Mutual NDA (Exhibit C). If a request for the contents of, or other information relating
to, this Contract is made under the California Public Records Act, the Government will provide the
Service Provider with reasonable written notice to permit the Service Provider to prevent against
the disclosure of such information to the maximum extent permitted under applicable law.
13. CHANGE CONTROL AND ADVANCE NOTICE:
The Service Provider shall give advance notice to the State of any discontinuance of a Service or
functionality of a Service that it makes generally available to its customers, as specified in the
Service Agreement. Service Provider may change the features and functionality of the Services to
make improvements, address security requirements and comply with changes in law.
14. SECURITY PROCESSES:
Upon request, the Service Provider shall disclose its non-proprietary security processes and
technical limitations to the State. The State and the Service Provider shall understand each other’s
roles and responsibilities, which shall be set forth in the Service Agreement, SOW and/or SLA. The
Service Provider shall determine which non-proprietary processes and limitations are appropriate
and available for disclosure under this section.
15. IMPORT AND EXPORT OF DATA:
As described in the Documentation, the State shall have the ability to import or export data in
whole or in part at its discretion without interference from the Service Provider, except as
AWS Seller Direct IaaS and PaaS Special Provisions Page 5
prohibited by law or as otherwise provided in the Service Agreement. This includes the ability for
the State to import or export data to or from other Service Providers.
16. RESPONSIBILITIES AND UPTIME GUARANTEE:
The Service Provider shall be responsible for the acquisition and operation of all hardware, software
and network support related to the AWS Network (as defined in the Service Agreement)). The
technical and professional activities required for establishing, managing and maintaining the AWS
Network are the responsibility of the Service Provider. The Services shall be available as defined
in the Service Agreement and applicable SLAs.
17. REMOVAL OF INDIVIDUALS:
The State shall have the right at any time to request that the Service Provider remove from
interaction with State any Service Provider representative who the State believes is detrimental to
its working relationship with the Service Provider. The State shall provide the Service Provider with
notice of its request, and the reasons it requests the removal.
18. BUSINESS CONTINUITY AND DISASTER RECOVERY:
The Service Provider shall maintain and regularly test a business continuity and disaster recovery
program as it pertains to the Services.
19. WEB SERVICES:
The Service Provider shall use Web services exclusively to interface with State Data in near real
time when possible, or as mutually agreed in the SOW and/or SLA.
REMAINDER OF PAGE INTENTIONALLY LEFT BLANK
Page 1 of 11
EXHIBIT A: AWS Service Agreement
This AWS Service Agreement (this “Agreement”) is made and entered into and a part of contract no. 1-17-70-50A,
(“Contract”). In addition to other parts of the Contract, this Service Agreement applies to all Eligible Public Entities
(“Customer”).
In consideration of the mutual promises contained in this Agreement, AWS and Customer agree to all terms of the
Agreement effective as of the date of the Contract.
Defined terms used in this Agreement with initial letters capitalized have the meanings given in Section 13 below.
1. Use of the Service Offerings.
1.1 Generally. Customer may access and use the Service Offerings in accordance with this Agreement and
contract No. 1-17-70-50A between AWS and the State of California, acting by and through the California
Department of General Services (the “Contract”). Service Level Agreements may apply to certain Service
Offerings. Customer will comply with the terms of this Agreement and all laws, rules, and regulations applicable to
Customer’s use of the Service Offerings.
1.2 AWS Account
. To access the Services, Customer must create one or more AWS Enterprise Accounts. Unless
explicitly permitted by the Service Terms, Customer will only create one AWS Enterprise Account per email
address. Customer shall identify to AWS all Enterprise Accounts to be covered by this Agreement and the
Contract. For all AWS Enterprise Accounts, this Agreement supersedes any acceptance of the AWS Customer
Agreement by Customer or any of its employees acting on behalf of Customer. If Customer opens any AWS
accounts that do not meet the definition of an “AWS Enterprise Account,” those accounts will be governed by the
AWS Customer Agreement.
1.3 Third-Party Content. Third-Party Content may be used by Customer at Customer’s election. Third-Party
Content is governed by this Agreement unless accompanied by separate terms and conditions, which may include
separate fees and charges.
1.4 Eligible Public Entity. Any Eligible Public Entity (as defined in the Contract) may use the Service Offerings
under its own AWS Enterprise Account(s) under the terms of this Agreement and the Contract. “Public Entity”, as
used in this part, means the sate, county, city, city and county, district, public authority, public agency, municipal
corporation, or any other political subdivision or public corporation in the state.
2. Changes.
2.1 To the Service Offerings. AWS may change or discontinue any of the Service Offerings or change or remove
functionality of any or all of the Service Offerings from time to time. AWS will provide at least 12 months prior
Notice to Customer for any AWS Enterprise Accounts enrolled in AWS Support at the Developer-level tier or above
(or any successor service providing such communications alerts) if AWS decides to discontinue a Service or
functionality of a Service that it makes generally available to its customers, except that AWS will not be obligated to
provide such Notice if the discontinuation is necessary to address an emergency or threat to the security or
integrity of AWS, respond to claims,
litigation, or loss of license rights related to third-party intellectual property
rights, or comply with the law or requests of a government entity. Where AWS is excused from providing such
Notice for the reasons given in this Section, AWS will make commercially reasonable efforts to provide Notice to
Customer as is reasonably practicable under the circumstances.
2.2 To APIs. AWS may change or discontinue any APIs for the Services from time to time. For any change or
discontinuation of an API that is not also a discontinuation of a Service or a functionality of a Service, AWS will
continue supporting the previous version of such API for 12 months after the change or discontinuation (except if
doing so (a) would pose a security or intellectual property issue, (b) is technically infeasible, or (c) would prevent
AWS from complying with the law or requests of governmental entities).
2.3 To the Service Level Agreements. AWS may change or add Service Level Agreements from time to time, but
will provide 90 days advance Notice to Customer before materially reducing the benefits offered to Customer
under any of the Service Level Agreement(s) that are available as of the Effective Date.
Page 2 of 11
3. Privacy and Security.
3.1 AWS Security. AWS will implement reasonable and appropriate measures for the AWS Network (as
determined by AWS) designed to help Customer secure Customer Content against accidental or unlawful loss,
access or disclosure (the “Security Objectives”) in accordance with the AWS Security Standards. AWS may modify
the AWS Security Standards from time to time, but will continue to provide at least the same level of security as is
described in the AWS Security Standards on the Effective Date.
3.2 Data Privacy. Customer may specify the AWS regions in which Customer Content will be stored. Customer
consents to the storage of Customer Content in, and transfer of Customer Content into, the AWS regions Customer
selects. AWS will not access or use Customer Content except as necessary to maintain or provide the Service
Offerings, or as necessary to comply with the law or a binding order of a governmental body. AWS will not
(a) disclose Customer Content to any government or third party, or (b) subject to Section 3.3, move Customer
Content from the AWS regions selected by Customer; except in each case as necessary to comply with the law or a
binding order of a governmental body (such as a subpoena or court order). Unless it would be in violation of a
court order or other legal requirement, AWS will give Customer reasonable Notice of any legal requirement or
order referred to in this Section 3.2, to allow Customer to seek a protective order or other appropriate
remedy. AWS will only use Account Information in accordance with the Privacy Policy, and Customer consents to
such usage. The Privacy Policy does not apply to Customer Content.
3.3 Service Attributes. To provide billing and administration services, AWS may process Service Attributes in the
AWS region(s) where Customer uses the Service Offerings and the AWS regions in the United States. To provide
Customer with support services initiated by Customer and investigate fraud, abuse or violations of this Agreement,
AWS may process Service Attributes where AWS maintains its support and investigation personnel.
4. Customer Responsibilities.
4.1 Customer Accounts. Except to the extent caused by AWS’s breach of this Agreement, (a) Customer is
responsible for all activities that occur under its AWS Enterprise Accounts, regardless of whether the activities are
authorized by Customer or are undertaken by Customer, its employees or a third party (including without limitation
contractors, agents or End Users), and (b) AWS and its Affiliates are not responsible for unauthorized access to
Customer’s AWS Enterprise Accounts.
4.2 Customer Content. Customer will ensure that Customer Content, Customer Submissions or Customer/End
Users’ use of Customer Content, Customer Submissions or the Service Offerings will not violate any of the Policies
or any applicable law. Customer is solely responsible for the development, content, operation, maintenance, and
use of Customer Content and Customer Submissions. For example, Customer is solely responsible for:
(a) the technical operation of Customer Content, including ensuring that calls Customer makes to any Service
are compatible with then-current APIs for that Service, including any APIs AWS continues to support under
Section 2.2 of this Agreement;
(b) any claims relating to Customer Content or Customer Submissions; and
(c) properly handling and processing notices that are sent to Customer (or any Customer Affiliate) regarding
Customer Content or Customer Submissions, such as by any person claiming that Customer Content or Customer
Submissions violate such person’s rights, including notices pursuant to the Digital Millennium Copyright Act.
4.3 Customer’s Security and Redundancy. Customers have a variety of options to choose from when
configuring their accounts, and for all sensitive or otherwise valuable content AWS recommends that Customer
uses
strong security and redundancy features, such as access controls, encryption, and backup. Customer is
responsible for properly configuring and using the Service Offerings in a manner that provides security and
redundancy of its AWS Enterprise Accounts and Customer Content, such as, for example, using enhanced access
controls to prevent unauthorized access to AWS Enterprise Accounts and Customer Content, using encryption
technology to prevent unauthorized access to Customer Content, and ensuring the appropriate level of backup to
prevent loss of Customer Content.
4.4 Log-In Credentials and Account Keys. AWS log-in credentials and private keys generated by the Services are
for Customer’s internal use only and Customer may not sell, transfer or sublicense them to any other entity or
Page 3 of 11
person, except that Customer may disclose its private key to its agents and subcontractors (including any of its
Affiliates who are acting as an agent or subcontractor of Customer) performing work on behalf of Customer.
4.5 End Users. Customer is responsible for End Users’ use of Customer Content and the Service
Offerings. Customer will ensure that all End Users comply with Customer’s obligations under this Agreement and
that the terms of its agreement with each End User are not inconsistent with this Agreement. If Customer
becomes aware of any violation of its obligations under this Agreement by an End User, Customer will immediately
suspend access to Customer Content and the Service Offerings by such End User, person or entity. AWS does not
provide any support or services to End Users unless AWS has a separate agreement with Customer or an End User
obligating AWS to provide support or services. Customer is responsible for providing customer service (if any) to
End Users. The Customer receives Basic Support included with its AWS account and may engage in additional tiers
of support, as provided on the AWS Support website (or its successor site): (currently located at
https://aws.amazon.com/premiumsupport/).
5. Fees and Payment.
5.1 Service Fees. Unless otherwise stated on the AWS Site, AWS will invoice Customer at the end of each month
for all applicable fees and charges accrued for use of the Service Offerings, as described on the AWS Site, during the
month. Customer will pay AWS all invoiced amounts within 45 days of the date of the invoice (other than Disputed
Amounts). Payment will be made in accordance with the provisions of the California Prompt Payment Act,
including any provisions granting a contractor interest for late payments. For any Disputed Amounts, Customer will
provide Notice to AWS, including the basis for the dispute (including any supporting documentation), and the
parties will meet within 30 days of the date of the Notice to resolve the dispute. If the parties fail to resolve the
dispute within such 30 day period, AWS may, at its option, (a) suspend Customer’s or any End User’s right to access
or use any portion or all of the Service Offerings, immediately upon notice to Customer, and (b) terminate this
Agreement pursuant to Section 7.2(b). All amounts payable by Customer under this Agreement will be paid to AWS
without setoff or counterclaim and without deduction or withholding, provided that Disputed Amounts will be
handled as set forth above. Fees and charges for any new Service or new feature of a Service will be effective when
AWS posts updated fees and charges on the AWS Site, unless expressly stated otherwise in a Notice. AWS may
increase or add new fees and charges for any existing Service by giving Customer at least 60 days advance
Notice. .
5.2 Taxes. Each party will be responsible, as required under applicable law, for identifying and paying all taxes
and other governmental fees and charges (and any penalties, interest, and other additions thereto) that are
imposed on that party upon or with respect to the transactions and payments under this Agreement. All fees
payable by Customer are exclusive of Indirect Taxes. AWS may charge and Customer will pay applicable Indirect
Taxes that AWS is legally obligated or allowed to collect from Customer. Customer will provide such information to
AWS as reasonably required to determine whether AWS is obligated to collect Indirect Taxes from Customer. AWS
will not collect, and Customer will not pay, any Indirect Tax for which Customer furnishes AWS a properly
completed exemption certificate or a direct payment permit certificate for which AWS may claim an available
exemption from such Indirect Tax. All payments made by Customer to AWS under this Agreement will be made
free and clear of any withholding or deduction for taxes. If any such taxes (for example, international withholding
taxes) are required to be withheld on any payment, Customer will pay such additional amounts as are necessary so
that the net amount received by AWS is equal to the amount then due and payable under this Agreement. AWS
will provide Customer with such tax forms as are reasonably requested in order to reduce or eliminate the amount
of any withholding or deduction for taxes in respect of payments made under this Agreement.
6. Temporary Suspension
6.1 Generally. AWS may suspend Customer’s or any End User’s right to access or use any portion of or all of the
Service Offerings immediately upon Notice to Customer if AWS reasonably determines:
(a) Customer’s or an End User’s use of the Service Offerings (i) poses a security risk to the Service Offerings or
any third party, (ii) risks adversely impacting AWS’s systems, the Service Offerings or the systems or Content of any
other AWS customer, or (iii) risks subjecting AWS or its Affiliates to liability; or
(b) Customer or any End User is not in compliance with the Acceptable Use Policy or Section 8 of this
Agreement.
Page 4 of 11
AWS will use commercially reasonable efforts to restore Customer’s rights to use and access those portions of the
Service Offerings or accounts that gave rise to the suspension promptly after Customer has resolved the problem
giving rise to the suspension.
6.2 Effect of Suspension. If AWS suspends Customer’s right to access or use any portion of the Service
Offerings:
(a) Customer remains responsible for all fees and charges Customer incurs during the period of suspension;
and
(b) Customer will not be entitled to any service credits under the Service Level Agreements for any period of
suspension.
7. Term; Termination
7.1 Term. The term of this Agreement will commence on the Effective Date of the Contract and will remain in
effect until terminated pursuant to this Agreement. Any Notice of termination of this Agreement by either party to
the other must include a Termination Date.
7.2 Termination of Individual Enterprise Accounts.
(a) Termination for Convenience. Customer may terminate individual Enterprise Accounts for any reason by
providing AWS Notice.
(b) Termination for Cause.
(i) By Either Party. Either party may terminate individual Enterprise Accounts for cause if the other party is
in material breach of this Agreement and the material breach remains uncured for a period of 30 days from receipt
of Notice by the other party.
(ii) By AWS. AWS may also terminate individual Enterprise Accounts for cause upon 30 days Notice to
Customer: (A) if there is an act or omission by Customer or any End User that AWS has the right to suspend for
under Section 6 and, for those suspendable acts or omissions that are curable, Customer has not cured such
condition within such 30 day period; or (B) in order to comply with applicable law or requests of governmental
entities.
7.3 Effect of Termination.
(a) Generally. Upon the Termination Date:
(i) except as provided in Section 7.3(b), all of Customer’s rights under this Agreement immediately terminate;
(ii) Customer remains responsible for all fees and charges Customer has incurred through the Termination
Date;
(iii) Customer will immediately return or, if instructed by AWS, destroy all AWS Content in Customer’s
possession (except for AWS Content that is publicly available on the AWS Site); and
(iv) Sections 4, 5, 7.3, 8.1, 8.2, 8.4, 8.5, 9, 10, 11, 12 and 13 will continue to apply in accordance with their
terms.
(b) Post-Termination Retrieval of Customer Content. During the 90 days following the Termination Date,
AWS will not take action to remove any Customer Content as a result of the termination. In addition, during the 90
days following the Termination Date, AWS will allow Customer to retrieve any remaining Customer Content from
the Services, unless (i) prohibited by law or the order of a governmental or regulatory body or it could subject AWS
or its Affiliates to liability, or (ii) Customer has not paid all amounts due under this Agreement, other than Disputed
Amounts. For any use of the Services during the 90 days following the Termination Date, the terms of this
Agreement will apply and Customer will pay the applicable fees at the rates under Section 5. No later than the end
of this 90-day period, Customer will close all AWS Enterprise Accounts, unless the parties agree on additional time.
8. Proprietary Rights.
Page 5 of 11
8.1 Customer Content. As between Customer and AWS, Customer (or Customer’s licensors) own all right, title,
and interest in and to Customer Content. Except as provided in this Agreement, AWS obtains no rights under this
Agreement from Customer (or Customer’s licensors) to Customer Content.
8.2 Customer Submissions. Customer Submissions will be governed by the terms of the Apache License, Version
2.0, unless Customer requests and AWS consents in writing to another license supported by AWS.
8.3 Service Offerings License. As between Customer and AWS, AWS, its Affiliates or its licensors own all right,
title, and interest in and to the Service Offerings, and all related technology and intellectual property
rights. Subject to the terms of this Agreement, AWS grants Customer a limited, revocable, non-exclusive, non-
sublicensable, non-transferrable license to do the following during the Term: (a) access and use the Services solely
in accordance with this Agreement; and (b) copy and use the AWS Content solely in connection with Customer’s
permitted use of the Services. Except as provided in this Section 8.3, Customer obtains no rights under this
Agreement from AWS, its Affiliates, or their licensors to the Service Offerings, including without limitation any
related intellectual property rights. Some AWS Content may be provided to Customer under a separate license,
such as the Apache License, Version 2.0, which will be identified to Customer in the notice file or on the download
page, in which case that license will govern Customer’s use of that AWS Content.
8.4 License Restrictions. Neither Customer nor any End User may use the Service Offerings in any manner or for
any purpose other than as expressly permitted by this Agreement. Neither Customer nor any End User may, or
may attempt to (a) modify, alter, tamper with, repair, or otherwise create derivative works of any Content included
in the Service Offerings (except to the extent Content included in the Service Offerings are provided to Customer
under a separate license that expressly permits the creation of derivative works), (b) reverse engineer,
disassemble, or decompile the Service Offerings or apply any other process or procedure to derive the source code
of any software included in the Service Offerings, (c) access or use the Service Offerings in a way intended to avoid
incurring fees or exceeding usage limits or quotas, or (d) resell or sublicense the Service Offerings. During and after
the Term, Customer will not assert, nor will Customer authorize, assist, or encourage any third party to assert, any
intellectual property infringement claim regarding any Service Offerings Customer has used. Customer may only
use the AWS Marks in accordance with the Trademark Use Guidelines. Customer will not misrepresent or
embellish the relationship between AWS and Customer (including by expressing or implying that AWS supports,
sponsors, endorses, or contributes to Customer or Customer’s business endeavors). Customer will not imply any
relationship or affiliation between AWS and Customer except as expressly permitted by this Agreement.
8.5 Suggestions. If Customer elects to provide any Suggestions to AWS or its Affiliates, AWS and its Affiliates will
be entitled to use the Suggestions without restriction. Customer hereby irrevocably assigns to AWS all right, title,
and interest in and to the Suggestions.
9. Customer Representations, Warranties and Covenants.
9.1 Customer Commitments. Customer represents, warrants and covenants that (i) Customer and any End
Users’ use of the Service Offerings (including any activities under a Customer Account and use by Customer’s
employees and personnel), Customer Content and Customer Submissions will not violate this Agreement or
applicable law; (ii) Customer Content or Customer Submissions, the combination of Customer Content or Customer
Submissions with other applications, content or processes, or the use, development, design, production,
advertising or marketing of Customer Content or Customer Submissions, do not and will not infringe or
misappropriate any third-party rights; and (iii) Customer’s use of the Service Offerings will not cause harm to any
End Users.
9.2 Process. AWS will promptly notify Customer of any claim subject to Section 9.1, but if AWS fails to promptly
notify Customer, this will only affect Customer’s obligations under Section 9.1 to the extent that AWS’s failure
prejudices Customer’s ability to defend the claim. Customer may: (a) use counsel of its own choosing to defend
against any claim; and (b) settle the claim as Customer deems appropriate.
10. AWS Warranties and Warranty Disclaimers.
10.1 AWS Warranties. AWS represents and warrants to Customer that the Services will perform substantially in
accordance with the Documentation.
Page 6 of 11
10.2 Warranty Disclaimers. EXCEPT AS EXPRESSLY SET FORTH IN SECTION 10.1 (AWS WARRANTIES) AND
SECTION 12 OF THE GENERAL PROVISIONS (“WARRANTY”), THE SERVICE OFFERINGS ARE PROVIDED “AS IS.”
EXCEPT TO THE EXTENT PROHIBITED BY LAW, AWS, ITS AFFILIATES AND ITS LICENSORS MAKE NO OTHER
REPRESENTATIONS OR WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE,
REGARDING THE SERVICE OFFERINGS OR THE THIRD-PARTY CONTENT, AND DISCLAIM ALL OTHER WARRANTIES,
INCLUDING ANY IMPLIED OR EXPRESS WARRANTIES (A) OF MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS
FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, OR QUIET ENJOYMENT, (B) ARISING OUT OF ANY COURSE OF
DEALING OR USAGE OF TRADE, (C) THAT THE SERVICE OFFERINGS OR THIRD-PARTY CONTENT WILL BE
UNINTERRUPTED, ERROR FREE, OR FREE OF HARMFUL COMPONENTS, AND (D) THAT ANY CONTENT, INCLUDING
CUSTOMER CONTENT OR THIRD-PARTY CONTENT, WILL BE SECURE OR NOT OTHERWISE LOST OR DAMAGED.
11. Limitations of Liability.
11.1 Liability Disclaimers. EXCEPT FOR PAYMENT OBLIGATIONS ARISING UNDER SECTION 9 ( CUSTOMER
REPRESENTATIONS, WARRANTIES, AND COVENANTS), NEITHER PARTY NOR ANY OF THEIR AFFILIATES OR
LICENSORS WILL BE LIABLE TO THE OTHER PARTY UNDER ANY CAUSE OF ACTION OR THEORY OF LIABILITY, EVEN IF
A PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, FOR (A) INDIRECT, INCIDENTAL, SPECIAL,
CONSEQUENTIAL OR EXEMPLARY DAMAGES, (B) THE VALUE OF LOST DATA, LOSS OF PROFITS, REVENUES,
CUSTOMERS, OPPORTUNITIES, OR GOODWILL, OR (C) UNAVAILABILITY OF THE SERVICE OFFERINGS (THIS DOES
NOT LIMIT ANY SERVICE CREDITS THAT MAY BE AVAILABLE UNDER THE SERVICE LEVEL AGREEMENTS OR TO AWS’S
COMMITMENTS UNDER SECTION 10.1).
11.2 Damages Cap. EXCEPT FOR PAYMENT OBLIGATIONS ARISING UNDER SECTION 9 (CUSTOMER
REPRESENTATIONS, WARRANTIES, AND COVENANTS), THE AGGREGATE LIABILITY UNDER THIS AGREEMENT OF
EITHER PARTY AND ANY OF THEIR RESPECTIVE AFFILIATES OR LICENSORS WILL NOT EXCEED THE LESSER OF (A) THE
AMOUNTS PAID BY CUSTOMER TO AWS UNDER THIS AGREEMENT FOR THE SERVICE THAT GAVE RISE TO THE
LIABILITY DURING THE 12 MONTHS BEFORE THE LIABILITY AROSE, OR (B) USD $20,000,000; PROVIDED, HOWEVER
THAT NOTHING IN THIS SECTION 11 WILL LIMIT CUSTOMER’S OBLIGATION TO PAY AWS FOR CUSTOMER’S USE OF
THE SERVICE OFFERINGS PURSUANT TO SECTION 5, OR ANY OTHER PAYMENT OBLIGATIONS UNDER THIS
AGREEMENT.
12. Miscellaneous.
12.1 [RESERVED]
12.2 [RESERVED]
12.3 Entire Agreement. This Agreement incorporates the Policies by reference and is a part of the Contract as
Exhibit A. Except to the extent specified in the Contract, AWS will not be bound by any term, condition or other
provision which is different from or in addition to the provisions of this Agreement (whether or not it would
materially alter this Agreement) including for example, any term, condition or other provision (a) submitted by
Customer in any order, receipt, acceptance, confirmation, correspondence or other document, (b) related to
any online registration, response to any Request for Bid, Request for Proposal, Request for Information, or other
questionnaire, or (c) related to any invoicing process that Customer submits or requires AWS to complete. If the
terms of this document are inconsistent with the terms contained in any Policy, the terms contained in this
document will control, except that the Service Terms will control over this document.
12.4 [RESERVED]
12.5 [RESERVED]
12.6 Import and Export Compliance. In connection with this Agreement, each party will comply with all
applicable import, re-import, export, and re-export control laws and regulations, including the Export
Administration Regulations, the International Traffic in Arms Regulations, and country-specific economic sanctions
programs implemented by the Office of Foreign Assets Control. Customer is solely responsible for compliance with
applicable laws related to the manner in which Customer chooses to use the Service Offerings, including (i)
Customer’s transfer and processing of Customer Content, (ii) the provision of Customer Content to End Users, and
(iii) specifying the AWS region in which any of the foregoing occur.
Page 7 of 11
12.7 [RESERVED]
12.8 Language. All communications and Notices made or given pursuant to this Agreement must be in the English
language. If AWS provides a translation of the English language version of this Agreement, the English language
version of the Agreement will control if there is any conflict.
12.9 Nondisclosure. The NDA is incorporated by reference into this Agreement, except that the security
provisions in Section 3, not the NDA, apply to Customer Content.
12.10 Notice.
(a) General. Except as otherwise set forth in Section 12.10(b), to give notice to a party under this Agreement,
each party must contact the other party as follows: (i) by facsimile transmission; or (ii) by personal delivery,
overnight courier or registered or certified mail. Notices must be sent to the contract party listed by each
Individual Enterprise Account associated with this Agreement or such other contact information as a party may
subsequently designate in a notice to the other party. Notices provided by personal delivery will be effective
immediately. Notices provided by facsimile transmission or overnight courier will be effective one business day
after they are sent. Notices provided by registered or certified mail will be effective three business days after they
are sent.
(b) Electronic Notice. AWS may provide notice to Customer: (i) under Sections 2.3 or 5.1 by (A) sending a
message to the email address then associated with at least one of Customer’s AWS Enterprise Accounts, or
(B) posting a notice on the AWS Site, (ii) under Section 6.1 by sending a message to the email address then
associated with Customer’s applicable AWS Enterprise Account, and (iii) under Section 2.1 by sending a message to
the email address then associated with at least one of Customer’s AWS Enterprise Accounts (or such other email
address as agreed upon by the parties) or via a support case. Any notices provided by posting on the AWS Site will
be effective upon posting and notices provided by email will be effective when AWS sends the email.
12.11 No Third-Party Beneficiaries. Except as set forth in Section 9.1, this Agreement does not create any third
party beneficiary rights in any individual or entity that is not a party to this Agreement.
12.12 No Waivers. The failure by either party to enforce any provision of this Agreement will not constitute a
present or future waiver of such provision nor limit such party’s right to enforce such provision at a later time. All
waivers by a party must be provided in a Notice to be effective.
12.13 [RESERVED]
13. Definitions. Defined terms used in this Agreement with initial letters capitalized have the meanings given
below:
“Acceptable Use Policy” means the policy currently available at http://aws.amazon.com/aup (and any successor or
related locations designated by AWS), as it may be updated by AWS from time to time.
“Account Information” means information about Customer that Customer provides to AWS in connection with the
creation or administration of an AWS Enterprise Account. For example, Account Information includes names,
usernames, phone numbers, email addresses and billing information associated with an AWS Enterprise Account.
“Affiliate” means any entity that directly or indirectly controls, is controlled by or is under common control with
that party.
“API” means an application program interface.
“AWS Content” means Content that AWS or any of its Affiliates makes available in connection with the Services or
on the AWS Site to allow access to and use of the Services, including APIs; WSDLs; sample code; software libraries;
command line tools; proofs of concept, templates, and other related technology (including but not limited to any of
the foregoing that are provided by any AWS personnel). AWS Content does not include the Services or Third-Party
Content.
“AWS Customer Agreement” means AWS’s standard user agreement posted on the AWS Site at
http://aws.amazon.com/agreement (and any successor or related locations designated by AWS), as may be
updated by AWS from time to time.
Page 8 of 11
“AWS Enterprise Account” means an AWS account opened by Customer using a Customer-issued email address
(with an email domain name that is owned by Customer) that includes Customer’s full legal name in the “Company
Name” field associated with the AWS account and other designating information as mutually agreed by the parties.
“AWS Marks” means any trademarks, service marks, service or trade names, logos, and other designations of AWS
and its Affiliates that AWS may make available to Customer in connection with this Agreement.
“AWS Network” means AWS’s data center facilities, servers, networking equipment, and host software systems
(e.g., virtual firewalls) that are within AWS’s control and are used to provide the Services.
“AWS Security Standards” means the security standards attached to this Agreement as Attachment A.
“AWS Site” means http://aws.amazon.com (and any successor or related locations designated by AWS), as may be
updated by AWS from time to time.
“Content” means software (including machine images), data, text, audio, video, or images.
“Customer Content” means Content that Customer or any End User transfers to AWS for processing, storage or
hosting by the Services in connection with an AWS Enterprise Account and any computational results that
Customer or any End User derive from the foregoing through its use of the Services. For example, Customer
Content includes Content that Customer or any End User stores in Amazon Simple Storage Service. Customer
Content does not include Account Information.
“Customer Submissions” means Content that Customer posts or otherwise submits to developer forums, sample
code repositories, public data repositories, community-focused areas of the AWS Site, or any other part of the AWS
site that allows third parties to make available software, products, or data.
“Disputed Amounts” means amounts disputed by Customer in a Notice and in good faith as billing errors.
“Documentation” means the user guides and admin guides (in each case exclusive of content referenced via
hyperlink) for the Services located at http://aws.amazon.com/documentation (and any successor or related
locations designated by AWS), as such user guides and admin guides may be updated by AWS from time to time.
“End User” means any individual or entity that directly or indirectly through another user: (a) accesses or uses
Customer Content; or (b) otherwise accesses or uses the Service Offerings under an AWS Enterprise Account. The
term “End User” does not include individuals or entities when they are accessing or using the Services or any
Content under their own account, rather than an AWS Enterprise Account.
“Indirect Taxes” means applicable taxes and duties, including, without limitation, VAT, GST, excise taxes, sales and
transactions taxes, and gross tax receipts.
“Losses” means any claims, damages, losses, liabilities, costs and expenses (including reasonable attorneys’ fees).
“NDA” means the Mutual Nondisclosure Agreement between Customer and Amazon.com, Inc., dated
[____________], 20__.
“Notice” means any notice provided in accordance with Section 12.10.
“Policies” means the Acceptable Use Policy, Privacy Policy, the Terms of Use, the Service Terms, the Trademark Use
Guidelines, all restrictions described in the AWS Content and on the AWS Site, and any other policy or terms
referenced in or incorporated into this Agreement, but does not include whitepapers or other marketing materials
referenced on the AWS Site.
“Privacy Policy” means the privacy policy currently referenced at http://aws.amazon.com/privacy (and any
successor or related locations designated by AWS), as may be updated by AWS from time to time.
“Service” means each of the services made available by AWS or its Affiliates for which Customer registers via the
AWS Site, including those web services described in the Service Terms. Services do not include Third-Party
Content.
“Service Attributes” means Service usage data related to an AWS Enterprise Account, such as resource identifiers,
metadata tags, security and access roles, rules, usage policies, permissions, usage statistics and analytics.
Page 9 of 11
“Service Level Agreement” means all service level agreements that AWS offers with respect to the Services and
post on the AWS Site, as they may be updated by AWS from time to time. The service level agreements that AWS
currently offers with respect to the Services are located at https://aws.amazon.com/legal/service-level-agreements
(and any successor or related locations designated by AWS), as may be updated by AWS from time to time.
“Service Offerings” means the Services, the AWS Content, the AWS Marks, and any other product or service
provided by AWS under this Agreement. Service Offerings do not include Third-Party Content.
“Service Terms” means the rights and restrictions for particular Services located at
http://aws.amazon.com/serviceterms (and any successor or related locations designated by AWS), as may be
updated by AWS from time to time.
“Suggestions” means all suggested improvements to the Service Offerings that Customer provides to AWS.
“Term” means the term of this Agreement described in Section 7.1.
“Termination Date” means the effective date of termination provided in accordance with Section 7, in a Notice
from one party to the other.
“Terms of Use” means the terms of use located at http://aws.amazon.com/terms/ (and any successor or related
locations designated by AWS), as may be updated by AWS from time to time.
“Third-Party Content” means Content of a third party made available on the AWS Marketplace or on developer
forums, sample code repositories, public data repositories, community-focused areas of the AWS Site, or any other
part of the AWS site that allows third parties to make available software, products, or data.
“Trademark Use Guidelines” means the guidelines and trademark license located at
http://aws.amazon.com/trademark-guidelines/ (and any successor or related locations designated by AWS), as may
be updated by AWS from time to time.
Page 10 of 11
Attachment A
AWS Security Standards
Capitalized terms not otherwise defined in this document have the meanings assigned to them in the applicable
AWS Service Agreement.
1. Information Security Program. AWS will maintain an information security program (including the adoption
and enforcement of internal policies and procedures) designed to (a) satisfy the Security Objectives,
(b) identify reasonably foreseeable and internal risks to security and unauthorized access to the AWS
Network, and (c) minimize security risks, including through risk assessment and regular testing. AWS will
designate one or more employees to coordinate and be accountable for the information security
program. The information security program will include the following measures:
1.1 Network Security. The AWS Network will be electronically accessible to employees, contractors and
any other person as necessary to provide the Services. AWS will maintain access controls and policies
to manage what access is allowed to the AWS Network from each network connection and user,
including the use of firewalls or functionally equivalent technology and authentication controls. AWS
will maintain corrective action and incident response plans to respond to potential security threats.
1.2 Physical Security
1.2.1 Physical Access Controls. Physical components of the AWS Network are housed in nondescript
facilities (the “Facilities”). Physical barrier controls are used to prevent unauthorized entrance
to the Facilities both at the perimeter and at building access points. Passage through the
physical barriers at the Facilities requires either electronic access control validation (e.g., card
access systems, etc.) or validation by human security personnel (e.g., contract or in-house
security guard service, receptionist, etc.). Employees and contractors are assigned photo-ID
badges that must be worn while the employees and contractors are at any of the
Facilities. Visitors are required to sign-in with designated personnel, must show appropriate
identification, are assigned a visitor ID badge that must be worn while the visitor is at any of
the Facilities, and are continually escorted by authorized employees or contractors while
visiting the Facilities.
1.2.2 Limited Employee and Contractor Access. AWS provides access to the Facilities to those
employees and contractors who have a legitimate business need for such access
privileges. When an employee or contractor no longer has a business need for the access
privileges assigned to him/her, the access privileges are promptly revoked, even if the
employee or contractor continues to be an employee of AWS or its affiliates.
1.2.3 Physical Security Protections. All access points (other than main entry doors) are maintained
in a secured (locked) state. Access points to the Facilities are monitored by video surveillance
cameras designed to record all individuals accessing the Facilities. AWS also maintains
electronic intrusion detection systems designed to detect unauthorized access to the Facilities,
including monitoring points of vulnerability (e.g., primary entry doors, emergency egress doors,
roof hatches, dock bay doors, etc.) with door contacts, glass breakage devices, interior motion-
detection, or other devices designed to detect individuals attempting to gain access to the
Facilities. All physical access to the Facilities by employees and contractors is logged and
routinely audited.
2. Continued Evaluation. AWS will conduct periodic reviews of the security of its AWS Network and adequacy
of its information security program as measured against industry security standards and its policies and
procedures. AWS will continually evaluate the security of its AWS Network and associated Services to
determine whether additional or different security measures are required to respond to new security risks
or findings generated by the periodic reviews.
3. Security Breach Notification. If AWS has actual knowledge of the unauthorized access to or acquisition of
any record containing Customer Content that is subject to applicable data breach notification law and such
Page 11 of 11
access or acquisition is caused by a confirmed breach of the security measures described in these AWS
Security Standards that renders misuse of the information reasonably likely, AWS will (a) promptly notify
Customer, as required by applicable law, and (b) take commercially reasonable measures to address the
breach in a timely manner.”
Page 1 of 2
EXHIBIT B: AWS GovCloud(US) Terms and Conditions
Last Updated: June 9, 2016
These AWS GovCloud(US) terms and conditions (these “Terms”) contain the terms and conditions that govern your access to and use
of the Service Offerings in the AWS GovCloud(US) region. These Terms represent an agreement between Amazon Web Services, Inc.
(“AWS,” “we,” “us,” or “our”) and you or the entity that you represent (“you,” “your”, or “Customer”) and incorporate any
additional terms that apply to your use of the Service Offerings, including the AWS Customer Agreement available at
http://aws.amazon.com/agreement
(as updated from time to time) or other agreement between you and us (“Agreement”). You
represent to us that you are lawfully able to enter into contracts and if you are entering into these Terms for an entity, such as the
entity or company you work for, you represent to us that you have legal authority to bind that entity. These Terms take effect when
you click an “I Accept” button or check box presented with these Terms or, if earlier, when you use any of the Service Offerings that
are the subject of these Terms. Unless otherwise defined in these Terms, all capitalized terms used in these Terms will have the
meanings ascribed to them in the Agreement. The parties agree as follows:
1. AWS Security. Without limiting Sections 4 or 10 of the Agreement, AWS will implement reasonable and appropriate
measures for the AWS Network in the AWS Govcloud (US) region in accordance with the AWS GovCloud (US) Security
Standards designed to: (i) help you secure Your Content/Customer Content (“Your Content”) against accidental or unlawful
loss, access or disclosure; (ii) implement the in-scope Federal Risk and Authorization Management Program (“FedRAMP”)
High controls in accordance with the Documentation for the Services identified as FedRamp High compliant; and (iii)
maintain physical and logical access controls to limit access to the AWS Network by AWS personnel, including employees
and contractors, to U.S. persons, as defined by 22 CFR part 120.15 (“U.S. Persons”) ((i), (ii) and (iii) collectively the “Security
Objectives”).
2. [RESERVED]
3. U.S. Persons Restricted Access. The AWS GovCloud(US) region is the only AWS region that has physical and logical access
controls that limit AWS Personnel access to the AWS Network by individuals who are U.S. Persons.
4. Your Obligations.
a. Representations and Warranties. You represent and warrant that you: (i) are a U.S. Person; (ii) will only assign a
U.S. Person as your account owner for the AWS GovCloud(US) region; (iii) if required by the International Traffic In
Arms Regulations (“ITAR”), have and will maintain a valid Directorate of Defense Trade Controls registration; (iv)
are not subject to export restrictions under U.S. export control laws and regulations (e.g. you are not a denied or
debarred party or otherwise subject to sanctions); and (iv) maintain an effective compliance program to ensure
compliance with applicable U.S. export control laws and regulations, including the ITAR. If requested by AWS, you
agree to provide AWS with additional documentation and cooperation to verify the accuracy of the
representations and warranties set forth in this Section.
b. Your Responsibilities. You are responsible for all physical and logical access controls beyond the AWS Network
including, but not limited to, your account access, data transmission, encryption, and appropriate storage and
processing of data within the AWS GovCloud (US) region. You are responsible for verifying that all End Users
accessing Your Content in the AWS GovCloud (US) region are eligible to gain access to Your Content. The Services
may not be used to process or store classified data. If you introduce classified data into the AWS Network, you will
be responsible for all sanitization costs incurred by AWS. Your liability under this provision is exempt from any
limitations of liability.
Page 2 of 2
5. Definitions.
“AWS Network” means AWS’s data center facilities, servers, networking equipment, and host software systems
(e.g., virtual firewalls) that are within AWS’s control and are used to provide the Services.
“End User” means any entity, person, or United States Federal, State or Local Government agency that directly or
indirectly through another user: (a) accesses or uses Your Content; or (b) otherwise accesses or uses the Service
Offerings under your account. The term “End User” does not include individuals or entities when they are
accessing or using the Services or any Content under their own account, rather than your account.
6. [RESERVED]
7. [RESERVED]
Page 1
EXHIBIT C: MUTUAL NONDISCLOSURE AGREEMENT
This Mutual Nondisclosure Agreement (this
“Agreement”), effective as of May 15, 2017 (the
“Effective Date”), is made between Amazon.com, Inc., a
Delaware corporation (“Amazon.com”), and the
California Department of General Services, a public
entity (“Company”). In connection with the parties’
commercial relationship or discussions about a possible
relationship or transaction (the “Relationship”), each
party may receive confidential information from the other
party. Accordingly, Amazon.com and Company hereby
agree as follows:
1. Affiliates; Confidential Information. The term
“Affiliate” means, with respect to either party, any entity
that directly or indirectly controls, is controlled by or is
under common control with that party, and the term
“Confidential Information” means all nonpublic
information concerning the Relationship disclosed by
either party, its Affiliates, or their agents (as applicable,
such entities collectively, the “Disclosing Party”) to the
other party, its Affiliates, or their agents (collectively, the
“Receiving Party”) that is designated as confidential or
that, given the nature of the information or the
circumstances surrounding its disclosure, reasonably
should be considered as confidential. Confidential
Information includes, without limitation (i) nonpublic
information relating to the Disclosing Party’s technology,
products, services, processes, data, customers, business
plans and methods, promotional and marketing activities,
finances and other business affairs, and (ii) third-party
information that the Disclosing Party is obligated to keep
confidential.
2. Exclusions. Confidential Information does not
include any information that (i) is or becomes publicly
available without breach of this Agreement (provided,
however, information that is rumored or reported does not
become public based only on such rumors or reports), (ii)
was known by the Receiving Party prior to its receipt
from the Disclosing Party, (iii) is disclosed to the
Receiving Party from any third party, except where the
Receiving Party knows, or reasonably should know, that
such disclosure constitutes a wrongful or tortious act, or
(iv) is independently developed by the Receiving Party
without use of any Confidential Information.
3. Use and Disclosure of Confidential
Information. The Receiving Party will use Confidential
Information only in connection with the Relationship.
Except as provided in this Agreement or to the extent
provided by applicable law, the Receiving Party will not
disclose Confidential Information to anyone without the
Disclosing Party’s prior written consent, except from
disclosure under the California Public Records Act and
similar laws requiring disclosure. The Receiving Party
will take reasonable measures to avoid disclosure,
dissemination or unauthorized use of Confidential
Information. If a request for the contents of, or other
information relating to, this Agreement is made under the
California Public Records Act or applicable law,
Company will provide Amazon.com with reasonable
written notice to permit Amazon.com to prevent the
disclosure of such information to the maximum extent
permitted under applicable law.
4. Receiving Party Personnel; Affiliates. The
Receiving Party will restrict the possession, knowledge
and use of Confidential Information to its directors,
officers, employees, contractors, agents, legal and
accounting advisers, and entities controlled by the
Receiving Party (collectively, “Personnel”) who (i) have
a need to know Confidential Information in connection
with the Relationship, (ii) are informed of the confidential
nature of the Confidential Information, and (iii) have
obligations with respect to the Confidential Information
that are consistent with this Agreement. Each of
Amazon.com and the Company will ensure that its
Affiliates comply with this Agreement.
5. Disclosures to Governmental Entities. The
Receiving Party may disclose Confidential Information as
required to comply with official requests for information
or orders of governmental entities that have jurisdiction
over it or as otherwise required by law.
6. Ownership of Confidential Information. All
Confidential Information will remain the exclusive
property of the Disclosing Party. The Disclosing Party’s
disclosure of Confidential Information will not constitute
an express or implied grant to the Receiving Party of any
rights to or under the Disclosing Party’s patents,
copyrights, trade secrets, trademarks or other intellectual
property rights. Except to the extent permitted by
applicable law in the absence of any express license or
other grant of rights, neither party will use any trade
name, trademark, logo or any other proprietary rights of
the other party (or any of its Affiliates) in any manner
without prior written authorization of such use by a Vice
President of such other party.
7. Notice of Unauthorized Use. The Receiving
Party will notify the Disclosing Party promptly upon
discovery of any unauthorized use or disclosure of
Page 2
Confidential Information or any other breach of this
Agreement by the Receiving Party. The Receiving Party
will cooperate with the Disclosing Party to help the
Disclosing Party regain possession of such Confidential
Information and prevent its further unauthorized use and
disclosure.
8. Return of Confidential Information. Subject to
compliance with orders of governmental entities that have
jurisdiction over it or as otherwise required by law, the
Receiving Party will return or destroy all tangible
materials or portions thereof constituting Confidential
Information (including, without limitation, all summaries,
copies and excerpts of Confidential Information)
promptly following the Disclosing Party’s written
request.
9. Injunctive Relief. The Receiving Party
acknowledges that a breach of its obligations under this
Agreement could cause irreparable harm to the Disclosing
Party as to which monetary damages may be difficult to
ascertain or an inadequate remedy. The Receiving Party
therefore agrees that the Disclosing Party will have the
right, in addition to its other rights and remedies, to seek
injunctive relief for any violation of this Agreement.
10. Scope; Termination. This Agreement covers
Confidential Information disclosed by the Disclosing
Party on and after the Effective Date. This Agreement
automatically will terminate upon the earlier of (i)
termination of all written agreements between the parties
or their Affiliates regarding the Relationship, or (ii) if no
agreements are executed, termination of discussions
between the parties or their Affiliates regarding the
Relationship or delivery of written notice terminating this
Agreement; provided, however
, that (i) each party’s
obligations with respect to the other party’s Confidential
Information will survive for three (3) years following
termination, and (ii) Sections 6, 9, 10, and 11 will survive
indefinitely.
11. Miscellaneous.
11.1 This Agreement constitutes the entire agreement
between the parties relating to the matters discussed
herein and supersedes all prior communications and
agreements between the parties with respect thereto. This
Agreement may be amended, modified, or waived only
with the mutual written consent of the parties hereto. This
Agreement will not be assignable by either party without
the prior written consent of the other party; provided that
prior written consent will not be required for any
assignment by a party to an Affiliate. Subject to the
limitations set forth in this Agreement, this Agreement
will inure to the benefit of and be binding upon the parties
and their respective successors and assigns.
11.2 The Disclosing Party acknowledges that the
Receiving Party may now have, or in the future may
develop or receive, information that is the same as, or
similar to, Confidential Information without having
breached this Agreement. Nothing in this Agreement (a)
prevents the Receiving Party from using, for any purpose
and without compensating the Disclosing Party,
information retained in the memory of the Receiving
Party’s Personnel who have had access to Confidential
Information or (b) obligates the Receiving Party to
restrict the scope of employment of the Receiving Party’s
Personnel; provided, however, that this section does not
create a license under any copyright or patent of the
Disclosing Party.
11.3 If a provision of this Agreement is held invalid under
any applicable law, such invalidity will not affect any
other provision of this Agreement that can be given effect
without the invalid provision. Further, all terms and
conditions of this Agreement will be deemed enforceable
to the fullest extent permissible under applicable law,
and, when necessary, the court is requested to reform any
and all terms or conditions to give them such effect.
11.4 This Agreement will be governed by internal laws of
the State of California, without reference to its choice of
law rules. Exclusive jurisdiction over and venue of any
suit arising out of or relating to this Agreement will be in
the state and federal courts located in Sacramento County,
Sacramento, California, and each of the parties hereto
consents to the personal jurisdiction of, and venue in,
those courts.
11.5 All notices hereunder will be given in writing, will
refer to this Agreement and will be personally delivered
or sent by overnight courier, electronic mail, or registered
or certified mail (return receipt requested) to the address
set forth below the parties’ signatures at the end this
Agreement.
The parties have executed this Agreement as of the
Effective Date.
Page 3
Amazon.com, Inc.
By: _____________________, its _________________
Print Name: ___________________________________
Date Signed: __________________________________
Courier: 410 Terry Ave. N., Seattle, WA 98109-5210
Mail: P.O. Box 81226, Seattle, WA 98108-1226
Email: contracts-legal@amazon.com
Attention: General Counsel
Company: California Department of General Services
By: _____________________, its _________________
Print Name: ___________________________________
Date Signed: __________________________________
Mail: ________________________________________
Email: _______________________________________
Attention: ____________________________________
Contract Pricing
Contract 1-17-70-50A
Attachment 1
Contractor JHC Technology
Contract Line
Item # (CLIN)
Item Description Contract Discount
1 AWS Infrastructure as a Service 11.00%
2 AWS Platform as a Service 11.00%
6/15/2017
Index Price Location: https://aws.amazon.com/products
Contract 1-17-70-50A Attachment 2
Technical Requirements
The Contractor shall offer services in their catalogs that meet or exceed all
mandatory requirements detailed below.
1. Application Programming Interfaces
The Contractor’s IaaS and PaaS must provide open Application Programming
Interfaces (API) that provide the capability to:
a. Migrate workloads between the public cloud and the State’s private on-
premise cloud where CDT acts as the broker of those services and has the
ability to logically separate individual customers;;
b. Define networks, resources and templates within a multi-tenant environment
with the use of available APIs;
c. Provision and de-provision virtual machines and storage within a multi-tenant
environment;
d. Add, remove and modify computing resources for virtual machines within a
multi-tenant environment;
e. Add, remove and modify object and block storage within a multi-tenant
environment;
f. Retrieve financial and billing information that provides detailed information for
each CDT customer subscriber;
g. Retrieve performance indicators for all workloads in the multi-tenant
environment;
h. Retain all workloads and support within the U.S.;
i. Retrieve log data from all workloads; and
j. Provide the ability to model potential workloads to determine cost of services.
2. Environment
The Contractor’s cloud environment must have the ability to:
a. Provide a multi-tenant environment that supports a parent/child administrative
relationship that enables the CDT (parent) to programmatically apply
compliance and regulatory requirements and standards down to the child
(CDT customers) entities;
b. Provide FIPS 140-2 complaint cryptographic modules –
http://csrc.nist.gov/groups/STM/cmvp/standards.html;
c. Support cost tracking by resource tags or other solutions to tracking costs for
individual customers;
d. Run and manage web applications, including .NET environments;
e. Provide managed database services with support for multiple database
platforms;
f. Support Security Access Markup Language (SAML) federation;
g. Provide integration with a customer’s on-premeses Active Directory;
Contract 1-17-70-50A Attachment 2
h. Provide a managed service to create and control encryption keys used to
encrypt data;
i. Provide a dedicated Hardware Security Module (HSM) appliance for
encryption key management;
j. NA
k. Provide services to migrate workloads to and from the State’s VMware and
HyperV environments; and
l. Provide dashboard reporting that provides performance monitoring, usage
and billing information.
3. Security
See Seller Direct/Reseller Special Provisions Articles 5 and 6; Exhibit A, AWS
Service Agreement Article 3
