Microsoft Cloud Agreement – Terms and Conditions
This Microsoft Cloud Agreement is entered into between the entity you represent, or, if you do not designate an entity in connection with a Subscription purchase or renewal, you individually (“Customer” or “you”), and Microsoft Corporation (“Microsoft”). It consists of the terms and conditions below, Use Rights, SLA, and all documents referenced within those documents (together, the “agreement”). It is effective on the date that your Reseller provisions your Subscription. Key terms are defined in Section 15.
Grants, rights and terms.
All rights granted under this agreement are non-exclusive and non-transferable and apply as long as neither Customer nor any of its Affiliates is in material breach of this agreement.
- Software. Upon acceptance of each order, Microsoft grants Customer a limited right to use the Software in the quantities ordered.
- Use Rights. The Use Rights in effect when Customer orders Software will apply to Customer’s use of the version of the Software that is current at the time. For future versions and new Software, the Use Rights in effect when those versions and Software are first released will apply. Changes Microsoft makes to the Use Rights for a particular version will not apply unless Customer chooses to have those changes apply.
- Temporary and perpetual licenses. Licenses available on a subscription basis are temporary. For all other licenses, the right to use Software becomes perpetual upon payment in full.
- Online Services. Customer may use the Online Services as provided in this agreement.
- Online Services Terms. The Online Services Terms in effect when Customer orders or renews a subscription to an Online Service will apply for the applicable subscription term. For Online Services that are billed periodically based on consumption, the Online Services Terms current at the start of each billing period will apply to usage during that period.
- Microsoft may suspend use of an Online Service during Customer’s violation of the Acceptable Use Policy or failure to respond to a claim of alleged infringement. Microsoft will give Customer notice before suspending an Online Service when reasonable.
- End Users.Customer controls access by End Users, and is responsible for their use of the Product in accordance with this agreement. For example, Customer will ensure End Users comply with the Acceptable Use Policy.
- Customer Data. Customer is solely responsible for the content of all Customer Data. Customer will secure and maintain all rights in Customer Data necessary for Microsoft to provide the Online Services to Customer without violating the rights of any third party or otherwise obligating Microsoft to Customer or to any third party. Microsoft does not and will not assume any obligations with respect to Customer Data or to Customer’s use of the Product other than as expressly set forth in this agreement or as required by applicable law.
- Responsibility for your accounts. Customer is responsible for maintaining the confidentiality of any non-public authentication credentials associated with Customer’s use of the Online Services. Customer must promptly notify customer support about any possible misuse of Customer’s accounts or authentication credentials or any security incident related to the Online Services.
- License transfers. License transfers are not permitted, except that Customer may transfer only fully-paid perpetual licenses to (1) an Affiliate or (2) a third party, solely in connection with the transfer of hardware or employees to whom the licenses have been assigned to the third party as part of (a) a divestiture of all or part of an Affiliate or (b) a merger involving Customer or an Affiliate. Upon such transfer, Customer and its Affiliates must uninstall and discontinue using the licensed Product and render any copies unusable. Attempted license transfers that do not comply with this agreement are void.
- Reservation of rights. Products are protected by copyright and other intellectual property rights laws and international treaties. Microsoft reserves all rights not expressly granted in this agreement. No rights will be granted or implied by waiver or estoppel. Rights to access or use Software on a device do not give Customer any right to implement Microsoft patents or other Microsoft intellectual property in the device itself or in any other software or devices.
- Restrictions. Customer may use the Product only in accordance with this agreement. Customer may not (and is not licensed to): (1) reverse engineer, decompile or disassemble any Product or Fix, or attempt to do so; (2) install or use non-Microsoft software or technology in any way that would subject Microsoft’s intellectual property or technology to any other license terms; or (3) work around any technical limitations in a Product or Fix or restrictions in Product documentation. Customer may not disable, tamper with, or otherwise attempt to circumvent any billing mechanism that meters Customer’s use of the Online Services. Except as expressly permitted in this agreement or Product documentation, Customer may not distribute, sublicense, rent, lease, lend, resell or transfer and Products, in whole or in part, or use them to offer hosting services to a third party.
- Preview releases. Microsoft may make Previews available. Previews are provided “as-is,” “with all faults,” and “as-available,” and are excluded from the SLA and all limited warranties provided in this agreement. Previews may not be covered by customer support. Previews may be subject to reduced or different security, compliance, and privacy commitments, as further explained in the Online Services Terms and any additional notices provided with the Preview. Microsoft may change or discontinue Previews at any time without notice. Microsoft also may choose not to release a Preview into “General Availability.”
- Verifying compliance for Products.
- Right to verify compliance. Customer must keep records relating to all use and distribution of Products by Customer and its Affiliates. Microsoft has the right, at its expense, to verify compliance with the Products’ license terms. Customer must promptly provide any information reasonably requested by the independent auditors retained by Microsoft in furtherance of the verification, including access to systems running the Products and evidence of licenses for Products that Customer hosts, sublicenses, or distributes to third parties. Customer agrees to complete Microsoft’s self-audit process, which Microsoft may request as an alternative to a third party audit.
- Remedies for non-compliance. If verification or self-audit reveals any unlicensed use of Products, then within 30 days (1) Customer must order sufficient licenses to cover its use, and (2) if unlicensed use is 5% or more, Customer must reimburse Microsoft for the costs Microsoft incurred in verification and acquire the necessary additional licenses at 125% of the price, based on the then-current price last and customer price level. The unlicensed use percentage is based on the total number of licenses purchased for current use compared to the actual installed base. If there is no unlicensed use, Microsoft will not subject Customer to another verification for at least one year. By exercising the rights and procedures described above, Microsoft does not waive its rights to enforce this agreement or to protect its intellectual property by any other legal means.
- Verification process.Microsoft will notify Customer at least 30 days in advance of its intent to verify Customers’ compliance with the license terms for the Products Customer and its Affiliates use or distribute. Microsoft will engage an independent auditor, which will be subject to a confidentiality obligation. Any information collected in the self-audit will be used solely for purposes of determining compliance. This verification will take place during normal business hours and in a manner that does not unreasonably interfere with Customer’s operations.
-
- Choosing a Reseller. Customer must choose and maintain a Reseller authorized within its region. If Microsoft or Reseller chooses to discontinue doing business with each other, Customer must choose a replacement Reseller or purchase a Subscription directly from Microsoft, which may require Customer to accept different terms.
- Available Subscription offers. The Subscription offers available to Customer will be established by its Reseller and generally can be categorized as one or a combination of the following:
- Online Services Commitment Offering. Customer commits in advance to purchase a specific quantity of Online Services for use during a Term and to pay upfront or on a periodic basis for continued use of the Online Service.
- Consumption Offering (also called Pay-As-You-Go).Customer pays based on actual usage with no upfront commitment.
- Limited Offering.Customer receives a limited quantity of Online Services for a limited term without charge (for example, a free trial) or as part of another Microsoft offering (for example, MSDN). Provisions in this agreement with respect to the SLA and data retention may not apply.
- Software Commitment Offering. Customer commits in advance to purchase a specific quantity of Software for use during a Term and to pay upfront or on a periodic basis for continued use of the Software.
- Ordering.
- Orders must be placed through Customer’s designated Reseller. Customer may place orders for its Affiliates under this agreement and grant its Affiliates administrative rights to manage the Subscription, but, Affiliates may not place orders under this agreement. Customer also may assign the rights granted under Section 1.a and 1.b to a third party for use by that third party in Customer’s internal business. If Customer grants any rights to Affiliates or third parties with respect to Software or Customer’s Subscription, such Affiliates or third parties will be bound by this agreement and Customer agrees to be jointly and severally liable for any actions of such Affiliates or third parties related to their use of the Products.
- Customer’s Reseller may permit Customer to modify the quantity of Online Services ordered during the Term of a Subscription. Additional quantities of Online Services added to a Subscription will expire at the end of that Subscription.
- Pricing and payment. Prices for each Product and any terms and conditions for invoicing and payment will be established by Customer’s Reseller.
- Renewal.
- Upon renewal of a Subscription, Customer may be required to sign a new agreement, a supplemental agreement or an amendment to this agreement.
- Customer’s Subscription will automatically renew unless Customer provides its Reseller with notice of its intent not to renew prior to the expiration of the Term.
- Eligibility for Academic, Government and Nonprofit versions.Customer agrees that if it is purchasing an academic, government or nonprofit offer, Customer meets the respective eligibility requirements listed at the following sites:
- For academic offers, the requirements for educational institutions (including administrative offices or boards of education, public libraries, or public museums) listed at http://go.microsoft.com/academic;
- For government offers, the requirements listed at http://go.microsoft.com/government; and
- For nonprofit offers, the requirements listed at http://go.microsoft.com/nonprofit. Microsoft reserves the right to verify eligibility at any time and suspend the Online Service if the eligibility requirements are not met.
- Taxes. The parties are not liable for any of the taxes of the other party that the other party is legally obligated to pay and which are incurred or arise in connection with or related to the transactions contemplated under this agreement, and all such taxes will be the financial responsibility of the party who is obligated by operation of law to pay such tax.
-
- Agreement term and termination. This agreement will remain in effect until the expiration or termination of Customer’s Subscription, whichever is earliest. Customer may terminate this agreement at any time by contacting its Reseller. The expiration or termination of this agreement will only terminate Customer’s right to place new orders for additional Products under this agreement.
- Termination for cause. If either party breaches this Agreement, the other party may terminate the breached agreement (in whole or in part, including orders) upon notice. If the breach is curable within 30 days, then the terminating party must provide 30 days’ notice to the breaching party and an opportunity to cure the breach.
- Cancel a Subscription. Customer’s Reseller will establish the terms and conditions, if any, upon which Customer may cancel a Subscription.
- Warranties.
- Limited warranty.
- Software. Microsoft warrants that each version of the Software will perform substantially as described in the applicable Product documentation for one year from the date Customer is first licensed for that version. If it does not, and Customer notifies Microsoft within the warranty term, then Microsoft will, at its option, (1) return the price Customer paid for the Software license or (2) repair or replace the Software. The remedies above are Customer’s sole remedies for breach of the warranties in this section. Customer waives any breach of warranty claims not made during the warranty period.
- Online Services.Microsoft warrants that each Online Service will perform in accordance with the applicable SLA during Customer’s use. Customer’s remedies for breach of this warranty are in the SLA.
- The warranties in this agreement do not apply to problems caused by accident, abuse or use inconsistent with this agreement, including failure to meet minimum system requirements. These warranties do not apply to free or trial products, Previews, Limited Offerings, or to components of Products that Customer is permitted to redistribute.
- Except for the limited warranties above, Microsoft provides no warranties or conditions for Products and disclaims any other express, implied, or statutory warranties for Products, including warranties of quality, title, non-infringement, merchantability and fitness for a particular purpose.
- By Microsoft. Microsoft will defend Customer against any third-party claim to the extent it alleges that a Product or Fix made available by Microsoft for a fee and used within the scope of the license granted under this agreement (unmodified from the form provided by Microsoft and not combined with anything else), misappropriates a trade secret or directly infringes a patent, copyright, trademark or other proprietary right of a third party. If Microsoft is unable to resolve a claim of infringement under commercially reasonable terms, it may, as its option, either: (1) modify or replace the Product or fix with a functional equivalent; or (2) terminate Customer’s license and refund any prepaid license fees (less depreciation on a five-year, straight-line basis) for perpetual licenses and any amount paid for Online Services for any usage period after the termination date. Microsoft will not be liable for any claims or damages due to Customer’s continued use of a Product or Fix after being notified to stop due to a third-party claim.
- By Customer. To the extent permitted by applicable law, Customer will defend Microsoft against any third-party claim to the extent it alleges that: (1) any Customer Data or non-Microsoft software hosted in an Online Service by Microsoft on Customer’s behalf misappropriates a trade secret or directly infringes a patent, copyright, trademark, or other proprietary right of a third party; or (2) Customer’s use of any Product or Fix, alone or in combination with anything else, violates the law or harms a third party.
- Online Services. For Online Services, Microsoft’s maximum liability to Customer for any incident giving rise to a claim will not exceed the amount Customer paid for the Online Service during the 12 months before the incident; provided that in no event will Microsoft’s aggregate liability for any Online Service exceed the amount paid for that Online Service during the Subscription.
- Free Products and distributable code. For Products provided free of charge and code that Customer is authorized to redistribute to third parties without separate payment to Microsoft, Microsoft’s liability is limited to direct damages finally awarded up to US$5,000.
- In no event will either party be liable for loss of revenue or indirect, special, incidental, consequential, punitive, or exemplary damages, or damages for loss of use, lost profits, revenues, business interruption, or loss of business information, however caused or on any theory of liability.
- The limits of liability in this section apply to the fullest extent permitted by applicable law, but do not apply to: (1) the parties’ obligations under section 6; or (2) violation of the other’s intellectual property rights.
- Government Community Cloud Services will be offered only within the United States.
- Additional European Terms, as set forth in the Use Rights, will not apply.
- References to geographic areas in the Use Rights with respect to the location of Customer Data at rest, as set forth in the Use Rights, refer only to the United States.
- All terms and conditions applicable to non-Government Community Cloud Services also apply to their corresponding Government Community Cloud Services, except as otherwise noted herein.
- Customer may not deploy or use Government Community Cloud Services and corresponding non-Government Community Cloud Services in the same domain. Additionally, Office 365 US Government may not be deployed or used in the same domain as other Government Community Cloud Services.
- Notwithstanding the Data Processing Terms section of the Online Services Terms, Office 365 GCC High and Azure Government Services are not subject to the same control standards and frameworks as the Microsoft Azure Core Services. The Compliance Trust Center Page describes the control standards and frameworks with which Office 365 GCC High and Azure Government Services comply.
- Customer (a) acknowledges that its Tenant administrator console (when available) will appear to include more licenses than it has ordered and is entitled to; and (ii) agrees that it must order licenses for every User account it assigns.Notwithstanding anything to the contrary in the order and Product Terms, Licenses will be deemed “Reserved” for each user (and thereby subject to a True-Up Order requirement in accordance with the terms and conditions of the order), as of the day that User’s account is reserved, unless a License for each such User is ordered in advance. Customer is solely responsible for keeping accurate records of the month each User is assigned to a User account, and will provide such records to Microsoft with its True-Up orders.
- Customer acknowledges that (a) availability of its Office 3635 GCC High tenant may follow several weeks after its initial order, and (a) the service components provided pursuant to its orders for “Suite” SKUs such as E1 and E3, as listed in the Office 365 GCC High, may differ from those components available in similar suites available in other forms of Office 365 Services.
- The parties acknowledge that, as of the date this Agreement was executed, the Office 365 ProPlus “click-to-run” (C2R) feature is not yet available in Office 365 GCC High, notwithstanding anything to the contrary in the Use Rights. Accordingly, the following terms and conditions shall apply:
- Until C2R functionality is made available, Customer may install up to two (2) local copies of Office Professional Plus for each User to whom E3 licenses are assigned, for the sole use of those assigned Users on Qualified Devices in Customer’s Enterprise.
- Once C2R functionality is made available (the “C2R release date,” to be announced in the Office 365 Service Descriptions), Customer must cease installing additional local copies of Office Professional Plus, and shall as soon as practicable (but in no event later than 12 months following the C2R release date) replace each local copy that was installed pursuant to the preceding paragraph with a C2R-installed copy.
- Prerequisites:
- Customer is responsible for ensuring that the prerequisites established or required by the ITAR are fulfilled prior to introducing ITAR-controlled data into the ITAR Covered Services.
- Customer acknowledges that the ITAR Covered Services ordered by its under the Enrollment enable End Users optionally to access and use a variety of additional resources, applications, or services that are (a) provided by third parties, or (b) provided by Microsoft subject to their own terms of use or privacy policies (collectively, for convenience, “add-ons”), as described in services documentation and/or in the portal through which your administrator(s) will manage and configure the ITAR Covered Services.
- Customer is responsible for reviewing Online Services documentation, configuring the ITAR Covered Services, and adopting and implementing such policies and practices for your End Users’ use of ITAR Covered Services, together with any add-ons, as you determine are appropriate to comply with the ITAR or other legal or regulatory requirements applicable to you and not generally applicable to Microsoft as an IT service provider. Customer acknowledges that only ITAR Covered Services will be delivered subject to the terms of this Section. Processing and storage of ITAR-controlled data in other services, including without limitation add-ons, is not supported. Without limiting the foregoing, data that Customer elects to provide to the Microsoft technical support organization, if any, or data provided by or on Customer’s behalf to Microsoft’s billing or commerce systems in connection with purchasing or ordering ITAR Covered Services, if any, is not subject to the provisions of this Section. Customer is solely responsible for ensuring that ITAR-controlled data is not included in support information or support case artifacts.
- Special Terms. ITAR Covered Services. The ITAR Covered Services are cloud services operated in a standardized manner with features and processes common across multiple customers. As part of Customer’s preparation to use the ITAR Covered Services for the storage, processing, or transmission of ITAR-controlled data, Customer should review applicable services documentation. Customer’s compliance with the ITAR will be dependent, in part, on Customer’s configuration of the services and adoption and implementation of policies and practices for Customer’s End Users’ use of ITAR Covered Services. Customer is solely responsible for determining the appropriate policies and practices needed for compliance with the ITAR.
- Personnel. Microsoft personnel and contractors authorized by Microsoft to access Customer Data (that may include ITAR-controlled data) in the ITAR Covered Services, will be limited to U.S. persons, as that term is defined in the ITAR. Customer may also authorize Microsoft personnel and contractors to access its Customer Data. Customer is solely responsible for ensuring any such authorization is permissible under the ITAR.
- Use of Subcontractors.As set forth in the OST, Microsoft may hire subcontractors to provide services on its behalf. Any such subcontractors used in delivery of the ITAR Covered Services will be permitted to obtain Customer Data (that may include ITAR-controlled data) only to deliver the ITAR Covered Services Microsoft has retained them to provide and will be prohibited from using Customer Data for any other purpose. Storage and processing of Customer Data in the ITAR Covered Services is subject to Microsoft security controls at all times and, to the extent subcontractor personnel perform services in connection with ITAR Covered Services, they are obligated to follow Microsoft’s policies, including without limitation the geographic restrictions and controls selected by you in the configuration of the ITAR Covered Services. Microsoft remains responsible for its subcontractors’ compliance with Microsoft’s obligations.
- Notification. The Security Incident handling process defined in the OST will apply to the ITAR Covered Services. In addition, the parties agree to the following:
- Customer acknowledges that effective investigation or mitigation of a Security Incident involving ITAR-controlled data may be dependent upon information or services configurations within Enrolled Affiliate’s control. Accordingly, proper treatment of ITAR-controlled data will be a joint obligation between Microsoft and Customer. If Customer becomes aware of any unauthorized release of ITAR-controlled data to Microsoft or the use of a service other than the ITAR Covered Service to store, process, or transmit ITAR-controlled data, Customer will promptly notify Microsoft of such event and provide reasonable assistance and information necessary for Microsoft to investigate and report such event.
- If, subsequent to notification of a Security Incident by Microsoft, Customer determines that ITAR-controlled data may have been subject to unauthorized inspection or disclosure, it is Customer’s responsibility to notify the appropriate authorities of such event, or to notify impacted individuals, if Customer determines such notification is required under applicable law or regulation or Customer’s internal policies.
- If either party determines it is necessary or prudent to make a voluntary disclosure to the Directorate of Defense Trade Controls regarding the treatment of ITAR-controlled data in the Online Services, such party will work in good faith to notify the other party of such voluntary disclosure prior to providing such voluntary disclosure. The parties will work together in good faith in the development and reporting of any such voluntary disclosure.
- Conflicts. If there is any conflict between any provision in this Section and any provision in the Agreement, this Section shall control.
- Customer Prerequisites:
- Customer is responsible to ensure that the prerequisites established or required by IRS Publication 1075 are fulfilled prior to introducing FTI into the IRS 1075 Covered Services.
- Customer acknowledges that the IRS 1075 Covered Services ordered by Customer under the Subscription enable End Users optionally to access and use a variety of additional resources, applications, or services that are (a) provided by third parties, or (b) provided by Microsoft subject to their own terms of use or privacy policies (collectively, for convenience, “add-ons”), as described in services documentation and/or in the portal through which Customer’s administrator(s) will manage and configure the IRS 1075 Covered Services.
- Customer is responsible to review Online Services documentation, configure the services, and adopt and implement such policies and practices for Customer’s End Users’ use of IRS 1075 Covered Services, together with any add-ons, as Customer determines are appropriate in order for it to comply with IRS Publication 1075 or other legal or regulatory requirements applicable to Customer and not generally applicable to Microsoft as an IT service provider.
- Customer acknowledges that only IRS 1075 Covered Services will be delivered subject to the terms of this Section 11. No other services are supported by the terms of this Section 11. Without limiting the foregoing, data that Customer elects to provide to the Microsoft technical support organization (“Support Data”), if any, or data provided by or on your behalf to Microsoft’s billing or commerce systems in connection with purchasing/ordering IRS 1075 Covered Services (“Billing Data”), if any, is not subject to the provisions of this Section 11. Customer is solely responsible for ensuring that FTI is not provided as Support Data or Billing Data.
- IRS Publication 1075 Special Terms.
- IRS 1075 Covered Services. The IRS 1075 Covered Services are cloud services operated in a standardized manner with features and processes common across multiple customers. As part of Customer’s preparation to use the services for FTI, Customer should review applicable services documentation. Customer’s compliance with IRS Publication 1075 will be dependent, in part, on Customer’s configuration of the services and adoption and implementation of policies and practices for Customer’s End Users’ use of IRS 1075 Covered Services. Customer is solely responsible for determining the appropriate policies and practices needed for compliance with IRS Publication 1075.
- Attachment 1 contains the Safeguarding Contract Language for Technology Services specified by IRS Publication 1075. Microsoft and Customer have agreed that certain requirements of the Safeguarding Contract Language and IRS Publication 1075 will be fulfilled as set forth in the remainder of this section 11.
- Personnel Records and Training. Microsoft will maintain a list of screened personnel authorized to access Customer Data (that may include FTI) in the IRS 1075 Covered Services, which will be available to you or to the IRS upon written request. Customer will treat Microsoft personnel personally identifiable information (PII) as Microsoft trade secret or security-sensitive information exempt from public disclosure to the maximum extent permitted by applicable law, and, if required to provide such Microsoft personnel PII to the IRS, will require the IRS to treat such personnel PII the same.
- Training Records.Microsoft will maintain security and disclosure awareness training records as required by IRS Publication 1075, which will be available to Customer upon written request.
- Confidentiality Statement.Microsoft will maintain a signed confidentiality statement, and will provide a copy for inspection upon request.
- Cloud Computing Environment Requirements.The IRS 1075 Covered Services are provided in accordance with the FedRAMP System Security Plan for the applicable services. Microsoft’s compliance with controls required by IRS Publication 1075, including without limitation encryption and media sanitization controls, can be found in the applicable FedRAMP System Security Plan.
- Use of Subcontractors. Notwithstanding anything to the contrary in Attachment 1, as set forth in the OST, Microsoft may use subcontractors to provide services on its behalf. Any such subcontractors used in delivery of the IRS 1075 Covered Services will be permitted to obtain Customer Data (that may include FTI) only to deliver the services Microsoft has retained them to provide and will be prohibited from using Customer Data for any other purpose. Storage and processing of Customer Data in the IRS 1075 Covered Services is subject to Microsoft security controls at all times and, to the extent subcontractor personnel perform services in connection with IRS 1075 Covered Services, they are obligated to follow Microsoft’s policies. Microsoft remains responsible for its subcontractors’ compliance with Microsoft’s obligations. Subject to the preceding, Microsoft may employ subcontractor personnel in the capacity of augmenting existing staff, and understands IRS Publication 1075 reference to employees to include employees and subcontractors acting in the manner specified herein. It is the responsibility of the Customer to gain approval of the IRS for the use of all subcontractors. Microsoft maintains a list of subcontractor companies who may potentially provide personnel authorized to access Customer Data in the Online Services, published for Azure branded services at http://azure.microsoft.com/en-us/support/trust-center/, or successor locations identified by Microsoft. Microsoft will update these websites at least 14 days before authorizing any new subcontractor to access Customer Data, Microsoft will update the website and provide Customer with a mechanism to obtain notice of that update.
- Security Incident Notification.The Security Incident handling process defined in the OST will apply to the IRS 1075 Covered Services. In addition, the parties agree to the following:
- Customer acknowledges that effective investigation or mitigation of a Security Incident may be dependent upon information or services configurations within your control.Accordingly, compliance with IRS Publication 1075 Incident Response requirements will be a joint obligation between Microsoft and Customer.
- If, subsequent to notification from Microsoft of a Security Incident, Customer determines that FTI may have been subject to unauthorized inspection or disclosure, it is Customer’s responsibility to notify the appropriate Agent-in-Charge, TIGTA (Treasury Inspector General for Tax Administration) and/or the IRS of a Security Incident, or to notify impacted individuals, if Customer determines this is required under IRS Publication 1075, other applicable law or regulation, or Customer’s internal policies.
- Customer Right to Inspect.
-
- Audit by Customer.Customer will, (i) be provided quarterly access to information generated by Microsoft’s regular monitoring of security, privacy, and operational controls in place to afford you an ongoing view into the effectiveness of such controls, (ii) be provided a report mapping compliance of the IRS 1075 Covered Services with NIST 800-53 or successor controls, (iii) upon request, be afforded the opportunity to communicate with Microsoft’s subject matter experts for clarification of the reports identified above, and (iv) upon request, and at Customer’s expense, be permitted to communicate with Microsoft’s independent third party auditors involved in the preparation of audit reports. Customer will use this information above to satisfy with any inspection requirements under IRS Publication 1075 and agree that the audit rights described in this section are in full satisfaction of any audit that may otherwise be requested by the Customer.
- Confidentiality of Audit Materials.Audit information provided by Microsoft to Customer will consist of highly confidential proprietary or trade secret information of Microsoft. Microsoft may request reasonable assurances, written or otherwise, that information will be maintained as confidential and/or trade secret information subject to this agreement prior to providing such information to Agency, and Agency will ensure Microsoft’s audit information is afforded the highest level of confidentiality available under applicable law.
- This Section,11.i., is in addition to compliance information available to Customer under the OST.
-
- Customer’s Prerequisites
- Microsoft’s representations as it relates to its CJIS Covered Services’ compliance with the FBI Criminal Justice Information Systems (“CJIS”) Security Addendum (Appendix H of FBI CJIS Policy) are subject to Customer’s incorporation of applicable state-specific CJIS Amendment terms and conditions into Customer’s Subscription.They are also subject to Customer’s incorporation and flow down of such terms in Customer’s contracts with a Covered Entity.
- Please visit https://www.microsoft.com/en-us/TrustCenter/Compliance/CJISfor additional information about CJIS Covered States and CJIS Covered Services. Note that not all states are CJIS Covered States and that different CJIS Covered Services may apply in different CJIS Covered States. For more information about how to sign up for CJIS Covered Services through an Enterprise Agreement, please visit https://azure.microsoft.com/en-us/pricing/enterprise-agreement/. For purposes of this section, if Customer is not in a CJIS Covered State, then Microsoft is unable to provide CJIS-related representations at this time, and no CJIS Amendment will apply.
- Customer can access the terms and conditions of Microsoft’s adherence to the FBI CJIS Policy by contacting the CSA in a CJIS Covered State. The Security Addendum for Private Contractors (Cloud Providers) referenced in the FBI CJIS Policy and CSA-provided terms and conditions is incorporated herein by reference, and Customer acknowledges that Microsoft’s support for CJI will be in accordance with those terms agreed to and/or signed by the applicable state CSA. Customer also acknowledges that it is Customer responsibility to contact the applicable state CSA for this and any additional information. Customer is required to, and acknowledges it will, work directly with the applicable state CSA for any CJIS-related documentation and audit requirements.
- Customer is responsible to ensure that the CJIS Security Addendum has been signed by the CSA, that the CSA has approved Customer’s use of the Covered Services to store or process CJI, and that any other prerequisites established or required by either the FBI, state CSA, or Customer is fulfilled prior to introducing CJI into the Covered Services.
- Customer acknowledges that it will keep records of any Covered Entity to which you provide CJIS State Agreements or other CJIS-related documentation it obtains from the state CSA and shall make such records available to Microsoft promptly upon request.
- If there is any conflict between any provision in this Section and any provision in the agreement, this Section shall control.
-
- Notices. You must send notices by mail, return receipt requested, to the address below.
Notices should be sent to: |
Microsoft Corporation Volume Licensing Group One Microsoft Way Redmond, WA 98052 USA Via Facsimile: (425) 936-7329 |
-
- You agree to receive electronic notices from us, which will be sent by email to the account administrator(s) named for your Subscription. Notices are effective on the date on the return receipt or, for email, when sent. You are responsible for ensuring that the email address for the account administrator(s) named for your Subscription is accurate and current. Any email notice that we send to that email address will be effective when sent, whether or not you actually receive the email.
- Assignment. You may not assign this agreement either in whole or in part. Microsoft may transfer this agreement without your consent, but only to one of Microsoft’s Affiliates. Any prohibited assignment is void.
- Severability. If any part of this agreement is held unenforceable, the rest remains in full force and effect.
- Waiver. Failure to enforce any provision of this agreement will not constitute a waiver.
- No agency. This agreement does not create an agency, partnership, or joint venture.
- No third-party beneficiaries. There are no third-party beneficiaries to this agreement.
- Use of contractors. Microsoft may use contractors to perform services, but will be responsible for their performance, subject to the terms of this agreement.
- Microsoft as an independent contractor. The parties are independent contractors. Customer and Microsoft each may develop products independently without using the other’s confidential information.
- Agreement not exclusive. Customer is free to enter into agreements to license, use or promote non-Microsoft products or services.
- Applicable law and venue. This agreement is governed by Washington law, without regard to its conflict of laws principles. Any action to enforce this agreement must be brought in the State of Washington. This choice of jurisdiction does not prevent either party from seeking injunctive relief in any appropriate jurisdiction with respect to violation of intellectual property rights.
- Entire agreement. This agreement is the entire agreement concerning its subject matter and supersedes any prior or concurrent communications. In the case of a conflict between any documents in this agreement that is not expressly resolved in those documents, their terms will control in the following order of descending priority: (1) this agreement, (2) the Product Terms, (3) the Online Services Terms, and (4) any other documents in this agreement.
- Survival. All provisions survive termination of this agreement except those requiring performance only during the term of the agreement.
- U.S. export jurisdiction. Products are subject to U.S. export jurisdiction. Customer must comply with all applicable international and national laws, including the U.S. Export Administration Regulations, the International Traffic in Arms Regulations, and end-user, end-use and destination restrictions issued by U.S. and other governments related to Microsoft products, services, and technologies.
- Force majeure. Neither party will be liable for any failure in performance due to causes beyond that party’s reasonable control (such as fire, explosion, power blackout, earthquake, flood, severe storms, strike, embargo, labor disputes, acts of civil or military authority, war, terrorism (including cyber terrorism), acts of God, acts or omissions of Internet traffic carriers, actions or omissions of regulatory or governmental bodies (including the passage of laws or regulations or other acts of government that impact the delivery of Online Services)). This Section will not, however, apply to your payment obligations under this agreement.
- Contracting authority. If you are an individual accepting these terms on behalf of an entity, you represent that you have the legal authority to enter into this agreement on that entity’s behalf.
- PERFORMANCE
- CRIMINAL/CIVIL SANCTIONS

©2022 Knonix | All Rights Reserved