Houston (281) 807-2700
San Antonio (210) 225-5427

Managed IT Service Contract

This MANAGED IT AGREEMENT FOR SERVICES (Agreement) is made and entered into by Innovative Communication Systems, Inc., henceforth referred to as (ICS) for the purposes and upon the consideration set forth herein. In consideration for the mutual covenants contained herein, the parties agree as follows:

  1. TERMS
    1. This Agreement shall be effective on the date set forth above. This Agreement shall remain in effect until (i) the expiration of the Term, unless extended as provided below or (ii) the services provided by ICS are changed or canceled as hereinafter permitted.
    2. Unless extended by ICS and Customer for a longer-term or terminated as provided herein, this Agreement will automatically renew in one (1) month increments at the end of the Initial Term (each a “Renewal Term” and collectively with the Initial Term, the “Term”) at the then prevailing month-to-month ICS rates, which rates may be greater than the rate Customer is paying during the Initial Term.
  2. PURPOSE
    1. The purpose of this Agreement is to define the terms under which ICS will provide Customer with the Server Hosting and Managed Services described on Schedule A attached hereto (the “Services”).
    2. This Agreement may include additional exhibits for additional services. Such exhibits, once executed by both parties, shall become a part of this Agreement and are incorporated herein.
  3. RESPONSE TIMES
    1. Normal business hours are 8:00am to 5:30pm Central Standard Time. Managed Services delivered during business hours will be covered by this Agreement. Emergency events that fall outside of normal business hours will also be covered. An “emergency event” is defined as a server malfunction or other technological event that prevents Customer from performing primary business functions. Customer may escalate a non-emergency event to an emergency event upon request to ICS (an “Escalated Call”). Escalated Calls will be billed to Customer at ICS’ “additional support hours” rate (currently 1.5X).
    2. Two (2) business hour response time for remote service and/or return phone support during business hours.
    3. Four (4) hour response time for emergency on-site or after-hours support services.
    4. Non-emergency on-site support services will generally be scheduled at the convenience of the Customer and may include deployment of an ICS technician to Customer’s location if deemed necessary by ICS and determined by ICS and Customer not to unreasonably interfere with Customer’s day-to-day operations.
  4. CUSTOMER’S RESPONSIBILITIES
    1. Customer will provide ICS with (i) physical access to Customer’s premises and (ii) access to Customers networks and systems (including passwords) to permit ICS to install, setup, configure and deliver the Services required under this Agreement.
    2. All Services provided by ICS hereunder extend to the Customer, its employees and authorized users only (“Customer Users”), but do not extend to any other person, corporation or entity, regardless of their relationship with Customer. Under no circumstances will ICS be obligated to support third-parties absent separate written agreement between the parties. For purposes hereof, devices used off-site by Customer Users to access (i) Customer’s network remotely or (ii) cloud-based applications related to Customer’s primary business, (but excluding nonbusiness application) are covered by the terms of this Agreement provided such devices (i) have the ICS monitoring agent installed on them and (ii) are determined not to pose a security risk to Customer’s network. Customer may elect to add workstations to this Agreement at any time at an additional charge.
    3. Customer will provide ICS with contact information for Customer’s authorized administrative/technical contact person(s) and a list of Customer Users which Customer agrees to update on a periodic basis as necessary. ICS will provide Services only to listed Customer Users during the term hereof. Changes to the Customer Users list may only be made by Customer’s identified administrative/technical contact person(s). ICS shall have no responsibility to provide Services to any individual not listed on the most recent Customer Users List unless such individual is approved by Customer’s authorized administrative/technical contact person(s).
  5. CUSTOMER RESPONSIBILITIES FOR EQUIPMENT, NETWORK AND DATA
    1. ICS retains the full ownership of the equipment and licensing used to provide the services (defined in Schedule A – the “Services”). The equipment and licenses necessary to support the Services are not transferable to the Customer, whether upon expiration, cancellation or termination of this Agreement pursuant to Section 11 below.
    2. ICS does not assume responsibility or liability for Customer’s loss of data, downtime or compromised security on Customer’s network, unless such loss of data, downtime or compromised security is the direct result of the negligence of ICS and/or its employees in delivering the Services hereunder. It is the Customer’s responsibility to purchase any hardware or equipment necessary to enable ICS to repair network problems as part of the Services. Notwithstanding the foregoing, assistance to repair any network problem, equipment, or recover data may be requested of ICS by Customer at an additional fee.
    3. Customer agrees that, unless expressly purchased by Customer from ICS or a third-party vendor, any equipment installed, utilized or implemented by ICS in the execution of the Services covered under this Agreement is the property of ICS (“ICS Equipment”) and must be returned immediately upon expiration, cancellation or termination of this Agreement pursuant to Section 11 below.
    4. Customer is responsible for providing a clean, secure (lock and key) environment for all ICS Equipment needed to execute the Services covered under this Agreement. Any damage to such equipment caused by Customer shall be the responsibility of Customer. Any damage caused by ICS to equipment owned by Customer in the execution of the Services shall be the responsibility of ICS.
    5. Customer acknowledges that technologies are not universally compatible and that there may be specific services or devices that ICS is unable to monitor, manage or support (a “Compatibility Event”). ICS agrees to immediately notify Customer if a Compatibility Event is encountered and provide Customer with a detailed description of the event and a proposal to solve such event, which proposal will include an estimate of the cost for ICS to provide the solution. If Customer does not accept the ICS proposal to solve a Compatibility Event, ICS shall have no obligation hereunder to provide Services to or support any devices of Customer affected by the Compatibility Event.
    6. It is the responsibility of the Customer to provide a working Internet connection. ICS will not assume liability or responsibility for Internet connectivity provided by a third party.
    7. ICS shall work with Customer to maintain backups of all critical software, documents, and applications on those of Customer’s file servers, personal PCs, organizers, and other electronic equipment identified on Schedule A and covered by this Agreement (“Customer Information”) utilizing backup software supplied by Customer. ICS makes no representation or warranty as to the effectiveness of any Customer-supplied backup software nor shall ICS be responsible to Customer in the event such software is ineffective or inoperable. Upon execution hereof, Customer and ICS will determine the software, documents and applications to be backed up periodically as part of the Customer Information, which determination shall be revisited by ICS and Customer from time to time during the term hereof so as to remain current with Customer’s operations.
  6. CUSTOMER SOFTWARE LICENSING; CUSTOMER EQUIPMENT AND SYSTEMS
    1. Customer acknowledges and agrees that it shall be solely responsible for licensing or purchasing a sufficient number of copies of all software used by servers, workstations and devices covered by this Agreement (“Customer Software”). In the event ICS determines that any Customer Software has not been legally licensed or purchased, ICS shall notify Customer, who shall be solely responsible for obtaining a licensed or purchased copy(ies) of any unauthorized Customer Software revealed by ICS. Software installed by ICS in the delivery of the Services is not deemed Customer Software for purposes of this Agreement. In the event ICS is an authorized reseller of any unauthorized Customer Software found on Customer’s servers, workstations or devices, Customer may, but is no obligated, to purchase such software from ICS. ICS reserves the right to charge additional fees for Services provided to Customer equipment greater than 5 years old, provided such additional charges are approved by Customer in advance. Customer acknowledges that if such additional charges are not approved by Customer, ICS shall have no obligation to provide Services for equipment older than 5 years. Customer shall be responsible at its sole cost and expense to ensure that all Customer equipment covered by this Agreement is both operable and capable of being serviced by ICS from a technological standpoint (i.e., current and properly configured). In the event during the term of this Agreement it is determined that any of Customer’s equipment is incapable of being serviced by ICS for the purposes hereof due to age, configuration or compatibility, Customer shall either render such equipment capable at its sole cost and expense or replace such equipment with adequate capabilities.
  7. PAYMENT AND CHARGES
    1. The account setup fee (if any) and first month of service are due immediately upon the execution of this Agreement.
      Thereafter, fees for Services under this Agreement are billed monthly.
    2. Incidental support or additional fees will be charged as the service is performed provided the Customer is notified in advance
      of such charges and consents in writing in advance of incurring such charges.
    3. Invoices for Services are invoiced and payable monthly in advance on a net 30 basis. Any unpaid invoice that is not disputed by Customer as herein provided is subject to suspension or termination of Services in accordance with Section 11 hereof and will become subject to a reactivation fee. Customer agrees to contact ICS within five (5) business days with any disputes. ICS agrees to respond to Customer’s disputes within five (5) business days. ICS will impose a late charge on invoiced amounts outstanding over 30 days at the rate of 1.5% per month of the unpaid amount until it is paid in full.
    4. ICS and Customer agree that the monthly rate for servers and workstations for which ICS will provide services hereunder as shown above will not increase during the term hereof. Customer acknowledges that the amount of each monthly invoice to be received from ICS for Services during the term hereof will vary depending on the number of Customer’s servers and workstations serviced by ICS in such month. In the event services are added by mutual agreement of Customer and ICS, this Agreement will be amended to reflect the additional Services requested by Customer and the additional cost therefor. Any additional Services added as provided above shall be subject to the terms and conditions of this Agreement
    5. ICS may suspend services and/or assess an administrative fee in the amount of $75.00 (per occurrence) to recompense ICS for fees incurred by ICS by reason of non-sufficient payments remitted by Customer.
  8. WARRANTIES; LIMITATION OF LIABILITY; INDEMNITY
    1. ICS exercises no control whatsoever over the content of and agrees not to alter or make any changes to the information passing through the Customer’s network. Except for the warranties of ICS as set forth in the ICS proposal, all of which warranties being incorporated herein by reference, ICS makes no warranties, expressed or implied, for the Services provided to Customer hereunder. ICS also disclaims any warranty of merchantability or fitness for a particular purpose. ICS will not be responsible for any damage suffered by Customer as a result of: (i) loss of data resulting from delays, non-deliveries, mis-deliveries, effectiveness/operability of Customer-provided backup software (if applicable) or service interruptions caused by Customer’s own negligence, omissions or errors; and (ii) damages suffered or sustained by Customer resulting from software, patches, updates or releases provided by third parties. In the latter event, ICS as part of the Services provided hereunder will liaise with such third parties on Customer’s behalf to resolve any such issues. ICS specifically denies any responsibility for the accuracy or quality of information obtained through its services; however, ICS acknowledges and accepts responsibility for all damages suffered or sustained by Customer arising out of the negligence of ICS in delivering the Services to Customer.
    2. ICS’s liability to Customer for any losses or damages suffered by Customer with respect to the Services provided hereunder, whether direct or indirect, arising from causes other than ICS’s negligence, shall be limited to the amount paid by Customer to ICS for Services for one (1) monthly billing period only. ICS shall not be liable for any lost profits or for any claim or demand against the Customer by any other party based on any expressed, implied or claimed warranties by ICS not specifically set forth in this Agreement
    3. IN NO EVENT SHALL EITHER PARTY BE LIABLE FOR CONSEQUENTIAL DAMAGES EVEN IF SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
    4. No action, regardless of form, arising out of this or any other ICS Agreement or the transactions contemplated herein or
      therein, may be brought by either party more than one (1) year after the cause of action has occurred.
    5. Customer shall indemnify, defend and hold harmless ICS, its directors, employees and agents, from any action brought against any of them arising out of the misuse of the Services provided by ICS hereunder by Customer, its employees or authorized users.
    6. ICS shall indemnify, defend and hold harmless Customer, its directors, employees and authorized users from any action brought against any of them arising out of the use of the Services provided by ICS by Customer, or any of its customers or others throughout its chain of distribution, including end-users.
    7. ICS shall not be liable if the manufacturer of a product that supports the Services no longer provides warranty or maintenance services for any equipment covered under this Agreement.
    8. ICS shall not be liable for the content, quality or security of patches, updates or service packs provided or distributed by third party vendors. Customer acknowledges that ICS has no control, direct or indirect, over the effectiveness of patches, updates and/or service packs provided by third party vendors.
  9. COMPLIANCE WITH LAWS
    1. ICS and third parties retained by ICS to deliver the Services shall at all times comply with all applicable laws and regulations of the United States of America and all other governmental entities governing, restricting or otherwise pertaining to the use, distribution, exporting or import of data, products, services and/or technical data.
    2. The Parties agree that Customer’s network may only be used for lawful purposes, and with respect to ICS, for the limited purpose of delivering the Services and uses directly related thereto (“Acceptable Use Policy”). Transmission by Customer or ICS of any material on Customer’s network in violation of any U.S., state, or other governmental regulation is prohibited. This includes, but is not limited to, copyrighted material, material legally judged to be threatening or obscene, or material protected by trade secret.
  10. TERMINATION
    1. Either party shall have the right to immediately suspend or terminate this Agreement for any violation of the Acceptable Use Policy by the other party that is not cured within five (5) days after receiving written notification of such violation.
    2. Customer acknowledges that ICS may suspend the Services provided hereunder if (i) any payment due from Customer hereunder is thirty (30) or more days past due and (ii) ICS has provided Customer at least five (5) days prior written notice prior to suspending Services, during which time Customer may cure any delinquent payment.
    3. If the Agreement is terminated by ICS pursuant to Section 11.1 above, the fees due for the remainder of the then current term of this Agreement shall become due and payable immediately.
    4. If the Agreement is suspended by ICS pursuant to Section 11.2 above, the fees due for the remainder of the then current term of this Agreement shall become due and payable immediately and ICS shall continue to provide Services for the remainder of the then current term.
    5. Customer has the right to notify ICS, in writing, at least 30 days prior to the Renewal Term of its intention to not renew this Agreement. If Customer does not provide written notice 30 days prior to the Renewal Term, the Agreement will automatically renew in accordance with Section 1.2.
    6. ICS acknowledges that Customer may terminate this Agreement for (i) a breach of Section 10.1 above, or (ii) ICS’ breach of this Agreement, including failure by ICS to deliver the Services in accordance with the terms hereof. Prior to any such termination by Customer, Customer agrees to provide ICS written notice advising of any failure and provide ICS fifteen (15) business days to cure such failure. In the event the cure takes longer than fifteen (15) business days, ICS may have such additional time as is necessary as long as ICS is diligently pursuing the cure. If ICS fails to cure the failure within such time after receipt of Customer’s notice and this Agreement is terminated by Customer prior to the expiration of the term as set forth in Section 1 above, the customer may provide 60 business days written notice of cancellation. ICS will be responsible, during this time, to continue maintaining the network to the contractual expectations and support any transition activity to a new MSP provider or internal personnel. The customer may elect, at its own choice, to limit ICS’s support or access to the network at any time during the 60 days. After the 60-day notice, Customer will not be liable for the remaining value of the Agreement.
    7. In the event of the termination or expiration of this Agreement for any reason, ICS will promptly provide all Customer data to Customer in accordance with Section 10.4 below.
    8. All notices required under this section must be sent (i) by e-mail to helpme@ics-com.net or (ii) certified mail, return receipt requested to 10430 Gulfdale, San Antonio, TX 78216 attention Account Receivables.. Notices sent under this section shall be deemed received when: (i) if by email, upon receipt of confirmation of receipt by ICS or (ii) if by certified mail, upon the date of signature of receipt by ICS.
    9. If any promotion was provided that waives setup fees or free months of services, these fees will be due and payable upon any early termination of the contract, regardless of cause.
  11. CONFIDENTIALITY AND PRIVACY OF DATA
    1. Confidential information is defined as any and all financial, technical, commercial, or other information accessible through Customer’s network or residing on Customer’s systems, including without limitation, all information notes, client lists, records, reports, analyses, financial statements, compilations, studies, forms, business or management methods, marketing data, fee schedule, information technology systems and programs, projections, forecasts, or trade secrets of Customer, whether or not such Confidential Information is disclosed or otherwise made available to one party by the other party pursuant to this Agreement.
    2. Customer owns all of its data (excluding the Operating System, applications and Licensing owned by ICS as detailed in Schedule A). ICS acknowledges that it may be provided, or have access to, Confidential Information of Customer. ICS makes no claim to ownership or Customers’ data. Data received by ICS from the Customer is considered Confidential Information. Access to Customers’ data shall be limited to the employees of ICS who have written obligations to maintain confidentiality. ICS agrees to hold such information in confidence and not to disclose any such Confidential Information to any third party.
    3. Notwithstanding the above, ICS shall have the right to collect data with respect to the Services provided to Customer and aggregate said collected data with other customer’s data to compile aggregate statistical analysis reports and measure service levels. This data would not include any of the Customers files, documents or work-related information. ICS represents and warrants to Customer that in the collection process described above, no private or personal information regarding Customer, it’s business or employees would ever be disclosed to a third party.
    4. ICS agrees to return to the Customer, or to destroy, any and all information received by ICS pursuant to this Agreement, together with all copies that may have been made, promptly upon request of Customer and upon expiration of the Services and termination of this Agreement. Upon return or destruction of such information and any copies thereof, ICS shall certify in writing to Customer that such return or destruction has been completed.
  12. INSURANCE
    1. ICS shall, at its sole cost, maintain during the Term hereof, such types of insurance and levels of coverage as ICS deems necessary, or which otherwise may be considered usual and customary for the industry, for the provision of the Services to be delivered by ICS hereunder. In no event shall property insurance coverage maintained by ICS be less than $50,000.00. Upon written request of Customer, a certificate naming Customer as loss payee evidencing coverage shall be delivered to Customer within 30 days of such request. In the event ICS provides Customer ICS equipment on a temporary basis during the term of this Agreement, Customer will provide ICS with a certificate naming ICS as loss payee with coverage not less than $50,000.00 prior to delivery of such ICS equipment to Customer.
    2. Evidence of Certificate of Liability Insurance listing ICS as Certificate Holder for equipment specified under Hosting Services if that equipment is owned by ICS and provided as a service.
    3. Equipment detailed under Hosting Services must be specifically listed on the Certificate of Liability Insurance.
  13. PROJECT LABOR
    1. Projects not included within the Services provided under this Agreement (“Project Work”) may be requested by the Customer at any time and the price therefor will be quoted by a Customer’s ICS account manager. Customer agrees that all quotes provided for Project Work are approximations based on ICS’ experience with similar projects and similar customers. Customer acknowledges and agrees that the actual labor necessary for Project Work can vary according to the equipment being installed, data to be transferred and cooperation of other vendors (“Installation Issues”). ICS will charge actual time and material used.
  14. WARRANTIES
    1. The warranty on labor on equipment purchased through ICS is for 30 days. For any services specifically requested by Customer in writing, after 30 days, all labor by ICS (including troubleshooting, contacting the manufacturer, physically replacing the part, RMA etc.) will be invoiced at the then-current, published ICS Billing Rate. Most manufacturers’ parts come with a 90 day warranty.
  15. LICENSING
    1. Licensing pricing is dictated by the software manufacturers and is subject to change without notice. If there is a price change for licensing, notification will be provided when additional licenses are purchased or at the time of a renewal of this Agreement.
  16. LABOR RATES FOR ADDITIONAL SERVICES
    1. ICS bills a minimum one-hour labor charge for all non-holiday working hours. All labor after the first hour will be billed in quarter hour increments. During after hours, all labor is billed in one-hour increments and is billed at 1.5 times ICS’s prevailing labor rate. Holidays have a 3-hour minimum and are billed at 2 times ICS’s prevailing labor rate.
  17. LABOR IS NON-REFUNDABLE
    1. Labor warranty on all hardware is 30 days onsite when installed onsite. There are no labor warranties on work performed on operating systems, applications, drivers or any software. There are no labor warranties for recovering data after failure due to hardware, software or software updates.
  18. RESALE OR TRANSFER
    1. Use of ICS products is provided for Customer’ and Customer Users only.
    2. Customer may not copy, distribute, market, sell, lease, license, sub-license or otherwise transfer ICS products, the accompanying documentation or any part thereof to third parties or to employees of Customer for use in communications with persons other than Customer Users.
  19. EMPLOYEES
    1. During the contract term and for a period of 1 year after the contract ends, the customer, including its principals, agents, and any parent, subsidiary, or affiliated companies, jointly and severally, agrees that it will not knowingly solicit or hire, as an employee or contractually, any of ICS’s employees or persons employed by ICS without the express written consent of ICS. In the event Customer shall breach any obligation contained in this paragraph, Customer shall pay ICS on demand, damages of Fifty Thousand Dollars ($50,000.00) for each employee so solicited or hired, it being mutually agreed by Customer and ICS that this provision for liquidated damages is reasonable and that the actual damage which would be sustained by ICS as the result of the failure to comply with this provision would be impractical and extremely difficult to determine, and that the payment of said damages is in no manner punitive. ICS also agrees in return, for this to be reciprocal agreement and ICS will not knowing solicit or hire a customer’s employee as an employee or contractor without the express written consent of the customer. For the purpose of this agreement, an ICS and customer employee is identified as anyone who is currently working for the company or has worked for the company in the past 6 months as an employee or contractor.
  20. MISCELLANEOUS PROVISIONS
    1. This Agreement is governed by, and shall be construed in accordance with, the laws of the State of Texas. Venue for any litigation or claim hereto shall be the Texas state courts in Bexar County, Texas, USA.
    2. If any sentence, paragraph, clause or combination of the same in this Agreement is held by a court or other governmental body of competent jurisdiction to be unenforceable, invalid or illegal in any jurisdiction, such sentence, paragraph, clause or combination shall be deemed deleted from this Agreement and the remainder of this Agreement shall remain binding on the parties as if such unenforceable, invalid or illegal sentence, paragraph, clause or combination had not been contained herein.
    3. ICS and Customer each represent that the person signing this Agreement on behalf of ICS or Customer has been duly authorized and such act is legally binding upon ICS or Customer, as appropriate.
    4. In the event litigation is required to enforce compliance with, or address any breach of this Agreement, the parties agree that the prevailing party shall be entitled to reasonable attorneys’ fees including costs of court.
    5. Nothing in this Agreement or to be done pursuant to its terms and conditions is intended to, or shall, create a partnership or joint venture, for tax purposes or otherwise, between ICS and Customer. Customer is and shall remain fully and solely responsible for all of its employees and assumes full responsibility for all costs and liabilities incurred in connection with the termination of such employees for any reason whatsoever. Each of ICS and Customer will be and shall act as an independent contractor and not as an agent or partner of, or joint venture with the other party for any purpose, and neither party by virtue of this Agreement shall have any right, power, or authority to act or create any obligation, expressed or implied, on behalf of the other party.
    6. All vendor hardware that is under warranty is supported by ICS doing to this Agreement. All hardware not under warranty will be serviced on either a pre-purchased block-hour time or by the hour plus parts. ICS and Customer will, from time to time during the term hereof, mutually identify such pieces of Customer equipment that are no longer under manufacturer warranty.
    7. ICS will only support Customer software that is still supported by its manufacturer. Non-supported software or supported software for which Customer has elected not to maintain an active support contract with its manufacturer will be serviced by ICS on either a pre-purchased block-hour time or by the hour.
  21. DISCLAIMER
    1. Third party product availability and pricing subject to change without notice. ICS’ rates shall be as specified in Schedule A throughout the term of this Agreement.
  22. MODIFICATION
    1. This Agreement shall not be modified or altered except by a written instrument duly executed by Customer and by an authorized officer of ICS.

HIPAA Addendum Applied Only to All Covered Entities and Business Associates of the HiTech Act of 1996

For all entities legally categorized as a Covered Entity (CE) by the Health Insurance Portability and Accountability Act or who elect the ICS HIPAA module, must adhere to the additional following standards. These standards are in place to properly protect your organization from possible HHS or OCR fines, audits or civil acts. Although ICS cannot guarantee that taking these precautions will prevent any of this activity, these actions are reasonable and mandated steps by the HiTech Act of 1996.

  1. PASSWORD POLICIES
    1. All passwords will be programmed to reset every 90 days and will follow the Payment Card Industry Data Security Standards (PCI DDS) for complexity and provisioning.
  2. ENCRYPTION AT REST
    1. All Covered Entities should have encryption at rest set for all computers that possibly contain ePHI. Although there is no charge for the default software leveraged by ICS for encryption at rest, it will require users to dual authenticate when they login from an unrecognized network.
    2. All mobile devices that contain ePHI (email or files) also require encryption at rest. iPhones contact encryption at rest by default but Android and other operating systems may require the purchase of mobile device management and/or encryption software.
      1. Encryption at rest will prevent a Covered Entity from having to report any lost or stolen devices with ePHI on the device.
  3. MULTI-FACTOR AUTHENTICATION
    1. 3.1 The customer agrees to allow ICS to program Multi-Factor authentication for any software accessible to the outside world when technically possible. This includes, but is not limited to, Microsoft 365, VPN’s and cloud based EMR software programs. In most cases MFA software is available at no charge. In some instances, you may need to purchase a third-party software for a certain application.
  4. SUPPORTED OPERATING SYSTEMS
    1. The Covered Entity realizes that Operating Systems are patched for security on a regular basis. If a software program is no longer supported and is not receiving patch updates from the manufacturer, the covered entity agrees to upgrade and/or replace this hardware by the manufacturer’s expiration date.
  5. MANUFACTURER’S SUPPORT
    1. The Covered Entity realizes that they must maintain software patch updates on any items that are connected to the network in a wired or wireless manner. This includes computers, laptops, routers, wireless access points, tablets and smartphones. Many of these devices require a manufacturer support package to maintain these software updates. The CE will be responsible for the charges of these manufacturer support packages and must upgrade and/or replace items that are no longer supported by the manufacturer.
    2. ICS may require that Items that cannot be remotely and centrally managed for patch and security updates to be replaced if they are deemed a security vulnerability to the site. The cost of the replacement hardware/software will be the responsibility of the client.
  6. SERVER ROOM SECURITY
    1. The customer agrees to store all server equipment in a secure location with an auditable trail of who has had access to the equipment and when. All equipment will be stored in a room that meets reasonable manufacturer’s specifications of humidity, heat, cooling and power.
  7. OFF-SITE BACKUPS AND IMAGES
    1. HIPAA regulations require an encrypted on-site and off-site image of your data. The Covered Entity agrees to supply the Business Associate either proof of proper on-site and off-site backups or agrees to purchase said solution through the Covered Entity.
  8. ENCRYPTION DURING TRANSMISSION
    1. The HiTech Act requires that all data that leaves the office with personal identifiable information is encrypted during transmission. The Business Associate will terminate all non-encrypted forms of access and the customer may be required to purchase a viable solution if one is not readily available. VPN and HTTPS are both acceptable forms of encrypted transmission.
  9. VERIFIABLE HIPAA TRAINING
    1. The Covered Entity agrees that all end-users should go through verifiable HIPAA training at least once a year. The Covered Entity should provide ICS (BA) either verifiable proof of such training, may purchase such training through ICS, or purchase such training through another HIPAA accredited training program.
  10. INSURANCE REQUIREMENTS
    1. All Covered Entities should supply annual proof of CyberSecurity and HIPAA violation insurance with a minimum limit of $500,000. Upon supplying said proof to ICS (BA), ICS will provide a $75 per month credit to your account.
  11. WAIVER OF LIABILITY
    1. The Covered Entity realizes that the Business Associate (BA) is providing all the necessary tools to protect your organization from Cyber attacks and is following the HiTech Act of 1996 regarding the Health Insurance Portability and Accountability Act. By not adhering to any of the above requirements, the Covered Entity is waiving all civil and legal liability to ICS regarding HIPAA violations, the HiTech Act and any cyber security claims.
  12. IT MANAGEMENT IN ITS ENTIRITY
    1. The Covered Entity understands that ICS (BA) cannot properly protect an organization against cybersecurity attacks and/or HiTech Act violations if ICS (BA) is not allowed to manage the network in its entirety. It must be agreed upon by the Covered Entity to allow and pay ICS to manage all devices on the network to properly protect the CE. ICS is waived of all liability for any device that may cause a breach and/or violation if it is not covered under the ICS agreement.
  13. BUSINESS ASSOCIATE AGREEMENT
    1. ICS will supply a Business Associate Agreement signed by ICS for the protection of the Covered Entity and the Business Associate upon signing of the ICS contract.