Insurance requirements for technology contracts
Network Security/Privacy (Cyber) and Technology Errors and Omissions (Tech E&O) coverage is required for contracts under $1,000,000 at a minimum of $5,000,000 limit per occurrence.
Higher limits will apply if the vendor is providing critical software/support to Βι¶ΉΣ³» System of Higher Education (NSHE), the Βι¶ΉΣ³» (UNR) or technology contracts exceed $1,000,000. Insurance limits for these contracts shall be established and approved by the Risk Management office.
Vendors and/or its subcontractors at its sole cost agree to maintain the following insurance coverage with insurance carriers acceptable to Client at Client's sole discretion with a rating of no less than A-rated by Best’s Insurance Guide.
Technology errors and omissions
Tech E&O applicable for services insured, at a minimum, include (1) systems analysis (2) systems programming (3) data processing (4) systems integration (5) outsourcing including outsourcing development and design (6) systems design, consulting, development and modification (7) training services relating to computer software or hardware (8) management, repair and maintenance of computer products, networks and systems (9) marketing, selling, servicing, distributing, installing and maintaining computer hardware or software (10) data entry, modification, verification, maintenance, storage, retrieval or preparation of data output, and any other services provided by the vendor.
Tech E&O insurance should cover for liabilities and claim expenses arising from errors, omissions, or negligent acts in rendering or failing to render computer or information technology services and technology products; this coverage should also cover punitive damages, violation of software copyright, in rendering or failing to render all services and in the provision of all products in the performance of the Agreement, including the failure of products to perform the intended function or serve the intended purpose.
Network security/privacy (cyber)
If Vendor's services provide direct access to the Βι¶ΉΣ³» System of Higher Education (NSHE), Βι¶ΉΣ³» (UNR) systems or holding sensitive information, including cloud-based, of the NSHE/UNR, then the Network Security/Privacy (Cyber) cover should be provided as a part of the Technology E&O coverage:
- The cyber policy shall include coverage for loss, disclosure and theft of data in any form; media and content rights infringement and liability, including but not limited to, software copyright infringement; network security failure, including but not limited to, denial of service attacks and transmission of malicious code. Coverage shall include data breach regulatory fines and penalties, the cost of notifying individuals of a security or data breach, the cost of credit monitoring services, and any other causally-related crisis management expense for up to one (1) year. Coverage shall contain severability for the insured organization for any intentional act exclusions. If this coverage is provided on a claims-made basis, then it must be maintained for a period of two (2) years after acceptance of the deliverables and/or services provided in connection with this Agreement.
- Additionally, such policy shall cover consequential or vicarious liabilities, and Βι¶ΉΣ³» System of Higher Education, Βι¶ΉΣ³» shall be named as “Additional Insured,” with an amendment to allow “Additional Insured” to bring a claim against the Named Insured.
Insurance requirements for media-based contracts
Media Liability coverage is required for vendors providing content website design, social media, marketing, advertising, graphics, text, etc.)
Media Liability insurance, including cover for intellectual property infringement, privacy infringement, plagiarism, advertising and content offenses and defamation, unauthorized disclosure of data, coverage for losses for direct or consequential and, punitive damages with limits of $1,000,000.