MEMORANDUM OF AGREEMENT
BETWEEN
NEW YORK STATE OFFICE OF INFORMATION TECHNOLOGY SERVICES
AND
APPLICATION CONSUMERS OF THE FEMA API
This Memorandum of Agreement (alternately, “MOA” and “Agreement”) is entered into as of the date set forth below upon which this Agreement became fully executed, by and between the New York State Office of Information Technology Services (“ITS”) which has its principal office at Agency Building 4, South Swan Street, Albany, New York 12220 and developers of the Community Manager application consumers of the FEMA API (APP).
WHEREAS, ITS, the agency responsible for providing centralized IT services to New York State and its governmental entities maintains the interface as a REST API for the FEMA service; and
WHEREAS, APP, the developers of the Community Manager application desire real-time airport status and weather updates provided to consumers; and
WHEREAS, ITS has agreed to make a REST API available where an airport’s status can be verified using FEMA services (“Web Service”).
NOW, THEREFORE, the Parties agree as follows:
1. Authorized Usage:
APP agrees to use the Web Service only for the purpose(s) specified herein.
2. Functionality to be Provided:
ITS agrees to provide APP access to the Web Service to be used as an airport status tool as more specifically described in the FEMA Service Description (Attachment A), attached to this agreement and made a part of same. When the status of an airport is to be verified using the Web Service, the user will be directed to provide (i) the airport code, collectively “Criteria”. The Web Service will then check the code against the FEMA web service and provide associated data.
3. Functional Limitations:
The Web Service will perform only online status for one request at a time. The Web Service will NOT support batch transaction processing, group searches, or a request based on any search key other than that outlined herein. There is an inherent latency in the data available from FEMA due to general network latencies.
4. Scope of Verification:
The Web Service will NOT return any user data from WRTS or WMS nor will the user’s information be stored or recorded by ITS or any user of this web service. For each verification test included in the request, the Web Service will return the input test data and a “Yes or No” result. The extent of the information the Web Service will convey in the verification result is limited to the following:
(a) whether or not a unique record was found in WRTS for the CIN number submitted in the request;
and, in the event such a record is found,
(b) whether or not the Criteria specified in each verification request submitted was determined to match the data in the WRTS record at the time the verification was performed.
and, in the event the data matches,
(c) whether or not the WRTS user record has a positive death indicator associated with it.
No other information, conclusions or inferences about the user or the WRTS record are required.
5. Use:
ITS agrees to only grant access and authorization to use the Web Service to DOH EIAM Project and only for the purpose of identity verification by the New York State of Health Marketplace. ITS shall not approve any expanded or alternate use by ITS and/or DOH of the Web Service or authorize access to use the Web Service to any other agency or entity without the prior written approval of OTDA, unless there is no change whatsoever in the business requirements for the service. Any request for approval must specifically set out the name of the entity/agency using the Web Service, the business need, contact information for the user, the start date, any anticipated increase in the volume of use and duration of use. Where there is no change in the business requirement for the service and ITS wishes to grant access to use the Web Service to another agency or entity, OTDA must be notified in writing in advance of the granting of such access of the name of the entity/agency using the Web Service, the business need, contact information for the user, the start date and duration of use. .
6. Applications and Systems:
OTDA agrees to implement and maintain its applications and systems that use WRTS Web Service in compliance with the following requirements.
(a) Applications and systems must be designed in such a way that, when one or more tests return a negative result, the web service will return a result of ‘N’ with no identification of the specific data field(s) that failed to match the WRTS record.
(b) Applications and systems shall NOT display WRTS error messages or otherwise disclose the message codes and/or text to end‑users.
7. System Security and Audit Requirements:
(a) All verification transactions must be encrypted, as more specifically described in Attachment A, during transmission to and from the Web Service and at rest.
(b) ITS shall notify OTDA within one business day of the discovery of any misuse, or attempted misuse, of its applications or systems to gain unauthorized access to WRTS as well as any unauthorized use of the data returned by WRTS.
(e) ITS must provide audit and security metadata specified within this Agreement and the WRTS Verification Service Description version 1.0 (Attachment A).
8. Technical Support:
ITS shall designate a support liaison who shall, in writing, be made aware of all requests from ITS for technical support for the Web Service. OTDA shall be notified of any non-routine technical issues that may affect the Web Service and/or the use of WRTS.
9. Term and Termination:
(a) This Agreement will continue in effect until terminated or replaced by a successor Agreement as provided herein.
(b) The Commissioner of OTDA may terminate this Agreement at his/her discretion upon 30 days prior written notice of such termination.
(c) Notwithstanding the foregoing, OTDA reserves the right to immediately terminate this Agreement in the best interests of the State, without providing prior notice of termination, in the event the Commissioner determines that a breach of security or confidentiality has occurred or that a breach is or may be imminent. In such event, OTDA shall provide ITS with written notice of cancellation within a reasonable time but no later than one (1) business day after the cancellation. Termination of the Agreement will not affect any ITS liability for breach of the terms of the Agreement.
(d) Except as otherwise provided herein, this Agreement cannot be amended, modified, or otherwise changed except in writing signed by all parties to this Agreement.
10. Notices:
All notices required by this Agreement must be in writing and sent by regular first class mail, and become effective only when received by the addressee. Notices shall reference this MOA and be delivered to the following addresses:
NYS Office of Temporary and Disability Assistance
Office of Legal Affairs
40 North Pearl Street, 16th floor
Albany, New York 12243
NYS Office of Information Technology Services
Counsel’s Office
Agency Building 4
South Swan Street
Albany, New York 12220
11. Limitation of Liability:
(a) OTDA shall not be liable to ITS or any user of this Web Wervice for any damages including, but not limited to, direct, indirect, consequential, incidental or special damages, lost savings, loss of goodwill or otherwise, or for exemplary damages in connection with the information OTDA provides to ITS pursuant to this Agreement.
(b) OTDA hereby disclaims all warranties concerning the performance of WMS and/or WRTS, including, but not limited to, its availability, capacity, or response. OTDA hereby disclaims liability for any omissions or errors in the data furnished to ITS or any user of this web service.
12. 12. Security:
ITS agrees that it shall be deemed the “owner” of private information disclosed by OTDA under this Agreement for purposes of complying with the requirements of the New York State Information Security Breach and Notification Act, as set forth in General Business Las Section 899-aa and Technology Law §208. Private information for purposes of this paragraph shall have the same meaning as defined in New York State Technology Law §208.
In the event of a suspected or confirmed breach of security of ITS’s system containing private information, ITS shall immediately notify its Information Security Officer, commence and bear the cost of information security incident response procedures including, but not limited to investigation to verify and determine the scope of the breach, determination, in concert with OTDA, of the appropriate plan of action addressing federal and State reporting and notification requirements and the execution thereof, and restoration of the security of the system to prevent any further breaches.
ITS shall also fully and immediately notify OTDA and the Human Services Cluster ISO of any such suspected or confirmed breach of the security of Web System or other security incident immediately, but in no event later than one (1) business day after any such suspected or confirmed breach. Such notification should be sent to:
New York State Office of Temporary and Disability Assistance
General Counsel
40 North Pearl Street – 16th Floor
Albany, New York 12243
And
Human Service Cluster ISO
Otda.sm.legal.si
IN WITNESS WHEREOF, the undersigned have duly executed this Agreement by their authorized representatives.
|
[ ] |
|
|
By, __________________________________ By, _________________________________
_____________________________________ ___________________________________
(Print Name Here) (Print Name Here)
Title: _________________________________ Title:_______________________________
Date (mm/dd/yyyy): ___________________ Date (mm/dd/yyyy):_________________
ATTACHMENT A