A. For purposes of this section, "supplier" means an offeror with whom the Commonwealth has entered into a contract for a major information technology project.
B. Except as provided in subsection C, in any contract for a major information technology project, terms and conditions relating to the indemnification obligations and liability of a supplier shall be reasonable and shall not exceed in aggregate twice the value of the contract. There shall be no limitation on the liability of a supplier for (i) the intentional or willful misconduct, fraud, or recklessness of a supplier or any employee of a supplier or (ii) claims for bodily injury, including death, and damage to real property or tangible personal property resulting from the negligence of a supplier or any employee of a supplier.
C. If the CIO believes that a major information technology project presents an exceptional risk to the Commonwealth, he shall conduct a risk assessment prior to the issuance of a Request for Proposal. Such risk assessment shall include consideration of the nature, processing, and use of sensitive or personally identifiable information. If the risk assessment concludes that the project presents an exceptional risk to the Commonwealth and the limitation of liability amount provided in subsection B is not reasonably adequate to protect the interest of the Commonwealth, the CIO may recommend and request approval by the Secretary of Administration to increase the limitation of liability amount.
The CIO shall make such recommendation in writing setting forth the reasons that the limitations in subsection B are not adequate to protect the Commonwealth's interests. The recommendation shall describe the risks presented to the Commonwealth and how those risks are not sufficiently mitigated by the expected terms and conditions associated with the Request for Proposal. The CIO shall recommend a reasonable maximum alternative limitation of liability amount that is a multiple of the contract value, with the same exceptions to the limitation as provided in subsection B.
The Secretary of Administration shall review and may approve any recommended maximum alternative limitation of liability amount to be included in any Request for Proposal issued for the project. The CIO shall annually publish a list of all approvals granted under this subsection pertaining to any Request for Proposal issued in the previous 12-month period.
D. Notwithstanding the provisions of this section, the Commonwealth may agree to a lower limitation for any contract subject to subsection B or C.
2019, cc. 605, 606.
Structure Code of Virginia
Title 2.2 - Administration of Government
Chapter 20.1 - Virginia Information Technologies Agency
§ 2.2-2005. Creation of Agency; appointment of Chief Information Officer
§ 2.2-2007.1. Additional duties of the CIO relating to information technology planning and budgeting
§ 2.2-2009. Additional duties of the CIO relating to security of government information
§ 2.2-2012. Additional powers and duties related to the procurement of information technology
§ 2.2-2012.1. Major information technology project procurement; terms and conditions
§ 2.2-2013. Internal service and special funds
§ 2.2-2016. Division of Project Management established
§ 2.2-2016.1. Additional powers and duties of the CIO relating to project management
§ 2.2-2017. Powers and duties of the Division
§ 2.2-2018.1. Project and procurement investment business case approval
§ 2.2-2020. Procurement approval for information technology projects
§ 2.2-2021. Project oversight committees
§ 2.2-2022. Definitions; purpose
§ 2.2-2023. Virginia Technology Infrastructure Fund created; contributions