|Approved By: Senior Associate Vice President for Financial Affairs and Chief Financial Officer
Clickwrap Agreements are specific to the use of One Cards. The Clickwrap Agreement requirements below are in addition to and not separate from Financial Guideline – One Card Program and do not replace or supersede existing One Card guidelines, rules and requirements or any other applicable UTSA policies.
Table of Contents
- Acceptable Use of Clickwrap for Low Risk Services
- Higher Risk Services Prohibited
- Delegated Authority and Contract Validity
- Business and Legal Risks
Definition: UTSA understands the prevalent use by contractors and vendors of Clickwrap Agreements, which are standard online terms and conditions displayed on the computer screen that require a purchaser to click “accept” before the user can secure the contractor’s goods or services.
Risks: As a rule, the terms of Clickwrap Agreements are not advantageous to UTSA, and will typically not address required terms based on UTSA’s status as a government agency and an institution of UT System (see Delegated Authority and Contract Validity below). Clickwrap Agreements are drafted by the contractor to be beneficial to the contractor and are designed to cover a broad range of situations. Contractors are generally not open or even available to negotiate Clickwrap Agreements. Most Clickwrap Agreements involve a low dollar threshold, and the contractor is unwilling or unable to justify the transaction costs necessary to negotiate terms and conditions.
Risk versus Efficiency: Although Clickwrap Agreements pose business risks, UTSA understands that efficiency needs may sometimes require procuring goods or services involving a Clickwrap Agreement. Based on various risk versus efficiency factors, UTSA permits certain limited use of Clickwrap Agreements in specific situations, as described below.
Low Risk Procurements Only: One Card purchases to secure goods or services through use of a Clickwrap Agreement are acceptable only for very low risk procurements (Low Risk Services) with a contract term not to exceed one (1) year and a total contract value less than $5,000. Use of the One Card for Higher Risk Services, as defined below, is not permitted.
Critical Accessibility Requirements for Technology: If software, webware or similar technology is secured under this guideline and the technology is found not to be in compliance with accessibility requirements under Texas Government Code Chapter 2054 Subchapter M, an alternative accessibility option must be offered and requires approval by the UTSA electronic information accessibility coordinator (currently the vice president for information management and technology). If an alternative method is not approved, the department or college must cease use of the technology and promptly terminate the related contract. For questions regarding technology accessibility, please contact the office of the vice president for information management and technology.
HOP Requirements for Use of Technology: Technology purchases and the related use of technology must comply with all applicable UTSA technology policies under Chapter 8 of the Handbook of Operating Procedures (HOP), including HOP 8.22 regarding cloud computing and the use of hosted software.
Low Risk Services Example: An example of a Low Risk Service involving software would be an annual Facebook account for UTSA marketing purposes that only includes Category III Data (non-sensitive, non-confidential data that is generally public record). See UTSA’s Data Classification Categories at https://security.utsa.edu/standard-for-data-classification/.
Inclusion of any of the following service aspects would not classify as a Low Risk Service and are prohibited from being secured through a Clickwrap Agreement (collectively, Higher Risk Services):
- Any use of Category I or Category II Data (sensitive or confidential data, such as FERPA-related data). This includes sharing, access to, storage or hosting services by the clickwrap provider. See UTSA’s Data Classification Categories at https://security.utsa.edu/standard-for-data-classification/;
- Unsupervised interaction with students or any reasonable risks to students;
- Interaction with minors;
- Safety, health or medical matters;
- Risk to UTSA property;
- Access to UTSA’s network;
- Solicitation on campus;
- Providing any intellectual property of UTSA, or any other aspects related to copyright or publication rights;
- Modifications to UTSA property;
- Use of UTSA property by another entity;
- Required use of the service by students;
- Processing, collection or storage of UTSA funds (for example, a payment processer or reseller);
- A vendor/contractor who is a non-U.S. entity or individual;
- Providing the contracted entity with use of any UTSA trademarks, logos or related marks; or
- Any other aspect or service that could reasonably be determined to signify a significant risk to UTSA or the UTSA community.
Higher Risk Services must not be secured through Clickwrap Agreement(s) and must be secured through either a purchase order or a negotiated agreement approved by the Business Contracts Office.
Only an individual with a written delegation of signature authority from the president may authorize and execute contracts on behalf of UTSA. Although the One Card may be used to secure and pay for Low Risk Services under this guideline, the Clickwrap Agreement itself may be invalid and unenforceable. If the requesting department desires to ensure validity of an applicable Low Risk Service Clickwrap Agreement secured via the One Card, the Clickwrap Agreement cannot be used. The agreement will need to be in negotiated form that includes required state and UT System provisions acceptable to UTSA. A purchase order will generally satisfy this requirement, as will a negotiated agreement approved by the Business Contracts Office.
Because Clickwrap Agreements are typically one-sided and drafted solely to the contractor’s benefit, any Clickwrap Agreement can come with business risk. Departments procuring Low Risk Services involving a Clickwrap Agreement in accordance with this guideline must understand the scope of the purchase and must accept the possible business risks, including paying for any damages and legal costs that may occur because of the purchase.
None at this time.
None at this time.