������������Ƶ

(Last Modified on September 5, 2017)

This section presents selected BOR policies in a highly summarized format. It should be considered a guide and used as a source of information for further research. For specific authority on executing contracts, the reader should also research the BOR Policy manual, as well as reviewing written documents delegating authority to the local institution to sign contracts.

3.4.1 Authority to Execute Contracts

(Last Modified on September 5, 2017)

Prior to any delegation of authority, only the Chancellor and the Chancellor’s designee are authorized to:

1. Enter into rental agreements as tenant or landlord where the total rent to be paid by or to the BOR does not exceed $25,000 per month or $35,000 per month during any subsequent renewal terms.

2. Sign contracts, agreements, deeds, licenses, or other instruments related to the purchase or gift of real property where the purchase price or gift value does not exceed $1,000,000.

3. Accept gifts, bequests, agreements or declarations of trust in those instances where the initial gift or trust estate is $100,000 or less. The Chancellor may, at his/her discretion, delegate the authority to execute said documents to the Treasurer or to the presidents of the individual ������������Ƶ institutions. However, the Chancellor is not authorized to delegate to the presidents the authority to accept gifts of real property.

4. Act as contracting officers for and on behalf of the Board of Regents in the execution of construction contracts, contracts for professional services, selection of architects and engineers, execution of contracts for new buildings, etc. However, the authority so delegated shall not exceed the sum of $5,000,000 for any one contractual obligation.

The Chancellor and the Chancellor’s designee are authorized to delegate any or all of the above authority to act as contracting officers to the individual ������������Ƶ institutions. Current levels of institution delegated authority for capital project authorizations, consultant services procurement, BOR design review requirements and construction contracting can be found at .

Generally, the authority to sign contracts for the day-to-day operations of an institution has been delegated to the individual institutions. It is imperative that the documented authority is available in the permanent files of the institution as proof of such authorization.

---

3.4.2 Dining and Catering Contracts

(Last Modified on February 21, 2020)

3.4.2 Dining and Catering Contracts

University System of Georgia (������������Ƶ) institutions utilize the Georgia Procurement Registry managed by the Department of Administrative Services for procurement of dining and catering services. Institutions must follow the procedures outlined in this section when developing procurement materials for contracts beginning on or after July 1, 2017. Institutions with contracts that are not fully compliant with these procedures must obtain any required amendments to their existing contracts or conduct a new procurement for services beginning no later than July 1, 2019.

3.4.2.1 Financial Model

3.4.2.1.1 Required Supplier Proposals

Requests for Proposals (RFPs) must require that suppliers submit proposals on a fixed cost basis (per meal/item or per plan) that reflects all the supplier’s fixed and variable costs. Institutions may require additional pricing models, including fee-based proposals.

Institutions may add to the supplier fixed price reasonable charges, necessary for associated lease payments, and for direct and indirect dining and catering expenses not covered by the supplier. If commissions are to be paid by the supplier, the rate must be based on all gross sales, including retail and catering sales, and may be variable based on sales volume.

3.4.2.1.2 Affordability and Efficiency

Dining and catering services must be structured with student affordability and operational efficiency as essential criteria for successful suppliers. Institutions must be able to demonstrate that overhead costs, including the administration of dining dollars, are reasonable and comparable to peer institutions.

3.4.2.1.3 Self-Liquidating

Dining and catering contracts should be structured to enable a self-liquidating dining auxiliary, reserve balances sufficient to meet reserve requirements for lease financings and unique institutional needs as outlined in the 5 year dining auxiliary business plan, and to fulfill any lease payment obligations reliant upon dining revenues.

3.4.2.1.4 Performance Management

Supplier compensation must include a performance component and should be measured using campus designed performance measures or indicators that reflect customer satisfaction. Supplier should be responsible for any participation incentives.

3.4.2.1.5 Qualified Management Agreements

All RFPs must require that vendors certify their proposal is a Qualified Management Agreement in accordance with IRS Rev Proc. 2016-44. Opinion of bond counsel must be obtained prior to execution of the contract.

3.4.2.2 Pricing

3.4.2.2.1 Guarantees

Institutions may not provide any meal plan purchase minimums or volume guarantees to suppliers.

3.4.2.2.2 Non-student Pricing

Meal plan and retail pricing for any party other than a student must not be less than charges paid by students.

3.4.2.2.3 Residential Student Meal Plan Pricing

Institutions may require students living in housing to purchase a meal plan. Actual utilization of dining options by students required to purchase meal plans will be reviewed as a part of the annual rate approval process.

3.4.2.2.4 Dining Dollars

Dining dollars may come with meal plans or be an optional charge that students may elect to add to their meal plan. Any unused dining dollars must be tracked by the Institution. Unused dining dollars (other than nominal amounts less than $10) must be refunded to the student no later than upon separation from the institution.

3.4.2.3 Term and Renewal Options

Contracts must be annually renewable. Renewal options in excess of 9 years require the approval of the BOR Strategic Sourcing Director. Institutions are required to review contracts prior to exercising a renewal option to ensure the contract terms remain competitive.

3.4.2.4 Catering Services

Catering allowances should be sized according to institutional size and mission and should be utilized and tracked under the direction of the Chief Business Officer. Contracts shall allow for unused balances to rollover to subsequent years. Maximum annual allowances, exclusive of any rollover amount, for each sector are as follows:

• Research and comprehensive institutions: $85,000
• State universities: $70,000
• State colleges: $55,000

Catering allowances are considered institutional funds (see BPM 19.8). Prior to utilization of catering allowances, institutions should seek voluntary contributions from suppliers and cooperative organizations to support advancement and other events.

3.4.2.5 Grants and Scholarships

Contracts shall not allow the provision of grants, scholarships, or complimentary meals. Complimentary meals do NOT include meals provided to students in return for serving as live-in, residence life staff. Limited guest passes for parents of students purchasing meal plans are not considered complimentary.

3.4.2.6 Capital Improvements

3.4.2.6.1 Capital Allowances

Request for Proposals for Dining and Catering Services that include a total capital allowance in excess of the institution’s delegated project authorization level must undergo facilities integrated review prior to contract award. This requirement applies to the total capital allowance regardless of the size of the individual projects contemplated. Institutions shall submit a Project Concept Proposal to start the review process with as much detail related to the future projects as is known at the time of the procurement. All capital allowances must be fully amortized over the life of the contract.

3.4.2.6.2 Capital Improvements in Leased Facilities

Capital improvements in leased facilities are typically funded through an increase in the rental agreement. All capital improvements in excess of the institution’s delegated project authorization, including those performed by a third-party in a leased facility, require submittal of a Project Concept Proposal. Capital improvements in leased facilities within the institution’s delegated project authorization level require the prior approval of BOR Fiscal Affairs, Finance Office.

3.4.2.6.3 Reserves

Institutions must fully reserve any amount of capital allowance utilized if the contract requires the repayment of unamortized balances in the event of non-renewal. These reserve balances are in addition to any amounts held in a repair and replacement reserve. Institutions must reflect these reserves in account 329200 Reserve for Deferred Gift Revenue from Auxiliary Vendor (Unrestricted). Other non-renewal fees or penalties are not allowed.

3.4.2.6.4 Institutional Funding of Dining Capital Improvements

Institutions may propose in their 5 year dining auxiliary business plan to accumulate dining auxiliary unrestricted fund balances to self-fund capital improvements. Institutions should evaluate the cost-benefit of self-funding compared to vendor-financed improvements.

3.4.2.7 Notification

Institutions must provide notice of intent to proceed with a dining and catering services Request for Proposal to the BOR Strategic Sourcing Director at least 90 days prior to submission to the Department of Administrative Services.

3.4.2.8 Variances

Any variances from these procedures must be pre-approved by the ������������Ƶ Chief Fiscal Officer.

---

3.4.3 ������������Ƶ Ethics Policy Reference in Contracts

(Last Modified on June 21, 2019)

Cooperative organizations, vendors, and contractors shall certify compliance with the ������������Ƶ Ethics Policy by written agreement. The ethics policy should be specifically referenced as a condition with which the vendor will comply. The following language must be included in all contracts:

Ethics: Offeror shall comply with the University System of Georgia Board of Regents Ethics Policy (Board Policy 8.2.18). The University prohibits any form of discrimination, harassment or retaliation against or by any member of the faculty, staff, administration, student body, volunteers, or visitors based upon race, color, religion, sex, national origin, age, whistle-blower status, disability, gender identity or expression, genetics, or any other characteristic protected by state or federal law. Offeror and Offeror’s employees will be required to know and adhere to the Title IX policy.

To review the ������������Ƶ Ethics Policy in its entirety, click on the following link:

/policymanual/section8/C224/#p8.2.18_personnel_conduct

---

3.4.4 Supplier Contracts

(Last Modified on November 2, 2021)

Effective immediately, upon the creation of a new contract or at the next renewal of an existing contract, all ������������Ƶ institutions and organizations (collectively herein, “organizations”) must ensure that suppliers (or other third parties, herein, “suppliers”) with access to ������������Ƶ data are adequately protecting that data. Such protection must be at least the same level of protection provided by the ������������Ƶ and as required by law, regulation, or ������������Ƶ/State of Georgia policy. To achieve this objective, ������������Ƶ organizations shall:

1. Review all contracts, either upon the creation of a new contract or at the next renewal of an existing contract, to identify suppliers which may have access to or may be provided ������������Ƶ data.

2. Determine what data types the supplier will access or be provided and/or the service the supplier will be providing. Based on the type of data or service, the ������������Ƶ organization shall then assess the overall level of risk associated with access to that ������������Ƶ data or the service availability for those suppliers. For example, suppliers with access to personal health information or student records are higher risk than suppliers with access to publicly available directory information. Additionally, a service supporting a mission-critical need like One������������Ƶ is higher risk than a supporting service like an informational webpage. Ultimately, the level of risk will be assessed as “None,” “Low,” “Moderate” or “High” as described below. If in doubt, the ������������Ƶ organization shall assign the highest level reasonable:

   • None (No cybersecurity review is required – no systems, products, services and/or ������������Ƶ information or data assets are being exchanged or made available by the supplier as part of the contract.)
   • Low (No ������������Ƶ data is shared with a supplier. Suppliers must be required to protect the availability of a non-mission-critical system(s), product(s), or service(s) under contract.)
   • Moderate (Moderate risk ������������Ƶ data is shared with a supplier. Suppliers must be required to protect the availability and integrity of the ������������Ƶ data assets being shared, but any data systems, data products, or data services provided are non-mission-critical. Examples of moderate risk data include but are not limited to publicly available information, directory information, and/or non-confidential information.)
   • High (High risk ������������Ƶ data is shared with a supplier. Suppliers must be required to protect the availability, integrity, and confidentiality of the ������������Ƶ data assets being shared and/or the mission-critical systems, products, or services under contract. Examples of high-risk data include but are not limited to personally identifiable information (“PII”) such as date of birth, social security number, and names of minor children; health information as defined by either HIPAA or FERPA; financial information (credit card numbers, bank account numbers), and other confidential information such as student records as defined by FERPA, etc.
     
     
3. Ensure that the new contract, or contract renewal, includes language appropriate for the designated risk level requiring the supplier to take steps to protect ������������Ƶ data, systems, products, or services consistent with the risk level as referenced in item 2 above to include:
   
   • Adherence to the ������������Ƶ contract or contract renewal checklist.
   • Determine if a need exists concerning cyber insurance. When needed, secure from the vendor an appropriate level of cybersecurity insurance to protect ������������Ƶ’s interests in case the supplier compromises ������������Ƶ data or cannot provide the mission-critical service. Preferably, the cyber insurance coverage will indemnify and hold harmless ������������Ƶ.
   • Obtain and review appropriate documentation of supplier compliance. Consideration should be given to what extent supplier compliance should be documented or otherwise addressed in the contract insofar as the supplier will have access to ������������Ƶ data. (Examples of appropriate documentation could include a SOC report, an assurance provider’s assessment of the supplier’s cybersecurity protocols, etc.)

Note: It is recognized that it may not be possible to achieve 100% compliance with the contract renewal checklist and other items listed above due to operational necessity and/or the nature of supplier-������������Ƶ negotiations. In those instances, institutions should identify alternative measures to adequately mitigate the risk and document these efforts in the appropriate file.

4. Review, at least annually, the supplier’s compliance with the contractual requirements and document said review in the contract files. Contract owners should consider consulting with their organizational privacy officer or designated privacy point of contact for input on contracts with privacy implications. Organizational legal officials and/or ������������Ƶ Legal Affairs at the ������������Ƶ system office should be consulted concerning contract non-compliance. Organizational cybersecurity officials and/or ������������Ƶ Cybersecurity at the ������������Ƶ system office should be consulted and notified of any potential incident, breach of protected information or non-compliance.

5. ������������Ƶ organizations should consider adding ������������Ƶ data protection review as part of the contract review and/or routing process to ensure that this review takes place before executing a contract. For example, verification of data protection review could be included on an internal routing/approval sheet. The central office’s contract routing sheet is attached as an example.
   It is recognized that operational needs and the give-and-take nature of contract negotiations may preclude 100% compliance by suppliers with respect to these provisions. However, ������������Ƶ institutions and organizations are nevertheless responsible for ensuring adequate protection of ������������Ƶ data analyzed in light of the preponderance of the entire set of supplier and ������������Ƶ controls and measures protecting ������������Ƶ data.

---

↑ Top