Govra Mou 2013-Ed

8/11/2019 Govra Mou 2013-Ed

http://slidepdf.com/reader/full/govra-mou-2013-ed 1/8

Page 1 of 8

MEMORANDUM OF UNDERSTANDING

KNOW ALL MEN BY THESE PRESENTS:

This Memorandum of Understanding (MOU) entered into this ___ day of ________ 2013at Quezon City, Philippines, by and between:

The INFORMATION AND COMMUNICATIONS TECHNOLOGY

OFFICE (ICTO), a government entity duly organized and existing under the

laws of the Republic of the Philippines, with principal office at C.P. Garcia

Avenue, U.P. Diliman, Quezon City, and represented in this act by itsExecutive Director, LOUIS NAPOLEON C. CASAMBRE, hereinafterreferred to as the “GovCA”;

-and-

The _______________________, a government agency duly established and

existing under the laws of the Republic of the Philippines with principal

office address at _______________________, and represented herein by its ___ ____________________, hereinafter referred to as the “GovRA.”

W I T N E S S E T H :

WHEREAS, the ICTO is mandated under Executive Order No. 47, series of 2011, to ensurethe provision of efficient and effective information and communication technology

infrastructure, information systems and resources to support efficient, effective,

transparent and accountable governance and, in particular, support the speedy andefficient enforcement of rules and delivery of accessible public services to the

people;

WHEREAS, by virtue of Executive Order No. 47, series of 2011, the National ComputerCenter was made part of the internal structure of ICTO and is designated to operate

as the Government Certification Authority (GovCA) under Executive Order No. 810,series of 2009;

WHEREAS, one of the key services offered by the iGovPhil Project is the Public KeyInfrastructure (PKI), which provides a secure and private mechanism for exchanging

data and conducting transactions over an unsecured public network such as the

Internet. Under the PKI, a Certificate Authority (CA) issues, manages, validates,and revokes digital certificates. Digital certificates contain information identifying

the owner of the certificate, the central authority that issued the certificate, a unique

serial number, and a validity date range. The digital certificate is a small and

lightweight file that is issued by a CA after an application goes through a registrationauthority (RA) that verifies the applicant's data. PKI can be used to secure emails,

authenticate users, or digitally sign forms and documents;

NOW, THEREFORE, for and in consideration of the foregoing premises and subject to theterms and conditions hereunder stipulated, the Parties have mutually agreed as

follows:

Article I OBJECTIVES

To define the relationship between the Government Registration Authority

(GovRA) and ICTO as the GovCA, and to specify the responsibilities and

functions of a certified GovRA.

8/11/2019 Govra Mou 2013-Ed


Page 2 of 8

Article II DEFINITION OF TERMS

1. Accreditation and Assessment Body – refers to the body that

accredits the Certification Authorities (CAs) and conducts regular

assessment of such CAs to ensure compliance to prescribed criteria,guidelines and standards; refers to the Philippine Accreditation Office

(PAO), under the Department of Trade and Industry (DTI).

2. Certificate – an electronic document issued to support a digital

signature, which purports to confirm the identity or other significant

characteristics of the person who holds a particular key pair.Certificates issued may be for general use or for specific use only.

3. General Certificate – a certificate which can be used for all

government and private transactions.

4. Specific Purpose Certificate – a certificate which can only be used

for a specific purpose.

5. Certificate Revocation List (CRL) – a time-stamped list that

identifies and contains revoked or invalid certificates. The CRL is

signed by a Certification Authority and is published periodically in a

public repository.

6. Certification Authority (CA) – issues digitally-signed public key

certificates and attests that the public key embedded in the certificate belongs to the particular subscriber as stated in the certificate. A CA

may be involved in a number of administrative tasks such as end-user

registration, although these tasks are often delegated to the

Registration Authority (RA). The CA may either be a government body or private entity.

7. Digital Signature – refers to an electronic signature consisting of a

transformation of an electronic document or an electronic data

message using an asymmetric or public cryptosystem, such that a

person having the initial untransformed document and the signer’s public key can accurately determine: (i) whether the transformation

was created using the private key that corresponds to the signer’s

public key; and (ii) whether the initial digital document had been

altered after the transformation was made.

8.

Government Certification Authority (GovCA) – refers to thegovernment body that issues digitally-signed public key certificates

and attests that the public key embedded in the certificate belongs to

the particular subscriber as stated in the certificate. The GovCA

designates Government Registration Authorities (GovRAs) andconducts regular assessment of such GovRAs to ensure compliance to

prescribed criteria, guidelines and standards; the GovCA is part of

ICTO.

9. Government Registration Authority (GovRA) – refers to a

government agency designated by the Certification Authority (CA) to

perform administrative tasks such as end-user registration.

10. Root Certification Authority (Root CA) – issues and managescertificates to government and private CAs. The Root CA is part of

ICTO.

11. Subscriber – an individual or entity applying for and using digital

8/11/2019 Govra Mou 2013-Ed


Page 3 of 8

certificates issued by the CA;

12. Personal Information Controller – means a person or organization

that controls the collection, holding, processing or use of personal

information. It includes a person or organization that instructs another person or organization to collect, hold, process, use, transfer, or

disclose personal information on his or her behalf, but excludes a

person or organization that performs such functions as instructed byanother person or organization. It also excludes an individual who

collects, holds, processes or uses personal information in connection

with the individual’s personal, family or household affairs.

Article III AGENCY RESPONSIBILITIES

GovCA

1.

Performs the role of the Government CA.

2. Issues and manages general purpose or specific purpose certificates.

3. Operates and manages the GovCA systems and its functions in

accordance with the Philippine Root CA Certificate Policy.

GovRA

1. Performs the following:

1.1 Receive request for application, suspension, renewal orrevocation of digital certificates.

1.2 Conduct face to face certification of user and register theapplicant's information in the GovRA system.

1.3 Transmit certificate requests to the GovCA.

1.4 Validate certificates from the GovCA Directory Server and

CRL.

1.5 Request suspension, renewal, or revocation of certificates.

2. Consolidates and transmits subscriber information.

3. Conduct regular self-audit at least twice ever year;

4. Enforces the signing of and compliance with the Subscriber'sContract, a document that defines the undertakings that a subscriber

must make in order to obtain and use a digital certificate confirmingtheir identity. It is expected that this will be part of the terms and

conditions used to encourage user participation in electronic service

delivery.

5. Provides a help desk for its subscribers. The help desk shall beaccessible during regular office operating hours.

6. Performs all other tasks subsidiary or related to the above mentionedresponsibilities of the GovRA, or as may be agreed upon in writing

8/11/2019 Govra Mou 2013-Ed


Page 4 of 8

between the GovCA and the GovRA.

Article IV CHANGES TO CERTIFIED GovRA OPERATIONS

Any proposed changes to a certified GovRA operations need to be formally

submitted to the GovCA for review and approval. The proposed changesmust not adversely affect the terms of its certification. The list of approved

documents that will require amendments, as a result of any change to its

operation, needs to be submitted together with the time frame forimplementation. Once all changes to the documents have been incorporated,

evaluated and approved, GovCA will execute an amendment to the

Memorandum of Understanding annexing the approved changes. The latestversions of amended approved documents shall be included in the website of

GovRA.

Article V DISPUTE RESOLUTION OVER GovRA CERTIFICATION

The Information and Communications Technology Office-National ComputerCenter shall handle disputes pertaining to the certification of governmentagencies as GovRA or other issues arising from the same.

Article VI NON-DISCLOSURE

Both parties to this agreement agree to hold the disclosing party's

Confidential Information in strict confidence. Both parties further agree notto use any Confidential Information for any purpose except for the Disclosing

Purpose, without the prior written consent of the disclosing party. Both

parties agree not to disclose any Confidential Information to third parties,

including, without limitation, any clients, affiliates, independent contractorsand consultants, without the prior, written consent of the disclosing party

except as expressly permitted in this Agreement. Finally, both parties agree to

exercise at least the same care in protecting the disclosing party'sConfidential Information from disclosure as the receiving party uses with

regard to its own Confidential Information, but in no event less than

reasonable care.

Article VII OTHER APPLICABLE LAWS AND PENALTIES

The use and issuance of digital certificates shall be covered by the provisionsof Republic Act No. 8792 or the Electronic Commerce Act of 2000, Republic

Act No. 8484 or the Access Devices Regulation Act of 1998 and Republic Act

No. 7394 or the Consumer Act of the Philippines and their Implementing

Rules and Regulations (IRRs). Hence, violations committed against suchlaws in relation to the use and issuance of digital certificates shall be subject

to the penalties applicable under said laws and their IRRs.

Article VIII LIABILITIES/FINANCE

1. In cases of fortuitous event or act of God, either party shall hold each

8/11/2019 Govra Mou 2013-Ed


Page 5 of 8

other free from liability from any and all claims for damages to

properties or injury to third persons suffered or incurred in theimplementation of this Agreement.

2. Each party shall be liable for any damage to property or injury to persons and/or any third party caused solely by its or its

representatives' negligence or fault or by any defect in or breakage of

its equipment or connected apparatus or to any failure of the same tofunction and solely attributed to its facilities.

Article IX EFFECTIVITY AND TERMINATION OF AGREEMENTS

1. This Memorandum shall take effect from the date of signing hereof

and shall remain in full force and effect until earlier terminated by

mutual agreement of both parties. Either party may initiate thetermination of this Memorandum by serving written notice to the

other party at least 180 days in advance, either through personaldelivery or registered mail.

2. In the event the renewal of this Memorandum is still being negotiatedafter its expiry, this Memorandum shall be deemed renewed on a

monthly basis until such time that a new Memorandum shall beapproved and signed anew by the parties.

3. Any violation or breach of the terms provided for in thisMemorandum on the part of either party shall be sufficient ground for

the termination of this Memorandum by the aggrieved Party, and that

breach is not remedied to the satisfaction of the other party withinsixty (60) days after notice has been given by the party identifying the

relevant breach and requiring rectification of the breach, if such

rectification is possible.

4. Without prejudice to the foregoing, steps shall be taken to ensure thattermination of this Memorandum shall not be prejudicial to anyactivities undertaken within the period in which the Memorandum is

still in effect or to the completion of activities for which binding

obligations exist.

Article X WAIVER, AMENDMENT, CERTAIN NOTICES

No waiver of any provision of this Memorandum, or any consent to any

departure by any party therefrom, shall be effective unless made in writing

and signed by the party to be charged with the waiver or consent. Any waiver

or consent shall be effective only in the specific instance and for the specific purpose for which it was given. This Memorandum may only be amended by

written agreement executed by each of the parties hereto. No notice to or

demand on any party in any case shall entitle that party, or any other party, to

any further notice or demand in similar or other circumstance.

Article XI MISCELLANEOUS PROVISIONS

1. The parties agree to revise, amend, renew or rescind thisMemorandum as may be necessary during the effectivity thereof, in

8/11/2019 Govra Mou 2013-Ed


Page 6 of 8

the interest of the service and by reason of national security or other

reasonable ground, or for any violation of the terms and conditions ofthis Memorandum.

2. The Parties further agree that subsequent agreements coveringexchange usage of specific services and/or facilities shall become

addenda to this Memorandum. No amendments, modifications,

expansions, extensions or alterations to this Memorandum shall bevalid or binding on either party unless expressed in writing and

mutually accepted by both parties.

3. The parties hereto undertake not to assign, transfer, nor convey their

respective rights, titles, or interest in this Agreement, nor any benefits

arising therefrom, without first obtaining the written consent of the

other party.

4. This Agreement shall be binding upon the successors and assigns ofeach party;

5. Neither party shall be released from its obligation under this

Agreement until a written clearance is obtained from the other party.

6. It is mutually understood and agreed upon that the parties hereto shall be relieved and discharged from the performance of their respectiveobligations under this Memorandum in the event of and for the period

subsequent to the occurrence of the following described actions and

events, except as the parties may otherwise mutually agree:

6.1 Condemnation of premises of GovRA, GovCA, or

GovRA applicants by any authority having the power of eminentdomain and directly affecting the performance of the obligations or

exercise of the rights herein stipulated.

6.2 Invasion of the country by a foreign country or theexistence of a state of war in the Philippines to the extent that it

directly and adversely affects the discharge of the obligations andexercise of the rights herein provided.

6.3 Any action taken by a local or national governing bodythat tends to prevent the continued use of the properties of either party

for the purpose contemplated herein.

6.4 Fortuitous event.

7. If any provision of this Memorandum is for any reason found to be

unenforceable, the remainder of this Agreement shall continue in full

force and effect.

IN WITNESS WHEREOF, the parties hereto have signed this Memorandum of Agreementthis ______ day of ___________, 2013 at __________________________

Information and Communications

Technology Office

PARTY 2

8/11/2019 Govra Mou 2013-Ed


Page 7 of 8

By: By:

LOUIS NAPOLEON C. CASAMBRE SIGNATORY 2Executive Director Position

Signed in the presence of:

DENIS F. VILLORENTE WITNESS 2

iGovPhil Project Director Position

8/11/2019 Govra Mou 2013-Ed


Page 8 of 8

A C K N O W L E D G E M E N T

REPUBLIC OF THE PHILIPPINES)

QUEZON CITY ) S.S

BEFORE ME, a Notary Public for and in Quezon City, this _____ day of

__________ 2013 personally appeared the following:

Name Government Issued ID Number Date & Place of Issue

LOUIS NAPOLEON C.

CASAMBRE

PARTY 2 ID and ID Number

known to be the same persons who executed the foregoing instrument and theyacknowledged to me that same is their free act and voluntary deed, as well as the free act

and voluntary deed of the entities herein represented.

The foregoing instrument consisting of eighteen (18) pages, including the page on which

this acknowledgment is written, has been signed by them and their instrumental witnesses

on each and every page hereof.

WITNESS MY HAND AND SEAL on the date and place above written.

_______________________

Notary Public

Doc. No.

Page No.

Book No.

Series of 2013

Documents

Govra Mou 2013-Ed