ASPEN INSURANCE HOLDINGS LTD - FORM 8-K - EX-10.1 - EXHIBIT 10.1 - September 7, 2018

Attached files

file filename
8-K - 8-K - ASPEN INSURANCE HOLDINGS LTDform8-kxitoagreement.htm

EXHIBIT 10.1

THIS EXHIBIT AND THE ACCOMPANYING SCHEDULES HAVE BEEN REDACTED AND IS THE SUBJECT OF A CONFIDENTIAL TREATMENT REQUEST. REDACTED MATERIAL IS MARKED WITH [***] AND HAS BEEN FILED SEPARATELY WITH THE SECURITIES AND EXCHANGE COMMISSION




DATED 31 August 2018





(1) ASPEN INSURANCE UK SERVICES LIMITED

- and -

(2) ASPEN INSURANCE U.S. SERVICES INC.

- and -

(3) ASPEN BERMUDA LIMITED

- and -

(4) COGNIZANT WORLDWIDE LIMITED









OUTSOURCING AGREEMENT












CONTENTS

1.DEFINITIONS    6
2.INTERPRETATION    6
3.TERM    7
4.SERVICES    9
5.DELAY    12
6.ACCEPTANCE    13
7.TRANSITION    14
8.Governance, Reporting and Performance    15
9.CHANGE CONTROL    16
10.Holdback, Service Levels and Liquidated Damages    16
11.SERVICE IMPROVEMENT AND ADVANCES IN TECHNOLOGY    17
12.TRANSFORMATION OPPORTUNITIES AND REFERENCE    18
13.ASSETS    18
14.CO-OPERATION AND THIRD PARTY CONTRACTS    19
15.PERSONNEL    21
16.SERVICE LOCATIONS    22
17.SUBCONTRACTORS    22
18.DATA AND SECURITY REQUIREMENTS    23
19.DISASTER RECOVERY    25
20.REGULATORY MATTERS AND AUDIT RIGHTS    25
21.CUSTOMER DEPENDENCIES    28
22.CHARGES    29
23.TAX    30
24.Value for Money/Benchmarking    30
25.INTELLECTUAL PROPERTY RIGHTS    31
26.CONFIDENTIAL INFORMATION    35
27.DATA PROTECTION    36
28.PUBLICITY    38
29.REPRESENTATIONS AND WARRANTIES    39



30.INDEMNITIES    40
31.FORCE MAJEURE    43
32.STEP IN    43
33.ENHANCED CO-OPERATION    44
34.LIABILITY    47
35.INSURANCE    50
36.TERMINATION    51
37.Termination Assistance/Exit    53
38.COMPLIANCE WITH LAWS    54
39.TRANSFER OF THIS AGREEMENT    54
40.NO PARTNERSHIP, AGENCY ETC    55
41.NOTICES    55
42.THIRD PARTY RIGHTS    55
43.SURVIVAL    56
44.SEVERABILITY    56
45.ENTIRE AGREEMENT    56
46.WAIVER    56
47.CORPORATE SOCIAL RESPONSIBILITY, COMPLIANCE WITH LAWS AND LLOYDS CENTRE OF EXCELLENCE    57
48.CUMULATIVE REMEDIES    59
49.DISPUTE RESOLUTION    59
50.COUNTERPARTS    60
51.GOVERNING LAW AND JURISDICTION    60






SCHEDULES

Schedule 1    Definitions
Schedule 2    Service Descriptions
Schedule 3    Service Levels and Service Credits
Schedule 4    Customer Dependencies
Schedule 5    Sub-Contractor List
Schedule 6    Standards and Policies
Schedule 7    Security - IT and Physical
Schedule 8    Transition and Transformation
Schedule 9     Form of Local Agreement
Schedule 10    Charging and Invoicing
Schedule 11    Benchmarking
Schedule 12    Governance and Service Management
Schedule 13    Contract Change Control Procedure
Schedule 14     Service Integration
Schedule 15    Exit Plan and Service Transfer Arrangements
Schedule 16    Business Continuity and DR Plan
Schedule 17    Human Resources Provisions
Schedule 18    Key Personnel
Schedule 19    COTS Vendor Usage Restrictions and Related Obligations
Schedule 20     SOW and Work Request Pro formas
Schedule 21    Data Transfer and Processing
Schedule 22    Locations and Site Licence




THIS AGREEMENT is made on August 31, 2018     

BETWEEN:

(1)
ASPEN INSURANCE UK SERVICES LIMITED a company incorporated in England with registered number 04270446, whose registered office is at 30 Fenchurch Street, London EC3M 3BD (the “UK Customer”);

(2)
ASPEN INSURANCE U.S. SERVICES INC. a company incorporated in Delaware, United States, whose registered office is at 251 Little Falls Drive, Wilmington, DE 19808 (the “US Customer”);

(3)
ASPEN BERMUDA LIMITED a company incorporated in Bermuda with company number 127314 and registration number 32866, whose registered office is at 141 Front Street, Hamilton, HM 19, Bermuda (the “Bermuda Customer”); and
        
(4)
COGNIZANT WORLDWIDE LIMITED a company incorporated in England with registered number 07195160, whose registered office is at 1 Kingdom Street, Paddington Central, London W2 6BD (the “Service Provider”).

Together, the UK Customer, the US Customer and the Bermuda Customer are referred to in this Agreement in the singular form as the “Customer”.

WHEREAS:

(A)
The Customer wishes to outsource the provision and management of its information technology services to the Service Provider.

(B)
The Customer’s information technology services are currently undertaken in-house and pursuant to certain third party supply agreements (including the Legacy Agreements). Under this Agreement such services shall be separated from that arrangement and provided by the Service Provider.

(C)
The Service Provider is experienced in providing information technology services, including the provision of digital, technology and operations services and wishes to be responsible for the provision and management of the Customer’s information technology services functions.

(D)
The Customer issued a request for proposal (“RFP”) on 29 January 2018, and the Service Provider responded to the RFP (the “Response”) on 26 February 2018 and submitted its best and final offer (“BAFO”) on 8 May 2018.

(E)
On the basis of the Service Provider’s Response, BAFO and subsequent discussions between the Parties, the Customer agreed to enter into negotiations with the Service Provider.

(F)
The Customer now therefore wishes to procure and the Service Provider wishes to provide the Services to the Customer, subject to and in accordance with the terms and conditions set out in this Agreement.





IT IS AGREED as follows:
PART A DEFINITIONS AND INTERPRETATION

1.
DEFINITIONS

1.1
In this Agreement, unless the context otherwise requires, the capitalised terms used herein shall have the meanings set out in Schedule 1 (Definitions).

2.
INTERPRETATION

2.1
In this Agreement a reference to:
2.1.1
a “person” includes bodies corporate and unincorporated associations of people;
2.1.2
a clause, Schedule, paragraph, section, Exhibit, Appendix or Annex are, except where otherwise stated, a reference to a clause, Schedule, paragraph, section, Exhibit, Appendix or Annex to this Agreement. The Schedules form part of this Agreement and shall be read as though they were set out in this Agreement;
2.1.3
a word importing one gender shall (where appropriate) include any other gender and a word importing the singular shall (where appropriate) include the plural and vice versa;
2.1.4
any statute or statutory provision includes, except where otherwise stated, the statute or statutory provision as amended, consolidated or re-enacted from time to time and includes any subordinate legislation made under the statute or statutory provision (as so amended, consolidated or re-enacted) from time to time;
2.1.5
including”, “includes” and “in particular” are illustrative, none of them shall limit the sense of the words preceding it and each of them shall be deemed to incorporate the expression “without limitation”. “Other” and “otherwise” are also illustrative and shall not limit the sense of the words preceding them;
2.1.6
words denoting persons include bodies corporate and unincorporated associations and vice versa where the context requires. The words “subsidiary” and “holding company” shall have the meanings given to them in section 1159 and schedule 6 of the Companies Act 2006;
2.1.7
the index and headings in this Agreement and any descriptive notes in brackets are for convenience only and shall not affect its interpretation; and
2.1.8
in the case of any inconsistency between any provision of the Schedules to this Agreement and any term of this Agreement the latter shall prevail. In the case of any inconsistency between any provision of the Annexes or Appendices and any provision of the Schedules, the latter shall prevail.

PART B TERM AND SERVICE PROVISION
3.
TERM

3.1
The term of this Agreement shall begin on the Effective Date and shall expire (unless terminated earlier or extended in accordance with the Agreement) five (5) years from 1 October 2018 (such period being the “Initial Term”), such date being the planned date for completion of the core transition and migration activities, whether or not such activities are successfully concluded by that date (the “First Service Commencement Date”) (each subsequent transfer of a service being a “Subsequent Service Commencement Date” and together them all being a “Service Commencement Date”).

3.2
The Customer may, in its sole discretion, extend the Initial Term by a further period of two (2) years from the expiry of the Initial Term, by giving written notice to the Service Provider at least ninety (90) days prior to the expiry of the Initial Term or an extension period, as applicable.




3.3
The Service Provider shall provide notice to the Customer of the expiry of the Initial Term and any extension period at least one hundred and eighty (180) days prior to the same.

3.4
The Customer may require that Local Agreements and/or Statements of Work are put in place between its Affiliates and the Service Provider or, exceptionally, its Affiliates (it being agreed that wherever possible such arrangements shall be made with the Service Provider only) pursuant to which the provision of local delivery of certain of the Services may be managed or Change Project (under Statements of Work) provided. The Service Provider agrees that subject always to agreement on the appropriate invoicing and taxation arrangements it shall not unreasonably withhold its consent to the agreement of such Local Agreements and further agrees that any such Local Agreements shall (subject always to the liability provisions of clause 34) incorporate all of the terms of this Agreement save as specified and agreed by the executing parties in such Local Agreement and approved in writing by the relevant Customer(s) and the Service Provider.

3.5
The Parties have agreed that:
3.5.1
the UK Customer shall be entitled (acting as agent) to make decisions and provide instructions to the Service Provider and its Affiliates pursuant to this Agreement as “the Customer” for and on behalf of each of the US Customer and the Bermuda Customer and references to the Customer instructing the Service Provider or otherwise engaging with it in relation to the provision of instructions hereunder shall be understood to mean that, save with respect to SOWs entered into by the US Customer or the Bermuda Customer to which the UK Customer is not a party, the UK Customer can provide such instructions for and on behalf of the US Customer and the Bermuda Customer (and in the event of any conflict between any instructions received by the Service Provider from the UK Customer and either of the US Customer or the Bermuda Customer, the instructions of the UK Customer as agent will prevail);
3.5.2
the UK Customer shall procure that the relevant Customer entity complies with the requirements of the relevant Customer Dependencies;
3.5.3
notwithstanding clause 3.5.1, the UK Customer may appoint a local representative from each of the other Customers to give instructions to the Service Provider and its Affiliates working “on the ground” (a “Local Manager”), such appointment to be set out in writing between the Parties. In the event of any conflict between the Local Manager’s instructions and any instruction from the UK Customer, the instruction of the UK Customer shall prevail;
3.5.4
the UK Customer, the US Customer and the Bermuda Customer shall have joint and several liability under this Agreement and any SOW to which they are all parties;
3.5.5
the US Customer and the Bermuda Customer each hereby formally appoints the UK Customer as its agent for service of legal proceedings and hereby authorises the UK Customer to execute SOWs, formal variations to this Agreement and Change Control Notes on its behalf;
3.5.6
any SOW or Change Control Note to which all three of the UK Customer, the US Customer and the Bermuda Customer are party shall be executed by each such entity albeit that, pursuant to clause 3.5.3, the execution may be carried out by the UK Customer for and on behalf of the US Customer and the Bermuda Customer respectively;
3.5.7
invoices for the Charges payable in respect of Services delivered to all of the UK Customer, the US Customer and the Bermuda Customer under this Agreement and SOWs entered into by all three Customer Parties shall be apportioned in accordance with the mechanisms set out in Schedule 10 (Pricebook, Charges and Invoicing);
3.5.8
pursuant to clause 34.10, the UK Customer shall be the only Party entitled to bring a claim against the Service Provider in connection with this Agreement or any SOW to which (i) all three of the UK Customer, the US Customer and the Bermuda Customer are party; or (ii) the UK Customer and one of the US Customer and the Bermuda Customer are a party. Accordingly, where a loss is suffered by a Customer (the UK Customer, US Customer or Bermuda Customer) under this Agreement or a SOW to which all three of the UK Customer, US Customer and Bermuda Customer are parties then the UK Customer shall bring that claim (unless prohibited by law); and
3.5.9
Where the UK Customer is not a party to any SOW and there is more than one other Customer entity contracting, then the Parties agree that:



3.5.9.1
the SOW shall set out applicable terms for governance and management of the SOW in place of the terms of this clause 3.5 and appoint a managing agent;
3.5.9.2
the relevant Customer contracting entities shall have joint and several liability under that SOW;
3.5.9.3
appropriate mechanisms for invoicing in relation to each relevant Customer contracting entity shall be set out in the SOW; and
3.5.9.4
the party nominated as the managing agent for the purposes of that SOW under 3.5.9.1 shall be the only party entitled to bring claims for losses suffered under that SOW (unless prohibited by law).

3.6
The Parties agree that this Agreement is intended to replace the Legacy Agreements and that the Legacy Agreements shall terminate on the later of the Effective Date or the date on which the services described in the Legacy Agreements are transitioned to become the responsibility of the Service Provider under this Agreement. The Parties will work together in good faith with the objective of achieving such transfer by the start of Contract Year 1 however the Parties acknowledge that the associated charging benefits agreed between the Parties will take effect from 1 September 2018. The Parties further agree that notwithstanding anything to the contrary set out in a Legacy Agreement, the termination of such Legacy Agreement and, to the extent relevant, the transfer of services to become Services under this Agreement shall not give rise to any early termination or other penalty or cost under the applicable Legacy Agreement or otherwise and this agreement reached in this clause shall be deemed to be a valid variation of the terms of each applicable Legacy Agreement.

4.
SERVICES

General

4.1
The Service Provider shall provide the Services to the Customer and the Customer Group in accordance with the terms of the Agreement and also:
4.1.1
in accordance with the requirements set out in the applicable Schedules save for immaterial or cosmetic deviations;
4.1.2
with diligence, professionalism and in accordance with Good Industry Practice;
4.1.3
with sufficient, suitably trained and qualified resources to provide the Services;
4.1.4
in a cost-effective manner, but without prejudice to the level of quality and performance required;
4.1.5
in accordance with the relevant time frames specified or if none are specified, within a reasonable time frame;
4.1.6
in material compliance with the Customer Standards and Policies made available to it in writing from time to time (with changes to the versions listed in Schedule 6 notified by Customer to Service Provider and managed via the Contract Change Control Procedure);
4.1.7
to meet or exceed any Service Levels; and
4.1.8
at Customer Locations or from Service Provider Service Locations approved in writing by the Customer.

4.2
The Service Provider shall adopt processes and related behaviour that shall:
4.2.1
support closely the Customer’s business model and business objectives;
4.2.2
enable the Customer and its Service Provider to respond promptly and effectively to predictable and unpredictable change;
4.2.3
promote rational, fact based problem solving;
4.2.4
increase ease of communication and understanding;
4.2.5
increase openness, reliability and consistency;
4.2.6
facilitate the identification and deployment of creative solutions to optimise value; and
4.2.7
reflect the partnership principles set out in the annex that will form part of the Schedule 12 (Governance and Service Management).




4.3
The Customer considers “scope creep” to be a particular risk in any outsourcing project and considers that its suppliers, as experts in the field, should take responsibility for managing the downside risk of scope creep. Accordingly, if any services, functions or responsibilities are not specifically described in the Agreement or any are required for, incidental to or customarily included in, the performance and provision of the Services they shall be implied by and automatically included within the applicable Schedule and the agreed Charges, to the same extent and the same manner as if specifically described in the Agreement.

4.4
The Services shall be deemed to include:
4.4.1
any services, functions or responsibilities performed within the twelve (12) month period immediately preceding the Effective Date by the Customer’s employees, agents and/or contractors whose functions were displaced as a result of this Agreement, even if the service, function or responsibility is not specifically described in this Agreement unless such function or responsibility is specifically identified in this Agreement as either no longer being required or as being the responsibility of the Customer; and
4.4.2
any services, functions and responsibilities reflected in those categories of the Customer’s budget that the Service Provider is assuming pursuant to the Agreement unless the same are specifically identified in this Agreement as either no longer being required or as being the responsibility of the Customer,

provided in each case such services, functions and responsibilities are (i) required for and (ii) incidental to, or customarily included in, the Services.
4.5
The Service Provider shall increase or decrease the amount of the Services according to the agreed forecast (pursuant to Schedule 2, Annex 5, Section 4.10 in respect of Change Management Services and paragraph 18 of Schedule 10 in respect of the Run Services) demand for these Services, the Customer’s other requirements and, in any event, the Customer reserves the right to add or remove Services. Such additions or removals shall be effected using the systems agreed in the applicable Service Description, Schedule 10 (Pricebook, Charges and Invoicing) or pursuant to the Contract Change Control Procedure.

4.6
Except as otherwise expressly provided in this Agreement, the Service Provider shall be responsible for providing all the facilities, personnel and other resources necessary to provide the Services.

4.7
The Customer reserves the right, in its sole discretion, to provide any or all of the Services itself or to contract with third party suppliers to perform all or any part of the Services at any time.

Suspension

4.8
In respect of Transition, Committed Transformation and Change Management Services related project work only, the Customer shall have the right to suspend the provision of Services at any time where either:
4.8.1
the provision of Services is, in the Customer’s reasonable opinion, having an adverse impact on the Customer’s business or the experience of its customers or staff; or
4.8.2
the Service Provider is in material breach of its obligations in respect of the Services that the Customer wishes to suspend.

4.9
For Transition and Committed Transformation, the provisions for suspension are as set out in paragraph 9 of Schedule 8 (Transition and Transformation).

4.10
In relation to Change Management Services related project work (i.e. where clause 4.9 does not apply), the suspension terms in this clause 4.10 and clause 4.11 shall apply. In the event of suspension pursuant to clause 4.8:
4.10.1
the Service Provider shall immediately cease providing the affected Change Services;
4.10.2
where suspension takes place pursuant to clause 4.8.1 (suspension because of adverse impact):
4.10.2.1
the Service Provider shall continue to charge for the project team at the applicable Rate Card day rate for a period of [***], following which the Charges shall be reduced to [***] percent



([***]%) of the applicable Rate Card day rate for the personnel engaged on the project at the time; and
4.10.2.2
Liquidated Damages and other remedies shall not apply during the period of delay caused by the suspension;
4.10.3
where suspension takes place pursuant to clause 4.8.2 (suspension for material breach):
4.10.3.1
save to the extent any ramp down benching or other costs are agreed in this Agreement or the applicable SOW, the Service Provider shall [***]; and
4.10.3.2
the Service Provider shall engage in good faith discussions with the Customer in relation to potential resolutions of the breach giving rise to the suspension but, during the period of delay caused by the suspension the Customer agrees that the Service Provider shall be relieved from any duty to pay Liquidated Damages;

4.10.4
on restarting the provision of any suspended Change Management Services related project work, the Parties shall agree revised Key Milestones (and any suspended Liquidated Damages shall apply to those revised Key Milestones) and project plans. In this regard the Parties agree that the default position will be that the Key Milestones and project plans will be moved by a period equal to the period of suspension (adjusted to reflect any additional or missed public holidays and/or amended Customer requirements/constraints) unless either Party can demonstrate that a different basis of adjustment should apply. For the avoidance of doubt, any Liquidated Damages and other contractual remedies shall apply to these new dates once agreed; and

4.10.5
the period of suspension shall last no longer than three (3) months.

4.11
The Customer shall have the right to require that any Services suspended pursuant to clause 4.8 restart at any time upon at least one (1) week’s notice provided that if suspension occurs pursuant to clause 4.8.2 and the period of suspension continues for longer than two (2) months, at least two (2) weeks’ notice shall be required.

4.12
The Service Provider agrees that the Customer has the right to call off project work under Statements of Work incorporating the full terms of this Agreement and the particular arrangements for doing so are set out in paragraphs 4.4 and 4.5 of Annex 5 of Schedule 2 (Change Management Services).

5.
DELAY

5.1
If the Service Provider becomes aware that the provision of the Services or any other activity under this Agreement is being, or in its reasonable estimation is likely to be, delayed or interrupted (for whatever reason), such that it shall not meet any of its obligations under this Agreement, then the Service Provider shall, unless otherwise agreed by the Customer, give written notice immediately to the Customer of the relevant circumstances (the “Delay Notice”). The giving of such notice shall not prejudice the Customer’s rights under this Agreement.

5.2
The Delay Notice shall:
5.3.1
identify the cause or causes of the delay or interruption;
5.3.2
state whether, and to what extent, the delay or interruption is, or is expected to be, caused by a Force Majeure Event;
5.3.3
provide details of the delay or interruption and its expected duration;
5.3.4
identify clearly which Services, Milestones (if any), Performance Standards and/or other Agreement obligations are likely to be affected and, in the reasonable opinion of the Service Provider, the extent to which they are likely to be affected; and
5.3.5
identify as far as possible the extent to which the Service Provider’s fulfilment of the relevant obligations under this Agreement will be delayed, interrupted or otherwise affected.

5.3
If the Service Provider fails to achieve a Milestone, at no additional charge to the Customer, and without prejudice to the Customer’s other rights, the Service Provider shall (as the case may be):



5.3.1
continue to provide the Services so as to meet the Milestone or complete Transition as soon as possible after the Milestone Date; or
5.3.2
re-perform the Services so as to meet the Milestone or complete Transition as soon as possible after the Milestone Date, [***].

5.4
If the delay or interruption continues for more than five (5) Business Days, the Service Provider shall provide the Customer periodically (and at least on a weekly basis) with updated information in relation to the matters referred to in clause 5.2, notwithstanding any discussions or negotiations relating to the continued performance of this Agreement following a Force Majeure Event or the Customer exercising its other rights.

6.
ACCEPTANCE

6.1
Where applicable, the Parties shall agree and set out Acceptance Criteria for each Acceptance Item and the rest of this clause 6 shall apply. If no such procedures or criteria are set out, the Services provided under the Agreement shall be deemed accepted upon receipted delivery to the Customer and the remaining clauses of this clause 6 shall not apply, save that in the case of documentary Deliverables any failure to comply with a requirement that they be clearly and concisely set out with no material errors or omissions shall entitle the Customer to require that they be rectified and redelivered at no additional charge.

6.2
The Service Provider must undertake its own internal testing of any Acceptance Item before submitting it to the Customer for acceptance testing.

6.3
The Service Provider must provide the Customer with at least seven (7) Business Days’ notice prior to submitting any item for acceptance testing.    

6.4
Unless otherwise agreed between the Parties, the Customer shall conduct the acceptance testing promptly after receiving the Acceptance Item and promptly notify the Service Provider whether it accepts, rejects or conditionally accepts the Acceptance Item. The Customer shall promptly issue an Acceptance Certificate if it accepts or conditionally accepts the Acceptance Item.

6.5
The Service Provider shall provide all reasonable support to the Customer in relation to conducting the acceptance testing at no additional charge.

6.6
If the Service Provider conducts the acceptance testing, the Customer shall be entitled to observe the acceptance testing and shall provide reasonable support to the Service Provider in relation to the conduct of the acceptance testing.

6.7
If an Acceptance Item is rejected, the Customer shall provide reasons for such rejection, and the Service Provider shall remedy the relevant defects at no additional charge and re-submit the Acceptance Item to the Customer as soon as reasonably practicable but in all cases within seven (7) Business Days or such longer period as may be reasonable in the circumstances and as such longer period is stipulated in the applicable Transition Plan, Transformation Plan or Change Control Note.

6.8
If an Acceptance Item is rejected a second time, without prejudice to any other rights the Customer may have, the Customer shall have the option to:
6.8.1
require the Service Provider to rectify any defects and re-submit the Acceptance Item for acceptance;
6.8.2
accept the Acceptance Item subject to an equitable reduction in fees (which shall be at least [***]%) and, in this scenario, such Acceptance Item shall be treated as if it were fully accepted; or
6.8.3
immediately terminate the Service or Transition related to the Acceptance Item and any other affected Services for material breach and be refunded all Charges paid under this Agreement in connection with the same provided that all Acceptance Items related to such termination are returned to the Service Provider.



6.9
[***] Notwithstanding the foregoing, the Customer agrees that if it puts an Acceptance Item into live, productive use without either the prior written consent of the Service Provider or having agreed as part of the original Acceptance Testing approach that the final test is live use or as part of any conditional acceptance that this would happen then it shall be deemed to have accepted the Acceptance Item.

6.10
Notwithstanding clause 6.9, the Service Provider may issue an invoice for the relevant Milestone payment if the Customer has not confirmed acceptance or rejection within one month of the due date for acceptance of the Acceptance Item. For the avoidance of doubt, the lack of confirmation of acceptance shall not be ground for the Customer to claim that the invoice has been improperly rendered pursuant to paragraph 3.7 of Schedule 10 (Pricebook, Charging & Invoicing).

6.11
If the Customer conditionally accepts an Acceptance Item, it shall notify the Service Provider of the conditions to which the acceptance is subject and the Acceptance Item shall not be fully accepted until such conditions have been met. The Charges related to the relevant Acceptance Item shall be subject to an equitable reduction (which shall be at least 10%), with the balance paid when the defects or backlog of issues have been completed.

7.
TRANSITION

7.1
The Transition Plan in Schedule 8 (Transition and Transformation) sets out details of how the current service provision shall be separated from the remaining Customer-provided activities and then migrated to the Service Provider after the Effective Date. The Service Provider shall perform the Transition and any further implementation or transformation projects:
7.1.1
so as to cause minimal disruption to the business of the Customer (and in any event only that disruption agreed in the Transition Plan or other applicable Transformation Plan); and
7.1.2
in accordance with the Milestones set out in the agreed Transition Plan (or other applicable Transformation Plan).

7.2
The Service Provider shall be responsible for the overall management of the project and shall identify and resolve, or assist the Customer in the identification and resolution of, any problems encountered in the timely completion of each task identified in the Transition Plan (or other applicable Implementation Plan), whether the task is the responsibility of the Service Provider, the Customer or a third party.

7.3
The Service Provider shall provide the Customer with weekly progress reports that describe in reasonable detail the current status of the Transition, indicate the progress of the work being performed, identify any actual or anticipated problems or delays, assess the impact of such problems or delays on the Supplier’s provision of the Services and describe all actions being taken or to be taken to remedy such problems or delays.

7.4
The Service Provider further agrees that the acceptance procedure set out in clause 6 shall apply with the Acceptance Item being the effective transfer of the applicable service to the Service Provider.

8.
Governance, Reporting and Performance

Governance

8.1
The Service Provider shall comply with the Customer’s governance requirements as set out in Schedule 12 (Governance and Service Management) at no additional charge.

Procedures Manual

8.2
The Service Provider shall develop within 20 Business Days following the First Service Commencement Date and each subsequent Service Commencement Date and maintain (subject always to approval by the Customer) a policy and procedures manual (the “Procedures Manual”) that describes, at a minimum:
8.2.1
how the Services are to be performed and delivered;



8.2.2
the Equipment and Software to be used;
8.2.3
the relevant Documentation including operations manuals and user guides;
8.2.4
the quality assurance procedures approved by the Customer;
8.2.5
the supervision, monitoring, staffing, reporting, planning and oversight activities to be undertaken by the Service Provider;
8.2.6
the Service Provider’s problem management escalation procedures;
8.2.7
other pertinent Service Provider standards and procedures; and
8.2.8
the Standards and Policies.

8.3
The Service Provider shall update and maintain the Procedures Manual at least annually and the Customer and the Service Provider shall agree on any policies and procedures to be included within the same.

8.4
Until the Procedures Manual is approved, the Service Provider shall perform the Services consistent with existing Customer Standards and Policies.

Escalation

8.5
The Service Provider agrees that if an agreed trigger event occurs (it being agreed that this shall include if: (i) there are repeated delivery or service failures; (ii) there is a major one-off failure such as a failure to achieve Transition Milestone Dates; (iii) and/or it fails to comply with its rectification obligations) then it will commit to executive escalation as follows:    
8.5.1
as a first level of executive escalation (“Executive Escalation (a)”) the Service Provider has agreed that should Executive Escalation (a) be triggered then Service Provider’s Executive Sponsor (named in the Agreement as a member of the Key Personnel) shall relocate to the Customer’s offices for four (4) full Business Days per week to lead the Service Provider’s team and to explain progress; and the Service Provider’s UK CEO or his or her nominee who shall be a main board member of the Service Provider’s UK entity shall telephone the Customer’s CEO once each week to report progress. Without prejudice to its other rights and remedies the Customer may in its sole and absolute discretion elect to waive or defer Executive Escalation (a); and
8.5.2
as a second level of executive escalation (“Executive Escalation (b)”) the Service Provider has agreed that should Executive Escalation (a) not result in the successful resolution of the issue that gave rise to Executive Escalation (a) then the Service Provider’s UK CEO or his or her nominee who shall be member of the leadership of the Service Provider’s UK business (and not the person already identified as Executive Escalation (a)) shall relocate to the Customer’s offices for three (3) full Business Days per week to lead the Service Provider’s team and to explain and report progress. Without prejudice to its other rights and remedies the Customer may in its sole and absolute discretion elect to waive or defer Executive Escalation (b).

9.
CHANGE CONTROL

9.1
No variation of this Agreement shall be effective unless made in writing, signed by or on behalf of all of the Parties and expressed to be such a variation. Pursuant to clause 3.5, the Parties agree that the UK Customer may bind all of the UK Customer, US Customer and Bermuda Customer with respect to agreeing such variations.

9.2
Day-to-day operational changes to the Services shall be effected through an operational change management process, which shall be agreed by the Parties before the first Service Commencement Date and incorporated into the Procedures Manual. Such changes shall not result in any alteration to the Charges.

9.3
Additions of new Services, major alterations to the Services or other variations to this Agreement shall be effected through Schedule 13 (Contract Change Control Procedure).






PART C PERFORMANCE AND QUALITY

10.
Holdback, Service Levels and Liquidated Damages

10.1
If the Service Provider fails to achieve a Key Milestone for any reason other than a Force Majeure Event or a failure by the Customer to meet a Customer Dependency, without prejudice to its other rights and remedies, the Customer may claim the Liquidated Damages associated with that Key Milestone (if any) as set out in paragraph 5.5.1 of Schedule 10 (for Transition), paragraph 14.3.1 of Schedule 10 (for Committed Transformations) or an applicable SOW, in which case:
10.1.1    the Liquidated Damages amount shall be deducted from the next invoice or paid to the Customer if there are no further invoices due to be rendered under the Agreement within thirty (30) days from the date of the invoice issued by the Customer; and
10.1.2    the Parties agree that the Liquidated Damages are a genuine pre-estimate of some of the loss the Customer is likely to suffer as a result of the Service Provider’s failure to achieve a Milestone,
and the parties agree that for Transition, Liquidated Damages shall only be payable by reference to the ‘Go Live’ Milestone.
10.2
The Parties acknowledge that, prior to the Service Commencement Date for a particular Service Tower, the mechanisms in Schedule 3 (Service Levels and Service Credits) and clause 32 (Step-In) are not applicable.

10.3
Where a Transition or Committed Transformation is delayed and the Service Provider becomes liable for the delayed savings intended to be delivered by that Transition or Committed Transformation pursuant to clause 5.3 then paragraph 5.5.2 or paragraph 14.3.2 of Schedule 10 (as applicable) shall apply to compensate the Customer for this.

10.4
Holdback

10.4.1
The Service Provider agrees that [***] percent ([***]%) of the Charges for the Committed Transformation shall be held back (the “Holdback”) as set out in paragraph 14.2 of Schedule 10 (Pricebook, Charges and Invoicing).
10.4.2
The Parties agree that with respect to Change Projects, including Change Projects related to Future Transformation, a Holdback mechanism akin to that set out in clause 10.4.1 above may apply and, if agreed to be applicable, shall be documented in the relevant SOW. The Service Provider shall not unreasonably withhold its agreement to include such a mechanism.
10.5
The Service Provider acknowledges that any failure to provide a Service to a Performance Standard may have a material adverse impact on the business and operations of the Customer and that, accordingly, it shall:
10.5.1
at all times achieve or exceed the Performance Standards in respect of the Services; and
10.5.2
perform the Services with at least the same level of performance (including in respect of accuracy, quality, timeliness, responsiveness and efficiency) as was provided by or for the Customer prior to the Effective Date (unless expressly agreed to the contrary in the Agreement) or, if higher, in accordance with Good Industry Practice.

10.6
Each Party acknowledges and agrees that any Service Credits that may become payable are an adjustment to the Charges and that the payment and receipt of Service Credits and/or Liquidated Damages is without prejudice to any other right or remedy available to the Customer as a result of the Service Provider’s failure to meet the relevant Service Levels or achieve the relevant Milestone (as applicable).

10.7
In addition to Service Levels, the Service Provider shall measure other key indicators of performance of the Services (including by carrying out a customer satisfaction survey) and shall provide such measurements to the Customer in order for the Customer to fully understand the levels of performance of the Service being provided by the Service Provider.




10.8
At the Customer’s election, Service Levels may be added, deleted or revised due to change in the Customer’s business requirements once suitable agreement on the impact of such changes on the Service and the Service Credits has been reached through the Contract Change Control Procedure.

11.
SERVICE IMPROVEMENT AND ADVANCES IN TECHNOLOGY

11.1
Other than the Standards and Policies, the Service Provider shall keep the systems, methodologies and processes used and owned or licenced by the Service Provider in performing the Services current and the Customer shall receive the benefits of upgrades in the same through increases in efficiency and productivity.

11.2
The Service Provider shall cause the delivery of the Services, as approved by the Customer, to evolve and be modified, enhanced, supplemented and replaced as necessary for the Services to keep pace with advances in the methods of delivering services, where such advances are at the time pertinent and in general use. Accordingly, the Service Provider shall proactively seek out new technologies by surveying the market and the technology landscape more generally to identify advances or changes in technology that are appropriate and beneficial to the Customer.

12.
TRANSFORMATION OPPORTUNITIES AND REFERENCE

12.1
In addition to the baseline improvements in service quality and reduction in charges and costs agreed as of the Effective Date and to be delivered as part of Transition of the agreed Services, the Service Provider shall actively seek out costs reduction opportunities throughout the Term and, subject to the Customer’s approval, shall implement the same in order to pass on the benefit of costs savings to the Customer (“Transformation”).

12.2
If the Service Provider adopts technology or processes that change the manner in which the Services are supplied and this results in cost reductions to the Service Provider, the Service Provider shall notify the Customer and the Charges shall be reduced accordingly.

12.3
The Service Provider shall submit to the Customer a draft transformation plan (the “Transformation Plan”) for the Customer’s review and approval and shall revise the Transformation Plan as requested or approved by the Customer. The Transformation Plan shall be additional to the improvements and transformational activities to be carried out during Transition or agreed to be carried out in any event as at a particular Service Commencement Date.

12.4
Each Transformation Plan after the first shall review and assess the immediately preceding Transformation Plan.

12.5
The Transformation Plan shall include suggestions and plans, including cost benefits, for improving productivity beyond the Service Levels and/or reducing the Charges. Upon approval by the Customer, any such suggestions may be incorporated into this Agreement pursuant to the process set out in Schedule 8 (Transition and Transformation).

12.6
The Service Provider shall use the Customer as a referee in relation to at least two (2) bids each year. Such bids shall be for services broadly similar to the Services for clients of a similar size to the Customer. Failure to do this shall, without limitation, require the Service Provider’s UK and Ireland CEO to provide detailed reasons for such failure to the Customer’s CIO.


PART D OPERATION OF THE SERVICES
13.
ASSETS




Equipment

13.1
In the event the Customer deems it necessary to require the Service Provider to use equipment owned or operated by the Customer (“Customer Equipment”), the Service Provider shall be responsible for transfer of the Customer equipment to the Service Provider’s sites/environments. As at the Effective Date, the Parties do not envisage any Customer Equipment being installed on the Service Provider’s sites/environments.

13.2
The Customer makes no warranties with regard to the Customer Equipment (if any).

13.3
The Service Provider shall be fully responsible for monitoring the operation of and maintenance of the Customer Equipment (if any) and shall promptly notify the Customer of any issues with the same that may impact the provision of the Services or achievement of the Service Levels.

13.4
The Service Provider may, where directed to do so by the Customer, acquire future equipment (“Future Equipment”), including modifications, upgrades, enhancements, additions and replacements of the Customer Equipment, as necessary or appropriate to provide the Services. Such Future Equipment shall be acquired in the name of the Customer and title shall vest in the Customer and, unless agreed to the contrary pursuant to the Contract Change Control Procedure, the Customer shall pay the vendor directly for such Future Equipment.

13.5
The Customer shall have the right to approve any software or Service Provider Tools used by the Service Provider in relation to the Services and installed on Customer Systems prior to the Service Provider’s use of the same in order to provide the Services, such approval shall not be unreasonably withheld or delayed. The Service Provider shall be responsible for:
13.5.1
in consideration of the Run Charges, installing, operating and maintaining the Service Provider Software and Service Provider Tools;
13.5.2
in consideration of the Run Charges, managing and using any other Software, Systems or Materials (including the Customer Software, Customer Systems and Customer Materials) required to provide the Services; and
13.5.3
in consideration of any agreed Change Management Charges, modifying such other Software, Systems or Materials (including the Customer Software, Customer Systems and Customer Materials) where the same is agreed as part of the relevant Change Management Services.
Risk of Loss

13.6
Each Party shall be responsible for risk of loss of, and damage to, Equipment, Software or other Material in its possession or under its control, provided that the Service Provider will notify the Customer prior to installing any single piece of Equipment worth more than £50,000 at a Customer Location.

13.7
The Service Provider shall be responsible for the risk of loss of, and damage to, any property, systems or material used by it to provide the Services, except to the extent that any loss of, or damage to, any such property, systems or materials is caused by an intentional wrongful act or omission of the Customer or Customer Personnel.

14.
CO-OPERATION AND THIRD PARTY CONTRACTS

14.1
The Service Provider acknowledges that it will be delivering the Services to the Customer in a multi-vendor environment. Accordingly, the Service Provider shall co-operate in good faith with the Customer, to the extent relevant to obtain the benefit of the Services, and with the Customer’s other suppliers to facilitate the integrated and efficient carrying out of the Customer’s operations and the provision of the Services. Such co-operation shall include providing advice, assistance, data and information as reasonably required by the Customer and (subject to reasonable confidentiality provisions being in place) its suppliers.




14.2
Where applicable to its service model, the Service Provider will agree to specific operation level agreements with those third party suppliers of the Customer identified by the Parties from time to time and, without prejudice to the generality of clause 14.1, the Service Provider shall comply with such co-operation obligations.

14.3
Notwithstanding Schedule 14 Appendix A, during Transition, the Parties will identify any third party contracts under which a Third Party Provider furnishes or provides services to the Customer that are associated with the Services and which are required to be maintained in the name of the Customer (or its Affiliates) and managed by the Service Provider ("Managed Agreements"). Any such contracts not already included in Schedule 14, Appendix 14-A will be added to it by written agreement of the Parties.

14.4
Without prejudice to the generality of its obligations under clauses 14.1 and 14.2, the Service Provider agrees that in relation to any such Managed Agreements, it will monitor the performance of each applicable Third Party Service Provider and take steps to address with each Third Party Service Provider any issues arising with its performance and shall promptly escalate any concerns it may have with respect to such performance to the Customer.

14.5
The Service Provider shall ensure that reasonable knowledge transfer takes place between it and the applicable Third Party Service Providers including in relation to:
14.5.1
difficulties and issues such Third Party Service Providers may encounter in delivering their services in the context of the Service Provider’s provision of the Services;
14.5.2
information regarding the operating environment, system constraints and other operating parameters applicable to the provision of the Services by the Service Provider as a supplier with reasonable technical skills and expertise would find reasonably necessary in order to perform its work; and
14.5.3
such information as is necessary to assist each such Third Party Service Provider to ensure that the results of its services have the ability to interoperate with the Services.

14.6
The Parties acknowledge that from time to time the Service Provider may need to appoint third parties as its subcontractors in order to enable it to perform aspects of the Services. The Service Provider agrees that the Customer shall have the right to nominate certain Third Party Suppliers to be its subcontractors in relation to such Services. Where requested to do so by the Customer, the Service Provider shall either manage such contracts on the Customer’s behalf or shall then enter into direct contracts with such Third Party Suppliers provided, in such latter case, that: (i) the Service Provider is able to reach a commercial agreement in relation to the same; and (ii) the relevant Third Party Supplier passes the Service Provider’s ethics, security and compliance checks. Where requested to enter into a direct subcontract with a third party pursuant to this clause, the Service Provider shall negotiate in good faith and use its reasonable commercial endeavours to reach agreement and the Customer agrees to provide reasonable support to assist with such discussions (if requested to do so). Third Party Suppliers who enter into direct agreements with the Service Provider shall thereafter be treated as a subcontractor of the Service Provider for the purposes of clause 17 below.

15.
PERSONNEL

Staff Transfer

15.1
The Parties shall comply with the terms of Schedule 17 (Human Resources Provisions).

General

15.2
The personnel assigned to the Customer account by the Service Provider (or its Sub-contractors) will be and remain employees of the Service Provider (or such Sub-contractors) (“Service Provider Personnel”) and the Service Provider (or such Sub-contractors) shall be liable for all taxes, national insurance and other costs, compensation and benefits of such personnel, including salary, health, accident and workers’ compensation benefits, pensions and contributions that an employer is required to pay with respect to the employment of employees related to the Service Provider Personnel (“Employment Costs”).



15.3
If the actions or inactions of Service Provider Personnel creates:
15.3.1
additional work in connection with the performance of the Services by the Service Provider that would have otherwise been unnecessary in the absence of such action or inaction; or
15.3.2
additional work for the Customer to enable it to obtain the full benefit of the Services,
the Service Provider shall perform all such additional work at no additional charge to the Customer.
15.4
The Customer shall have the right to require the removal of any member of the Service Provider Personnel assigned to perform under this Agreement where such Service Provider Personnel’s performance and competence, responsiveness, capabilities, cooperativeness, ability to work within the Customer’s culture, or fitness for a particular task of any person assigned by the Service Provider to perform Services, is insufficient to perform the Services in a manner acceptable to the Customer. In these circumstances, the Customer shall provide to the Service Provider written reasons for the request for removal. Without prejudice to the foregoing, the Service Provider shall furnish a qualified replacement as soon as reasonably practicable but in all cases, within twenty (20) days of the removal.

Key Personnel

15.5
The Customer shall have the right to designate certain employees of the Service Provider or its Sub-contractors as key employees (the “Key Personnel”), provided that the Service Provider may reasonably refuse such designation. The Parties shall agree a maximum number of Key Personnel across each Service Tower during Transition and following the applicable Service Commencement Date. The Key Personnel shall devote sufficient effort to perform their role in the delivery of the applicable Services. The Key Personnel will be listed in Schedule 18 (Key Personnel) to this Agreement.

15.6
During their Duration of Commitment, the Service Provider shall only remove or change the Key Personnel with the written consent of the Customer except where the removal or change results from resignation, death, disability, or termination of employment of the Key Personnel in question in which case the Service Provider must promptly notify the Customer of such removal and the proposed replacement. The Service Provider may review its team after the expiry of the initial Duration of Commitment set out in Schedule 18 (Key Personnel) and thereafter every twelve (12) months and advise which Key Personnel are to be changed in accordance with this clause 15.6 and clause 15.7 and any such changes will be made on at least six (6) months’ notice.

15.7
The Service Provider may only assign or replace any Key Personnel with the Customer’s prior written consent (which in the circumstances set out above shall be deemed to have been given) and only after the Service Provider has provided the Customer with the relevant curriculum vitae of the relevant Key Personnel and with a reasonable opportunity to interview such Key Personnel. At no additional cost to the Customer, the Service Provider will provide for an appropriate transition (including overlap) period for the new individual so that there is no disruption to the performance of the Service Provider’s obligations or the Customer’s receipt of the Services under this Agreement.

Non-Solicitation

15.8
Save for any exceptions agreed in Schedule 17 (Human Resources Provisions), each Party agrees that during the term of this Agreement and for a period of one (1) year thereafter, it will not and will procure that its Affiliates will not directly or indirectly, either on its own account or in conjunction with or on behalf of any other person, hire, solicit or endeavour to entice away from the other Party any person who, during the term of this Agreement has been an officer, manager, employee, agent or consultant of the other Party. The Parties agree that to the extent required by Relevant Law, this restriction shall not apply to responses made to bona fide job advertisements.


16.
SERVICE LOCATIONS




16.1
When working at any Customer facilities, Service Provider Personnel shall comply with the requirements of Schedule 22 (Locations and Site Licence) and all applicable Standards and Policies, including the Customer’s standard workplace security, administrative, safety and other policies and procedures applicable to the Customer’s own employees or contractors (“Customer Location Policies”) and the Customer IT and security policies as set out in Schedule 7 (Security - IT and Physical).

16.2
The Customer shall notify the Service Provider of any subsequent modifications or amendments to the Customer Location Policies. Any such changes to the Customer Location Policies which impose materially increased obligations or costs on the Service Provider, shall be agreed through the Contract Change Control Procedure.
 
17.
SUBCONTRACTORS

17.1
The Service Provider shall not delegate or subcontract any of its obligations under this Agreement without the prior written consent of the Customer and shall ensure that all Sub-contractors comply with obligations akin to those set out in Schedules 17 (Human Resources Provisions), 5 (Sub-Contractor List and Service Provider Tools), 7 (Security - IT and Physical), and 21 (Data Transfer and Processing).

17.2
The Customer acknowledges and agrees that the consent required pursuant to clause 17.1 has been granted in respect of those Approved Sub-contractors identified in Schedule 5 (Sub-Contractor List) and any Sub-contractor it formally requires the Service Provider to use in connection with the provision of the Services pursuant to clause 14.6.

17.3
The Customer may revoke its approval of a Sub-contractor if it has good faith doubts about the Sub-contractor’s ability to perform the sub-contracted Services.

17.4
The Service Provider shall on request advise the Customer of the impact of any revocation action pursuant to clause 17.3 by the Customer including any impact on the timetable and the Charges.

17.5
If the Customer wishes to proceed with the revocation action pursuant to clause 17.3 then any changes shall be agreed through the Contract Change Control Procedure.

17.6
The Parties agree that there will be no impact on the Charges if the Customer revokes its approval of a Sub-contractor as a result of any fraud, fraudulent misrepresentation, Wilful Default or Wilful Abandonment or any other criminal act by a Sub-contractor or its employees.

17.7
If the Customer consents to the Service Provider’s proposed use of a Sub-contractor to perform the Services (or part thereof) the Service Provider shall remain fully responsible and liable for the acts and omissions of the Sub-contractors to the same extent as if such acts and omissions were those of the Service Provider.

17.8
Subject to ensuring that all Service Provider Applicable Regulations and the Customer Applicable Regulations that it has been made aware of pursuant to clause 20.1 in relation to the same are complied with (provided always that compliance with Customer Applicable Regulations shall be deemed where the Service Provider complies with and has taken the steps agreed between the parties pursuant to clause 20.1), the Service Provider may engage any of its Affiliates to provide Services and Deliverables to the Customer and the Customer Group under this Agreement. Notwithstanding anything to the contrary in this Agreement, the Service Provider will remain fully liable for Services and Deliverables provided under this Agreement by its Affiliates.

18.
DATA AND SECURITY REQUIREMENTS

18.1
The Service Provider shall comply with the current Standards and Policies relating to IT and security and the requirements of Schedule 7 (Security - IT and Physical) at no additional cost to the Customer. If the Standards and Policies change these will be notified to the Service Provider by the Customer in accordance with clause 4.1.6 and the Service Provider will review such changes, and notify the Customer of any implications of such



changes. Any such changes to this Agreement or the Services required as a direct result of the changes to the Standards and Policies and/or the requirements of Schedule 7 (Security - IT and Physical) will be agreed through the Contract Change Control Procedure save that the Charges shall only be increased where the changes materially increase obligations or costs on the Service Provider.

18.2
The Service Provider shall provide ongoing training for all the Service Provider Personnel employed or engaged in the provision of the Services in compliance with the Standards and Policies.

18.3
Without limiting clause 18.1, the Service Provider shall comply and shall ensure that all Sub-contractors comply with vetting procedures and policies in respect of all Service Provider Personnel that comply with Good Industry Practice.

18.4
The Service Provider shall ensure that principles aligned to ISO 27001 and ISO 9001 are reflected in its performance of the Services.

18.5
The Customer shall retain exclusive rights and ownership of all of Customer Data and the Customer Data shall not be:
18.5.1
used by the Service Provider for any purpose other than as required under the Agreement in connection with providing the Services;
18.5.2
disclosed, sold, assigned, leased or otherwise provided to third parties by the Service Provider; or
18.5.3
commercially exploited or otherwise used by or on behalf of the Service Provider, its affiliates, officers, directors, employees, or agents, other than in accordance with the Agreement.

18.6
Upon request by the Customer and at its election and at no additional charge, the Service Provider shall promptly return to the Customer the Customer Data in the format and on the media as reasonably requested by the Customer, or erase or destroy Customer Data in the Service Provider’s possession, power or control (except that the Service Provide may retain one copy for legal records) and, if requested by the Customer to do so, shall provide the Customer with confirmation in writing signed by a corporate officer of the Service Provider.

18.7
The Service Provider shall protect the Customer’s data in its possession, power or control so as to not lose, damage, destroy or corrupt the Customer Data.

18.8
Pursuant to the requirements of Schedule 7 (Security - IT and Physical) and the obligations in relation to the provision of the Security Services set out in Annex 2 of Schedule 2 (Service Descriptions), the Service Provider shall establish and maintain all appropriate technical and organisational controls to safeguard against the destruction, loss or alteration of Customer Data and that are no less rigorous than those maintained by the Service Provider for the Service Provider’s own information of a similar nature or that otherwise comply with Good Industry Practice.

18.9
Service Provider Personnel must not attempt to access, or allow access to, Customer Data to which they are not entitled or that is not required for the performance of the Services by Service Provider Personnel.

18.10
The Service Provider acknowledges its obligations with respect to data security set out in this clause 18.8 and 18.9 apply to the same extent to any of the Customer’s Confidential Information that is received by the Service Provider. Similarly, the Customer shall ensure that any Service Provider Confidential Information is kept securely in a manner consistent with the data security requirements imposed on the Service Provider under clauses 18.8 and 18.9.

18.11
The Service Provider acknowledges that the Customer is subject to the New York Department of Financial Services Cybersecurity Regulation (23 NYCRR Part 500) (“NYDFS”) and that the Service Provider’s compliance with clauses 18.8 and 18.9 in relation to Customer Confidential Information is required for the Customer to comply with NYDFS. The Service Provider will also reasonably assist the Customer to comply



with any additional requirements of NYDFS (at the Customer’s cost) provided that the parties agree in writing the scope of any such additional requirements via the Contract Change Control Procedure.

19.
DISASTER RECOVERY

19.1
Without prejudice to any Services relating to disaster recovery or business continuity the Parties may agree, the Service Provider shall manage and maintain internal disaster recovery and business continuity policies and procedures consistent with Good Industry Practice and the requirements of Schedule 16 (Business Continuity and Disaster Recovery Plan) throughout the Term at no additional cost to the Customer.

20.
REGULATORY MATTERS AND AUDIT RIGHTS

General

20.1
The Service Provider shall comply with all Service Provider Applicable Regulations. Without prejudice to the generality of the foregoing, the Customer may notify the Service Provider of (i) any Customer Applicable Regulations it specifically requires the Service Provider to comply with (including any requirements set out in the Standards and Policies to either comply with Customer Applicable Regulations referenced there or to ensure compliance with Customer Applicable Regulations by following certain policies or procedures) and/or (ii) if it requires compliance with what would otherwise be a Service Provider Applicable Regulation in a Customer specific way (such specific compliance becoming compliance with a Customer Applicable Regulation for the purposes of this Agreement and the definition of Service Provider Applicable Regulation). Once any such Customer Applicable Regulations are identified, the Parties will agree how they are to be complied with. For the avoidance of doubt, such notifications may relate to compliance with Customer Applicable Regulations in any jurisdictions worldwide in which the Customer or its Affiliates operate or do business from time to time. The Service Provider shall make any modifications to the Services as reasonably necessary as a result of changes to Service Provider Applicable Regulations at no extra cost to the Customer. Where the relevant modification is required to address a change in Customer Applicable Regulations the effect on cost and delivery shall be assessed and agreed via the Contract Change Control Procedure.

20.2
The Service Provider recognises that the Customer and its Affiliates are subject to regulation by (or has regulatory responsibilities in respect of) the regulatory authorities in the jurisdictions in which it operates and that, in particular, the Customer has regulatory responsibilities in respect of:
20.2.1
the Financial Conduct Authority and the Prudential Regulation Authority;
20.2.2
the Bermuda Monetary Authority;
20.2.3
the North Dakota Department of Insurance and the Texas Department of Insurance;
20.2.4
the Jersey Financial Services Commission;
20.2.5
the Central Bank of Ireland;
20.2.6
the successor organisations/regulators of each entity listed in clauses 20.2.1 to 20.2.5 from time to time; and
20.2.7
various other relevant governmental agencies or bodies around the world.

20.3
Subject to clause 26 (Confidential Information) and the applicable terms in clauses 20.5 and 20.6 (External Audits), the Service Provider shall provide such cooperation with all applicable regulatory authorities as may reasonably be requested by the Customer or otherwise required by such authorities and in any event shall cooperate with both the Customer and any regulatory authorities in responding to any enquiries made by such authorities. Such cooperation shall be provided at the Customer’s reasonable cost. The Service Provider’s obligations under this clause 20.3 shall include:
20.3.1
providing, on request, such assistance as the Customer may reasonably require to prove its compliance with its regulatory requirements in the context of the Services;
20.3.2
providing to the Customer such information and/or documentation as a regulatory authority may request in its supervision of the performance of the Services and it consents to such information and



documentation being passed on to the relevant regulatory authority (subject to the controls in clause 26.3); and
20.3.3
in addition to the Customer’s own audit rights hereunder, permitting a regulator to carry out audits of the Service Provider where such regulator requires the right to do so.
External Audits

20.4
The Customer (or its nominee) shall be entitled to audit the Service Provider’s conformance with its obligations under the Agreement (including to verify the Charges) and the relevant Service Provider’s facilities in each case in respect of:
20.4.1
each Service Tower; and
20.4.2
the Services provided to each of the UK Customer, the US Customer and the Bermuda Customer,
during business hours up to a maximum of [***] ([***]) times per year in aggregate for all audits under 20.4.1 and 20.4.2 (at no charge) on reasonable written notice (which shall, other than in the case of an emergency or regulatory audit, be no less than one (1) month), provided that the audit is carried out subject to clauses 20.5, 20.6 and 20.11; the auditor is not a direct competitor of the Service Provider; and the auditor enters into a confidentiality agreement with the Customer on terms no less onerous than those set out in clause 26 (Confidential Information). For the avoidance of doubt, the audit departments of the “Big 4” accountancy firms are not direct competitors of the Service Provider, provided that they sign a confidentiality agreement with the Service Provider, including the obligation to put in place appropriate ethical walls between their audit departments and those parts of their business which provide business and technology consulting and services, to ensure that all information obtained by their audit department is not disclosed to parts of their business which may compete with the Service Provider.
20.5
The Service Provider shall provide all reasonable co-operation with any audits conducted pursuant to clause 20.4 and the Customer shall use its reasonable endeavours to seek to:
20.5.1
minimise any disruption to the Services; and
20.5.2
consolidate such audits for each Service Tower and key Customer Location, where possible.

20.6
In conducting an audit, the Customer (or its nominee) shall comply with the Service Provider’s reasonable security and confidentiality procedures and shall not be permitted to have [***] access to the Service Provider’s shared facilities and systems. The Service Provider shall be entitled to reasonable relief if there is any disruption to the Services as a direct result of the Customer carrying out an audit.

20.7
Subject to the restrictions in clauses 20.4 20.5 and 20.6 (other than in relation to the frequency of audits), the Customer (or its nominee) shall be entitled to undertake no more than [***] further audits in that same year across the Agreement as a whole and/or in respect of each Service Tower, (with the Service Provider providing all reasonable co-operation) at its own cost (at the Service Provider’s relevant day rate), unless such audits reveal fraud or a breach of the Agreement (including all instances of overcharging), in which case the cost of the audit shall be borne by the Service Provider.

20.8
If, as a result of an audit, it is determined that the Service Provider has overcharged the Customer, the Customer shall notify the Service Provider of the amount of such overcharge and the Service Provider shall promptly pay to the Customer the amount of the overcharge, plus interest at a rate of two percent (2%) above the annual base rate of the Bank of England from time to time calculated from the date of receipt by the Service Provider of the overcharged amount until the date of payment to the Customer.

20.9
In the event any such audit by the Customer or its agents reveals an overcharge to the Customer by the Service Provider of five percent (5%) or more of a particular fee category, the Service Provider shall reimburse the Customer for the cost of such audit in addition to the repayment of the sum plus interest at the rate set out above.




20.10
The Service Provider agrees that the restrictions on the number of audits and the notice period for such audits set out in clause 20.4 will not apply to audits required for legal or regulatory reasons. Such audits shall be conducted at the Customer’s cost where the number set out in clause 20.4 has been exceeded.

20.11
If any audit by an auditor designated by the Customer or a regulatory authority having jurisdiction over the Customer results in the Customer being notified that it is not in compliance with any generally accepted accounting principle or audit requirement relating to the Services, then provided that the non-compliance resulted from the Service Provider’s default, the Service Provider shall, at its own expense and within the period of time specified by such auditor or regulatory authority, bring the Services into compliance. If the Service Provider fails to bring the Services into compliance within a reasonable time the Customer shall be entitled to terminate this Agreement on the grounds of the Service Provider’s irremediable material breach of contract on the provision of written notice.

20.12
The Service Provider shall maintain and retain in a manner that complies with Good Industry Practice accurate records (including complete financial records of its operations and activities specifically related to the Services) in relation to the provision of the Services provided to the Customer during the Term for seven (7) years after the termination or expiry of the Agreement and make the same available to the Customer and its auditors.

20.13
The Service Provider shall provide all reasonable assistance and information in relation to the conduct of the audit at its own cost. For the avoidance of doubt such information shall not include the provision of any background cost or overhead information or any of the Service Provider internal reports relating to the Services (although the Service Provider shall act reasonably in this regard).

Internal Audit

20.14
The Service Provider shall establish and maintain a system of internal audits to provide management with assurance that a quality assurance system is being utilised, is effective, meets customer and business needs and continues to improve (“Internal Audits”).

20.15
The Service Provider shall maintain internal controls lists in a manner consistent with Good Industry Practice and provide confirmation of the same at least once per year.

20.16
Where specifically requested by the Customer, the Service Provider shall also provide a copy (if any are produced) of its:
20.16.1.
internal independent audit reports concerning International Standard on Assurance Engagements No. 3402 (ISAE 3402) Assurance Reports on Controls at a Service Organisation;
20.16.2.
Statement on Standards for Attestation Engagements No. 18 (SSAE 18); and/or
20.16.3.
SOC 1 Type 2 Report prepared in accordance with AT-C320 issued by the AICPA,
to the Customer within a reasonable time after any such reports are completed (provided the Service Provider is not required to provide copies of which reports which cover or refer to other clients of the Service Provider) and shall make all documents regarding such audits available to any applicable Regulator. The Customer acknowledges that for any of the audit reports specified in (a) to (c) above to be able to demonstrate appropriate control operating effectiveness in accordance to these audits’ requirements, processes have to be in steady stable state for over eight (8) months. Accordingly, the Customer agrees that it shall not make a request pursuant to this clause 20.16 until a at least one (1) year after the relevant Service Commencement Date in respect of the relevant Services for each Service Tower. During the period of Transition, the Service Provider shall consult with the Customer to identify the applications and systems that qualify for financial reporting and mutually agree on the scope and date of the delivery of such reports.
20.17
Should any Internal Audit identify an overcharge, the provisions of clauses 20.8 and 20.9 shall apply.






21.
CUSTOMER DEPENDENCIES

21.1
The Service Provider’s sole and exclusive remedy for the Customer failing to meet any of its Customer Dependencies is set out in this clause 21 and the Service Provider shall not be entitled to sue the Customer for breach of contract or terminate the Agreement due to a failure of the Customer to meet the Customer Dependencies.

21.2
The Service Provider shall be excused from failures to perform its obligations under this Agreement if the Customer delays or fails to provide the Customer Dependencies but only:
21.2.1
to the extent that such failure causes Service Provider’s failure to perform;
21.2.2
provided that such acts or omissions are not undertaken by the Customer at the Service Provider’s direction or with the Service Provider’s written consent;
21.2.3
provided that the Service Provider gives the Customer prompt written notice of the Customer’s failure to perform the Customer Dependencies; and
21.2.4
provided the Service Provider uses Commercially Reasonable Efforts to mitigate the adverse consequences of the Customer’s failure and continues to provide the Services.

21.3
Provided the Service Provider has complied with the obligations set out in clause 21.2 and has obtained the Customer’s prior written approval, the Service Provider will be entitled to receive a reasonable adjustment in the timeframes set out in the Transition Plan or schedule to deliver and reimbursement of its reasonable, demonstrable, unavoidable costs incurred directly as a result of the Customer’s failure to perform the relevant Customer Dependency (with such costs being calculated by reference to the time spent and the Rate Card).

21.4
The Service Provider shall only be entitled to relief under this clause 21 from the date on which it notifies the Customer in accordance with clause 21.2.3.

PART E PAYMENT
22.
CHARGES

22.1
The Service Provider’s pricing shall not be subject to or contingent upon any due diligence to be performed after the Effective Date or, if earlier, the relevant Service Commencement Date, except in respect of Inflight Projects and/or New Services.

22.2
In the event the Parties agree that a particular pass-through expense is to be paid directly by the Customer, such pass-through expense shall not be subject to any mark-up and the Service Provider shall provide the Customer with the original third party invoice together with a statement that the Charges are proper and valid and should be paid by the Customer.

22.3
In consideration for the provision of the Services the Customer shall pay to the Service Provider all undisputed Charges within [***] days of receipt of a correctly rendered invoice.

22.4
In the event of late payment, the Service Provider reserves the right to charge interest on amounts overdue at a rate of two percent (2%) above the annual base rate of the Bank of England from time to time.

22.5
Except as otherwise agreed by the Parties in writing, no rates or charges other than those set out in clauses 22.3, 22.4 and Schedule 10 shall be applicable to the provision of the Services under this Agreement.

22.6
The Service Provider shall only be entitled to invoice the Customer for its expenses if such expenses have been approved in writing in advance and are incurred in accordance with the version of the Customer’s expenses policy notified to the Service Provider from time to time.




22.7
The Service Provider shall maintain complete and accurate records of, and supporting documentation for, the amounts billable to and payments made by the Customer under this Agreement and the Service Provider shall provide the Customer with documentation and other information with respect to each invoice as may be reasonably requested by the Customer to verify accuracy and compliance with the provisions of the Agreement.

22.8
The Customer shall have the right to deduct from amounts owed by the Customer to the Service Provider amounts that the Service Provider is obliged to pay to or credit to the Customer under the Agreement.
22.9
The Customer may withhold payment of particular charges that the Customer reasonably and in good faith disputes on notice to the Service Provider.

22.10
If the Customer disputes a part of an invoice, the Service Provider shall re-issue an invoice (with the original invoice date) for the undisputed Charges and the Customer shall pay such undisputed Charges in accordance with clause 22.3. The Service Provider shall also re-issue a separate invoice for the disputed Charges (with the original invoice date). The Parties shall diligently pursue an expedited resolution of such dispute in accordance with clause 49 (Dispute Resolution).

22.11
The Service Provider shall render invoices in accordance with paragraph 3 of Schedule 10 (Pricebook, Charges and Invoicing).

23.
TAX

23.1
All prices are exclusive of value added tax or any other locally applicable equivalent sales taxes (“VAT”), which is payable at the rate and as prescribed by law.

23.2
Unless otherwise agreed between the Parties, the Service Provider will be responsible for all other taxes which are incurred as a result of its provision of the Services under this Agreement.

23.3
The Customer shall be entitled to deduct the sums required to pay any withholding taxes, demanded by any taxation authority, from payment to the Service Provider. Upon becoming aware that it must make a tax deduction, the Customer must notify the Service Provider accordingly.

23.4
If the Customer does deduct any amounts pursuant to clause 23.3, it shall pay such sums to the relevant taxation authority within the period for payment permitted by law, and furnish the Service Provider with evidence of payment of the relevant amount from the relevant tax authority. The Customer shall upon request reasonably assist the Service Provider with obtaining relevant basic information about such tax obligations and shall use reasonable efforts to assist the Service Provider with reclaiming such withholding tax, where any double-tax treaties or similar rules in the jurisdiction allow for tax reclaims to reduce the Service Provider’s tax burden, or with claiming a foreign tax credit.

23.5
If VAT or other taxes are payable on damages payable or paid under this Agreement, then the Party liable for payment of such damages must pay any such VAT or other taxes in addition to the relevant amount of damages upon production of a valid VAT or other appropriate tax invoice by the other Party.

24.
Value for Money/Benchmarking

24.1
The Service Provider agrees that:
24.1.1
the Charges applicable to the Services it provides under this Agreement shall be competitive and offer value for money to the Customer; and
24.1.2
the Performance Standards applicable to the Services shall accord with Good Industry Practice,
and, in order to demonstrate this to the Customer, the Service Provider agrees to comply with the terms of this clause 24 and Schedule 11 (Benchmarking).




PART F INTELLECTUAL PROPERTY, CONFIDENTIALITY AND DATA PROTECTION
25.
INTELLECTUAL PROPERTY RIGHTS

General

25.1
Each Party shall retain its rights in its own Pre-existing IPR and the Service Provider shall retain its rights in the Service Provider IPR. Except as provided in this clause 25 (Intellectual Property Rights), neither Party shall gain by virtue of the Agreement any rights of ownership in any IPR owned by the other Party or any third party.

25.2
The Service Provider shall procure that all Service Provider Personnel waive all Moral Rights in any Service Provider IPR (excluding any Third Party Materials) provided to, or used by, the Customer in connection with the Agreement.

25.3
Developed IPR shall be solely owned by the Customer and shall vest in the Customer [***] provided always that such Developed IPR in any Deliverable [***]. The Customer shall and shall procure that its personnel shall give the Service Provider or its designees, all reasonable assistance and execute all documents necessary to assist or enable the Service Provider to [***] in the rejected Deliverable at the Service Provider’s cost.

25.4
The Service Provider may use the Developed IPR solely to provide the Services to the Customer during the Term.

25.5
To the extent that title and/or ownership rights may not automatically vest in the Customer as contemplated by clause 25.3, the Service Provider agrees to irrevocably assign, transfer and convey to the Customer all rights, title and ownership in the Developed IPR. The Service Provider shall and shall procure that Service Provider Personnel shall give the Customer or its designees, all reasonable assistance and execute all documents necessary to assist or enable the Customer to perfect, preserve, register or record its rights in the Developed IPR at the Customer’s cost.

25.6
The Service Provider shall ensure that where it develops Developed IPR for the Customer, it shall deliver the same [***] with appropriate Documentation and that both versions shall be able to be used by a reasonably skilled programmer familiar with the relevant software language.

25.7
The Service Provider shall ensure that all Documentation related to any software Deliverable (or a component thereof) is up to date at the date of delivery.

25.8
Subject to clause 25.10, 25.11 and 25.12, the Service Provider grants to the Customer and the Customer Group a [***] world-wide, non-exclusive, non-transferable (subject to clause 39) licence [***] to use the Service Provider owned Service Provider Pre-existing IPR:

25.8.1
that is provided to the Customer and/or the Customer Group as part of the Services during the Term and [***] where necessary for the Customer’s and the Customer Group’s use and receipt of the Services (which right includes the right for the Customer Group’s agents and subcontractors to [***]; and
25.8.2
[***] where such Service Provider’s Pre-existing IPR is embedded into a Deliverable,

in each case subject to: (a) the restriction that it may not be deconstructed (to the maximum extent permitted by Relevant Law) or extracted from the relevant Services or Deliverable or used as a standalone product; and (b) any further limitations set out in a Statement of Work or otherwise agreed in writing by the Parties. [***]

25.9
The Service Provider agrees that for Change Projects under this Agreement it will not [***].

25.10
Third Party Materials Generally




25.10.1
The Service Provider shall obtain the Customer’s prior written consent before embedding in any Deliverables or using or providing to Customer or installing in the Customer’s environment any Third Party Materials or its own Digital Products or Service Provider Tools (each as defined in clause 25.11).

25.10.2
Where Service Provider does propose to use Third Party Materials with Customer’s consent (including any non-Cognizant owned Service Provider Tools) then, subject always to clause 25.12, it shall use Commercially Reasonable Efforts [***], to procure the grant to the Customer and the Customer Group and, to the extent necessary, its sub-contractors, agents and representatives of a world-wide, non-exclusive licence to use, modify, enhance and maintain the Third Party Materials to be embedded in the Deliverables or to be made available to the Customer specifically to provide the Services to the Customer.

25.10.3
Notwithstanding the foregoing, the Parties agree that it may not be possible to procure such a licence under clause 25.10.2 and that, in addition to addressing the variations required by clause 25.12 the Parties may need to either: (i) agree further variations to the terms of this Agreement and appropriate pass through terms from the third party in respect of such Third Party Materials only; or (ii) arrange for such Third Party Materials to be licensed directly to the Customer Group. In this latter case, the Service Provider shall [***].

25.10.4 Where the Service Provider has not complied with the terms of clause 25.10.1 and obtained the Customer’s prior consent to use, provision or installation in the Customer’s environment or to embed in any Deliverable Third Party Materials then, without prejudice to the Customer’s other rights and remedies hereunder, the Service Provider shall [***].
25.11
Service Provider Tools and Digital Products

25.11.1
The Parties acknowledge and agree that from time to time the Service Provider may propose the use of its own proprietary products that are typically licenced on stand-alone terms (the “Digital Products”) and that subject always to agreement between the Parties as to such terms, any such Digital Products shall [***].

25.11.2
As part of delivering the Services, the Customer acknowledges that Service Provider Personnel may also utilise proprietary software, methodologies, tools, specifications, drawings, sketches, models, samples, records, documentation, works of authorship, creative works, ideas, know-how, data or other materials which have been or are originated, developed, licensed, purchased, or acquired by Service Provider or its Affiliates or Sub-contractors (collectively, “Service Provider Tools”). Where necessary to deliver the Services, Customer consents to installation in its environment of the Service Provider Tools listed in Schedule 5 (Sub-contractors and Service Provider Tools) or the applicable SOW but agrees and acknowledges that it (and its agents and sub-contractors) will not directly or independently use (and will not have any right to so use) any such Service Provider Tools unless otherwise specifically agreed by the Parties in writing via the Contract Change Control Procedure or in a SOW.

25.12
COTS, Cloud and Similar Materials and Services

25.12.1
In the event that an element of the Services to be provided by the Service Provider is to be procured from and passed through to the Customer from a commercially available off the shelf package software provider, cloud services provider or similar provider of software, hardware or solutions on standard terms (a “COTS Vendor”), then the Parties will [***].
25.12.2
The Parties agree that as at the Effective Date, save for those COTS Vendors listed in Schedule 19 (COTS Vendors) to whom the terms listed in Schedule 19 (COTS Vendor Usage Restrictions and Related Obligations) apply, there are no COTS Vendors in scope and thus clause 25.12.1 does not apply to the scope of the Services set out in the Agreement as at the Effective Date.



25.12.3
The Service Provider shall not change the Services after the Effective Date such that a new COTS Vendor in respect of which the Service Provider would wish to apply this clause is introduced into delivery of the Services without the prior written consent of the Customer. For the avoidance of doubt, if the Service Provider wishes to change the Services (including end-to-end solutions) and an element of such Services will be provided on a pass through basis using a new COTS Vendor not listed in Schedule 19 then the Service Provider and the Customer shall agree through the Contract Change Control Procedure what COTS Vendors will be used and the terms that will apply, updating Schedule 19 accordingly.

25.13
The Customer grants to the Service Provider and its Affiliates [***] provided by or on behalf of the Customer or any of its Affiliates to the Service Provider in connection with its delivery of the Services for the sole purpose of providing the Services to the Customer for the Term (which includes any applicable Termination Assistance period).

Escrow

25.14
The Service Provider shall ensure that the Source Code in the Service Provider Software embedded in Deliverables (excluding any Third Party Materials which are instead subject always to the provisions of clause 25.10 and which may or may not be subject to escrow depending on the terms agreed with the third party vendor in question) together with any related Documentation, is deposited in escrow pursuant to the terms of the Escrow Agreement.

25.15
The Service Provider and the Customer mutually undertake to sign the Escrow Agreement promptly following delivery of any Deliverable to which clause 25.14 applies. The Service Provider additionally undertakes to procure that the relevant escrow agent promptly signs the Escrow Agreement.

Residual Knowledge

25.16
Nothing contained in the Agreement shall restrict either Party from the use of any general ideas, concepts, know-how, methodologies, processes, technologies, algorithms or techniques retained in the unaided mental impressions of such Party’s personnel relating to the Services which either Party, individually or jointly, develops or discloses under the Agreement provided that in doing so such Party does not:
25.16.1 [***]; or
25.16.2 breach its confidentiality obligations under the Agreement or under agreements with third parties.

26.
CONFIDENTIAL INFORMATION

26.1
Subject to clause 26.2, each Receiving Party will treat and keep all confidential information of the Disclosing Party as secret and confidential and will not, without the Disclosing Party's written consent, directly or indirectly communicate or disclose (whether in writing or orally or in any other manner) Confidential Information to any other person other than in accordance with the terms of this Agreement.

26.2
Clause 26.1 shall not apply to the extent that:
26.2.1
the Receiving Party needs to disclose the Confidential Information of the Disclosing Party to any of its employees, Affiliates (and their employees) or Sub-contractors and/or in the case of the Service Provider, COTS Vendors in order to fulfil its obligations, exercise its rights under this Agreement or to receive the benefit of the Services, provided always that the Receiving Party shall ensure that every person to whom disclosure is made pursuant to this clause 26.2.1 uses such Confidential Information solely for such purposes, and complies with this clause 26 to the same extent as if it were a Party to this Agreement;
26.2.2
[***];



26.2.3
such Confidential Information is in the public domain at the Service Commencement Date or at a later date comes into the public domain, other than as a result of breach of this Agreement;
26.2.4
the Receiving Party obtains or has available such Confidential Information from a source other than the Disclosing Party without breaching any obligation of confidence;
26.2.5
subject to clause 26.3, such Confidential Information is required to be disclosed pursuant to any Relevant Law or the rules of any Regulator or stock exchange; or
26.2.6
the Receiving Party can show such Confidential Information was independently developed by it otherwise than in connection with this Agreement.

26.3
Notwithstanding clause 26.1, the Customer may disclose Confidential Information to its solicitors, auditors, insurers, accountants or other operational or service-related advisers for the purposes of reporting to or seeking advice from the relevant Party provided that neither Party may pass commercially sensitive information of the other to its competitors, notwithstanding any other provision of this Agreement or a SOW. In such circumstances as this Clause 26.3 permits disclosure of Service Provider Confidential Information, the Customer shall ensure that every person to whom disclosure is made pursuant to this clause 26.3 uses such Confidential Information solely for such purposes and complies with this clause 26 to the same extent as if it were a Party to this Agreement. Prior to making any disclosure under 26.2.5 the Receiving Party shall, unless prohibited from doing so by Relevant Law, provide the Disclosing Party with prompt notice of such request(s) so that the Disclosing Party may seek an appropriate protective order or other appropriate remedy and/or waive compliance with the confidentiality provisions of this Agreement. In the event that such protective order or other remedy is not obtained, or Disclosing Party grants a waiver hereunder, Receiving Party may furnish that portion (and only that portion) of the Confidential Information which the Receiving Party is legally compelled to disclose and will exercise its reasonable efforts to obtain reliable assurance that confidential treatment will be accorded any Confidential Information so furnished.

27.
DATA PROTECTION

27.1
The categories of personal data to be processed by the Service Provider, categories of data subjects whose personal data will be processed, and the nature and purpose of processing activities to be performed under this agreement is set out in Schedule 21 (Data Transfer and Processing) of this Agreement as enhanced or clarified in relation to an SOW in the applicable SOW.

27.2
Each Party shall comply with its respective obligations under applicable Data Protection Legislation and, without prejudice to the foregoing, the Service Provider shall not process Customer Personal Data in a manner that will or is likely to result in the Customer breaching its obligations under Data Protection Legislation provided that the Customer gives reasonable written notice to the Service Provider of such obligations.

27.3
Upon termination or expiry of this agreement, the Service Provider shall, at the Customer’s request, promptly delete or return all Customer Personal Data and delete the copies thereof (unless otherwise required by Data Protection Legislation) and shall certify to the Customer that it has done so.

27.4
The Parties acknowledge that, in respect of all Customer Personal Data processed by the Service Provider for the purpose of the provision of Services under this Agreement:
27.4.1
the Customer alone shall determine the purposes for which and the manner in which such Customer Personal Data will be processed by the Service Provider;
27.4.2
the Customer shall be the data controller; and
27.4.3
the Service Provider shall be the data processor.

27.5
Where in connection with this Agreement the Service Provider processes Customer Personal Data as the data processor of the Customer, the Service Provider shall:
27.5.1
process Customer Personal Data only on behalf of the Customer, only for the purposes of performing this Agreement and only in accordance with instructions contained in this Agreement or as otherwise received from time to time; the Service Provider shall notify the Customer prior to taking any further



action if it considers an instruction to be likely to result in processing that is in breach of Data Protection Legislation. However, for the avoidance of doubt, the Service Provider is not obliged to analyse the lawfulness of the Customer’s instructions;
27.5.2
not otherwise modify, amend, disclose or permit the disclosure of any of the Customer Personal Data to any third party (including a data subject) unless specifically authorised or directed to do so in writing by the Customer;
27.5.3
implement and maintain appropriate technical and organisational measures to protect Customer Personal Data against unauthorised or unlawful processing and against accidental loss, destruction, damage, alteration or disclosure. Upon the Customer’s request, the Service Provider shall provide the Customer with a written description of the technical and organisational measures implemented by itself and its Sub-contractors as well as copies of all documentation relevant to such compliance including, protocols, procedures, guidance, training and manuals;
27.5.4
ensure the reliability of any of the Service Provider Personnel with access to Customer Personal Data, that such access is granted on a ‘need to know’ basis, and that they are subject to binding obligations of confidentiality with respect to Customer Personal Data;
27.5.5
comply with:
27.5.5.1
all binding guidance and recommendations from the relevant supervisory authorities in countries where the Customer is established;
27.5.5.2
clause 18.4; and
27.5.5.3
the Customer’s Standards and Policies;
27.5.6
[***] provide full cooperation and assistance to the Customer as the Customer may require to allow the Customer to comply with its obligations as a data controller, including in relation to data security, data breach notification, data protection impact assessment, prior consultation with data protection authorities, any enquiry, notice or investigation received from a data protection authority, and the fulfilment of data subject’s rights;
27.5.7
promptly and without delay (but in any event within [***] hours of becoming aware of it), notify the Customer in writing of any actual or [***] unauthorised disclosure, loss, destruction, compromise, damage, alteration, or theft of Customer Personal Data (including unauthorised access to or use of the Customer Systems or data, improper handling or disposal of data, theft of information or technology assets, and/or the inadvertent or intentional disclosure of Customer Personal Data) or any incident which may give rise to a personal data breach (as such term is defined under the GDPR); and
27.5.8
subject to clause 20.4, permit physical inspections of the Service Provider’s relevant premises dedicated to the Customer and/or the Services, by the Customer or its representatives to ensure compliance with this clause 27.

27.6
The Service Provider shall nominate a representative within its organisation who shall have responsibility to respond to Customer queries regarding the processing of Customer Personal Data and the Service Provider shall ensure that it responds to such queries promptly.

27.7
Save to the extent an alternative approach is agreed in relation to a COTS Vendor pursuant to clause 25.12.1, the Service Provider shall not authorise any third party or Sub-contractor to process Customer Personal Data other than with the prior written consent of the Customer (for the avoidance of doubt, written consent shall be deemed given for authorised Sub-contractors listed in this Agreement and Service Provider Affiliates).

27.8
Save to the extent an alternative approach is agreed in relation to a COTS Vendor pursuant to clause 25.12.1, where the Service Provider is a processor with respect to the Customer Personal Data, it shall impose obligations on its Sub-contractors and Affiliates that are the same as or equivalent to those set out in this clause 27 by way of written agreement, and shall remain fully liable to the Customer for any failure by a Sub-contractor to fulfil its obligations in relation to the Customer Personal Data.

27.9
Pursuant to clause 17 (Sub-contractors), where the Service Provider is subject to an obligation in relation to Customer Personal Data or the Customer is granted a right in respect of the Service Provider, the Service



Provider should procure that its Sub-contractors are subject to equivalent obligations and that the Customer is granted the same right against the Sub-contractors.

27.10
The Service Provider shall not process and/or transfer any Customer Personal Data in or to any country outside the European Economic Area without the prior written consent of the Customer.

27.11
If, for the purposes of the performance of this Agreement, the Service Provider or any of its Sub-contractors wishes to process and/or transfer any Customer Personal Data in or to a country outside the European Economic Area without prejudice to clause 27.10, the Service Provider shall comply with such other instructions and shall carry out such other actions as the Customer may notify in writing, including:
27.11.1
providing details of how the Service Provider will ensure an adequate level of protection for any such Customer Personal Data so as to ensure the Customer’s compliance with Data Protection Legislation; and
27.11.2
implementing any data transfer mechanism provided by the applicable Data Protection Legislation, such as the appropriate model contractual clauses approved by the European Commission as set out in Schedule 21 (Data Transfer and Processing), to allow for the lawful processing of Personal Data in a country outside the European Economic Area pursuant to the applicable Data Protection Legislation.

28.
PUBLICITY

28.1
The Service Provider shall not make any public announcement (whether written or oral) about the existence of the Agreement or that it is providing Services to the Customer without the Customer’s prior written consent (which may be withheld in its complete discretion). For the purposes of clause 12.6, the Customer’s consent to disclosure by the Service Provider is deemed to be given only to the extent that such disclosure is required for the Service Provider to comply with its obligations under clause 12.6.

28.2
In no circumstance shall either Party be authorised to use any of the other Party’s logos, trademarks or any other representations related to the other Party’s brand (including noting the other Party or its personnel as a referee) without the other Party’s prior written consent (which may be withheld in its complete discretion).

PART G REPRESENTATIONS, WARRANTIES AND INDEMNITIES

29.
REPRESENTATIONS AND WARRANTIES

29.1
Each Party represents, warrants and undertakes to the other, as at the date of this Agreement:
29.1.1
that it has the power and authority to enter into and perform its obligations under this Agreement;
29.1.2
that it has all necessary rights, licences, permissions and consents to provide (in the case of the Service Provider) or receive (in the case of the Customer) the Services; and
29.1.3
that the signing of this Agreement does not violate any law or constitute a default under any other agreement that that Party has entered into.

29.2
The Service Provider represents, warrants and undertakes to the Customer on a continuing basis throughout the term that:
29.2.1
it shall not conduct itself in a way so as to adversely affect the Customer’s public image (except that this clause 29.2.1 shall not preclude the Service Provider from enforcing its right under this Agreement);
29.2.2
it is not insolvent or unable to pay its debts within the meaning of the insolvency legislation applicable to it;
29.2.3
it shall allocate sufficient resources to provide the Services in accordance with the contractual requirements and use Commercially Reasonable Efforts to use the resources efficiently and services necessary to provide the Services;



29.2.4
it shall not knowingly and/or negligently insert or include, or permit or cause any Service Provider personnel to insert or include, any known Virus into any items provided to the Customer or the Customer Systems;
29.2.5
it shall use the latest available versions of anti-virus software available from an industry accepted anti-virus software vendor to check for and delete malicious software and Viruses from the Service Provider’s IT systems;
29.2.6
it shall co-operate with the Customer to reduce the effect of any virus found and assist the Customer to mitigate any losses (including without limitation, loss of operational efficiency and loss or corruption of the Customer’s data) and to restore the system, products, Deliverables and Services to their desired operating efficiency, such assistance to be at the Customer’s reasonable and demonstrable cost unless the Service Provider is in breach of clause 29.2.4 or clause 29.2.5;
29.2.7
it has undertaken all diligence it requires (including in relation to the Customer’s existing services) in order to plan and perform the Services and that accordingly its prices and estimates are robust and may be relied upon by the Customer;
29.2.8
it is skilled and experienced in the provision of services akin to the Services and in using the tools, methodologies and procedures it is proposed that it will use in the delivery of Services hereunder;
29.2.9
all information it provides to the Customer during the Term shall, at the time it is supplied, be true and accurate in all material respects;
29.2.10
that the Services will be performed in accordance with all
29.2.10.1 Service Provider Applicable Regulations and
29.2.10.2
any provisions agreed between the Parties under clause 20.1 in relation to Customer Applicable Regulations
29.2.11
it shall at all times conduct the performance of the Services in such a manner that shall ensure that the Customer does not fail to comply with the Customer Applicable Regulations that have been notified to the Service Provider in writing (if any) as a result of or in connection with its receipt of the Services provided that the Customer explains in writing how the Service Provider is expected to comply with these obligations; and
29.2.12
it shall comply with any reasonable Customer request or instruction that enables the Customer to comply with its regulatory requirements (if any) in respect of the Services at mutually agreed terms. Any Customer requests or instructions which fall outside of the scope of the Services shall be agreed through the Contract Change Control Procedure.
29.3
The Customer warrants that, to the extent that Customer Personal Data is provided to the Service Provider for processing (as that term is defined in the Data Protection Legislation), the Customer or relevant Customer Affiliate providing such Customer Personal Data shall have a legal basis on which to do so in respect of such Customer Personal Data.

29.4
Except as expressly set out in this Agreement, all other warranties, express or implied, shall be excluded to the fullest extent permitted by law.

30.
INDEMNITIES

30.1
IPR Indemnities

30.1.1
Subject to clauses 30.1.2 and 30.1.3, each Party will indemnify, defend and hold harmless the other Party and its Affiliates and their respective officials, employees, agents and assigns (“Representatives”) against any claims, losses, damages, costs (including reasonable legal fees), expenses and liabilities agreed in a settlement or awarded against the other Party and/or its Representatives as a result of any infringement (or claim of infringement) of any third party IPR caused by or alleged to have occurred because of:
30.1.1.1.
in the case of indemnification by the Service Provider to the Customer, Customer or its Affiliates possession of the Developed IPR in any Deliverables provided by the Service Provider to the Customer or its Affiliates; [***]; and



30.1.1.2.
in the case of the Customer’s indemnification of the Service Provider, the Customer’s receipt or use of such Deliverables or Services other than in accordance with or as envisaged by this Agreement or such Deliverables’ or Services’ specifications, or the Service Provider’s receipt or use of any Customer Indemnified Items made available to the Service Provider or a Service Provider Affiliate by or on behalf of the Customer or a Customer Affiliate for its use under this Agreement (provided always such receipt or use was in accordance with the terms of or as envisaged by this Agreement).

30.1.2
The Parties agree that the indemnifying party shall be relieved of its obligation to indemnify the indemnified party pursuant to clause 30.1.1 if and to the extent that the infringement claim arises due to (i) use of the material that is subject to the relevant indemnity claim other than in accordance with or as envisaged by this Agreement; or using infringing material after a fix or remedy has been provided (whether pursuant to clause 30.3 or otherwise); (ii) use of an allegedly infringing item or any part thereof in combination with any equipment, software or data not approved for use by the indemnifying party, or use in any manner by the indemnified party (or its Affiliates) for which the allegedly infringing item was not designed; or (iii) where the Service Provider is the indemnifying party, any modification or alteration of the allegedly infringing item by a person or entity other than Service Provider or its Affiliates or Sub-contractors unless such modification or alteration was made on the instructions [***] provided by or on behalf of the Service Provider or its Affiliates or Sub-contractors.

30.1.3
The Parties recognise that each of them may make available certain Third Party Materials to the other and that such Third Party Materials may not benefit from IPR indemnification protection equivalent to that set out in clause 30.1.1 above. [***].

30.2
In addition to the indemnities provided in clause 30.1.1 (IPR Indemnity) and Schedule 17 (Human Resources Provisions), the Service Provider will indemnify, defend and hold harmless the Customer and its Affiliates and their respective officials, employees, agents and assigns (“Customer Indemnities”) against any claims, losses, damages, costs (including reasonable legal fees), expenses and liabilities agreed in a settlement or awarded against the Customer and/or the Customer Personnel as a result of any of the following:

30.2.1 [***];
30.2.2 [***]; and
30.2.3 [***]

30.3
Without prejudice to its obligations pursuant to clause 30.1.1, if any Deliverable or service other item or material provided by the Service Provider or the provision of the Services by the Service Provider is, or in the Service Provider’s reasonable judgement is likely to become, the subject of a claim (an “Infringing Item”), the Service Provider [***] will [***]:

30.4
The following procedures will apply with respect to any indemnification arising in connection with the Agreement:
30.4.1
as soon as reasonably practicable after receipt by an indemnified party of written notice of the assertion or the commencement of any claim, demand, action, cause of action or other proceeding by a third party, whether by legal process or otherwise (a “Claim”), but no later than fourteen (14) days following receipt of written notice from the indemnified party relating to any Claim, the indemnifying party will notify the indemnified party in writing that it will assume control of the defence and settlement of such Claim (the “Notice”);
30.4.2
if the indemnifying party delivers the Notice relating to any claim within the required notice period, the indemnifying party will be entitled to have sole control over the defence and settlement of such Claim;
30.4.3
if the indemnifying party fails to assume the defence of any such Claim within the prescribed period of time, then the indemnified party may [***]; and



30.4.4
subject to the payment of its reasonable costs, the indemnified Party shall provide reasonable assistance to the indemnifying Party, including reasonable assistance to the indemnifying Party’s employees, agents, independent contractors and Affiliates, as applicable. Notwithstanding any provision of this clause 30 to the contrary, the indemnifying Party will not consent to the entry of any judgment or enter into any settlement that provides for injunctive or other non-monetary relief affecting the indemnified Party without the prior written consent of the indemnified Party, such consent not to be unreasonably withheld or delayed.

PART H IMPACT OF A FAILURE TO PERFORM

31.
FORCE MAJEURE

31.1
Neither Party shall be liable for default or delay in the performance of its obligations under the Agreement:
31.1.1
if the default or delay is caused by a cause beyond the reasonable control of such Party (it being agreed that causes beyond the reasonable control of a Party shall not include strikes or lock outs of its own personnel); and
31.1.2
provided the non-performing Party is without fault in causing the default or delay and the default or delay could not have been prevented by reasonable precautions (which for these purposes shall include complying with that Party’s Disaster Recovery Plan and/or Business Continuity Plan or, if of a higher standard, disaster recovery plans consistent with Good Industry Practice) or circumvented by workarounds.

31.2
The non-performing Party shall be excused from further performance or observance of the obligation(s) so affected for as long as:
31.2.1
the circumstances prevail; and
31.2.2
the Party continues to use its best efforts to recommence performance or observance whenever and to whatever extent possible without delay.

31.3
A Force Majeure Event shall not relieve the Service Provider of its obligations to supply the Services in conjunction with implementing its Disaster Recovery Plans or Business Continuity Plans, including requiring that essential personnel report to work during an emergency, and any or all personnel work at a contingency location.
31.4
In the event that a Force Majeure Event interrupts the provision of one or more Service Towers within the Run Services for in excess of thirty (30) days the Customer may terminate the affected Service Tower(s) or if more than two (2) Service Towers are affected, all of them in whole or in part on the provision of written notice. If the Force Majeure Event interrupts the provision of Change Management Services (or part of them) for in excess of thirty (30) days, the Customer may terminate only the affected Change Management Services-related SOWs in whole or in part on the provision of written notice.

32.
STEP IN

32.1
If:
32.1.1
any default or non-performance by the Service Provider occurs and as a result, the performance of any business critical service is prevented, hindered, degraded or delayed for more than two (2) consecutive days;
32.1.2
the Service Provider is excused from the performance of the Services pursuant to a Force Majeure Event;
32.1.3
a Regulator requires the Customer to do so; or
32.1.4
the circumstances in paragraph 13.1 of Schedule 15 (Exit) occur, then, without limiting any other rights it may have, the Customer may take control of the part of the Services affected by the Service Provider default or non-performance, or the Force Majeure Event and in the case of clause 32.1.3, the Customer shall take control of the part of the Services affected by the regulatory direction (in each



case, “Step In”) for a maximum period of [***] after which the Customer shall either terminate this Agreement pursuant to any rights to do so hereunder it may have or allow the Service Provider to resume performance of the relevant Service.

32.2
In exercising its rights of Step In the Customer may perform any act that the Customer deems reasonably necessary in order to restore the Services (including by engaging a third party service provider) or may direct the Service Provider to procure those Services from a third party supplier provided that the Customer: (i) complies with the Service Provider’s reasonable security and confidentiality policies as notified to the Customer; (ii) procures that any third party that it engages signs an Agreed Form NDA, with an obligation to erect “ethical walls” within its own organisation to protect the Service Provider’s confidentiality, if the third party stepping in is a competitor of the Service Provider; (iii) does not have unsupervised access to the Service Provider’s facilities and shared computing environment; and (iv) does not require the Service Provider to disclose its commercially sensitive information to any third party.

32.3
Where a third party supplier is engaged in connection with a Step In, the Service Provider shall be liable for the payment of [***] for as long as the failure to perform continues (save for where the Step In is a result of a Force Majeure Event), and the Customer shall not be charged for Services that are not provided to the Customer as a result of a Force Majeure Event or the Service Provider’s default or non-performance. The Service Provider shall either pay directly or reimburse the Customer for any such third party costs incurred. Such payments made by the Service Provider may be credited against the Charges or paid by way of cheque or direct debit to the Customer, at the Customer’s option.

32.4
In the event of the Customer exercising its right of StepIn, the Service Provider shall co-operate with the Customer (and its agents or representatives, including any applicable third party supplier) and provide reasonable assistance at no charge to the Customer to restore such Customer function or the Services or any part of them as soon as reasonably possible, including giving the Customer (and its agents or representatives, including any applicable third party services provider) reasonable access to the Service Provider’s premises, Equipment, Material and Software, to the extent reasonably necessary for the purpose of restoring such Customer function or the Services or any part of them to the level required under this Agreement.

32.5
As soon as reasonably practicable following the restoration of the affected Customer function or the affected part of the Services (meaning that its performance is no longer substantially prevented, hindered, degraded or delayed) to the Customer’s reasonable satisfaction or a Regulator lifting its Step In requirement, the Service Provider shall resume the performance of the relevant Services.

32.6
Without prejudice to the caps set out in clause 34, nothing in this clause 32 limits the Service Provider’s liability to the Customer with respect to any default or non-performance by the Service Provider under this Agreement provided always that the Service Provider shall be relieved of its obligations to deliver the Services affected by any Step In during the period the Customer or any third party supplier has taken over delivery of such Services.

33.
ENHANCED CO-OPERATION

33.1
Where the Customer requires the right to do so in order to obtain an improved understanding of the Services or to assist the Service Provider to improve its performance (including in particular in the circumstances set out in clause below), the Parties agree that the Customer may nominate a certain number of its employees, agents or contractors (subject to clause 32.4), to be seconded to the Service Provider or any of its subcontractors (“Consultants”) provided that the Parties agree the role and responsibilities of such Consultants and the desired outcomes of involvement. The number of Consultants shall be the minimum reasonably necessary (as determined by the Customer acting reasonably) for the limited purposes described in this clause 33.1 and the Customer agrees to appoint Consultants with a level of seniority appropriate to the tasks they shall be engaged in and to provide the Service Provider with at least five (5) Business Days’ notice of its intention to exercise its rights under this clause 33.




33.2
The circumstances that the Parties agree shall entitle the Customer to invoke its rights under clause 33.1 include where:
33.2.1
the Customer is entitled, or has reasonable grounds for believing that it will be entitled, to terminate the Agreement in whole or in part for cause;
33.2.2
the Service Provider is not performing any of the services in accordance with the Minimum Service Levels (if any);
33.2.3
the Service Provider is or the Customer has reasonable grounds for believing that the Service Provider is reasonably likely to be in material breach of its obligations under the Agreement;
33.2.4
the Customer has reasonable grounds to suspect acts of fraud are being committed by the Service Provider, any Sub-contractor or any Service Provider Personnel;
33.2.5
the Service Provider causes the Customer to breach its legal or regulatory obligations; or
33.2.6
the Service Provider fails to provide the Services in accordance with the Agreement (whether such failure amounts to a material breach of contract or not) and that failure causes, or is in the Customer’s opinion likely to cause:
33.2.6.1
delay in delivery of the Services that means that the Service Provider will not be able to meet any Key Milestone date;
33.2.6.2
the degradation or unavailability of the Services which, in the Customer’s opinion, is unlikely to be resolved within a reasonable period of time; or
33.2.6.3
the Customer to incur a material loss, liability or cost whether direct or indirect or to suffer any adverse publicity.

33.3
No Consultant shall become an employee of the Service Provider, or have a legal entitlement to any benefits conferred by the Service Provider on its employees, as a result of his or her secondment under this clause 33.

33.4
A Consultant may not be an employee of any entity who competes with the Service Provider in the field of system integration services unless they are an employee of the Customer.

33.5
The Consultants shall be given full access to all information (other than commercially sensitive information or information related to the Charges) that is available to all relevant Service Provider Personnel and that is related to the performance of the Services that are relevant to the purposes described in clauses 33.1 and 33.2 and shall be able to make suggestions related to any element of the performance of the Services provided that the Consultant: (i) complies with the Service Provider’s reasonable security and confidentiality policies as notified to the Consultant; (ii) signs an Agreed Form NDA; and (iii) does not have unsupervised access to the Service Provider’s facilities and shared computing environment.

33.6
The Service Provider shall not be obliged to follow any suggestions given by the Consultants.

33.7
If the Service Provider does follow a suggestion of a Consultant, then the Service Provider shall be fully responsible for all consequences that flow from the suggestion as if it were the Service Provider’s own suggestion.

33.8
By exercising its right under this clause, the Customer shall not, and shall not be deemed to, assume any obligation to resolve any issue or problem with the Services or relieve the Service Provider of any obligation or liability in relation to that event. Without limiting the foregoing, nothing in this clause 33.8 shall be construed to limit the Service Provider’s obligation to continue to perform the Services in accordance with all applicable Service Levels or Milestone dates.

33.9
If the Customer exercises its rights under this clause, the Parties shall carry out a monthly review to agree on whether the secondment shall continue. In any case, a secondment under this clause may be terminated by the Customer at any time by giving written notice to the Service Provider, but shall in any event cease when the secondment has been effective for a continuous period of ninety (90) days (or such longer period as may be



agreed between the Parties, such agreement may not be withheld by the Service Provider where clause 33.10 applies), when both of the following conditions are satisfied:
33.9.1
the event giving rise to the appointment of the Consultants under this clause has ceased and/or has been resolved or remedied; and
33.9.2
the Service Provider has demonstrated to the Customer’s reasonable satisfaction that the Service Provider has taken all reasonable measures to ensure that the event giving rise to the appointment of the Consultants shall not reoccur.

33.10
Subject to clause 33.11, the Customer shall be responsible for paying the Consultants’ reasonable and demonstrable fees for the duration of the secondment, plus any reasonable, actual and demonstrable travel and subsistence costs incurred by the Consultants in relation to their secondment under this clause provided that the salaries of the Consultants are reasonable given their level of seniority and experience and Good Industry Practice (“Consultant Costs”).

33.11
Notwithstanding clause 33.10, the Parties agree that to the extent that the Customer exercises its rights due to an alleged Service Provider default and it transpires that the Service Provider was in default then the Service Provider shall be responsible for [***] percent ([***]%) of the Consultant Costs.

33.12
The exercise by the Customer of its rights in this clause 33 shall be without prejudice to any other rights or remedies of the Customer.

34.
LIABILITY

34.1
Nothing in this Agreement shall limit a Party’s liability in respect of:
34.1.1
death or personal injury caused by negligence;
34.1.2
fraud or fraudulent misrepresentation;
34.1.3
any employment related indemnities;
34.1.4
the breach by a Party, its Affiliates or sub-contractors (including, in the case of the Service Provider, its Sub-contractors) or personnel of the duties of confidentiality contained in the Agreement save:
34.1.4.1
[***]; or
34.1.4.2
[***].
34.1.5
any claim made under the IPR indemnities set out in clause 30.1.1;
34.1.6
Wilful Abandonment or Wilful Default by the Service Provider; and
34.1.7
any liability that cannot be excluded pursuant to applicable law.

34.2
Subject to clause 34.1, the maximum aggregate liability of the Service Provider (including all Service Provider Affiliates) to Customer (which includes, for the avoidance of doubt, the UK Customer, US Customer and Bermuda Customer and all other Customer Affiliates) arising under or in connection with this Agreement (including all SOWs and Local Agreements) for all causes of action, whether arising in contract, tort (including negligence), breach of statutory duty, misrepresentation, on indemnity basis or otherwise) for all losses whatsoever and howsoever caused:
34.2.1
for all liability related to personal data, including under the indemnity in clause 30.2.3 (Data Protection Indemnity) and/or arising any Data Protection Model Clauses, shall be limited to the greater of [***] or (ii) [***]; and
34.2.2
for all claims for damage to tangible property caused by the Service Provider’s (including its Affiliates or its Sub-contractors) negligence or Wilful Default shall be limited to [***].

34.3
Subject to clause 34.1, the maximum aggregate liability of the Customer (including Customer Affiliates) arising under or in connection with this Agreement (including all SOWs and Local Agreements) and/or any Data Protection Model Clauses for all liability related to personal data shall be limited to [***].

34.4
Provided that nothing in this clause 34.4 shall limit or exclude a Party’s liability under clauses 34.1.1, 34.1.2 and 34.1.7, a Party nor its Affiliates shall have any liability under this Agreement or any SOW or Local



Agreement or Data Protection Model Clauses for: (i) any indirect or consequential losses suffered by the other Party; or (ii) for any special or incidental damages, loss of profits, loss of business, loss of revenue, loss of goodwill, loss of anticipated savings or any loss of data (in each case howsoever arising and whether direct or indirect) other than as detailed in clause 34.5 below.

34.5
Subject to clauses 34.6 and 34.2, the exclusions in clause 34.4 shall not exclude liability for the following heads of losses which the Service Provider will accept to be deemed direct losses or damages suffered by the Customer:
34.5.1
[***];
34.5.2
[***];
34.5.3
[***];
34.5.4
[***];
34.5.5
[***];
34.5.6
[***]; and
34.5.7
[***].

34.6
Subject to clause 34.1 and 34.2, the Service Provider’s (including its Affiliates) total aggregate liability to the Customer (which includes, for the avoidance of doubt, the UK Customer, US Customer and Bermuda Customer and all other Customer Affiliates) arising under or in connection with the Agreement (including all SOWs and Local Agreements) for all causes of action, whether arising in contract, tort (including negligence), breach of statutory duty, misrepresentation, on indemnity basis or otherwise, for any losses whatsoever and howsoever caused shall not exceed [***]:
34.6.1
in Contract Year 1, the greater of [***] and [***]; and
34.6.2
thereafter, in each subsequent Contract Year, the greater of:
(i) a de minimis amount equal to [***]; and
(ii) [***].
For the avoidance of doubt, the annual cap that applies to any one claim shall be [***].

34.7
Subject to clause 34.1 and 34.3, the Customer’s total aggregate liability [***] under or in connection with this Agreement (including all SOWs and Local Agreements) shall not exceed [***].

34.8
For the avoidance of doubt, the Parties acknowledge that in accordance with Relevant Law, any claim for damages shall be reduced by the amount of Service Credits or Liquidated Damages already paid by the Service Provider to the Customer in respect of the relevant liability so as to avoid double recovery by the Customer.

34.9
The phrase “paid or payable” will mean the aggregate of:

34.9.1
all relevant amounts already paid by the Customer to the Service Provider; and
34.9.2
all relevant amounts invoiced but not yet paid by the Customer to the Service Provider.

34.10
In the event that any breach by the Service Provider or any Service Provider Group company of this Agreement, a Local Agreement, SOW and/or any Data Protection Model Clauses results in any losses being suffered by (i) any Customer that is a party to this Agreement (each of the UK Customer, US Customer and/or Bermuda Customer); and/or (ii) any Customer Group Company that is not a party to this Agreement, such losses will be treated as if they had been suffered by the UK Customer and the UK Customer (acting as agent for the US and Bermuda Customers and to the exclusion of any right of the US or Bermuda Customer to also bring any claim in respect of the same loss) may recover any such losses from the Service Provider in accordance with this clause 34. The US Customer and the Bermuda Customer and any Customer Group Company that is not a party to this Agreement (including any Local Agreement, SOW or any Data Protection Model Clauses) may only recover its losses directly from the Service Provider if the UK Customer is prohibited by law from doing so. For the purposes of this clause 34.10, any losses suffered by any Customer Group Company that is not a



party to this Agreement (including any Local Agreement, SOW or any Data Protection Model Clauses) will not be treated as being indirect or consequential in terms of this clause 34 simply because it has been suffered by that Customer Group company and not by a Customer directly.

34.11
Nothing in this clause 34 shall relieve the Customer of its obligation to pay all Charges which have been properly incurred under this Agreement.

35.
INSURANCE

35.1
The Service Provider shall maintain at its own cost (and on request provide evidence to the Customer in the form of a broker’s letter) the following insurance policies with an insurer of good standing (subject to clause 35.2) for the term of this Agreement and six (6) years thereafter:
35.1.1
professional liability insurance for a minimum amount of £[***] ([***] GBP) [***];
35.1.2
public and product liability insurance for a minimum amount of £[***] ([***] GBP) [***]; and
35.1.3
employer’s liability insurance for a minimum amount of £[***] ([***] GBP).

35.2
The Service Provider shall not take out or hold any of the insurance coverage described in clause 35.1 with the Customer or any member of the Customer Group without the Customer’s prior written consent.

35.3
The Service Provider shall not during the term of this Agreement and for a period of six (6) years thereafter act or refrain from acting in such a way as would entitle the underwriter(s) of the policies required by clause 35.1 above to avoid or negate their liability to deal with any claim(s) which would otherwise be covered.
 
35.4
The Service Provider shall, whenever reasonably requested by the Customer, provide evidence of such insurance and of its currency.

PART I TERMINATION

36.
TERMINATION

Customer Termination Rights

36.1
The Customer may terminate for convenience this Agreement (in whole or in part) on ninety (90) days’ notice.

36.2
If the Customer terminates this Agreement (in whole or in part) pursuant to clause 36.1, it shall pay the Service Provider any applicable Liquidated Damages for early termination in accordance with paragraph 25.2 and/or 25.3 (Termination for Convenience Damages Payment) of Schedule 10 (Pricebook, Charges and Invoicing). In addition, and regardless of the basis of termination, in the event of termination of this Agreement prior to the expiry of the Initial Term, the Customer shall pay the further Liquidated Damages payment set out in paragraph 25.4 or 25.5 (as appropriate) of Schedule 10. The Service Provider agrees that such payments shall be the Service Provider’s sole and exclusive remedies in connection with any early termination itself and that beyond the Liquidated Damages for early termination identified in Schedule 10, no damages or compensation for early termination shall be payable; provided always that this shall be without prejudice to the rights and remedies of the Supplier at law in respect of the recovery of any damages which arise due to breach of this Agreement by the Customer (whether connected with the event giving rise to the early termination or not).

36.3
The Customer may terminate the Agreement for material breach by the Service Provider, immediately if it is not capable of remedy, or after thirty (30) days from the Customer providing the Service Provider with written notice of the material breach if it is capable of remedy but remains unremedied.

36.4
The Customer may also terminate the Agreement:
36.4.1
immediately if an Insolvency Event occurs with respect to the Service Provider;



36.4.2
upon thirty (30) days’ written notice where the Service Provider persistently breaches the Agreement;
36.4.3
where a Key Milestone for Transition is missed by more than a period of time specified as such in the Transition Schedule;
36.4.4
immediately where a Material Adverse Change occurs in relation to the Service Provider and the process outlined in that definition has been exhausted;
36.4.5
on a no-fault basis, in the event there is a Change of Control of the Service Provider (other than an internal re-organisation within the Service Provider Group) which raises a legitimate concern for the Customer and: (a) immediately where termination is required or requested by a Regulator; or (b) on thirty (30) days’ notice where the new controlling entity: (i) has significantly worse financial standing than the Service Provider; (ii) is a direct competitor of the Customer; or (iii) is involved in an industry for which association would be reasonably likely to bring the Customer into disrepute, provided that the Customer gives notice to terminate on this basis within ninety (90) days following the Customer becoming aware of the Change of Control, such notice to specify the date upon which termination shall become effective;
36.4.6
immediately for any breach of this Agreement by the Service Provider: (i) which causes a Regulator to require or request that the Agreement is terminated as a result of the breach; (ii) to the extent that the breach is the chief and direct cause of a Regulator imposing a fine on the Customer or any member of the Customer Group; or (iii) to the extent the breach causes the Customer to breach a specific legal requirement which in turn is likely to cause regulatory problems for the Customer or any member of the Customer Group, and the nature of and impact on the Services of such a legal requirement have been set out in the applicable SOW or in this Agreement;
36.4.7
upon thirty (30) days’ written notice in the event of a Material Service Failure;
36.4.8
upon thirty (30) days’ written notice where there is repeated failure by the Service Provider to engage with the governance procedures set out in this Agreement, including but not limited to, Schedule 12 (Governance and Service Management) where, following formal notice from the Customer, the Service Provider either:
i.
fails to address and propose a plan to solve the concerns identified by the Customer within thirty (30) days of a notice requiring it do so; or
ii.
fails to then deliver on the plan proposed by it pursuant to this clause by the dates specified in the plan;
36.4.9
upon thirty (30) days’ written notice in the event any breach of this Agreement by the Service Provider has a material adverse impact on the Customer’s reputation (or that of the Customer Group) or leads to material adverse publicity; or
36.4.10
as set out in clause 31.4.

36.5
If the Customer terminates this Agreement in whole or in part and the Customer has paid any Charges in advance for Services it has not yet received, an amount equal to such Charges shall be repayable, subject to a pro-rated reduction.

36.6
If the Service Provider believes that any termination by the Customer constitutes a wrongful repudiation of the Agreement, then the Service Provider agrees that it will not affirm the Agreement provided that the termination by the Customer occurs at a time when the Customer is entitled to terminate the Agreement or relevant Statement of Work for convenience. Any wrongful repudiation made in those circumstances shall, if proven, be deemed to be termination for convenience by the Customer and the Customer shall be liable to pay to the Service Provider all amounts (including termination charges) payable on or in connection with termination for convenience (and within the timescales for payment of the same) as provided in this Agreement and/or the relevant Statement of Work.

Service Provider Termination Right

36.7
The Service Provider may only terminate this Agreement on written notice to the Customer due to:
36.7.1
the Customer’s failure to pay undisputed Charges, for which properly submitted invoices have been delivered, by the due date for payment, provided that:



36.7.1.1
the Customer fails to remedy the failure to pay within fifteen (15) days of its receipt of the Service Provider’s written notice of the failure to pay; and
36.7.1.2
the Service Provider provides the Customer a further notice of the failure to pay and the Customer fails to remedy the failure to pay within ninety (90) days of its receipt of such further notice in which case the Service Provider may terminate forthwith;
36.7.2
a material breach by the Customer of the licence conditions set out in clause 25.8 which the Customer fails to cure (if capable of cure) within thirty (30) days of a notice requiring it to do so;
36.7.3
a breach by the Customer (or any of its Affiliates) of its obligations under clause 26 (Confidential Information), provided the Customer fails to remedy the relevant breach (if capable of remedy) within sixty (60) days of its receipt of the Service Provider’s written notice of the relevant breach in which case the Service Provider may terminate forthwith; or
36.7.4
the Customer’s breach of its obligations under clause 27 (Data Protection) where to continue to provide the Services would put the Service Provider in breach of Relevant Laws in which case the Service Provider may terminate forthwith unless such Relevant Laws allow a cure period and/or a notice period in which case the Customer shall have thirty (30) days to cure and/or be provided notice as applicable.

37.
Termination Assistance/Exit

37.1
Subject to clause 37.4, for up to a maximum period of nine (9) months following the effective date of termination or expiration of the Agreement or following the date of any notice of termination, at the Customer’s election and request the Service Provider shall provide Termination Assistance to the Customer at the agreed day rates.

37.2
Actions by the Service Provider under this clause 37 shall be subject to the provisions of the Agreement.

37.3
Charges for Termination Assistance activities by the Service Provider shall be at the services rates set out in the Rate Card or such lower rates (if any) as specified in an Exit Plan.

37.4
[***] the Termination Assistance services shall be provided to facilitate the Customer to readily continue the provision of the services in-house or by a replacement supplier (working in accordance with Good Industry Practice) and eliminate or minimise any disruption or deterioration of the Service, including, but not limited to, the following:
37.4.1
efficient and comprehensive transition;
37.4.2
assistance in providing information required to prepare and execute any request for proposal process;
37.4.3
knowledge transfer;
37.4.4
enabling data migration; and
37.4.5
executing any document required for assignment of rights.

37.5
The Customer shall procure that any Successor Service Provider shall enter into a confidentiality agreement with the Service Provider on the terms of the Agreed Form NDA.

PART J MISCELLANEOUS PROVISIONS

38.
COMPLIANCE WITH LAWS

Generally

38.1
The Service Provider shall perform its obligations in a manner that complies with all Service Provider Applicable Regulations. The Service Provider’s obligations pursuant to this clause shall include identifying and procuring any required permits, certificates, approvals and inspections applicable to the Service Provider or otherwise required by Service Provider Applicable Regulations. If a charge of non-compliance with such Service Provider Applicable Regulation occurs, the Service Provider shall promptly notify the Customer in writing (unless prohibited from doing so under Relevant Law). Any actual failure to so comply with Service



Provider Applicable Regulations applicable to the Services shall give the Customer the right to terminate this Agreement for irremediable material breach pursuant to clause 36.3.

38.2
The Customer shall notify the Service Provider of any material changes in any Relevant Laws affecting its business and of which it becomes aware in the ordinary course of its business (provided always that this shall not release the Service Provider from its own obligations to keep abreast of all Service Provider Applicable Regulations affecting its business and the ongoing provision of the Services).

38.3
Not used.

38.4
The Service Provider shall be responsible for any fines and penalties imposed on the Service Provider [***] arising from any non-compliance by the Service Provider, its personnel or agents with any Service Provider Applicable Regulations.

39.
TRANSFER OF THIS AGREEMENT

39.1
The Customer may assign the Agreement within (i) the Customer Group, (ii) to any entity that acquires it (provided the passes the Service Provider’s reasonable ethics and compliance checks) or (iii) with the Service Provider’s consent (not to be unreasonably withheld) to any third party. To be clear each of the UK Customer, US Customer and Bermuda Customer must jointly agree any such assignment of this Agreement in full.

39.2
Apart from the specific rights to transfer, novate or assign specified in clause 39.1, neither Party may assign, novate or otherwise transfer any of its rights or obligations under this Agreement without the other Party’s prior written consent (such consent not to be unreasonably withheld or delayed). For the avoidance of doubt, it is reasonable for the Customer to withhold its consent to any proposed assignment, novation or other transfer by the Service Provider to any person (the “Transferee”), if the Transferee is of lesser financial standing to the Service Provider or has a lesser ability to provide services of the quality required by this Agreement.

39.3
The Service Provider shall use its reasonable endeavours to notify the Customer in advance of any Change of Control and in any event shall notify the Customer within ten (10) days of any Change of Control occurring.

40.
NO PARTNERSHIP, AGENCY ETC

40.1
Nothing in this Agreement is intended to create a partnership or the relationship of principal and agent or employer and employee between the Parties. Neither Party has the authority or power to bind, to contract in the name of or to create a liability for the other in any way or for any purpose.

41.
NOTICES

41.1
All formal notices and communications between the Parties and/or to any Affiliate made in the course of this Agreement are to be in writing and shall be deemed to have been received by the addressee at the times stated below, provided that the notice of communication is addressed to the recipient at the address specified below, is marked for the urgent notification of the specified point of contact as notified in writing to the other Party from time to time in accordance with this clause 41 and is properly franked or otherwise sent postage prepaid:
41.1.1
by first class post, forty-eight (48) hours after dispatch;
41.1.2
by email with return receipt acknowledgement, on the next Business Day after the day of dispatch;
41.1.3
by hand delivery, immediately upon receipt by the recipient; or
41.1.4
if sent by a reputable overnight express mail service with a reliable tracking system, twenty four (24) hours after dispatch.
This clause 41.1, however, shall not apply to the service of any proceedings or documents in any legal action.
41.2
The addressees of the Parties for the purpose of this clause 41 and for the purpose of service of proceedings are set out below. Notices must be addressed to:




The Service Provider                The Customer
For the attention of:                For the attention of:
Head of UKI Insurance Practice            General Counsel
1 Kingdom Street,                 30 Fenchurch Street
Paddington Central,                 London
London                     EC3M 3BD
W2 6BD                    

With a copy to:    Corporate Counsel -         With a copy to: Chief Technology Officer & UKI Insurance Practice                        Group Head of Procurement
1 Kingdom Street,                 30 Fenchurch Street
Paddington Central,                 London
London                     EC3M 3BD
W2 6BD
                

42.
THIRD PARTY RIGHTS

42.1
A person who is not a Party to this Agreement may not enforce any of its terms under the Contracts (Rights of Third Parties) Act 1999, 1999, save that Affiliates of the Customer from time to time and Divested Affiliates as referred to below may enforce the benefits granted to them under this Agreement. For the avoidance of doubt however this Agreement may be amended or rescinded by agreement between the Parties (and the UK Customer acting on behalf of the US Customer and Bermuda Customer) without the consent of any third party.

42.2
At the Customer’s discretion and upon notice to the Service Provider of the divestment, any Divested Affiliate shall be entitled ([***]) to continue to receive the Services, which it has been receiving pursuant to this Agreement (including the governance regime in Schedule 12 and the invoicing regime in Schedule 10, for a period of up to [***] from the date of completion of such divestment or the date of notice whichever is later, such period to co-terminate with the Term and provided that [***]. The Customer shall be responsible for compliance by such Divested Affiliate to the relevant terms and conditions of this Agreement, including the payment obligations in clause 22 (Charges) for the Services received by the Divested Affiliate and shall be responsible for payment in the event the Divested Affiliate fails to pay the Service Provider. Any changes to the relevant Services or additional requirements (for example, separate invoices for the Customer and Divested Affiliate) or other commercial impact (including to Charges) resulting from the activities contemplated in this clause shall be agreed in accordance with the Contract Change Control Procedure.

43.
SURVIVAL

43.1
Those clauses that by their nature are intended to survive the termination or expiry of this Agreement, shall so survive.

44.
SEVERABILITY

44.1
If any provision of this Agreement or any part of any provision is determined to be partially void or unenforceable by any court or body of competent jurisdiction or by virtue of any legislation to which it is subject or by virtue of any other reason whatsoever, it shall be void or unenforceable to that extent only and the validity and enforceability of any of the other provisions or the remainder of any such provision shall not to be affected. If any clause is rendered void or unenforceable, whether wholly or in part, the Service Provider and the Customer shall endeavour, without delay and in good faith discussions, to attain the economic and/or other intended result in another legally permissible manner.

45.
ENTIRE AGREEMENT




45.1
This Agreement constitutes the entire understanding between the Parties relating to the subject matter of this Agreement and, save as may be expressly referred to in this Agreement, supersedes all prior representations, writings, negotiations or understandings relating to the subject matter of this Agreement.

45.2
Except in respect of any fraudulent misrepresentation made by a Party, the Parties acknowledge that they have not relied on any representations, writings, negotiations or understandings, whether express or implied, (other than as set out in this Agreement) in entering into this Agreement.

45.3
Nothing in this clause 45 is intended to exclude a party’s liability for fraud, fraudulent misrepresentation or any other liability which cannot, by law, be excluded.

46.
WAIVER

46.1
No delay, neglect, or forbearance on the part of either Party in enforcing against the other Party any term or condition of this Agreement shall be or shall be deemed to be a waiver or in any way prejudice any right of that Party under this Agreement. Any waiver by either Party of any of its rights under this Agreement must be in writing and only applies to the transaction or series of transactions expressly referred to in such waiver.

47.
CORPORATE SOCIAL RESPONSIBILITY, COMPLIANCE WITH LAWS AND LLOYDS CENTRE OF EXCELLENCE

Anti-Bribery

47.1
Each Party shall comply with all Relevant Laws relating to anti-bribery and anti-corruption including (but not limited to) the UK Bribery Act 2010 and all relevant US requirements.

Modern Slavery

47.2
Without prejudice to any other provisions in this Agreement, the Service Provider shall, and shall procure that all persons who will or may be used in performing or to support the performance of this Agreement in any part of the world (“Supply Chain”) shall, at all relevant times:
47.2.1
comply with the provisions of the Modern Slavery Act 2015 and all Relevant Laws made under it or relating to it (“MSA”), and ensure that all relevant Service Provider Personnel have received appropriate training on the same;
47.2.2
comply with any Customer policy relating to modern slavery and/or human trafficking as is notified to the Service Provider by the Customer from time to time; and
47.2.3
immediately notify the Customer’s Head of Procurement in writing if it has reason to believe that it or any member of its Supply Chain is in breach or is likely to breach any of the MSA or any provisions of these clauses 47.2 to 47.4 (or would do so if it were a party to this Agreement), or if it receives a communication from any person alleging breach of any of the MSA.

47.3
The Service Provider shall maintain detailed, accurate and up-to-date records setting out:
47.3.1
its staff hiring procedures;
47.3.2
its supplier selection processes; and
47.3.3
the steps it takes to ensure that it and each member of its Supply Chain is not engaged in the activities prohibited by the MSA, and shall promptly provide copies of such records to the Customer on the Customer’s request.

47.4
On the Customer’s reasonable request, the Service Provider shall make, and shall require any relevant member of its Supply Chain to make, such adjustments to its processes that relate to staff hiring and supplier selection as the Customer reasonably considers to be desirable to address any risk of non-compliance with the MSA.

Environment




47.5
The Service Provider shall ensure that its performance of the Services shall comply with all applicable environmental laws, statutes, regulations and relevant government issued guidance.

Health & Safety

47.6
The Service Provider shall at times throughout the Term comply with all Relevant Laws relating to health and safety including (but not limited to) the Health and Safety at Work etc. Act 1974 and shall maintain a written health & safety policy.

Equal Opportunities

47.7
The Service Provider shall at all times throughout the Term comply with all Relevant Law relating to equal opportunities, including, (but not limited to) the Equality Act 2010.

Compliance with Competition Laws

47.8
The Service Provider confirms that it has not colluded with any third parties in relation to the Charges and that it shall comply with all Relevant Laws relating to competition and anti-trust including (but not limited to) the UK Competition Act 1998 and all relevant US requirements.

Compliance with Import/Export Laws

47.9
The Customer agrees to notify Service Provider of (1) any requirements for Deliverables or (2) any other technology, technical data or information to which the Service Provider will have access as a result of the Services that, in either case, will subject the Deliverables or the other technology, technical data or information to control under applicable export regulations under any classification other than EAR99 (or its non-U.S. equivalent) and, in such event, will (i) identify to the Service Provider the applicable regulations (e.g. EAR or ITAR) and classifications (e.g. ECCN) and (ii) follow such guidelines as the Service Provider may communicate to the Customer that reasonably are required to avoid violations. Subject to and except for the foregoing, the Service Provider agrees to notify the Customer of any technology, technical data or information that it will provide to the Customer pursuant to this Agreement that is subject to control under applicable export regulations under any classification other than EAR99 (or its non-U.S. equivalent) and, in such event, will (i) identify to the Customer the applicable regulations (e.g. EAR or ITAR) and classifications (e.g. ECCN) and (ii) follow such guidelines as the Customer may communicate to the Service Provider that reasonably are required to avoid violations. Subject to the foregoing the Service Provider shall comply with all Relevant Laws with respect to the Service Provider’s export and/or import of systems, dual-use items, materials, data, information and technologies necessary for the provision of the Services to each Customer Site (including those comprising the Deliverables) and with applicable embargoes, sanctions, and similar restrictions in force from time to time (including by determining and obtaining all relevant import and/or export authorisations). Notwithstanding the foregoing, the Customer agrees that it will not provide the Service Provider with any technology, technical data or information that is subject to control under the International Traffic in Arms Regulations (ITAR). In the event that the Customer wishes to provide the Service Provider with ITAR-controlled technology, technical data or information, the Customer will notify the Service Provider in writing of such intent, and the Parties agree to cooperate to determine the appropriate agreements and controls, if any, required before the Customer makes such disclosure.

Lloyd’s Centre of Excellence

47.10
The Customer expects the Service Provider to demonstrate a commitment to developing its knowledge of the London insurance market during the Term. Accordingly, the Service Provider shall commit to:
47.10.1
engaging with external consultants to develop training materials and to obtain a deeper understanding of Lloyd’s of London performance standards and requirements;
47.10.2
developing and delivering training and certification programmes for Service Provider Personnel delivering the Services;



47.10.3
increasing the general pool of Service Provider staff who are familiar with Lloyd’s of London operations;
47.10.4
promoting the sharing of experience across the Service Provider’s and its Affiliate’s clients in the Lloyd’s of London market including by promoting opportunities for such clients to network and share experiences;
47.10.5
inviting Lloyd’s of London staff to participate as a guest teachers / lecturers; and
47.10.6
identifying best practices across all the clients of the Service Provider and its Affiliates in the insurance sector and applying such best practice to services in areas regulated by Lloyd’s of London including by recommending enhancements to processes.

48.
CUMULATIVE REMEDIES

48.1
Except as otherwise expressly provided in this Agreement, remedies provided under this Agreement shall be cumulative and in addition to and not in lieu of any other remedies available to either Party at law, in equity or otherwise.

49.
DISPUTE RESOLUTION

49.1
Any dispute between the Parties arising out of or relating to the Agreement, including with respect to the interpretation of any provision of the Agreement, shall be dealt with as follows:
49.1.1
by the respective Contract Managers appointed under the Agreement; and if the dispute is not resolved by the Contract Managers;
49.1.2
then by the Customer’s Chief Technology Officer (or his or her designated nominee) and a person of equivalent standing in the Service Provider’s organisation; and
49.1.3
then by the Customer’s Chief Operating Officer (or his/her designated nominee) and a person of equivalent standing in the Service Provider’s organisation.

49.2
Any dispute, controversy or claim arising under, out of, in connection with, or in relation to the Agreement which cannot be settled as provided for above may then be referred by the Parties to:
49.1.1
mediation by a neutral mediator accredited by the Centre for Dispute Resolution (CEDR); and
49.1.2
then, if the Parties fail to reach agreement during the mediation process within sixty (60) days of the mediator being appointed, Arbitration in London under the LCIA Rules,
in order for the Parties to attempt to resolve such dispute.
49.3
Notwithstanding clauses 49.1 and 49.2, the Parties shall be free at any time to commence legal proceedings in order to seek emergency or injunctive relief.

50.
COUNTERPARTS

50.1
This Agreement may be executed in two or more counterparts, each of which will be deemed to be an original, but all of which together will constitute one Agreement binding on the Parties, notwithstanding that both Parties are not signatories to the original or the same counterpart.

51.
GOVERNING LAW AND JURISDICTION

51.1
The Agreement and all matters arising out of or in connection with it (including any dispute or claim) shall be governed and construed in accordance with the Laws of England and Wales and made subject to the exclusive jurisdiction of the Courts of England.

 





AGREED by the Parties through their duly authorised representatives on the date written at the top of the first page of this Agreement:

For and on behalf of                    )
ASPEN INSURANCE UK SERVICES LIMITED    ) /s/ Michael Cain


Name: Michael Cain

Title: Director




For and on behalf of                    )
ASPEN INSURANCE U.S. SERVICES INC.        ) /s/ Michael Cain


Name: Michael Cain

Title: Director




For and on behalf of                    )
ASPEN BERMUDA LIMITED            ) /s/ Mark Pickering


Name: Mark Pickering

Title: Director





For and on behalf of                    )
COGNIZANT WORLDWIDE LIMITED        ) /s/ David Sexton
                


Name: David Sexton

Title: UK BD Head Cognizant


For the purposes of acknowledging that Cognizant Technology Solutions US Corporation will be providing services on behalf of Cognizant Worldwide Limited in the United States only:

SIGNED: /s/ Steven Papera            

Name: Steven Papera

Title: Corporate Counsel





SCHEDULE 1
DEFINITIONS
The Parties agree that for any defined term in this Agreement for which a definition has not been provided in this Schedule 1 (Definitions) but for which there is an ITIL definition, the ITIL definition in place as at the Effective Date shall apply.
The following definitions apply in this Agreement:
3rd Party Support Services has the meaning given in section 2.9 of Schedule 2, Annex 2.
Acceptance Certificate means a written notice, issued by the Customer in accordance with clause 6.5, certifying that an Acceptance Item has passed (in full, or conditionally) the relevant acceptance tests.
Acceptance Criteria means the mutually agreed objective criteria which an Acceptance Item must satisfy during the acceptance tests as set out in this Agreement before the Customer is required to issue an Acceptance Certificate for that Acceptance Item.
Acceptance Item means any Deliverable or Service or any other item expressed to be subject to acceptance testing under this Agreement.
Acceptance Test means any test set out in this Agreement or agreed between the Parties for the acceptance of Acceptance Items pursuant to clause 6 of this Agreement and references to “accepting testing” and/or “Acceptance Testing” shall be construed accordingly.
Acceptance Test Plan means the plan for acceptance testing agreed between the parties whether pursuant to paragraph 4.1.4 of Schedule 8 (Transition and Transformation) or otherwise as part of the Change Projects.
Active Directory Management Services has the meaning given in section 2.7 of Schedule 2, Annex 2.
Affiliate means any other person that, directly or indirectly, through one or more intermediaries, is controlled by or under common control with a Party or in the case of another legal entity, controlled by or under common control with such other legal entity. For the purposes of this definition, control (including, with correlative meanings, the terms controlled by and under common control with) as used with respect to any person, means the possession, directly or indirectly, of the power to direct or cause the direction of the management or policies of such person, whether through the ownership of shares, the holding of voting power, by contract or otherwise.
Agreed Form NDA means the form of non-disclosure agreement set out in Schedule 15 (Exit Plan and Service Transfer Arrangements).
Agreement means this agreement, the schedules, appendices and attachments.    
Agreement Terms has the meaning set out in paragraph 2.1 of Schedule 9 (Form of Local Agreement).
Applicable Data Protection Law has the meaning set out in paragraph 1 of Schedule 21 (Data Processing and Transfer).
Applicable Increase has the meaning set out in paragraph 4.2 of Schedule 10 (Pricebook, Charges and Invoicing).
Application means Customer used computer software or device software.
Application Management Charges means the Charges for the Application Management Services as set out in section11 of Schedule 10.




Application Management Services has the meaning set out in paragraph 1.1.2(d) of Schedule 2 (Service Descriptions).
Approved Sub-contractor has the same meaning as Sub-contractor.
Asset Management has the meaning given in section 2.1 of Schedule 2, Annex 1.
At Risk Amount has the meaning given to it in paragraph 5.7 of Schedule 3 (Service Levels and Service Credits).
Availability Management has the meaning given in section 2.1 of Schedule 2, Annex 1.
BAFO has the meaning set out in Recital D.
Balanced Scorecard has the meaning given to it in paragraph9.1 of Schedule 12 (Governance and Service Management) as further described in Appendix 12-A to Schedule 12 (Governance and Service Management).
Baseline Costs has the meaning given in clause 34.5.6.
BCDR has the meaning set out in paragraph 24.1 of Schedule 10 (Pricebook, Charges and Invoicing).
BCP Test has the meaning set out in paragraph 4.1 of Schedule 16 (Business Continuity and DR Plan).
Benchmark means the process of carrying out a benchmark review pursuant to Schedule 11 (Benchmarking). ‘Benchmarking’ shall be construed accordingly.
Benchmark Notice has the meaning set out in paragraph 1.2 of Schedule 11 (Benchmarking).
Benchmark Parameters shall have the meaning given to it in paragraph 5.2 of Schedule 11 (Benchmarking).
Benchmark Report shall have the meaning given to it in paragraph 6.1.5 of Schedule 11 (Benchmarking) and is also referred to as a Benchmarking Report.
Benchmarked Services has the meaning given to it in paragraph 1.1 of Schedule 11 (Benchmarking).
Benchmarker has the meaning set out in paragraph 2.6 of Schedule 11 (Benchmarking).
Benchmarking Agreement has the meaning given to it in paragraph 2.7.1 of Schedule 11 (Benchmarking).
Benchmarking Report means the report of a Benchmarker commissioned by the Parties in accordance with Schedule 11 (Benchmarking), also referred to as a Benchmark Report.
Bermuda Customer has the meaning set out at the Parties section of the Agreement.
Bundle has the meaning set out in paragraph 15.3 of Schedule 10 (Pricebook, Charges and Invoicing).
Business Continuity Plan means the business continuity plan to be developed pursuant to Schedule 16 (Business Continuity and DR Plan).
Business Day means a day other than a Saturday, Sunday or Bank holiday in England, Bermuda or relevant US States.
Business Impact Initiatives has the meaning set out in paragraph 20.1 of Schedule 10 (Pricebook, Charges and Invoicing).
Calendar Quarter means any one of the following four periods of three months that make up a Calendar Year: 1st January to 31st March (quarter 1); 1st April to 30th June (quarter 2); 1st July to 30th September (quarter 3) and 1st October to 31st December (quarter 4).




Calendar Year means the period of 365 (or 366 as applicable) days starting from the first (1st) day of January and ending on the thirty first (31st) day of December.
Capacity Management has the meaning given in ITIL as at the Effective Date.
Carried Over Pool Amount has the meaning set out in paragraph 21.1.6 of Schedule 10 (Pricebook, Charges and Invoicing).
Catalogue Item means an item listed as such in the Service Catalogue in Appendix 10-K.
Centre of Excellence or COE has the meaning given to it in paragraph 3.4.1 of Schedule 2 Annex 5.
Change means any change to this Agreement and/or provision of the Deliverables and/or Services agreed between the Parties in accordance with Schedule 13 (Contract Change Control Procedure).
Change Authority means the entity with the responsibilities described in paragraph 6.1 of Schedule 12 (Governance and Service Management).
Change Control Note shall be a document agreed between the Parties in the form set out in Appendix 1 to Schedule 13 (Contract Change Control Procedure) that records a Change.
Change Management Advisory Board (CAB) has the meaning given in section 3.2.2 of Schedule 2, Annex 1.
Change Management Charges means the Charges for the Change Management Services as set out in section 13 of - Schedule 10.
Change Management Services has the meaning set out in paragraph 1.1.2(e) of Schedule 2 (Service Descriptions).
Change of Control means a change in Control of the Service Provider.
Change Project has the meaning set out in paragraph 3.3.1 of Annex 5 to Schedule 2 and will include Large Projects and Small Projects.
Change Request means a written request from either party to vary the terms of this Agreement pursuant to the procedure set out in Schedule 13 (Contract Change Control Procedure).
Charges means the aggregate charges payable by the Customer to the Service Provider under this Agreement and as are more particularly set out in Schedule 10 (Pricebook, Charges and Invoicing).
CIO / Head of Change is the Service Provider’s senior management role assigned to oversee the entire Agreement and to lead the Change Management Services as defined in Schedule 17, section 1.9.
Claim has the meaning set out in clause 30.4.1.
Commercially Reasonable Efforts means that the Party obliged to perform shall take all such steps and perform in such a manner as if it were acting in a determined, prudent and reasonable manner in order to achieve the desired result for its own benefit.
Commercial Review Meeting means the ITO Commercial Board Meeting described in section 4.2(c) of Schedule 12.
Committed Transformation means the Transformation Projects to be completed prior to or after completion of Transition in order to deliver committed price reductions and/or service improvements and whose scope is either agreed prior to the Effective Date or identified prior to the Effective Date with a plan to finalise the details of the same to be agreed during Transition, as further described in Part B of Appendix 1 of Schedule 8.
Committed Transformation Managers has the meaning given to it in paragraph 5.2 of Schedule 8 (Transition & Transformation)




Committed Transformation Services means the services provided by the Service Provider to deliver Committed Transformation.
Common Service Charges means the Charges for the Common Services as set out in section 8 of Schedule 10.
Common Services has the meaning set out in paragraph 1.1.2(a) of Schedule 2 (Service Descriptions).
Comparative Charges has the meaning set out in paragraph 1.3 of Schedule 11 (Benchmarking).
Comparators has the meaning given to it in paragraph 5.2 of Schedule 11 (Benchmarking).
Compromise Assessment means an objective survey of the Customer’s Environment and its devices to discover unknown security breaches, malware and unauthorised access.
Confidential Information means in relation to either Party to this Agreement (“first party”) any and all information in whatever form (whether oral, tangible or documented), that (a) is by its nature confidential; or (b) the other party knows or ought to know is confidential; or (c) is designated by the first party as confidential including the following which are hereby designated by the first party as confidential information of that party: (i) in the case of the Customer, all Deliverables; (ii) information relating to the financial position of the first party (or any of its Affiliates) and in particular includes information relating to the assets or liabilities of the first party (or any of its Affiliates), budgets, sales, and any other matter that does or may affect the financial position or reputation of the party (or any of its Affiliates); (iii) information relating to the business strategies of the first party (or any of its Affiliates) and in particular including marketing, public relations, advertising and commerce plans, ideas, strategies, projections and other information (including related to electronic sales), business plans, real estate plans, strategic expansion plans, products and product designs; (iv) information relating to the first party’s (or any of its Affiliate's) customers, contractors or sub-contractors; (v) any information derived from the information described in (i) to (iv) above; and is disclosed to or otherwise learnt, acquired or developed by the other Party in connection with this Agreement (or its subject matter).
Configuration Items has the meaning given in ITIL as at the Effective Date.
Configuration Management has the meaning given in section 2.1.6 of Schedule 2, Annex 1.
Consultant has the meaning given in clause 33.1 (Enhanced Co-operation).
Consultant Costs has the meaning given in clause 33.10 (Enhanced Co-operation).
Continual Service Improvement or CSI means the same as the ITIL term “Continual Improvement” as at the Effective Date.
Continuation Services means the Services (other than Termination Assistance) which the Customer may continue to require the Service Provider to provide during the Termination Assistance Period.
Contract Change Control Procedure or ‘CCP’ means the process for modifying the provision of the Services or the Agreement as set out in Schedule 13 (Contract Change Control Procedure).
Contract Manager means the person appointed by each party to represent it in relation to day to day matters arising in relation to the Services and this Agreement, as defined in Schedule 12, paragraph 1.3.
Contract Year means each twelve (12) month period from 1 October to 30 September, with Contract Year 0 starting on the Effective Date and ending on 30 September 2018 and Contract Year 1 starting on 1 October 2018 and ending on 30 September 2019.
Control shall mean the direct or indirect power to direct or cause the direction of the management and policies of a company or other business entity, whether through ownership of fifty percent (50%) or more of the voting interest, by contract, or otherwise.
Control Assessment has the meaning given in Section 6.1 of Schedule 8 Appendix 08-A.




Core has the meaning given in paragraph 13.4 of Schedule 10.
COTS Vendor has the meaning set out at clause 25.12.1.
Critical Service Level means a Service Level listed in Appendix 3-A which has Service Credits allocated to it.
Customer Applicable Regulations means (i) Relevant Laws which are in force from time to time during the Term, including any amendments to any or all of them, and which apply to the Customer and the Customer Group and/or their use of or receipt of the Services but which in each case are not Service Provider Applicable Regulations; and (ii) those things deemed to be Customer Applicable Regulations pursuant to the definition of Service Provider Applicable Regulations.
Customer Change Management Lead means the Customer representative that is responsible for Change Management activity.
Customer COE Lead means the Customer’s primary contact point for the relevant COE.
Customer Data means information regarding or relating to the Customer or the Customer Group that is provided to the Service Provider pursuant to this Agreement.
Customer Dependencies means the obligations of the Customer which are identified as a Customer Dependency in the Agreement, a SOW, Schedule 4 (Customer Dependencies), or Appendix 1 of Schedule 8 (Transition and Transformation).
Customer Environment means the Customer’s IT and business operations which receive the Services.
Customer Equipment has the meaning given to it in clause 13.1 (Equipment and Software).
Customer Future Transformation Manager has the meaning given to it in paragraph 7.1.2 in Schedule 8 (Transition and Transformation).
Customer Group means each of the UK Customer, US Customer and Bermuda Customer and their Affiliates.
Customer Group Company has the meaning set out in Schedule 9 (Form of Local Agreement).
Customer Indemnified Items means all Customer Material, Customer Software, Customer Hardware, Customer Equipment, Customer Data and Customer IPR (other than modifications or enhancements to any of the foregoing delivered by the Service Provider, its Affiliates and/or its Sub-contractors).
Customer Indemnities has the meaning set out in clause 30.2 of this Agreement.
Customer Individual has the meaning set out in paragraph 1.3(a) of Schedule 12 (Governance and Service Management).
Customer IPR means any IPRs owned by or licensed to the Customer or its Affiliates (including Third Party Materials) and licenced by or otherwise made available by or on behalf of the Customer to the Service Provider or its Affiliates (including modifications and enhancements) to be used by the Customer (including its Group) or the Service Provider in receiving or providing the Services (including development of any Deliverables).
Customer Locations or Customer Sites means the locations and sites from which the Customer operates and to which the Service Provider will require access in order to provide the Services from time to time, as set out in the Procedures Manual and/or Schedule 22 (Locations and Site Licence).
Customer Location Policies has the meaning set out in clause 16.1.
Customer Material means any Material owned by or licensed to the Customer or its Affiliates (and any modifications to that Material).




Customer Parties means the UK Customer, the US Customer and the Bermuda Customer, each being a Customer Party.
Customer Personal Data means any personal data described in a SOW or Schedule 21 (Data Transfer and Processing) and supplied by a Customer Group company to the Service Provider or a Service Provider Affiliate under this Agreement for processing and/or which the Service Provider (and/or any Sub-contractor) generates, collects, stores, transmits or otherwise processes on behalf of a Customer Group company or as a data processor in connection with this Agreement.
Customer Personnel means the directors, officers, employees, agents, agency workers, contractors and sub-contractors of the Customer Group and its sub-contractors (other than the Service Provider and its Affiliates).
Customer Representative means the Customer Contract Manager or its appointed alternative contact.
Customer SME means an appropriate Customer representative.
Customer Software means the computer programs (whether in machine or optically readable format) and all Materials relating to such computer programs, owned, licenced or used by the Customer and/or its Affiliates.
Customer Systems means the Customer Software and any Equipment and/or Tools owned or used by the Customer and/or its Affiliates.
Data Exporter has the meaning set out in paragraph 1 of Schedule 21 (Data Processing and Transfer).
Data Importer has the meaning set out in paragraph 1 of Schedule 21 (Data Processing and Transfer).
Data Protection Legislation means all laws relating the processing of Personal Data, privacy and security, including, without limitation, the EU Data Protection Directive 95/46/EC (as will be superseded by the EU General Data Protection Regulation 2016/679 (“GDPR”)), the EU Privacy and Electronic Communications Directive 2002/58/EC, and the Bermuda Personal Information Protection Act 2016, as implemented in each jurisdiction, and all amendments, or all other applicable international, regional, federal or national data protection laws, regulations and regulatory guidance. The terms data controller, data processor, data subject, personal data, process/processing, special categories of data and supervisory authority shall have the meanings ascribed to them in the GDPR.
Data Protection Model Clauses means standardised contractual clauses to ensure that any personal data leaving the EEA will be transferred in compliance with Data Protection Legislation, a copy of which is set out in the Annex to Schedule 21 (Data Processing and Transfer).
Database Management Services has the meaning given in section 2.5 of Schedule 2, Annex 2.
Dedicated Licences are licences which the Service Provider has purchased specifically for the Customer to use to receive the Services and excludes licences for Service Provider Tools and COTS Vendor software or services.
Dedicated Third Party Contracts means a third party contract designated as such in Schedule 15 (Exit Plan and Service Transfer Arrangement).
Delay Notice as defined in clause 5.1 (Delay).
Deliverable means any tangible item or output required to be provided by the Service Provider to the Customer under this Agreement or a SOW.
Deliverable Acceptance Document means a document setting out the acceptance requirements for the relevant Deliverable as may be agreed between the Parties pursuant to Schedule 8 (Transition and Transformation).
Design Authorities has the meaning set out in paragraph 6.1 of Schedule 12 Governance and Service Management.
Designated Areas means those areas designated as such in accordance with Schedule 22 (Location and Site Licence) to this Agreement.
Deskside Support has the meaning given in section 1.1 of Schedule 2, Annex 3.




Detailed Design or Detailed Design Phase refers to the design phase of a project where the exact scope and requirements are defined and agreed for all Committed Transformations stated in Part B of Appendix 8-A (Transition and Transformation).
Developed IPR means those materials and Intellectual Property Rights created specifically for the Customer pursuant to this Agreement or any SOW or Local Agreement but excluding: (i), modifications, enhancements or derivatives of Service Provider IPR; or (ii) any materials or other Intellectual Property Rights the creation of which falls outside the scope of the Services.
Digital Product has the meaning set out in clause 25.11 of this Agreement.
Disaster means any disruption to the performance or receipt of the Services (whether caused by a natural or a man-made phenomenon or occurrence) that requires the implementation of the Disaster Recovery Plan and which is acknowledged to be a Disaster by the Customer.
Disaster Recovery Plan means a disaster recovery plan to be developed pursuant to Schedule 16 (Business Continuity and DR Plan).
Disclosing Party means the Party which discloses its Confidential Information to the other Party.
Discount Percentage means the volume discount to be applied to the Change Management Charges pursuant to section 21 of Schedule 10.
Dispatch Sites means those Customer Locations that do not have a Service Provider On-Site based presence.
Dispute Resolution Procedure means the procedure set out in clause 49 (Dispute Resolution).
Divested Affiliate means any entity which has been, during the term of this Agreement, an Affiliate of the Customer, and which subsequently ceases to be an Affiliate of the Customer.
Documentation means all documentation including user manuals or other operating manuals relating to a Deliverable or the Services.
Duration of Commitment has the meaning set out in paragraph 1 of Schedule 18 (Key Personnel).
Effective Date means the date set out at the start of this Agreement.
Employment Costs has the meaning set out in clause 15.2 (Personnel).
Employment Liabilities mean all claims and employment related costs, including but not limited to claims for salary and benefits, redundancy payments, unlawful deductions from wages, unfair, wrongful or constructive dismissal compensation, compensation for age, sex, race or disability discrimination or discrimination on the grounds of religion, belief, age or sexual orientation or claims for equal pay, compensation for less favourable treatment of part-time workers, and any other claims whether in tort (including negligence), contract or statute or otherwise, and any demands, actions, proceedings and any award, compensation, damages, tribunal awards, fine, loss, order, penalty, disbursement, payment made by way of settlement and costs and expenses reasonably incurred in connection with a claim or investigation, and any expenses and legal costs on an indemnity basis.
End-to-End Service has the definition set out in Schedule 14.
End User means an individual authorised by the Customer to use and access the Customer’s systems and who is enabled on the Customer’s active directory.
End User Contact has the meaning given in section 3.1.1 of Schedule 2, Annex 3.
End User Devices means the devices as listed in Appendix 2-B tab “End User”.
Environment means the composite Hardware, Software, Network Resources and Services required for the existence, operation and management of an Enterprise IT service.




Equipment means all components, materials, plant, tools, test equipment, hardware, firmware, computing and data communications equipment and any related documentation used in the provision of the Services.
Equivalent Services has the meaning given to it in paragraph 1.3 of Schedule 11 (Benchmarking).
Escrow Agreement means an agreement entered into by the Parties pursuant to clauses 25.14 and 25.15, on the then applicable NCC standard form single user terms.
Executive Escalation (a) has the meaning given in clause 8.5.1.
Executive Escalation (b) has the meaning given in clause 8.5.2.
Executive Sponsor is the person in the Service Provider’s organisation who is a member of the executive leadership of the Service Provider (UK or globally) and ultimately responsible to the Service Provider’s corporate leadership for the success of the IT outsourcing arrangement. As at the Effective Date, this is the Head of the Service Provider’s UK and Ireland region.
Existing Performance Data has the meaning set out in paragraph 2.6 of Schedule 3 (Service Levels and Service Credits.
Existing Service Levels means those Service Levels defined as Service Level Type 1 in Appendix 3-A of Schedule 3 (Service Levels and Service Credits).
Exit Information has the meaning given to it in paragraph 5.1 of Schedule 15 (Exit Plan and Service Transfer Arrangements).
Exit Milestones are the applicable Milestone Dates set out the Exit Plan developed in accordance with Schedule 15 (Exit Plan and Service Transfer Arrangements).
Exit Plan the plan to be developed pursuant to Schedule 15 (Exit Plan and Service Transfer Arrangements) that shall set out in such detail as is reasonably required by the Customer a plan by which the Services shall be transferred to the Customer or a Successor Service Provider following the termination or expiry of this Agreement in whole or in part.
Expected Service Level means, in respect of any Service Level, the required level of performance which the Service Provider shall meet or exceed in its performance of the relevant Services.
Final Milestone means, in respect of Transition, the relevant Service Commencement Date or, with respect to Committed Transformation or agreed Future Transformation, the agreed ‘Go Live’ date.’
Financial Distress Event means any or all of the following:
(a)
the credit rating of the Service Provider Group dropping two or more levels below its rating as at the Effective Date (provided that this is not part of a general downgrading of the credit ratings of a significant proportion of organisations in the digital and information technology services market);
(b)
the Service Provider Group issuing a profits warning to a stock exchange or making any other public pronouncement about a material deterioration in its financial position or prospects which, in each case, envisages a reduction in profit of [***]% or more on the same period in the previous year;
(c)
a public or regulatory investigation into improper financial accounting and reporting, suspected fraud or other financial impropriety of the Service Provider Group holds that there has been actual improper financial accounting, reporting, fraud or other financial impropriety committed by the Service Provider Group,
where, in each case, this will have a material adverse impact on the continued performance and delivery of all or a significant part of the Services in accordance with this Agreement.
First Service Commencement Date has the meaning set out in clause 3.1.
Flex has the meaning given in paragraph 13.4 of Schedule 10.
Force Majeure Event means any act of God, war, civil disturbance, strike (other than strikes of Service Provider Personnel), flood, fire, or other cause not within that Party’s reasonable control.




Forecast Volumes has the meaning set out in paragraph 18.2 of Schedule 10 (Pricebook, Charges and Invoicing).
Future Equipment has the meaning given to it in clause 13.4 (Assets).
Future Transformation means the Transformation Projects that will take place during the Term following Transition and which go beyond the Committed Transformation activities agreed to be performed as at the Effective Date.
Future Transformation Services means the Transformation Services to be agreed between the Parties in accordance with Appendix 2 of Schedule 8 (Transition and Transformation) of this Agreement.
Gainshare Initiatives has the meaning set out in paragraph 20.2 of Schedule 10 (Pricebook, Charges and Invoicing).
Go Live Date means the date agreed for the completion of a Committed Transformation.
Good Industry Practice means that degree of skill, care, prudence, foresight and practice which would ordinarily be expected of a skilled, experienced and leading supplier of services of the same or a similar nature to the Services and which, for the avoidance of doubt, includes compliance with standards akin to applicable British Standards Institute and International Standards Organisation standards.
Hardware means the physical material parts of a computer or other system.
Holdback means a payment milestone which occurs after the Final Milestone at the end of a project, as further set out in clause 10.4 (Holdback, Service Levels and Liquidated Damages).
IMACD     means Installations, Moves, Additions, Changes, Deletions.
Implementation Plan means any plan for the implementation of Transition or Transformation Services as described in Appendix 1 of Schedule 8 (Transition and Transformation) to this Agreement.
Incident has the meaning given in ITIL as at the Effective Date.
Incremental Innovation Pool has the meaning set out in paragraph 21.1.3 of Schedule 10 (Pricebook, Charges and Invoicing).
Indexation Date has the meaning set out in paragraph 4.1.2 of Schedule 10 (Pricebook, Charges and Invoicing).
Indexation Sensitivity has the meaning set out in paragraph 4.1.1 of Schedule 10 (Pricebook, Charges and Invoicing).
Inflight Project Handover Statement has the meaning set out in paragraph 19.7 of Schedule 10].
Inflight Projects has the meaning set out in paragraph 19.1 of Schedule 10 (Pricebook, Charges and Invoicing).
Infrastructure means hardware and software in scope for support as part of the Infrastructure Management Services, Operations and Service Delivery Services, Network Management Services and Security Services. The initial hardware is listed in Appendix 2-B (Ops & Service Del. Supported Hardware).
Infrastructure Change Services has the meaning given in section 2.10 of Schedule 2, Annex 2.
Infrastructure Management Charges means the Charges for the Infrastructure Management Services and the Security Services, as set out in paragraph 9 of Schedule 10.
Infrastructure Management Services has the meaning set out in paragraph 1.1.2(b) of Schedule 2 (Service Descriptions).
Infrastructure Monitoring Services has the meaning given in section 2.1 of Schedule 2, Annex 2.
Infringing Item has the meaning set out in clause 30.3.
Initial Term has the meaning set out in clause 3.1.




Innovation Pool has the meaning set out in paragraph 21 of Schedule 10 (Pricebook, Charges and Invoicing).
Innovation Project/Initiative has the meaning set out in paragraph 21.2 of Schedule 10 (Pricebook, Charges and Invoicing).
Insolvency Event means one or more of the following events:
(a)
a Party becomes unable to pay its debts or is deemed to be unable to pay its debts within the meaning of section 123 of the Insolvency Act 1986;
(b)
a Party enters into liquidation either compulsory or voluntary (save for the purposes of a solvent reconstruction or amalgamation) or a provisional liquidator is appointed in respect of that Party;
(c)
an administrator, administrative receiver, receiver or manager, liquidator or similar officer is appointed in respect of the whole or any part of that Party’s assets (save for the purposes of a solvent reconstruction or amalgamation) and/or a winding up petition is issued against that Party;
(d)
that Party proposes to enter or enters into any composition or arrangement with its creditors generally or any class of creditors; or
(e)
that Party is subject to an event analogous to any of the above in any other jurisdiction.
Intellectual Property Rights or ‘IPR’ means all patents, rights in inventions, rights in designs, trade marks, trade and business names and all associated goodwill, rights to sue for passing off or for unfair competition, copyright, Moral Rights and related rights, rights in databases, topography rights, domain names, rights in information, tools and methodologies and all other similar or equivalent rights subsisting now or in the future in any part of the world, in each case whether registered or unregistered and including all applications for, and renewals or extensions of, such rights for their full term.
Interim Expected Service Levels means, in respect of any Services to which New Service Levels apply, the Expected Service Levels that apply from the Effective Date up until the end of the Service Level Observation Period to which Service Credits shall not be applicable.
Interim Minimum Target Levels means, in respect of any Services to which New Service Levels apply, the Minimum Service Levels that apply from the Effective Date up until the end of the Service Level Observation Period to which Service Credits shall not be applicable.
Internal Audit has the meaning set out at clause 20.14 (Internal Audit).
Inventory has the meaning given in paragraph 9.1.4.1 of Schedule 2.
ITIL means the Information Technology Infrastructure Library which is a proprietary framework for IT service management.
ITO Commercial Board is the meeting described in section 4.2(c) of Schedule 12.
Key Milestone means any Milestone identified as such by the Parties in accordance with Schedule 8 (Transition and Transformation).
Key Performance Indicators means the service measures required by the Customer as set out in Appendix 3-A of Schedule 3 which are not Service Levels
Key Personnel means those individuals identified as such in Schedule 18 (Key Personnel).
Knowledge Management has the meaning given in ITIL as at the Effective Date.
Landed Resource means Service Provider Personnel performing Services not from one of the Service Providers main offshore service centres but who is normally based at such centres.
Large Project is a Change Project with a value of greater than USD 50,000 (as further described in section 3.3.3 of Annex 5 to Schedule 2).




Legacy Agreement means any agreements (including purchase orders, work orders or statements of work) in place between any member of the Service Provider Group and any member of the Customer Group as at the Effective Date and any draft or under negotiation agreements in relation to which work may have commenced but excludes any agreements (including purchase orders, work orders or statements of work) agreed between the Parties (or their respective Affiliates) prior to the Effective Date where the services referenced in the same has been completed prior to the Effective Date.
Legacy Security Environment has the meaning given in Section 6.1 of Schedule 8 Appendix 08-A.
Liquidated Damages means any fixed or pre-determined sum of damages agreed by the Parties to this Agreement, to be payable should certain defined events occur as set out in this Agreement.
Local Agreement means an agreement entered into on the terms set out in Schedule 9 (Form of Local Agreement) to this Agreement.
Maintenance and Support Charges means the Charges for the Maintenance and Support component of Operations and Service Delivery Services as set out in section 10 of Schedule 10.
Major Incident has the meaning given in ITIL as at the Effective Date.
Managed Agreements has the meaning set out in clause 14.3.
Managing Customer Party has the meaning set out in clause 1.2 of Schedule 9 (Form of Local Agreement).
Market Competitive has the meaning set out in paragraph 1.3 of Schedule 11 (Benchmarking).
Material means methodology or process, documentation, data or other material in whatever form, including without limitation any reports, specifications, business rules or requirements, user manuals, user guides, operations manuals, training materials and instructions, but excluding Software.
Material Adverse Change means any of the following occurring in relation to the Service Provider:
(a)
a Financial Distress Event;
(b)
the Service Provider allowing the benefit of other contracts entered into by it to be assigned or novated from the Service Provider without the Service Provider’s prior written consent or otherwise allowing (whether by act or omission) a situation to arise where the Customer is the only significant customer of the Service Provider; or
(c)
in the event the Service Provider’s Parent Company ceases to be listed, the Service Provider Personnel identified in clause 8.5.2 failing within a reasonable period of time to respond in a substantive manner to queries raised by the Customer as to the Service Provider’s financial well-being; priorities for and intentions regarding the Service Provider; and/or its activities over the next twelve (12) months following the query.

Material Service Failure means the events identified as such in this Agreement including those identified as such in paragraph 4.10 of Schedule 3 (Service Levels and Service Credits).
Measurement Period means a calendar month.
Measurement Window means the period over which a specific Service Level or Key Performance Indicator is measured, as set out in the relevant column of Appendix 3-A.
Messaging Management Services has the meaning given in section 2.6 of Schedule 2, Annex 2.
Milestone means a milestone identified and agreed between the Parties for the performance of any element of the Service under this Agreement.
Milestone Date: means, in relation to an agreed Milestone, the date by which such Milestone is to be achieved.




Minimum Target Level means, in respect of any Service Level, the level of performance below which, certain provisions of paragraph 4 and paragraph 5 of Schedule 3 (Service Levels and Service Credits) apply.
Minor Enhancement is a Change Project with effort equal to or less than 32 person hrs (as further described in section 3.3.3 of Annex 5 to Schedule 2).
Moral Rights has the meaning set out in Chapter IV of the UK Copyright, Designs and Patents Act 1988.
MSA means Modern Slavery Act 2015 as set out in clause 47.2 (Modern Slavery) of this Agreement.
Network means Customer corporate data connectivity between computers and devices, incorporating both LAN (Local Area Network) and WAN (Wide Area Network) and voice connectivity, both internally and externally.
Network Management Charges means the Charges for the Network Management Services as set out in section 12 of Schedule 10.
Network Management Services has the meaning set out in paragraph 1.1.2(f) of Schedule 2 (Service Descriptions).
New Service means a service additional to the Services.
New Service Level means those defined as Service Level Type 2 in Appendix 3-A along with any other service levels which the Service Provider may introduce during the Term.
Non-Dedicated Licences are licences which the Service Provider has not purchased specifically for the Customer to use to receive the Services.
Non-Dedicated Third Party Contracts means a third party contract designated as a non-dedicated in Schedule 15 (Exit Plan and Service Transfer Arrangements) of this Agreement.
Non-Site Based has the meaning given in paragraph 8 of Schedule 2.
Notice has the meaning set out in clause 30.4.1.
Offshore means at the approved Service Provider Service Location in India.
Onshore means at the approved Service Provider Service Location in the countries in which Services are received.
On-Site means at the Customer Locations, Customer Sites and / or the Customer datacentres.
Offshore Service Desk Option has the meaning set out in paragraph 10.6 of Schedule 10.
OLA has the definition set out in Schedule 14.
Operational Boards has the meaning as set out in Schedule 12 section 4.2.
Operational Reporting has the meaning as set out in Schedule 2 section 4.1.2
Operational Risk has the meaning given to it in paragraph 10.1 of Schedule 12 (Governance and Service Management) of this Agreement.
Operations and Service Delivery Charges means the Charges for the Operations and Service Delivery Services as set out in section 10 of Schedule 10.
Operations and Service Delivery Services has the meaning set out in paragraph 1.1.2(c) of Schedule 2 (Service Descriptions).
Other Sites means any other Customer Site which is not subject to a Site Licence under Schedule 22 (Locations and Site Licence) which the Customer may procure access pursuant to Schedule 22 (Locations and Site Licence).




Outgoing Service Provider means a third party provider of services which will be replaced by the Services.
Outsourcing Agreement has the meaning set out in the Background of Schedule 9 (Form of Local Agreement).
Patch Management Services has the meaning given in section 2.8 of Schedule 2, Annex 2.
Performance Standards means the standards of performance the Service Provider is required to meet pursuant to Schedule 3 (Service Levels and Service Credits).
Person means any body corporate, association, partnership, joint venture, organisation, individual, business or other trust or any other entity or organisation of any kind or character, including a court or other governmental authority.
Physical IMAC or IMACD means the Installation, Move, Add, Change, and Disposal of computer equipment.
Pool Percentage (or Pool %) is the proportion of the At Risk Amount allocated to a specific Critical Service Level as shown in the relevant column of Appendix 3-A.
Post-Transformation Service Levels means the Service Levels agreed pursuant to section 3 of Schedule 3 (Service Levels and Service Credits).
Pre-existing IPR means any IPR (i) owned, acquired or developed by, or licensed to, a Party on or prior to the Effective Date (including Third Party Materials) and any modifications, enhancements or derivatives of such Intellectual Property Rights (including in the case of the Service Provider the Service Provider Tools); or (ii) arising in any materials or items the creation of which falls outside the scope of this Agreement (including any modifications, enhancements or derivatives of the same), but excluding in both cases Developed IPR.
Pricebook means the document set out in Appendix 10-A to Schedule 10 (Pricebook, Charges and Invoicing) (as the same may be updated during the Term) setting out the basis on which the Charges shall be calculated.
Problem has the meaning given in ITIL as at the Effective Date.
Procedures Manual or ‘SOP’ as defined in clause 8.2 (Procedures Manual).
Pro Forma SOW means the document at Appendix 20-A of Schedule 20.
Project means a Change Project as defined in Schedule 2 Annex 5 section 3.3.1.
Project Board means the team responsible for the success of a project. The Project Board manages the constraints in which a project manager operates and represents all stakeholders in the Project.  The Project Board assumes there is a business sponsor who specifies products (and typically justifies investment for the Project) and a supplier who delivers the product.
Project Brief means a written summary of the requirements of the Customer in respect of a Project, which may have been written by the Customer, the Service Provider or jointly and has been approved by the Customer.
Project Steering Committee has the meaning given in paragraph 7.1 of Schedule 12 (Governance and Service Management).
QA Report has the meaning given to it in paragraph 9.6 of Schedule 11 (Benchmarking).
QA Requirements means the standards to which the Services are to be delivered as defined in Schedule 3 (Service Levels and Service Credits).
QA Review means the quality assurance review to be performed pursuant to section 9 of Schedule 11.
Rate Card means the rate cards set out in in Appendix 10-I of Schedule 10 (Pricebook, Charges and Invoicing)) used to calculate certain Charges payable under this Agreement.
Receiving Party means the Party which receives Confidential Information of the other Party.




Reconciliation Sum has the meaning set out in paragraph 3.4 of Schedule 10 (Pricebook, Charges and Invoicing).
Recovery Item has the meaning set out in paragraph 25.1.1 of Schedule 10.
Reference Groups shall have the meaning given to it in paragraph 5.2 of Schedule 11 (Benchmarking).
Regular Future Transformation Update has the meaning set out in paragraph 1.5 of Appendix 2 to Schedule 8 (Transition & Transformation).
Regulator or Regulatory Body means any person, body or regulatory authority responsible for ensuring compliance with statutory requirements and all other rules, guidance regulations, instruments and provisions in force from time to time including the rules, codes of conduct, codes of practice, and practice requirements guidance, which a Party or its Affiliates may be subject to from time to time.
Regulatory Change means any change to any Customer Applicable Regulations or Service Provider Applicable Regulations.
Release has the meaning given in ITIL as at the Effective Date.
Release & Deployment Management has the meaning given in ITIL as at the Effective Date.
Relevant Law means:
(a)
any statute, regulation, by-law, ordinance or subordinate legislation in force from time to time to which a Party is subject including Data Protection Laws;
(b)
the common law as applicable to the Parties from time to time;
(c)
any binding court order, judgment or decree;
(d)
any applicable industry code, policy or standard, in each case enforceable by law; and
(e)
all applicable statutory and all other rules, guidance regulations, instruments and provisions in force from time to time including the rules, codes of conduct, codes of practice, practice requirements guidance and accreditation terms, in each case of mandatory effect and stipulated by any regulatory authority to which a Party or its Affiliates is subject from time to time.
Relief Event means either a Force Majeure Event or where, following a failure by the Customer to comply with a Customer Dependency (and provided always the Service Provider has complied with clause 21 (Customer Dependencies) of the Agreement), the Service Provider is entitled to relief from its own failure to perform any of its obligations pursuant to clause 21.
Replacement Services means the provision of services by an entity other than the Service Provider or a member of the Service Provider Group in substitution of the Service Provider following the expiry or termination of all or part of the Services.
Reports means those reports to be provided by the Service Provider to the Customer in accordance with this Agreement, as defined in Schedule 12, section 5 and Schedule 2 Annex 1, section 6.
Residual Knowledge has the meaning given to it in clause 25.15 (Residual Knowledge).
Response has the meaning set out in Recital D.
Retained Organisation means the organisation, service and resources retained by the Customer following the relevant Service Commencement Date.
RFP has the meaning set out in Recital D.
Run Charges means the Charges for the Run Services.
Run Service Change Pool has the meaning given in section 2.4 of Schedule 2 Annex 1.
Run Services means the Common Services, Infrastructure Management Services, Operations and Service Delivery Services, Application Management Services and Network Management Services.




Security Control Requirements has the meaning set out in para 3.1.1 of Schedule 7.
Security Gap has the meaning given in Section 6.1 of Schedule 8 Appendix 08-A.
Security Incident means any actual or suspected unauthorised access or disclosure, accidental or unlawful destruction or accidental loss or alteration of Customer Data.
Security Safeguards has the meaning given in section 6.1 of Schedule 8 Appendix 08-A.
Security Services has the meaning set out in paragraph 1.1.2(f) of Schedule 2 (Service Descriptions).
Server    means a Customer computer, device or a program that manages IT network resources, be it physical, virtual or cloud hosted.
Server Management Services has the meaning given in section 2.3 of Schedule 2, Annex 2.
Service Areas means the scope of Annexures to Schedule 2 - Common Services, Infrastructure Management Services, Application Management Services, Network Management Services, Operations and Service Delivery, Change Management Services.
Service Catalogue means the list of services in Appendix 10-K.
Service Commencement Date has the meaning set out in clause 3.1 (Term).
Service Credit Allocation means the process of determining how Service Credits are to be applied in accordance with section 5 of Schedule 3 (Service Levels and Service Credits).
Service Credits means the credits (if any) which become payable to the Customer in accordance with section 5 of Schedule 3 (Service Levels and Service Credits).
Service Description has the meaning given in paragraph 1.1 of Schedule 2.
Service Desk provides an ITIL based single point of contact (SPOC) for all Incident and Problem resolution, Service Requests, and end-to-end management as described in Schedule 2, Annex 3, section 2.1.
Service Desk Charges means the Charges for Service Desk Services as set out in section 10 of Schedule 10.
Service Failure means a failure to meet the Expected Service Level.
Service Integration means the process by which various elements of the Services and third party and Customer provided services and inputs related to the Services are integrated with each other so as to create a seamless service for the Customer and the End Users, as set out in Schedule 14.
Service Integration Services means the Services to be performed by the Service Provider in order to enable Service Integration as further described in Schedule 14 (Service Integration and Management).
Service Integrator means the entity that takes responsibility for Service Integration pursuant to Schedule 14, in this Agreement that shall be the Service Provider. 
Service Lead means the Service Provider’s day-to-day operational run lead for a particular service component as defined in Schedule 12.
Service Level means the service levels required by the Customer as set out in Appendix 3-A of Schedule 3, as may be amended from time to time in accordance with Schedule 3 (Service Levels and Service Credits).
Service Level Observation Period has the meaning given to it in paragraph 2.10.1 of Schedule 3 (Service Levels and Service Credits).
Service Level Report has the meaning given to it in paragraph 4.3 of Schedule 3.




Service Management means the aspect of the Common Services described as such in Annex 1 of Schedule 2 (Services Descriptions) which the Service Provider shall ensure are delivered in line with ITIL and industry best practice.
Service Priority has the meaning given in paragraph 3 of Schedule 2.
Service Provider Applicable Regulations means all Relevant Laws which are in force from time to time during the Term, including any amendments to any or all of them, and which apply to: (a) the Service Provider [***] or (b) the Service Provider or any of its Sub-contractors or Affiliates in relation to the Service Provider’s delivery of the Services under this Agreement and, in each case, save to the extent that the Customer or its regulators require a specific approach to be taken as regards the delivery of the Services in which case, pursuant to clause 20.1, such specific approach shall not be a Service Provider Applicable Regulation and be designated a Customer Applicable Regulation.
Service Provider BC Representative has the meaning set out at paragraph 1.3 in Schedule 16 (Business Continuity and DR Plan).

Service Provider Delivery Lead means the individual designated as such in Schedule 18 (Key Personnel).

Service Provider Executive Members are the Executive Sponsor and UKI Insurance Head.

Service Provider Future Transformation Manager: has the meaning given to it in paragraph 7.1.1 of Schedule 8 (Transition and Transformation).
Service Provider Group means the Service Provider and its Affiliates.
Service Provider Individual has the meaning set out in paragraph 1.3(b) of Schedule 12 (Governance and Service Management).
Service Provider IPR means any IPR owned or licensed by the Service Provider, its Affiliates or Sub-contractors whether acquired or developed on, before or after the Effective Date (including Service Provider Software, Service Provider Tools and Service Provider Pre-existing IPR) and any materials or other Intellectual Property Rights the creation of which falls outside the scope of the Services (in each case including any enhancements, derivatives or modifications thereto) but excluding Developed IPR.
Service Provider Personnel has the meaning set out in clause 15.2.
Service Provider Service Locations means those locations, site or facilities from which Services shall be provided that from time to time are owned, leased or under the control of the Service Provider, its Affiliates, or their sub-contractors.
Service Provider Software means software owned by or licenced to the Service Provider.
Service Provider Systems Regulatory Change has the meaning given to it in paragraph 5.1.2(b) of Schedule 13 (Contract Change Control Procedure).
Service Provider Tools has the meaning set out in clause 25.11.2.
Service Request Management has the meaning given in ITIL as at the Effective Date.
Service Requests has the meaning given in ITIL as at the Effective Date.
Service Tower means each of the Common Services, Infrastructure Management Services, Operations and Service Delivery Services, Application Management Services, Change Management Services and Network Management Services as set out in the Annexes 1-6 (excluding Annex 5) of Schedule 2 (Service Towers Specification).
Service Transfer means the transfer of the Services to the Customer or a Replacement Service Provider following the termination or expiry (whether in whole or in part) of this Agreement.
Service Transfer Date means the date on which the Services or services similar to the Services revert to the Customer or transfer to a Replacement Service Provider as the case may be




Services means the services agreed to be provided by the Service Provider to the Customer, each as set out Schedule 2 (Service Descriptions), or any agreed Change Control Note, or referred to in clause 4 of this Agreement.
Site Based has the meaning given in paragraph 8 of Schedule 2.    
Site Licence is a Licence agreed between the Parties in accordance with Schedule 22 (Locations and Site Licence) to this Agreement.
Sites means Customer Locations.
Small Project is a Change Project with effort greater than 32 person hrs and a value equal to or less than USD 50,000 (as further described in section 3.3.3 of Annex 5 to Schedule 2).
SME means “Subject Matter Expert”.
Software means any computer program (in object code or Source Code form), program interfaces and any tools or object libraries embedded in that Software.
Source Code means in relation to any Software used to perform the Services or provided as part of the Services, (i) electronic and hard copy versions of the set of human readable, higher level programming language instructions or statements in which the Software was written; and (ii) any additional documents and information as the Customer may reasonably require to maintain, modify, alter, upgrade, develop, or enhance the Software or any part of the Software.
Specification means the specification for a Deliverable as set out in Schedule 2 (Service Descriptions).
Standard Operating Procedures has the meaning given in paragraph 2.1.14 of Schedule 2.
Standards and Policies means those standard and policies set out in Schedule 6 (Standards and Policies).
Statement of Work or ‘SOW’ means any statement agreed between the Parties for a Change Project in accordance with the template(s) set out in Schedule 20 to this Agreement.
Steering Committee means the committee comprising two (2) senior management representatives of each Party, as appointed by each party from time to time, which decide on the priorities and strategic direction of the Services and whose representatives at the Effective Date are as set out in Schedule 12 (Governance and Service Management).
Step In means the right of the Customer to take control over the provision of the Services or any part of them in accordance with clause 32.1 (Step In).
Storage & Backup Management Services has the meaning given in section 2.4 of Schedule 2, Annex 2.
Sub-contractor means those sub-contractors to the Service Provider approved in accordance with clause 17 and excludes, for the avoidance of doubt, any COTS Vendors, Affiliates of the Service Provider or suppliers of Service Provider Tools.
Sub-contractor List is the list of Sub-contractors set out in Schedule 5 (Sub-contractor List).
Subprocessor has the meaning set out in paragraph 1 of Schedule 21 (Data Processing and Transfer).
Subsequent Service Commencement Date has the meaning set out in clause 3.1.
Successor Service Provider means the third party or the Customer, or a Customer Affiliate appointed by the Customer to provide the Replacement Services.
Supply Chain has the meaning set out in clause 47.2.
System: means an interconnected grouping or electronic processes, including Equipment, Software and associated attachments, features, accessories, peripherals and cabling, and all additions, modifications, substitutions, upgrades or enhancements to such System, to the extent a party has financial or operational responsibility for such System or




System components hereunder. System shall include all Systems in use or required to be used as of the applicable Service Commencement Date, all additions, modifications, substitutions, upgrades or enhancements to such Systems and all Systems installed or developed by or for Customer or Service Provider following the applicable Service Commencement Date.
Task Completion Date means the date for completion of Transition, Committed Transformation Future Transformation Tasks agreed between the Parties in accordance with Schedule 8 (Transition and Transformation) of this Agreement as set out in the relevant project plan.
Technical Design or Technical Design Phase refers to the technical design phase of Transformation as further described in Appendix 1 of Schedule 8 (Transition and Transformation).
Term means the Initial Term together with any extension of the Initial Term.
Termination Assistance means the Services to be provided by the Service Provider in the event of and/or in the lead in to the termination (in whole or in part) or expiry of the Agreement as further described in clause 37 (Termination Assistance) and Schedule 15 (Exit Plan and Transfer Arrangements).
Termination Assistance Period means the period agreed pursuant to clause 37 of this Agreement as further described in paragraph 3.1 of Schedule 15 (Exit Plan and Service Transfer Arrangements).
Termination Date has the meaning set out in paragraph 25.1.1 of Schedule 10.
Third Party Material: Material and/or Software and/or hardware or other third party items or services or tools (i) used by the Service Provider in the course of the Services or otherwise provided to the Customer or its Affiliates pursuant to this Agreement; or (ii) provided by or on behalf of the Customer to the Service Provider hereunder in each case (as applicable) in respect of which the Intellectual Property Rights are owned by a third party
Third Party Provider or TPP means a third party entity that provides goods or services to the Customer Group in relation to or otherwise connected to the End-to-End Services. 
Third Party Service Provider means the same as TPP.
Tool means any program used for software development, testing, data search, analysis, project management, measurement and monitoring or system maintenance, including related know-how.
Tool Administration means administrative tasks required for backups and regulatory compliance as defined in the Standards and Policies.
Tooling Fund has the meaning set out in paragraph 21.5 of Schedule 10 (Pricebook, Charges and Invoicing).
Transferee has the meaning set out in clause 39.2.
Transformation means Committed Transformation and/or Future Transformation.
Transformation Acceptance Tests are as described in paragraph 4.1.3 (ii) of Schedule 8 (Transition and Transformation).
Transformation Charges means the Charges set out in section 14 of Schedule 10 (Pricebook, Charges and Invoicing) and the ‘Transformation’ tab of Appendix 10-A in respect of the Committed Transformations.
Transformation Deliverables means the Deliverables related to Committed Transformations and/or Future Transformations.
Transformation Manager means the Service Provider’s Onshore and/or Offshore Committed Transformation Manager(s) appointed in accordance with paragraph 5.2 of Schedule 8 (Transition and Transformation) and the Parties’ Future Transformation Managers as appointed from time to time in accordance with paragraph 7.1 of Schedule 8 (Transition and Transformation).




Transformation Phase means the relevant phase of the Transformation Projects set out in Appendix 1 of Schedule 8 (Transition and Transformation) including but not limited to “Initiation”, “Plan and Design”, “Build and Test” and “Go Live”.
Transformation Plan means (i) the detailed plan of activities and associated timescales for the implementation of the Transformation activities covering the Committed Transformations as set out in Appendix 1 of Schedule 8, or (ii) the plan to be agreed between the Parties pursuant to Appendix 2 of Schedule 8 (Transition and Transformation), in respect of Future Transformation Plan.
Transformation Project means (i) the projects set out in Appendix 1 of Schedule 8 (Transition and Transformation) in respect of Committed Transformations and (ii) where agreed between the Parties from time to time, Future Transformations.
Transformable Services has the meaning set out in paragraph 1.1(ii) of Schedule 8 (Transition and Transformation).
Transformation Services means the services agreed between the Parties pursuant to Schedule 8 (Transition and Transformation) including but not limited to Committed Transformation Services and, where agreed between the Parties from time to time, Future Transformation services.
Transformation Task means any transformation related tasks agreed between the parties pursuant to Appendix 1 of Schedule 8 (Transition and Transformation) including but not limited to Committed Transformation Tasks and, where agreed between the Parties, Future Transformation Tasks.
Transformed Services means Transformable Services that have undergone Transformation.
Transition means implementation of those services to be provided by the Service Provider to the Customer in accordance with the terms of this Agreement and as more particularly described in Schedule 8 (Transition and Transformation).
Transition and Transformation Services Board means a board of representatives appointed by the Customer, Service Provider and other interested third parties and in accordance with paragraph 6.2 of Schedule 8 (Transition and Transformation).
Transition Charges means the Charges which may be payable for Transition as set out in section 5 of Schedule 10 (Pricebook, Charges and Invoicing).
Transition, Committed Transformation and Future Transformation Documentation has the meaning given to it in paragraphs 1.5.2 and 1.5.3 of Schedule 8 (Transition and Transformation).
Transition Deliverables means the Deliverables relating to Transition agreed between the parties in Appendix 1 to Schedule 8 (Transition and Transformation).
Transition Dependency means the Customer Dependencies in relation to Transition as set out in Appendix 1 of Schedule 8 (Transition and Transformation) to this Agreement.
Transition Exit Criteria is as defined in Schedule 8, Appendix 8-A per transition.
Transition Manager has the meaning set out in paragraph 5.2 of Schedule 8 (Transition and Transformation).
Transition Milestone Date dates for each transition milestone as defined in Part A Appendix 8-A.
Transition Phase means the phases of the Transition Project as set out in Part A of Appendix 8-A (Transition and Transformation) including but not limited to Planning, Knowledge Acquisition and Go Live.
Transition Plan the detailed plan of activities and associated timescales for the implementation of the Services set out in Schedule 8 (Transition and Transformation).
Transition Project means the project to deliver Transition for each Service Tower in Part A of Appendix 8-A (Transition and Transformation).




Transition Schedule means the schedule for Transition activities as agreed between the Parties pursuant to paragraph 3.1.1 of Schedule 8 (Transition and Transformation) as more further described in Part A of Appendix 8-A (Transition and Transformation).
Transition Services has the meaning set out in paragraph 1.1.1 of Schedule 8 (Transition and Transformation.
Transition Task means any task relating to transition that the Parties agree and set out in a relevant Transition Plan in accordance with Appendix 1 of Schedule 8 (Transition and Transformation) to this Agreement.
UK Customer has the meaning set out at the Parties section of the Agreement.
UKI Insurance Head is the head of the Service Provider’s Insurance vertical in the UK and Ireland region.
Unified Communications means the consistent integrated user interface across multiple networked devices and media types including enterprise communication services, instant messaging (chat), presence information, voice (including IP telephony), mobility features (including extension mobility), audio, web and video conferencing.
Unit Rate means the charge for an individual unit of service as set out in various sections of Schedule 10.
US Customer has the meaning set out at the Parties section of the Agreement.
User Volume means the number of End Users from time to time.
VAT has the meaning set out at clause 23.1.
VIP has the meaning given in paragraph 7.1 of Schedule 2.
Virus means any form of harmful or surreptitious code, including malware, disabling devices, Trojan horses, system monitors, keyloggers, dialers, adware and adware cookies.
Volume Discount has the meaning given in paragraph 22.1 of Schedule 10.
Wilful Abandonment means the Service Provider deliberately abandoning ceasing the provision of all or a substantial part of the Services in breach of this Agreement without a bona fide attempt to resume such Services or to remedy the cause of such abandonment, but not where the Supplier has any contractual right under this Agreement to cease to deliver Services or is otherwise relieved of its obligations hereunder (including in respect of non-payment of fees by the Customer or where the Service Provider is entitled to relief).
Wilful Default means any deliberate material breach of this Agreement by the Service Provider without any bona fide attempt to remedy.
Work Orders means Work Request.
Work Request means any statement agreed between the Parties for a Change Project in accordance with the template(s) set out in Schedule 20 (SOW and Work Request Pro formas) to this Agreement provided always that references to SOWs in this Agreement shall include Work Requests unless otherwise stated in the relevant provision (including, in particular, for the purposes of calculation of liability under clause 34).
Working Day means a day other than Saturday or Sunday or those days agreed between the Parties to be public holidays in respect of the Services provided to the UK Customer, US Customer and Bermuda Customer as per the holiday calendar set out in the Procedures Manual.
Working Hours means the usual hours in a Working Day as agreed between the Parties and set out in paragraph 16.4.1 of Schedule 10.







SCHEDULE 2
SERVICE DESCRIPTIONS
SERVICES
1.
Scope of Service Descriptions
1.
The “Service Descriptions” consist of the services, functions and obligations that the Service Provider is to provide under:
1.
this Schedule 2;
2.
the following Annexes to this Schedule 2:
(a)
Annex 1 (Common Services) (together with the Services described in the body of this Schedule 2, the “Common Services”);
(b)
Annex 2 (Infrastructure Management Services) (the “Infrastructure Management Services”);
(c)
Annex 3 (Operations and Service Delivery Services) (the “Operations and Service Delivery Services”);
(d)
Annex 4 (Application Management Services) (the “Application Management Services”);
(e)
Annex 5 (Change Management Services) (the “Change Management Services”);
(f)
Annex 6 (Network Management Services) (the “Network Management Services”)
(g)
Annex 7 (Security Services) (the “Security Services”)
3.
the other provisions of this Agreement, including but not limited to clause 4 (Services), Schedule 5 (Sub-Contractor List), Schedule 8 (Transition and Transformation), Schedule 10 (Charging and Invoicing) Schedule 12 (Governance and Service Management), Schedule 13 (Contract Change Control Procedure), Schedule 14 (Service Integration), Schedule 15 (Exit Plan and Service Transfer Arrangement) and Schedule 16 (Business Continuity and DR Plan).
2.
Certain of the Annexes referred to above (and certain Annexes that may be agreed in future and added to this Agreement pursuant to the Contract Change Control Procedure) contain “RACI” matrices setting out responsibility for aspects of the Services, accountability for the same as well as where a Party is to be consulted or informed about an aspect of the Services. In this regard the Parties agree that:
1.
where a Party is stated to be responsible and/or accountable for a task or action that shall be deemed to be an obligation on that Party to perform that task or action; and
2.
where a Party is required to be consulted or informed about a task or action the other Party shall be deemed to have accepted an obligation to consult with and/or inform the first Party in relation to the same.
3.
The Service Provider will discuss on an ongoing basis, the current and future business and operational needs of the Customer and the other Service recipients, and any corresponding adjustment to the Services and Charges. The Service Provider shall implement New Services through the Contract Change Control Procedure and the Service Provider will work with the Customer to assess the impact of any such New Services.
4.
As of each Service Commencement Date, the Service Provider shall assume full operational and management responsibility for the Services to which that Service Commencement Date applies as set forth in this Schedule 2.





2.
Cross Tower Services
The Services set out in this paragraph are common to all individual Service Towers and apply to all Services provided hereunder.
The Service Provider shall:
1.
provide the Services described in this Schedule (2) to meet the forecasted activity in accordance with paragraph 13.4 (Change Management forecasting) and paragraph 18 (Forecasting) of Schedule 10 (Pricebook, Charges and Invoicing) , ensuring that peak activity periods as described below are accounted for;
1.
Peak Periods are month end; quarter end; and year end
2.
Change freezes are through the renewals season which are 1st April; 1st July; and late October through to end of December
2.
understand all Customer Standards and Policies, and how current processes and systems map against such Customer Standards and Policies;
3.
pursuant to Schedule 12 (Governance and Service Management) and in particular The Steering Committee, provide pro-active input to the Customer regarding:
1.
improvement opportunities for the Customer Standards and Policies;
2.
proposed changes to the Customer Standards and Policies;
3.
industry direction (including in respect of regulatory requirements which are known to Service Provider) and how services similar to the Services are being provided in other organisations; and
4.
how changes to Aspen’s Standards and Policies will impact the then current work processes and systems;
4.
identify and assist in resolving issues related to the Customer’s processes in respect of the Services;
5.
provide guidance and advice to the Customer in respect of improving the Customer’s work process designs and the potential implications of such work process designs, to improve efficiency and reliability;
6.
comply with the Customer processes, systems security and access policies (including, without limitation, the Customer ‘Group Information Security Policies and Standards’), as set out in Schedule 6
7.
make continuous improvements in the work processes and associated documentation to ensure a Service which is adapting to meet the market demand, consistently eradicating waste and ultimately delivering to the principles of continuous improvement;
8.
deliver quality checking against processes to optimise right first time execution;
9.
provide support capabilities for the agreed hours of operations to all in-scope geographies;
10.
escalate commercial and strategic issues in respect of the Services to the Customer, as required, in accordance with the escalation procedures as set forth in Schedule 12 (Governance & Service Management);
11.
escalate BAU issues in respect of the Services to the Customer, as required, in accordance with the agreed escalation procedures with the Customer point of contact; and
12.
provide the Services in accordance with the Standard Operating Procedures or SOP set out in or referenced in the Procedures Manual from time to time and/or the Customer’s written instructions as provided from time to time. It being agreed that changes to the SOPs and changes deriving from the Customer’s written instructions shall be managed via the Contract Change Control Procedure or the applicable day to day change management procedures set out in the Service Descriptions.

3.
Services Priority
The matrix below defines the priority matrix of tickets based on the urgency and impact of the issue impacting the applications (and their underlying infrastructure and security) in production.
Definitions as follows:
Core Services: means those applications and Infrastructure that require Gold level SLA such as: Email (external, internal and mobile), [***]-AA, Network, CoLo, File Shares, Backups and DR.
Business Services: means those applications that require silver level SLA [but are not part of the Core Services]
General Services: means those applications that require Bronze level SLA [but are not part of the Core Services].




Customer may in exceptional circumstances escalate certain financial, compliance and financial market reporting to a higher priority due to the business impact to the Customer, which may not be based on number of users or multiple businesses.
PRIORITY MATRIX
Urgency
1-High 
(Gold)
2-Medium (Silver)
3-Low (Bronze)
Core Services
Business Services
General Services
Impact
(1-High)
Impacted work critically time Sensitive
Several System / Users are affected
Multiple business functions and users affected
Impact of the incident will increase rapidly
P1
P2
P3
(2-Medium)
Impacted work is time Sensitive
Single System / User is affected
Single business function or multiple users affected
Impact of the incident increases considerably over time
P2
P3
P4
(3-Low)
Single user impacted
Impact of the incident increases moderately over time
P3
P4
P5

4.
Operational Reporting/MI
The Service Provider shall:
1.
provide timely, accurate and relevant operational reports to support the day-to-day operational requirements. The reports will demonstrate the delivery of the Services in line with the Service Levels identified in Schedule 3 (Service Levels and Service Credits);
2.
provide timely, accurate and agreed operational reports to support the governance forums identified in Schedule 12 (Governance and Service Management); and
3.
provide timely accurate and relevant management information to support the governance forums in Schedule 12 (Governance and Service Management).
From the first Service Commencement Date, the Service Provider will provide the standard reports in Appendix 2-A to this Schedule 2, until such time as other reports are agreed between the Parties.
5.
Balanced Scorecard and Service Levels
The Service Provider shall:
1.
in accordance with Schedule 12 (Governance and Service Management), the Service Provider shall create a Balanced Scorecard that take into account the qualitative and quantitative aspects of performance of both Parties that are measured in these engagements. The reports sowing performance against the metrics in the Balanced Scorecard will be shared with the Customer during the scheduled governance reviews as defined in Schedule 12.;
2.
in accordance with and subject to Schedule 3 (Service Levels and Service Credits), the Service Provider shall develop operational metrics jointly with the Customer and track them to measure process performance, monitor service levels and enhance productivity:




3.
track all agreed metrics on a regular basis and report /monthly dashboards; and
4.
perform root cause analysis on Service Level deficiencies and remediate in accordance with an agreed action plan.
6.
Geographical Scope
The Parties acknowledge and agree that, in this Agreement:
1.
references to the Customer receiving the Services will include, to the extent that they are receiving the Services, all of its Affiliates from time to time. Should additional Customer Locations be added to the scope of the Services then this will be recorded by updating the locations as identified in Schedule 22 (Locations and Site Licence) via the Contract Change Control Procedure; and
2.
references to the Service Provider performing the Services will include, to the extent they are performing the Services, its Affiliates and subcontractors that perform them. To the extent any Services are being performed by any of its Affiliates or Sub-Contractors the Service Provider will procure the performance of such Services by such Affiliates and Sub-Contractors.
The Services shall be provided to all Sites and to all End Users designated by the Customer from time to time and located in the sites listed in Schedule 22 - Locations and Site Licence
7.
Supported Languages
The language to be supported by all operating service streams specified in Section 1.1.2 of this document is English. The interface to devices (e.g. laptop keyboards or the graphical user interface) may be in local format. For example, in Zurich the windows interface will be in German.
8.
End User Categories
The Service Provider will support all agreed categories of End Users, specifically: Site Based End Users, Non-Site Based End Users, Third Party End Users and VIP End Users.
Definitions:
Site Based End Users: means Customer’s IT users based out of customer’s office as defined in Schedule 22
Non-Site Based End Users: means Customer’s IT users based out of locations other than as defined in Schedule 22
Third Party End Users: means Customer’s IT users based from contracted Third Party Providers as defined in Schedule 14
VIP End Users: means Customer’s high-ranking employees and non exec directors who should be provided with a priority service
9.
Documentation
From the Effective Date, the Service Provider shall be responsible for designing and developing Documentation in accordance with Good Industry Practice to support and manage the Services as set out in this Schedule 2 (Service Descriptions) and, to the extent such Documentation exists as of the Effective Date, updating it. Thereafter, the Service Provider shall be responsible for maintaining and updating the Documentation. The Documentation and any updates thereto shall be subject to written approval by the Customer and shall conform to Documentation standards agreed by the Parties.
The Service Provider’s responsibilities with respect to Documentation shall include the following:
1.
on an ongoing basis, reviewing Documentation for completeness and accuracy in order to procure that the Documentation is present, organised, readable, updated and otherwise acceptable to the Customer in form and content. Where it is determined that any Documentation is inaccurate (e.g. erroneous or out of date), the Service Provider shall correct such Documentation promptly or, as applicable, procure that the third party responsible for such Documentation provides corrections;
2.
to the extent not covered in the Procedures Manual, documenting procedures to be utilised by End Users for the correct use of Equipment, Software, connectivity, security, and the Service Desk in accordance with the Services;
3.
providing support, advice and assistance to End Users consistent with current Documentation;




4.
maintaining in a common accessible repository:
1.
the existing Inventory and Inventory System Documentation with respect to the Customer IT Environment;
2.
the existing Documentation used by the Service Provider and by any third party suppliers;
3.
the Service Provider’s internal Documentation; and
5.
making all Documentation (save for the Documentation referred to in clause 8.2.4.3 above) available electronically to the Customer, subject to any legal requirements to provide Documentation in paper copy.

10.
COORDINATION

The Service Provider shall be responsible for the end-to-end coordination and management of delivery of the Run and Change Services.
In this respect, the Service Provider’s obligations shall include those set out in clause 14 (Co-operation and Third Party Contracts) and Schedule 14 (Service Integration).







APPENDIX 2-A
SERVICE PROVIDER STANDARD REPORTS
Process
Report Names
Description
Incident Management
OMM_Incident SLAs by stage wise
Gives the count of the Incident SLA based on the SLA stages
Incident Management
OMM_No of Incidents Tower wise
Display the Count of the Incidents created on every month based on their category
Incident Management
OMM_Monthly Tickets Volume Trend
Number of the Incidents closed in last 6 month based on their Priority are displayed.
Incident Management
OMM_Resolution SLA Details
Gives the details like stage and priority about the resolution SLA of the Incident
Incident Management
OMM_Percentage of tickets closed outside SLA timelines (i.e) Has breached = False/True
Gives the percentage of the Incident tickets closed or resolved after the Resolution SLA breached based on their priority.
Incident Management
OMM_Percentage of Incidents Responded within SLA - based on Priority
The percentage of the Successfully Responded Incident Tickets for which the SLA stage is either achieved or closed is provided.
Incident Management
OMM_Percentage of incidents resolved Within SLA - based on Priority
The percentage of the Successfully Resolved Incident Tickets for which the SLA stage is either achieved or closed is provided.
Incident Management
OMM_No of Incidents met Response Time SLA Priority wise
The Number of the Incident which are resolved successfully and have their SLA stage as either Achieved or Completed are grouped based on their Priority.
Incident Management
OMM_Mean time to Respond per priority
The Average Elapsed time of the Response SLA for Incidents is given based on their Priority
Incident Management
OMM_Mean time to Resolve per priority (MTTR)
The Average Elapsed time of the Resolution SLA for Incidents is given based on their Priority
Incident Management
OMM_Average Speed of Answer (ASA)
The Average Response speed for the Incidents.
Incident Management
OMM_Average Handling Time (AHT)
The Average Resolving time for the Incidents.
Incident Management
OMM_% Improvement in MTTR ( Mean Time to Resolve)
Percentage of Performance increase in the resolving the Incident Tickets are grouped by Priority wise
Incident Management
OMM_Closed Incident C-SAT Score
Total number of requested and responded surveys.
Incident Management
OMM_No of Incidents Configuration Type wise - for current year
Number of tickets Created for the current year grouped based on the Configuration Item.
Incident Management
OMM_Misrouted Tickets
The Incident Tickets which are Reassigned more than one time.
Incident Management
OMM_No of Incident Tickets escalated to the Resolver Group
Number of theReassigned Incident Tickets for which are escalated.
Incident Management
OMM_Number of tickets reopened after closure
Number of tickets for which the reopen count is more than one.
Incident Management
OMM_Increase in stability
Shows the Performance increase in resolving the Incident ticket by grouping the closed tickets on every month.
Incident Management
OMM_No of Incidents State wise
Gives the count of the Incidents created on every month based on their State
Incident Management
OMM_Aging / Backlog of Incident Tickets
Backlog or Aging reports is the count of tickets created and carry forwarded to next week. Yet to be resolved.
Incident Management
OMM_Analyze Metrics by Country
Analyses the number of Incident tickets from different countries.
Incident Management
OMM_No of Incidents
Total number of incident ticket logged on every month.
Incident Management
OMM_No of Incidents Closed Priority wise
Lists the closed Incidents based on their Priority
Incident Management
OMM_Tickets Created(From Inbound Calls and Emails)
Number of tickets logged through contact channel(Phone or Email)
Incident Management
OMM_No of Incidents Company Wise
Number of Incident tickets based on their company.
Incident Management
OMM_No of Incidents Support Group wise
Number of Incidents categorized based on their assignment group
Incident Management
OMM_Ticket Volume by Business Process Area
Number of Incident tickets grouped based on their State/ Provinces




Incident Management
OMM_Percentage of Incidents Resolved within First Level(FLR %)
count of the Incident tickets for which the reassigned count is zero.
Incident Management
OMM_No of Incidents Priority wise
Number of Incidents ticketed each month, Priority wise
Incident Management
OMM_Average Ticket Quality Review Scores - For Analyst
Service Desk satisfactory rating for technical competency of the technician per assignee
Incident Management
OMM_Average Ticket Quality Review Scores - For Project
Service Desk satisfactory rating for technical competency of the technician per assignment group
Incident Management
OMM_No of CSAT Responses
Chart based on the customer satisfactory survey response per month
Incident Management
OMM_VSAT% (Very Satisfied %)
Customer satisfactory survey is grouped based on the response A-Excellent & B- Good per month
Incident Management
OMM_DSAT% (Dissatisfied %)
Customer satisfactory survey is grouped based on the response D-Dissatisfied per month
Incident Management
OMM_Neutral CSAT %
Customer satisfactory survey is grouped based on the response C-Neutral per month
Problem Management
OMM_Problem resolution stratum - By Priority
Total time taken to resolve problem tickets grouped by priority.
Problem Management
OMM_No of Incidents Eliminated due to Problem Resolution
Count of incident tickets linked to resolved problem tickets.
Problem Management
OMM_Average time to close problem ticket
Average duration taken to close/resolve problem tickets per month
Problem Management
OMM_Number of approved root cause for PIR
Count of Problem tickets that has approved root cause analysis for Post Implementation Review (PIR)
Problem Management
OMM_Trend of Problem Records Closed
Problem tickets closed trended by closed month
Problem Management
OMM_Root Cause Analysis within 7 days
Number of problem tickets that has Root cause analysis for 7 days or less
Problem Management
OMM_ Problem records through proactive analysis
Number of problem tickets that is undergoing proactive analysis.
Problem Management
OMM_Problem Records taken up for Root Cause Analysis
Number of Problem tickets that are in progress and taken up for root cause analysis.
Problem Management
OMM_Problem Records Created
Count of problem tickets grouped by created month and priority.
Problem Management
OMM_Aging / Backlog of Problem Records
Backlog or Aging is the count of Problem tickets created and carry forwarded to next month. Yet to be resolved.
Problem Management
OMM_No of Problem Tickets carry forwarded fom Previous Month
Count of problem tickets open from last month and carry forwarded with grouping done by items on which the issue has been raised and Priority wise.
Problem Management
OMM_No of Problem Tickets created Item wise (Including P1, P2, P3 & P4)
Count of problem tickets grouped by Items on which the issue has been raised and Priority wise.Eg: Computer, Software, Application, AIX Server.
Problem Management
OMM_Problem resolution stratum - By Priority (>72 Hrs)
Total time taken to resolve problem tickets grouped by priority. This total time must be greater than 3 days.
Problem Management
OMM_Problem resolution stratum - By Priority (48 - 72 Hrs)
Total time taken to resolve problem tickets grouped by priority. This total time must be between 2 days to 3 days.
Problem Management
OMM_Problem resolution stratum - By Priority (12 - 48 Hrs)
Total time taken to resolve problem tickets grouped by priority. This total time must be between 12 hours to 2 days.
Problem Management
OMM_Problem resolution stratum - By Priority (0-12 Hrs)
Total time taken to resolve problem tickets grouped by priority. This total time must be less than 12 hours.
Problem Management
OMM_Number of problems that exceed target resolution times
Count of Problem tickets that have been closed after the planned resolution time.
Problem Management
OMM_ Proactive problems resolved
Count of Problem tickets that have been Identified and Resolved before any incident tickets were raised on the issue.
Problem Management
OMM_Numbers of problems fixed by changes
Count of Problem tickets that had a permanent fix via a change request
Problem Management
OMM_Number of changes resulting by problems
Number of problem tickets from which change request was raised.
Problem Management
OMM_Number of rejected resolutions
Count of Problem tickets that have been closed/resolved and rejected.
Problem Management
OMM_Number of known errors identified
Count of problem tickets categorized as Known errors
Problem Management
OMM_No of KEDB Updations made
Count of Problem tickets from which Known Error updations where made




Problem Management
OMM_Problems by State
Count of Problem tickets grouped by state
Change Management
OMM_Weekly CR Volume Trend and status
Count of change tickets Closed or Resolved per week in last 30 days.
Change Management
OMM_No of Changes per stage this month
Count of change tickets grouped by ticket status this month
Change Management
OMM_No of Changes - Approved per category
Count of change tickets that has been approved and grouped by category
Change Management
OMM_Change Success Rate
Count of successful changes per category
Change Management
OMM_No of Changes - Implementation Failed or Backed-out per category
Count of failed change tickets per category. All failed changes are backed-out.
Change Management
OMM_No of Emergency Changes Implemented
Count of Emergency Change tickets implemented (Closed Successful and Closed Partial Successful) per category
Change Management
OMM_No of Changes - Implemented per category
Count of change tickets that has been implemented (Closed Successful and Closed Partial Successful) per category.
Change Management
OMM_No of Changes - Implementation WIP per category
Count of change tickets for which work started but yet to complete implementation.
Change Management
OMM_No of Changes - Rejected per category
Count of change tickets that has been rejected by the approver.
Change Management
OMM_No of Changes - Pending Approval per category
Count of chage tickets that has been sent for approval process but yet to get a decision from the approver's behalf.
Change Management
OMM_Application CRs completed on time
Count of change tickets raised on Applications and is completed on time or before Planned End date and time.
Change Management
OMM_Percentage of Incidents caused due to Change Implementation
Percentage of incident tickets caused by the implementation of change tickets
Change Management
OMM_No of Changes - Successfully Implemented per category
Count of change tickets that has been successfully implemented and grouped by category per month.
Change Management
OMM_No of RFCs - Received per category
Count of change tickets received per category
Change Management
OMM_No of RFCs - Received per Department
Count of change tickets assigned to resolving users per department
Change Management
OMM_No of Changes implemented with Back-out Plan per category
Count of change tickets implemented with Back-out plan and grouped by category
Change Management
OMM_CRs by type Normal/Routine/Emergency
Count of change tickets grouped by change type
Change Management
OMM_CRs by Business Process Area
Count of change tickets grouped by State/Province(Business Process Area)
Change Management
OMM_Monthly CR Volume Trend
Count of change tickets grouped by status per month
Change Management
OMM_Number of CRs approved and rejected
Count of tickets closed this month and grouped by approval status
Change Management
OMM_Trend by Normal/Routine/Emergency changes
Count of change tickets grouped by change type and trended by closed on each month
Knowledge management
OMM_Number of knowledge articles Updated/Reviewed
Count of Knowledge articles reviewed or published per month
Knowledge management
OMM_Number of knowledge articles contributed per month
Count of knowledge articles published per month
Knowledge management
OMM_Users of knowledge base
Report on list of Users per department who uses Knowledge Base
Knowledge management
OMM_Knowledge by Workflow state
Number or Percentage of Knowledge articles in each of the workflow stages - Draft, Review, Published, Retired.
Knowledge management
OMM_Usage of Knowledge Articles
Number of hits on each of the articles grouped by article category
Knowledge management
OMM_Number of KB articles linked to change/release tickets
Count of Articles that is linked to change or release tickets
Knowledge management
OMM_Number of KB articles linked to problem records
Count of Articles that is linked to problem tickets





SCHEDULE 2 ANNEX 1

COMMON SERVICES

1.    Common Services Overview and Objectives                    3
1.1    Common Services Overview                            3
1.2    Service Objectives                                3
1.3    Service Scope                                    4
2.    Service Definitions                                4
2.1    Cross-Functional Services                            4
2.1.1    Incident and Problem Management                        4
2.1.2    Release & Deployment Management                        4
2.1.3    Capacity Management and Availability Management                4
2.1.4    Knowledge Management                            5
2.1.5    Service Request Management                            5
2.1.6    Configuration Management                            5
2.1.7    Service Level Management                            5
2.1.8    Continual Service Improvement                            5
2.2    Data Connectivity                                6
2.3    Tools and Tools Management                            6
2.4    Run Services Change Pool                            6
2.5    Documentation                                    8
3.    Service Descriptions and Roles & Responsibilities                9
3.1    General Responsibilities                                9
3.2    Cross-Functional Services                            10
3.2.1    Incident and Problem Management                        10
3.2.2    Change and Release Management                        12
3.2.3    Capacity and Availability Management                        14
3.2.4    Knowledge Management                            15
3.2.5    Service Request Management                            16
3.2.6    Configuration Management                            16
3.2.7    Service Level Management                            17
3.2.8    Continual Service Improvement                            18
3.3    Data Connectivity                                18
3.4    Tools and Tools management                            19
3.5    Documentation                                    21
3.6    Third Party Contract Negotiation Support                    21
4.    Service Environment                                21
4.1    Operating Model                                21
4.2    Level 2 / Level 3 Support                            22
4.3    Service Priority                                    23
4.4    Resource Roles and Skill Set                            23
4.5    Support Timings                                23
5.    Pricing                                        25
6.    Reporting                                    25
7.    Governance and Escalation                            26
8.    Business Continuity and DR                            26
9.    Appendices List                                26






SCHEDULE 2 ANNEX 1

COMMON SERVICES

1.
Common Services Overview and Objectives

1.1
Common Services Overview

This Annex 1 (Common Services) to Schedule 2 (Service Descriptions) sets forth the roles and responsibilities of the Parties relating to the Common Services that apply to the provision, delivery and management of all Services within the scope of this Agreement. The Service Provider will provide the Common Services across all Service Towers and all future IT Service Towers that are added to this Agreement.

As depicted in Figure 1 below, Services, activities and roles and responsibilities described in this Annex are within the scope of each of the other Annexes to Schedule 2 (Service Descriptions). Figure 1 depicts the relationship between this Annex and the other Annexes to Schedule 2 (Services).

Figure 1:     Service Towers

schedule1figure1a01.jpg
 
Each Annex to Schedule 2 (Service Descriptions) contains references to appendices setting out an initial or default list of then-current Tools and supporting Software that may be used to provide or support the Service Areas. Notwithstanding the foregoing, the Parties may upon thirty (30) days’ prior notice update, substitute, replace, add or remove any of the Tools or supporting Software in the then-current lists from time to time during the Term, with any Changes to this Agreement being documented in accordance with the Contract Change Control Procedure.

1.2
Service Objectives

The Customer’s objective is to modernise IT Services, reduce operational costs, and support its business and technology objectives. The following are the key high-level Services to which the Common Services will apply in order to achieve the Service objectives:
Provide Service Management, Programme Management, and tools required to deliver the service as listed in the following Annexes
Annex 2 (Infrastructure Management Services) (the “Infrastructure Management Services”);
Annex 3 (Operations and Service Delivery Services) (the “Operations and Service Delivery Services”);
Annex 4 (Application Management Services) (the “Application Management Services”);
Annex 5 (Change Management Services) (the “Change Management Services”);
Annex 6 (Network Management Services) (the “Network Management Services”); and
Annex 7 (Security Services) (the “Security Services”).

1.3
Service Scope

The Service Provider will provide the following services:
Cross-Functional Services
Incident and Problem Management
Release Management
Knowledge Management
Service Request Management
Configuration Management




Service Level Management
Capacity and Availability Management
Continuous Service Improvement
Data Connectivity
Tools and Tools Management Services
Documentation
Program Management Office to support reporting and governance of all services


2.
Service Definitions

2.1    Cross-Functional Services

Cross-Functional Services aims to provide ITIL based common support services across all services provided under the Annexes listed in Section 1.2 of this document.
The following Sections provide definitions of the services provided under Cross-Functional Services.

2.2.1Incident and Problem Management

The objective of Incident Management is to restore normal service operation as quickly as possible and to minimise the impact on business operations resulting from any service disruptions, thus ensuring that optimal and agreed levels of service quality and availability are maintained. The process covers any Incident, external or internal, which impacts directly or indirectly on the Services provided by the Service Provider.
The objective of Problem Management is to minimise adverse business impact by preventing potential Incidents from occurring. This is performed by determining and addressing root causes of recurring Incidents through the implementation of long term solutions.
The Service Provider will provide Incident and Problem Management Services across the Annexes listed in Section 1.2 of this document, with the exception of Annex 5 (Change Management Services).

2.2.2Release & Deployment Management

The goal of Release and Deployment Management is to deploy Releases into operation and establish effective use of the service in order to deliver value to the Customer. Release and Deployment Management also ensures handover to service operations takes place and that suitable training and documentation exists to ensure ongoing support of the new service.
The Service Provider will provide Change and Release Management Services across the Annexes listed in Section 1.2 of this document.

2.2.3Capacity Management and Availability Management

The objective of Capacity Management is to ensure that there is sufficient capacity in the Services to meet agreed Service Levels in an optimised, cost effective, timely and responsive manner. Capacity Management considers all resources required to deliver the provided services in terms of the capacity needed, and is planned ahead for short, medium and long term business requirements.
The objective of Availability Management is to optimise the capability of the IT infrastructure, Services and supporting organisations to deliver a cost effective and sustained level of availability for new, adjusted and existing Services to enable the Customer to meet its business objectives.
The Service Provider will provide Capacity and Availability Management Services across the Annexes listed in Section 1.2 of this document.






2.2.4Knowledge Management

Knowledge Management is responsible for maintaining the service Knowledge Management system, which represents the total body of knowledge within the service management organisation. In order to deliver services successfully, it is necessary that knowledge be captured, organised, and made available to all with a need to know. 
The Service Provider will provide Knowledge Management Services across the Annexes listed in Section 1.2 of this document.

2.2.5Service Request Management

Service Request Management is the process to manage the lifecycle of all Service Requests. It ensures that all authorised Service Requests are accurately fulfilled and the fulfilment time is minimised and prior to closure of a Service Request, all Configuration Items that are changed by the Service Request are updated in the configuration management system.
Service Requests are part of predefined baskets or service request catalogues, agreed between the Customer and the Service Provider, and the Service Requests are submitted by the End-Users service requesters to the Service Provider via self-service or via the Service Desk for processing.
The Service Provider will provide Service Request Management Services across the Annexes listed in Section 1.2 of this document.

2.2.6Configuration Management

The objective of Configuration Management is to account for, provide and maintain accurate information on all Configuration Items, including their relationships within the Customer and its Services, in order to ensure that the Customer has sufficiently detailed information to make optimum use of its resources and to monitor them in a responsible manner. The Configuration Management process assures that all related data can be accessed and presented in an enterprise-wide configuration view, be it Incident, Problem, Change, or Release Management.
The Service Provider will provide Configuration Management Services across the Annexes listed in Section 1.2 of this document.

2.2.7Service Level Management

Service Level Management will maintain and gradually improve business-aligned IT service quality through a constant cycle of agreeing, monitoring, reporting, and reviewing IT service achievements and through instigating actions to eradicate unacceptable levels of service. The Service Level Management role is responsible for the negotiation of new Service Level Agreements (SLAs) during the design of New Services. This also ensures that the Service Provider closely works with the Customer in ensuring that Operational Level Agreements (OLA) and underpinning agreements are in place with Third Party Providers (TPPs).
The Service Provider will provide Service Level Management Services across the Annexes listed in Section 1.2 of this document.

2.2.8Continual Service Improvement

The Continual Service Improvement (CSI) process uses methods from quality management in order to learn from past successes and failures. The ITIL CSI lifecycle stage aims to continually improve the effectiveness and efficiency of IT processes and services, in line with the concept of continual improvement adopted in ISO 20000. This includes service review of the Service Provider services, process and service evaluation, definition of CSI initiatives, implementation and monitoring of CSI initiatives.

The Service Provider will provide Continual Service Improvement across the Annexes listed in Section 1.2 of this document.





2.2    Data Connectivity

The Service Provider will provide voice and data connectivity between the Service Provider’s delivery centres and network to the Customer. The Service Provider will be responsible for specifying the connectivity solution to enable the services to be provided as set in Schedule 2 (Service Description) and to meet the Service Levels as defined in Schedule 3 (Service Levels and Service Credits). The connectivity specification will make provision for organic growth over time, peak loads and anticipate the use of additional services over the life of the agreement, for example increased use of video services.

The Service Provider will deliver the data connectivity between the Service Provider’s delivery centres and Customer Locations through the provision of a primary MPLS based connection and by secondary VPN connection as a backup. The primary and backup links will offer divergence of routing so that in the event of an outage in the primary link, traffic will be automatically directed onto the secondary link. Over this transport path, the data connectivity will be used for Service Provider staff to access the Customer Network from its delivery centres enabling access to the Customer’s Applications, Tools and data using [***] VDI unless otherwise agreed by the Customer in writing.

The Service Provider will provide voice services over separate dedicated and resilient network links. These links and associated software will ensure that the quality of the calls enable the provision of the services in Schedule 2 (Service Description) and meet the Service Levels defined in Schedule 3 (Service Levels and Service Credits). The voice system will be fully integrated into the Customer current voice services so that internal callers see the Service Provider services as an internal extension number both when dialling to Service Provider staff and the Service Desk, and when receiving calls from Service Provider staff.

2.3    Tools and Tools Management

The Service Provider will use a combination of Customer Tools and Service Provider provided Tools to deliver the services provided across the Annexes listed in Section 1.2 of this document. The Service Provider will also maintain and manage the tools in the Customer Environment with a view to ensure service delivery rigour and to ensure that in-scope Customer Applications and Infrastructure is monitored and managed using this toolset.

2.4     Run Services Change Pool

The Service Provider shall:

[***].
[***]:
[***].
[***].
The Run Services Change Pool shall carry out and be involved in typical Simple, Medium, and Complex Projects, as defined below:

Project Category
Category Definition
Simple Project
Single technology .
Less than 8 servers landscape with Applications.
Upgrades and new implementations
And can be accommodated within 240 man hours of effort per Calendar Month.
Medium Project
Multiple technology (Up to 3).
New Technology / Application.
Less than 20 Servers with Applications.
Upgrades and new implementations
And can be accommodated within the 480 man hours of efforts per Calendar Month.
Complex Project
Multiple Technology (more than 3 technology).
Multiple Servers with Applications.
To be scheduled and delivered by the Infrastructure CoE





The Service Provider Delivery Lead / Infrastructure Service Provider Delivery Lead and the Customer Infrastructure Lead will jointly agree how the Run Services Change Pool shall be used;
The Service Provider shall maintain details of the Minor Enhancements and Projects performed by Run Services Change Pool and the Run Services Change Pool hours consumed in such delivery, and will report weekly on these to the Customer.
Any Run Services Change Pool hours not used within a Calendar Month cannot be carried forward to the following Calendar Month.
Additional change capacity (beyond that in the Run Services Change Pool) shall be provided pursuant to section 4.10 of Schedule 2 Annex 5 (Change Management) and in accordance with the commercial principles described in section 12 of Schedule 10 (Pricebook, Charges and Invoicing).

Currency of the Estate

The Service Provider shall review the Customer’s IT estate on a quarterly basis and advise if the currency levels fall below N-1 and at other times as agreed between the Parties.
If the currency levels of any part of the IT estate falls below N-1, the Customer may request that the Service Provider assess the impact of upgrading that component to the level of N-1 and the Service Provider shall prepare such impact assessment, outlining the scope of the work and evaluating the complexity of the upgrade project, in line with the definitions in the table above.
Following completion of the impact assessment, the Parties shall work in good faith to agree how to resource the work, based on the following principles:
For a Simple Project (as defined in the above table), the Service Provider’s team delivering Infrastructure Services (the “Infrastructure Run Team”) may be used, where there is sufficient capacity available to perform the Project.
For a Simple Project (as defined in the above table) where there is insufficient capacity in the Infrastructure Run Team or for a Medium Project, the Run Services Change Pool may be used.
Where there is insufficient capacity in the Infrastructure Run Team and the Run Services Change Pool or the project is Complex Run Services Project, then this shall be treated as a Change Project pursuant to section 4.11 of Schedule 2 Annex 5 (Change Management).


2.5     Documentation

Documentation Services are the activities associated with developing, revising, maintaining, reproducing, and distributing Service Area information in hard copy and electronic form. Documentation includes but is not limited to:

Asset list and configuration for all assets and hardware;
Backup and restore schemes;
Monitoring levels;
Approved minutes of formal meetings;
Service descriptions and Performance Standards;
Processes and procedures;
Known error logs;
User guides;
Service Desk scripts;
Escalation guides;
Major Incident checklist;
Maintenance manual;
Network / Infrastructure diagram;
Data flow diagram;
CMDB maintenance and updates;
Automation scripts;
Production Acceptance Documents (PAD); and
Service Transition and Operational Acceptance Documents (STOAD).

The Service Provider will provide Tools and tools management services to enable service delivery for all services across the Annexes listed in Section 1.2 of this document.






3.
Service Descriptions and Roles & Responsibilities

The following sections and tables throughout this Annex identify the Common Services roles and responsibilities that the Service Provider and the Customer will perform. Within each table below are definitions for the roles and responsibilities, defined for all the Common Services to be used.

RACI Matrix

Responsible
Accountable
Consulted
Informed
Responsible and Accountable
Consulted and
Informed
R
A
C
I
R,A
C,I

The Customer will be informed where it is appropriate to do so by the Service Provider or where approval is required prior to a task or activity being deployed. The Service Provider’s responsibilities are indicated in the column labelled “Service Provider”. The Customer’s responsibilities are indicated in the column labelled “Customer”. The tasks listed in such tables are not exclusive, and do not identify or define every process, activity or task to be performed by the Service Provider in relation to the Common Services.

3.1
General Responsibilities

The following table identifies general roles and responsibilities associated with this Annex:





Table 1.    General Services Roles and Responsibilities
General Services Roles and Responsibilities
Service Provider
Customer
Provide Services that support Customer requirements (e.g., business, technical, End User requirements) as agreed under the other Annexes to Schedule 2 (Service Descriptions).
R, A
c, I
Comply with Customer Standard Operating Procedures (SOPs) (e.g., SOPs for information, information systems, personnel, physical and technical security). Provide, develop, review, update and maintain SOP for Customer’s Environment.
r, A
C , I
Adherence to applicable laws, regulations, policies, and standards and procedures as applicable to the Services.
R, A
C,I
Provide Customer applicable laws, regulations, policies and standards and procedures relative to the Service Areas as may be reasonably requested by the Service Provider.
I
R, A
Interface, manage and coordinate the Customer’s Sub-Contractors specifically for managing commercial relationships and escalation interface as required.
C,I
R,A
Interface, manage and coordinate with the Customer’s Sub-Contractors in order to meet service requirements and the Performance Standards.
C, I
R, A
Ensure that the Service Provider engages in collaborative work efforts with other Customer 3rd party service providers.
R, A
C, I
Measure and report performance against the Performance Standards as outlined in Schedule 3 (Service Levels and Service Credits).
R, A
C, I
Provide the Service Provider with physical access to Sites that are necessary to perform Services during scheduled hours and after hours and emergencies as required.
I
R, A
Provide available Documentation relating to the Services as may reasonably be requested by the Service Provider.
I
R, A
Coordinate all changes to the Service Areas that may affect the Performance Standards of any other Service Area or 3rd party services in such a way that the effects of such changes to the Performance Standards are minimised
R, A
C, I
Utilise, manage and update Customer-provided secured repositories for all account Documentation as described in the other Annexes to Schedule 2 (Service Descriptions) (e.g., project plans and Annexes, configuration diagrams, management reports, Performance Standards reports, procedures, meeting minutes, change notices and procedures manuals).
R, A
C, I
Notify the Customer four weeks in advance of On-Site space requirements for the Service Provider’s On-Site personnel, as required to deliver the Services.
R, A
I
Provide the Service Provider with facilities, equipment and tools for the Service Provider’s On-Site personnel, as required to deliver the Services.
I
R, A
Review, provide additional procedures for and approve operational procedures for each of the Service/sub-service Areas defined in this Annex and all other Annexes to Schedule 2 (Service Descriptions) to which this Annex is applicable.
R, A
C, i
Perform all Services in accordance with mutually agreed services, policies and procedures relating to data security as defined in Schedule 6 (Standards and Policies) and Schedule 7 (Security - IT and Physical).
R, A
C, I
Develop, manage and maintain an up-to-date list of the Service Provider contact information, desk numbers, mobile numbers, and company email for critical resources and provide the same to the Customer on a regular basis.
R, A
C, I






3.2
Cross-Functional Services

3.2.1
Incident and Problem Management

Incident and Problem Management Services are the activities associated with restoring normal Service operation as quickly as possible and to minimise the adverse impact on the Customer’s business operations, thus ensuring that levels of service quality and Availability described in this Agreement (including but not limited to the Performance Standards) are maintained.

Problem Management also includes minimising the adverse impact of Incidents and Problems on the Customer’s business that are caused by errors in the Service Areas, and to prevent the recurrence of Incidents related to those errors. In order to achieve this goal, Problem Management seeks to get to the root cause of Incidents and then initiate actions to improve or correct the situation.

The following table identifies the Incident and Problem Management Services roles and responsibilities that the Service Provider and the Customer will perform.    

Table 2     Incident and Problem Management Services Roles and Responsibilities

Incident and Problem Management Services Roles and Responsibilities
Service Provider
Customer
The Parties will develop interim Incident and Problem Management processes during the Transition Period, and the Service Provider shall comply with such processes during the Transition Period and during the Term.
R, A
C, i
Establish operations and Service management quality assurance and control programs.
R, A
C, i
Participate in Service improvement opportunities with the Customer, and provide Good Industry Practice recommendations to the Customer.
R, A
C, i
Review, approve and perform operations and Service management quality assurance and control programs.
C, I
R, A
Interface and coordinate with the Customer and 3rd parties for Incident and Problem Management Services activities.
R, A
C, i
Establish Incident / Problem classification by priority as specified in section 3 of Schedule 2 (Service Descriptions).
R, A
C, i
Define and adhere to Incident / Problem requirements for workflow, escalation, communication and reporting processes that help to achieve the Performance Standards.
R, A
C, i
Utilise Service Provider instance of [***] Tools for Incident and Problem Management Services tracking, that tracks Incidents across all Service Areas.
R, A
C, i
Engage in entire Incident / Problem lifecycle support including detection, escalation, diagnosis, Customer status reporting, workaround, repair and recovery.
R, A
C, i
Ensure Incident Resolution activities conform to defined Change Management and other policies, processes and procedures.
R, A
C, i
Log all Incidents related to Changes, correlating Incidents to Service Changes or other Incidents as applicable and escalate reporting as required.
R, A
C, i
Manage efficient workflow (including providing recommendations on improving efficiency) of Incidents including the involvement of third parties (e.g., Service Providers, public carriers, ISP, 3rd party service providers) and broadcast of outages.
R, A
C, i
Participate in Problem review sessions and provide listing and status of Problems categorised by Problem impact.
R, A
C, i
Authorise closure of Priority Level 1 and 2 Incidents.
C, I
R, A
Report and confirm the restoration of the Service to agreed stakeholders at the time the Incident is resolved.
R, A
C, i
Identify possible enhancement opportunities for improved operational performance based on results of Incident and Problem Resolution activities.
R, A
C, i




Review and approve projects to implement enhancement opportunities.
C, I
R, A
Provide a known error database and process as it exists on the Effective Date.
C, I
R, A
Utilise and update known error database and process.
R, A
C, I
Participate fully in the Customer’s Major Incident management process and in post Major Incident lessons learned reviews.
R,A
C,I
Respond to requests for information and / or updates from the Customer’s IT Management and relevant stakeholders in accordance with SLAs and KPIs described in Appendix 3-A.
R,A
I
Maintain and provide the Customer with escalation contacts who can be contacted when a Major Incident occurs.
R,A
I
Ensure that escalation contacts respond to any Major Incident alerts in a timely manner, and that a delegate is assigned if the usual contact is absent or will be unavailable.
R,A
I
Conduct proactive trend analysis to identify recurring Problems and provide RCA Services, trend analysis and reporting to the Customer.
R, A
C, I
Track and report on all Priority Level 1 Incidents, and Problems, and provide associated consequences.
R, A
C, I
Recommend solutions to address recurring Problems or failures and updated known error databases for non-remediated Problems
R, A
C, I
Review and approve solutions to address recurring Problems or failures.
C, I
R, A
Identify the root cause of Priority Level 1 Incidents and designated Problems, and recommend appropriate Resolution action.
R, A
C, I
Review and approve solutions to address Priority Level 1 Incidents and designated Problems.
C, I
R, A
Provide a status report detailing the root cause of and procedure for correcting recurring Problems and Priority Level 1 Incidents until closure as determined by the Customer.
R, A
C, I
Identify the root cause of Priority Level 2, 3 and 4 Incidents at the Customer’s request.
R, A
C, I

3.2.2
Change and Release Management

Change Management and Release Management Services are the activities associated with ensuring that standardised methods and procedures are used for efficient and prompt handling of all Service Changes and Software releases in the Customer’s service environment (e.g., Hardware, Software, interfaces), in order to minimise the impact of change upon Service quality and consequently to improve the day-to-day operations of the Customer’s Environment. Change Management covers all aspects of managing the introduction and implementation of all Service Changes affecting all Service Areas and in any of the management processes, Tools, and methodologies designed and utilised to support the Service Area components. Changes are classified under the following categories:

Emergency: Changes done to prevent an imminent outage or to fix a high priority Incident. These changes will go through CAB approval.

Normal: Changes that aren’t a standard or emergency change. These changes will go through CAB approval.

Standard: Low risk, pre-approved, low-frequency changes. These changes will not go through CAB approval.

Minor: Changes that do not have a significant impact and are done as part of routine maintenance.

Release Management Services are activities associated with providing a holistic view of a Service Change to an existing Service or addition of New Service(s) to ensure that all aspects of a Release, both technical and non-technical, are considered together and to plan and oversee the successful rollout of technologies, design and implement efficient procedures for distribution and the installation of Changes. The activities also ensure that only correct, authorised and tested versions are installed and that Service Changes are traceable and secure.

The Service Provider and the Customer will establish, with representatives from both the Customer and the Service Provider, a Change Management Advisory Board (“CAB”). The purpose of the CAB is to ensure all Hardware, Software,




and environmental configuration Service Changes are planned, analysed, implemented, tested, approved, and seamlessly transitioned to a production support state. The CAB will meet on a regularly scheduled basis to discuss and approve planned Service Changes. The Service Provider and the Customer will follow a mutually agreed Change Control procedure. The Customer will lead the CAB for all changes occurring in respect of the Services and the Parties shall mutually agree on the Service Changes. The Service Provider will participate on the CAB and provide required inputs. The Service Provider will also participate on an as needed basis with the Customer on all other Service Changes (through Change Control) occurring outside of the Service Provider’s Services under the direction of the Customer’s CAB representative.

The following table identifies Change Management and Release Management Services roles and responsibilities that the Service Provider and the Customer will perform.

Table 3    Change Management and Release Management Services Roles and Responsibilities
Change and Release Management Services Roles and Responsibilities
Service Provider
Customer
Provide a Change Management Tool.
R, A
C, I
Lead the CAB and attend regular meetings.
C, I
R, A
Schedule, organise, administer, minute and co-ordinate regular CAB meetings.
R, A
C, I
Adhere to Customer policies on Service Change classifications (impact, severity, risk) and a Change Management authorisation process, including a list of contacts authorised to request Service Changes to scope by level of authority (e.g. dollar amount impact), and any updates thereto.
R, A
C, I
Document and classify proposed Service Changes to the CAB, risk impact for all changes and back out plans of those Service Changes and establish Release Management plans for all Service Changes.
R, A
C, I
Develop and maintain a change calendar of planned Service Changes and provide to the Customer for review as required.
R, A
C, I
Communicate and coordinate recommended Service Changes with all affected parties.
R, A
C, I
Schedule and conduct Change Management and Release Management meetings to include review of planned Service Changes and results of Service Changes made.
R, A
C, I
Provide Change Management and Release Management documentation as required.
R, A
C, I
Ensure completeness of all Change Management and Release Management documentation prior to the implementation of Service Changes and releases, and identify to the Customer any discrepancies in the documentation.
R, A
C, I
Approve all Change Management and Release Management documentation.
C, I
R, A
Authorise and approve scheduled Service Changes or alter the schedule of any or all Change Requests.
C, I
R, A
Review Release Management details with the Customer and alter as appropriate (e.g., back out plan, go/no go decision).
R, A
C, I
Notify the Customer and other third parties of Service Change timing and impact.
R, A
C, I
Ensure Change Management and Release Management Service processes are consistent across all environments (e.g., development, test and production).
R, A
C, I
Implement Service Change and adhere to detailed Release plans.
R, A
C, I
Modify and update systems and documentation impacted by implemented Service Changes (e.g., CMDB, asset management system, Service catalog (if applicable), disaster recovery plan) using Customer-supplied Tools.
R, A
C, I
Verify that the Service Change met objectives and resolve negative impacts from the Service Change.
R, A
C, I
Perform quality control activities and approve Service Change results.
R, A
C, I
Implement and document out-of-/CAB-cycle Service Changes related to the infrastructure components in accordance with Change Control.
R, A
C, I
Implement and document out-of-/CAB-cycle changes related to application Software in accordance with Change Control.
R, A
C, I





3.2.3
Capacity and Availability Management

Capacity / Availability Management Services are the activities associated with ensuring that the capacity and availability of the infrastructure matches the evolving demands of the Customer’s business in the most cost-effective and timely manner. The Service Provider shall provide comprehensive Capacity and Availability Management for all Service Areas. Capacity and Availability Management will address areas of Service degradation and outages due to increases in utilisation of Services and infrastructure. Additionally, it will be used to support proactive development, maintenance, and communication of tactical and strategic technology plans, and to accommodate growth of the Customer’s business and changing business requirements.

The following table identifies the Capacity / Availability Management Services roles and responsibilities that the Service Provider and the Customer will perform:

Table 4.    Capacity / Availability Management Services Roles and Responsibilities

Capacity / Availability Management Services Roles and Responsibilities
Service Provider
Customer
Utilise, configure and maintain Service Tools supplied by the Customer that allow for the effective capacity / availability monitoring / trending and reporting of IT infrastructure, applications and IT components.
R, A
C, i
Recommend additional Tools as mentioned in Schedule 5 (Sub-Contractor List) necessary to supplement the Customer’s Tools.
R, A
C, i
Identify future business requirements that will alter capacity / availability requirements (e.g., strategic and operational plan).
C, I
R, A
Define future capacity / availability requirements and define thresholds.
C, I
R, A
Organise and conduct capacity / availability planning meetings on a monthly basis, including provision of planning minutes, risk issues, issues log.
R, A
C, i
Assess capacity / availability impacts to all technology when adding, removing or modifying Services, Applications and Infrastructure.
R, A
C, i
Continually monitor Services resource usage to enable proactive identification of capacity / availability issues and recommend changes to capacity to improve service performance
R, A
C, i
Assess Incidents/Problems related to throughput performance.
R, A
C, i
Approve capacity / availability related recommendations and implementation.
C, i
R, A
Maintain capacity levels to optimise use of existing IT resources to deliver Services to the Performance Standards.
R, A
C, i
Ensure adequate capacity / availability exists within the IT environment to meet the Performance Standards, taking into account daily, weekly, Hardware and Software lifecycle and cyclical business variations in capacity demands using reports from Customer-supplied Tools. Reasonable loads to be determined during the initial period of 3 months from Service Commencement Date. Reasonable anticipated peak loads will be included in the analysis of capacity to meet Performance Standards, while abnormal loads will be taken up on a case to case basis following a root cause analysis
R, A
C, i
Review and approve the suggested changes to the threshold values defined mutually during transition
C, I
R, A


3.2.4
Knowledge Management

Knowledge Management is responsible for maintaining the service Knowledge Management system, which represents the total body of knowledge within the service management organisation. In order to deliver the Service successfully, it is necessary that knowledge be captured, organised, and made available to all with a need to know. 





Table 5.    Knowledge Management Services Roles and Responsibilities

Knowledge Management
Service Provider
Customer
Co-ordinate and maintain a valid Service Catalogue and Knowledge Management repository across all Service Desk resolver groups, including first time fixes & standard Service Requests.
R, A
C, I
Provide, co-ordinate and manage a single online Knowledge Management database to be used by all support staff across all resolver groups and service delivery partners and:
Enable all resolver groups to identify suitable items for the Knowledge Base;
Review and agree; and
Document & update.
R, A
C, I
Maintain a list of all resolutions (Incident & request) that can and should be resolved at the first point of Customer contact.
R, A
C, I
Provide existing KEDB & Standard Operating Process Documentation.
C, I
R, A
Facilitate regular updates and creation of SOP for Service Areas managed by the Customer’s team or a 3rd party.
R, A
C, I


3.2.5
Service Request Management

Service Request Management is the process to manage the lifecycle of all End User Service Requests. It ensures that all authorised Service Requests are accurately fulfilled and the fulfilment time is minimised and prior to closure of a Service Request all Configuration Items that are changed by the service request are updated in the configuration management system.
Service Requests are part of predefined baskets or service request catalogues, agreed between the Customer and the Service Provider, and the Service Requests are submitted by the End-Users to the Service Provider via Self-Services or via the Service Desk for processing.





Table 6.    Service Request Management Services Roles and Responsibilities
Service Request Management Services Roles and Responsibilities
Service Provider
Customer
Develop, maintain and update an approved Service Catalogue on Service Provider provided [***] tool.
R,A
C,I
Develop and maintain request fulfilment process and procedure documentation. for all Service Catalogue items
R,A
C,I
Work with and provide effective collaboration and communication between all affected parties involved, or potentially involved in the fulfilment of Service Requests.
R,A
I
Provide accurate and meaningful communication and reporting with all affected parties in relation to Service Requests.
R,A
I
Coordinate service request activities with the Service Desk and provide resolver group support to the Service Desk and/or End Users as necessary.
R,A
I
Provide access of processes and tools necessary for the Service Desk and perform request fulfilment for all approved Service Catalogue items
R,A
C,I
Maintain a complete audit trail of Service Requests including recording and tracking Service Requests and updating Service Request status in [***].
R,A
I
Respond to Service Requests using the Service Request template agreed with the Customer.
R,A
C,I
If the Service Request cannot be fulfilled, communicate the same to the requestor, appropriate affected parties and any other service provider as directed by the Customer.
R,A
C,I
Fulfil authorised Service Requests through the Service Catalogue and where this involves one or more changes, implement those changes in accordance with Change Management process.
R,A
C,I


3.2.6
Configuration Management

Configuration Management Services are the activities associated with providing a logical model of the Service Areas by identifying, documenting, controlling, maintaining, and verifying the installed service environment (e.g., Hardware, Software, interfaces, network). The goal of Configuration Management is to account for all IT assets and configurations, provide accurate information on configurations and provide a sound basis for Incident, Problem, Change and Release Management Services and to verify configuration records against the infrastructure and correct any inaccuracies. The following table identifies the Configuration Management Services roles and responsibilities that the Service Provider and the Customer will perform.

Configuration Management Database (CMDB) - The repository of information related to the in-scope components of the Customer information system.





Table 7.    Configuration Management Services Roles and Responsibilities

Configuration Management Services Roles and Responsibilities
Service Provider
Customer
Provide a CMDB Tool.
R, A
C, I
Maintain related information in the Configuration Management Database (CMDB), in accordance with Customer requirements using Customer-supplied Tools.
R, A
C, I
Provide data for upload into the CMDB.
C, I
R, A
Enter configuration data into the CMDB (if authorised).
R, A
C, I
Maintain configuration baselines as reference points for rebuilds, and provide the ability to revert to stable configuration states.
R, A
C, I
Establish processes for verifying the accuracy of Configuration Items, adherence to Configuration Management process and identifying process deficiencies.
R, A
C, I
Support, maintain, update on an ongoing basis and verify the accuracy of Configuration Items, and the adherence to the Configuration Management process and identify process deficiencies.
R, A
C, I

3.2.7
Service Level Management

Service Level Management will maintain and gradually improve Business-aligned IT service quality through a constant cycle of agreeing, monitoring, reporting, and reviewing IT service achievements and through instigating actions to eradicate unacceptable levels of service. The Service Provider’s Run Service Lead shall be responsible for the agreement of new Service Levels with the Customer during the design of New Services. This also ensures that the Service Provider closely works with the Customer in ensuring that Operational Level Agreements (OLA) and the underpinning agreements are in place with Third Party Providers (TPPs).

Table 8.    Service Level Management Services Roles and Responsibilities

Service Level Management Services Roles and Responsibilities
Service Provider
Customer
Define Service Level monitoring requirements and policies.
C, I
R.A
Manage agreed Service Levels.as per Schedule 3 Appendix A in the document Schedule 2 Annex 1 (Common Services)
R,A
C,I
Identify new target Service Levels in line with business requirements and ensure existing SLAs remain fit for purpose.
C,I
R,A
Agree new or changes to Service Level Agreements with the Customer.
R,A
C,I
Negotiate and maintain Operational Level Agreements with Third Party Providers.
C,I
R,A
Analyse, review and report service performance against Service Level Agreements and Operational Level Agreements.
R,A
C,I
Provide an executive summary dashboard for SLA reporting as part of the Service Provider-provided single secure web portal.
R,A
C,I
Perform tool maturity assessment for integrated Service Level management and provide appropriate recommendations.
R,A
C,I
Measure, analyse, and provide management reports on performance relative to SLAs.
R,A
C,I
Develop , implement and deliver SLA improvement plans where required.
R,A
C,I
Review and approve SLA metrics, performance reports and improvement plans.
C,I
R,A





3.2.8
Continual Service Improvement

The Service Provider will focus on continual improvements within infrastructure support operations to reduce demand (tickets) while improving the efficiency and availability of Customer’s systems. The following CSI levers will be implemented:
S. No
CSI Lever
Description
1
Shift-Left
Shift left tickets to Service Desk for known error resolution and SOP based Service Requests.
Leverage the ITSM KM module for KEDB/KM enrichment.
2
Effort reduction through Automation of SOP based tasks/Self Service
Automation of repeating / SOP based Service Requests.
Enabling Self-Help in [***] tool where possible.
Automation of routine operational activities.
Deploying BOTs using our [***] capability.
3
Work elimination / Influx reduction
Pro-active Problem Management to avoid repeat Incidents.
Effective root cause analysis (RCA) using techniques like Pareto and fish-bone analysis.
Preventive Incident and Problem Management through predictive analytics.
4
Cross skilling
Cross training Service Provider’s resources on technology / application.
Retain optimal technical and application SMEs needed.
5
App strengthening
Using Service Provider’s zero maintenance debt framework to identify avoidable technical, functional debts and implementing efficient code to ensure higher system availability.
6
Service Level Management
Improve and enhance Service Levels across all in-scope applications to ensure high availability of the Customer’s systems.


3.3
Data Connectivity
Data Connectivity Roles and Responsibilities
Service Provider
Customer
Set up of data connectivity prior to the Service Commencement Date between the Service Provider’s Offshore delivery centres and the Customer’s datacentres and offices.
R,A
C,I
Steady-state link status monitoring and management.
R,A
C,I
Access permission and demarcation point at Customer’s DC.
C,I
R,A
Extension of link from demarcation point to cabinet.
R
A,C,I




3.4
Tools and Tools Management

The Service Provider will utilize the following tools listed below:
[***]
For the avoidance of doubt, the following IT support tools will be used by the Customer in the IT environment. The Service Provider is only responsible for maintenance and support of these to the extent set out in Schedule 2 Annex 2 (Operations & Service Delivery), in respect of which they will be treated as “catch and dispatch”, Schedule 2 Annex 7 (Security Services) and as explicitly referenced in Schedule 2 Annex 4 (Application Management Services). For anything else, they will be managed as Third Party Providers pursuant to Schedule 14.
[***]
The scope of activities performed as part of this tower is as follows:
Tools Services Roles and Responsibilities
Service Provider
Customer
Coordinate activities with appropriate stakeholders including applications and design personnel.
R, A
C, I
Coordinate with Third Party Providers on matters that affect the enterprise Tools.
R, A
C, I
Provide user inquiry support and ad-hoc support as requested by the Customer.
R, A
C, I
Co-ordinate with various stakeholders regarding other information required to support the effective operation and setup of the enterprise Tools.
R, A
C, I
Manage and maintain configuration changes (add, delete, modify) of monitoring and Service management tools in the Customer to ensure proper operation and changing business requirements.
R, A
C, I
Create and provide standard reports using the reporting components available with the tool to teams within the Service Provider and the Customer.
R, A
C, I
Survey Tools and Software vendors to recommend on all maintenance plans and releases required to keep the Tools current and operating properly. Ensure that the tools version is within the supported version offered by the vendor and make endeavors to keep the tool version at N-1 level of the current version (subject to the Customer’s approval).
R, A
C, I
Continuously monitor all in-scope Tools to ensure proper operation and that adaptive maintenance needs are planned and addressed.
R, A
C, I
Propose and, subject to Customer approval, implement an adaptive maintenance schedule for the supported Tools. The schedule will cover patches and minor software enhancements.
R, A
C, I
Monitor all enterprise Tools for necessary preventative maintenance actions.
R, A
C, I
Recommend necessary Preventative Maintenance actions.
R, A
C, I
Approve Preventative Maintenance actions.
C, I
R, A
Implement Preventative Maintenance actions in accordance with the Change procedures.
R, A
C, I
Define, recommend improvements to configure threshold values to be configured in the tools and update Customer approved thresholds in the Tools.
R, A
C, I
















3.5
Documentation

Table 9.    Documentation Services Roles and Responsibilities

Documentation Services Roles and Responsibilities
Service Provider
Customer
Provide output in an agreed format for the support of activities throughout the life cycle of the Services as specified in each of the other Annexes to Schedule 2 (Service Descriptions).
R, A
I
Document system specifications and configurations (e.g., interconnection topology, configurations).
R, A
I
Develop, document and maintain Customer operating procedures Documentation in a Customer-provided repository (e.g., boot, failover, backup etc.).
R, A
C, I
Provide the initial IT System architecture / design documentation as it exists on or around the Effective Date.
C, I
R, A
Maintain and update the Services design Documentation as changes are introduced.
R, A
C, I
Provide to the Customer up to date documentation on operations, procedures and Services.
R, A
C, I
Review and approve mutually agreed Standard Operating Procedures Documentation.
i
R, A






3.6
Third Party Contract Negotiation Support

Service Provider will leverage its knowledge and experience to provide the Customer with appropriate support and guidance to enable the Customer to realise the 3rd party contract cost savings identified by the Service Provider as set out in Appendix 10-A (Pricebook) 3rd party list worksheet.

4.
Service Environment

4.1
Operating Model

All services are delivered to the Customer in adherence with the governance defined in Schedule 12 (Governance and Service Management). The day-to-day operations for each service are defined within each Schedule 2 Annex.

The Service Provider will provide a Programme Management Office (PMO) function to deliver reporting and to manage cross-service responsibilities. The Service Provider will further use the Change Management capability within the Change Management function, as defined in Schedule 2 Annex 5 (Change Management Services) to assist with capacity, project and change management across the services.

The services will be delivered from the Service Provider’s delivery location in India and from the Customer’s location in London, UK.

The Service Provider will establish an ITIL-based tiered support model, including L1.5, L2 and L3 services.

For L1.5 support, please refer to Schedule 2 Annex 3 (Operations and Service Delivery Services) that sets forth the roles and responsibilities of the Service Desk.

The Service Provider will establish an integrated L1.5 Service Desk for all IT Incidents and Service Requests, including the Network, Infrastructure, Security and Application related Incidents and Service Requests. This team will attempt resolution based on documented procedures / Standard Operating Procedures being agreed upon with the Customer on an ongoing basis. If the L1.5 team is unable to resolve the Incident, the Incident will be escalated to the Level 2 support team.

Level 2 Support, will be responsible for providing resolution to escalated issues in addition to providing routine system administration activities.

Level 3 Support, will be responsible for providing Problem Management and root cause analysis activities and interfacing with the Customer retained team. The Level 3 support team will also support the resolution team for any escalated issues.

The L1.5, Level 2 and Level 3 support teams will coordinate with any 3rd party vendors for issue resolution as appropriate.

4.2
Level 2 / Level 3 Support

Level 2 Support- Support analysts who will provide Incident resolution and fulfilment services for issues / requests escalated by the Level 1.5 Service Desk. The primary objective will be to ensure stability of the operations environment and associated business processes over and above the availability of the Customer’s Infrastructure. All issues requiring specialist help will be escalated to the Level 3 support.

Level 3 Support- This group will resolve complex unknown Incidents and perform proactive trend analysis to identify the bottlenecks within this Service Area (root cause of recurring Incidents, availability and performance issues) and implement permanent fixes in consultation with the Customer. The primary objective will be to perform preventative maintenance, break fix support and enhancements to the systems as needed.

The table below provides the activities performed by Level 1.5, Level 2 and Level 3 support respectively:





Support Level
In-scope activities
-
Integrated Smart Operations (L1.5 layer)

Focus Area:
Initial triage and first level fix, Customer satisfaction, collaboration with L2/L3 teams to identify owner of incidents and closure thereof, as well as batch / infrastructure monitoring
The centralised ‘Integrated Smart Operations’ as part of the ServiceDesk will provide support to all the in-scope Infrastructure. This group will be responsible for the below services:
24x7 Infrastructure monitoring and management;
24x7 Incident Management
Known Incident Management & known error resolution based on the availability of Standard Operating Procedure (SOP);
Standard Service Requests;
Documentation of SOPs, building & enriching known error database (KEDB) - with the help of L2/L3 Teams;
Batch Monitoring;
Coordination with other teams & 3rd Party vendors for issue resolution;
Catch, analyse and dispatch Incident for unknown errors to next level (engage Level 2 / Level 3 teams as needed);
Record and report against SLA/KPIs documented in Schedule 3 (Service Levels and Service Credits);
Status reporting in accordance with Schedule 12 (Governance and Service Management); and
Support to Service Desk (enablement / Documentation through Knowledge Management and KEDB updates / analysis of Incidents / shift left) - help improve First Level Resolution (FLR) & faster turnaround, leading to positive End User experience.
Level 2
As set out in the relevant Schedule 2 (Service Descriptions) annex.
Level 3
As set out in the relevant Schedule 2 (Service Descriptions) annex.
 

4.3
Service Priority

Please refer to Section 3, Schedule 2 (Service Description) that defines and sets forth Services Priority for the Common Services.

4.4
Resource Roles and Skill Set
Resource Roles
Skillset
Lead, Service Management
ITIL certified.
Well versed with ITIL processes and ability to lead process improvements.
Guide and mentor the Service Management team and delivery leads.
Ability to work with Customer and Third Party Providers in fine tuning the process and revisiting OLAs to meet the overall objectives.
Service Manager(s)
ITIL Foundation certified.
Hands-on experience of managing ITIL process.
Ability to run / coordinate with various resolver groups / 3rd parties during Priority 1 Incidents / major outages.

Please refer to Schedule 18 (Key Personnel) that sets out the Service Provider’s key personnel involved in delivery of the Services.

4.5
Support Timings

Support services will be delivered to the Customer through the Service Provider’s Onshore / Offshore delivery model. All the resources will be based at the Service Provider’s or the Customer’s offices as required, in particular:





The Service Provider’s On-Site resources will be based at the Customer’s offices to provide on premise business hours support during week days;
The Service Provider’s Run Lead will be based in the UK and work from the Customer’s office; and
The team will provide on-call support coverage during weekends, holidays and after business hours during weekdays.

The table below provides the support coverage timings for the service:
Activities
Support Coverage
Support Location
Service Management
24x7
Customer’s premises, London, UK.
Service Provider’s ODC, India.

Support services for the Activities described under the following Annexes:
Schedule
Annex
Title
Schedule 2
Annex 2
Infrastructure Management Services
Schedule 2
Annex 3
Operations and Service Delivery Services
Schedule 2
Annex 6
Network Management Services
Schedule 2
Annex 7
Security Services

Will follow the service timings described below:
Activities
Support Coverage
Support Location
L1.5
24x7
Service Provider Service Location, Glasgow, UK (Service Desk).
India Offshore Service Provider Service Location.
L2
08:00-22:00 UK time (Monday to Friday)
On-call support for P1 and P2 Incidents during off-business hours and weekends.
Customer premises, London, UK.
India Offshore Service Provider Service Location.
L3
08:00-22:00 UK time (Monday to Friday)
On-call support for P1 and P2 Incidents during off-business hours and weekends.
Customer premises, London, UK.
India Offshore Service Provider Service Location.

Support services for the Activities described under the following Annexes :
Schedule
Annex
Title
Schedule 2
Annex 4
Application Management Services





Will follow the service timings described below:
Level
Days of Support
Hours of Support
Type of Support
Location
Level 2/ Level 3
Monday - Friday
08:00 - 17:00, GMT
On-Site
UK
18:00 - 22:00, GMT
On-call for critical and Major Incidents
08:00 - 17:00, EST
On-Site
US
18:00 - 22:00, EST
On-call for critical and Major Incidents
07:00 - 16:00, IST
On-Site, Shift 1
India Offshore Service Provider Service Location
14:00 - 23:00, IST
On-Site, Shift 2
Weekend, Holidays
On-call support for critical and Major Incidents.
UK, US
During peak business periods
Peak business periods that occur during Week, Month, Calendar Quarter and Calendar Year end.
UK, US

5.
Pricing

The charges for Common Services are set out in Schedule 10 (Pricebook, Charges and Invoicing), paragraph 8 (Common Services). Capacity in the Run Services Change Pool is covered in paragraph 2.4 (Run Change Pool) and any additional change capacity will be provided under Schedule 2, Annex 5 (Change Management Services).


6.
Reporting

Reports are provided by the Service Provider, sent by email or uploaded to a designated Customer site. The Service Provider will provide Service Level reporting through [***]. Reports can be exported to Adobe Acrobat, MS Excel, MS Word, or Rich Text format. Report frequency will be on a monthly basis, if not otherwise agreed for a specific report.
[***] reports will be available real time and based on integration with the Customer tooling set.
The Service Provider has included the following reports as standard for Service Desk (please refer to Schedule 2 (Service Description), Appendix 2A for a full list of standard reports):
Daily Dashboard - SLA Compliance Report published daily at engagement, Customer, vertical and practice levels.
Weekly - Risk and escalation Report.
Monthly - Operations maturity indexes report, monthly metrics book, SLA compliance and PMR.

Performance and Management Reporting Responsibilities
Service Provider
Customer
Assess and publish metrics on the quality of services.
R,A
C,I
Monitor quality of application once in production.
R,A
C,I
Provide achievements, value additions and key initiatives.
R,A
C,I
Discuss future strategies on reporting and control.
R,A
C,I
Discuss major risks, concerns, escalations and issues.
R,A
C,I
Provide management status report and SLA dashboard on a monthly basis.
R,A
C,I
Provide achievements, value additions and key initiatives.
R,A
C,I
Review SLA / SLOs and action as needed.
C,I
R,A
Review of major issues and escalations of the last week/period (RCAs).
C,I
R,A
Provide input for future strategy on reporting and control.
C,I
R,A
Discuss any platform or other changes impacting the services.
C,I
R,A
Provide feedback for current reporting.
C,I
R,A






7.
Governance and Escalation

Common Services Lead (refer to Schedule 18 (Key Personnel) from the Service Provider will act as the single point of contact for all Common Services listed in this schedule, including Service Integration and Management Service. The following review meetings will be held on a daily and weekly basis:

Daily Review
Previous day’s Major Incidents, critical updates, status reporting.
Daily status summary of Incidents, Problems, SRs and CR’s.

Weekly Review
Items that need immediate management attention.
SLAs & KPIs statistics report discussion.
Updates on "achievements, trainings, highlights, major issues".
Ticket ageing analysis.

The following will be the escalation mechanism for issues related to Common Services (please refer to Schedule 18 (Key Personnel) for names in these roles).

1st Level - Service Provider’s Run the Business Lead.
2nd Level - Service Provider’s CIO for this ITO contract.
3rd Level - Service Provider’s Head of Insurance UK & Ireland

8.
Business Continuity and DR

Please refer to Schedule 16 (Business Continuity and Disaster Recovery) that sets forth the roles and responsibilities of the Parties for the Application Management Services provided under the Agreement as part of the Services.

9.
Appendices List

Title
Sub-Title
Appendix 2-D
Third Party Resolver Groups
Appendix 2-E
Solution Staff Locations





SCHEDULE 2 ANNEX 2

INFRASTRUCTURE MANAGEMENT SERVICES

1.    Services Overview and Objectives                            3
1.1    Infrastructure Management Services Overview                        3
1.2    Service Objectives                                    3
1.3    Service Scope                                        4
2.    Service Definitions                                    4
2.1    Infrastructure Monitoring Services                            4
2.2    Level 2 / Level 3 Support                                4
2.3    Server Management Services (physical, virtual and cloud)                5
2.4    Storage & Backup Management Services                        5
2.5    Database Management Services                            6
2.6    Messaging Management Services                            6
2.7    Active Directory Management Services                            6
2.8    Patch Management Services                                6
2.9    3rd Party Support Services                                7
2.10    Infrastructure Change Services                                7
3.    Service Descriptions                                    7
3.1    General Responsibilities                                    8
3.2    Infrastructure Monitoring Services                            9
3.3    Server Management Services (physical, virtual and cloud)                9
3.4    Storage & Backup Management Services (On-Site and cloud)                10
3.5    Database Management Services                            10
3.6    Messaging Management Services                            11
3.7    Active Directory Management Services                            11
3.8    Patch Management Services                                12
3.9    3rd Party Support Services                                12
3.10    Infrastructure Change Services                                13
4.    Service Environment                                    13
4.1    Operating Model                                    13
4.2    Service Priority                                        13
4.3    Resource Roles and Skillset                                14
4.4    Support Timings                                    14
5.    Tools                                            14
6.    Pricing                                            14
7.    Reporting                                        14
8.    Governance and Escalation                                14
9.    Business Continuity and DR                                15
10.    Appendices List                                    15

Please see below the list of relevant appendices to this schedule;                15





SCHEDULE 2 ANNEX 2

INFRASTRUCTURE MANAGEMENT SERVICES


1
Services Overview and Objectives

1.1
Infrastructure Management Services Overview

This Annex 2 (Infrastructure Management Services) to Schedule 2 (Service Descriptions) sets forth the roles and responsibilities of the Parties for the Infrastructure Management Services provided under the Agreement as part of the Services. Infrastructure Management Services are the services and activities, as further detailed in this Annex, required to support the Customer’s current and future centralised and remote computing systems environments (e.g., development, testing, staging, production), and all of the supporting infrastructure required to deliver the required Services and meet the Performance Standards. The Customer shall provide co-location hosting facilities and an [***] public cloud environment at which the servers, storage and other equipment shall be managed by the Service Provider.

The Service Provider’s responsibilities in respect of the Infrastructure Management Services include monitoring, administration, troubleshooting, third party coordination and proactive service management (as defined in Schedule 2 Annex 1 (Common Services), Section 3.2 - Cross-Functional Services) in relation to the Customer’s Infrastructure Management Services, and shall include:

Infrastructure Monitoring Services.
Level 2 and Level 3 Support.
Server Management Services.
Storage & Backup Management Services.
Database Management Services.
Messaging Management Services.
Active Directory Management Services.
Patch Management Services.
3rd Party Support Services.
Infrastructure Change Services.

The Service Provider shall ensure the Infrastructure Management Services will comply with the Customer’s service management policies, processes and procedures as prescribed by the Customer (e.g. Incident and Problem management, configuration management, change management, release management, asset management).

In addition to the Services described in this Annex, the Service Provider is responsible for providing the Common Services described in Schedule 2 Annex 1 (Common Services).

Throughout the Term, the Service Provider shall ensure the Infrastructure Management Services will meet the Customer’s changing business, regulatory and technical requirements.

1.2
Service Objectives

The Service Provider shall provide the following services in scope in accordance with the Customer Standards and Policies as defined in Schedule 6 (Standards and Policies). The scope of support provided is detailed in the Service Descriptions section of this schedule.
The Service Provider shall, in its provision of the Infrastructure Management Services:
Deliver a risk-mitigated transition aimed at zero disruption to business.
Schedule 8 (Transition and Transformation) sets out the transition plan for this service.
Maintain Infrastructure availability and stability as per agreed SLAs.
Improve operational efficiencies.
Create and maintain an effective Knowledgebase on [***].
Drive year-on-year cost optimisation by implementing Continual Service Improvements (CSI).
Establish a Target Operating Model providing Level 2 / Level 3 support.
Set up a Service Management Office (SMO) with the following key objectives:




Management of all in-scope Infrastructure elements and coordinate with other Third Party Providers in the Customer ecosystem;
Perform periodic analytics of ticket data to come up with operational improvements; and
Ensuring, tracking and reporting of CSI implementation.

1.3
Service Scope

Details of the scope of services is provided in [Section 1.1 of this Annex] and as defined in section 2.
2
Service Definitions

2.1
Infrastructure Monitoring Services

The Service Provider shall provide 24x7 monitoring and management for the Customer’s:
Server (physical, virtual and cloud);
Storage & Backup;
Database;
Messaging; and
Active Directory.

The Service Provider shall provide Patch Management Services for the Infrastructure in scope.
The service provider shall also provide Incident, Change, Problem, Capacity, monitoring operation on Customer hosted or subscribed datacentres, remote sites or clouds.
2.2
Level 2 / Level 3 Support

Level 2 Support - shall provide incident resolution and fulfilment services for issues/requests escalated to them by the Level 1.5 Service Desk. All issues requiring specialist help will be escalated to the Level 3 support. The primary objective will be to ensure stability of the operations environment and associated processes to the agreed upon SLA levels defined in Schedule 3 (Service Levels and Service Credits).
Level 3 Support - shall resolve complex incidents and perform proactive trend analysis to identify any bottlenecks within this Service area. Preventative measures will include root cause analysis of recurring incidents, availability and performance issues to identify solutions. Any implementation of permanent fixes will be in consultation with the Customer. The primary objective is to perform preventative maintenance, provide break fix support and enhancements to the systems as required.

The table below provides the activities performed by Level 1.5, Level 2 and Level 3 Support:





Support Level
In-scope Activities
Service Desk -
Integrated Smart Operations (L1.5 layer)

Focus Area:
Initial triage and first level fix, Customer satisfaction, collaboration with L2/L3 teams to identify owner of incidents and closure thereof, as well as batch / infrastructure monitoring
All activities described under Section 2.1 of Schedule 2 Annex 3 (Operations and Service Delivery Services) will be provided by the ServiceDesk.
Level 2
 
Focus Area:
Service restoration, provide emergency fixes, corrective maintenance, ensure Infrastructure stability and availability
This group shall be responsible for the below services:
Business day support;
On-call support outside of Business Day Support through a team based On-Site and Offshore;
Major/high priority Incident resolution;
Incident, Problems, changes, queries;
KEDB enrichment;
Implementing Continual Service Improvements (CSI);
Preventative maintenance activities;
Coordination with 3rd party OEM’s for issue resolution;
Provide Infrastructure Change Services within guidelines described in section 2.10.
Level 3

Focus Area:
Infrastructure reliability and resilience, Infrastructure change and efficiency enhancements
This group shall resolve complex unknown incidents escalated by the Service Desk and the Level 2 teams. The services performed by this group include:
Business Day support;
On-call support outside of Business Day support provided by On-Site and Offshore team;
Incident Management - bug fixes and complex issues;
Ad-hoc service request;
Problem Management - root cause analysis, proactive problem management;
Preventative maintenance activities;
Implementing Continual Service Improvements (CSI);
Coordination with 3rd party OEM’s for issue resolution; and
Provide Infrastructure Change Services within guidelines described in Section 2.10.

2.3
Server Management Services (physical, virtual and cloud)

The Service Provider shall:

Act as a single point of contact for the management and administration of the Customer’s Server environments, across production and non-production environments, located across Customer’s datacentres or Customer subscribed cloud providers;
Provide L1.5, L2 and L3 systems support for the Customer's Servers that includes, physical, virtual & cloud;
Support, manage and operate to service all of the required server environments in accordance with Customer Standards and Policies;
Provide Cross-Functional Services for the Customer’s server environments as defined in Schedule 2 Annex 1 (Common Services), Section 2.1 - Cross-Functional Services; and
Coordinate with all 3rd party vendors for resolution of all Incident, Problem and Change tickets or requests as per OLAs existing between the Customer and 3rd party vendors.

2.4
Storage & Backup Management Services

The Service Provider shall:

Act as a single point of contact for the management and administration of the storage & backup;
Provide L1.5, L2 and L3 systems support for the Customer's storage and backup that includes, On-Site and cloud;




Support, manage and operate to service all of the required storage & backup in accordance with the Customer Standards and Policies;
Provide Cross-Functional Services for the Customer’s storage and backup environments as defined in Schedule 2 Annex 1 (Common Services), Section 2.1 - Cross-Functional Services; and
Coordinate with all 3rd party vendors for resolution of all Incident, Problem and Change tickets as per OLAs existing between the Customer and 3rd party vendors.

2.5
Database Management Services

The Service Provider shall:

Act as a single point of contact for the management and administration of the Customer’s database environments;
Provide L1.5, L2 and L3 systems support for the Customer's [***] database that includes database instance & server;
Support, manage and operate to service all of the required databases in accordance with the Customer Standards and Policies;
Provide Cross-Functional Services for the Customer’s Database environments as defined in in Schedule 2, Annex 1 (Common Services), Section 2.1 - Cross-Functional Services; and
Coordinate with all 3rd party vendors for resolution of all Incident, Problem and Change tickets as per OLAs existing between the Customer and 3rd party vendors.

2.6
Messaging Management Services

The Service Provider shall:

Act as a single point of contact for the management and administration of the messaging / e-mail environment;
Provide L1.5, L2 and L3 systems support for the Customer's messaging that includes On-Site hosted or subscribed based email service;
Support, manage and operate to service all of the required messaging in accordance with the Customer Standards and Policies;
Provide Cross-Functional Services for the Customer’s messaging environments as defined in Schedule 2, Annex 1 (Common Services), Section 2.1 - Cross-Functional Service; and
Coordinate with all 3rd party vendors for resolution of all Incident, Problem and Change tickets as per OLAs existing between the Customer and 3rd party vendors.

2.7
Active Directory Management Services

The Service Provider shall:

Act as a single point of contact for the management and administration of the active directory set-up;
Provide L1.5, L2 and L3 systems support for the Customer's hosted or subscribed On-Site and cloud based active directory and associated services (DHCP, DNS);
Support, manage and operate to service all of the required active directory in accordance with the Customer Standards and Policies;
provide Cross-Functional Services for the Customer’s active directory environments as defined in Schedule 2 Annex 1 (Common Services), Section 2.1 - Cross-Functional Services; and
Coordinate with all 3rd party vendors for resolution of all Incident, Problem and Change tickets as per OLAs existing between the Customer and 3rd party vendors.

2.8
Patch Management Services

The Service Provider shall:

Act as a single point of contact for the management and administration of the patch management;
Provide L1.5, L2 and L3 systems support for the Customer's infrastructure On-Site and cloud based for patch management;




Support, manage and operate to service all of the required patch management in accordance with the Customer Standards and Policies;
Develop and implement approved active patching optimisation strategies in support of the Customer's objectives; and
Coordinate with all 3rd party vendors for resolution of all Incident, Problem and Change tickets as per OLAs existing between the Customer and 3rd party vendors.

2.9
3rd Party Support Services

The Service Provider shall:

Provide technical support and coordinate with the Customer and other service providers that are providing 3rd party services for the supported scope of activities;
Provide current technical and operational documentation;
Participate in operations’ reviews with the Customer and relevant 3rd parties monthly with an option to change the frequency in conjunction with the Customer;
Support migration of changes into production;
Notification / escalation to appropriate 3rd party when any supported scope element is negatively impacted due to 3rd party changes; and
Coordinate and document incident and problem resolution.

2.10
Infrastructure Change Services

Please refer to Section 2.4 of Schedule 2 Annex 1 (Common Services) for details on the Infrastructure Change Services description.

3.
Service Descriptions

The following sections and tables throughout this Annex identify the Infrastructure Management Services roles and responsibilities that the Service Provider and the Customer shall perform. The Service Provider undertakes to perform its roles and responsibilities set out in this Annex and agrees that performing those forms part of the Services mentioned in this Annex. The Service Provider’s responsibilities are indicated in the column labelled “Service Provider”. The Customer’s responsibilities are indicated in the column labelled “Customer”. The tasks listed in such tables are not exclusive, and do not identify or define every process, activity or task to be performed by the Service Provider as a contracted function under this Annex.

The Service Provider shall follow the definitions below for the roles and responsibilities defined for all Infrastructure services:
RACI Matrix

Responsible
Accountable
Consulted
Informed
Responsible and Accountable
Consulted and
Informed
R
A
C
I
R,A
C,I

Please refer to Schedule 2 Annex 1 (Common Services) that sets forth the roles and responsibilities of the following services:

Incident Management.
Major Incident Management.
Problem Management.
Change Management.
Service Request Fulfilment.
Continual Service Improvements (CSI).





3.1
General Responsibilities

General responsibilities for the services included within the scope of this schedule are:
24x7 Monitoring of the Customer’s Infrastructure;
Liaison with the Customer and 3rd parties in the Customer vendor ecosystem to resolve all Incidents and Service Requests within the Customer ecosystem;
Root Cause Analysis (RCA) and Problem Management; and
tools administration.

The following table identifies general Infrastructure Management Services roles and responsibilities that the Service Provider and the Customer shall perform:


Infrastructure Management Service General Roles and Responsibilities
Service Provider
Customer
Performing all L1.5, L2 and L3 activities (as per Scope of Work) associated with delivering Infrastructure Management Services.
R,A
I
Manage and maintain the in-scope infrastructure.
R,A
I
Act as a single point of contact for the management and administration of the Infrastructure.
R,A
I
Proactively supply the Customer with optimisation and tuning recommendations.
R,A
I
Coordinate with the Customer and its 3rd parties (e.g. Hardware/Software suppliers, hosting provider, service providers) to meet the Performance Standards.
R,A
C,I
Coordinate with the Customer’s Third Party Providers for Incident resolution and to collect and report on system availability and performance (e.g. hosting provider, security service providers, vendor-specific support providers).
R,A
C,I
Providing End Users with technical support and advice regarding the proper use and functionality of Infrastructure and the services.
R,A
C,I
Monitoring the compliance of all 3rd party vendors with any service levels, or contractual commitments contained in any agreement between the Customer and 3rd party vendors.
I
R,A
Support and maintenance for all Service Request(s) related to the Infrastructure.
R,A
I
Participating , supporting and remediating BCPDR services with the Customer.
R,A
C,I
Procurement of devices / Hardware .
C,I
R,A
Provisioning of new devices / Hardware and coordination with 3rd parties as required for implementation services .
R,A
C,I
Define procurement management process.
C,I
R,A
Implement procurement management process in Service Now.
R,A
C,I
Assess gaps and recommend changes to the process.
R,A
C,I
Review, authorise and procure capacity upgrade and / or new capacity Hardware, Software and licenses.
C,I
A


3.2
Infrastructure Monitoring Services
Infrastructure Monitoring Services - Roles and Responsibilities
Service Provider
Customer
Provide 24x7 monitoring of all in-scope Infrastructure including availability, utilisation, performance and capacity.
R,A
I
Put in place appropriate manual arrangements where automated monitoring, alerts and events cannot be configured.
R,A
C,I
Prepare documentation of known errors and KEDB.
R,A
C,I






3.3
Server Management Services (physical, virtual and cloud)
Server (physical, virtual and cloud) Operations and Administration Roles and Responsibilities
Service Provider
Customer
Perform day-to-day Server monitoring operations and administration.
R,A
I
Server environment monitoring and support.
R,A
I
Coordinating with hosting provider for any hand & feet support.
R,A
C,I
Approval and authorisation required for 3rd party access to the Customer’s facilities.
C,I
R,A
Root cause analysis for Server related issues.
R,A
I
Troubleshoot Server related issues.
R,A
I
Install and configure a new Server in the Customer datacentre or cloud subscription as per the Customer Standard Operating Procedure, security guidelines and agreed design document.
R,A
C,I
Lead, document and evaluate all relevant architecture designs for On-Site and cloud systems.
R,A
I
Participate in DR, DR trials, audits and compliance reviews.
R,A
C,I
Update and maintain CMDB information.
R,A
C,I

3.4Storage & Backup Management Services (On-Site and cloud
Storage & Backup (On-Site and cloud) Operations and Administration Roles and Responsibilities
Service Provider
Customer
Perform day-to-day storage & backup monitoring operations and administration.
R,A
I
Storage & backup monitoring and support.
R,A
I
Coordinating with hosting provider for any hand & feet support.
R,A
C,I
Approval and authorisation required for 3rd party access to the Customer’s facilities.
C,I
R,A
Root Cause Analysis (RCA) for storage & backup related issues.
R,A
I
Troubleshoot storage & backup related issues.
R,A
I
Install and configure a new storage in the Customer datacentre or cloud subscription as per the Customer Standard Operating Procedure, security guidelines and agreed design document.
R,A
C,I
Lead, document and evaluate all relevant architecture designs for On-Site and cloud systems.
R,A
I
Create, test, modify, optimise and delete data backup or data restore jobs in agreement with the Customer.
R,A
I
Participate in DR, DR trials, audits and compliance review.
R,A
C,I
Update and maintain CMDB information.
R,A
C,I

3.5
Database Management Services




Database Operations and Administration Roles and Responsibilities
Service Provider
Customer
Perform day-to-day database monitoring operations and administration.
R,A
I
Database monitoring and support.
R,A
I
Coordinating with hosting provider for any hand & feet support.
R,A
C,I
Root cause analysis for database related issues.
R,A
I
Troubleshoot database related issues.
R,A
I
Install and configure a new database in the Customer datacentre or cloud subscription as per the Customer Standard Operating Procedure, security guidelines and agreed design document.
R,A
C,I
Lead, document and evaluate all relevant architecture designs for On-Site and cloud systems.
R,A
I
Participate in DR, DR trials, audits and compliance review.
R,A
C,I
Update and maintain CMDB information.
R,A
C,I

3.6
Messaging Management Services
Messaging Operations and Administration Roles and Responsibilities
Service Provider
Customer
Perform day-to-day messaging set-up, monitoring operations and administration.
R,A
I
Messaging set-up, monitoring and support.
R,A
I
Coordinating with hosting provider for any hand & feet support.
R,A
C,I
Root cause analysis for messaging set-up related issues.
R,A
I
Troubleshoot messaging related issues.
R,A
I
Create, modify, disable and delete single or bulk user accounts in the Customer On-site and cloud messaging system.
R,A
I
Create, modify, disable and delete single or bulk users group membership in customer On-Site cloud messaging system.
R,A
I
Lead, document and evaluate all relevant architecture designs for On-Site and cloud systems.
R,A
I
Participate in DR, DR trials, audits and compliance review.
R,A
C,I
Update and maintain CMDB information.
R,A
C,I

3.7
Active Directory Management Services
Active Directory Operations and Administration Roles and Responsibilities
Service Provider
Customer
Perform day-to-day active directory set-up monitoring operations and administration.
R,A
I
Active directory monitoring and support.
R,A
I
Root cause analysis for active directory related issues.
R,A
I
Troubleshoot active directory related issues.
R,A
I
Create, modify, disable and delete single or bulk users account in the Customer active directory system.
R,A
I
Create, modify, disable and delete single or bulk users group membership in the Customer active directory system.
R,A
I
Lead, document and evaluate all relevant architecture designs.
R,A
I
Participate in DR, DR trials, audits and compliance review.
R,A
C,I
Update and maintain CMDB information.
R,A
C,I

3.8
Patch Management Services




Patch Management Operations and Administration Roles and Responsibilities
Service Provider
Customer
Perform day-to-day patch management set-up monitoring operations and administration.
R,A
I
Troubleshoot patching related issues.
R,A
I
Execute patch operations as per defined schedule.
R,A
C,I
Lead, document and evaluate all relevant architecture designs.
R,A
I
Participate in DR, DR trials, audits and compliance review.
R,A
C,I
Update and maintain CMDB information.
R,A
C,I

3.9
3rd Party Support Services
Management of 3rd Party IT Providers Responsibilities
Service Provider
Customer
Ownership of 3rd party licenses, agreement and contracts.
I
R,A
Proactively monitor 3rd party supplied equipment and report to the Customer any issues or risks.
R,A
I
Maintain, adhere to and provide recommendations on operational level agreements and relationships with the 3rd party vendors.
R,A
C,I
Review, approve and revise operational level agreements with the 3rd party IT Providers.
I
R,A
Incident triaging with 3rd party supplier for resolution of all requisite Incidents, Problem and Change Tickets.
R,A
I

3.10
Infrastructure Change Services
Infrastructure Change Services
Service Provider
Customer
Carry out feasibility, impact analysis, development and documentation of approved Infrastructure changes.
R,A
C,I
Provide a breakdown of the estimated effort and time to complete changes in accordance with the process described in Section 2.10 of this schedule.
R,A
I
Participate in appropriate testing of approved changes post deployment.
R,A
I
Prioritisation of changes based on business criticality.
R,A
C,I
Conduct review of deliverables before production deployment.
R,A
C,I
Business confirmation and sign-off.
I
R,A

4.
Service Environment

4.1
Operating Model
Schedule 2 Annex 1 (Common Services) sets out the definition of the Common Operating Model.

Schedule 2 Annex 3 (Operations and Service Delivery Services) sets out L1.5 support and the roles and responsibilities of the Service Desk.

Services shall be delivered from the Service Provider’s delivery location in India and from the Customer’s location in London, UK.

The Service provider shall establish an ITIL based tiered support model including L1.5, L2 and L3 services.

The Service provider shall establish an integrated L1.5 Service Desk for the network, infrastructure and application related incidents and service request. This team will attempt resolution based on documented procedures / Standard Operating Procedures being agreed upon with the Customer on an ongoing basis. If the L1.5 team is unable to resolve the incident, the incident will be escalated to the Level 2 support team.





Level 2 Support, shall be responsible for providing resolution to escalated issues in addition to providing routine system administration activities.

Level 3 Support, shall be responsible for providing Problem management and root cause analysis activities and interfacing with the Customer retained architecture team. The Level 3 support team shall also support the resolution team for any escalated issues.

The L1.5, Level 2 and Level 3 support teams shall coordinate with any 3rd party vendors for issue resolution as appropriate.

4.2
Service Priority

Please refer to Schedule 2 Annex 1 (Common Services) that defines the Service Priority matrix.

4.3
Resource Roles and Skillset
Resource Roles
Skillset
Infrastructure SME
High level understanding of Infrastructure issues.
Infrastructure troubleshooting.
Understanding of Infrastructure track (e.g. Server, database, messaging, active directory).
Professional level certification.
Senior Infrastructure Admin
Troubleshooting skills.
Problem solving skills, the ability to solve technical issues.
Associate level certification.
Infrastructure Admin
Infrastructure basics.
Knowledge on Infrastructure monitoring tools.
Understanding of ITIL process.
Experience on ticketing tool.

Please refer to Schedule 18 (Key Personnel) that sets forth the Service Provider’s lead roles in delivery of these services. The above roles are in addition to the Key Personnel roles for this service.

4.4
Support Timings

Support services shall be delivered to the Customer through the Service Provider’s On-Site / Offshore delivery model, All the resources will be based at the Service Provider’s or the Customer’s offices as required, furthermore:

The Service Provider’s On-Site resources will be based at the Customer’s offices to provide on premise Business Day support;
The Service Lead Infrastructure for this engagement will be based in the UK and US working from the Customer’s offices; and
Maintenance coverage would be provided to cover the peak business periods occurring during week, month, Calendar Quarter and Calendar Year end.

The support coverage timings for the services are provided in Schedule 2 Annex 1 (Common Services), Section 4.5 - Support Timings.

5.
Tools

Schedule 2 Annex 1 (Common Services) sets out the definition of the Tools used for delivering these services.

6.
Pricing

The Infrastructure Management Services charges are set out in Schedule 10 (Pricebook, Charges and Invoicing) in paragraph 9. The Infrastructure Management Services change out with the capacity set out in Schedule 2, Annex 1




(Common Services) is set out in Schedule 10 (Pricebook, Charges, and Invoicing) paragraph 13 (Change Management Charges) and SOW.

7.
Reporting

Please refer to Schedule 12 (Governance and Service Management) sets out the mechanism for operational reporting for the Services provided under the Agreement as part of the Services.

8.
Governance and Escalation

The Service Lead shall act as the single point of contact for all infrastructure services delivery related escalations, issues and risks. The following review meetings will be held on a daily and weekly basis:

Daily Review
Previous day’s Major incidents, critical updates, status reporting.
Daily status summary of Incidents, Problems, SRs and CRs.

Weekly Review
Items that need immediate management attention.
SLAs & KPIs statistics report discussion.
Ticket ageing analysis.

The following will be the escalation mechanism for issues related to Application Management Services (please refer to Schedule 18 (Key Personnel)).

1st Level - Service Provider’s Run The Business Lead

2nd Level - Service Provider’s CIO for this ITO

3rd Level - Service Provider’s Head of Insurance UK & Ireland


9.
Business Continuity and DR

Please refer to Schedule 16 (Business Continuity and Disaster Recovery) that sets forth the roles and responsibilities of the Parties for the Infrastructure Management Services provided under the agreement as part of the services.

10.
Appendices List

Please see below the list of relevant appendices to this schedule;
Title
Sub-Title
Appendix 2-B
Ops & Service Del. Supported Hardware
Appendix 2-E
Solution Staff Locations
Appendix 3-A
KPI-SLA
Appendix 10-A
Pricebook
Appendix 10-D
Baseline Volumes
Appendix 10-I
Rate Card
Appendix 10-L
Transition Baseline Information





SCHEDULE 2 ANNEX 3

OPERATIONS AND SERVICE DELIVERY SERVICES

1.Operations and Service Delivery Services Overview and Service Objectives    2
1.1Services Overview    2
1.2Service Objectives    2
1.3Service Scope    3
2.Service Definitions    3
2.1L1.5 Service Desk    3
2.2End User Services (Remote Support)    6
2.2.1Remote Device Support    6
2.2.2Software Distribution and Patching    6
2.2.3Mobile Device Management    6
2.3End User Services (Deskside Support):    6
2.3.1Deskside Support    6
2.3.2End User Service (Procurement Services)    7
2.3.3Ad-hoc User Support    7
3.Service Description    7
3.1Service Desk    7
3.1.1General Roles and Responsibilities    7
3.1.2Service Desk Tooling    8
3.2End User Services (Remote Support)    9
3.2.1Remote Device Support    9
3.2.2Software Distribution and Packaging    11
3.2.3Mobile Device Management    11
3.3End User Services (Deskside Support)    12
3.3.1Deskside Support    12
3.3.2End User Service - Procurement Services    13
3.3.3Ad-hoc User Support    13
4.Service Environment    14
4.1Operating Model    14
4.2Service Priority    14
4.3Resource Roles and Skillset    14
4.4Support Timings    15
5.Tools    15
6.Pricing    15
7.Reporting    15
8.Governance and Escalation    15
9.Business Continuity and DR    16
10.Appendices List    16




SCHEDULE 2 ANNEX 3

OPERATIONS AND SERVICE DELIVERY SERVICES


1.
Operations and Service Delivery Services Overview and Service Objectives
1.1
Services Overview
This Annex 3 (Operations and Service Delivery Services) to Schedule 2 (Service Descriptions) sets forth the roles and responsibilities of the Parties for the Operations and Service Delivery Services provided under the Agreement as part of the Services.

Operations and Service Delivery Services are those services and activities, as further detailed in this Annex, required to coordinate and respond to Incidents, Problems, and Service Requests made by the Customer’s authorised End Users and relevant technical personnel, and other authorised 3rd parties that utilise the supported applications (e.g. Customer partners).

The scope of services provided are:

Level 1.5 Layer (Service Desk);
End User Services (Remote support); and
End User Services (Deskside support).

The Service Provider shall ensure that the Operations and Service Delivery shall:

Act as the first point of contact for all IT related issues for the End Users (including but not limited to those arising in relation to in-scope Services);
Handle Incidents and Service Requests; and
Provide services to End Users (Remote & Deskside Support Services) as set out in Appendix 2-A (Ops & Service Del. Supported Hardware) that include the following:
End User Devices including workstations, desktop PCs, laptop/notebook PCs, tablet PCs, smart phones, desktop phones, mobility devices, streaming media systems (video conferencing) and other End User computing Hardware devices and associated system Software;
Network-attached devices (e.g. printers, scanners, copiers, multi-functional devices (e.g. printer/scanner/fax);
Locally-attached devices (e.g. personal printers, projectors);
On-site support as required; and
Meeting room support for three locations where there is Service Provider provided resources ( New York, Rocky Hill and London).

1.2
Service Objectives
In its provision of the Operations and Service Delivery Services, the Service Provider shall:

Achieve the relevant Performance Standards relating to the Operations and Service Delivery Services as set out in Appendix A, Schedule 3 (Service Levels and Service Credits);
Provide an ITIL compliant single point of contact (SPOC) Service Desk for all Incident and Problem resolution and end-to-end call management;
Provide a key interface between End Users and local IT support;
Provide a continuity of Operations and Service Delivery Service experience for End Users;
Continually improve IT customer service and Incident and Problem Resolution speed through skilled Operations and Service Delivery staff;
Endeavour to improve Operations and Service Delivery efficiency and effectiveness through the use of secure remote or locally based troubleshooting tools, Service Provider knowledge databases, 3rd party knowledge databases and good practices;




Endeavour to improve efficiency and effectiveness by early identification and addressing of root causes of technical Incidents including working with 3rd parties (e.g. Software vendors, network carriers) for Resolution before they become trends;
Provide scheduled Operations and Service Delivery Service reporting as required by the Customer;
Own all tickets opened in the [***] tool (whether or not they relate to the Services) until they are passed to a suitable team or escalated back to the Customer;
Provide a service window for the Operations and Service Delivery of 24x7 (i.e. 24 hours a day, 7 days a week) for English support;
Provide an effective set of standard Deskside Support Services while achieving the Performance Standards;
Support Customer asset management and control; and
Support the IT needs of the Customer’s business initiatives.

1.3
Service Scope
The scope of services provided are:

Level 1.5 Layer (Service Desk);
End User Services (Remote Support), including:
Remote Device Support; and
Software distribution and patching;
End User Services (Deskside Support), including:
Deskside support;
End User Service – procurement services; and
Ad-hoc User support.

All contacts will be routed to the L1.5 Service Desk. The contacts pertaining to Remote End User Support will be routed to the End User Support (Remote Support) desk. Any contacts requiring Deskside Support will be routed to Service Provider managed resources who will provide Deskside support to the Customer’s End Users.
The list of in-scope environment is mentioned in Section 10.1 of this Annex.

2.
Service Definitions
2.1
L1.5 Service Desk

L1.5 Service Desk shall be accessible through multiple channels (chat, telephone, email and [***] ITSM Incidents and Service Requests), providing end to end ownership (e.g. initiation, logging, tracking, resolution and reporting) of Operations and Service Delivery Incident tickets and Service Requests.

The Service Provider shall support English as the mode of language for Operations and Service Delivery service. The Service Desk will primarily be located in the Service Provider Service Location in Glasgow (UK) which will perform all Customer voice interaction, and it will be supported by the Customer approved Service Provider Service Location in India. The Customer retains an option at its direction for the Service Desk to be re-located offshore to an appropriate Service Provider Service Location in India as set out in Schedule 10 (Pricebook, Charges & Invoicing) paragraph 10.6 and subject to providing reasonable notice and in accordance with Schedule 13 (Contract Change Control Procedure).

L1.5 Service Desk shall perform documented procedures / Standard Operating Procedures based resolution including Remote Device support (laptop/desktop/mobile etc.) and shall assign/escalate to respective resolver groups the tickets which cannot be solved at the Service Desk.

The Service Provider’s L1.5 Service Desk shall perform initial triage and first level fix, Customer satisfaction, collaboration with L2/L3 teams to identify the owner of Incidents and closure thereof, as well as batch / environment monitoring.





The centralised L1.5 Service Desk shall provide support to the Customer’s End Users.. The team shall perform SOP based resolution for infrastructure incidents. This group will be responsible for the below services:
24x7 support;
Known Incident management & known error resolution based on the availability of Standard Operating Procedure (SOP);
Standard Service Requests;
Documentation of SOPs, building & enriching Known Error Database (KEDB) – with the help of L2/L3 Teams;
Environment / Batch monitoring;
Coordination with other teams & 3rd party vendors for issue resolution;
Catch, analyse and dispatch incident for unknown errors to next level (engage Level 2 / Level 3 teams as needed);
Record and report against SLA / KPIs documented in Schedule 3 (Service Levels and Service Credits); and status reporting in accordance with Schedule 12 (Governance and Service Management);
Support to Service Desk (enablement/documentation through Knowledge Management and KEDB updates) / analysis of Incidents / shift left) - help improve First Level Resolution (FLR) & faster turnaround, leading to positive end user experience; and
End User management through:
o
Providing timely updates to users;
o
Providing timely feedback to users;
o
Conducting user satisfaction surveys and reporting;
o
Creating End User and client management reports; and
o
Knowledge base creation and update.

The types of incidents to be handled by the Service Desk include:

Any incidents and requests relating to the Customer’s enterprise IT infrastructure including but not limited to:
o
Hardware (desktops, laptops, servers, phones, video conference, wireless devices, tablets, peripherals, printers, scanners, and other devices);
o
Systems Software (e.g. operating systems, utilities);
o
Database support;
o
Platform support;
o
3rd Party connectivity and interfaces;
o
Network components (e.g. WAN LAN); and
o
Internet connectivity;

Application Incidents and “how to” support, including but not limited to:
o
Packaged commercial off-the-shelf (COTS) office productivity Software;
o
All applications set out in Schedule 2, Appendix 2-C (Operations and Service Delivery Supported Software); and
o
Desktop operating system.

Password and account provisioning support, including but not limited to:
o
Password resets;
o
Requests for End User account activation, suspension and termination; and
o
Account administration for all supported applications.

Service Requests, including but not limited to:
o
IMACDs requests;
o
VIP support requests; and
o
Scheduling and processing requests.






L1.5 Service Desk team general roles and responsibilities are listed in Section 3.1 of this annex.

While L1.5 Service Desk shall be the first point of contact for all IT incidents and issues in the Customer’s IT environment, there are other teams that will be responsible for resolving certain incidents. A service map for services in the Customer environment is provided below:





Service Area
Reference to Schedule where covered
Section Reference
1.    L 1.5 Service Desk.
Schedule 2 Annex 3
2.1
2.    Remote Device Support.
Schedule 2 Annex 3
2.2.1
3.    Software distribution and patching, including build, packaging, patching, end point configuration, monitoring and testing.
Schedule 2 Annex 3
3.2.2
4.    [***] support for patching and builds.
Schedule 2 Annex 3
3.2.2
5.    [***] support for profile management and roaming support ([***] / VPN / Customer remote mail / corporate and guest WiFi).
Schedule 2 Annex 3 & Annex 6
3.2.1 and 2.1
6.    [***] – Customer anywhere support and maintenance.
Schedule 2 Annex 2 and Schedule 2 Annex 4
10.1.1 in Annex 2 and 10.1 in Schedule 2 Annex 4
7.    Security admin functions [***].
Schedule 2 Annex 3
2.1
8.    Video conferencing support.
Schedule 2 Annex 3
1.1 and 2.1
9.    The Service Desk escalation matrix to coordinate with other teams in the Customer ecosystem.
Schedule 2 Annex 3
2.1 and 4.1
10.    Town hall support and executive meetings support.
Schedule 2 Annex 3
2.3.1 and 3.2.1
11.    [****] Classification support.
Schedule 2 Annex 3 and Schedule 2 Annex 4
Section 2.1 in Annex 3 and 10.1 in Annex 4
12.    Change management through ITSM toolset.
Schedule 2 Annex 5
4.1.2
13.    Licensing and N-1 services.
Schedule 2 Annex 4
2.5
14.    Tools and Tools management, including tools licences and support.
Schedule 2 Annex 1
3.4
15.    Management of Third Party Providers in the Customer environment for printer management.
Schedule 2 Annex 3
3.3.1
16.    [***] implementation and support.
Schedule 8 Appendix 1 and Schedule 2 Annex 1
Section 1.5 in Schedule 8 Appendix 1 and Section 3.4 in Schedule 2 Annex 1 for ongoing support


2.2
End User Services (Remote Support)




The Service Provider shall provide remote End User services to the Customer. The support activities that will be managed by the End User Services (Remote Support) include sections 2.2.1 to section 2.2.3:

2.2.1
Remote Device Support
The Service Provider shall provide remote diagnosis, troubleshooting, and resolution of Incidents. The scope of activities includes:

End User Services for all End User computing devices including desktops, laptops, smartphones etc.at sites, including:
o
Front Office Services - including Hard/Soft IMACD, hands and eyes Support); and
o
Back Office Services - including ervice Continuity Management (SCM).

Remote Device support roles and responsibilities have been listed in Section 3.2.1 of this annex.

2.2.2
Software Distribution and Patching
The Service Provider shall perform the software distribution and patching activities for the Customer’s End User devices. This includes:
Application packaging;
Image customisation as per the Customer’s requirement;
Software distribution and patch management [***] for laptops & desktops;
Image management for Windows Client OS; and
Deployment Tool administration [***].

Remote Device support roles and responsibilities have been listed in Section 3.2.2 of this annex.

The Run Services Charges provided by the Service Provider includes the application packaging of up to 60 application packages per annum, with an average of five (5) per month and varied by agreement between the Parties.

2.2.3
Mobile Device Management
The Service Provider shall perform mobile device management services to support the Customer’s mobile devices and the associated mobile management infrastructure.
Mobile device management roles and responsibilities have been listed in Section 3.2.3 of this annex.

2.3
End User Services (Deskside Support):
The Service Provider shall provide End User Services (Deskside Support) at the Customer Locations as defined in Schedule 22 (Locations and Site Licence). The support will be through dedicated site engineers or dispatch services on a location to location basis by 3rd party contractors defined in Schedule 5 (Sub-Contractor List).

The activities that will be managed by the End User Services (Deskside Support) are:

2.3.1
Deskside Support
Provide sufficient technician availability to meet the Service Levels mentioned in Schedule 3 (Service Levels and Service Credits);
Conduct Deskside Support activities as required to meet the Service Levels;
Update [***] with a clearly written description of the solution achieved, including troubleshooting steps taken [***];
Support for the Customer’s End Users at the Customer Locations defined in Schedule 22 (Locations and Site Licence);
[***];
[***];
[***]; and




[***].

Deskside Support roles and responsibilities have been listed in Section 3.3.1 of this annex.


2.3.2
End User Service (Procurement Services)
The Service Provider shall enable the Customer’s procurement activities through the Service Request portal. The Service Provider shall provide a Customer self-service order fulfilment process, including authorisation.

Procurement Services roles and responsibilities have been listed in Section 3.3.2 of this annex.

 
2.3.3
Ad-hoc User Support
The Service Provider shall perform user administration and profile management of the Customer’s End Users. The Service Provider shall administer joiner / leavers / movers as part of ad-hoc user support.

Ad-hoc user support roles and responsibilities have been listed in Section 3.3.1 of this annex.

3.
Service Description
In addition to the Services, activities, and roles and responsibilities described in Annex 1 (Common Services) to Schedule 2 (Service Descriptions), the Service Provider shall be responsible for the following Operations and Service Delivery Services.

The following sections and tables throughout this Annex identify the Operations and Service Delivery Services roles and responsibilities that the Service Provider and the Customer shall perform. The Service Provider undertakes to perform its roles and responsibilities and that performing them forms part of the Services mentioned in this Annex.

The Service Provider’s responsibilities are indicated in the column labelled “Service Provider”. The Customer’s responsibilities are indicated in the column labelled “Customer”. The tasks listed in such tables are not exclusive, and do not identify or define every process, activity or task to be performed by the Service Provider as a contracted function under this Annex. The Service Provider shall follow the definitions below for the roles and responsibilities defined for all operations and service delivery services:

RACI Matrix

Responsible
Accountable
Consulted
Informed
Responsible and Accountable
Consulted and
Informed
R
A
C
I
R,A
C,I

3.1
Service Desk
3.1.1
General Roles and Responsibilities
The following table identifies the general roles and responsibilities associated with the provision of Service Desk Services:






Service Desk General Roles and Responsibilities
Service Provider
Customer
1.    Provide a 7x24x365 Service Desk [***]:
    Connectivity from the Service Provider to the Automated Call Distribution (ACD) System;
    Direct dial alternative telephony access to enable inbound calls to be connected from any location; and
    Ability to receive End User Problems and requests via phone call, web submission, chat tool or email (“End User Contact”).
R,A
C,I
2.    Responsibility for Service Desk infrastructure, including financial responsibility to provide, configure and maintain all Equipment, circuits, facilities infrastructure, processes and procedures that are necessary for the normal operations of the Service Desk.
R,A
C,I
3.    Responsibility for configuration, maintenance and support of the Service Provider Service Desk telephony systems, including having financial responsibility to provide, configure and maintain all software and equipment required for the Automated Call Distribution (ACD) System Interactive Voice Response (IVR) and other call centre telephony equipment necessary for the routing, handling and reporting of both inbound and outbound telephone calls to and from the service desk.
R,A
C,I
4.    Provide a capability to broadcast within the ACD call tree and send messages to all, or sub-groups of, End Users regarding news, events and occurrences that are deemed by the Customer Representative to warrant hot news designation, including:
    Delivery of emails to all End Users or sub-groups of End Users, as defined by the Customer;
    Publication of notification messages within the Service Provider Service Desk ACD system;
    Publication of notification messages within the ITSM; and
    Creation of an hourly process to review all hot news broadcasts until the issue is resolved and the message can be removed (during this process, updated messages may be sent and posted).
R,A
C,I

3.1.2
Service Desk Tooling




Service Desk Tooling
Service Provider
Customer
1.    Provide a tool used by the Service Desk to allow remote capture and control of End User Devices for remote diagnosis, troubleshooting and resolution of Incidents. Such a tool will:
    Permit support personnel to access the End User Device and view the End User screen at their location;
    Require a real-time, on-screen authorisation from the End User to permit support personnel to capture the End User Device;
    Pa message on the End User Device when the remote capture connection has ended; and
    Provide technicians the ability to collect information about End User Device System health, patch and upgrade currency and System performance trends.
R,A
C,I
2.    Have financial responsibility for and provide all Software, Equipment and facilities infrastructure necessary for the normal operations of such remote capture tool. e.g.VM for deployment [***].
R
A,C,I
3.    Configure and Support within the ITSM or Customer approved knowledge management tool a self-help portal that contains FAQs, wikis, tools and other self-help resources for Customer End Users.
R,A
C,I
4.    Develop and publish within the ITSM, or in another Customer-approved format, a frequently asked questions (FAQ) list for use by Customer End Users that documents common resolutions for issues that could potentially become Incidents or Service Requests. This FAQ list will:
    Aim to reduce the volume of live communications received by the Service Desk;
    Explain resolutions of issues commonly reported to the Service Desk that could be resolved by the End User without Service Desk assistance.

R,A
C,I
5.    Configure and support the tools and capabilities to permit End Users to perform self-support. These tools/capabilities may enable End Users to conduct activities such as:
    [***]; and
    Download and install Customer approved Applications, drivers, etc.
R,A
C,I
6.    Track the usage of all self-help tools and report on such usage monthly.
R,A
I

3.2
End User Services (Remote Support)
3.2.1
Remote Device Support
End User Services (Remote Device Support)
Service Provider
Customer
1.    Provide L1 level of support and resolve incidents in first call / chat. Co-ordinate with resolver groups (1st line to 2nd or 3rd line as required) to close Incident / Service Requests in accordance with the approved closure procedures, including providing resolution information to relevant End Users.
R,A
I
2.    Remote Desktop Services - Troubleshoot the desktop operating system and supported desktop applications electronically to minimise the need to escalate to subsequent levels.
R,A
I
3.    Log and update all contact by End Users with the Service Desk, in ITSM tool.
R,A
I




End User Services (Remote Device Support)
Service Provider
Customer
4.    Log Service Requests on behalf of End Users, whether or not they are listed in the Service Catalogue
R,A
I
5.    Provide an effective Customer feedback process and implement for improvements in the Services based on such feedback, as directed by the Customer.
R,A
I
6.    Meet the SLA / KPIs being agreed upon in Schedule 3 (Service Levels and Credits).
R,A
I
7.    Recommend Services and standards for supporting the End User computing environment (e.g. Services, Hardware, Software standards).
R,A
C,I
8.    Review and approve Services and standards for supporting the End User computing environment.
I
R,A
9.    Deploy and manage in-scope End User device Hardware and the applications.
R,A
I
10.    Deliver Deskside Support training to all Deskside Support personnel prior to such personnel performing Services for the Customer.
R,A
C,I
11.    Perform IMACD, Incident, break-fix service, hands & feet support and mutually agreed preventative maintenance to the End User devices.
R,A
I
12.    Recommend changes, document, coordinate and maintain changes to the standard images leveraging Customer approved processes.
R,A
I
13.    Provide support for Customer-approved Hardware and applications as coordinated through the Service Desk.
R,A
I
14.    Provide data restoration for End User Devices using Customer-approved process.
R,A
I
15.    Provide support to Customer guests for Customer-defined guest services (e.g. meeting rooms, projector, wi-fi access).
R,A
C,I
16.    Service Provider will provide hands & feet support for Customer Locations where there is physical deskside presence provided, at no additional cost to the Customer, where the skills required match the skills available onsite. For Dispatch sites, the Service Provider will provide pricing quotation for hands & feet support for racking mounting/dismounting of Server and Network devices in accordance with Schedule 10 (Pricebook, Charges and Invoicing) at the Customer Locations defined in Schedule 22 (Locations & Site License). For additional hands & feet support at any location, where there are additional skills required to perform the task, dispatch service will be provided in accordance with the pricing mechanisms described for the same in Schedule 10 (Pricebook, Charges and Invoicing).
R,A
C,I
17.    Provide services as mentioned in 11 above subject to agreement on Charges between both Parties.
R,A
C,I
18.    Promptly report to the Customer’s management team on End User violations of the Customer’s Standards and Policies related to End User Devices and peripheral equipment, in accordance with the Customer’s policies.
R,A
C,I
19.    Document solutions and associated procedures to all break / fix Incidents in the Customer’s knowledge base.
R,A
I
20.    Identify self-service appropriate opportunities and provide the Customer with related written recommendations.
R,A
I




End User Services (Remote Device Support)
Service Provider
Customer
21.    Provide support to the Customer in all in scope Sites, locations and workspaces as specified in Schedule 22 (Locations and Site License).
R,A
I
22.    Transport and courier charges between locations and countries (excluding scheduled and dispatched visits).
C,I
R,A
23.    Provision of packaging materials for packing devices for transportation.
C,I
R,A
24.    Where Customer-owned End User Devices and Software are not included in the scope of the Deskside Support Services, the Service Provider shall endeavour to resolve in communication with the Customer. These calls will be charged as per T&M basis where necessary (e.g. dispatch locations).
R.A
I
25.    Monthly service reporting on ticket volumes, ticket resolution in accordance with Performance Standards, Service Level exceptions, issues, actions, risks, Service improvements and projects.
R,A
C,I
26.    Implement remote monitoring.
R,A
C, I
27.    Monitor and report on remote access connections.
R,A
I
28.    Execute remote login sessions for End User Device troubleshooting.
R,A
I
29.    Proactive monitoring of the EUS services to provide early detection and resolution of emerging problems.
R,A
I
30.    Provide remote login process and policy.
I
R,A
31.    Assign and terminate approved access rights.
R,A
C,I


3.2.2
Software Distribution and Packaging





End User Services (Software Distribution & Patching)
Service Provider
Customer
1.    Provide Software support and installing 3rd party supplied corrections for 3rd party Software problems, installing 3rd party provided Software patches as required.
R,A
C,I
2.    Provide deployment and patching support for the agreed Customer’s application portfolio, productivity tools, network operating Software and firmware for desktops / laptops.
R,A
C,I
3.    Provide deployment and patching support for emergency patches as per the Customer’s exceptional patch approval process and in conjunction with the SLAs described in Schedule 3 (Service Levels and Service Credits) Appendix 3-A.
R,A
C,I
4.    Coordinate with IT security team for assessment, identification, patch testing and approval of patches for deployment.
R,A
C,I
5.    Create patch package and distribute to the distribution points. Maintenance of software deployment and patch testing software infrastructure; deployment package creation & testing using SCCM 2012.
R,A
I
6.    Create patch deployment advertisements to system groups (dev, test, prod, workstations, lab systems etc.).
R,A
I
7.    Monitor the advertisements and proactively work with the other teams to drive to a successful deployment of the patches.
R,A
I
8.    Assist teams in troubleshooting issues at the SCCM client level (individual desktops/laptops when needed).
R,A
C,I
9.    Monitor the state of patches and remediate the failed systems; patch reporting.
R,A
C,I
10.    Co-ordinating with the Customer’s End Users for feasibility time to schedule deployments of applications which requires mandatory reboots post installation.
R,A
C,I
11.    Test / pilot / production rollout of packages via deployment Tool.
R,A
C,I
12.    Monitor production deployments & remediation of client deployment issues.
R,A
C,I
13.    Incident, Change and Problem management for deployment Tool Software Infrastructure.
R,A
I
14.    Troubleshooting and remediation of deployment Tool client Software issues.
R,A
I
15.    Recommendations and minor upgrades (patches and service packs of the deployment Tool Software).
R,A
C,I
16.    Provide access / roles to procurement / desk side team to deploy images through deployment Tool.
R,A
I
17.    Provide status reporting on patch management based on agreed upon SLAs in Schedule 3 (Service Levels and Service Credits) Appendix 3-A.
R, A
C, I

3.2.3
Mobile Device Management




Mobile Device Management
Service Provider
Customer
1.    Monitor MDM Infrastructure Servers.
R,A
I
2.    Monitor logs for errors and critical events.
R,A
I
3.    Monitor target mobiles devices connection failures, Software deployment failures and other critical alerts.
R,A
I
4.    Provide End User support services for tablets and mobile devices to the Customer as part of the delivered Services.
R,A
I
5.    Work with the Customer to maintain the MDM security policy and make required changes.
R,A
C,I
6.    Add / Delete / Manage End User certificates, device certificates and vendor MDM certificates.
R,A
I
7.    Add and remove devices from the MDM platform.
R,A
I
8.    Lock, unlock, delete and wipe devices as directed by the Customer’s team.
R,A
I
9.    Investigate any issues identified either via automated alerts or Incident tickets and where necessary engage with OEM for additional assistance utilising the Customer’s support agreement.
R,A
C,I
10.    Leverage the Customer’s mobile device management solution to provide mobile device management services.
R,A
I


3.3
End User Services (Deskside Support)
3.3.1
Deskside Support




End User Services Deskside Support
Service Provider
Customer
1.    Provide deskside support at the agreed Customer Locations for those changes that cannot be implemented remotely and for those incidents and problems that cannot be resolved remotely.
R,A
I
2.    For malfunctioning equipment that cannot be repaired at the deskside, provide spare equipment from inventory on a swap basis.
I
R,A
3.    Deploy standard build on the spare equipment to replace malfunctioning equipment that cannot be repaired at the deskside.
R,A
I
4.    Ensure that where a failed device or old device is being refreshed and has to be exchanged, the replacement equipment is fully functioning and maintain the asset records in line with the changes made.
R,A
C,I
5.    Ensure any old equipment is disposed of complying with the WEEE directive.
C,I
R,A
6.    Copy data from the existing device internal storage onto the internal storage of the replacement device and re-install appropriate applications for each device that replaces an existing device.
R,A
C,I
7.    Maintain contracts / agreements with a 3rd party for equipment exchange.
I
R,A
8.    Execute RMA (return material authorisation) and manage logistics / inventory.
I
R,A
9.    Exchange equipment as a part an agreed refresh program.
I
R,A
10.    Installation of desktops, laptops and peripherals for delivery of standard services. This will include the physical and logical configuration control of PCs.
R,A
I
11.    Relocation of user PC (including associated peripheral devices) to new position.
R,A
I
12.    Move Software from one device to another for the same user.
R,A
I
13.    Addition of Hardware devices to user PC.
R,A
I
14.    Addition of Software modules, filters and/or drivers to installed products. Manual installation if required of applications Software in keeping with change control policies and procedures.
R,A
I
15.    Prioritise VIP user calls at the Service Desk level. Through IVR calls would directly get diverted to remote support team.
R,A
C,I
16.    Manage any Third Party Providers that provide and support EUS equipment and Software maintenance.
R,A
I
17.    Assist in activities to plan, order, install, test and maintain all EUS devices that are used to provide the services.
R,A
I
18.    Support for quarterly all staff update.
R,A
C,I


3.3.2
End User Service - Procurement Services




End User Service (Procurement Services)
Service Provider
Customer
1.    Provide workflows and agreed upon service catalogue items for procurement services [***].
R,A
C,I
2.    Provide a procurement service for all standard assets (Hardware and Software) through the defined service catalogue.
I
R,A
3.    Procure new Hardware / Software.
I
R,A
4.    Procure equipment and licences.
I
R,A
5.    Recommend new licences as per the Customer’s need.
R
A,C,I
6.    Provide a Customer self-service order fulfilment process, including authorisation.
R,A
C,I
7.    Ensure that hardware (datacentre Hardware and End User Hardware) and Software license provision is effectively managed and compliant before standard Service Requests are fulfilled. The Customer shall retain overall responsibility for ensuring it has appropriate licences to meet its business needs. However, the Service Desk has a responsibility to keep the Customer informed of what needs to be licensed and where its licences are being used.
R,A
C,I
8.    Implement procurement process in Service Now.
R,A
C,I
9.    Coordinate with the Customer’s 3rd party for procurement.
R,A
C,I
10.    Financial responsibility for maintaining adequate inventory of spares for all Hardware.
I
R,A
11.    Provide recommendations on the level of spare capacity that is to be maintained for all Customer Sites in conjunction with Customer approved inventory levels, recycling spares where appropriate, providing reasonable notice to procure new spares, and using reasonable endeavours to minimise Customer spares spend.
R.,A
C,I
12.    Acquire Service Area assets other than Service Provider provided Assets.
I
R,A
13.    Manage the Customer’s agreements with Hardware, Software and equipment manufacturers.
I
R,A
14.    Notify the Service Provider of shipments.
I
R,A

3.3.3
Ad-hoc User Support




Ad-hoc User Support
Service Provider
Customer
1.    Provide user registration, security, access, profile and administration e.g. active directory & exchange, folder access, recertification for file permissions, activities required for SOX compliance). The nature of these activities to be further documented and agreed during Transition between the Service Provider and Customer.

R,A
C,I
2.    The Service Provider’s Service Desk will manage processes around Customer loan laptops (including requests, allocation, co-ordination for returns) including through email notifications and follow-up calls upon undue delays in loan recipients returning loan equipment. The process for governing this is to be determined between the Service Provider and the Customer during service Transition.
R,A
C,I
3.    Administer joiner / leavers / movers process and also:
    Provide user registration, security, access, profile & administration for joiners, leavers & movers; and
    Provide an asset (access, software, licence & hardware) recovery and deployment service for joiners, leavers & movers.
R,A
C,I
4.    Prior to the Customer’s start of the working day, collate an independent view of the status of the IT Infrastructure and services to confirm normal operational service for our customers. This is likely to involve confirmation from all other service lot delivery partners, but may include Service Desk start of day checks.
R,A
C,I
5.    Provide all applicable policies & process documentation.
I
R,A



4.
Service Environment
4.1
Operating Model
The Service Provider shall establish an ITIL based tiered support model including L1.5, L2 and L3 services aligned to the operating model as set out in Schedule 2 Annex 1 (Common Services.

The Service provider shall establish an integrated L1.5 Service Desk for the Network, Infrastructure and Application related Incidents and Service Requests. This team will attempt resolution based on documented procedures / Standard Operating Procedures being agreed upon with the Customer on an ongoing basis. If the L1.5 team is unable to resolve the incident, the incident will be escalated to the Level 2 support team.
The L1.5, Level 2 and Level 3 support teams will coordinate with any 3rd party vendors for issue resolution as appropriate.

4.2
Service Priority
Please refer to Section 3, Schedule 2 (Service Description) that defines the Service Priority matrix.

4.3
Resource Roles and Skillset




Resource Roles
Skillset
Service Desk Team Lead
    Monitoring incoming, outgoing and handled call volumes with the help of call monitoring tool.
    Expert in reporting activities.
    Prior experience in leading an IT helpdesk project with the team size of 5 - 10 team members.
    Familiarity of ITIL and six sigma process.
Service Desk Tech Lead
    Exposure on ticketing Tools.
    Concepts and basic knowledge on Internet, MS Exchange.
    Password reset tools for domains and applications.
Service Desk Analyst
    Receiving End User calls.
    Provide first level resolutions.
    Ticket creation/ categorisation / prioritisation.
    Ticket escalation to respective support group.
    Incident resolution and recovery.
    Ticket closure.
Field Service Coordinator
    Coordinate with the Service Provider’s 3rd party contractors for resolving Incidents through dispatch model.
Field Support Engineer
    Knowledge of different operating systems, Hardware, desktop peripherals, IT network Systems, and firewalls.
    ITIL V3 Certified.
    Capable of solving Hardware and Software related issues.

Please refer to Schedule 18 (Key Personnel) that sets forth the Service Provider’s lead roles in delivery of these services.

4.4
Support Timings
Support services will be delivered to the Customer through the Service Provider’s onshore / Offshore delivery model. All the resources will be based at the Service Provider’s or the Customer’s offices as required.

The Service Provider Delivery Lead, for this engagement will be based in the UK.

The support coverage timings for the services are provided in Schedule 2 Annex 1 (Common Services), Section 4.5 (Support Timings).

5.
Tools
Please refer to Schedule 2 Annex 1 (Common Services) that defines the Tools used for delivering these services [***].

6.
Pricing
The Operations and Service Delivery charges are set out in Schedule 10 (Pricebook, Charges and Invoicing) paragraph 10 (Operations and Service Delivery Charges) and for Operations and Service Delivery Charges out with the capacity included in Schedule 2 Annex 1 (Common Services) in paragraph 13 (Change Management Charges) and by SOW.

7.
Reporting
Please refer to Schedule 12 (Governance and Service Management) that sets forth the mechanism for operational reporting for Services provided under the Agreement as part of the Services.

8.
Governance and Escalation




The Service Provider’s Service Delivery Lead shall act as the single point of contact for all Operations and Service Delivery Services and operational delivery related escalations, issues and risks. The following review meetings will be held on a daily and weekly basis:

Daily Review:

Previous day’s Major Incidents, critical updates, status reporting; and
Daily status summary of Incidents, Problems, SRs and CRs.

Weekly Review

Items that need immediate management attention;
SLAs & KPIs statistics report discussion; and
Ticket ageing analysis.

The following will be the escalation mechanism for issues related to Application Management Services (please refer to Schedule 18 (Key Personnel)).

1st Level – Service Provider’s ‘Run The Business’ Lead

2nd Level – Service Provider’s CIO for this ITO contract

3rd Level – Service Provider’s Head of Insurance UK & Ireland.

9.
Business Continuity and DR
Schedule 16 (Business Continuity and Disaster Recovery) sets forth the roles and responsibilities of the Parties for the Application Management Services provided under the Agreement as part of the Services.


10.
Appendices List
Please see below the list of relevant appendices for this schedule;
Title
Sub-Title
Appendix 2-B
Ops & Service Del. Supported Hardware
Appendix 2-C
Applications List
Appendix 2-E
Solution Staff Locations
Appendix 3-A
KPI-SLA
Appendix 10-A
Pricebook
Appendix 10-D
Baseline Volumes
Appendix 10-I
Rate Card
Appendix 10-L
Transition Baseline Information
Appendix 2-C
Application List
Appendix 2-D
Third Party Resolver Groups
Appendix 2-F
CEFR






SCHEDULE 2 ANNEX 4
APPLICATION MANAGEMENT SERVICES

1.Services Overview and Objectives    3
1.1Application Management Services Overview    3
1.2Service Objectives    3
1.3Service Scope    3
2.Service Definitions    3
2.1Level 2 / Level 3 Support    3
2.23rd Party support services    4
2.3Preventative maintenance services:    4
2.4Batch and interfaces support:    5
2.5Minor Enhancements of applications    5
2.6Release and maintenance activities    5
3.Service Description    6
3.1Service Descriptions and Roles & Responsibilities    6
3.2General Responsibilities    6
3.33rd Party support services    7
3.4Preventative maintenance services    7
3.5Minor Enhancements of applications    8
3.6Release and maintenance activities    8
3.7Standards and Policies    8
4.Service Environment    8
4.1Operating Model    8
4.2Service Priority    9
4.3Resource Roles and Skillset    9
4.4Support Timings    10
5.Tools    10
6.Pricing    10
7.Reporting    10
8.Governance and Escalation    10
9.Business Continuity and DR    11













SCHEDULE 2 ANNEX 4
APPLICATION MANAGEMENT SERVICES



1.
Services Overview and Objectives
1.1
Application Management Services Overview
This Annex 4 (Application Management Services) to Schedule 2 (Service Descriptions) sets forth the roles and responsibilities of the Parties for the Application Management Services provided under the Agreement as part of the Services. These Application Management Services are the services and activities, as further detailed in this Annex, required to support the Customer’s current and future applications (e.g. maintenance, support, upgrades, patching), and all of the supporting application and security required to deliver the required Services.

The scope of services includes:
 
Level 2 / Level 3 support.
3rd Party support services.
Preventative maintenance services.
Batch and interfaces support.
Minor Enhancements of applications.
Release and maintenance activities.

1.2
Service Objectives
The Service Provider shall in its provision of the Application Management Services:
Deliver a risk-mitigated transition by leveraging our incumbent knowledge of the Customer application landscape to ensure no disruption to business. Schedule 8 (Transition and Transformation) sets out the application transition plan;
Maintain application availability and stability, by:
o
Eliminating the avoidable debts through application strengthening; and
o
Automating the unavoidable debts using the Service Provider [***] tool;
Improve operational efficiencies through cross-skilling of Service Provider resources;
Create and maintain an effective application Knowledgebase;
Drive year-on-year cost optimisation by implementing Continual Service Improvements (CSI);
Establish a Target Operating Model as defined in Schedule 2 Annex 1 (Common Services); and
Service Management shall be performed as per terms set forth in Schedule 14 (Service Integration).

1.3
Service Scope
The in-scope applications for the Application Management Service are listed in Appendix 2-C (Application List).

2.
Service Definitions
2.1
Level 2 / Level 3 Support
Level 2 Application Support – shall provide incident resolution and fulfilment services for issues / requests escalated by the Level 1.5 Service Desk. The primary objective will be to ensure stability of the operations environment and associated business processes over and above the availability of individual application components. All issues requiring specialist help will be escalated to the Level 3 support.




Level 3 Application Support – shall resolve complex unknown incidents and perform proactive trend analysis to identify the application bottlenecks (root cause of recurring incidents, availability and performance issues) and implement permanent fixes in consultation with the Customer. The primary objective will be to perform preventative maintenance, break fix support and enhancements to the systems as needed.

The table below provides the activities performed by Level 2 and Level 3 Support

Support Level
In-scope activities
Level 2
 
Focus Area:
Service Restoration, Provide emergency fixes, corrective maintenance, Application Stability and Availability
o    Business Day support; On-call support provided by On-site team outside of Business Day.
o    Major Incident resolution.
o    Incident, problems, changes, queries.
o    Preventative maintenance.
o    Release and deployment.
o    KEDB enrichment.
Level 3

Focus Area:
Application Reliability and Resilience, Minor Enhancements and Business Relevance
o    Business Day support; On-call support provided by On-site team outside Business Day.
o    Incident Management - Bug fixes and resolve complex unknown incidents escalated by the Service Desk.
o    Ad-hoc service request.
o    Problem Management – root cause analysis, proactive problem management and application strengthening.
o    Implementing Continual Service Improvements.
o    Application Minor Enhancements.

2.2
3rd Party support services
The Service Provider shall provide technical support and coordinate with the Customer and other service providers that are providing 3rd party services for the in-scope applications.  These support activities include:
Provide current technical and operational documentation;
Participate in reviews for technical architecture, technical design, source code, and test cases for new functionality; and
Support migration of application changes into production.

2.3
Preventative maintenance services:
Monitoring production processing and results;
Perform trend analysis to identify potential problems;
Recommend corrective actions or additional preventative maintenance;
Perform application tuning, code restructuring, database query optimisation, batch job maintenance, etc., to improve production performance;
Improving the efficiency and reliability of the in-scope applications;
Activities required for implementing modifications to the in-scope applications due to regulatory, corporate compliance requirements;
Activities associated with performing testing, coordination of testing, coordination of implementation, and validation of functionality for upgrades and patches to commercial-off-the-shelf components or utilities;
Coordination of application maintenance efforts with changes coming from application development projects; and
Orderly shutdown and restoration of services in preparation for planned outages.

2.4
Batch and interfaces support:




Manage and maintain a schedule for all batch and interface activities;
Ensure all batch and interface activities are completed to schedule;
Monitor all batches and interfaces across a 24 / 7 period through to completion; and
Work with 3rd party services, Commercial Off-The-Shelf vendors and all other relevant stakeholders to resolve issues or abnormal termination of application batches and interfaces, which may include but not be limited to restarting services/tasks where possible within the agreed batch and interface activities window.

2.5
Minor Enhancements of applications
The Service Provider shall provide [***]:
 
[***];
[***];
[***];
[***];
[***]; and
[***].

The Service Provider shall maintain details of the Minor Enhancements executed, hours consumed and report weekly to the Customer.

The above will be reviewed on a periodic basis as per Schedule 12 (Governance and Service Management) that sets forth the roles and responsibilities of the Parties for the Application Management Services provided under the Agreement as part of the Services.

2.6
Release and maintenance activities
In addition to regular maintenance and release windows, the Service Provider shall support the Customer’s annual business release schedule and control periods (code freeze). This includes participation in planning activities, coordinating testing, and managing additional support activities during installation of the business release.

The list of activities for release and maintenance windows shall include:

Evaluating Production Readiness of Changes based on a predefined checklist;
Receiving turnover and training for code from the Change Management Team;
Tracking all the fixes and maintenance activities going into production;
Monitoring the jobs and keeping track of install related Issues;
Opening production support bridge if required;
Handing over the install related code issues to the Change Management team if required and monitoring the same for timely completion;
Conducting follow-up meetings with the Change Management and QA teams for process improvement planning purposes;
Tracking new production fixes due to install related issues; and
Collaborating on release management activities with release manager.

3.
Service Description
3.1
Service Descriptions and Roles & Responsibilities
The following sections and tables throughout this Annex identify the Application Management Services roles and responsibilities that each Party shall perform. The Service Provider undertakes to perform its roles and responsibilities set out in this Annex and agrees that performing them forms part of the Services mentioned in this Annex. Within each table, defined in the form of a RACI matrix shown below, the following notations are placed in the column under the Party that shall be responsible for performing the relevant task:





RACI Matrix

Responsible
Accountable
Consulted
Informed
Responsible and Accountable
Consulted and
Informed
R
A
C
I
R,A
C,I

The Service Provider’s responsibilities are indicated in the column labelled “Service Provider”. The Customer’s responsibilities are indicated in the column labelled “Customer”. The tasks listed in such tables are not exclusive, and do not identify or define every process, activity or task to be performed by the Service Provider as a contracted function under this Annex.

Please refer to Schedule 2 Annex 1 (Common Services) that sets forth the roles and responsibilities of the following services:

Incident Management;
Major Incident Management;
Problem Management;
Change Management;
Service Request Fulfilment; and
Continual Service Improvements (CSI).

3.2
General Responsibilities
The following table identifies the general roles and responsibilities associated with the Application Management Services that the Service Provider and the Customer shall perform.

Table 1. General Roles and Responsibilities

 
General Roles and Responsibilities
Service Provider
Customer
1.    
Performing all L2, L3 activities and Minor enhancements (as per Scope of work) associated with delivering application management services.

R,A
C,I
2.    
Performing all service management activities associated with the service or supporting the Customer’s team under service integration with the tasks (assigned in a specific 3rd party vendor responsibility agreement).

R,A
C,I
3.    
Defining a service governance structure and implementing key governance processes (escalation path etc.) to provide the appropriate transparency and alignment with the Customer.

R,A
C,I
4.    
Provision of a transparent service performance monitoring system - provide all relevant Service Level reports necessary to assess service performance (defined jointly with the Customer).

R,A
C,I
5.    
Performing all acceptance approval duties within a reasonable timeframe (e.g. changes, proposals, deliverable acceptance, invoicing etc.).
I
R,A
 
Defining job priorities and scheduling requirements.
R,A
C,I
6.    
Ensure that 3rd party application vendors are engaged as required in supporting Incident (including Major Incident) and Problem Management investigations as required.
R,A
C,I
7.    
Provide required support for all in-scope applications and restoration of service within agreed SLAs.
R,A
C,I
8.    
Proactive problem management and Continual Service Improvements (CSI).
RA
C,I
9.    
Disaster recovery and Business continuity.
RA
C,I





3.3
3rd Party support services
 
Management of Application 3rd Party IT Providers Responsibilities
Service Provider
Customer
1.    
Management of 3rd party application support and maintenance and licence agreements.
R,A
C,I
2.    
Ownership of 3rd party application licence agreement contracts.
I
R,A
3.    
Any changes to in-scope applications resulting in impact to 3rd party supplied software will be monitored and reported to the Customer.
R,A
I
4.    
Maintain, adhere and provide recommendations to operational level agreements and relationships with the 3rd party IT Providers.
R,A
C,I
5.    
Review, approve and revise operational level agreements with the 3rd party IT Providers.
I
R,A
6.    
Incident triaging with 3rd party supplier for resolution with end-to-end ownership of meeting service levels.
R,A
I

3.4
Preventative maintenance services
 
Fault Diagnosis, Resolution, Root Cause Analysis and Preventative Maintenance Responsibilities
Service Provider
Customer
1.    
Identify and resolve incidents and problems that prevent applications performing in accordance with required functionality.
R,A
C,I
2.    
Prioritise maintenance activities and recommend corrective actions
R,A
C,I
3.    
Monitoring, trend analysis, benchmarking to identify potential problems or inefficiency.
R,A
C,I
4.    
Conduct review and seek acceptance of maintenance changes.
R,A
C,I
5.    
Ensure preventative measures are reviewed, updated and reported, and maintain all related technical and operational documentation
R,A
C,I
6.    
Review and approval of technical and operational documentation.
I
R,A

3.5
Minor Enhancements of applications
 
Delivering Minor Enhancements
Service Provider
Customer
1.    
Carry out feasibility, impact analysis, development and documentation of approved minor enhancements.
R,A
C,I
2.    
Provide a breakdown of the estimated effort and time to complete minor enhancement.
R,A
I
3.    
Perform appropriate testing (e.g. Unit, System, Integration, Regression) of approved minor enhancements,
R,A
I
4.    
Prioritisation of minor enhancements based on business criticality.
R,A
C,I
5.    
Conduct review of deliverables before production deployment.
R,A
C,I
6.    
Business confirmation and sign-off.
I
R,A

3.6
Release and maintenance activities




 
Managing application changes, Implementing Minor Releases & Patches Responsibilities
Service Provider
Customer
1.    
Service introduction for any changes being deployed in production.
R,A
C,I
2.    
Carry out feasibility and impact analysis prior to implementing patches and releases.
R,A
C,I
3.    
Provide application configuration reports and configuration details to the Customer as requested.
R,A
I
4.    
Identify and source patches from 3rd party support vendors to resolve incidents, problems, meet regulatory changes, improve security and maintain support currency.
R,A
I
5.    
Provide required approvals for the change / release.
I
R,A
6.    
Perform Sanity / Smoke testing to ensure application works as expected after patch installation.
R,A
I
7.    
Monitor, detect and report any system performance degradation post implementation.
R,A
I
8.    
Communicate to users and provide any related training.
R,A
C,I
9.    
Conduct post-implementation review.
R,A
I

3.7
Standards and Policies
Schedule 6 (Standards and Policies) sets out the roles and responsibilities of the Parties for the Application Management Services provided under the Agreement as part of the Services.


4.
Service Environment
4.1
Operating Model
Schedule 2 Annex 1 (Common Services) sets out the definition of the Target Operating Model.
The table below defines the responsibility of the Service Provider’s services delivered for these applications in-scope.
For L1.5 support, please refer to Schedule 2 Annex 3 (Operations and Service Delivery Services) that sets forth the roles and responsibilities of the Service Desk.





App Complexity
Level 2 / Level 3 Incident and Problem Resolution^^, Ad-hoc Requests
Minor Enhancements^^
Catch / Dispatch
The Service Provider’s L2/L3 team will Escalate and triage with the software vendor where applicable.
Not Applicable.
Commercial Off-The-Shelf
The Service Provider’s L2/L3 team shall be the primary resolver, and will
escalate and triage with Commercial Off-The-Shelf vendor where applicable.
The Service Provider’s L2/L3 team shall own primary responsibility, and will
work with Commercial Off-The-Shelf vendor for applicable changes.
Bespoke
The Service Provider’s L2/L3 team.
The Service Provider’s L2/L3 team.
Specialist Support
The Service Provider’s L2/L3 team. **
** For [***] apps, due to IP restrictions, Service Provider shall triage with [***] for resolution only where code fix is required
The Service Provider’s L2/L3 team. **
** For [***] apps, due to IP restrictions [***] shall own the responsibility for Minor Enhancements.
Management Information
The Service Provider’s L2 team and the Service Provider’s MI BT team for L3 resolution.
Note: The Service Provider’s BAU Support team shall be end-to-end responsible to resolve this incident within Expected Service Levels.
The Service Provider’s MI team.
Finance Shared Services (FSS)
The Service Provider’s FSS team.
The Service Provider’s FSS team.
End User Applications – EUC.
The Service Provider’s L2/L3 team.
The Service Provider’s L2/L3 team.
^^ [***].

4.2
Service Priority
Please refer to Schedule 2 Annex 1 (Common Services) that defines the Service Priority matrix

4.3
Resource Roles and Skillset
Resource Roles
Skillset
    Run Service Leads.
    Senior Support Analysts.
    Support Analysts.
    [***].
    [***].
    [***].
    [***].
    [***].
    [***].
    [***].
    [***].
    [***].


The skillset required for supporting the in-scope applications will be validated during the Transition phase.

Schedule 18 (Key Personnel) sets out the Service Provider’s lead roles in delivery of the Application Management services.





4.4
Support Timings
Support services will be delivered to the Customer through the Service Provider’s onshore / offshore delivery model. All the resources will be based at the Service Provider’s or Customer’s offices as required.

The Service Provider On-site resources will be based at the Customer’s offices to provide on premise Business Day support;
The Service Provider’s Run Service Leads for this engagement will be based in the UK and US working from the Customer’s offices as set out in the table below;
The On-site team will provide On-call support coverage for critical and Major incidents outside Business Day support when the Offshore team is not on premise at India ODC; and
Maintenance coverage would be provided to cover the peak business periods occurring during Week, Month, Quarter and Year end.

Schedule 2 Annex 1 (Common Services) sets out he application support coverage.


5.
Tools
Schedule 2 Annex 1 (Common Services) sets out the Tools used for delivering these services.

6.
Pricing
The Application Management Charges are set out in Schedule 10 (Pricebook, Charges and Invoicing) Paragraph 11 (Application Management Charges).

7.
Reporting
Schedule 12 (Governance and Service Management) sets out the mechanism for Operational Reporting for Services provided under the Agreement as part of the Services.

8.
Governance and Escalation
The Service Provider’s ‘Run The Business Lead’ shall act as the single-point-of-contact for all Application Management Services Delivery related escalations, issues and risks. The following review meetings will be held on a Daily and Weekly basis:

Daily Review:

Previous day’s Major incidents, critical updates, status reporting; and
Daily status summary of incidents, problems, SRs and CRs.

Weekly Review:

Items that need immediate management attention;
SLAs & KPIs statistics report discussion; and
Ticket ageing analysis.

The following will be the escalation mechanism for issues related to Application Management services (as set out in Schedule 18 (Key Personnel)).

1st Level - Service Provider’s Run The Business Lead.

2nd Level - Service Provider’s CIO for this ITO contract.

3rd Level – Service Provider’s Head of Insurance UK & Ireland.





9.
Business Continuity and DR
Schedule 16 (Business Continuity and Disaster Recovery) sets out the roles and responsibilities of the Parties for the Application Management Services provided under the Agreement as part of the Services.




SCHEDULE 2 ANNEX 5

CHANGE MANAGEMENT SERVICES

 
1Change Management Services Overview    2
2Service Objectives    2
3Service Definitions    3
4Service Descriptions    8
5Charging    30
6Governance    30
7Appendices    34






1
Change Management Services Overview
This Annex 5 (Change Management Services) to Schedule 2 (Service Descriptions) sets forth the roles and responsibilities of the Parties for the set of Change Management Services that apply to the provision, delivery, and management of all Services within the scope of this Agreement. The Service Provider shall provide the Change Management Services across all Service Towers defined herein and all future Service Areas that are added to this Agreement.

The Parties acknowledge that the Services set out in this Annex are non-exhaustive and if the Customer requires additional Change Management Services then the Customer shall be entitled to request such services [***]. In this instance the request will not become accepted until the Work Request, SOW or Change Control Note has been authorised in accordance with the requirements of this Agreement. The Service Provider shall advise if these require additional Change Management Services and shall be entitled to additional Charges as described in Schedule 10 (Pricebook, Charges and Invoicing).

1.1
The Service Provider will provide:
Services to support Change Projects
Change Project delivery
Centres of Excellence (“COE”) that provide the Customer access to SME’s, tools, accelerators and external partnerships for the relevant technology encapsulated by the COE, and change capacity for BAU and project work as defined within the COE service description:
Duck Creek
Data
Infrastructure & Security
Agile - DevOps
Testing
Guidewire-Claimcenter
Business Applications (e.g. intranet)
FSS (finance shared services)
Resource management
Innovation
New application or Service introduction
Change governance

2.
Service Objectives
2.1
The following are the key high-level Service objectives the Customer expects to achieve through the Service Provider’s provision of the Change Management Services:
reduce costs to the Customer in the delivery of Change Management Services, as measured by the agreed benchmarks for each COE
industrialise and improve cost efficiencies in connection with Change Project delivery;
improve the agility and pace of change teams to deliver business value faster and more efficiently by introducing agile ways of working and DevOps automation;
automate manual processes across the software development cycle;
establish Centres of Excellence to improve quality and accelerate change delivery;
provide professional staff to enable the Flex element of project resourcing on an as needed basis;
increase business satisfaction in outcomes delivered through Change Projects;
introduce a culture of continuous improvement to continually improve Change Project efficiency, value delivered and speed to market; and
recommend and introduce innovative tools, methods and processes to transform Change Projects efficiency, value delivered and speed to market.

3.
Service Definitions
3.1
The Service Provider shall provide Change Management Services required to manage the Service Provider’s services, activities and tasks associated with the Customer’s Change Projects. The following table identifies the Project management services, roles and responsibilities that the Service Provider and the Customer will perform:







Change Management Services Roles and Responsibilities
Service Provider
Customer
Change Management
 
 
Create, maintain and provide all appropriate Project plans, Project timings, any time constraints or material assumptions, and management documentation and management reporting in a form/format that is acceptable to the Customer. The Service Provider shall provide cost estimates for all Work Requests and/ or Statements of Work (SOW).
X
 
Facilitate governance meetings to review technology or business plans and recommend appropriate IT services and projects in support of such plans.
X
 
Maintain appropriate levels of industry knowledge in the Customer’s business to provide support of and recommendations for Projects.
X
 
Maintain and update a list of the Service Provider supported Change Projects, work activities and prioritisation of Change Projects.
X
 
Provide documentation and deliver updates as required for design authority and services governance groups.
 X
 
Management of COE teams and third parties where the Service Provider is responsible for delivery of a Change Project to ensure successful delivery of change.
X
 
Management responsibility for Third Parties where the Service Provider is responsible for a Change Project and a Third Party is involved (provided always the Third Party agrees to the same).
X
 
Responsible for the creation and finalisation of the annual pipeline of Change Projects across BT and IT.
 
X
Where Customer requests, provide initial effort estimates, timeline planning, and dependency mapping for the pipeline of Change Projects across BT and IT.
X
 
Evidence and report on continuous improvement and cost avoidance activities and progress to the relevant ITO board (as described in Schedule 12).
X
 
Change Resourcing
 
 
Provide the Customer with resources for delivering Projects within the Customer Environment. These resources shall not be used for the delivery of other Services.
X
 
Ensure that the Core resources have competencies in the Customer’s technology standards.
X
 
Provide forecasting for Project resource usage quarterly, based on the Project pipeline supplied by the Customer.
X
 
Provide procurement coordination.
 
x
Provide Project management services (if agreed as part of SOW or Work Request).
X
 
Project specific technical documentation services will be provided on demand and described within the deliverables of the relevant project SOW.
X
 
Demand and capacity planning, management, review and reporting for COE and non-COE teams.
X
 
Project Initiation
 
 
High level prioritization and budget agreement.
 
X
Design specifications (which are appropriate for the delivery methodology being used), high level schedule, and delivery prioritisation of Change Projects.
X
 
Prepare SOW or Work Request proposals which will include but not be limited to the following based on whether the Project is related to Agreement, Services or Project:
deliverable(s) to be provided;
detail delivery methodology being used;
technical approach and solution in adherence with the enterprise architecture blueprint and principles;
total number and type(s) of any equipment, Software, or other materials required for the Change Project and ongoing support; and
scope, timeline and cost (FTE).
X
 




Implement Project plans as requested by the Customer and in accordance with applicable Customer’s EPMO standards. Such implementations will include but not be limited to the following:
total number and type(s) of FTEs required based on deliverables;
expected Project schedule and any time constraints; and
total effort and cost spent on the implementation of the Project and whether the cost is included in the monthly Change Management Charges.
X
 
Review and approve Project proposals (SOWs and Work Requests) and plans.
 
X
Work collaboratively and coordinate with other Customer partners and other 3rd parties to successfully deliver Projects in accordance with the Customer’s enterprise architecture standards and governance and defined in Schedule 12 (Governance and Service Management).
X
 
Make any changes related to the Project in accordance with the Contract Change Control Procedure and gain required approvals.
X
 
Identify scope changes and propose alternatives and, if necessary, provide appropriate change documentation.
X
 
Approve Project changes to scope, schedule, pricing, services and/or Deliverables.
 
X
Use project management Tools and methodologies, which employ a regular reporting mechanism to identify tasks, develop and present status reports, and identify potential risks and problems.
X
 
For Change Projects, communicate accurate project status as part of standard project management meetings, or other such meetings, as agreed with the Customer.
X
 
Develop, maintain and update project plans and weekly, monthly reports per Project in accordance with Schedule 12 (Governance and Service Management) and the SOW.
X
 
Maintain an exception log (RAID), identify mitigation and institute corrective action against the plan for Change Projects if needed.
X
 
Create Project implementation document and submit to the Customer’s electronic document management system or such other system as specified by the Customer.
X
 
Review and approve Change Management Services-related Deliverables.
 
X


3.2
Change Management
3.2.1
The Change Management Service includes a team to manage the project office, portfolio planning, resource management, SOW production, Project support and Project close to ensure that the Customer is provided with an end to end Change Management Service.
3.2.2
The Service Provider will support the Customer in its annual portfolio planning cycle and, where requested by the Customer, provide scoping and design input for Project Brief.
3.2.3
If requested by the Customer, the Service Provider will be responsible for drafting the business case/ Project Brief for a Change Project using the templates provided by the Customer. The Service Provider will expect the Customer to provide support in drafting and agreeing the business case / Project Brief. The completed business case / Project Brief will, depending on size, be taken by the Customer to the relevant Change forum for approval and prioritisation.
3.2.4
Where the Customer has produced a prioritised list of Change Projects, the Service Provider will provide the Customer with annual and quarterly delivery roadmaps based on the Customer’s approved list of Change Projects.
3.2.5
The Service Provider will complete rolling 3-month portfolio planning reviews to manage progress against baseline and to inform the rolling resource demand and capacity planning.
3.2.6
The Service Provider will provide a view on offshoring, productivity, delivery efficiency, automation and agile team velocity improvements on a quarterly basis to evidence the improvements in the Change pricebook, whilst understanding that the Customer business demands may need additional resources to enable delivery of the change portfolio / change pipeline.




3.2.7
The Service Provider will maintain an estimating model(s) for each COE to assist in the sizing of Minor Enhancements and Small Projects and indicative estimates for complex Small and Large Projects. Such models to be reviewed on at least an annual basis, or following the delivery of a Large Project.

3.3
Change Projects
3.3.1
The definition of a “Change Project” is a change to services, with a specific goal, deliverables, a timeline (with a definitive start and end) and a budget, which is to be performed outside of the regular business operations. This means any non-continuous work to be performed by the Service Provider for the Customer, including (but not limited to) technology deployments, implementations or the roll-out of trials, version upgrades, systems and technology upgrades, application upgrades, migrations, commissioning & de-commissioning of servers/ sites/ databases, IMAC/D projects, pilots, functional upgrades, new systems delivery, process upgrades or consulting projects expressly approved by the Customer in a Work Request or Statement of Work, and which relate to services that are not described in the other Annexes to Schedule 2 (Service Descriptions). Any activity classified as “Project” (Large or Small) will be governed by this Annex.
3.3.2
A Change Project is typically for the introduction of new or a major change to existing applications or services such as installation, upgrades or decommissioning activities. Some of the examples of work classified as Projects are:
introduction and transition of new products in addition to the product list base lined during the Transition period;
Change Requests as part of the planned Project activity like technology refresh and technology upgrade;
A major and/or complex Change that needs a dedicated project manager to coordinate the work with multiple parties outside the Service Provider’s and/or the Customer’s teams; and
Any bulk service request (e.g. windows upgrade).
3.3.3
The Service Provider may be asked by the Customer to deliver 3 types of Change initiatives as described in the below table;

Type
Size
Minor Enhancement
Equal to or less than 32 person hrs
Small Project
Greater than 32 person hrs and equal to or less than $50,000
Large Project
Greater than $50,000

3.3.4
Minor Enhancements will only be processed by the Change COE’s if the customer service lead determines that there is insufficient capacity within the relevant Run Services team to be able to deliver the requested Minor Enhancements on a timely basis. The process for managing capacity in relation to this is further described in Paragraph 4.6 and 4.10.

3.4
Centres of Excellence
3.4.1
The Service Provider will provide the Customer with an agreed set of Centres of Excellence. These Centres of Excellence will provide the Customer access to subject matter experts, tools, accelerators and access to external partnerships to enable the Service Provider to design, deliver and implement (incl. integration) application changes and Change Projects into production. The Centres of Excellence will drive a continuous learning and improvement agenda to provide the Customer with ongoing improved quality, speed to market and better business outcomes.

3.5
Existing Centres of Excellence
3.5.1
Where the Customer has an existing Centre of Excellence the Service Provider will replace the Customer’s existing teams (using a mix of TUPE and new resources) and enhance the Customer’s local capability. The Service Provider will provide the Customer with a global support, enhancement and development capability.
The Customer’s existing Centres of Excellence are as follows;
Duck Creek
Data
Infrastructure & Security
Business Applications (provided currently by a combination of Service Provider and Customer resources)

3.6
New Centres of Excellence




3.6.1
Where the Customer does not have a current Centre of Excellence the Service Provider will establish a new global Centre of Excellence which will provide the Customer with a support, enhancement and development capability.
3.6.2
The new Customer’s Centres of Excellence will be as follows;
Agile - DevOps
Testing
Guidewire-Claimcenter
FSS

3.7
Core and Flex Resources
3.7.1
In providing the Change Management Services and COE team services, the Service Provider will provide resources that will be split between Core and Flex. The suggested mix of Core and Flex is set out in the Price Book.
3.7.2
Core resources are a mix of dedicated, skilled subject matter experts across the Customer’s application and infrastructure landscape which will deliver the range of activities summarised below, whilst retaining the knowledge of the Customer’s business and IT estate:
frameworks, methods, automation and continuous improvements;
delivery of Small Projects, Minor Enhancements and BAU within the capacity available; and
support the delivery of Change Projects
3.7.3
The number of Core resources will be agreed by the Parties each year for each COE based on skillsets required and project / work pipeline and reviewed/ changed on a quarterly basis.
3.7.4
Flex resources are those resources that the Customer will ask the Service Provider to provide on an ‘as needed’ basis to support Change Projects. Flex resources will be agreed as part of the regular quarterly planning cycle and will be assigned to a specific COE, change team or SOW.
3.7.5
Each year the Service Provider will agree with the Customer a baseline number of resources who will be the Core team. The baseline structure of the Core team will be reviewed on a 3 month rolling basis with the Customer as part of the quarterly planning cycle. The charging approach for the Core team is described in Schedule 10 (Pricebook, Charges and Invoicing) at Section 13.
3.7.6
The Service Provider will provide the Customer with additional Flex resources on an ‘as needed’ basis when the Customer agrees that the Core team is unable to fulfil the change requirement within its existing capacity, or in response to a new SOW.
3.7.7
The Service Provider will detail resources as part of completing the Work Request or SOW template, as per estimating method described in section 4.9. This detail to include the split between Core and Flex resources. Flex resources will be charged in accordance with the delivery approach and charging option agreed between the Parties for the Change as described in Schedule 10 (Pricebook, Charges and Invoicing) and the associated Appendices 10C, 10G and 10I.

3.8
Innovation
3.8.1
Innovation Pool - The Service Provider has made available to the Customer a $[***] innovation credit investment which will be distributed evenly across each year of the 5-year Term. The intent of this fund is to provide the Customer a monetary amount from which they can draw upon to provide access to resources within the Service Provider’s London Collaboratory space to co-create ideas and prototypes as innovation projects. The mechanics of how this is proportioned for each Contract Year is described in Schedule 10, paragraph 21.

3.9
New Application or Service Introduction
3.9.1
New Application or Service Introduction is the process by which a new application or service is signed off as a Change Project or Transformation Project and then moves into production via the implementation and closure phases. During this process ownership is transitioned from the relevant COE, change or Change Project team into the relevant services tower, or as a new services tower.

4.
Service Descriptions

4.1.
Change Management
4.11.1
The Change Management Service will be established as a global capability, with an integrated service model primarily run using resources based in the UK and supported by teams in the US and off-shore in India.
4.11.2
The Change Management Service will provide support to the Customer for the development and designs for discretionary and non-discretionary change by leveraging access to the Service Provider’s consultancy COE to understand new regimes and then produce assessment approaches and recommendations for the Customer’s business stakeholders to consider.




4.11.3
The Service Provider will collaborate with the Customer’s EPMO function to provide delivery and design support and oversight in accordance with the Customer Change Authority described in Schedule 12 (Governance and Service Management) in the following areas across the software development lifecycle of all projects and programmes:
Programme Governance & Management;
Technology Governance
Functional Governance;
Quality Governance;
Process Governance; and
Resource Demand and Capacity Management.
4.11.4
The PMO will provide processes, frameworks and reporting timelines for all activities managed within the Agreement. This will include the provision of reporting packs for all the appropriate governance forums as defined in Schedule 12 (Governance and Service Management), to include the reporting of progress for benefits levers.
4.11.5
The Change Management Service team will be required throughout the period of the Agreement. The Service Provider and Customer will jointly decide the appropriate size of the Core / Flex team depending on the work forecast, projects in progress, size of COE’s and technology/ domain/ application knowledge retention. The size and roles within the Change Management Services team will be reviewed on a rolling 3 month forward-looking basis. The team will be staffed based on the following criteria;
Change Project work pipeline;
Business / Customer knowledge;
Specialist technical skillset (not incorporated within the other COEs);
Enterprise architect capability;
Project / program management capability;
Third party management for Change Projects;
Resource management;
Project Management Office;

4.2.
Portfolio Planning
4.2.1
Each year the Customer will run a planning process to review all of the proposed projects from the business and IT. The output from this planning process will be an agreed portfolio plan with a view of which projects should commence each quarter for the following year. For the avoidance of doubt, the portfolio plans will not be a commitment of work to the Service Provider.
4.2.2
From the year 2019 the Service Provider will provide its IT expertise input into the portfolio planning process. This may include ideas, indicative costs and timescales for improvement initiatives to both Run and Change Services or projects where the Customer would benefit.
4.2.3
The portfolio plan will be reviewed each month at the IT Delivery Board to update on projects in progress and to provide visibility of the projects expected to start in the next quarter, noting that the Customer will advise which projects the Service Provider should prepare to provide a SOW or Work Request to deliver. This visibility will assist the Service Provider with resource planning.

4.3.
Change Initiation
Change initiatives can be received into the team via four routes:
Work Requests (prior to formal approval and sign off) logged in [***] assigned to the COE by the Customer COE lead
Project Briefs, in respect of Projects on the Customer portfolio plan assigned to the COE by the Customer COE lead
Instructions from Customer Change forums, these could be in the format of a Work Request or a Project Brief
Customer-issued RFI/ RFP

4.4.
Small Projects requested by Customer
4.4.1
A Small Project, as defined in section 3.3.3, will be presented to the Service Provider COE lead a Project Brief.
4.4.2
he details provided by the Customer in the Project Brief should be sufficient to enable the Service Provider to define a solution and estimation of effort and timescale to deliver the change as further described in section 4.9 below If the detail is insufficient, the Service Provider will contact the requestor to provide the required details.




4.4.3
Once the Service Provider has sufficient details, the Service Provider will ‘accept’ the Small Project as a work item in [***] and either update the Project Brief or produce a new SOW using the template as detailed in Schedule 20 Appendix 20-A (Pro forma SOW), to confirm solution, delivery approach, estimated effort for delivery, resource requirements (Service Provider, Customer and any third parties) and propose a schedule for delivery. The completed Work Request or SOW is expected to be delivered by the timeframes stated in Schedule 3 Appendix 3-A (KPI-SLA).
4.4.4.
For a Small Project, it would be expected that an SOW would be produced should the level of complexity present a higher level of risk, represented by any of the following criteria:
The end to end Customer expected external spend for the Change Project being greater than $50,000
Any system integration work being required
More than one application being in scope of the project
More than one area of specialist resource being required, such as Duck Creek or Guidewire-Claimcenter
Multiple (more than 1) 3rd parties required to deliver the project
The project presents a medium or greater level of risk to the Customer.
4.4.5
The SOW / Work Request will be discussed and agreed with the requestor and, if required by the Customer, the Service Provider will support the Customer COE lead in presenting the proposal to the relevant Change boards for review and agreement (see section 4.1 and 6 for governance).
4.4.6
Should the Service Provider COE lead determine that the COE will not have sufficient available resources to deliver the Small Project in a timeframe acceptable to the Customer, then this will be escalated to the Customer COE lead to determine if the priorities of other COE scheduled work can be adjusted, or if additional Flex resources are to be added. Should Flex resources be agreed, then the Service Provider is responsible for finding and securing these for the COE.
4.4.7
If the Small Project is proposed as a new SOW, then this SOW will need to be agreed by the requestor and/or the Customer COE lead and then further reviewed and agreed by Head of Procurement prior to sign off and allocation to a Service Provider project manager for delivery. It should be expected that these Small Projects will be resourced predominantly from Flex resources, and the Service Provider is responsible for finding and securing these for the Project.

4.5.
Large Projects Requested by the Customer
4.5.1
A Large Project, as defined in section 3.3.3, will be formally instructed by the Customer to the Service Provider COE Lead by either a Project Brief or an RFP. Should the Customer wish to initiate the Service Provider to produce an SOW for a Large Project, they will notify the Service Provider to arrange with the appropriate Customer stakeholders for a project kick off meeting at the earliest convenient time. The Service Provider should always invite the Customer Project Manager, COE Lead and Procurement Manager to this meeting.
4.5.2
The project kick off meeting will be for the purpose of the Service Provider gaining sufficient understanding as to the scope, requirements, deliverables, timescales and constraints of the Change Project to enable the Service Provider to provide an initial draft of the SOW and DCB to the Customer for their review and consideration. It is accepted by both Parties that the project kick off meeting might not be the only meeting required and this could be an iterative process of information being provided and various meetings until the Service Provider has sufficient information to provide the draft SOW and DCB.
4.5.3
The details provided by the Customer in the process described in section 4.5.2 and Project Brief / RFP should be sufficient to enable the Service Provider to define a solution and estimation of effort and timescale to deliver the Change Project. If the detail is insufficient, the Service Provider will contact the requestor to provide the required details.
4.5.4
Once the Service Provider has sufficient details, the Service Provider will ‘accept’ the Large Project as a work item in [***] and will produce a new SOW and DCB to confirm solution, delivery approach, estimated effort for delivery, resource requirements (Service Provider, Customer and any third parties) and propose a schedule for delivery. The production of the SOW and DCB is expected to be delivered by the timeframes stated in Schedule 3 Appendix 3-A (KPI-SLA).
4.5.5
Where the Parties agree that the project is of very high complexity, the Service Provider will initially provide an indicative SOW and DCB (as described in section 4.8 below) (Phase 1 SOW), where appropriate with differing delivery/solution options, to assist the Customer in being able to decide which solution they require. Upon receipt of this indicative SOW and DCB, the Customer will evaluate/review and where required discuss to further refine the options or an option with the Service Provider, until a decision is reached on how the Customer wants to proceed. Should the Customer wish to proceed with one of the solution options, they will request a second and more detailed SOW and revised DCB on the chosen delivery/solution option from the




Service Provider (Phase 2). In this event the phase one and phase 2 SOWs will be delivered by the timeframes stated in Schedule 3 Appendix 3-A (KPI-SLA).
4.5.6
The Service Provider is to confirm in writing once it has sufficient detail to produce the SOW and DCB and at the same time create the work item in [***]. It is at this point the measurement period starts in relation to the service levels APP-01 and APP-02 starts. It is only upon receipt by the Customer requester of a complete draft SOW and DCB (bearing in mind the two phased process for very high complexity projects) that the time measurement period stops.
4.5.7
Upon both Parties reaching agreement on the final drafting in respect to the scope, requirements, deliverables, timescales and constraints of the SOW, the Service Provider will immediately submit the SOW to its commercial team for final review and contractual drafting, returning an executable version of the SOW to the Customer within 5 Business Days. Upon receipt, the Customer’s procurement and/or delivery team will review or agree any changes before the Parties look to execute the SOW, once in total agreement on the SOW drafting and content. At this point the Service Provider will sign the SOW within 2 Business Days from request by the Customer.
4.5.8
If requested by the Customer, the Service Provider will support the Customer COE Lead and/or project manager in presenting the proposal to the relevant Change boards for review (see section 4.1 and 6 for governance).
4.5.9
The SOW and DCB will need to be reviewed by Head of Procurement and then depending upon size the SOW may be presented and reviewed by further Customer boards. Should the project be competitive the Customer will advise if the project is to be awarded to the Service Provider.
4.5.10
If awarded the project, or if sole bidder, and the SOW and DCB is agreed by the Customer, then the Service Provider will assign a project manager for delivery. Large Projects will be resourced predominantly from Flex resources, and it would be expected, would have input from one or more of the Service Provider COE resources to provide valuable Customer environment experience into the project.
4.5.11
The Service Provider is responsible for finding and securing resources required for the project, including discussions and agreements with any third parties required for delivery success.
4.5.12
If the Customer decides to not award the project to the Service Provider then the Customer will manage this project with the third party. The Customer will provide the Service Provider with a Project Brief for any work required from the Service Provider to provide IT support to deliver this third party project and / or ongoing support for any new applications.

4.6.
Minor Enhancements requested by the Customer to be handled as change
4.6.1
Minor Enhancements will usually be handled within the appropriate change capacity within the Run Services team. However, should the Customer’s COE Lead decide that the capacity within the Run Services team be insufficient for handling these Minor Enhancements then these will be allocated to the relevant Service Provider COE Lead for estimating and scheduling.
4.6.2
hese requests will be recorded in [***] and the details on the [***] request should be sufficient for the solution to be proposed, estimated and scheduled. If insufficient, the Service Provider will contact the requestor to provide the required details.
4.6.3
Once sufficient details are provided the Service Provider will ‘accept’ the Minor Enhancement as a work item in [***] and update the request to confirm solution and estimated effort for delivery and propose a schedule for delivery with existing or Flex COE resources.
4.6.4
The Customer owner of the COE will review the Minor Enhancement proposal and if acceptable will confirm agreement so that the Service Provider COE can proceed with delivery.
4.6.5
Should the COE not have sufficient available resources to deliver the Minor Enhancement in a timeframe acceptable to the Customer then this will be escalated to the Customer COE Lead to determine if priorities of other scheduled work can be adjusted or additional Flex resources are to be added.

4.7.
Change initiatives approach
4.7.1
The Service Provider will collaborate with the Customer and use the existing governance templates, reports, processes and guidelines as described in the Customer’s Project Management Framework Toolkit for waterfall projects. The Service Provider will, in agreement with the Customer, introduce new artefacts for agile projects.
4.7.2
The Service Provider will follow the Customer’s STOAD process as detailed in Schedule 6 (Standards and Policies) for any additions to IT operations support and maintenance.
4.7.3
The Service Provider will present or support proposed solutions to any of the Change Authorities.
4.7.4
Where the Service Provider is responsible for Large Projects it will establish individual project boards which will be used as the day-to-day means to govern and manage a project in line with the Customer’s existing project governance, with progress reporting and RAID management to the Service Provider PMO.
4.7.5
The Service Provider will create a new resolver group in [***] to allow all change initiatives to be registered irrespective of size.




4.7.6
The Service Provider will, over the duration of the contract, encourage a move to more agile ways of working and will at times recommend changes to the Customer’s Project Management Framework. The Service Provider will only implement the recommended changes on formal approval from the Customer.
4.7.7
The below table is the overarching principle for RASCI in Change Projects across the software development lifecycle phases as described in the Customer project management framework toolkit. However, more detailed and defined RASCI’s will be agreed and included within each Work Order or SOW, which could differ from this:
R - Responsible - for execution or delivery of the phase
A - Accountable - for approval to entry/exit of a stage gate boundary
S - Supporting
C - Consulted
I - Informed
a1.jpg

*R - where Customer is responsible for UAT and/or Model Office Testing
4.7.8
The Customer may request changes to the above RASCI via the Contract Change Control Procedure or as required for any Change Project via the Work Request or SOW. In either case the Service provider cannot unreasonably deny this request.
4.7.9
The Service Provider will use a mix of the following delivery methodologies and approaches depending on suitability for a given Change initiative. The chosen delivery methodology will be included in the Work Request or SOW and approved by the Customer:
PRINCE2 - Agile.
SAFe 4.5.
Scrum.
Waterfall.
Scrumban.
Kanban.
Hybrid.
4.7.10
Where the Service Provider is responsible for a Change Project they will provide PIDs (or equivalent project kick off document appropriate for the delivery methodology), project plans and weekly, monthly and quarterly status reports in accordance with applicable Customer’s EPMO’s standards, guidelines and templates.
4.7.11
Where the Service Provider is not responsible for a Change Project the Customer is responsible for integration of the third party plans into the overall portfolio release plan.

4.8.
Detailed Cost Breakdown (DCB) for Large Project SOWs
4.8.1
As part of completing the SOW template the Service Provider will provide the Customer with a detailed cost breakdown. The specific contents and format of the DCB will be agreed between the Parties within two months from the Effective Date of this Agreement. It is accepted by the Service Provider that should the Customer require more than one DCB to cater for different types of pricing models, as described in Appendix 10-C of Schedule 10 (Pricebook, Charges & Invoicing) and/or for different delivery methodologies (section 4.7.9 above), then the Service Provider will produce these as reasonably required by the Customer.
4.8.2
The objectives of the DCB(s) will be to provide the Customer with the following:
Complete transparency of all costs that make up the charges for a Large Project SOW.
If requested by the Customer, the DCB’s must include any of the following:
Details of all estimates using bottom up and top down approaches to mitigate any potential delivery risks
Cost by deliverable, showing hours/ days required to produce each deliverable and broken down by each resource role type needed to produce that deliverable, and also the tasks/activities associated with producing the deliverable
Cost by activity, showing estimated hours/ days over time and broken down by resource role type needed to complete the activity/task and/or deliverable.




Estimated resource effort over time by role type
Detail any non-resource costs separately
Any estimating requirements detailed in section 4.9.
Demonstrate to the Customer the estimating models, so that the Customer has confidence in the viability and accuracy of the Service Provider outputs for the Large Project.
All estimates are provided with a full work breakdown structure and necessary detail.

4.8.3
Where there are re-occurring deliverables that can be reasonably standardised, the Parties will work together to produce standard pricing for these deliverables to provide greater cost certainty and assurance of value for money from the Service Provider’s delivery. This may be agreed via the Contract Change Control Procedure.

4.9.
Estimating
4.9.1
The Service Provider accepts that it will work with the Customer to improve the estimating of projects over the Term as reasonably requested by the Customer. Significant changes in the estimating process or requirements may result in a change to this Annex via the Contract Change Control Procedure.
4.9.2
For changes being introduced using a waterfall delivery method, the Service Provider will provide an initial project estimate and then formally provide estimate updates for each stage gates of the software development lifecycle e.g. initiation, triage and proposal.
4.9.3
For changes being introduced using a hybrid / agile delivery method, the Service Provider will provide an initial project estimate and then formally provide estimate updates for each stage gates of the software development lifecycle e.g. initiation, triage, proposal and implementation.
4.9.4
For Change Projects the Service Provider will use a number of different approaches to estimating depending on the information available and stage in software development lifecycle and delivery approach as follows:
Experience based comparative estimations using benchmarked examples e.g. Triage;
Subject matter expert product specific estimates using product specific templates e.g. Duck Creek, Guidewire-Claimcenter;
Subject matter expert/architect based estimating using industry recognised standards for the code and unit test stage with industry metrics to extrapolate out the remaining software development lifecycle stages to cover end-to-end software development as per the table below;

SDLC Stage
% of overall estimate
Design - Functional & Technical
20
Baseline benchmark - Code &UT
45
Testing - Functional & UAT
25
Go Live & Warranty
10

Agile - planning poker and comparative estimation using benchmark examples of sizing. The benchmark size examples will be agreed as part of creating the definition of ‘ready’ for agile project.

4.10.
Core and Flex - Resource Demand and Capacity Management
Not to the contrary to anything in Schedule 10 (Pricebook, Charges & Invoicing), paragraphs 13 and 18, this section describes how the Parties will manage the demand and capacity required for the Core and Flex COE resourced deployment. The diagram below provides a visual view as to how the model works.
Fig 2.




annex52.jpg
 
4.10.1
The resource demand forecast will be reviewed and approved by the ITO delivery board as described in Schedule 12 (Governance and Service Management).
4.10.2
The Service Provider will take the quarterly demand plan and produce a 3 month forward looking capacity plan which will detail roles, rates and availability for the scheduled Change Projects and COE activities.
4.10.3
Following successful transition of Change Management Services, the Service Provider will develop over the first service year, demand and capacity plans with the following levels of accuracy (for scheduled work);
90% forecast accuracy for resources needed in the next 3 months;
60% forecast accuracy for resources needed for the 9 months following the next 3 months
4.10.4
Where additional Change Management or COE Flex resources are forecasted to be needed, the Service Provider, depending on generic or niche skills, may take up to 4-8 weeks at onshore and 2-6 weeks at offshore. This should not impact commencement of Change Projects due to the 3 month rolling forecast schedule.
4.10.5
The Service Provider will also monitor and report on actual resource usage versus demand on a quarterly basis to the ITO Delivery Board.
4.10.6
The Service Provider will provide weekly time sheets for all its charged staff being deployed to the Customer for Change Management Services, excluding those that are deployed under a fixed price SOW or Work Request. The time sheets will detail the specific project, Work Request or SOW, the role type, with time spent in hours on this work and any other relevant information that maybe reasonably required by the Customer. The timesheets will be submitted to the Customer using the Customer’s timesheet tools and processes. The purpose of these timesheets is to provide the Customer with complete transparency as to what activities/ tasks the Service Provider’s staff are working on, so the level of detail on the submitted timesheets must provide for this. Additionally, this will help to enable both Parties to manage demand effectively and efficiently. It is the Customer’s responsibility to set up and provide access to its timesheet system to enable the Service Provider’s teams to populate it to the level required.
4.10.7
Changes to the agreed resource requirements (excluding new SOW resourcing) will be handled via the Contract Change Control Procedure as described in Schedule 13 (Contract Change Control Procedure) sections 3 and 4. The Service Provider will complete the Change Request template and present it for approval to the ITO Delivery Board.
4.10.8
The optimisation of the resource model will be based on using the data points from resource planning and forecasting, estimation models, timesheets and reviewing actual efforts against estimates.

4.11.
Inflight Projects
4.11.1
The Service Provider will create a single SOW using the template detailed in Schedule 20 Appendix 20-A (Pro forma SOW) to detail the deliverables and cost to cover all Inflight Projects as per the agreed list in Schedule 10 Appendix 10-F. In the event that the Customer believes it to be more appropriate, due to size complexity, to enter into a separate SOW for any of the projects on the In-Flight Projects list, then the Service Provider must create one for the Parties to agree.




4.11.2
Inflight Projects will charged as described in Schedule 10, paragraph 19.
4.11.3
Inflight projects will have usual reporting change governance as per section 4.1 and 6.
4.11.4
Inflight projects will follow the Contract Change Control Procedure detailed in Schedule 13 (Contract Change Control Procedure).

4.12.
Centre of Excellence - Duck Creek
4.12.1
The Duck Creek COE will be established as a global capability, with an integrated service model providing on-shore resources in the US supported by an off-shore team in India. The COE will employ a cross time-zone working model to co-ordinate development and support activities across the teams.
4.12.2
The Service Provider will leverage knowledge and capability from existing transferring Customer resources as well as provide additional Service Provider resources to the COE Core team.
4.12.3
The Service Provider will leverage its existing knowledge repositories and competency covering the entire technical landscape of the Duck Creek product implementation including policy, templates, billing, and claims to create new and updated best practice approaches.
4.12.4
The Service Provider will leverage its comprehensive Product Training University and will work closely with Duck Creek to keep training relevant with the latest changes to the product and suggest recommendations for improvements or upgrades to the Customer
4.12.5
The Service Provider will ensure that the Duck Creek COE has the correct mix of skills to be able to support both run and change support for Duck Creek application users, as this team will handle BAU support requests, small and large project changes, from request through testing and post implementation support.
4.12.6
To optimise resource use efficiency, the COE will use the Service Provider’s release demand capacity framework to match demand and capacity across the Core and Flex teams. The framework analyses historical demand and effort data, demand variability and capacity planning metrics to build forward demand projections.
4.12.7
The Service Provider will provide the Customer with a specialised support, enhancement and development capability for its Duck Creek solution.
4.12.8
The Duck Creek COE will provide the following service enhancements and improvements over the Term of the contract:
Design, deliver and implement (incl. integration within Duck Creek or ABS to external applications, data sources) Change Projects.
Process standardisation - implementation of templates, checklists, estimations and reports.
Update and expand the Customer’s existing governance and implementation for new products.
Creation of new and enhancement of existing reusable assets.
Stabilize the application and services to improve availability.
Provide estimates and resource planning inputs for Change Projects.
Enhance test automation and testing improvements as recommended by the Testing COE.
Optimise the service levels year on year via a managed innovation framework.
Implement knowledge management and Known Error Database enrichment.
Recommend and implement the Service Provider’s tools and accelerators.
Improve resource demand and capacity planning.
Introduce a culture of continuous improvement for efficiency, value delivered and speed to market, including DevOps improvements as recommended by the Agile - DevOps COE.
Establish new resource on-boarding training material.
Provide run support for Minor Enhancements and BAU
4.12.9
Duck Creek levers to enable benefits
During COE setup the Service Provider will confirm with the Customer the ongoing metrics required for measurement and the timeframe required for establishing the initial benchmark/ baseline by reference to which the achievement of benefits will be measured. The Change Management governance (section 4.1 and 6) will incorporate quarterly reviews of measurement against KPI’s post benchmark agreement.




Lever
Tool or Accelerator
How the benefit will be achieved
Cost
[***].
[***]
Speed
[***]
[***]
Quality
[***]
[***]

4.13.
Centre of Excellence - Data
4.13.1
The Data COE will be established as a global capability, with an integrated service model providing on-shore resources in both the US and UK supported by an off-shore team in India.
4.13.2
The Service Provider will provide the Customer with a specialised support, enhance and development capability for data.
4.13.3
The Data COE will provide the following service enhancements and improvements over the lifetime of the contract:
Design, deliver and implement (incl. integration) BI /MI Change Projects.
Design and implement data integration and business intelligence reporting capabilities as per any project requirement.
Respond to ad-hoc queries from business users relating to data management information.
Introduce standardisation of MI and BI tools and processes.
Work as a bespoke servicing and knowledge centre across different MI projects.
Be the centralised knowledgebase across the current and future MI/BI landscape and architecture.
Enhance test automation and testing improvements and performance assessment as recommended by the Testing COE
Enhance resource demand and capacity planning.
Provide estimates and resource planning inputs for Change Projects.
Establish new resource on-boarding training material.
Support all BI and MI BAU requests.
Introduce a culture of continuous improvement for efficiency, value delivered and speed to market, including DevOps improvements as recommended by the Agile - DevOps COE
Respond to and resolve data related issues that have been identified via L1 and L1.5 monitoring.
Cross train resources with required skills as needed.
This COE will support the construction and execution of the Customer’s emerging data strategy.
4.13.4
EDW and DataHub Support
The Data COE will provide the following service enhancements and improvements over the lifetime of the contract in respect of specific EDW and DataHub needs:
Support and enhance EDW and DataHub teams with current technologies.
Respond to ad-hoc queries from business users relating to EDW and DataHub.
Work as a bespoke servicing and knowledge centre across different EDW projects.
Be the centralised knowledge base for the existing and future EDW and DataHub landscape.
Optimise EDW and DataHub areas for performance and standardisation.
Support End User requirements for EDW.
Establish data quality and data governance principles.
Coordinate and collaborate with business users for the availability and quality of data in EDW and DataHub in conjunction with the Customer.
Complete regular health checks of EDW and DataHub and provide the Customer with reports and recommendations.
Coordinate and collaborate with other Applications/Systems from where data is integrated into EDW and DataHub to ensure successful project or change delivery.
4.13.5
Program Automation
The Data COE will provide the following service enhancements and improvements over the lifetime of the contract in respect of program automation that would be developed for usage across other COEs and/ or Services:
Design, deliver and implement (incl. integration) Change Projects.




Support and enhance program automation teams with current technologies.
Define the program automation governance model, delivery structure & roles for Run Services and COEs.
Work as a bespoke servicing and knowledge centre across different program automation projects.
Be the centralized knowledge base for the existing and future program automation landscape.
Provide estimates and resource planning inputs for Change Projects.
Optimise program automation areas for performance and standardisation.
Support End User requirements for program automation.
4.13.6
Data levers to enable benefits
During COE setup the Service Provider will confirm with the Customer the ongoing metrics required for measurement and the timeframe required for establishing the initial benchmark/ baseline by reference to which the achievement of benefits will be measured. The Change Management governance (section 4.1 and 6) will incorporate quarterly reviews of measurement against KPI’s post benchmark agreement.

Lever
Tool or Accelerator
How the benefit will be achieved
Cost
[***].
[***]
Speed
[***]
[***]
Quality
[***]
[***]

4.14.
Centres of Excellence - Infrastructure & Security
4.14.1
The Service Provider will provide the Customer with an Infrastructure & Security COE to provide Minor Enhancement, Small Project and Large Project capability.
4.14.2
The Service Provider will run this COE on a capacity based agreement with the Customer and employ a working model to co-ordinate, plan, design and support activities across the Infrastructure & Security and other change teams.
4.14.3
This COE will provide the following service enhancements and improvement:
Digital & security enhancement;
Support the Customer technology architect to define strategic directions;
Work with the Customer to define a technology roadmap;
Assist in defining technology upgrade / replace business case;
Regular health checks and recommendations including addressing the outcome of the regular health checks as described in Schedule 2 Annex 3 (Operations and Service Delivery) section 3.1.2 as needed;
Provide a neutral view of the technology through the Service Provider technology office;
Conduct tech days / roadshows for the Customer;
Delivery and enablement of environments, release management and configuration management capabilities for all Change Projects, in accordance with Customer processes for change and release activities provided to the Service Provider during Transition;
Provide access to the Service Provider technology labs;
Enhance resource demand and capacity planning;
Provide estimates and resource planning inputs for Change Projects; and
Be responsible for the annual technology refresh implementations on the pipeline projects.

4.15.
Infrastructure & Security levers to enable benefits
4.15.1
During COE setup the Service Provider will confirm with the Customer the ongoing metrics required for measurement and the timeframe required for establishing the initial benchmark/ baseline by reference to which the achievement of benefits will be measured. The Change Management governance (section 4.1 and 6) will incorporate quarterly reviews of measurement against KPI’s post benchmark agreement.




Lever
Tool or Accelerator
How benefit will be achieved
Cost
The Service Provider over the contract lifetime will optimise the Core COE FTE headcount and transition roles from onshore to offshore in agreement with the Customer.
Offshoring resources

4.16.
Centres of Excellence - Business Applications
4.16.1
The Service Provider will provide the Customer with a Business Applications COE to provide Minor Enhancement, Small Project and Large Project capability.
4.16.2
The Service Provider will run this COE on a capacity based agreement with the Customer and employ a working model to co-ordinate, plan, design and support activities across the Business Applications and other change teams.
4.16.3
This COE will provide service enhancements and improvements as described in Schedule 2 - Annex 4 (Application Management Services) and Schedule 2 Annex 1 (Common Services).
4.16.4
Business Applications levers to enable benefits;
4.16.5
During COE setup the Service Provider will confirm with the Customer the ongoing metrics required for measurement and the timeframe required for establishing the initial benchmark/ baseline by reference to which the achievement of benefits will be measured. The Change Management governance (section 4.1 and 6) will incorporate quarterly reviews of measurement against KPI’s post benchmark agreement.
Lever
Tool or Accelerator
How benefit will be achieved
Cost
Offshoring Resources - The Service Provider over the contract lifetime will optimise the Core COE FTE headcount and transition roles from on-shore to off-shore in agreement with the Customer.
Offshoring Resources
Reduction in FTEs
Continuous Improvement
As described in Schedule 2 Annex 1 section 2.1.8
Increased productivity
Improved software quality

4.17.
Centres of Excellence - FSS
4.17.1
The FSS COE will be established as a new COE capability, with an integrated service model providing on-shore resources in the UK supported by an off-shore team in India.
4.17.2
The Service Provider will ensure that the FSS COE has the correct mix of skills to be able to support both run and change support for FSS application users, as this team will handle BAU support requests, small and large project changes, from request through testing and post implementation support.
4.17.3
The FSS COE will provide the following service enhancements and improvements over the lifetime of the contract:
Design, deliver and implement Change Projects.
Process standardisation - implementation of templates, checklists, estimations and reports.
Update and expand the Customer’s existing governance and implementation for finance related projects.
Creation of new and enhancement of existing reusable assets.
Stabilize the application and services to improve availability.
Provide estimates and resource planning inputs for Change Projects.
Enhance test automation and testing improvements as recommended by the Testing COE.
Implement knowledge management and KEDB (being the Service Provider’s proprietary knowledge management database) enrichment.
Enhance resource demand and capacity planning.
Introduce a culture of continuous improvement for efficiency, value delivered and speed to market, including DevOps improvements as recommended by the Agile - DevOps COE.
Establish new resource on-boarding training material.
Provide run support for Minor Enhancements, and BAU
4.17.4
FSS levers to enable benefits
4.17.5
During COE setup the Service Provider will confirm with the Customer the ongoing metrics required for measurement and the timeframe required for establishing the initial benchmark/ baseline by reference to which the achievement of benefits will be measured. The Change Management governance (section 4.1 and 6) will incorporate quarterly reviews of measurement against KPI’s post benchmark agreement.





Lever
Tool or Accelerator
How the benefit will be achieved
Cost
The Service Provider over the contract lifetime will optimise the Core COE FTE headcount and transition roles from onshore to offshore in agreement with the Customer.
Offshoring resources

4.18.
Centre of Excellence - Agile -DevOps
4.18.1
The Agile - DevOps COE will be established as a global capability, with an integrated service model providing on-shore resources in both the US and UK supported by an off-shore team in India.
4.18.2
The Service Provider will provide the Customer with a specialised support, enhance and development capability for agile ways of working and DevOps implementation.
4.18.3
The Service Provider will deliver to the Customer a [***] classroom based agile immersion training course, for up to [***] delegates at a time, up to [***] times per year to provide the Customer’s product owners and proxy product owners an understanding of agile ways of working for the delivery of Change Projects.
4.18.4
The Service Provider on an ongoing basis will provide the Customer with the equivalent of 1 FTE to provide agile mentoring and coaching support for agile projects
4.18.5
This COE will provide the following service enhancements and improvements over the lifetime of the contract:
Complete an Agile-DevOps maturity assessment of the Customer’s end to end estate and propose an Agile-DevOps transformational roadmap to take the Customer from current to target state.
Orchestrate, manage and implement the agreed DevOps target state roadmap.
Design, manage and implement the following DevOps components:
Environment management and automation;
Configuration automation;
Build automation;
Deployment automation;
Release management and automation;
Release orchestration;
Feedback amplification;
Continuous integration;
Continuous delivery;
Test automation; and
Service virtualization.
Manage and implement the agreed target state agile roadmap.
Create an agile playbook for the Customer’s Change Projects which will describe repeatable artefacts and guidelines such as release and sprint calendars, agile ceremony guidelines, agile KPIs, maturity checks, governance around scrum of scrums, real time reporting templates, definition of ready, definition of done, traceability steps from requirements to production (to be configured within [***] and [***]).
On-board agile coaches to train the project teams to be able to deliver projects using agile frameworks and approaches e.g. Scrum and Safe 4.5.
Provide ongoing agile coaching, training and mentoring to the retained Customer organisation and project teams to run efficiently and according to the governance and ceremonies required for Scrum or SAFe 4.5.
Take the Annual Portfolio Roadmap and map the Change Projects taking into consideration delivery approach into value streams and produce release trains containing prioritised feature backlogs and plans.
Create and provide real time dashboards and key metrics such as burn down, team/ project velocity, defect density.
Increase the adoption of agile ways of working and Change Projects over time.
Introduce a culture of continuous improvement to continually improve Change Project efficiency, value delivered and speed to market.
Recommend and train COE’s, and project teams on the use of innovative tools, methods and processes to transform Change Projects efficiency, value delivered and speed to market.
4.18.6
Agile DevOps levers to enable benefits
During COE setup the Service Provider will confirm with the Customer the ongoing metrics required for measurement and the timeframe required for establishing the initial benchmark/ baseline by reference to which the achievement of benefits will be measured. The Change Management governance (section 4.1 and 6) will incorporate quarterly reviews




of measurement against KPI’s post benchmark agreement once the Agile - DevOps COE provides guidance for new projects to adhere to, to deliver expected Agile - DevOps benefits.
Lever
Tool or Accelerator
How the benefit will be achieved
Cost
Offshoring Resources - The Service Provider over the contract lifetime will optimise the Core COE FTE headcount and transition roles from on-shore to off-shore in agreement with the Customer.
Off-shoring resources
Reduction in FTE headcount
Speed
[***]
[***]
Quality
[***]
[***]

* External Tool recommended. To achieve the benefit via the tool, licenses will need to be made available to the Service Provider by the Customer. The costs of this will be considered as part of any business case for a Change Project.
4.19.
Centre of Excellence - Testing
4.19.1
The Testing COE will be established as a global capability, with an integrated service model providing on-shore resources in both the US and UK supported by an off-shore team in India.
4.19.2
The Service Provider will provide the Customer with a specialised support, enhance and development capability for testing.
4.19.3
This COE will provide the following service enhancements and improvements over the lifetime of the contract:
Design test cases across the different testing life cycle phases including both functional and non-functional testing;
COE Testing team will provide resource for all Minor Enhancements from all areas and in particular Applications, N-1, maintenance and DR testing
Optimise test execution through risk based testing techniques;
Maximise sprint level testing and ensure that release wide regression is optimised through shift left levers like early automation, early performance testing, etc.;
Publish an automation roadmap with automation first approach based on business critical applications and frequency of change;
Enhance regression automation for web-based applications leveraging capability that the Services Provider team has already built;
Build and continuously maintain and upgrade automation packs based on changes to applications/ business processes;
Provide data management support for the Customers UAT/model office phase for Change Projects.
Design and implement test data governance and strategies;
Work with the Customer to define and agree the future state the overarching test strategy for the Customer as a standard to be followed by application for each small or large Change Project;
For each Change Project provide a detailed test approach and strategy based on the Customer’s risk appetite. The project specific test strategy will be included within the Work Request or SOW.
Provide estimates and resource planning inputs for Change Projects. Larger projects often fund this from additional resource but should follow the framework and processes defined in this area;
Deploy relevant technology (Guidewire-Claimcenter, Duck Creek) testing capabilities to carry out static testing, engaging with the business team. The Service Provider will extend on the harnesses already built for Duck Creek and Guidewire-Claimcenter;
Enhance resource demand and capacity planning; and
The Testing COE is responsible for providing the test assurance across the Duck Creek, Guidewire-Claimcenter and Data COEs.
4.19.4
Testing levers to enable benefits
During COE setup the Service Provider will confirm with the Customer the ongoing metrics required for measurement and the timeframe required for establishing the initial benchmark/ baseline by reference to which the achievement of benefits will be measured. The Change Management governance (section 4.1 and 6) will incorporate quarterly reviews of measurement against KPI’s post benchmark agreement.




Lever
Tool or Accelerator
How the benefits will be achieved
Cost
Off-shoring Resources - The Service Provider over the contract lifetime will optimise the Core COE FTE headcount and transition roles from on-shore to off-shore in agreement with the Customer.
Offshoring resources
Reduction in FTE headcount
Speed
[***]
[***]
Quality
[***]
[***]

* External Tool recommended. To achieve the benefit via the tool, licenses will need to be made available to the Service Provider by the Customer. The costs of this will be considered as part of any business case for a Change Project.
4.20.
Centre of Excellence - Guidewire-Claimcenter
4.20.1.
The Guidewire-Claimcenter COE will be established as a global capability, with an integrated service model providing on-shore resources in both the US and UK supported by an off-shore team in India. The COE will employ a cross time-zone working model to co-ordinate development and support activities across the teams.
4.20.2.
The COE will provide access to a global team of Guidewire-Claimcenter resources across consulting, implementation and support expertise. Change Management Services and Run Services will be delivered using Service Provider’s ‘Transform while Perform’ methodology to deliver performance and efficiency improvements against specified goals to aid the Customer in releasing budget to support development of new capabilities and functionality.
4.20.3.
To optimise resource use efficiency, the COE will use Service Provider’s release demand capacity framework to match demand and capacity across the Core and Flex teams. The framework analyses historical demand and effort data, demand variability and capacity planning metrics to build forward demand projections.
4.20.4.
The Service Provider Guidewire-Claimcenter Academy ensures that COE associates have access to consistent product, insurance and implementation training. The COE teams also have access to the Service Provider’s Guidewire-Claimcenter Global Knowledge Management Framework which captures and shares experience, solutions and accelerators across Guidewire-Claimcenter teams to improve team effectiveness and efficiency in resolving issues.
4.20.5.
The Guidewire-Claimcenter COE Lab provides an innovation hub across the entire Guidewire-Claimcenter “Ecosystem”. The Lab supports COE teams to accelerate delivery by building solution accelerators as well as re-skilling and cross-skilling associates. The Lab infrastructure will also be available to build joint proof-of-concepts with Customer to develop supporting business cases for extended Guidewire-Claimcenter use cases using emerging digital technologies.
4.20.6.
The Service Provider will provide the Customer with a specialised support, enhancement and development capability for their Guidewire-Claimcenter solution.
4.20.7.
This COE will provide the following service enhancements and improvements over the lifetime of the contract:
Design, deliver and implement (incl. integration within Duck Creek or ABS to external applications, data sources) Change Projects.
Process standardisation - implementation of templates, checklists, estimations and reports;
Update and expand the Customer’s existing governance and implementation for new products;
Create new and enhance existing reusable assets;
Enhance test automation and testing improvements as recommended by the Testing COE.
Recommend and implement the Service Provider’s tools and accelerators;
Introduce a culture of continuous improvement for efficiency, value delivered and speed to market, including DevOps improvements as recommended by the Agile - DevOps COE;
Implement knowledge management and KEDB enrichment;
Provide estimates and resource planning inputs for Change Projects;
Improve resource demand and capacity planning;
Establish new resource on-boarding training material; and
Provide run support for Minor Enhancements, and BAU support





4.20.8.
Guidewire-Claimcenter COE levers to enable benefits
During COE setup the Service Provider will confirm with the Customer the ongoing metrics required for measurement and the timeframe required for establishing the initial benchmark/ baseline by reference to which the achievement of benefits will be measured. The Change Management governance (section 4.1 and 6) will incorporate quarterly reviews of measurement against KPI’s post benchmark agreement.
Lever
Tool or Accelerator
How the benefit will be achieved
Cost
The Service Provider over the contract lifetime will optimise the Core COE FTE headcount and transition roles from on-shore to off-shore in agreement with the Customer.
Offshoring resources
Reduction in FTE headcount
Speed
[***]
[***]
Quality
[***]
[***]

4.21.
Overall levers to enable benefits
During COE setup the Service Provider will confirm with the Customer the ongoing metrics required for measurement and the timeframe required for establishing the initial benchmark/ baseline by reference to which the achievement of benefits will be measured. The Change Management governance (section 4.1 and 6) will incorporate quarterly reviews of measurement against KPI’s post benchmark agreement.
Lever
Date for improvement
How the benefit is achieved
Cost
Service Commencement Date
Service Provider to TUPE Customer identified resources at agreed Service Commencement Date per COE to achieve initial staff cost savings
Service Provider to novate Customer identified critical contractors at agreed Service Commencement Dates per COE
Cost
Contract Lifetime
Off-shoring - The Service Provider over the contract lifetime will optimise the Core COE FTE headcount and transition roles from on-shore to off-shore in agreement with the Customer.
Reduction in FTE headcount
COE specific speed and quality
Contract Lifetime
The Service Provider will provide improved delivery efficiency for Change Projects being delivered via the Duck Creek, Guidewire-Claimcenter, Data, FSS, Infra & Security and Business Applications COE’s of [***] % across the duration of the contract via the introduction and use of COE specific tools, accelerators and frameworks.

The Service Provider will via the Testing COE extend testing automation across the software development lifecycle for Change Projects leading to a [***] % effort reduction via the successful implementation of automation & tools, continuous improvement, quality engineering and operationg models.


4.21.1
Each year following the first contract anniversary, each COE team will demonstrate [***]% savings based upon automation / velocity improvements across deliveries within each applicable COE by reference to the initial benchmark/ baseline metrics agreed between the Parties when each applicable COE is established. The Parties agree that this obligation will only apply if the Core team size of a COE is [***].
4.21.2
The Service Provider will confirm continuous improvement ideas each year with the expected costs, timing and level of benefits to be attained for each idea. These ideas are to be discussed and agreed with the Customer, and then scheduled in as a portfolio Change Project for the relevant COE. Then at the end of each




quarter the Change Management Services team will provide an update on the benefits produced by the team in FTE savings, and soft benefits per comparable work load on old and new basis.
4.21.3
Evidencing velocity and continuous improvement - The Service Provider shall collate data points for Change Projects and Minor Enhancements over a 12-month period using [***] to be able to measure DevOps performance in correlation with business metrics.

4.22.
Innovation
4.22.1
This section describes the establishment of the Service Provider-Customer innovation fund (the “Innovation Pool”), the Innovation Pool objectives, and the Innovation Pool management process.  This framework facilitates a collaborative relationship based on joint identification of innovative ideas, converting and executing the ideas as projects and implementing the projects for long-term benefits.
4.22.2
The intention of the Innovation Pool is to provide $[***] credit for projects each Contract Year, as set out in paragraphs 21.1-21.4 of Schedule 10 to support identified Innovation Projects, as per the service description set out below. The Customer, with agreement of the Service Provider, will be permitted to roll-over any unused allocation of credit into the following contract year, as further described in Schedule 10, paragraph 21.1.5.
4.22.3
Pool Objectives - The Innovation Pool’s objectives are to:
Encourage, infuse and pursue creative ideas and approaches to bring improvements in working practices and services to the Customer;
Transforming ideas into business results that deliver value to both the Customer and the Service Provider;
Continuous improvement to tap into ‘faster-better-cheaper’ execution of delivery operations and customer services; and
Innovation group for Customer programs that harnesses the creativity of our teams aligned to Customer’s needs, and leverages off Service Provider’s domain and technology assets as agreed by the Parties.
4.22.4
Innovation Pool governance, project criteria & progress reporting - The governance for the Innovation Pool will comprise of the Customer Chief Technology Officer and Service Provider CIO / Head of Change. Within 60 days after the Effective Date of this Contract, the Customer and Service Provider governance personnel will meet and jointly establish an appropriate governance structure for the Innovation Pool that is mutually agreeable and reporting will be to the Steering Committee.
4.22.5
Any innovation suggestion that could have a mutual gain for both the Service Provider and the Customer will be presented at ITO Steering Board for consideration and approval. 
4.22.6
On establishing the governance team structure, the identified governance team members will establish:
a)
Procedure for identifying ideas and opportunities for proposal to consider as innovation.
b)
Procedure and criterion for approval of such idea / opportunities as innovation to be undertaken as projects under this Innovation Pool.
c)
Process and procedure for tracking, reporting and success criteria for management of such projects.
d)
Reporting of utilisation of funds by project, by month detailing the expenditure by role, activities/tasks and any third party expenditure (e.g. tools)
e)
The below table describes the roles and responsibilities of the Innovation Pool governance team. The other roles and responsibilities will be identified and agreed as outcome of the governance team structure meeting pursuant to section 4.22.4 above:

Role
Responsibilities
Customer Innovation Pool Approver
Approve the project as an Innovation Pool Project from the Customer standpoint.
Maintain the Pool details and apportion the Innovation Pool against the projects to be covered under the Innovation Pool.
Communicate to project stakeholders on the Innovation Pool allocated.
Service Provider Innovation Approver
Agree and approve the Innovation Pool along with the Customer Innovation Pool Approver.

4.22.7
[***] - The Service Provider will deliver [***] per year on behalf of the Customer to engage the Customer’s business community on how technology can transform the Customer’s business and products. [***] then the Parties shall agree travel expenses to support this. This innovation [***] will not utilise the funds from the Innovation Pool.




4.22.8
Ahead of the event, the Service Provider will provide a list of possible technologies for presentation and demonstration at the event. The Customer will agree with the Service Provider which technologies are most suitable for demonstration and will form the basis of the [***]. The provision of the technologies options and the agreement of which technologies are suitable will be done within a reasonable timescale that allows the Service Provider to prepare the demonstrations.
4.22.9
The [***] will take place over a single day on the Customer’s premises, or the Service Provider’s London “Collabatory” if requested. The event will consist of stalls staffed by Service Provider resources who will be able to demonstrate and discuss the proposed technologies and also the potential business benefits and use cases when applied to specific Customer business examples.
4.22.10
The Customer will be responsible for promoting the event internally and encouraging and motivating staff to attend the event. Following the innovation event, the Innovation Pool governance team will collate and assess feedback from the Customer’s event attendees as input to the identification of future Innovation Pool Projects.

4.23.
Service Introduction
4.23.1
For all services being introduced into production, the Service Provider is responsible for transitioning the service and providing documentation, knowledge transfer and warranty support from the Change team to the application management support team (run team).
4.23.2
Each Service Provider delivered Change Project when sized and priced, will include the costs and timelines required to complete the service transition.
4.23.3
The Service Provider Change team will provide the resources required to provide knowledge transfer and warranty support.
4.23.4
The Service Provider will provide application management (run resources) to be able to accept the service change and support the knowledge transfer and warranty support process by reverse shadowing the Change team.
4.23.5
The Service Providers Change team will create and agree the service introduction plan with the application management support team.
4.23.6
For each service introduction the Service Provider will complete the Customer’s Service Transaction Operational Acceptance Document (STOAD) and Production Acceptance Document (PAD) for deployment approval and submit it to the Change Approval Board.
4.23.7
For each service being introduced, the Service Provider’s Change team will provide the application management support team with details of the Change size, technical platform, skillset required to provide ongoing support (to determine whether the existing team can support the Change or whether the support team needs to upskill), service introduction plan, Change project exit report, Customer approved STOAD and PAD (outputs of the Change Approval Board).

5.
Charging

5.1.
The Service Provider will charge for Change Projects based on project / change size as detailed in the table below:
Type
Size
Charging Mechanism
Minor Enhancement
[***]
[***]
Small Project
[***]
[***]
Large Project
[***]
[***]

5.2.
The Service Provider, for each new Change Project assigned to them, will complete and submit either a Work Request or SOW for Customer approval. Within the Work Request and SOW, the Service Provider will recommend a delivery approach and charging mechanism as described in Schedule 10 (Pricebook, Charges and Invoicing) Appendix 10-C.
5.3.
Under no circumstance can a project be broken down into smaller components or work to avoid entering into an SOW. If the forecast Service Provider spend of an end to end project is greater than $[***], then an SOW must be agreed between the Parties.





6.
Governance

6.1
Service Provider’s PMO function
6.1.1
The Service Provider will establish a PMO function which will support day to day operational running of the Agreement between the Service Provider and the Customer. The PMO function will be established as a global capability, with an integrated service model providing on-shore resources in the UK supported by an off-shore team in India.
6.1.2
The Service Provider’s PMO function will collaborate with and support the Customer’s existing EPMO function where appropriate.
6.1.3
The Service Provider’s PMO function will provide the Customer with the following capabilities and support:
Service Provider Reporting - responsible for collating and distributing to appropriate stakeholders, reports and other inputs required to support the governance groups and meetings as described in Schedule 12 (Governance and Service Management);
Communication facilitation for team wide (transformation, transition, run and change team) communications for the Service Provider and / or the Customer which are required to execute the successful delivery of the Agreement;
Where the Service Provider attends a governance meeting with the Customer - the taking and distribution of minutes and actions to support the governance groups and meetings as described in Schedule 12 (Governance and Service Management);
Facilitating, collating and communication of the financial management reporting, invoices and Charges to the Customer;
Support the Customer’s existing EPMO function and provide suggestions for ongoing continuous improvement; and
Managing and fulfilling of Service Provider resource demand requests.

6.2
Individual Project Boards
6.2.1
For Large Projects, the Service Provider will establish a Project Board per approved Change Project.
6.2.2
The individual Project Boards will deal with the ‘day to day’ delivery monitoring, management and will formally report on a weekly basis on progress against the plan using a template agreed with the Customer. The individual Change Authority will be the mechanism used as the first level of problem solving resolution for a Change Project.
6.2.3
Each individual Project Board is expected to have a brief weekly meeting (approx. 30 mins to be scheduled by the Service Provider’s project manager) to walk through, discuss and review progress against plan, change and any open actions, issues, risks or dependencies. The quorum of attendees for each individual Project Board would be expected to be (but not limited to) following:
6.2.4
Customer business owner or proxy business owner /technical sponsor;
6.2.5
Service Provider project manager (or appropriate delivery lead depending on chosen delivery methodology);
6.2.6
Service Provider’s Delivery Lead offshore; and
6.2.7
Service Provider ITO / Head of Change.
6.2.8
The Service Provider’s Project Manager (or appropriate Delivery Lead) will be responsible for drafting and submitting (via the Service Provider’s PMO) all appropriate inputs to the ITO Delivery Board for their respective Change Project.

6.3
ITO Delivery Board
6.3.1
As described in Schedule 12 (Governance and Service Management) section 4, the Service Provider will actively prepare, participate and support the Customer with regards to the monthly ITO Delivery Board.
6.3.2
The Service Provider will provide the Customer’s EPMO and any other agreed stakeholders with the agreed reporting information as an input to the ITO Delivery Board within five (5) Business Days of the meeting taking place.
6.3.3
The Service Provider will provide PMO support to facilitate the meeting and to take and distribute minutes and actions following the meeting itself.
6.3.4
The Customer will schedule/ diarise the ITO Delivery Board meetings and share the dates with the Service Provider.
6.3.5
The purpose of the ITO Delivery Board will be to consider the following agenda items:
Review previous actions;
Review performance by the Service Provider against the Performance Standards - including a review of the Service Level Reports and Weekly SL Reports;
Discuss ongoing continuous improvements and innovation;
Review each Service Tower’s end-to-end performance dashboard reports;




Review of Forecast Volumes and firm volumes;
Review Service capacity & demand;
Charges & invoicing;
Transition progress and impact on the day to day Run Services;
Change Requests (outstanding, implemented, proposed);
Security;
Tooling; and
Change Issue, Risk and Dependency management.

6.4
Change Authority (CAB, EAB, IAB)
6.4.1
The Customer operates 3 Change Authorities, the Enterprise Architecture Board; Infrastructure Architecture Board and Change Advisory Board, the purpose of which are described in Schedule 12 (Governance and Service Management) paragraph 6.2.
6.4.2
Where the Service Provider submits a proposal to any of the Change Authorities, the Customer will either respond with feedback or approve within 3 (three) Business Days for a Minor Enhancement, 5 (five) Business Days for a Small Project and 10 (ten) working days for a Large Project.
6.4.3
The Service Provider will submit to and attend the Customer’s Enterprise Architecture Board, to present any Change Project design solution (functional, technical, data, infrastructure) which may materially change the Customer’s existing enterprise architecture estate for approval.
6.4.4
The Service Provider will submit to and attend the Customer’s Infrastructure Architecture Board to present any new, additional or decommissioning of hardware or environment requests needed to support a Change Project for approval.
6.4.5
At the Effective Date, the Customer will provide the Service Provider with its architecture, software, data and coding standards and guidelines which the Service Provider will include within its Change Project delivery process. The Service Provider will agree with the Customer a set of reports which can be used to monitor ongoing adherence to the guidelines and standards.
6.4.6
The Customer’s Change Advisory Board is responsible for the delivery of a product which needs to be deployed into production. As part of completing the service introduction process, the Service Provider will attend the Board to present a completed Service Transaction Operational Acceptance Document (STOAD) and Production Acceptance Document for deployment approval (PAD) for approval.

6.5
Change Requests
6.5.1
Any change to the Change Management scope or services is to be managed as a Change Request.
6.5.2
Should a Change Project need to be altered from the terms agreed in the SOW or Work Request, then this will be managed as a Change Request. The Parties expect that each SOW or Work Request will include an allowable level of change without the need for a Change Request.
6.5.3
All Change Requests will use the template as detailed in Schedule 13 (Contract Change Control Procedure) Appendix 1.
6.5.4
The Service Provider will maintain an audit trail of all presented Change Requests and their status.

6.6
The Service Provider will collate and analyse data points across a rolling 12-month period to recommend to the Customer new and additional KPI’s to measure, for example:
Cycle/lead times - time from Project Brief into production;
Wait time at each software development stage gate;
Build success rate - frequency of broken builds;
Defect density;
Defects - leakage, fix effort, static code analysis, deferred defects;
Team velocity across sprints for agile projects;
Backlog readiness;
% of changes in production as part of backlog progress;
Fewer production delivered defects;
Test automation coverage;
Time elapsed between deployments;
Change fail rates; and
Control pass/fail events at stage gates.





7.
Appendices
Appendix A - [***]




Appendix B - SOW and Work Request

These are set out in Schedule 20 of the Agreement.








Appendix C - Indicative Core team (as detailed in BAFO Pricebook Change Tab)


Please refer to Schedule 10 (Pricebook, Charges and Invoicing) Appendices 10-A, 10-G and 10-I.






SCHEDULE 2 ANNEX 6
NETWORK MANAGEMENT SERVICES

1.Network Management Services Overview and Objectives    3
1.1Network Management Services Overview    3
1.2Service Objectives    3
2.Service Definitions    4
2.1Network Monitoring Services    4
2.2Level 2 / Level 3 Support    4
2.3WAN services    5
2.4LAN services    6
2.5Unified Communications services    6
2.63rd Party Support Services    6
2.7Network Change Services    6
3.Service Descriptions    7
3.1General Responsibilities    7
3.2Network Monitoring Services    8
3.3LAN Services    9
3.4WAN Services    9
3.5Unified Communications Services    10
3.63rd Party Support Services    10
3.7Network Change Services    10
4.Service Environment    11
4.1Operating Model    11
4.2Service Priority    11
4.3Resource Roles and Skillset    11
4.4Support Timings    12
5.Tools    12
6.Pricing    12
7.Reporting    12
8.Governance and Escalation    12
9.Business Continuity and DR    13
10.Appendix    13
10.1List of Appendices    13
10.2Network Topology    13




10.3Network Circuits    13









SCHEDULE 2 ANNEX 6

NETWORK MANAGEMENT SERVICES


1.
Network Management Services Overview and Objectives
1.1
Network Management Services Overview
This Annex 6 (Network Management Services) to Schedule 2 (Service Descriptions) sets forth the roles and responsibilities of the Parties for the Network Management Services provided by the Service Provider under this Agreement as part of the Services. Network Management Services are the Services and activities, as further detailed in this Annex, required to provide and support the Customer’s Network environment that transports data traffic related to the Customer and its third party users and applications (e.g. financial and business applications, web applications, video and associated video applications, and IP/VOIP telephony system traffic, where applicable).

The scope of services provided here includes:

Network Monitoring services including but not limited to;
o
All core switches (high-end / mid-range / low-end including stacks)
o
Load balancer
o
Core router ((high-end / mid-range / low-end)
o
Network link manager
o
Network hardware maintenance including but not limited to;
o
Unified Communications core platform
o
Unified Communications conference platform
o
Unified Communications SIP routers
o
Unified Communications ISDN routers
o
Wireless access points
o
Virtual Private Networks (VPN) concentrator
o
Tacacs auth
o
WAN acceleration
Level 2 and Level 3 support;
WAN services;
LAN services;
Unified Communications services;
3rd party support services; and
Network change services.

The Service Provider shall ensure the Network Management Services shall comply with the Customer’s service management policies, processes and procedures as prescribed by the Customer (e.g. Incident and Problem management, configuration management, change management, release management, asset management).

In addition to the Services described in this Annex, the Service Provider is responsible for providing the Common Services described in Schedule 2 Annex 1 (Common Services).

Throughout the Term, the Service Provider shall ensure the Network Management Services shall meet the Customer’s changing business, regulatory and technical requirements.

1.2
Service Objectives
The Service Provider shall provide the following services in scope in accordance with the Customer Standards and Policies as defined in Schedule 6 (Standards and Policies). The scope of support provided is detailed in the roles and responsibilities Service Descriptions section of this schedule.




The Service Provider shall, in its provision of the Network Management Services:
Deliver a risk-mitigated transition aimed at zero disruption to business;
o
Schedule 8 (Transition and Transformation) sets out the transition plan for this service;
Maintain Network availability and stability;
[***];
Create and maintain an effective Knowledgebase [***];
Drive year-on-year cost optimisation by implementing Continual Service Improvements (CSI);
Establish a Target Operating Model providing Level 2 / Level 3 support; and
Set up a Service Management Office (SMO) with the following key objectives:
o
Management of all in-scope Network elements and other Third Party Providers in the Customer ecosystem;
o
Perform periodic analytics of ticket data to come up with operational improvements; and
o
Ensuring, tracking and reporting of CSI implementation.

2.
Service Definitions
2.1
Network Monitoring Services
The Service Provider shall provide 24x7 monitoring and management for the Customer’s Network environment, including:
Wide Area Networks (WAN);
Wired and wireless local area networks (LANs);
Datacentre Local Area Network services;
Internet connectivity services;
Metropolitan Area Networks (MAN);
Third Party connectivity (e.g. VPN); and
IP telephony and Unified Communications infrastructure.

The Service Provider shall also provide Incident, Change, Problem, Capacity, monitoring operation on Customer hosted or subscribed datacentres; remote site networks or Wide Area Networks.

2.2
Level 2 / Level 3 Support
Level 2 Support – shall provide incident resolution and fulfilment services for issues / requests escalated by the Level 1.5 Service Desk. The primary objective will be to ensure stability of the operations environment and associated business processes over and above the availability of the Customer’s network infrastructure. All issues requiring specialist help will be escalated to the Level 3 support.
Level 3 Support – shall resolve complex unknown incidents and perform proactive trend analysis to identify the bottlenecks within this Service area (root cause of recurring incidents, availability and performance issues) and implement permanent fixes in consultation with the Customer. The primary objective will be to perform preventative maintenance, break fix support and enhancements to the systems as needed.

The table below provides the activities performed by Level 1.5, Level 2 and Level 3 Support:





Support Level
In-scope activities
Service Desk –
Integrated Smart Operations (L1.5 layer)

Focus Area:
Initial triage and first level fix, Customer satisfaction, collaboration with L2/L3 teams to identify owner of incidents and closure thereof, as well as batch / environment monitoring
    All activities described under Section 2.1 of Schedule 2 Annex 3 (Operations and Service Delivery Services) will be provided by the Service Desk.
Level 2
 
Focus Area:
Service restoration, provide emergency fixes, corrective maintenance, Network stability and availability
This group shall be responsible for the below services:
o    Business Day support;
o    On-call support outside business hours and on weekends through a team based On-Site and Offshore;
o    Major/high priority Incident resolution;
o    Incidents, Problems, changes, queries;
o    KEDB enrichment;
o    Implementing Continual Service Improvements (CSI);
o    Coordination with 3rd party OEMs for issue resolution; and
o    Provide Network Change Services within guidelines described in Section 2.7.
Level 3

Focus Area:
Network reliability and resilience, Network change and efficiency enhancements
This group shall resolve complex unknown incidents escalated by the Service Desk and the Level 2 teams. The services performed by this group include:
o    Business Day support;
o    On-call support outside business hours and weekends provided by On-Site and Offshore team;
o    Incident Management - bug fixes and complex issues;
o    Ad-hoc Service Request;
o    Problem Management – root cause analysis, proactive problem management;
o    Implementing Continual Service Improvements (CSI);
o    Coordination with 3rd party OEMs for issue resolution; and
o    Provide Network change services within guidelines described in Section 2.7.


2.3
WAN services
The Service Provider shall be responsible for monitoring and coordinating with the Customer’s 3rd party contractors as described for incident resolution, RCA and change.

The Service Provider shall:

Act as a single point of contact for the management and administration of the Customer Network;
Provide L1.5, L2 and L3 systems support for the Customer's Wide Area Network (WAN) environment that includes: Switches, Routers and WAN accelerators.
Support, manage and operate to support all of the required protocols in accordance with the Customer Standards and Policies;
Comply with the requirements for WAN optimisation services, including devices and technologies intended to improve Application performance through but not limited to duplication, compression, caching, protocol




spoofing, traffic shaping, equalisation / load balancing, connection or rate limits, etc. as contained in the Customer Standards and Policies;
Develop and implement approved Network strategies in support of the Customer's objectives;
Monitor the compliance of all 3rd party vendors with any Service Levels, or contractual commitments contained in any agreement between the Customer and 3rd party vendors; and
Coordinate with all 3rd party vendors for resolution of all Incident, Problem and Change tickets as per OLAs existing between the Customer and 3rd party vendors.


2.4
LAN services
The Service Provider shall:

Act as a single point of contact for the management and administration of the Network;
Provide L1.5, L2 and L3 systems support for the Customer's wireless and wired LAN Environment that includes, switches, routers, access points, load balancers;
Manage security systems (for example, authentication servers) associated with wireless and wired LAN Systems;
Support Network protocols according to then-current architecture, including the provision of Virtual Local Area Networks (VLANs) and Access Control Lists (ACLs) for security and performance;
Support, manage and operate to support all of the required protocols in accordance with the Customer Standards and Policies;
Develop and implement approved Network strategies in support of the Customer's objectives;
Monitor the compliance of all 3rd party vendors with any Service Levels, or contractual commitments contained in any agreement between the Customer and 3rd party vendors; and
Coordinate with all 3rd party vendors for resolution of all Incident, Problem and Change tickets as per OLAs existing between the Customer and 3rd party vendors.


2.5
Unified Communications services
The Service Provider shall:

Act as a single point of contact for the management and administration of the Customer’s Unified Communications systems;
Provide L1.5, L2 and L3 support for all in-scope Unified Communications (UC) systems, including UC core platform, UC conference platform, UC SIP routers, UC ISDN routers, authentication systems as applicable;
Perform On-Site support for operations as required to meet the Service Levels where remote operations are not technically and/or economically feasible;
Manage, maintain, and communicate additions, changes, and deletions to the Customer voice and video Network;
Remotely monitor alarms sent by any Customer phone system, perform emergency and routine service in response to critical and non-critical Incidents;
Program network-wide configuration features, such as special digits, routing, trunking, and system speed; and
Coordinate with all 3rd party vendors for resolution of all Incident, Problem and Change tickets as per OLAs existing between the Customer and 3rd party vendors.

2.6
3rd Party Support Services
The Service Provider shall:

Provide technical support and coordinate with the Customer and other service providers that are providing 3rd party services for the supported scope of activities;
Provide current technical and operational documentation;
Participate in operations reviews with the Customer and relevant 3rd parties at the agreed upon frequency;
Support migration of changes into production;




Notification/escalation to appropriate 3rd Party when any supported scope element is negatively impacted due to 3rd Party changes; and
Coordinate and document incident and problem resolution.


2.7
Network Change Services
Please refer to Section 2.4 of Schedule 2 Annex 1 (Common Services) for details on the Network Change Services description.
 

3.
Service Descriptions
The following sections and tables throughout this Annex identify the Network Management Services roles and responsibilities that the Service Provider and the Customer shall perform. The Service Provider undertakes to perform its roles and responsibilities set out in this Annex and agrees that performing them forms part of the Services mentioned in this Annex. The Service Provider’s responsibilities are indicated in the column labelled “Service Provider”. The Customer’s responsibilities are indicated in the column labelled “Customer”. The tasks listed in such tables are not exclusive, and do not identify or define every process, activity or task to be performed by the Service Provider as a contracted function under this Annex.

The Service Provider shall follow the definitions below for the roles and responsibilities defined for all Network Management Services:
RACI Matrix

Responsible
Accountable
Consulted
Informed
Responsible and Accountable
Consulted and
Informed
R
A
C
I
R,A
C,I

Please refer to Schedule 2 Annex 1 (Common Services) that sets forth the roles and responsibilities of the following services:

Incident Management;
Major Incident Management;
Problem Management;
Change Management;
Service Request Fulfilment; and
Continual Service Improvements (CSI).

3.1
General Responsibilities
General Responsibilities for the services included within the scope of this schedule are:
24x7 Monitoring of Network LAN, WAN and Unified Communications;
Liaison with Customer and 3rd parties in the Customer vendor ecosystem to resolve all incidents and Service Requests within the Customer ecosystem;
Root cause analysis (RCA)and Problem Management;
Tools administration; and
Administrative tasks required for backups and regulatory compliance as defined by the Customer’s Standards and Policies.







The following table identifies general Network Management Services roles and responsibilities that the Service Provider and the Customer shall perform:

Network Management Service General Roles and Responsibilities
Service Provider
Customer
1.    Performing all L1.5, L2 and L3 activities (as per Scope of Work) associated with delivering Network Management Services.
R,A
I
2.    Manage and maintain the in-scope equipment for specified Customer Service Locations and datacentres.
R,A
I
3.    Acting as a single point of contact for the management and administration of the Network.
R,A
I
4.    Proactively supply the Customer with optimisation and tuning recommendations.
R,A
I
5.    Coordinate with the Customer and its 3rd parties (e.g. Hardware / Software suppliers, carriers, service providers) to meet the Performance Standards.
R,A
C,I
6.    Coordinate with the Customer’s Third Party Providers for Incident resolution and to collect and report on network availability and performance to the End Users (e.g. WAN/LAN network providers, security service providers, vendor-specific support providers) as per Schedule 3 (Service Levels and Service Credits).
R,A
C,I
7.    Providing End Users with technical support and advice regarding the proper use and functionality of Network Services.
R,A
C,I
8.    Monitoring the compliance of all 3rd party vendors with any Service Levels, or contractual commitments contained in any agreement between the Customer and 3rd party vendors.
I
R,A
9.    Support and maintenance for all Service Request(s) related to datacentre core switches, LAN access switches, ADM, load balancers, LAN management within Public Cloud and SDN.
R,A
I
10.    Procurement of devices.
C,I
R,A
11.    Provisioning services for new / procured devices and coordination with the Customer’s hands & feet services within the Customer’s datacentre facilities for installation.
R,A
C,I
12.    Administration activities required to keep the Network estate current and patched as per agreed Customer Standards and Policies.
R,A
C,I
 

3.2
Network Monitoring Services
Network Monitoring Services - Roles and Responsibilities
Service Provider
Customer
1.    Provide 24x7 monitoring of all devices including availability, utilisation, performance and capacity, and restoration of service within agreed levels of service subject to the agreed support hours
R,A
I
2.    Put in place appropriate manual arrangements where automated monitoring, alerts and events cannot be configured
R,A
C,I
3.    Prepare documentation of known errors and KEDB
R,A
C,I


3.3
LAN Services





LAN Services - Operations and Administration Roles and Responsibilities
Service Provider
Customer
1.    Contract LAN structured cabling for new locations.
C,I
R,A
2.    Provide Third Party Provider management support for new projects / agreed changes.
R,A
C,I
3.    Develop network administration policies and procedures that comply with the Customer’s security requirement as specified in security standards, as agreed by the parties during transition.
R,A
C,I
4.    Approve administration policies and procedures.
C,I
R,A
5.    Support Network protocols according to then-current architecture, including the provision of Virtual Local Area Networks (VLANs) and Access Control Lists (ACLs) for security and performance.
R,A
C,I
6.    Provide LAN based support for all systems such as video, VoIP.
R,A
I
7.    Proactive system health check.
R,A
I
 
3.4
WAN Services
WAN Services Operations and Administration Roles and Responsibilities
Service Provider
Customer
1.    Incident / Problem / Change Management of WAN services.
R,A
C,I
2.    Contract WAN connectivity for all sites.
C,I
A
3.    Govern and manage Installation of WAN circuits contracted by the Customer through 3rd parties.
R,A
C,I
4.    Support, manage and operate to support all of the required protocols in accordance with the Customer Policies.
R,A
I
5.    Provide hands & feet support / access to the Service Provider or 3rd party resources to the Customer provided facilities.
I
R
6.    Provide On-Site support at Customer sites.
R,A
C,I

3.5
Unified Communications Services
 Unified Communications Services Operations and Administration Roles and Responsibilities
Service Provider
Customer
1.    Perform day-to-day Unified Communications Services operations and administration.
R,A
I
2.    Business Hours IP telephony device monitoring and support.
R,A
I
3.    Troubleshooting for Unified Communications support issues.
R,A
C,I
4.    Co-ordination with the Customer contracted 3rd party vendors for On-Site break fix activities.
R,A
C,I
5.    Root cause analysis for communication manager issues.
R,A
I
6.    Troubleshoot voice mail/CTI integration/LDAP synchronisation.
R,A
I
 
3.6
3rd Party Support Services




Management of 3rd Party IT Providers Responsibilities
Service Provider
Customer
1.    Management of 3rd party support and maintenance and licence agreements.
R,A
C,I
2.    Ownership of 3rd party licenses, agreement and contracts.
I
R,A
3.    Proactively monitor 3rd party supplied equipment and report to the Customer any issues or risks.
R,A
I
4.    Maintain, adhere to and provide recommendations on operational level agreements and relationships with the 3rd party IT providers.
R,A
C,I
5.    Review, approve and revise operational level agreements with the 3rd party IT providers.
I
R,A
6.    Incident triaging with 3rd party supplier for resolution of all Incidents, Problem and Change tickets.
R,A
I

3.7
Network Change Services
Network Change Services
Service Provider
Customer
1.    Carry out feasibility, impact analysis, development and documentation of approved Network changes.
R,A
C,I
2.    Provide a breakdown of the estimated effort and time to complete changes in accordance with the process described in Section 2.7.
R,A
I
3.    Perform appropriate testing of approved changes post deployment.
R,A
I
4.    Prioritisation of changes based on business criticality.
R,A
C,I
5.    Conduct review of deliverables before production deployment.
R,A
C,I
6.    Business confirmation and sign-off.
I
R,A

4.
Service Environment
4.1
Operating Model
Schedule 2 Annex 1 (Common Services) sets out the definition of the operating model.

For, Schedule 2 Annex 3 (Operations and Service Delivery Services) sets out L1.5 support and the roles and responsibilities of the Service Desk.

Services shall be delivered from the Service Provider’s delivery location in India and from the Customer’s location in London, UK and Glasgow, UK.

The Service Provider shall establish an ITIL based tiered support model including L1.5, L2 and L3 services.

The Service Provider shall establish an integrated L1.5 Service Desk for the network, infrastructure and application related incidents and service request. This team will attempt resolution based on documented procedures / Standard Operating Procedures being agreed upon with the Customer on an ongoing basis. If the L1.5 team is unable to resolve the incident, the incident will be escalated to the Level 2 support team.





Level 2 Support, shall be responsible for providing resolution to escalated issues in addition to providing routine system administration activities.

Level 3 Support, shall be responsible for providing Problem Management and root cause analysis activities and interfacing with the Customer retained team. The Level 3 support team shall also support the resolution team for any escalated issues.

The Level 1.5, Level 2 and Level 3 support teams will coordinate with any 3rd party vendors for issue resolution as appropriate.

4.2
Service Priority
Please refer to Schedule 2 Annex 1 (Common Services) that defines the Service Priority matrix:

4.3
Resource Roles and Skillset
Resource Roles
Skillset
    Network SME
    [***]
    [***]
    [***]
    [***]
    [***]
    Senior. Network Admin
    [***]
    [***]
    [***]
    Network Admin (LAN)
    [***]
    [***]
    [***]
    [***]
    Network Admin (Unified Communication)
    [***]
    [***]
    [***]

Schedule 18 (Key Personnel) sets out the Service Provider’s lead roles in the delivery of these services.

4.4
Support Timings
Support services shall be delivered to the Customers through the Service Provider’s Onshore / Offshore delivery model. All the resources will be based at the Service Provider’s or the Customer’s offices as required:

The Service Provider On-Site resources will be based at the Customer’s offices to provide on premise Business Day support; and
The Service Lead, Network Services for this engagement will be based in the UK working from the Customer’s offices.

Maintenance coverage would be provided to cover the peak business periods occurring during week, month, Calendar Quarter and Calendar Year end.





The support coverage timings for the services are provided in Schedule 2 Annex 1 (Common Services), Section 4.5 (Support Timings).

5.
Tools
Schedule 2 Annex 1 (Common Services) sets out the definition of the Tools used for delivering these services

6.
Pricing
Schedule 10 (Pricebook, Charges and Invoicing) in paragraph 12 (Network Management Services) sets out the charges. For Network change projects that are out with the capacity set out in Schedule 2 Annex 1 (Common Services), then these are subject to paragraph 13 Change Management Services and/or by SOW.

7.
Reporting
Schedule 12 (Governance and Service Management) sets out the mechanism for operational reporting for the Services provided under the Agreement as part of the Services.

8.
Governance and Escalation
The Service Provider Service Lead shall act as the single point of contact for all Network Management Services delivery related escalations, issues and risks. The following review meetings will be held on a daily and weekly basis:

Daily Review:

Previous day’s Major incidents, critical updates, status reporting; and
Daily status summary of incidents, problems, SRs and CRs.

Weekly Review:

Items that need immediate management attention;
SLAs & KPIs statistics report discussion;
Updates on "Achievements, Trainings, Highlights, Major issues"; and
Ticket Ageing analysis.

The following will be the escalation mechanism for issues related to Network Management Services (please refer to Schedule 18 (Key Personnel)):

1st Level - Service Provider’s Run Business Lead.

2nd Level - Service Provider’s CIO for this ITO contract.

3rd Level – Service Provider’s Head of Insurance UK & Ireland.


9.
Business Continuity and DR
Please refer to Schedule 16 (Business Continuity and Disaster Recovery) that sets forth the roles and responsibilities of the Parties for the Network Management Services provided under the Agreement as part of the Services.

10.
Appendix
10.1
List of Appendices
Please see below the list of relevant appendices for this schedule




Title
Sub-Title
Appendix 2-B
Ops & Service Del. Supported Hardware
Appendix 2-E
Solution Staff Locations
Appendix 2-F
Network Topology Diagram
Appendix 3-A
KPI-SLA
Appendix 10-A
Pricebook
Appendix 10-D
Baseline Volumes
Appendix 10-I
Rate Card
Appendix 10-L
Transition Baseline Information


10.2
Network Topology
The Customer’s Network and security topology is outlined in Appendix 2-F (Network Topology Diagram).


10.3
Network Circuits
All circuits as per Appendix 10.2 are in scope for the services provided.







SCHEDULE 2 ANNEX 7
SECURITY SERVICES


1.Services Overview and Objectives    2
1.1Security Services Overview    2
1.2Service Objectives    2
1.3Services in scope    2
2.Service Definition    3
2.1[***]    3
2.2[***]    3
2.3[***]    3
2.4[***]    3
2.5Infrastructure Penetration Testing    4
2.6Security Change Services    4
2.7GDPR Compliance as Data Importer    4
3.Service Description and Roles & Responsibilities    5
3.1General Responsibilities    5
3.2[***]    6
3.3[***]    7
3.4[***]    7
3.5[***]    7
3.6Infrastructure Penetration Testing    8
3.7Security Change Services    8
4.Service Environment    8
4.1Operating Model    8
4.2Team Construct and Composition    9
4.3Support coverage    9
5.Tools    9
6.Pricing    9
7.Reporting    9
8.Governance and Escalation    9
9.Business Continuity and DR    10













SCHEDULE 2 ANNEX 7
SECURITY SERVICES

    
1.
Services Overview and Objectives
1.1
Security Services Overview
This Annex 7 (Security Services) to Schedule 2 (Service Descriptions) sets forth the roles and responsibilities of the Parties for the Security Services provided under the Agreement as part of the Services. These Security Services are the services and activities, as further detailed in this Annex, required to support the Customer’s current and future enterprise IT environments (e.g., applications network, infrastructure), and the supporting infrastructure and security to deliver the required services and meet the performance standards.


1.2
Service Objectives
The Service Provider shall in its provision of the Security Services:
Provide 24/7*365 Level 1, Level 2 and Level 3 shared services steady state support from the Service Provider’s offshore delivery centres in India;
Perform incident management, change management and configuration management as per the ITSM process by using shared services ticketing & monitoring tools;
Coordinate and work closely with the Customer’s security team to ensure that the Customer’s security considerations and policies are applied to the services being delivered by the Service Provider;
Provide security change services;
Perform Infrastructure Penetration Testing; and
Perform regulatory compliance as data importer including for GDPR.

1.3
Services in scope
All Customer security infrastructure. This includes but is not limited to;
[***];
[***];
[***]; and
[***].

[***]:
[***]

The Security infrastructure baseline volumes are set out in Appendix 10-D of Schedule 10 (Pricebook, Charges and Invoicing).
2.
Service Definition
The Service Provider shall provide all services based on the scope as stated in section 1.3 and shall provide services to support the security requirements of the Customer. The services to be provided are classified as below:





2.1
Endpoint Protection ([***])
[***].

The Service Provider shall perform Incident, Change, Problem, Configuration and Availability Monitoring operations on the Customer hosted anti-virus services.

2.2
Firewall [***]
[***].

The Service Provider shall perform Incident, Change, Problem, Configuration and Availability Monitoring operations on Customer hosted or Cloud based firewall services.

2.3
Web proxy
[***].

The Service Provider shall perform Incident, Change, Problem, Configuration and Availability Monitoring operation on Customer hosted or Cloud based web proxy services.

2.4
Two factor authentication
[***].

The Service Provider shall perform Incident, Change, Problem, Configuration and Availability Monitoring operation on Customer hosted or Cloud based two factor authentication services.

2.5
Infrastructure Penetration Testing
Penetration Testing is a simulated cyberattack against the computer system to check the exploitable vulnerabilities.

[***].

2.6
Security Change Services
Schedule 2 Annex 1 (Common Services) provides details on the project pool hours included for Security change services for minor enhancements and Penetration Testing. [***].

2.7
GDPR Compliance as Data Importer
For the services that are rendered under this agreement, the Service Provider shall act as the data importer (data processor) and the Customer will be the data exporter (data controller), and the Service Provider shall perform all the activities under the direction and authorisation of the Customer and the Service Provider shall perform all the activities under the direction and authorisation of the Customer as described in the service description schedule.

The Service Provider (data processor) has developed the solution in accordance with the Customer’s requirements and instructions under this agreement. Additionally, pursuant to the Services to be performed by the Service Provider in accordance to the MSA, the Service Provider shall have a solution and implement security measures on the Customer’s (Controller) Systems set forth in this Schedule 2 Annex 7 (Security Services).

The Service Provider shall not host any Customer data or systems within its computing environment and shall access the the Customer’s systems in scope through secured remote services.





The Service Provider is an ISO 27001 certified company with its information security structure based on the ISO 27001 ISMS (Information Security Management System) framework with the technical and organisational measures implemented, maintained and aimed at protecting data against accidental and unlawful destruction or accidental loss, alteration, unauthorised disclosure or access. This Information Security program is overseen by the Service Provider’s Chief Security Officer.

Below is a non-exhaustive list of controls that shall be implemented to ensure compliance:
A security management plan governing and driving information security for Customer engagement;
Risk based approach and Information Risk Management through periodic assessment and risk mitigation & monitoring;
Where mandated by Customer policy and local regulation, the Service Provider shall ensure that no data shall reside or transit outside of the European Union or the United States as may be applicable.
Access to the Service Provider’s environment though remote terminal services / VDI to ensure that no data is transferred to the Customer’s computing environment;
All the data resides in the Customer environment;
Appropriate legal arrangements, (standard contractual clauses / model clauses) as per approved clauses as per EC commission, shall be signed by the Service Provider and the Customer;
While processing personal information, the Service Provider acts as a data processor and carries activities under the instructions of the Customer acting as a data controller;
Castle approach (layered approach) while implementing security controls;
Access based on need to know and need to do principle with least privilege with access reviews and audits;
Strong security governance and continuous monitoring;
Defined roles and responsibilities ensuring segregation of duties; and
Data breach notification without undue delay, upon discovery of a data breach.

The Service Provider shall work with the Customer to understand the applicability and impact of the local regulation to the services or the information that will be handled under the agreement. In addition to this, the Service Provider shall thoroughly understand the Customer data classification and ensure that necessary and appropriate controls are in place to safeguard the data / information falling under the respective data classification category.


3.
Service Description and Roles & Responsibilities
Security services are the activities associated with maintaining physical hardware and logical security of all service area components (e.g., Hardware such as Firewall appliance, Software such as anti-virus solution) and data, endpoint protection, malware protection, perimeter protection and other security services in compliance with the Customer’s security requirements and all applicable regulatory requirements.

The following sections and tables throughout this Annex identify the security services roles and responsibilities that each Party shall perform. The Service Provider undertakes to perform its roles and responsibilities set out in this Annex and agrees that performing those delivers the services mentioned in this Annex.

The Service Provider shall follow the below definitions for the Roles and responsibilities defined for all security services:

RACI Matrix

Responsible
Accountable
Consulted
Informed
Responsible and Accountable
Consulted and
Informed
R
A
C
I
R,A
C,I


3.1
General Responsibilities




The general responsibilities for security services include: maintaining security controls; compliance to security policies; procedures and standards, and the Service Provider’s adherence to the Customer’s physical and logical security requirements.

[***]



3.2
[***]
[***]


3.3
[***]
[***]

3.4
[***]
[***]

3.5
[***]
[***]
3.6
[***]
[***]
3.7
[***]
[***]

4.
Service Environment
4.1
Operating Model
Schedule 2 Annex 1 (Common Services) sets out the definition of the Common Operating Model.
The Services shall be delivered from the Service Provider’s delivery location in India with Information Security Officer based in the Customer’s London office.
The Service provider shall establish an ITIL based Tiered Support Model including L1.5, L2 and L3 services.
Level 1.5 support, shall be responsible for providing resolution based on documented procedures / Standard Operating Procedures being agreed upon with the Customer on an ongoing basis. If the L1.5 team is unable to resolve the incident, the incident will be assigned to the corresponding security assignment group. Tickets re-routed to the security assignment group will be forwarded to the Service Provider ticketing tool for ticket resolution.
Level 2 Security support, shall be responsible for providing resolution to escalated issues in addition to providing routine system administration activities.
Level 3 Security support, shall be responsible for providing engineering activities and interfacing with the Customer retained Architecture team. The Level 3 support team will also support the resolution team for any escalated issues.





4.2
Team Construct and Composition
The Service Provider shall use an offshore model to support the Customer. In this model, the Service Provider will execute all the tasks from their offshore delivery centre. The offshore delivery team will be based out of the Service Provider’s shared security services delivery centres in India.

Location
Service Delivered
Service Roles
Offshore – India
L1.5/L2/L3 resource for:
    Firewall & IPS.
    Firewall policy management.
    Web Proxy.
    Anti-virus.
    Two factor authentication.
    Transformation office.

    Technical Tower leads.
    [***].
    [***].
    [***].
    [***].
Onsite – London
Single point of contact for security services (move to offshore after 6 months).

    Information Security Officer
(as defined in Schedule 18 (Key Personnel)).

4.3
Support coverage
Schedule 2 Annex 1 (Common Services) provides details on support coverage for Security Services.

5.
Tools
Schedule 2 Annex 1 (Common Services) sets out the tools that will be utilised for delivering the security services.


6.
Pricing
The charges for Security Services are set out in Schedule 10 (Pricebook, Charges and Invoicing), paragraph 10 (Infrastructure Management Charges) and for Security Service changes out with the capacity set out in Schedule 2, Annex 1 (Common Services) in Paragraph 13 (Change Management Services) and by SOW.

7.
Reporting
Schedule 12 (Governance and Service Management) sets out the mechanism for Operational Reporting for Services provided under the Agreement as part of the Services.

8.
Governance and Escalation
The following will be the escalation mechanism for issues related to Security services (set out in Schedule 18 (Key Personnel)):

1st Level - Service Provider’s Run The Business Lead.

2nd Level - Service Provider’s CIO / Head of Change for this ITO contract.

3rd Level – Service Provider’s Head of Insurance UK & Ireland.
 





9.
Business Continuity and DR
Schedule 16 (Business Continuity and Disaster Recovery) sets out the roles and responsibilities of the Parties for the Security Services provided under the Agreement as part of the Services.







APPENDIX 2-B
OPS & SERVICE DELIVERABLE SUPPORTED HARDWARE

[***]






APPENDIX 2-C
APPLICATION LIST

[***]






APPENDIX 2-D
THIRD PARTY RESOLVER GROUPS

[***]

APPENDIX 2-E
SOLUTION STAFF LOCATIONS

[***]

APPENDIX 2-F
CEFR

[***]

APPENDIX 2-G
NETWORK TOPOLOGY DIAGRAM
[***]

SCHEDULE 3

SERVICE LEVELS AND SERVICE CREDITS
1.
INTRODUCTION
1.1
The objectives of the Service Levels are to ensure that the Services are of a consistently high quality, delivered to time and budget, and meet the requirements of the Customer.
1.2
The Service Levels for the Services are set out in Appendix 3-A to this Schedule 3 and as may subsequently be updated in accordance with the provisions of the Agreement. Critical Service Levels are those Service Levels with Service Credits allocated to them. The initial contract Service Credit Allocation is shown in Appendix 3-A.
1.3
Pursuant to clause 10.5 (Service Levels), the Service Provider acknowledges that its failure to meet a Service Level may have a material adverse impact on the business and operations of the Customer. Accordingly, the Service Provider agrees that any such failure will be required to be remedied in accordance with paragraph 1.4.
1.4
If the Performance Standards (or any of them, including any Expected Service Level) are not achieved, then without prejudice to the Customer's rights under the Agreement, the Service Provider shall (at no additional charge):
1.4.1
advise the Customer immediately;
1.4.2
investigate, assemble and preserve pertinent information with respect to the cause(s) of the problem, including performing a root cause analysis of the problem, an initial summary of the initial findings of which shall be delivered to the Customer in writing within five (5) Business Days following the report of the failure, with the full details then being provided to the Customer




in writing within fifteen (15) Business Days following the report of the failure or, in each case, such other time periods as are mutually agreed by the Parties (provided always that in the absence of agreement the default periods herein shall apply);
1.4.3
advise the Customer, as and to the extent requested by the Customer, of the status of remedial efforts being undertaken with respect to such problem and update the Customer's Contract Manager of the status of the remedial efforts on a daily basis;
1.4.4
minimise the impact of and correct the problem (including using all operational processes available to it to restore performance such as utilisation of any additional resourcing capacity) and begin meeting the affected Performance Standard as soon as reasonably practicable;
1.4.5
take appropriate preventative measures with the objective that the problem does not reoccur; and
1.4.6
in respect of any failure to meet the same Expected Service Level for [***], in order to remedy or seek to avoid the risk of the Service Provider failing the Expected Service Level in subsequent months, upon notification from the Customer, permit the Customer and/or its nominated representative to remedy the failure, if the Service Provider has not done so within a reasonable time of being required to, in which case the provisions of clause 32 shall apply. Without prejudice to generality of 1.4.1 to 1.4.5 above, in this event the Service Provider must produce an action plan within 1 working week from the 3rd months failure, detailing how they will address this failure (including the application of additional resources if required). Any additional resources required to meet the Service Level will be provided at no additional cost to the Customer.
1.4.7
in respect of any failure to meet the same Expected Service Level for a Critical Service Level for [***] the Service Provider failing the Critical Service Level in subsequent months, upon notification from the Customer, permit the Customer and/or its nominated representative to remedy the failure, if the Service Provider has not done so within a reasonable time of being required to, in which case the provisions of clause 32 shall apply .  In this event the Service Provider must produce an action plan, within 1 working week from the 3rd months failure, detailing how they will address this failure (including the application of additional resources if required).  Any additional resources required to meet the Expected Service Level will be provided at no cost to the Company.                 
1.5
Service Credits are calculated pursuant to paragraph 5 below.
1.6
The Service Provider shall provide and use monitoring tools and procedures as are reasonably necessary to measure and report upon its performance of the Services, and in particular as required by paragraph 2 below. The Service Provider will provide the Customer with sufficient information in order to demonstrate the levels of service that are being provided by the Service Provider are in accordance with the Service Levels. This will include but not be limited to providing the raw data without any filtering, manipulation, or impact of agreed Relief Events applied.
1.7
The Service Provider shall provide the Customer with the details as to the levels of performance relevant to the Service Levels in writing on a monthly basis or as otherwise agreed in writing, together with all supporting information reasonably required by the Customer.
1.8
Save as set out in paragraphs 6, 7 and 8 below, any changes to this Schedule 3 shall be made pursuant to the Contract Change Control Procedure. Unless otherwise specified in a signed Change Control Note, measurement and reporting against amended Service Levels shall commence with effect from the date which the relevant Changes take effect.




2.
SERVICE LEVEL OBSERVATION
2.1
For each Service Level there shall be a:
2.1.1
Service Level description;
2.1.2
required Service Levels (the “Expected Service Level”); and
2.1.3
measurement window.
In some cases (including for all Critical Service Levels), there may also be a minimum target level
2.2
Where a Service Level does not exist for any Service immediately prior to the Effective Date, these are considered as Type 2 Service Levels (New Service Level) in Appendix 3A.
2.3
The Service Levels agreed at the Effective Date are set out in Appendix 3A, broken down into Existing Service Levels (Type 1) and subject to paragraph 2.10, New Service Levels (Type 2). 
2.4
The Service Provider shall accurately measure the performance of the Services and the achievement of the Service Levels and Key Performance Indicators and, where it is an inherent part of the measurement of that Service Level or Key Performance Indicator, without undue delay and in any event within no longer than 5 business days, notify the Customer of any potential issues with performance of a Third Party Service Provider.
2.5
The Service Level regime described in this Schedule 3 for Existing Service Levels will come into effect from the Service Commencement Date for the relevant Service Tower and the Customer shall be entitled to claim Service Credits in accordance with this Schedule 3 from such date.
2.6
The Customer will act in good faith and use its reasonable endeavours to provide information and service measurement data reasonably requested by the Service Provider in relation to the Service Levels for 6 months prior to the applicable Service Commencement Date for the applicable Services (“Existing Performance Data”).
2.7
For Type 1 Service Levels (as set out in Appendix 3-A), the Performance Standards shall be determined as follows:
(i)
the Minimum Target Level (if applicable) shall be as set out in Appendix 3-A.
(ii)
the Expected Service Level shall be as set out in Appendix 3-A
2.8
In respect of any Type 2 Service Level where the Customer has provided data pursuant to paragraph 2.6 above, the methodology set out in paragraph 2.10.4 shall be applied to determine the Expected Service Level and, where appropriate the Minimum Target Level.
2.9
In respect of any Service Level, where:
2.9.1
the Customer has detailed the Service Level in Appendix 3-A (Service Level Type 2) but no and/or less than 6 months’ of Existing Performance Data has been provided prior to the date of the applicable Service Commencement Date in accordance with paragraph 2.6; or
2.9.2
the Service Level is subject to a proposal in accordance with paragraph 2.2;
then the Service Level shall be deemed to be a New Service Level and the baselining methodology in paragraph 2.10 shall apply.




2.10
The baselining methodology set out below will be used in relation to all New Service Levels:
2.10.1
the “Service Level Observation Period” shall be the six (6) month period following the completion of the applicable Service Commencement Date, during which the Service Provider shall measure and report upon its performance against the New Service Levels;
2.10.2
during the Service Level Observation Period, the Service Provider shall meet the applicable Interim Minimum Target Levels and Interim Expected Service Levels. Service Credits shall not apply to the New Service Levels for the duration of the Service Level Observation Period.  The Interim Minimum Target Levels and Interim Expected Service Levels shall only apply during the Service Level Observation Period and failure to achieve them shall not, in and of itself, result in the application of any contractual remedy, including Service Credits, Step In and/ or termination;
2.10.3
the Interim Minimum Target Levels and Interim Expected Service Levels shall be as agreed by the Parties fifteen (15) working days prior to Ramp-Up commencement or Service Commencement Date (as set out in Appendix 1 of Schedule 8 (Transition and Transformation), the Parties shall refer this matter for resolution in accordance with the Dispute Resolution Procedure;
2.10.4
on expiry of the Service Level Observation Period, the baselining results will comprise the Service Level Performance for each month and accordingly for each Service Level there shall be six (6) data points (i.e. one data point reflecting the Service Level Performance for each month).  The Performance Standards for each New Service Level shall be determined as follows:
(i)
the Minimum Target Level shall be the lower of: (i) the fourth (4th) data point from the top of the six (6) data points; and (ii) a reduction of four (4) percentage points from the applicable Expected Service Level; and
(ii)
the Expected Service Level shall be the second (2nd) data point from the top of the six (6) data points.
2.10.5
notwithstanding the determination of the Performance Standards for New Service Levels in accordance with this paragraph 2.10, if required by the Customer, the Parties shall agree a service improvement plan via the Contract Change Control Procedure.
2.11
The Parties agree there shall be no measurement or verification of the Existing Service Levels (Service Level Type 1) and they shall apply from the applicable Service Commencement Date.
2.12
The following are worked examples of the Performance Standards for New Service Levels determined in accordance with the methodologies set out in paragraphs 2.10.4(i) and 2.10.4(ii) above:
2.12.1
in respect of paragraph 2.10.4(i) if the data points for the six (6) month period, in descending order, are 99%, 98%, 97%, 96%, 94%, 92%; the fourth (4th) data point from top is 96% and a reduction of four (4) percentage points from the applicable Expected Service Level (i.e. second (2nd) data point from top = 98%) is 94%. In this case, the Minimum Target Level would be 94%, which is the lower of the two (2) figures. In the above example, if the fourth (4th) data point from top was 93% and a reduction of four (4) percentage points from the applicable Expected Service Level (i.e. second (2nd) data point from top = 98%) remained unchanged at 94%, the Minimum Target Level would be 93%, which is the lower of the two (2) figures; and
2.12.2
in Appendix 3-A where no Minimum Target Level is specified this is deemed to be the same as the Expected Service Level.




3.
COMMENCEMENT OF POST-TRANSFORMATION SERVICE LEVELS
3.1
Where the Service Provider has delivered or will deliver a Transformation activity, then the Existing Service Level for the applicable Services may change. The Service Provider must propose changes to Existing Service Levels or propose New Service Levels which shall apply automatically from the next Measurement Window completion of the relevant Committed Transformation Project. The provisions of paragraph 4 shall apply to the Post-Transformation Service Levels immediately from such date. Any changes to Existing Service Levels and/or any New Service Levels will be agreed in advance in the Transformation Plan and additionally be subject to the Contract Change Control Procedure.
4.
MEASUREMENT AND REPORTING
4.1
The Service Provider shall be responsible for monitoring its performance against all of the Service Levels and shall maintain adequate technical and organisational procedures and reasonable and auditable tools to enable it to do so. The Customer reserves the right to measure the Service Provider's performance. In the event of a discrepancy between the Service Provider's measurement and the Customer's measurement, the Customer's measurement shall prevail except to the extent of manifest error or in the event that the Customer’s data set is not statistically significant, provided that, where the difference between the two measurements is in excess of five per cent (5%), the Service Provider shall have the opportunity to present to the Customer, within five (5) Business Days, evidence to support and justify the accuracy of its measurement, which the Customer shall consider in good faith, but if the Service Provider is unable to demonstrate to the Customer's reasonable satisfaction that the Customer's measurement is incorrect, the Customer's measurement shall prevail. The relevant data volumes to ensure statistical significance for measuring applicable Service Levels will be set out in the Procedures Manual. Where there is insufficient volume of data to ensure statistical significance for measuring applicable Service Levels, the Parties will agree to extend the period of measurement to a reasonable period to enable the measurement.
4.2
Service Levels measured on a "time to perform" basis shall be measured from the time the relevant process is logged as measured by the date stamp of the work item, or the time the relevant work item is received by the Service Provider, whichever is earlier as further described in the Procedures Manual from time to time. The applicable process for logging and therefore date and time stamp will be via the relevant Service Management system ([***]) or email receipt. Should [***] be unavailable, then other appropriate means of notification will be used as determined by the Service Provider.
4.3
At the end of each month (and in any event within five (5) Business Days thereafter), the Service Provider shall submit a detailed report setting out performance against Service Levels during that month, including setting out details of any Service Credits payable during that month in respect of any Service Failures (a "Service Level Report"). The Service Provider will enable a self-service dashboard from [***] to enable the Customer to review Service Level progress on a weekly basis.
4.4
If the Service Provider fails to produce and deliver a Service Level Report in respect of a particular month within the relevant timescale, either at all or in a format and without the level of detail required to enable the Customer to understand the Service Provider's performance in respect of the Service Levels for that month, the Service Provider will be deemed to have failed to achieve the Expected Service Level in respect of the affected Service Levels.
4.5
The Service Provider may amend the reporting of performance data as a result of a specific Relief Event subject to clause 21.
4.6
The Service Levels shall only apply to the forecast volumes agreed pursuant to paragraph 18 of Schedule 10
4.7
In each Service Level Report, the Service Provider's performance shall be shown as follows:




4.7.1
in respect of any Service Levels where performance is in excess of or equal to the Expected Service Level, performance shall be shown as "green";
4.7.2
in respect of any Service Levels where performance is less than the Expected Service Level but greater than the Minimum Target Level, performance shall be shown as "amber"; and
4.7.3
in respect of any Service Levels where performance is less than the Minimum Target Level, performance shall be shown as "red".
In addition, the Service Provider shall note the impact of each Relief Event applied to the Service Level performance reporting.
4.8
In respect of any Service Levels where the Service Provider's performance is below the Expected Service Level (i.e. "amber" or "red") during the relevant Measurement Period, then, without prejudice to the Customer’s other rights and remedies, the provisions of paragraph 1.4 shall apply.
4.9
In respect of any Critical Service Levels where the Service Provider's performance is below the Expected Service Level (i.e. "red") during the relevant Measurement Period, then Service Credits shall accrue in accordance with paragraph 5 below.
4.10
The Parties agree that the following events shall be Material Service Failures for the purposes of clause 36.4.7 (Termination for Cause):
4.10.1
the Service Provider incurs maximum Service Credits three times or more in a six (6) month period;
4.10.2
subject always to paragraph 7.2 below (Maximum Number of Critical Service Levels), the Service Provider failing to achieve 3 or more of the Minimum Target Levels applicable to Critical Service Levels (provided always that this right shall only apply in respect of those Minimum Target Levels in respect of which the Service Level Observation Period has either expired or did not apply) for three (3) consecutive months or in four (4) or more months within any period of six (6) consecutive months.
4.11
Without prejudice to the Customer’s other rights and remedies, where a termination right arises pursuant to paragraph 4.10 above, the Customer shall have six (6) months within which it may exercise its termination right. The Customer agrees that if it does not so exercise its termination right, then its ability to invoke its right to terminate shall lapse unless a new right of termination has arisen
5.
CALCULATION OF SERVICE CREDITS
5.1
The Service Credits shall be calculated as set out in paragraphs 5.2 to 5.6 below.
5.2
If more than one Service Failure has occurred in a single month, the Service Credits to be credited in respect of that month shall be the aggregate of each of the Service Credits as calculated in accordance with paragraphs 5.3 to 5.6 below.
5.3
Subject to paragraph 5.6 below, Service Credits will be calculated against those Critical Service Levels where a Service Failure has occurred. Should the Service Failure be the result of a Third Party Provider, the Service Provider will be granted an exception for that Service Failure and it will not count towards the calculation of Service Credits.
5.4
The quantum of the Service Credit applying to each Critical Service Level will be calculated on a straight line basis between the Minimum Target Level and Expected Service Level for that Critical Service Level using the following formula:





See graphical representation below:

aspen20itoschedule03s_image1.gif
5.5
The following worked example demonstrates how the Service Credit regime operates.
5.5.1
Example 1: One Critical Service Level is failed. The Charges for the Run Services for the relevant month are $[***]. The At Risk Amount ([***]% of the Charge for the relevant month) is therefore $[***]. The Minimum Target Level is [***]% and the Expected Service Level is [***]%. The Service Credit Allocation is [***]%. The achieved Service Level for the Measurement Period is [***]%. The Service Credit is:
The maximum Service Credit in this example is $[***]. The minimum Service Credit is zero. No negative Service Credits which accrue for over performance.
5.5.2
Example 2: 3 Critical Service Levels are failed. The Charges for the Run Services for the relevant month are $[***]. The At Risk Amount ([***]% of the Charge for the relevant month) is therefore $[***]k.
During month A, all Service Levels have been achieved except for:
(a)
SD-13 which has a minimum target level of [***]% and an expected service level of 85%. The Pool % for this Service Level is [***]%. The achievement in the measurement period is [***]%.
(b)
INF-10 which has a minimum target level of [***]% and an expected service level of [***]%. The Pool % for this Service Level is [***]%. The achievement in the measure period is [***]%
(c)
AM-2 which has a minimum target level of [***]% and an expected service level of [***]%. The Pool % for this Service Level is [***]%. The achievement in the measurement period is [***]%
The Service Credits due are calculated as:




(a)
SD-13    $[***] x [***]% as the achievement is below the minimum target level = $[***].
(b)
INF-10
(c)
AM-2    
(d)
TOTAL Service Credit payable in that month is $[***] + $[***] + $[***] = $[***]

5.6
If the Service Provider has a Service Failure in respect of the same Critical Service Level, more than three (3) times in a rolling twelve (12) month period, then in respect of subsequent Service Failures of that Critical Service Level, the Service Credit applicable shall be the percentage of the overall At Risk Amount set out in the table at Appendix 3-A in the column headed "Service Credit Allocation.
5.7
If the Service Provider's actual performance against a Critical Service Level is at or below the level described in the "Minimum Target Level" column of the table set out at Appendix 3-A then the Service Credit applicable to that Critical Service Level pursuant to paragraph 4 shall be applicable for that failure to achieve the Minimum Target Level.
5.8
Notwithstanding the foregoing provisions, the amount of Service Credit actually payable to the Customer with respect to all Service Failures occurring in a single Measurement Period under the Agreement shall not exceed, in total [***] per cent ([***]%) of the Charges for the Services due for the relevant Measurement Period ("At Risk Amount"). Accordingly, whilst it will be notionally possible on the basis of the total Service Credit Allocations to incur Service Credits in excess of [***] per cent ([***]%) of the At Risk Amount, the Service Provider shall not be required to credit the Customer with more than [***] per cent ([***]%) of the At Risk Amount in respect of any given Measurement Period.
6.
CHANGES TO SERVICE LEVELS
6.1
The maximum Service Credit Allocation percentage that the Customer can allocate to any single Critical Service Level is thirty per cent ([***]%).
6.2
The Customer shall have the right to request an adjustment of the Service Credit Allocations between the relevant Critical Service Levels on giving written notice to the Service Provider and such changes will be agreed via the Contract Change Control Procedure as set out in this Agreement. Any such adjustments shall happen no more than once per Calendar Quarter. Such changes will take effect so as to apply to the Measurement Period after the Measurement Period in which the change was agreed by the parties. Such changes shall not however result in an increase which takes the total Service Credit Allocation higher than [***] per cent ([***]%).
6.3
The Customer shall have the right to request to promote a Key Measure to become or replace a Critical Service Level on giving written notice to the Service Provider, such that the Key Measure is then classified as a Critical Service Level, provided that such changes shall not however result in a net increase which takes the total Service Credit Allocation higher than [***] per cent ([***]%). In this regard, the Customer shall be required to demote Critical Service Levels to Key Measures or reduce the Service Credit Allocation assigned to individual Critical Service Levels before it may promote Key Measures to Critical Service Levels if doing so would result in a net increase which takes the total Service Credit Allocation higher than [***] per cent ([***]%). Any such promotions will be agreed via the Contract Change Control Procedure as set out in this Agreement. Any such promotions shall happen no more than once per Calendar Quarter. Such changes will take effect so as to apply to the Measurement Period after the Measurement Period in which the change was agreed by the parties.




7.
ADDING NEW SERVICE LEVELS
7.1
No more than once in a Calendar Quarter, the Customer shall have the right to request to add one (1) or more new Critical Service Levels on giving written notice to the Service Provider and such changes will be agreed via the Contract Change Control Procedure as set out in this Agreement. Any new Critical Service Levels and Key Measures shall be determined in accordance with paragraph 7.3 below.
7.2
The Parties agree that there will be no more than [***] Critical Service Levels per Service Tower at any one time, except for Service Desk and Infrastructure Management which shall have a maximum of [***]. If the promotion of new Critical Service Levels takes the total number of Critical Service Levels per Service Tower beyond the limitation set out in this paragraph 7.2 the Customer shall demote any one or more of the existing Critical Service Levels to comply with this paragraph 7.2.
7.3
For any new Critical Service Levels or Key Measures added, the appropriate Expected Service Level and Minimum Target Level (as applicable) will be determined as follows:
7.3.1
where at least six (6) months of consecutive Service measurements exist (as measured by the Customer or Service Provider) prior to the date of agreement for a particular Service, the Critical Service Level or Key Measure (as applicable) shall be established by taking the mean of the Service measurements achieved during each consecutive month in that six (6) month period.
For example, if the measurements for a Service were 98%, 97%, 100%, during a three (3) month period, the new Expected Service Level would be 98.5% (i.e. the mean of the three (3) measurements); or
7.3.2
where no Service measurements exist for a particular Service, the Parties shall attempt to agree on a Critical Service Level or Key Measure (as applicable) commitment using industry standard measures (including, but not limited to, measures provided by third party experts such as Compass, Gartner, Hackett, Meta and Ovum) or data from a comparable Critical Service Level or Key Measure. If the Parties are unable to agree upon a Critical Service Level or Key Measure under this paragraph 7.3.2 then the following shall apply:
(i)
within ninety (90) days after the Customer's notification that it requires a new Critical Service Level or Key Measure, the Service Provider shall begin providing monthly measurements of its performance of the applicable Services against such new Critical Service Level or Key Measure (as applicable); and
(ii)
after six (6) or more actual monthly Service measurements are provided by the Service Provider, the Customer may at any time request in writing that paragraph 7.3.1 above be used to establish the Service Level or Key Measure (as applicable).
7.4
Where the Customer is adding a Critical Service Level, such changes shall not result in a net increase which takes the total Service Credit Allocation higher than [***] per cent ([***]%). In this regard, the Customer shall be required to demote Critical Service Levels to Key Measures or reduce the Service Credit Allocation assigned to individual Critical Service Levels before it may add the new Critical Service Levels if doing so would result in a net increase which takes the total Service Credit Allocation higher than [***] per cent ([***]%).
8.
CONTINUOUS IMPROVEMENT
8.1
Without prejudice to the generality of clause 11 (Service Improvement), the Parties agree that the Service Levels and Key Measures should be modified during the Term to reflect the concept of continuous improvement. To accomplish this, Service Levels and Key Measures will be modified each Contract Year.




8.2
If the Service Provider exceeds an Expected Service Level six (6) times in a Contract Year, the Customer shall be entitled to reset that Expected Service Level to the average of the actual performance. Such adjustments shall automatically take effect at the beginning of the Contract Year, immediately following the Contract Year in which the Service Provider's performance exceeded the Expected Service Level on the basis described in this paragraph 8.2 unless otherwise agreed in writing by the Customer. The Minimum Target Level shall also be increased so as to keep the same proportionate difference as between the [Expected Service Level and Minimum Target Level as existed prior to the adjustment in the Expected Service Level. Notwithstanding the foregoing, no single increase to a Expected Service Level for any twelve-month period shall exceed [***] per cent ([***]%) of the difference between absolute/[***]% and the then-current level.
9.
CO‑OPERATION
9.1
Without prejudice to the generality of clause 14 (Cooperation and Third Party Contracts), the Service Provider agrees that the achievement of the Service Levels by the Service Provider may require the co‑ordinated, collaborative effort of other service providers, vendors and other third parties who contract with the Customer. The Service Provider's Contract Manager will provide a single point of contact for the prompt resolution of all Service Failures. Similarly, the Service Provider will reasonably co‑operate Swith the Customer and other service providers in their attempts to resolve service problems in relation to the services those service providers are providing to the Customer. The Customer acknowledges that the Service Provider is not contractually responsible for such Third Party Service Providers, vendors or others and therefore any failure by such parties shall not count as a failure of the Service Provider.






APPENDIX 3‑A

SERVICE LEVELS
[***]
SCHEDULE 4

ASSUMPTIONS AND DEPENDENCIES
1.
INTRODUCTION
1.1
This Schedule 4 (Assumptions and Dependencies) details the relevant assumptions and dependencies which the Parties agree apply to the provision of the Services.
2.
ASSUMPTIONS
2.1
The dates associated with the Milestones described in Appendix 8-A and the Service Provider’s commitment in clause 3.6 to backdate the charging benefits for services contracted under the Legacy Agreements to 1 September 2018 assume that this Agreement (or a binding letter of intent that gives the Service Provider full commercial cover for its exposure arising in relation to commencing Transition) is signed on or before 31 August 2018 and people related consultation activities commence during the week commencing 3 September 2018. The Parties acknowledge that any delay in signing the Agreement or a binding letter of intent beyond 31 August 2018 will require revision of all dates prior to signature of the Agreement . Where the Agreement is signed on or before 3 September 2018, a subsequent failure by the Customer to commence the people consultation activities during the week commencing 3 September will trigger the application of clause 21 (Customer Dependencies), including a review of the impact on transition dates of such delay, reflecting that the statutory nature of such consultation activities limits the ability of the Service Provider to mitigate the consequences of such delay.
2.2
The Service Provider has designed its solution on the assumption that there will be a maximum additional 10% of effort (covering administration service requests, ad hoc reporting and finance support) for all non-ticketed activities. [***]. These will be tracked and measured on a quarterly basis. If the effort on non-ticketed activities exceeds 10% of the total effort, the Customer will work with the Service Provider to agree and implement initiatives designed to reduce this to maximum 10%. The Service Provider agrees that any excess above 10% will, under no circumstances, impact the prices as defined in Schedule 10, the Services as defined in Schedule 2 or the Service Levels as defined in Schedule 3 throughout the duration of the Agreement.
2.3
[***].
2.4
The Customer will provide reasonable access to appropriate resources from the Customer’s business and IT communities. During the transition period, this will be mutually agreed in writing during detailed transition planning. For the Run Services and Change Management Services generally, this will be either as set out in the relevant Annex of Schedule 2 or the Customer will provide reasonable access provided the Service Provider provides a reasonable notice period. For Change Projects, the requirement will be described in the relevant agreed Statement of Work or Work Request where applicable.
2.5
[***].
2.6
[***].
2.7
[***].
2.8
In the provision of the Catalogue Item ‘End User Devices’ described in Appendix 10-K to Schedule 10, the Service Provider will provide these Services on a next business day basis. The transportation cost




of any end user devices will be in addition to the price provided in the Service Catalogue. Then Service Provider will use the most cost effective means of transportation including utilising the Customer’s existing transportation commercial arrangements where the Customer permits and facilitates this. All spend will be approved in advance via the workflow process built into the request management system.
2.9
[***].
3.
DEPENDENCIES
3.1
[***].
3.2
From the relevant Service Commencement Date, where required in order for the Service Provider to adhere to the measurement and reporting requirements of Schedule 3, the Customer will ensure that there are adequate licenses to extend the Customer tools to monitor non-production environments where Service Levels and/or KPIs are required to be measured.
3.3
[***]
3.3.1
[***];
3.3.2
[***]; and
3.3.3
[***]
3.4
Where the Service Provider is utilising Customer owned licences for tools, the Customer will ensure it holds sufficient licences on the relevant Service Commencement date to deliver the Services as defined in Schedule 2, Annex 1 (Common Services) Section 3.4. The Service Provider will monitor the usage and ongoing requirements for such licences and provide a report (at least on a quarterly basis) to detail whether the number of licences is required to increase or decrease. The Service Provider will use its reasonable efforts to manage its too licence usage efficiently and to minimise tool licence requirements.
3.5
In order for the Service Provider to deliver the Services as defined in Schedule 2 Annex 2 (Infrastructure Services) and Annex 3 (Operations and Service Delivery), the Customer will provide, either directly or via third parties providing break-fix services, the requisite spare devices to enable the services to be delivered. The Service Provider will be responsible for defining the level, type and quantities of spare devices that are required to deliver the services in line with Schedule 2 (Service Descriptions) and Schedule 3 (Service Levels). There is an obligation on the Service Provider to ensure that the Customer is notified in good time as to when it needs to order spares to ensure no negative impact on service and that is uses its reasonable efforts to use the spares inventory efficiently and to minimise Customer spares inventory spend.
3.6
The Customer will ensure the required hardware models and infrastructure (as described in Schedule 2 Annex 2, 3 and 7) will be provided for performing Image Maintenance activities. The Service Provider will provide reasonable notice to the Customer to ensure that Image Maintenance activities are maintained in line with Schedule 2 (Service Descriptions) and Schedule 3 (Service Levels).
3.7
Where the Service Provider is responsible for managing Third Party Providers pursuant to Schedule 14 (Service Integration and Management), the Customer will provide the relevant contractual information to the Service Provider to facilitate this. This will include hours of cover, assets supported, service level agreements and operating level agreements.
3.8
[***]:
3.8.1
[***].
3.8.2
[***].
3.8.3
[***].




3.8.4
[***].
3.9
In order for the Service Provider to deliver the Transition Plan, the following Transition related dependencies are required to be delivered by the Customer in line with the relevant dates provided in the Transition plan described in Schedule 8 Appendix 1.
3.9.1
The Customer will assign a Transition Manager to manage the Customer obligations and any incumbent third party provider obligations to the transition process, as described in the Transition Plan.
3.9.2
The Customer will provide access to appropriate tools, database, servers and document repository to enable knowledge transfer for the in-scope services.
3.9.3
The Customer will make available all appropriate resources from the Customer’s business and IT communities, key stakeholders, documentation (including SoPs and Run Book), tools, databases and servers as reasonably required by the Service Provider both within a reasonable period in advance of, and during the Transition phase. It is the Service Provider’s responsibility to notify the Customer in good time to enable them to meet this obligation.
3.9.4
The Customer will manage necessary internal communications pertaining to Transition activities, provided that the Service Provider notifies the Customer of what is needed to be communicated and within a reasonable and appropriate time period to not impact the Transition Plan.
3.10
Where the Customer anticipates realising savings enabled by the Service Provider’s delivery of the Services then, because the Parties have agreed to deem certain cost savings as direct losses pursuant to clause 34.5.6, for the purposes of any claim made in reliance on clause 34.5.6, the actions that the Customer will need to have taken in order to realise those savings will: (i) for Run Services be those Customer Dependencies documented in this Schedule and Appendix 8-A (Transition and Committed Transformation Plan); and (ii) for Change Services be agreed in writing (in an SOW or other agreed appropriate means) and specifically identified in such document as Customer Dependencies.
3.11
[***]:
3.11.1
[***];
3.11.2
[***]; and
3.11.3
[***].










SCHEDULE 5

SUB-CONTRACTOR LIST AND SERVICE PROVIDER TOOLS
Pursuant to clause 17 (Subcontractors), the entities listed below are recognised as being Approved Sub-Contractors. It is acknowledged that this list may be updated from time to time pursuant to clause 17.

S. No.
Name
Entity Name
Scope of Services responsible from
Locations service provided from
1
[***]
[***]
[***]
[***]
2
[***]
[***]
[***]
[***]
3
[***]
[***]
[***]
[***]




In addition to engaging the Approved Sub-Contractors referenced above the Customer recognises that the Service Provider will [***] a range of Service Provider Tools (both Service Provider owned and third party) and COTS Vendor items in connection with its provision of the Services, including those referenced below. Such use is recognised to not amount to subcontracting for the purposes of clause 17 and the status of each such item for the purposes of the Agreement is set out below.
S No.
Tool Name
IP Owner
Agreement Status
1
[***]
[***]
COTS Vendor – Schedule 19 applies




2
[***]
[***]
Third Party owned Service Provider Tool – no access / use by Customer
3
[***]
[***]
Third Party owned Service Provider Tool – no access / use by Customer
4
[***]
Cognizant
Service Provider owned Service Provider Tool – no access / use by Customer




5
[***]
Cognizant
Service Provider owned Service Provider Tool – no access / use by Customer









SCHEDULE 6

STANDARDS AND POLICIES
Notwithstanding any other statements elsewhere in this Schedule 6, where Customer Standards and Policies and Customer Location Policies impose obligations, requirements or restrictions on the Customer, the Service Provider shall comply as though the Service Provider were referred to under the relevant Customer Standards and Policies and Customer Location Policies rather than the Customer, to the extent applicable to the Service Provider’s obligations under this Agreement.

1.
LIST OF CUSTOMER STANDARDS & POLICIES
Reference
Document Title
Date
1.    
Aspen Group Data Quality Management Policy (3266_0)
February 2017
2.    
Aspen Group Underwriting Risk Policy (3676_0)
June 2017
3.    
Aspen US Cybersecurity Policy (3720_0)2018_04_03 14_46_05
August 28, 2017
4.    
Aspen US Information Security and Cybersecurity Program (3717_1)
August 28, 2017
5.    
Group Anti Money Laundering and Counter Terrorist Financing Policy (647_5)
15 June 2017
6.    
Group Business Continuity Policy (3500_0)
19 June 2017
7.    
Group Compliance User Guide (3489_0)
4 June 2017
8.    
Group Conflicts of Interest Policy (1114_4)2018_01_22 14_58_16
10 March 2017
9.    
Group Disclosure Policy (3490_0)
26 July 2017
10.    
Group End User Computing Policy (3713_0)
23 January 2018
11.    
Group Financial Crime & Notification Policy (1279_3)
15 June 2017
12.    
Group Fit and Proper Policy (3499_0)
June 2017
13.    
Group Gifts and Hospitality Policy (492_7)
12 April 2017
14.    
Group Information Classification Policy (3375_0)
30 May 2017
15.    
Group IT Acceptable Use Policy (2744_7)
09 October 2017
16.    
Group Outsourcing Policy (3566_0)
08 June 2017
17.    
Group Procurement Policy (3372_0)
16 May 2017
18.    
Information Security Password Standards (1898_2)
July 2015




Reference
Document Title
Date
19.    
Information Security Policy (3585_2)
June 2018
20.    
Operational Risk Policy (3312_0)
April 2017
21.    
Travel and Expenses Policy (3643_0)
November 2017
22.    

Change Control Process (901_18)

February 6 2014
23.    
Cyber Policy
August 2015
24.    
Group Anti-Bribery Policy (489_9)
12 January 2018
25.    
Group Claims Risk Policy (3678_0)
June 2017
26.    
Group Data Protection Policy (399_7)
08 March 2017
27.    
Group Disclosure Policy (3490_0)
26 July 2017
28.    
IT Operations Incident Management Process (2747_0)
07 June 2016
29.    
Third Party Minimum Security Standards January 2016
7 January 2016
30.    
IT Operations Problem Management Process (915_4)2018_02_13 09_02_50
13 February 2018
31.    
Service Desk Policy and Procedures (623_-1)2018_02_13 09_01_04
October 26, 2006 (as revised on 6 June 2013)

2.
HEALTH AND SAFETY STANDARDS
2.1
The Service Provider shall strive to continuously improve its health and safety performance by implementing appropriate measures to promote health and safety in the workplace and reduce the risk of accidents, including:
2.1.1
putting in place programs to protect workers from overexposure to chemical, biological and physical hazards, as well as physically demanding tasks;
2.1.2
making safety information relating to hazardous materials available to train and educate workers; and
2.1.3
identifying and assessing emergency situations in the workplace and implementing appropriate plans and response procedures to minimise their impact.
2.2
The Service Provider acknowledges that it has been supplied with a copy of the Customer's current rules regarding health and safety. When working at the Customer’s Locations, the Service Provider agrees to comply with these rules, and any additional rules made known to the Service Provider from time to time by the Customer, together with all applicable statutory rules and regulations regarding such matters. The Service Provider shall ensure that the Service Provider Personnel also comply with these rules and regulations together with all reasonable Customer requirements concerning conduct at the Customer's premises.




2.3
Each Party shall notify the other of any health and safety hazards at the Customer's premises of which it becomes aware. The Service Provider shall draw these hazards to the attention of those personnel engaged in the performance of the Services at the Customer's premises and shall instruct such persons in connection with any necessary associated safety measures.
3.
ENVIRONMENTAL STANDARDS
3.1
The Service Provider shall strive to continuously improve its environmental performance and reduce its negative environmental impact, including:
3.1.1
minimising the consumption of energy and natural resources;
3.1.2
reducing waste and promoting recycling and the use of recycled materials;
3.1.3
avoiding the use of hazardous materials where possible;
3.1.4
putting in place systems to ensure the safe handling, movement, storage, recycling, reuse or management of waste, air emissions and wastewater discharges; and
3.1.5
putting in place systems to prevent and mitigate accidental spills and releases to the environment.
4.
SUPPORT FOR CUSTOMER CORPORATE RESPONSIBILITY POLICIES
4.1
In support of the Customer’s endeavours to achieve its own corporate responsibility objectives, the Service Provider shall:
4.1.1
upon request by the Customer, promptly provide a copy of the Service Provider’s current “Policy on Sustainability and Corporate Responsibility”;
4.1.2
identify a single point of contact within the Service Provider organisation for all corporate ”integrity initiatives”; and
4.1.3
at the Customer’s request, allow the Customer or an independent third party (subject to a confidentiality agreement entered into by such party, and subject to the Service Provider’s approval of such third party which shall not be unreasonably withheld) to perform an audit on the implementation of the corporate responsibility obligations set out herein.









SCHEDULE 7
SECURITY - IT AND PHYSICAL
[***]
    





SCHEDULE 8
TRANSITION AND TRANSFORMATION
1.
OVERVIEW

1.1
The Service Provider will perform the activities, for the Transition, Committed Transformation and Future Transformation of the Services in accordance with the requirements of this Agreement generally and this Schedule and its Appendices and in particular:
(i)
in relation to Transition and Committed Transformation, the Service Provider will, replace the services currently being provided by the Customer with the Services including by separating the services to be replaced by the Services from any retained services or activities that are to remain with the Customer Group and/or its other suppliers and migrating all aspects of the Services to the Service Provider in accordance with Part A of Appendix 8-A (Transition Deliverables, Dependencies and Milestone Dates) (the “Transition Services”) and with Part B of Appendix 8-A (Committed Transformation Deliverables, Dependencies and Milestone Dates) (the “Committed Transformation Services”), so that each applicable aspect of the Services is performed from the relevant Milestone Dates specified in the Transition Plan and/or the Committed Transformation Plan, as applicable;
(ii)
in relation to Future Transformation, the Service Provider will perform the Future Transformation of the relevant Services pursuant to which the Services shall be improved and/or the Charges reduced in accordance with the terms of Appendix 8-B (Future Transformation Principles) (the “Transformable Services”), so that the Transformed Services commence being performed from the relevant Milestone Dates specified in the Transformation Plan;
(iii)
provided that the Customer invites the Service Provider’s representatives, the Service Provider will participate in all Customer internal and external meetings co-ordinating other programme transition and transformation activities as may be reasonably required by the Customer in order to ensure that the performance of its Transition, Committed Transformation and Future Transformation obligations can be effectively integrated and co-ordinated with such other activities;
(iv)
the Service Provider will perform Transition, Committed Transformation and Future Transformation Services concurrently or separately as required to meet the requirements of this Agreement in accordance with the dates agreed in Appendices 1 and 2. The Parties accept that the dates in Appendices 1 and 2 may change in line with the Customer’s priorities and any changes will be addressed via an appropriate change control mechanism (which shall be the Contract Change Control Procedure in the event of any potential delay which may impact any of the target Service Commencement Dates);
(v)
the charges for Transition, Committed Transformation and Future Transformation shall be only those included in the Charges referenced in Schedule 10 (Pricebook, Charges and Invoicing) or a SOW (in respect of Future Transformations) and accordingly no additional costs or expenses beyond the Charges referenced in Schedule 10 (Pricebook, Charges and Invoicing) (“Charges”) shall be charged to the Customer in connection with Transition, Committed Transformation and Future Transformation unless otherwise agreed pursuant to a SOW, the Contract Change Control Procedure and/or due to the operation of clause 21 (Customer Dependencies); and
(vi)
without prejudice to its obligations elsewhere in the Agreement and any rights or remedies the Customer may have, and in accordance with clause 7 (Transition) of the Agreement, advise the Customer as to any issues that may impact the Transition, Committed Transformation, Future Transformation and/or the completion of the Milestones and propose solutions where appropriate.




1.1.2
The Service Provider will take such steps, and perform such services and functions, (other than the applicable Customer Dependencies) as are necessary so that:
(i)
each of the Transition, Committed Transformation and the Future Transformation Services and each part of them are delivered to the agreed timescales, cost forecasts and level of required quality (as evidenced by acceptance of the relevant Key Milestones and/or Deliverables);
(ii)
the Transition Services (and any relevant aspects of the Committed Transformation Services) are performed so as to ensure that there is smooth and cost-effective transfer of service to the Service Provider and so that the exit criteria specified in sections 4.4, 5.1, 6.2, 7.1.3, 7.3.3, 7.4.4, 7.5.4, 7.6.4, 7.7.3, 7.8.3, 7.10.3 of Appendix 8-A are met;
(iii)
each of the Transition Tasks to be completed during Transition are completed, meet any relevant Transition Acceptance Criteria (it being acknowledged that agreeing the same will be an early Deliverable of Transition) and, where applicable and agreed, pass the Transition Acceptance Tests by the Task Completion Date (acknowledging that it is not the intention of the Parties that every Transition Task will be subject to Transition Acceptance Tests, however in the absence of Transition Acceptance Tests, the Service Provider will seek to minimise any impact on the business of the Customer while performing the Transition Tasks);
(iv)
each of the Committed Transformation and/or Future Transformation Tasks to be completed during Committed Transformation and/or Future Transformation are completed, meet any relevant Committed Transformation and/or Future Transformation Acceptance Criteria (it being acknowledged that agreeing the same will be an early Deliverable of each Transformation Project) and, where applicable and agreed, pass the applicable Acceptance Tests by the Task Completion Date (acknowledging that it is not the intention of the Parties that every Transformation Task will be subject to Acceptance Tests);
(v)
subject to the Customer’s failure to meet any directly applicable Customer Dependencies, each of the Key Milestones to be completed during Transition, Committed Transformation and/or Future Transformation are completed, meet the applicable Acceptance Criteria, and pass the applicable Acceptance Tests by their respective Milestone Dates;
(vi)
the Transformed Services meet the criteria specified in specified in sections 9.6, 10.7, 11.7, 12.7, 13.7, 14.7 and 15.7 of Appendix 8-A are met;
(vii)
such steps, services and functions are designed with the objective to minimise the internal and third party costs incurred by the Customer in relation to Transition, Committed Transformation and Future Transformation (including costs incurred with any Outgoing Service Provider or Customer subcontractor) in so far as is reasonably possible;
(viii)
the Service Provider will ensure that any outages required as part of Transition, Committed Transformation or Future Transformation: (i) are always notified in writing to and approved by the Customer in advance; (ii) are minimised; and (iii) occur only during ‘applicable maintenance windows’ or at times agreed between the Parties in writing; and
(ix)
there is minimal disruption to the Services during each of Transition, Committed Transformation and Future Transformation and minimal impact on the Customer’s business (including its personnel and customers), save for any disruption agreed between the Parties in the Transition Plan and/or relevant Transformation Plan or otherwise.
1.1.3
The Parties agree that in interpreting the obligations of the Service Provider in relation to the Transition, Committed Transformation and the Future Transformation Services:
(i)
the Transition, Committed Transformation and Future Transformation Services described in this Schedule, its Appendices, the Transition Plan and applicable Transformation Plan:
(a)
are intended to memorialise the key high level tasks and responsibilities which the Service Provider will assume in order to assume responsibility for the provision of the Services in an




orderly and efficient way and transition and / or transform them as agreed. However, these descriptions are not intended to serve as an exhaustive or exclusive list of all of the Service Provider’s obligations with respect to Transition, Committed Transformation or Future Transformation and the Service Provider shall perform all things ancillary or incidental to such obligations to achieve the overall objectives set out in this Schedule, the Transition Plan, each Transformation Plan and elsewhere in the Agreement provided such activities are also required for the completion of Transition, Committed Transformation or Future Transformations (and are not an agreed Customer Dependency); and
(b)
that, accordingly, the interpretation provisions set out in clauses 4.3 and 4.4 of the Agreement shall apply with the term “Services” interpreted to mean Transition, Committed Transformation or Future Transformation Services as applicable and that the remaining terms of paragraph 1.1.3 shall apply to address any practical implications of applying those sections to the Transition, Committed Transformation and Future Transformation Services; and
(ii)
there shall be no measurement periods or validation of the Services in order for the Service Provider to satisfy itself that it can provide the Services in accordance with the Performance Standards except as provided for in Schedule 3 (Service Levels and Service Credits).
1.2
Risk
1.2.1
The Service Provider will perform Transition, Committed Transformation and Future Transformation in such a manner, and take such steps as are needed, to minimise, to the extent reasonably possible, any operational risk to the Customer.
1.2.2
The Service Provider shall create and maintain a risk register and risk management plan, to which the Customer may input, (or, if it is agreed by the Parties to be more practicable, three, one for each of Transition, Committed Transformation and Future Transformation) that identifies all risks to Transition, Committed Transformation and Future Transformation and includes an up to date register of all Transition, Committed Transformation and Future Transformation issues including, without limitation, identifying and detailing the technical, commercial and delivery risks of Transition, Committed Transformation and Future Transformation.
1.2.3
The Service Provider shall identify risk mitigation strategies, take preventative measures, manage the Transition, Committed Transformation and Future Transformation risk register(s) created pursuant to paragraph 1.2.2 above, and develop contingency plans consistent with a prudent approach to management of Transition, Committed Transformation and Future Transformation and in accordance with Good Industry Practice, and to enable the Service Provider to meet the applicable Milestones in the event that a Transition, Committed Transformation and/or a Future Transformation risk materialises. In such event, such risk shall be managed in accordance with paragraphs 6 and 7 of this Schedule as applicable.
1.2.4
The Service Provider shall identify to the Customer on an ongoing basis throughout the process of Transition, Committed Transformation and Future Transformation, any relevant risk mitigations that the Service Provider believes the Customer can help to mitigate. This will include any risks identified by the Customer, for example, risks identified by the Customer in other Customer programmes. The Customer shall only be responsible for risk mitigation activities identified in the risk register that the Customer agrees are within its control and that are identified as Customer Dependencies at the time of agreeing the mitigation.
1.3
Resources




Unless expressly stated otherwise in this Agreement as a Customer Dependency specific to Transition or Transformation, the Service Provider will provide all of the Equipment, Software and other resources as are necessary to implement the Transition, Committed Transformation and/or Future Transformation. Save to the extent specifically set out in Schedule 10 (Pricebook, Charges and Invoicing), the Service Provider shall do this at no additional charge to the Customer.
1.4
Restrictions on Future Transformation
The Service Provider will perform Future Transformation in accordance with the following (together with any other restrictions specified in this Agreement):
1.4.1
subject to changes made to the Future Transformation Documentation in accordance with paragraph 1.5.4, changes will conform to the Contract Change Control Procedure;
1.4.2
the Service Provider must provide no less than two (2) weeks’ prior notice to the Customer’s nominated representative before the planned start date of Future Transformation Services at a Customer Location; and    
1.4.3
Future Transformation Services will be subject to the Customer’s change freeze calendar (if any) in force as at the applicable Services Commencement Date and notified to the Service Provider. Where the Customer changes the freeze calendar, any resulting impact on the Future Transformation Services shall be agreed through the Contract Change Control Procedure.
1.5
Transition, Committed Transformation and Future Transformation Documentation    
1.5.1
Appendix 8-A (Transition and Committed Transformation Deliverables, Dependencies and Milestone Dates) sets out the following as of the Effective Date:    
(i)
the agreed Milestone Dates applicable to Transition and Committed Transformation;
(ii)
which of those dates are designated as “Key Milestones”;
(iii)
the key deliverables to be delivered during Transition (and, to the extent relevant, Committed Transformation) to demonstrate that the Service Provider is equipped to take on the provision of the relevant element of the Services;
(iv)
certain transition tasks to be performed by the Service Provider as part of Transition (the “Transition Tasks”) and Committed Transformation (the “Committed Transformation Tasks”);
(v)
the Customer Dependencies to be performed by the Customer in respect of Transition and Committed Transformation, in addition to those in Schedule 4 (Customer Dependencies);
(vi)
the Acceptance Criteria applicable to confirming each Transition Task and Committed Transformation Task and that Transition and Committed Transformation has been completed and the Service Provider is ready to commence the provision of the Services and Key Milestones; and    
(vii)
the high level Acceptance Test process to be complied with to confirm that each Transition Task and/or Committed Transformation Task and the applicable aspect of Transition, Committed Transformation or a Key Milestone meets the applicable Acceptance Criteria (such process to be set out in further detail in the Deliverable Acceptance Document).    
1.5.2
Appendix 8-B (Future Transformation Principles) sets out key principles which will apply to any Future Transformations.    




1.5.3
The “Transition, Committed Transformation and Future Transformation Documentation” will include the documents referred to in paragraphs 1.5.1 and 1.5.2 along with such other documentation as is agreed between the Parties during Transition, Committed Transformation and Future Transformation including pursuant to paragraph 7.2.
1.5.4
Subject always to paragraph 3.2.2, either Party will be entitled to propose changes to the Transition, Committed Transformation and Future Transformation Documentation. Whether the Customer or the Service Provider propose the change to the Transition, Committed Transformation and Future Transformation Documentation, the Service Provider will create a first draft of the amended Transition, Committed Transformation and Future Transformation Documentation and the Service Provider will submit such first draft to the Customer within ten (10) Business Days of the change being proposed. The Customer will consider the draft of the proposed change and, within ten (10) Business Days of the receipt of the proposed change, provide comments on the draft change to the Service Provider. The Service Provider will produce a final version of the Transition, Committed Transformation and Future Transformation Documentation based on the Customer’s comments and as agreed between the Parties. Notwithstanding this paragraph 1.5.4, either Party may require any change to the Transition, Committed Transformation and Future Transformation Documentation to be made in accordance with the Schedule 13 (Contract Change Control Procedure).    
1.5.5
Notwithstanding paragraph 1.5.4, until completion of both Transition and then Future Transformation, the Service Provider will maintain the Transition, Committed Transformation and Future Transformation Documentation so that the Transition, Committed Transformation and Future Transformation Documentation remains up to date and continues to address the impact of issues identified by either Party.
2.
DEPENDENCIES    
2.1
Customer Dependencies     
2.1.1
The Customer will use Commercially Reasonable Efforts to perform the Customer Dependencies related to Transition, Committed Transformation or Future Transformation (as applicable) by the times specified in Appendix 8-A (Transition and Committed Transformation Deliverables, Dependencies and Milestone Dates) or a SOW agreed in respect of a Future Transformation, or if a time is not specified, within a reasonable period, both Parties having consulted with each other regarding what would be a reasonable period of time in the circumstances. If the Customer fails to meet a Customer Dependency, despite using its Commercially Reasonable Efforts, then clause 21 (Customer Dependencies) of the Agreement applies.    
2.1.2
As of the Effective Date, the Customer Dependencies related to Transition and Committed Transformation are listed in full in Parts A and B of Appendix 8-A (Transition and Committed Transformation Deliverables, Dependencies and Milestone Dates) respectively. As at the Effective Date there are no Future Transformations.    
2.2
Changes to the Customer Dependencies    
2.2.1
In producing the first draft of any change to the Transition, Committed Transformation and Future Transformation Documentation in accordance with paragraph 1.5.4, the Service Provider will articulate any obligations on the Customer or any changes required to the Customer Dependencies specified in the original Transition, Committed Transformation and/




or Future Transformation Documentation (including their timing). Any such proposed change will be subject to the Customer’s agreement (not to be unreasonably withheld and to be made in accordance with the criteria set out in paragraph 1.5.4) and the Customer will notify the Service Provider whether it agrees to the proposed change when providing comments on the first draft of the changes to the relevant Transition, Committed Transformation and Future Transformation Documentation in accordance with paragraph 1.5.4.
2.2.2
Without prejudice to its duty to perform the Customer Dependencies agreed as at the Effective Date, the Customer will only be required to perform additional Customer Dependencies if it has agreed such Customer Dependencies pursuant to the Contract Change Control Procedure. In reviewing potential new or additional Customer Dependencies, the Parties recognise that given the due diligence undertaken by both the Service Provider and the Customer, the Customer can only be expected to perform new or additional Customer Dependencies where:
(i)
they can practically be performed by the Customer (or an existing subcontractor of the Customer); and    
(ii)
such additional Customer Dependencies would not have been reasonably contemplated by the Parties at the point at which the applicable Customer Dependencies set out in, as applicable Parts A and B of Appendix 8-A (Transition and Committed Transformation Deliverables, Dependencies and Milestone Dates), or a SOW in respect of Future Transformations were agreed.    
2.2.3
Not used.    
2.2.4
If the Customer is to perform any additional Customer Dependencies then it will perform such Customer Dependencies within the agreed timescale.    
2.3
Failed Customer Dependencies     
2.3.1
If the Customer fails to perform a Customer Dependency by the relevant time, then the provisions of clause 21 (Customer Dependencies) of the Agreement shall apply.    
3.
MILESTONE DATES
3.1
Milestone Dates    
3.1.1
Unless adjusted in accordance with paragraph 3.2:
(i)
the overall Milestone Dates applicable to Transition will be as specified in the Transition Plan;     
(ii)
the overall Milestone Dates applicable to Committed Transformation will be as specified in the Committed Transformation Plan; and    
(iii)
the overall Milestone Dates applicable to Future Transformation will be as specified in the applicable SOW.     
3.1.2
The terms of clause 5 (Delay) of the Agreement shall apply to the provision of Transition, Committed Transformation and Future Transformation activities by the Service Provider.     
3.2
Changes to Milestone Dates    




3.2.1
Either Party may propose changes to the Future Transformation Milestone Dates in accordance with the process for changing the Transition, Committed Transformation and Future Transformation Documentation set out in paragraph 1.5.4.
3.2.2
The Parties recognise however that the timing of Transition is such that Changes to the Milestone Dates for Transition and/or Committed Transformation may only take place in exceptional circumstances by reference to the Contract Change Control Procedure.     
3.3
Transition and Committed Transformation Schedule    
3.3.1
The Service Provider will comply with the schedule for Transition and Committed Transformation set out in the Transition Plan and Committed Transformation Plan. The Service Provider recognises the crucial importance of a timely and effective Transition and Committed Transformation process.    
3.3.2
The Service Provider agrees that without prejudice to any other rights or remedies of the Customer any failure by the Service Provider to fulfil any of its obligations with respect to Transition in accordance with the dates set out in the Transition Plan and Committed Transformation Plan shall be dealt with in accordance with clauses 5 (Delay) and 10.1 to 10.4 (LDs, Saving Commitments and Holdback) of the Agreement.
3.4
Scheduling of Future Transformation Services     
3.4.1
The order in which the Transformable Services are to be Transformed from time to time by the Service Provider will be agreed between the Parties.
3.4.2
The Service Provider agrees that without prejudice to any other rights or remedies of the Customer any failure by the Service Provider to fulfil any of its obligations with respect to Future Transformation in accordance with the dates set out in the relevant Transformation Plan shall be dealt with in accordance with clause 5 (Delay) of the Agreement and that, in addition, the Parties may agree through the Contract Change Control Procedure that Liquidated Damages or Service Credits may apply in relation to failures to achieve Key Milestones for Future Transformation on a case by case basis.     
3.4.3
Except as set out in this Schedule, the Service Provider will follow the Transformation Plan forming part of the Future Transformation Documentation in scheduling Future Transformation Services and any change to this list will be subject to the Customer’s approval, such approval not to be unreasonably withheld.     
3.4.4
If the Customer requires a change in accordance with this paragraph 3.4, then:
(i)
the Service Provider will use Commercially Reasonable Efforts to re-schedule the activity as requested;
(ii)
any change to the Future Transformation Milestone Date resulting from the change will be made in accordance with paragraph 3.2; and
(iii)
any change to the Charges will be made in accordance with Schedule 13 (Contract Change Control Procedure).    
3.5
Changes to Future Transformation Rates    




3.5.1
The Customer may, from time to time, require the Service Provider to freeze or reduce the rate of Future Transformation.    
3.5.2
If the Customer requires the Service Provider to freeze or reduce the rate of Future Transformation, then if such freeze or reduction was due to a failure in Future Transformation by the Service Provider, including:    
(i)
repeated failures in Transforming the Transformable Service that have not yet been resolved; or    
(ii)
a problem with the Transformed Services that has not yet been resolved,    
then the Future Transformation Milestone Dates will be changed as a result of such freeze or reduction but there will be no impact on the Charges, except as provided for in clause 5 (Delay) of the Agreement. Otherwise, any changes to the Future Transformation Milestone Dates will be addressed in accordance with paragraph 3.2.
3.5.3
The Customer reserves the right, acting reasonably, to freeze Future Transformation if any of the Future Transformation Acceptance Tests have not been successfully completed, and the Customer is of the reasonable opinion that to continue with Future Transformation before such Future Transformation Acceptance Tests have been successfully completed would cause an unacceptable level of adverse impact on the Customer’s business.    
4.
ACCEPTANCE TESTING    
4.1
General    
4.1.1
The Acceptance Criteria and Acceptance Tests for Transition and Committed Transformation (including those for each Transition and Committed Transformation Task) are set out in Parts A and B of Appendix 8-A (Transition and Committed Transformation Deliverables, Dependencies and Milestone Dates) respectively.
4.1.2
The Acceptance Criteria and Acceptance Tests for each Future Transformation Task (where applicable and agreed) and Key Milestones shall be agreed pursuant to the terms of Appendix 8-B (Future Transformation Principles).     
4.1.3
The objectives of performing the Acceptance Tests pursuant to this Schedule are:    
(i)
in relation to the Acceptance Tests for Transition: to verify that the Service Provider is able to commence the provision of the Services and, subject to any staff transfer that takes place pursuant to Schedule 17 (Human Resources Provisions), perform the in-scope activities being performed by the Customer resources involved in the provision of the services being replaced by the applicable Services
(ii)
in relation to either of the Acceptance Tests for Committed Transformation or the Future Transformation: to verify that the Transformable Services have been Transformed such that they meet the applicable Committed Transformation or Future Transformation Acceptance Criteria.
4.1.4
Prior to the occurrence of each Transition Milestone Date, Committed Transformation Milestone Date or, for Future Transformation, each Task Completion Date (where the Parties have agreed that the Service Provider will perform Future Transformation Acceptance Tests) and Future Transformation Milestone Date, the Service Provider will develop and submit to the Customer, for the Customer’s comment, such comment to be provided within five (5) Business Days, a final version of the relevant Acceptance Test Plan. The plan will detail the Acceptance Tests to be performed and the associated Acceptance Criteria for the same.    




4.2
Acceptance Tests    
4.2.1
For each of Transition, Committed Transformation and Future Transformation, the Service Provider will perform the Acceptance Tests and the Customer may elect to attend any such Acceptance Tests.    
4.2.2
The Service Provider will complete such Acceptance Tests in accordance with the agreed Acceptance Test Plan and the relevant Acceptance Criteria, to demonstrate that:    
(i)
all functions, features and / or facilities provided by the Services are operating in accordance with the applicable requirements set out in the applicable Description of Services (which, where the Acceptance Tests related to Future Transformation, may have been amended to reflect the intended outcome of the Future Transformation Services concerned);     
(ii)
the relevant Services perform in accordance with any applicable Performance Standards;     
(iii)
it has no negative impact (other than as agreed in the Acceptance Criteria) on the wider Customer Environment; and    
(iv)
the security requirements are being met in accordance with Schedule 7 (Security – IT and Physical).    
4.2.3
The Acceptance Test for stage one testing will take place on the dates and at the times set out in the Deliverable Acceptance Documents and on the dates agreed between the Parties following stage one Acceptance for all subsequent test stages.     
4.2.4
The Service Provider will record the results of all Acceptance Tests performed.    
4.2.5
Other than any tools or resources to be provided by the Customer as part of the Customer Dependencies, the Service Provider will provide appropriate Tools and other resources required to complete the Acceptance Tests at its own cost.    
4.2.6
Within five (5) Business Days of each Acceptance Test, the Service Provider will provide to the Customer a report summarising the results of the relevant Acceptance Test including a detailed description of any failure to meet the relevant Acceptance Criteria and any remedial action taken.     
4.2.7
Within five (5) Business Days of receiving a report from the Service Provider pursuant to paragraph 4.2.6 which states that the relevant Acceptance Test was passed, the Customer will review the results and having satisfied itself, in its reasonable opinion, that the Acceptance Criteria have been met, the Customer will provide written confirmation to the Service Provider whether:    
(i)
the relevant Transition Task or Committed Transformation Task (where applicable and agreed);    
(ii)
the Transition of the applicable element of the Services (if applicable);     
(iii)
the relevant Future Transformation Task (where applicable and agreed); or     
(iv)
Key Milestone,
has been accepted or if the applicable Acceptance Test has not been passed. If it has not been passed, the Customer’s notice of any failure shall provide a description of the failure in a manner reasonably sufficient to allow the Service Provider to identify it.




4.2.8
Where the Customer has failed to sign off the Deliverable Acceptance Document for the Transition of the relevant element of the Services (if applicable), Task (where applicable and agreed) or Key Milestone (whether or not the relevant item has passed the relevant Acceptance Tests) within five (5) Business Days of the due date for Acceptance, the Service Provider may write to the Customer requesting such notice within five (5) Business Days, making clear that the Transition of the relevant element of the Services (if applicable), Task (where applicable and agreed) or Key Milestone identified in its notice shall be deemed to have been accepted if the Customer’s written notice is not received within the following five (5) Business Days. If such notice is still not forthcoming at the end of this period, the Transition of the relevant element of the Services (if applicable), Task (where applicable and agreed) or Key Milestone identified in the notice shall be deemed to have been accepted and the Service Provider shall be entitled to invoice for any payments made conditional upon achieving such acceptance. Such deemed acceptance shall however be without prejudice to the Customer’s rights in respect of any latent defects later discovered in the relevant items which could not reasonably have been discovered by the Customer, had its anticipated Acceptance Tests of the relevant Deliverable or Milestone been completed.    
4.3
Failure of an Acceptance Test    
4.3.1
If an Acceptance Test is not passed, the Service Provider will investigate the cause of the failure at its own cost and expense.     
4.3.2
If an Acceptance Test is not passed, then the Service Provider will provide the Customer (or the Customer will provide the Service Provider, in the event that the Customer regards the Acceptance Test as failed pursuant to paragraph 4.2.6) with written details of why the Acceptance Test was failed and the Customer shall designate the failure in the Customer’s reasonable opinion as either “minor” or “material”.    
4.3.3
If a failure is designated “minor”, then the Deliverable or Milestone shall be deemed to be accepted, but the failure must be rectified by the Service Provider free of charge within ten (10) Business Days, and to the Customer’s reasonable satisfaction unless otherwise agreed by the Parties. However, the Customer reserves the right to withhold acceptance under this section if the aggregate number of minor failures exceeds either the level agreed for any given Deliverable or Milestone or, in the absence of such agreement, the level that the Customer, acting reasonably, deems to be appropriate, bearing in mind the scope, complexity and importance of the matters being subject to the Acceptance Test concerned.    
4.3.4
If a failure is designated “material”, then the Customer shall have the option on written notice either to (as applicable) reject the Transition of the relevant element of the Services (if applicable), Task (where applicable and agreed) or Key Milestone until the failure is rectified or to accept the Transition of the relevant element of the Services (if applicable), Task (where applicable and agreed) or Key Milestone in accordance with paragraph 4.3.5 below. If the Customer elects not to accept a failed Acceptance Test pursuant to clause 6.8, the Service Provider will promptly correct any such failures free of charge to the Customer. When it believes that it has made the necessary corrections, the Acceptance Test will be repeated in accordance with paragraph 4.2.1. If the Service Provider fails to secure acceptance within four (4) weeks of first commencing the same (or such other time period as is agreed in writing by the Parties, provided always that in the case of Future Transformation, agreement to longer time frames suggested by the Service Provider shall be at the Customer’s sole and absolute discretion), the Customer may:    




(i)
if the failure relates to Transition or Committed Transformation, terminate this Agreement in whole or in part pursuant to clause 36 of the Agreement; or     
(ii)
if the failure relates to a Future Transformation, paragraph 4.4 below shall apply.    
4.3.5
If the Customer elects to accept any aspect of Transition, Committed Transformation or Future Transformation that has not passed its applicable Acceptance Tests notwithstanding that a “material” failure exists within the same, such acceptance shall be conditional on the Parties’ Transition, Committed Transformation or Future Transformation Managers (as applicable) meeting and:    
(i)
in the case of Transition or Committed Transformation agreeing an equitable basis of compensation for the Customer to reflect such failure; and    
(ii)
such reductions shall be without prejudice to the Customer’s rights and remedies which accrued prior to the Customer’s acceptance including, in the case of Future Transformation, the payment of any liquidated damages or Service Credits related to late achievement of a Future Transformation Milestone.    
4.3.6
The Service Provider will not commence performance of the Services (and accordingly the Service Commencement Date shall be delayed and Transition shall not be completed) until:
(i)
the Transition Acceptance Tests and all applicable Committed Transformation Acceptance Tests are passed and approved by the Customer in accordance with paragraph 4.2.7 or 4.2.8 (or the Customer accepts the Transition or Committed Transformation Milestone in accordance with paragraph 4.3.5); or
(ii)
the Customer otherwise approves the commencement of the Services (which approval shall be granted at the Customer’s sole and absolute discretion).    
4.3.7
The Service Provider will not commence performance of the Transformed Services until:    
(i)
the Future Transformation Acceptance Tests are passed and approved by the Customer in accordance with paragraph 4.2.6 or 4.2.8 (or the Customer accepts the Transformed Services in accordance with paragraph 4.2.7); or
(ii)
the Customer otherwise approves the commencement of the Transformed Services (such approval not to be unreasonably withheld).    
4.3.8
If the Service Provider is prevented from completing an agreed element of Transition, delivering a Task or Key Milestone and the same is excused pursuant to clauses 31 (Force Majeure) or 21 (Customer Dependencies) of the Agreement, then:     
(i)
the Customer will, having consulted with the Service Provider and acting reasonably, extend the date for delivery of the same by a reasonable period that reflects the impact of such Force Majeure Event or failure and the Service Provider will deliver the same by such revised date; or    
(ii)
in the case of the commencement of the Services on the applicable Milestone Dates for Transition, Committed Transformation and/or Future Transformation, the Service Provider will commence performing on such Milestone Date (as applicable), those Services or Transformed Services (as applicable) that it is able to perform and will continue performing the Services in accordance with, as relevant, clauses 31 (Force Majeure) or 21 (Customer Dependencies) of the Agreement.    
4.3.9
The Service Provider will demonstrate to the Customer’s reasonable satisfaction (via the passing of Acceptance Tests in respect of Key Milestones) prior to the relevant Milestone Date applicable to:    




(i)
Transition and/or Committed Transformation that all relevant Tasks or Key Milestones have been met and it is ready to perform the relevant aspect of the Services and is confident the internal Customer function and / or Outgoing Service Provider provided function (as applicable) may cease its provision of the services to be replaced by the Services; and    
(ii)
Future Transformation that all relevant Tasks or Key Milestones (including any applicable Future Transformation Milestone Dates) have been met and that it is ready to commence performing the relevant Transformed Services.    
4.4
Failure to Meet Milestone Dates     
4.4.1
If a Key Milestone has not passed the applicable Acceptance Tests by the relevant Milestone Date (as such Milestone Date may be extended in accordance with paragraph 3.2), then: without prejudice to the Customer’s other rights and remedies under this Agreement, including the right to seek to recover as damages any incremental costs it may have incurred arising due to the delay pursuant to the terms of this Agreement, the Service Provider will provide such additional resources as are reasonably necessary to complete the same as soon as reasonably possible thereafter.    
5.
TRANSITION AND COMMITTED TRANSFORMATION PLAN IMPLEMENTATION    
5.1
General    
5.1.1
Without prejudice to the generality of its obligations under this Schedule the Service Provider will:    
1.
implement the Transition and Committed Transformation Plan and perform all Transition Services and Committed Transformation Services in accordance with the timeframes specified in the Transition and Committed Transformation Plan including the Milestone Dates;    
2.
work constructively with the Customer, and relevant third parties to implement the Transition and Committed Transformation Plan; and    
3.
appoint a dedicated team of Service Provider Personnel to support and manage Transition and Committed Transformation and ensure that that team continues to be involved and available as required to assist with post-Transition queries and issues that arise after the Service Commencement Date. The Service Provider agrees that without prejudice to the generality of its obligation under this paragraph iii), certain Service Provider Personnel involved in Transition and Committed Transformation have been identified as Key Personnel in Schedule 18 (Key Personnel) (or will be so identified pursuant to its terms) and that such Key Personnel shall be subject to a minimum assignment period that covers the entire period of Transition and the period of twelve (12) Months following the applicable Service Commencement Date.    
5.2
Transition Managers    
The Service Provider shall appoint suitably qualified “Transition Managers”, provided that the Customer has a right to veto the Service Provider’s proposed appointment in accordance with clause 15 (Personnel) of the Agreement. The Transition Managers shall also manage the provision of Committed Transformation. While certain individual Transition Managers may be designated “Committed Transformation Managers”, references to Transition Managers in this Schedule shall be deemed to include any individual appointed as a Committed Transformation Manager, albeit such individuals shall also comply with all obligations identified herein as applying to Transformation Managers.
The Transition Managers shall:    
5.2.1
assure the planning and management of Transition and Committed Transformation;     




5.2.2
ensure buy in for the Transition and Committed Transformation at all levels of the Service Provider;    
5.2.3
provide input and guidance in relation to the Transition and Committed Transformation planning process;    
5.2.4
work with the Customer’s Transition Manager(s) to identify and ensure delivery of all contractual Deliverables during the Transition period and, if different any applicable Committed Transformation period;     
5.2.5
work with the Customer’s Transition Manager(s) to apply Transition and Committed Transformation assurance and budget management controls;    
5.2.6
ensure that any Service Provider resources required for Transition and Committed Transformation are made available;    
5.2.7
keep the Service Provider management apprised of progress, risks, issues and exceptions;     
5.2.8
be responsible for the Service Provider's performance of the Transition Services and the Committed Transformation Services, which shall include:    
(i)
responsibility for the day to day management of the Transition Services and the Committed Transformation Services;    
(ii)
management and the production of the required activity plans (which shall be consistent with and support the Transition and Committed Transformation Plans) and any updates to the Transition and Committed Transformation Plans and / or this Agreement resulting from the Transition Services and the Committed Transformation Services;
(iii)
management, direction and motivation of the Transition and Committed Transformation team(s);    
(iv)
progressing and monitoring the Transition Services and the Committed Transformation Services and completing within budget;    
(v)
management of Transition and Committed Transformation risks, including the development of contingency plans;    
(vi)
responsibility for overall progress and for the use of resources, and initiation of corrective action where necessary;    
(vii)
responsibility for Changes which impact on Transition and Committed Transformation including, where required, the management of the same pursuant to the process referred to at paragraph 1.5.4 above and/or the Contract Change Control Procedure;
(viii)
liaising with the [***] or its appointed project assurance roles to assure the overall direction and integrity of the Transition and Committed Transformation;     
(ix)
preparation of Transition and Committed Transformation closedown documentation and agreement of the same with the Transition and Transformation Services Board;
(x)
responsibility for planning and control of the Transition Services and the Committed Transformation Services and transfer of services from the Customer, its subcontractors and any Outgoing Service Providers to the Service Provider;    
(xi)
responsibility for Transition and Committed Transformation administration;    




(xii)
ensuring that the Service Provider fully engages in all communications relating to Transition and Committed Transformation;    
(xiii)
liaising with the Customer, any Outgoing Service Providers and any other of the Customer’s third party suppliers or account managers; and    
(xiv)
liaise as necessary (which shall be at least weekly) with the Customer’s Transition Manager.    
5.3
Key Transition Obligations    
(i)
During the Transition period, the Service Provider shall carry out its obligations specified elsewhere in this Agreement as obligations that are to be carried out during the Transition period including:    
(ii)
ensuring that the requirements of Appendix 8-A (Transition and Committed Transformation Deliverables, Dependencies and Milestone Dates) are carried out in a timely manner and in any event in accordance with the timescales specified therein;     
(iii)
ensuring that the Services can be performed in accordance with Schedule 2 (Service Descriptions) on or before relevant Service Commencement Date.    
(iv)
producing a first draft of the Exit Plan in accordance with Schedule 15 (Exit Plan and Service Transfer Arrangements), such Exit Plan to be updated within ninety (90) days of each Service Commencement Date and submitted to the Customer in accordance with paragraph 2.1 of Schedule 15 (Exit Plan and Service Transfer Arrangements); and     
(v)
undertaking the other service performance management readiness activities reasonably required to meet the requirements of Schedule 3 (Service Levels and Service Credits),    
In addition, the general obligations of the Parties as set out in this Agreement shall (for the avoidance of doubt), apply during Transition and Committed Transformation unless it is expressly specified that a specific obligation is to take effect at a later date. Where the Service Provider is obliged to agree details of any element of the Services, the Performance Standards, Service Measures, Service Levels, Service Credits, KPIs, and / or any other matter with the Customer, the Parties agree to act reasonably and to ensure that any of their requirements are consistent with the terms of the applicable part of this Agreement (including, in particular, Schedule 3 (Service Levels and Service Credits)) and Good Industry Practice.    
6.
TRANSITION AND COMMITTED TRANSFORMATION SPECIFIC GOVERNANCE    
6.1
Introduction    
6.1.1
Schedule 12 (Governance and Service Management) sets out the joint governance structures that apply to this Agreement. This paragraph 6 defines additional governance arrangements relating specifically to the Transition Services and the Committed Transformation Services and which shall apply during Transition and Committed Transformation only.    
6.1.2
The Parties agree that for Future Transformation and for project management related aspects of Transition and Committed Transformation, paragraph 7 shall apply also.
6.2
Transition and Transformation Services Board    
6.2.1
The Transition and Transformation Services Board is the forum where representatives of the Customer (including the Customer’s Transition Manager), the Service Provider and other relevant third parties (as appropriate) meet to review the Transition Services and the Committed Transformation Services. The Transition and Transformation Services Board




shall be chaired by the Customer’s overall Transition Manager or the Customer’s senior manager.
6.2.2
The Service Provider representation at the Transition and Transformation Services Board shall, as a minimum, be the relevant Service Provider's Transition Manager, the relevant Service Provider Service Delivery Manager, and other Service Provider Personnel as required for the effective operation of the Transition Services Board or specifically requested by the Customer.    
6.2.3
The Service Provider shall produce Transition Services and Committed Transformation Services progress reports (the format and content of which shall be agreed by the Parties, such agreement not to be unreasonably withheld or delayed) and issue these to the relevant Customer’s Transition Manager at least three (3) Business Days prior to each meeting of the Transition and Transformation Services Board.    
6.2.4
The aims of the Transition and Transformation Services Board are to:    
(i)
review progress of the Transition Services and the Committed Transformation Services;    
(ii)
identify and resolve Transition Services and Committed Transformation Services related issues;    
(iii)
identify and plan for the mitigation of risks associated with the Transition Services and the Committed Transformation Services;    
(iv)
review Change Requests related to Transition Services and Committed Transformation Services;    
(v)
track developments and changes arising in relation to the Transition and Committed Transformation from events outside the Transition and Committed Transformation Plans and Transition Services and Committed Transformation Services;    
(vi)
provide overall direction and guidance to the Transition Services and the Committed Transformation Services;    
(vii)
accept the closure of the Transition Services and the Committed Transformation Services once all Milestones have been concluded to the reasonable satisfaction of the Customer and all related issues resolved; and
(viii)
inform the Steering Committee of the acceptance and completion of all Transition Services and Committed Transformation Services and request the approval of the Steering Committee to close the Transition and Transformation Services Board based on the acceptance and completion of Transition and completion of Transition Services and Committed Transformation Services.    
6.2.5
The Transition and Transformation Services Board will:    
(i)
provide assurance that the Transition and each Committed Transformation project initiation document complies with relevant Customer standards;    
(ii)
allocate responsibility for mitigating major Transition Services and Committed Transformation Services risks to the appropriate Customer or Service Provider owner;
(iii)
subject always to paragraph 2.3 of this Schedule consider material deviations from the Transition and Committed Transformation Plans;    
(iv)
monitor progress against the plan through Transition Manager reporting;    




(v)
consider requests for Changes, risks and issues. Subject to the Contract Change Control Procedure, make decisions as required and confirm Transition and Committed Transformation priorities; and    
(vi)
formally agree all Transition Services and Committed Transformation Services communications.    
6.2.6
As Transition and Committed Transformation progresses, the Transition and Transformation Services Board will:
(i)
provide overall guidance and direction to the Transition Services and Committed Transformation Services;    
(ii)
provide an escalation point through exception management. Where one or more of the Milestones is or are likely to be impacted, the Customer and Service Provider Transition Managers will notify the Transition and Transformation Services Board and work together in good faith to agree a course of action; and    
(iii)
communicate with all impacted areas.    
6.2.7
The Transition and Transformation Services Board shall meet at least (as directed by the Customer) every two (2) weeks at the Customer Site (as directed by the Customer). Where so designated by the Customer, the Transition and Transformation Services Board may be split into boards to supervise Transition itself and another to supervise individual Committed Transformation projects or Tasks.    
6.2.8
If the Service Provider notifies the Customer in writing (which for these purposes includes notification by email) that the meeting of the Transition and Transformation Services Board is such that it requires excessive focus of the Service Provider's Transition Manager and Service Personnel who are part of Transition and Committed Transformation teams such that the Service Provider's management and progress of Transition and Committed Transformation is impeded or is in danger of being impeded, then both Parties shall, within two (2) Business Days of receipt of such notification, agree to an alternative frequency of meetings and reporting.    
7.
MANAGEMENT OF TRANSITION, COMMITTED TRANSFORMATION AND FUTURE TRANSFORMATION    
7.1
Future Transformation Managers    
Where Future Transformations are agreed:
7.1.1
The Service Provider will appoint a senior project executive who will have overall responsibility for the management, performance and delivery of Future Transformation and who will be a dedicated escalation point of contact for the Customer in respect of Future Transformation (“Service Provider Future Transformation Manager”). The Service Provider will also appoint senior project executives to have overall responsibility for the management, performance and delivery of each Future Transformation project (as appropriate).    
7.1.2
The Customer will appoint a dedicated contact point for Future Transformation in general and separate dedicated contact points for each Future Transformation project (each a “Customer Future Transformation Manager”).    




7.1.3
Both Parties will use Commercially Reasonable Efforts to procure that any Future Transformation issues or disputes are resolved promptly by the relevant Service Provider Future Transformation Manager and the relevant Customer Future Transformation Manager, but any disputes that cannot be resolved will be dealt with in accordance with clause 49 (Dispute Resolution) of the Agreement.     
7.1.4
From not later than ten (10) Business Days after the Effective Date, the Service Provider will establish and provide a project office that will initially be led by the Service Provider’s Transition Manager and then, following the Services Commencement Date be led by the Service Provider Future Transformation Manager, with a team sufficiently staffed and experienced to manage Transition and Committed Transformation related projects (which shall mean those Transition and Committed Transformation Tasks and aspects of Transition and Committed Transformation Tasks as require such a level of management or are otherwise required by the Customer to be managed pursuant to the terms of this paragraph 7) and then the Future Transformation Services.    
7.2
Managing and Monitoring Transition, Committed Transformation Projects and Future Transformation    
7.2.1
The Service Provider will be responsible for managing, monitoring and implementing all Transition and Committed Transformation related projects and Future Transformation, including:     
(i)
producing detailed project definition reports for each defined project, including:    
(a)
holding project definition workshops;    
(b)
producing draft project definition reports;    
(c)
agreeing project definition reports;    
(d)
producing draft Deliverable Acceptance Documents; and    
(e)
agreeing final Deliverable Acceptance Documents;    
(ii)
proactively identifying, monitoring and managing any significant risks or issues in relation to all Transition and Committed Transformation related projects and Future Transformation, including:    
(a)
developing a risk mitigation plan for risks identified through Future Transformation;    
(b)
instituting formal risk mitigation strategies;     
(c)
taking appropriate preventive measures including by identifying and highlighting to the Customer where additional Customer Dependencies may be required and/or where a specific action (e.g. ensuring attendance of a third party at a meeting) already captured by a general Customer Dependency needs to take place; and    
(d)
developing contingency plans for rapid recovery from actual or potential incidents.     
(iii)
managing (including project managing), coordinating and planning all aspects of all Transition and Committed Transformation related projects and Future Transformation (whether performed by the Service Provider or a Subcontractor, the Customer or any third party);    
(iv)
monitoring progress of all Transition and Committed Transformation related projects and Future Transformation related tasks and responsibilities (whether the responsibility of the Service Provider




or a Sub-Contractor, the Customer or any third party) against the Transition Plan or relevant Transformation Plan (as applicable) and promptly escalating to the Customer any failures (or potential failures) to perform any tasks or responsibilities, including failures or potential failures by the Customer to perform the Customer Dependencies or by third parties;     
(v)
assisting in resolving any incidents or problems arising with respect to all Transition and Committed Transformation related projects and Future Transformation;     
(vi)
defining an escalation process to be used if there is a failure in any part of all Transition and Committed Transformation related projects and Future Transformation (which for Transition and Committed Transformation Projects shall be defined by reference to the processes set out in paragraph 6);
(vii)
establishing as soon as practicable, the necessary communications and interfaces between the Service Provider, Sub-Contractors, the Customer and third parties performing services that will be replaced by the Services on the relevant Planned Milestone Date; and    
(viii)
where workshops are needed as a tool to deliver Transition and Committed Transformation related projects or Future Transformation, initiating, administering and leading the workshops (including providing the Customer with advance notice of the timing, location and proposed agenda for such workshops, as appropriate).    
7.2.2
The Service Provider’s management and implementation of Transition and Committed Transformation related projects or Future Transformation will be subject to the Customer’s approval (not to be unreasonably withheld or delayed) and reasonable directions. The Customer may, at the Customer’s option, monitor, test and otherwise participate in Future Transformation.    
7.2.3
Future Transformation shall be governed pursuant to Paragraph 4 (ITO Operational Governance) of Schedule 12 (Governance and Service Management) through the ITO Delivery Board.
7.3
Reports    
The Service Provider will provide the Future Transformation reports identified as being required in each applicable SOW. In addition, the Service Provider will provide the Customer weekly during Transition and then during any period of Future Transformation with a detailed progress report that describes the following:    
7.3.1
an executive level summary of the Transition, Committed Transformation or Future Transformation progress to date, including an updated summary project plan and project highlights;    
7.3.2
an updated Gantt chart detailing the status of all Transition, Committed Transformation or Future Transformation activities;    
7.3.3
a listing of all Transition, Committed Transformation or Future Transformation Milestone Dates, including estimated time to completion, days overdue, contract completion date, actual completion date and comments and a RAG report;    
7.3.4
a listing of all unresolved issues related to the execution of the Transition Plan or any Transformation Plan, including the applicable Customer Dependencies, along with due date, priority, responsible party, and an assessment of the potential and actual business impact and the impact on the Transition Plan or Transformation Plan;     




7.3.5
any risks and issues identified in accordance with paragraph 7.2.1(i) and the steps being taken to mitigate such risks; and    
7.3.6
a forward schedule of change.    
7.4
Meetings    
The Service Provider and the Customer Future Transformation Managers will meet on a weekly     basis (or as otherwise required by the Customer) during Future Transformation to review the     status of Future Transformation and to procure that the objectives of Future Transformation are     being met.    
8.
APPLICATION OF THE TRANSFER REGULATIONS     
8.1
Transfer Regulations on Entry    
The Parties acknowledge that the Transfer Regulations may apply on the commencement of     Services under this Agreement. The Parties will work together in good faith to manage the     implications of such application in accordance with the requirements of the Transfer     Regulations and Schedule 17 (HR Provisions).
9.
SUSPENSION
9.1
Where the Customer exercises its right to suspend the Transition Services and the Committed Transformation Services under clause 4.8 of the Agreement, and pursuant to clause 4.9, the following terms in this paragraph 9 shall apply (instead of clauses 4.10 and 4.11 of the Agreement).
9.2
In the event of suspension pursuant to clause 4.8 of the Agreement and where clause 4.9 applies:
9.2.1
the Service Provider shall immediately cease the affected Transition or Committed Transformation projects (as applicable);
9.2.2
where suspension takes place pursuant to clause 4.8.1 of the Agreement (suspension because of adverse impact):
(i)
the Service Provider shall continue to charge for the Transition or Committed Transformation team (as applicable) at the applicable Rate Card day rate until the work has restarted;
(ii)
the Customer shall have the right to require that any Transition or Committed Transformation work suspended pursuant to clause 4.8.1 re-start at any time provided that if the suspension is longer than one (1) month, at least one (1) week’s notice is required;
(iii)
Liquidated Damages and other remedies (including the right to recover committed savings pursuant to clause 10.3 of the Agreement) shall not apply during the period of delay caused by the suspension; and
(iv)
in the case of suspension of Transition work only, the Term and the right to recover Liquidated Damages for early termination pursuant to paragraph 25 of Schedule 10 (Pricebook, Charges and Invoicing) shall be extended by the length of the delay caused by the suspension;
9.2.3
where suspension takes place pursuant to clause 4.8.2 of the Agreement (suspension for breach):
(i)
[***];
(ii)
the Customer shall have the right to require that any Services suspended pursuant to clause 4.8.2 re-start at any time upon at least one (1) week’s notice (or two (2) weeks’ notice if the suspension continues for more than one (1) month); and




(iii)
the Service Provider shall engage in good faith discussions with the Customer in relation to potential resolutions of the breach giving rise to the suspension but, during the period of delay caused by the suspension the Customer agrees that the Service Provider shall be relieved from any duty to pay Liquidated Damages;
9.2.4
on restarting the provision of any suspended Transition or Committed Transformation work, the Parties shall agree revised Key Milestones (and any suspended Liquidated Damages shall apply to those revised Key Milestones) and project plans. In this regard the Parties agree that the default position will be that the Key Milestones and project plans will be moved by a period equal to the period of suspension (adjusted to reflect any additional or missed public holidays and/or amended Customer requirements/ constraints) unless either Party can demonstrate that a different basis of adjustment should apply. For the avoidance of doubt, Liquidated Damages and other contractual remedies shall apply to these new dates, once agreed; and
9.2.5
the period of suspension shall last no longer than three (3) months.





APPENDIX 8-A
TRANSITION AND COMMITTED TRANSFORMATION DELIVERABLES, DEPENDENCIES AND MILESTONE DATES

1PART A – TRANSITION    1
2Track 0 - Operational Readiness    4
3Track 1 - HR TUPE    9
4Track 2 - Application Management Transition plan    11
5Track 3 - Infrastructure Management    15
6Track 4 - Security Services    25
7Track 5 - Change Delivery and COE    33
8PART B – COMMITTED TRANSFORMATION    60
9[***] Implementation    61
10Cloud Migration    65
11Network Segmentation    71
12Automation    74
13[***] implementation    76
14[***] implementation    78
15[***] implementation    81

1
PART A – TRANSITION

The Service Provider has created detailed transition and committed transformation plans to support the delivery of the Key Milestones, based on the requirements of the Customer, as provided in the Service Provider final BAFO (Best and Final Offer) proposal and confirmed during our later discussions. With the timing requests of the Customer and understanding of its IT estate, combined with our extensive transition experience, we have provided the Customer with the safest and most effective possible transition.

The transition is divided into 5 main tracks, preceded by a planning and operational readiness track. This approach enables the effective organisation of knowledge acquisition from the vast Customer portfolio. Our 5 track plan for Customer Transition with Key Milestones is depicted in the figure below:

[***]
 
These tracks are explained further in the sections below.

The Key Milestones for Transition are set out herein within Part A Transition of this Appendix 8-A.  A detailed transition plan is set out in Appendix 8-C (Transition Plan) and is provided for information only.  The Transition Plan shall be managed by the Service Provider and shall be subject to version control, with any changes to the Transition Plan to meet the Milestones to be agreed in writing between the Service Provider Transformation Manager and the Customer project manager.  For the avoidance of doubt the Key Milestones take precedence over the Transition Plan and any change to Key Milestone dates are subject to the Contract Change Control Procedure. Key Milestones across all transition tracks that lead to service commencements are summarized in the table below.






Track
Milestone Code
Key Milestones
Service Commencement Date
Long stop Date
Track 2 – C

Application Management Transition
C2
[***]
[***]
[***]
C3
[***]
[***]
[***]
C4
[***]
[***]
[***]
Track 3 – D Infrastructure Management Transition
D2
[***]
[***]
[***]
D5
[***]
[***]
[***]
D6
[***]
[***]
[***]




Track 4 – E

Security Services Transition
E2
[***]
[***]
[***]
Track 5 – F

Change COEs
Transition
F0
[***]
[***]
[***]
F1
[***]
[***]
[***]
F2
[***]
[***]
[***]
F3
[***]
[***]
[***]
F4
[***]
[***]
[***]
F5
[***]
[***]
[***]

The Acceptance Criteria as applicable for Service Commencement Key Milestone completion as set out in Part A Transition will be subject to further discussion and will be agreed between the Parties acting in good faith during the Transition detailed planning phase.

Where a Customer Dependency in Appendix 8-A is triggered by a Service Provider activity or notice from the Service Provider is required prior to the Customer Dependency being performed then the Service Provider agrees that it shall provide such notice of completion of its activities or the requirement for the performance of the Customer Dependency as is reasonable in the circumstances so as to ensure that the Customer has sufficient time to mobilise its resources or otherwise perform the Customer Dependency.

Where it is stated that the Customer will approve something, the Customer shall only be obliged to do so where it agrees, such approval not to be unreasonably withheld or delayed.

2
Track 0 - Operational Readiness

This track includes the transition from the bid team to the transition, IT run and change teams, and the establishing of common services to support delivery of all the services.
2.1
A0 – Contract sign off

The Service Provider will ensure that the contract sign off process with the Customer is fully supported, and that all relevant information within the contract is made known to the relevant resources within the Service Provider delivery team during delivery team on-boarding.
2.2
A1 – Service Provider Team setup

[***]
2.3
A2 - Infrastructure and Service Provider Service Locations setup (August to September)

[***]    
2.4
A3 - Voice Connectivity:





[***]

2.5
A4 - Network Primary connectivity – MPLS     

[***]

2.6
The Service Provider shall support the development and implementation of the Customer stakeholder communication strategy and associated plan. This will include communication planning related to the Customer Third Party Providers.

2.7
The Service Provider shall work with the Customer to establish the contract governance as set out in Schedule 12 (Governance and Service Management).

2.8
Track 0 - Assumptions and Dependencies

Assumption: Customer physical and digital assets are appropriately classified and labelled, to allow Service Provider to plan appropriate security measure according to their respective classifications. In case of any gaps, the Parties shall work together (during pre-planning and Transition) to apply security classifications to physical and digital assets in conjunction with Customer security policy.
Dependency: The Parties will jointly agree detailed requirement for access to Customer’s system during detailed transition planning phase.
Dependency: The Customer will make available, to the extent available, all relevant Customer SMEs , documentation (including SoPs and Run Book), tools, databases and servers as reasonably required by the Service Provider both in advance of and during the Transition Phase subject to the Service Provider providing reasonable notice
Dependency: The Customer shall provide to the Service Provider all relevant Standard Operating Procedure documentation, application architecture and infrastructure architecture documentation that are available in accordance with the timescales set out in the Transition Plan agreed between the Parties.
3
Track 1 - HR TUPE

3.1
The high-level transition plan for rebadge (US) and TUPE transfer (UK) of employees is shown in the figure below. The transfer of employment to Service Provider coincides with the service commencement of each wave, however the activities of transition readiness and consultation for the UK will be completed prior to the 1st transfer (wave 1). The key phases involved are:

B0 - HR Due Diligence
provision of employment information and employment terms and conditions
Transition planning – preparation for offer letters (US) and TUPE consultation (UK)
Issue of measures letter – UK

B1 – Tupe Offer roll out
Offer process (US) and TUPE consultation (UK)
Communication and engagement activities – both geographies
Transfer letter (UK)

B2 – Employee Assimilation
On boarding (both geographies) – wave 1

B3 – Employee Assimilation
On boarding (both geographies) – wave 2





B4 – Employee Assimilation
On boarding (both geographies) – wave 3


aspen20itoschedule08a_image3.gif

3.2
Dependencies
Provision of information from the Customer as mutually agreed as part of the Transition Plan.
Agreement on offer basis and TUPE measures as mutually agreed as part of the Transition Plan
Agreement on TUPE scope if applicable for incumbent supplier employees within 2 weeks following Effective Date. Customer to introduce Service Provider to the Customers incumbent suppliers to enable agreement on any potential TUPE scope.
Confirmation by Customer of any novation restrictions in supplier agreements for contractors to be provided within 2 weeks of the Effective Date.

3.3
Resource On-boarding for Wave 1
Agreement on people transition plan, offer basis for employment of required US employees and UK measures required for consultation
Preparation for on boarding of TUPE resources UK and offer employees US who will transfer to Service Provider on contract signing (TUPE completion)
Assessment of skills and experience of in scope employees to assess role fit and wider Service Provider redeployment opportunities where appropriate
Travel preparations / on boarding planning and training for all day 1 Service Provider team in all locations

3.4
Key Milestones and Dependencies

Milestones
Target Date
Customer Dependency
HR Due Diligence phase Complete – UK & US
[***]
[***]
Communication (Service Provider) to employees/ Consultation – UK & US
[***]
[***]
Offer letter (US)
[***]
[***]

3.5
Estimated effort requirement from the Customer





HR Role (Customer)
Knowledge Transfer
Attain (Non-ARD)/ Consultation (ARD)
Transfer/ Integrate
Engage
Timelines
Up to 31 August
September
Up to Mid-October
Post October
Global HR change Management Lead
High Involvement
3 days a week = 60% time/ FTE
High Involvement
3 days a week = 60% time/ FTE
Low Involvement
0.5 day a week = 10% time/ FTE
No Involvement
HR Lead in UK (ARD)
High Involvement
3 days a week = 60% time/ FTE
Medium involvement
2 days a week = 40% time/ FTE
Low Involvement
0.5 day a week = 10% time/ FTE
No Involvement
HR team members in UK (ARD)
High Involvement
3 days a week = 60% time/ FTE
Medium involvement
2 days a week = 40% time/ FTE
Low Involvement
0.5 day a week = 10% time/ FTE
No Involvement
HR Lead in US (Non-ARD)
High Involvement
3 days a week = 60% time/ FTE
Medium to low Involvement
2 days a week = 40% time/ FTE
No Involvement
No Involvement
HR team members in US (Non-ARD)
High Involvement
3 days a week = 60% time/ FTE
Medium to low Involvement
2 days a week = 40% time/ FTE
No Involvement
No Involvement

In addition to the above stated HR roles, support may also be required from the Customer’s procurement team for third parties, and existing team managers who will also need to briefed on the process and may be involved in the process. The exact details shall be agreed during Transition planning.


4
Track 2 - Application Management Transition plan


As a part of the Application Management Services transition, the Service Provider will ensure a successful transition experience without disrupting the ongoing support, by making optimal use of Customer SME time and by ensuring an optimal transition timeline.
At the end of the Application Management Service transition, the Service Provider will be in a position to independently assume responsibility of in-scope applications. The high-level transition plan for in-scope Applications aligned to Customer’s preferred transition approach which has been agreed by the Service Provider as being valid approach to execute application transition and business constraints is shown in diagram below.



4.1
C0 – Zero Transition Applications into Steady State

[***]


4.2
C1 to C5 – For all Applications to transition - Apex and Waves 1, 2, 3 and 4

[***]

Please refer to Schedule 2 Appendix 2-C (Application List) for the application transition grouping. Those marked ‘Service Provider’ in Column D (Support Vendor) are currently supported by the Service Provider and will be transitioned in C0 as set out in section 4.1. Those applications in Column R (1.5 Service Desk) will be transitioned as part of the Service Desk transition set out in Track 3 Infrastructure Management transition (D-2) in section 5.2.


Each application or application wave includes the following key phases:
Planning




Knowledge Acquisition
Shadow
Reverse Shadow

The Steady State service commencement will be triggered by the Knowledge Transfer ((KT)) sign-off for each wave after successful completion of all transition activities meeting the Entry Criteria and Exit Criteria as defined in paragraph 4.5 below.

4.3
Key Milestones and Dependencies


aspen20itoschedule08a_image6.gif


4.4
Estimated effort requirement from Incumbent/Customer
The Customer will use its reasonable endeavours to make available Customer SMEs and appropriate Third Party Provider representative to support the Knowledge Transfer (KT) in accordance with the Transition Plan agreed between the Parties and subject to the Service Provider providing reasonable notice. In the event suitable Customer SME resource is not available then the Service Provider will use documentation and other methods to gain the application knowledge as necessary. The table below provides the required efforts from the Customer SMEs







aspen20itoschedule08a_image7.gif

4.5
Key Activities – Phase and Output

The table below provides the phase-wise deliverables and the corresponding Entry Criteria and /Exit Criteria




Knowledge Transfer (KT) Phase
Entry Criteria
Key Deliverables
Exit Criteria
Knowledge Transfer (KT) Planning
    Key resources on boarded
    Transition Manager and Team in place
    Overall Transition scope, schedule, approach and status reporting aligned to and agreed upon
    Transition kickoff meetings complete
    Logistics to start Knowledge Transfer (KT) phase in place
    Communication to all impacted stakeholders complete

    Detailed Transition Plan
    SME Calendar
    Knowledge Transfer plans (Process Area or App-wise as applicable)

    Application level Knowledge Transfer (KT) plans finalized
    Staffing and onboarding of delivery resources complete for Knowledge Transfer (KT) phase as per the proposed ramp up plan
    Connectivity to Customer network in place
    Status reporting mechanisms in place
    Planning Phase go / no-go checkpoint

Knowledge Acquisition
    Planning Phase Exit criteria has been met
    All resource/application level Knowledge Transfer (KT) plans finalized
    Staffing of resources involved in Knowledge Transfer (KT) complete
    Network and Remote Knowledge Transfer (KT) Infrastructure setup complete
    Read access to application environments in place
    Access to all relevant document repositories in place
    SME calendar blocked for the 1st week of Knowledge Transfer (KT) sessions

    Draft Application Information Handbook complete
    Draft Operations Procedures Handbook

    All the planned knowledge acquisition sessions complete
    Knowledge acquisition assessments complete
    All Knowledge Transfer (KT) Issues and high probability and impact Risks Mitigated
    Access to Ticketing tool in place
    Shadow Support Plan signed off by Customer
    “Knowledge Transfer (KT) phase” go / no-go checkpoint
Shadow
and
Reverse Shadow
    Training Phase Exit criteria has been met
    “Write / Update” access to all environments in place and tested by Service Provider Application Support team
    Source code tested and accepted (compile & test)
    Customer Business community notified on changes and expectations on service levels (if applicable)
    Final Application Information Handbooks
    Final Operations Procedures Handbook
    Completed exit criteria checklists
    Service Provider achieved target ticket resolution metrics
    Service Management process trainings complete, with metrics and SLAs agreed
    Customer business units and end-users informed of the change
    Transition Service Commencement go / no-go checkpoint








5
Track 3 - Infrastructure Management

5.1
D0 to D2 - Overview of transition of Service Desk and End User Services

Transition scope includes integrated Service Desk providing 24x7 personal based Service Desk, systems monitoring and supporting procedural activities & scripted/SOP based resolution (L1.5) and End User Services with tailored approach to support dedicated sites along-with dispatch support. The following are the objectives:

o
Transition is driven through the Service Provider dedicated Transition management office using best-in-class transition process
o
Minimize business disruption by a staggered approach (Phase-based) aligned to key stakeholder needs and schedules.
o
Leveraging Customer SMEs to ensure minimal business impact on service takeover

The high-level transition plan for in-scope Infrastructure services aligned to Customer’s preferred transition approach and business constraints is shown in Figure 2&3 below. The key phases involved are
Knowledge Transfer (Knowledge Transfer (KT)) Planning
Knowledge Acquisition
Shadow
Reverse Shadow

The Steady State service commencement will be triggered after successful completion of all transition activities meeting the Entry/Exit criteria as defined in Tables 2, 3 & 4 below

[***]
[***].
Figure 2
Service Provider will manage the cut over of service commencement from the Service Desk services at the same time for all the locations

During the pre-planning phase, mutually acceptable Knowledge Transfer (Knowledge Transfer (KT)) locations will be agreed.
Key Milestones & Dependencies
[***]

Estimated efforts requirements from the Customer
[***]

Service Desk- Key Activities by Phase and output
The below table details the Transition phases, indicative activities and output of Service Desk Services transition:





Phase
Service Desk Activities
Output
Planning
    Customer SME/ key stakeholder identification to begin
    Knowledge Transfer calendar to be finalized
    Network, connectivity and compliance requirements to be captured
    Work on building draft project, communications and governance plans
    Identify key risks
    Knowledge Transfer calendar finalized
    Draft plans to be ready
    Capture key requirements for connectivity etc.
    Find out possible mitigations for key risks
    Detail Transition plan
    Risk plan
    Agreed Knowledge acquisition plan & Schedule
    Call barging plan agreed
    Align key Customer SMEs
    Core Team on-boarded
     Customer SME Identified
    Tool access enabled for Service Provider
    Knowledge Management and ticket history available
    CTI dump of existing tool received
    New ticketing tool on-boarded
    Support for change management module
    Call splitting plan finalized
Knowledge Acquisition
    Analysis of existing data-call barging
    Understand the current tools and Computer Telephony Integration C(CTI) mapping
    Understand call logging/assignment process
    Resource ramp-up complete
    Infra, seat and logistics ready
    Toll free number, routing and IVR activated and tested
    Call splitting mechanism ready and tested
    Tools business-to-business ready and tested
    Knowledge base import complete
    Tools implementation & integration completed
     Create SOP, RUN Book and other Knowledge Transfer (KT) Documents
    Consolidate content
    Train / Knowledge Transfer with teams
    Tools implementation
    Tools integration
    Review and sign-off the readiness with customer
 Validate knowledge acquisition (KA) with Customer SME through playback
    Train / Knowledge Transfer (KT) with teams
    Review & Signoff the readiness with Customer
    Validate all accesses




Phase
Service Desk Activities
Output
Shadow and Reverse Shadow

•    Shadow and primary support
•    Observe live operations by existing teams
•    Monitor process adherence
•    Track SLA/KPIs
Reverse Shadow
•    Simulation with test cases
•    Manage the % calls split from existing SD
•    Ramp-up to the adequate level for Cut over
•    Training for [***] users
•    Go/ no-go signoff
    Test completed with agreed %
    Service Commencement signoff by Customer Back log is cleared
Table 2- High level transition activities for Service Desk

EUS- Key Activities by Phase and output

Dedicated Model
Country and region wise approach for high volume sites would be adapted for Transition of existing field service activities from existing contractor / Third Party Provider to Service Provider. Details such as key challenges, user requirements and site demographics would be obtained per location in the Transition Planning Phase to address the specific Transition needs for the setup.
Dispatch Model
The Transition Plan will address the nuances specific to site demographics, location of users, and distance between sites, key user challenges and user requirements per dispatch site.
Service Provider will provide its services at the sites set out in Schedule 22 (Locations and Site Licence).




Phases
Activities
Output
Pre Planning
    Customer SME/ Key stakeholder identification to begin
    Knowledge Transfer (Knowledge Transfer (KT)) calendar to be finalized
    Network, connectivity and compliance requirements to be captured
    Work on building draft project, communications and governance plans
    Identify key risks
    Knowledge Transfer (KT) calendar finalized
    Draft plans to be ready
    Capture key requirements for connectivity etc.
    Find out possible mitigations for key risks
Plan
    Towers in scope
    Access requirements
    Regulatory, statutory and data privacy requirements
    Inventory details by location
    Core Service Provider Personnel on-boarded
    Customer SME and appropriate 3rd Party Provider staff identified
    Knowledge Management and ticket history available
    Sign-off Detailed Transition Plan
Knowledge Acquisition
    Understand critical servers, Images,
    Downtime management process
    Build, patch and refresh process
    BCDR processes
    Request access to tools and environments
    ITIL process
    Key critical process and procedure related to each site.
    Resource ramp-up complete
    Access to tools / applications tested
    Review and sign-off SOPs and run books
    Partner collaboration with site manager complete

Shadow and Reverse Shadow t

For each Location:
Shadow:
    Observe live operations by existing teams
    Monitor process adherence
    Track SLA/KPIs
Reverse Shadow
    Simulation with test cases
    Manage the % calls split from existing Service Desk
    Ramp-up to the adequate level for service commencement
    Go/no-go signoff
    Test completed
    Service Commencement signoff by Customer
    Back log is cleared
Table 3 - High level transition activities for End user services
The service commencement cutover activities will be performed on a regional basis. Within the region, volume based or ticket category based service commencement will be agreed during the planning phase of the Transition. During the pre-planning phase, Knowledge Transfer locations will be agreed between the Parties.

During the implementation phase the volume of contacts the Service Provider team will handle will be increased in a phased manner. At the final week of shadow support, resources at the delivery centre would be able to access the




tools to work on low priority tickets. When Transition moves into the reverse shadow Support phase, Service Provider resources will start handling calls with an escalated support from Customer SMEs. By the end of shadow phase Service Provider team will support all the contacts end to end.

5.2
D3 to D5 - Infrastructure Management and Network Services

The Infrastructure Management Service and Network Management Service transition will address the activities, Milestones and Deliverables necessary for the Service Provider to commence delivery of the Services described in Annex 2 (Infrastructure Management Services) and Annex 6 (Network Management Services) of Schedule 2. Transition involves Server, storage, backup, database and network management services across Customer global datacentres and office locations. Service Provider SMEs for each technology area will engage with Customer SMEs and appropriate Third Party Providers to go through the knowledge acquisition process. Detailed activities by phase, output of each phase and estimated time required from Customer SMEs are detailed in subsequent sections below.

[***]

Figure 4
Key Milestones & Dependencies
[***]


Estimated effort requirements from Customer
[***]


Key Activities by Phase and Output.

Data Centre services transition involves Server management, Storage management, back up management Database management spread across various global datacentres (Huntingdon, Power Gate, Rocky hill etc.) and office locations

The Service Provider where appropriate, shall continue to leverage the Customer's existing warranty and maintenance contracts for those products where financial responsibility resides with the Customer and that are agreed between the Parties (includes Microsoft).


The table below details the Transition phases, indicative activities and output of Infrastructure Services transition:




Phases
Activities
Output
Planning
Planning
    SME/ Key stakeholder identification to begin
    Knowledge Transfer calendar to be finalized
    Network, connectivity and compliance requirements to be captured
    Work on building draft project, communications and governance plans
    Identify key risks
    Kick-off the setup in parallel to the contract finalization so that the resources for transition are available in time
    Revalidate scope, identify key risks, develop first version of detailed transition plan
    Knowledge Transfer calendar finalized
    Draft plans to be ready
    Capture key requirements for connectivity etc.
    Find out possible mitigations for key risks
    Towers in scope
    Access Requirements
    Regulatory, statutory and data privacy requirements
    Inventory details by location
    Inventory details by tower / technology
    Transition kick-off meeting
    Updated detailed Transition plan
    Access requirements
    Define milestones
    Resource allocation
    Contract novation and asset takeover
    Core Service Provider Personnel on-boarded
    Customer SMEs and appropriate 3rd Party Provider staff identified
    Knowledge Management and ticket history available
    Call / ticket work plan / splitting plan finalized
    Sign-off detailed transition plan
knowledge Acquisition
Data centre services: 
    Understand datacentre architecture
    Obtain hardware and software detailed list
    Understand cluster architecture
    Business critical applications / servers and inter dependencies
    Build, patch, refresh and deployment process
    Server, database, storage architecture and inter-dependencies
Network services: 
    Understand topology, special network zone, protocols circuit details
    Understand current network infrastructure architecture
    Obtain knowledge on WAN router and switch infrastructure
    Gain knowledge on LAN router and switch infrastructure
    Understand process to manage 3rd Party Providers
    Capacity and configuration management
    Performance and fault monitoring
    IMACD for voice network
    Configuration of voice mailbox and IP telephony
    Firewall and IPS monitoring and management
    Security log / event management
    IPsec and [***] over Internet connections and management
    Concurrent session management
    Disaster recovery process / backup and recovery plan
    Run books and SOPs for each and every tower
    Access to servers / tools
    Datacentre site support process
    Failover and failback mechanism
    Understand critical servers
    Downtime management process
    BCDR processes
    Request access to tools and environments
    Understand the knowledge base, run books and SOPs
    Create SOPs, Run book and other Knowledge Transfer Documents
    Review and understand the build documents, architecture diagrams, etc.
    Understand current support process and current vendor support contracts
    Understand the support dependences and touch point across other teams
    Review historic data and service level performance
    Resource ramp-up progress
    Infrastructure, seat and logistics ready
    Access to tools / applications tested
    Review and sign-off SOPs and run books
    Partner collaboration with site / location manager complete
    Tools implementation and integration completed
    Validate knowledge base with customer SME and appropriate 3rd Party Provider staff through playback
    Review and signoff the readiness with Customer

5.2knowledge Acquisition
Shadow and Reverse Shadow Support

For each locations
Shadow and primary support
    Observe live operations by existing teams
    Monitor process adherence
    Track SLA/KPIs
Shadow Support and Reverse Shadow Support
    Simulation with test cases
    Manage the % calls split from existing team and supplier team
    Ramp-up to the adequate level for Service Commencement
    Perform Shadow activities
    Validate all Accesses
    Resolve low priority incidents
    Observe current ticket handling process
    Discuss and agree upon different report formats
    Manage aging and open tickets
    SLA breach analysis
    Demonstrate successful handling of all services
    Update run books and SOPs
    Track Plan Vs actual SLAs
    Test completed with agreed %
    Go/no-go signoff - Service Commencement service commencement signoff by Customer
    Back log is cleared


Table - High level transition activities for Datacentre services






6
Track 4 - Security Services

6.1
E0 - Security Validation

[***]

6.2
E1 – E2 Security Services Transition Overview

The high-level transition plan for in-scope security services is aligned to Customer’s preferred transition approach and business constraints is shown in Figure below. The key phases involved are
Knowledge Transfer Planning
Knowledge Acquisition
Shadow Support
Reverse Shadow Support

The steady state service commencement will be triggered by the Knowledge Transfer sign-off for each Wave after successful completion of all transition activities meeting the Entry/Exit criteria as defined in Table 4 below

[***]

Key Milestones & Dependencies

[***]


Estimated effort requirements from the Customer


aspen20itoschedule08_image15.gif

Key Activities by Phase and Output
The below table details the Transition phases, indicative activities and output of security services transition:




Phases
Activities
Output

Planning
    Key resource on-boarded
    Overall Transition scope, schedule, approach and status reporting aligned to and agreed upon
    Transition kick-off meetings complete
    Network, connectivity and compliance requirements to be captured
    Identify key risks
    Revalidate scope, identify key risks, develop first version of detailed Transition plan
    Detailed Transition Plan
    SME Calendar
    knowledge Transfer plans
knowledge Acquisition
    Understand Customer “in-scope” environment
    Understand current security metrics and SLAs
    Disaster recovery process / BCDR plan
    Run books and SOPs for each and every tower
    Access to servers / tools
    Failover and Failback mechanism
    Downtime management process, BCDR processes
    Request access to tools and environments
    Understand the knowledge base, run books and SOPs
    Create SOPs, run Book and other Knowledge Transfer documents
    Review and understand the build documents and architecture diagrams
    Understand current support process and current vendor support contracts
    Understand the support dependences and touch point across other teams
    Review historic data and SLA
    Resource ramp-up progress
    Access to Tools / Applications Tested
    Review and Sign-off SOPs and run books
    Partner Collaboration with site / location manager complete
    Tools implementation & integration completed
    Validate knowledge base with Customer and Incumbent SME through playback
    Review & Signoff the readiness with Customer





Phases
Activities
Output
Shadow and Reverse Shadow Support

Shadow and primary support
    Observe live operations by existing teams
    Monitor process adherence
    Track SLA/KPIs
Shadow Support and Reverse Shadow Support
    Simulation with test cases
    Manage the % calls split from existing team and supplier team
    Ramp-up to the adequate level for Cut over
    Perform Shadow Support activities
    Validate all Accesses
    Resolve low priority incidents
    Observe current ticket handling process
    Discuss and agree upon different report formats
    Manage aging and open tickets
    SLA breach analysis
    Demonstrate successful handling of all services
    Update run books and SOPs
    Track plan Vs actual SLAs
    Test completed with agreed %
    Go/no-go signoff - Service Commencement signoff by Customer
    Back log is cleared
Table - High level transition activities for Security Services


7
Track 5 - Change Delivery and COE

7.1
F0 - Change Management

The Service Provider will provide Change Management Service which includes a team to manage the project office, portfolio planning, resource management, Work Request, Statement of Work (SOW) production, project support and project close to ensure that the Customer is provided with an end-to-end Change Management Service. Detailed descriptions of the service are described in Schedule 2 Annex 5 (Change Management Services).


The Service Provider will run the change management using an integrated service model providing on-shore resources in both the US and UK supported by an off-shore team in India.

Key Milestones & Dependencies

[***]

[***]






Key Activities - Phase & Output

The table below provides the phase-wise deliverables and the corresponding Entry/Exit criteria

Phases
Entry Criteria
Key Deliverables
Exit Criteria
Planning
¤    Key resources on boarded
¤    Service Provider Change Management team lead identified and available
¤    Overall Change Management Service scope, schedule, approach and status reporting aligned to and agreed upon
¤    Change management kick off meetings complete
¤    Logistics to start Knowledge Acquisition (KA) phase in place
¤    Communication to all impacted stakeholders complete
¤    Detailed Change Management set up plan SME calendar
¤    Knowledge Acquisition (KA) plan
¤    Change management tools, accelerators, frameworks and templates eg. PMO and estimating identified for the Customer
¤    Inflight projects identified and agreed
¤    Application level Knowledge Acquisition (KA) plans finalized
¤    Staffing and on-boarding of delivery resources complete for Knowledge Acquisition (KA) phase as per the proposed ramp up plan
¤    Connectivity to Customer data network in place
¤    Status reporting mechanisms in place
¤     Change management initial tools, accelerators, frameworks and templates identified
¤    Planning Phase go / no-go checkpoint
Knowledge Acquisition
¤    Planning phase Exit criteria has been met
¤    All resource/application level Knowledge Acquisition (KA) plans finalized
¤    Staffing of resources involved in Knowledge Acquisition (KA) complete
¤    Network and remote Knowledge Acquisition (KA) infrastructure setup complete
¤    Read access to application environments in place
¤    Access to all relevant document repositories in place
¤    Resource calendar blocked
¤    Draft change management project information handbook complete
¤    Tools, accelerators, frameworks and templates for initial use configured for the Customer
¤    Current status and remaining scope for in flight projects understood

¤    All the planned knowledge acquisition sessions complete
¤    Knowledge acquisition assessments complete
¤    All Knowledge Acquisition (KA) issues and risks mitigated
¤    Access to tools and environments in place
¤    Shadow Support plan signed off by the Customer
¤    “Knowledge Acquisition (KA) phase” go / no-go checkpoint




Shadow Support
&
Reverse Shadow Support
¤    Training phase Exit criteria has been met
¤    “Write / update” access to all environments in place and tested by Service Provider team
¤    Customer business community notified on changes and expectations on service levels (if applicable)
¤    Final Change management project information handbooks
¤    Completed Exit criteria checklists
¤    Tools, accelerators, frameworks and templates configured for the Customer reviewed and accepted.
¤    Plan for takeover and completion of in-flight projects agreed
¤    Change Management process trainings complete, with metrics agreed
¤    Customer business units and End Users informed of the change of responsibility for change management
¤    Customer configured tools, accelerators, frameworks and templates available for Change management team use
¤    Service commencement Service Commencement of fully functional COE go / no-go checkpoint


7.2
F0 - Legacy and Inflight Projects

Inflight projects will be managed in accordance with the statements in the Inflights project list as described in Schedule 10 (Pricebook, Charges and Invoicing) paragraph 19 (Inflight Projects).

Legacy projects and legacy resources will be managed via Legacy SOWs under this Agreement.
 
7.3
F0 - Agile & DevOps Centre-of-Excellence

The Service Provider shall establish and create a new COE for the Customer with a specialised support, enhance and development capability for Agile ways of working and DevOps implementation
The Agile - DevOps COE will be established as a global capability, with an integrated service model providing on-shore resources in both the US and UK supported by an off-shore team in India.

Key Milestones & Dependencies
[***]



Key Activities - Phase & Output

The table below provides the phase-wise deliverables and the corresponding Entry/Exit criteria




Phases
Entry Criteria
Key Deliverables
Exit Criteria
Planning – Agile
¤    Identify and on-board agile coach
¤    Identify stakeholders
¤    Access to relevant system / tools for agile coach
¤    Identify logistics to start assessment
¤    Identify agile assessment approach and align with the Customer



¤    List of stakeholders
¤    Access status on system and tools
¤    Agile assessment approach
¤    COE staffing plan for pilot team
¤    Transformation team staffing plan




¤    Staffing and on-boarding agile coach
¤    Access to tools and software’s for agile coach
¤    Initial kick off meeting with stakeholders complete
¤    Logistics to start the assessment phase in place
¤    Scope for Agile assessment, approach, aligned and agreed upon
¤    Agreed plan with timelines to on-board pilot team
¤    High level plan for rolling out various agile trainings agreed with the Customer
Planning - DevOps
¤    DevOps resources on boarded
¤    Identify stakeholders for the interview process
¤    Access to DevOps tools, software, environment

¤    DevOps assessment approach/model in-line with the Customer application tech stacks, priority and complexities
¤    DevOps assessment plan covering as-is applications in-line with Customer application priority and complexity
¤    Draft application Inventory details for assessment
¤    Socializing with stakeholders on the assessment methodology
¤    Staffing plan for the assessment and transformation
¤    Agreed DevOps assessment plan, approach and framework




7.4
F1 - Guidewire-Claimcenter Centre-of-Excellence

The Service Provider will establish the Guidewire-Claimcenter COE as a global capability, with an integrated service model providing on-shore resources in both the US and UK supported by an off-shore team in India. The COE will employ a cross time-zone working model to co-ordinate development and support activities across the teams
The COE will provide access to a global team of Guidewire-Claimcenter resources across consulting, implementation and support expertise. Change and Run Services will be delivered using Service Provider’s




‘Transform while Perform’ methodology, to deliver performance and efficiency improvements against specified goals to aid the Customer in releasing budget to support development of new capabilities and functionality.
The Service Providers Guidewire-Claimcenter Academy will ensure that COE associates have access to consistent product, insurance and implementation training. The COE teams will also have access to the Guidewire-Claimcenter Global Knowledge Management Framework which captures and shares experience, solutions and accelerators across Guidewire-Claimcenter teams to improve team effectiveness and efficiency in resolving issues.
The Service Providers Guidewire-Claimcenter COE Lab provides an innovation hub across the entire Guidewire-Claimcenter “Ecosystem”. The Lab supports COE teams to accelerate delivery by building solution accelerators as well as re-skilling and cross-skilling associates. The Lab infrastructure will also be available to build joint proof-of-concepts with the Customer to develop supporting business cases for extended Guidewire-Claimcenter use cases using emerging digital technologies.
 
[***]
# - To be revisited at the end of Transition Planning Phase

Key Milestones & Dependencies

The Service Provider will complete knowledge acquisition by embedding several resources within the Customer’s existing incumbent Third Party Provider site in Kolkata (India) for a number of weeks. The Service Provider will not be taking responsibility for delivering any of the Third Party Provider deliverables.
The Service Provider will have a core COE team in a position to take on new BAU changes, work on automation and frameworks and take on small change from Service Commencement Date.
The incumbent Third Party Provider is responsible for all deliverables relating to exiting warranty for the current project.
[***]
# - To be revisited at the end of Transition Planning Phase

Estimated effort requirements from Customer / incumbent

The table below provides the phase-wise required efforts from the Customer’s resources.
[***]


Key Activities - Phase & Output

The table below provides the phase-wise deliverables and the corresponding Entry/Exit criteria

Phases
Entry Criteria
Key Deliverables
Exit Criteria




Planning
¤    Key Contacts identified
¤    Roles and responsibilities finalized
¤    Key resources on boarded
¤    Service Provider COE lead identified and available
¤    Overall COE scope, schedule, approach and status reporting aligned to and agreed upon
¤    COE Kick off meetings complete
¤    Logistics to start Knowledge Acquisition (KA) phase in place
¤    Communication to all impacted stakeholders complete
¤    Detailed COE set up plan
¤    SME Calendar
¤    Knowledge Acquisition (KA) plan
¤    Service Provider and Customer agreed risks and issues identified with supporting mitigation plan. COE tools, accelerators’ frameworks and templates eg. Estimating identified for the Customer
¤    Application level Knowledge Acquisition (KA) plans finalized
¤    Staffing and on-boarding of delivery resources complete for Knowledge Acquisition (KA) phase as per the proposed ramp up plan
¤    Connectivity to Customer network in place
¤    Status reporting mechanisms in place
¤    COE initial tools, accelerators, frameworks and templates identified
¤    Planning Phase go / no-go checkpoint
Knowledge Acquisition
¤    Planning Phase Exit criteria has been met
¤    All resource/application level Knowledge Acquisition (KA) plans finalized
¤    Staffing of resources involved in Knowledge Acquisition (KA) complete
¤    Network and Remote Knowledge Acquisition (KA) Infrastructure setup complete
¤    Read access to application environments in place
¤    Access to all relevant document repositories in place
¤    SME Calendar blocked

¤    Draft Application / Project Information Handbook complete
¤    Draft Operations Procedures Handbook
¤    Tools, accelerators, frameworks and templates for initial use configured for the Customer


¤    All the planned knowledge acquisition sessions complete
¤    Knowledge acquisition assessments complete
¤    All Knowledge Acquisition (KA) Issues and Risks Mitigated
¤    Access to tools and environments in place
¤    Shadow Support Plan signed off by the Customer
¤    “Knowledge Acquisition (KA) phase” go / no-go checkpoint




Shadow Support
&
Reverse Shadow Support
¤    Training Phase Exit criteria has been met
¤    “Write / Update” access to all environments in place and tested by Service Provider team
¤    Source code tested and accepted (compile & test)
¤    Customer business community notified on changes and expectations on service levels (if applicable)
¤    Final Application / Project Information Handbooks
¤    Final operations procedures handbook
¤    Completed Exit criteria checklists
¤    Tools, accelerators, frameworks and templates configured for the Customer reviewed and accepted.
¤    
¤    Service Provider achieved target ticket resolution metrics
¤    Service management process trainings complete, with metrics agreed
¤    Customer business units and end-users informed of the change of accountability for the COE,
¤    Customer configured tools, accelerators, frameworks and templates available for COE use
Service Commencement to fully Functional COE go / no-go checkpoint


7.5
F1 - Testing Centre-of-Excellence

The Service Provider will provide the Customer with a new COE for testing which will focus on specialised support, as well as enhancing and developing further capability for testing. The Testing COE will drive an automation agenda across the software development lifecycle to provide higher quality delivery and ongoing run support.
The Testing COE will be established as a global capability, with an integrated service model providing on-shore resources in both the US and UK supported by an off-shore team in India.

[***]

# - To be revisited at the end of Transition Planning Phase except for go-live.

Key Milestones & Dependencies

[***]
# - To be revisited at the end of Transition Planning Phase except for Service Commencement Date.

Estimated effort requirements from the Customer

The table below provides the phase-wise required efforts from the stakeholders
[***]

Key Activities - Phase & Output





The table below provides the phase-wise deliverables and the corresponding Entry/Exit criteria

Phases
Entry Criteria
Key Deliverables
Exit Criteria
Planning
¤    Key resources on boarded
¤    Service Provider COE lead identified and available
¤    Overall COE scope, schedule, approach and status reporting aligned to and agreed upon
¤    COE kick off meetings complete
¤    Logistics to start Knowledge Acquisition (KA) phase in place
¤    Communication to all impacted stakeholders complete
¤    Detailed COE set up plan
¤    Knowledge Acquisition (KA) plan
¤    Service Provider and Customer agreed risks and issues identified with supporting mitigation plan. COE tools, accelerators’ frameworks and templates eg. Estimating identified for the Customer
¤    Staffing and on-boarding of delivery resources complete for Knowledge Acquisition (KA) phase as per the proposed ramp up plan
¤    Connectivity to Customer network in place
¤    Status reporting mechanisms in place
¤     COE initial tools, accelerators, frameworks and templates identified
¤    Planning phase go / no-go checkpoint
Knowledge Acquisition
¤    Planning phase Exit criteria has been met
¤    All resource/application level Knowledge Acquisition (KA) plans finalized
¤    Staffing of resources involved in Knowledge Acquisition (KA) complete
¤    Network and Remote Knowledge Acquisition (KA) Infrastructure setup complete
¤    Read access to application environments in place
¤    Access to all relevant document repositories in place
¤    Calendars blocked as applicable and appropriate
¤    Draft Application / Project Information Handbook complete
¤    Draft overarching Testing Strategy approach published for review
¤    Draft operations procedures handbook
¤    Tools, accelerators, frameworks and templates for initial use configured for the Customer
¤    Knowledge Acquisition (KA) assessment score card including application skills evaluation
¤    All the planned knowledge acquisition sessions complete
¤    Knowledge acquisition assessments complete
¤    Applications skills evaluation complete
¤    All Knowledge Acquisition (KA) issues and risks mitigated
¤    Access to tools and environments in place
¤     “Knowledge Acquisition (KA) phase” go / no-go checkpoint




Bedding In
¤    Training phase Exit criteria has been met
¤    “Write / Update” access to all environments in place and tested by the Service Provider
¤    Source code tested and accepted (compile & test)
¤    Customer business community notified on changes and expectations
¤    Final application / project information handbooks
¤    Final operations procedures handbook
¤    Completed exit criteria checklists
¤    Tools, accelerators, frameworks and templates configured for the Customer reviewed and accepted.
¤    Overarching testing strategy reviewed and approved.
¤    Template agreed for detailed testing strategy for specific SOW and Work Requests.
¤    Service Provider achieved target ticket resolution metrics
¤    Service Management process trainings complete, with metrics agreed
¤    Customer business units and end-users informed of the change of accountability for the COE,
¤    Customer configured tools, accelerators, frameworks and templates available for COE use
¤    Service Commencement of fully functional COE go / no-go checkpoint


7.6
F2 - Data Centre-of-Excellence

The Service Provider will replace the Customers existing team (using a mix of TUPE and new resources) and enhance the Customers local capability. The Service Provider will provide the Customer with a global support, enhancement and development capability for Data.

The Data COE will be established as a global capability, with an integrated service model providing on-shore resources in both the US and UK supported by an off-shore team in India.

The Data COE will provide service enhancements and improvements for EDW, DataHub, MI/BI and Program Automation as described in Schedule 2 (Service Descriptions) Annex 5 (Change Management Services) section 4.13.

The Data COE will support the Customer data strategy once this is made available to the Service Provider.
[***]
# - To be revisited at the end of Transition Planning Phase

Key Milestones & Dependencies
[***]
# - To be revisited at the end of Transition Planning Phase except for Service Commencement Date.







Key Activities - Phase & Output

The table below provides the phase-wise deliverables and the corresponding Entry/Exit criteria

Phases
Entry Criteria
Key Deliverables
Exit Criteria
Planning
¤    Key resources on boarded
¤    COE set up team in place
¤    Overall COE scope, schedule, approach and status reporting aligned to and agreed upon
¤    COE Kick off meetings complete
¤    Logistics to start Knowledge Acquisition (KA) phase in place
¤    Communication to all impacted stakeholders complete
¤    Detailed COE set up plan
¤    SME Calendar
¤    Knowledge Acquisition (KA) plan
¤    Service Provider and Customer agreed risks and issues identified with supporting mitigation plan. COE tools, accelerators’ frameworks and templates eg. Estimating identified for the Customer
¤    Application level Knowledge Acquisition (KA) plans finalized
¤    “Read” access to all environments in place and tested by Service Provider team
¤    Staffing and on-boarding of delivery resources complete for Knowledge Acquisition (KA) phase as per the proposed ramp up plan
¤    Connectivity to Customer network in place
¤    Status reporting mechanisms in place
¤    Planning Phase go / no-go checkpoint
Knowledge Acquisition
¤    Planning Phase Exit criteria has been met
¤    All resource/application level Knowledge Acquisition (KA) plans finalized
¤    Staffing of resources involved in Knowledge Acquisition (KA) complete
¤    Network and Remote Knowledge Acquisition (KA) Infrastructure setup complete
¤    Read access to application environments in place
¤    Access to all relevant document repositories in place
¤    Resource Calendar blocked
¤    Draft application / project information handbook complete
¤    Draft Operations Procedures Handbook
¤    Tools, accelerators, frameworks and templates for initial use configured for the Customer
¤    Knowledge Acquisition (KA) assessment score card including application skills evaluation
¤    All the planned knowledge acquisition sessions complete
¤    Knowledge acquisition assessments complete
¤    Applications skills evaluation complete
¤    All Knowledge Acquisition (KA) Issues and Risks Mitigated
¤    Access to tools and environments in place
¤    Shadow Support plan signed off by the Customer
¤    “Knowledge Acquisition (KA) phase” go / no-go checkpoint




Shadow
&
Reverse Shadow
¤    Training phase Exit criteria has been met
¤    “Write / Update” access to all environments in place and tested by the Service Provider
¤    Source code tested and accepted (compile and test)
¤    Customer business community notified on changes and expectations)
¤    Final application / project information handbooks
¤    Final operations Procedures Handbook
¤    Tools, accelerators, frameworks and templates configured for the Customer reviewed and accepted.
¤    Completed Exit criteria checklists
¤    Service Provider achieved target ticket resolution metrics
¤    Service management process trainings complete, with metrics agreed
¤    Customer business units and end-users informed of the change
¤    Service Commencement to fully Functional COE go / no-go checkpoint

7.7
F3 - Duck Creek Centre-of-Excellence

The Service Provider will replace the Customer’s existing team (using a mix of TUPE and new resources) and enhance the Customer’s local capability. The Service Provider will provide the Customer with a global support, enhancement and development capability.
The Service Provider will establish a Duck Creek COE using our existing knowledge and competency covering entire technical landscape of Duck Creek product implementation including policy, templates, billing, and claims to create best practice approaches. The Service Provider has a comprehensive product training university and works closely with Duck Creek to keep our training relevant with the latest changes to the product.
The Service Provider will ensure that the Duck Creek COE has the correct mix of skills to be able to support both run and change support for Duck Creek application users, as this team will handle business as usual support requests, small and large project changes, from initial request through testing and post implementation support.
The Service Provider will provide the Customer with a specialised support, enhancement and development capability for their Duck Creek solution.
[***]

# - To be revisited at the end of Transition Planning Phase
    
Key Milestones & Dependencies

The Service Provider will complete knowledge acquisition from existing Duck Creek Service Provider resources and by absorbing into the COE resources from the Duck Creek upgrade project team which will be in progress during quarter 4 of 2018.
[***]

# - To be revisited at the end of Transition Planning Phase

Estimated effort requirements from the Customer

The table below provides the phase wise required efforts from the Customer
[***]

Key Activities - Phase & Output





The table below provides the phase-wise deliverables and the corresponding Entry/Exit criteria
Phases
Entry Criteria
Key Deliverables
Exit Criteria
Planning
¤    Key resources on boarded
¤    Service Provider COE lead identified and available
¤    Overall COE scope, schedule, approach and status reporting aligned to and agreed upon
¤    COE Kick off meetings complete
¤    Logistics to start Knowledge Acquisition (KA) phase in place
¤    Communication to all impacted stakeholders complete
¤    Detailed COE set up plan Customer SME Calendar
¤    Knowledge Acquisition (KA) plan
¤    COE tools, accelerators, frameworks and templates eg. Estimating identified for the Customer
¤    Application level Knowledge Acquisition (KA) plans finalized
¤    Staffing and on-boarding of delivery resources complete for Knowledge Acquisition (KA) phase as per the proposed ramp up plan
¤    Connectivity to customer network in place
¤    Status reporting mechanisms in place
¤    COE initial tools, accelerators, frameworks and templates identified
¤    Planning Phase go / no-go checkpoint
Knowledge Acquisition
¤    Planning phase Exit criteria has been met
¤    All resource/application level Knowledge Acquisition (KA) plans finalized
¤    Staffing of resources involved in Knowledge Acquisition (KA) complete
¤    Network and Remote Knowledge Acquisition (KA) Infrastructure setup complete
¤    Read access to application environments in place
¤    Access to all relevant document repositories in place
¤    Resource Calendar blocked
¤    Draft application / project information handbook complete
¤    Draft Operations Procedures Handbook
¤    Tools, accelerators, frameworks and templates for initial use configured for the Customer

¤    All the planned knowledge acquisition sessions complete
¤    Knowledge acquisition assessments complete
¤    All Knowledge Acquisition (KA) Issues and Risks Mitigated
¤    Access to tools and environments in place
¤    Shadow Support Plan signed off by the Customer
¤    “Knowledge Acquisition (KA) phase” go / no-go checkpoint




Shadow Support
&
Reverse Shadow Support
¤    Training phase Exit criteria has been met
¤    “Write / Update” access to all environments in place and tested by Service Provider team
¤    Source code tested and accepted (compile and test)
¤    Customer Business community notified on changes and expectations on service levels (if applicable)
¤    Final application / project information handbooks
¤    Final operations procedures handbook
¤    Completed exit criteria checklists
¤    Tools, accelerators, frameworks and templates configured for the Customer reviewed and accepted.
¤    Service Provider achieved target ticket resolution metrics
¤    Service Management process trainings complete, with metrics agreed
¤    Customer business units and end-users informed of the change of accountability for the COE,
¤    Customer configured tools, accelerators, frameworks and templates available for COE use
¤    Service Commencement to fully Functional COE go / no-go checkpoint



7.8
F4 - Infrastructure Centre-of-Excellence

The Service Provider will provide the Customer with an Infrastructure COE to provide Minor Enhancement, Small Project and Large project capability.
The Service Provider will run this COE on a capacity based agreement with the Customer and employ a working model to co-ordinate, plan, design and support activities across the Infrastructure and other change teams.
[***]
# - To be revisited at the end of Transition Planning Phase

Key Milestones & Dependencies
[***]

# - To be revisited at the end of Transition Planning Phase except for Service Commencement Date.

[***]


Key Activities - Phase & Output

The table below provides the phase-wise deliverables and the corresponding Entry/Exit criteria





Phases
Entry Criteria
Key Deliverables
Exit Criteria
Planning
¤    Key resources on boarded
¤    Service Provider lead identified and available
¤    Overall COE scope, schedule, approach and status reporting aligned to and agreed upon
¤    COE Kick off meetings complete
¤    Logistics to start Knowledge Acquisition (KA) phase in place
¤    Communication to all impacted stakeholders complete
¤    Detailed COE set up plan
¤    Resource on-boarding

¤    Resource on-boarding
¤    Detailed Knowledge Acquisition (KA) plan with agreed timelines
Knowledge Acquisition
¤    Planning phase Exit criteria has been met
¤    Staffing of resources involved in Knowledge Acquisition (KA) complete
¤    Understand Customer Architecture & technological estate
¤    Project information handbook complete
¤    Access to key documentation
¤    Process & Procedure documentation
¤    DR Process
¤    Key technical and architectural workflow
¤    Knowledge acquisition technical assessments complete, if any
¤    Document Knowledge Acquisition (KA) Issues and Risks with mitigation
¤    Shadow Support Plan signed off by Customer
Shadow Support
&
Reverse Shadow Support
¤    Training phase Exit criteria has been met
¤    Review areas where knowledge is insufficient and seek help from Customer SME
¤    Customer business community notified on changes and expectations on service levels (if applicable)
¤    Final Project Information & Procedures Handbooks
¤    Understand Estimation Process
¤    Completed exit criteria checklists
¤    Hands on Customer Technology landscape and process
¤    Publish metrics of support and Knowledge Acquisition (KA)
¤    Participate in project / change meetings


7.9
FSS COE

For the FSS COE the Service Provider will replace the Customer’s existing team (using a mix of TUPE and new resources) and enhance the Customer’s local capability. The Service Provider will provide the Customer with a




global support, enhancement and development capability for the finance area.
The Service Provider with run the FSS COE using an integrated service model providing on-shore resources in the UK supported by an off-shore team in India (if appropriate).
[***]
# - To be revisited at the end of Transition Planning Phase

Key Milestones & Dependencies

[****]
 

Key Activities - Phase & Output

The table below provides the phase-wise deliverables and the corresponding Entry/Exit criteria

Phases
Entry Criteria
Key Deliverables
Exit Criteria
Planning
¤    Key resources on boarded
¤    Service Provider team lead identified and available
¤    Overall scope, schedule, approach and status reporting aligned to and agreed upon
¤    Team kick off meetings complete
¤    Logistics to start Knowledge Acquisition (KA) phase in place
¤    Communication to all impacted stakeholders complete
¤    Detailed General Team set up plan SME Calendar
¤    Knowledge Acquisition (KA) plan
¤    General team tools, accelerators, frameworks and templates eg. Estimating identified for the Customer
¤    Application level Knowledge Acquisition (KA) plans finalized
¤    Staffing and on-boarding of delivery resources complete for Knowledge Acquisition (KA) phase as per the proposed ramp up plan
¤    Connectivity to Customer network in place
¤    Status reporting mechanisms in place
¤    General team initial tools, accelerators, frameworks and templates identified
¤    Planning phase go / no-go checkpoint




Knowledge Acquisition
¤    Planning phase Exit criteria has been met
¤    All resource/application level Knowledge Acquisition (KA) plans finalized
¤    Staffing of resources involved in Knowledge Acquisition (KA) complete
¤    Network and Remote Knowledge Acquisition (KA) Infrastructure setup complete
¤    Read access to application environments in place
¤    Access to all relevant document repositories in place
¤    Resources Calendar blocked
¤    Draft application / project information handbook complete
¤    Draft operations procedures Handbook
¤    Tools, accelerators, frameworks and templates for initial use configured for the Customer

¤    All the planned knowledge acquisition sessions complete
¤    Knowledge Acquisition assessments complete
¤    All Knowledge Acquisition (KA) issues and risks mitigated
¤    Access to tools and environments in place
¤    Shadow Support plan signed off by the Customer
¤    “Knowledge Acquisition (KA) phase” go / no-go checkpoint
Shadow Support
&
Reverse Shadow Support
¤    Training phase Exit criteria has been met
¤    “Write / Update” access to all environments in place and tested by Service Provider team
¤    Source code tested and accepted (compile & test)
¤    Customer business community notified on changes and expectations on service levels (if applicable)
¤    Final Application / Project Information Handbooks
¤    Final Operations Procedures Handbook
¤    Completed exit criteria checklists
¤    Tools, accelerators, frameworks and templates configured for the Customer reviewed and accepted.
¤    Service Provider achieved target ticket resolution metrics
¤    Service management process trainings complete, with metrics agreed
¤    Customer business units and end-users informed of the change of accountability for the general team,
¤    Customer configured tools, accelerators, frameworks and templates available for General Team use
¤    Service Commencement to fully Functional General Team go / no-go checkpoint


7.10
Business Applications COE

For the Business Applications COE the Service Provider will replace the Customer’s existing team (using a mix of TUPE and new resources) and enhance the Customer’s local capability. The Service Provider will provide the Customer with a global support, enhancement and development capability for applications within the Customer estate where these applications are not supported by a specific COE.




The Service Provider will run the Business Applications COE using an integrated service model providing on-shore resources in the UK (if required) supported by an Offshore team in India.
[***]
# - To be revisited at the end of Transition Planning Phase

Key Milestones & Dependencies
[***]


Key Activities - Phase & Output

The table below provides the phase-wise deliverables and the corresponding Entry/Exit criteria

Phases
Entry Criteria
Key Deliverables
Exit Criteria
Planning
¤    Key resources on boarded
¤    Service Provider team lead identified and available
¤    Overall scope, schedule, approach and status reporting aligned to and agreed upon
¤    Team kick off meetings complete
¤    Logistics to start Knowledge Acquisition (KA) phase in place
¤    Communication to all impacted stakeholders complete
¤    Detailed general team set up plan resource Calendar
¤    Knowledge Acquisition (KA) plan
¤    General team tools, accelerators, frameworks and templates eg. Estimating identified for the Customer
¤    Application level Knowledge Acquisition (KA) plans finalized
¤    Staffing and on-boarding of delivery resources complete for Knowledge Acquisition (KA) phase as per the proposed ramp up plan
¤    Connectivity to Customer network in place
¤    Status reporting mechanisms in place
¤    General team initial tools, accelerators, frameworks and templates identified
¤    Planning phase go / no-go checkpoint




Knowledge Acquisition
¤    Planning phase Exit criteria has been met
¤    All resource/application level Knowledge Acquisition (KA) plans finalized
¤    Staffing of resources involved in Knowledge Acquisition (KA) complete
¤    Network and remote Knowledge Acquisition (KA) infrastructure setup complete
¤    Read access to application environments in place
¤    Access to all relevant document repositories in place
¤    Resources Calendar blocked
¤    Draft application / project information handbook complete
¤    Draft operations procedures Handbook
¤    Tools, accelerators, frameworks and templates for initial use configured for the Customer

¤    All the planned knowledge acquisition sessions complete
¤    Knowledge acquisition assessments complete
¤    All Knowledge Acquisition (KA) Issues and Risks Mitigated
¤    Access to tools and environments in place
¤    Shadow Support Plan signed off by the Customer
¤    “Knowledge Acquisition (KA) phase” go / no-go checkpoint
Shadow
&
Reverse Shadow
¤    Training Phase Exit criteria has been met
¤    “Write / Update” access to all environments in place and tested by Service Provider team
¤    Source code tested and accepted (compile & test)
¤    Customer business community notified on changes and expectations on service levels (if applicable)
¤    Final application / project information handbooks
¤    Final operations procedures handbook
¤    Completed exit criteria checklists
¤    Tools, accelerators, frameworks and templates configured for the Customer reviewed and accepted.
¤    Service Provider achieved target ticket resolution metrics
¤    Service management process trainings complete, with metrics agreed
¤    Customer business units and end-users informed of the change of accountability for the general Team,
¤    Customer configured tools, accelerators, frameworks and templates available for General Team use
¤    Service Commencement of fully Functional General Team go / no-go checkpoint





8
PART B – COMMITTED TRANSFORMATION

[***]







APPENDIX 8-B

FUTURE TRANSFORMATION PRINCIPLES
[***]





    
APPENDIX 8-C
TRANSITION PLAN

[***]






APPENDIX 8-D
TRANSFORMATION PLAN

[***]






Appendix 8–E
Network Connectivity
[***]








SCHEDULE 9

FORM OF LOCAL AGREEMENT
LOCAL AGREEMENT dated: [insert date]
between:
[Insert Name and address of Service Provider entity] (“Service Provider”); and
[Insert Name and address of Aspen entity] (“Customer Group Company”).
BACKGROUND
On [insert date] the Service Provider [Note: or if a Cognizant Affiliate is to execute the Local Agreement, insert “Cognizant Worldwide Limited”], Aspen Insurance UK Services Limited, Aspen Insurance U.S. Services, Inc. and Aspen Bermuda Limited entered into an information technology outsourcing agreement for the provision of certain services from the Service Provider (the “Outsourcing Agreement”).
The Customer Group Company now requires the provision of certain services. The Service Provider has agreed to provide and the Customer Group Company has agreed to accept those services and deliverables on the terms of this Local Agreement that incorporates the applicable terms of the Outsourcing Agreement.
The parties now agree as follows:
1.
SUPPLY OF PRODUCTS AND SERVICES
1.1
The Service Provider hereby agrees to supply certain of the Services described in the Outsourcing Agreement to the Customer Group Company in accordance with the terms of this Local Agreement.
1.2
The Customer Group Company hereby appoints Aspen Insurance UK Services Limited (the “Managing Customer Party”) to carry out day to day management of the Services being provided to the Customer Group Company pursuant to this Local Agreement. [Drafting Note: delete if the Local Agreement is the UK Local Agreement.]
1.3
The Customer Group Company shall, pursuant to the terms of this Local Agreement, pay those parts of the Charges identified further to Schedule 10 (Charging & Invoicing) of the Outsourcing Agreement as being payable by it for the performance of the Services being performed for its benefit but shall have no other liability to pay Charges arising under the Agreement. For the avoidance of doubt, each Customer party to the main Outsourcing Agreement shall remain responsible for its share of the Charges payable under the Outsourcing Agreement.
2.
INCORPORATION OF TERMS AND INTERPRETATION
2.1
Incorporation of terms
Subject to the remaining provisions of this clause 2, the terms of the body of the Outsourcing Agreement (other than clause 3.4 of the body of the Outsourcing Agreement) and the Schedules to the Outsourcing Agreement (other than Schedule 9 (Form of Local Agreement) and the pricing in Schedule 10 (Charging & Invoicing) that is described as being applicable to members of the Customer Group other than the Customer Group Company) in effect as at the date of this Local Agreement (together “Agreement Terms”) are incorporated into this Local Agreement as if those terms were reproduced in full, amended as provided in this Local Agreement.




2.2
Interpretation of defined terms
Unless a contrary intention appears (for instance, where a term is separately defined in this Local Agreement), any defined term used in this Local Agreement has the meaning given to it in the Outsourcing Agreement except a reference to:
(a)
Customer” in the Outsourcing Agreement and the Schedules thereto shall be read as a reference to the Customer Group Company, save that the reference to “the Customer” in clause 3.5,  shall be read as a reference to the Managing Customer Party;
(b)
Where the Customer Group Company is the UK Customer, the US Customer or the Bermuda Customer, references to the “UK Customer”, the “US Customer” or “Bermuda Customer” as applicable shall be deemed to be a reference to such Customer Group Party in the Outsourcing Agreement; and
(c)
Agreement” in the Outsourcing Agreement and its Schedules shall be read as a reference to this Local Agreement.
2.3
Order of precedence
If there is any inconsistency between the Agreement Terms and the terms set out in the body of this Local Agreement, the terms set out in the body of this Local Agreement shall prevail to the extent of any inconsistency.
2.4
Liability
Each Party agrees in accordance with clause 34 of the Outsourcing Agreement that clause 34 sets out the total aggregate liability of each Party (including its Affiliates) to the other Party (including its Affiliates) under the Outsourcing Agreement including all SOWs and Local Agreements. As such, the parties agree that any and all liability arising under or in connection with this Local Agreement shall be subject to and included in the liability caps set out in clause 34 of the Outsourcing Agreement for all causes of action, whether arising in contract, tort (including negligence), breach of statutory duty, misrepresentation, on indemnity basis or otherwise) for all losses whatsoever and howsoever caused. For the avoidance of doubt, all amounts paid in damages by either Party (including its Affiliates) to the other Party (including its Affiliates) in respect of all claims arising under tor in connection with this Local Agreement shall count towards and be deducted from the aggregate caps set out in clause 34 of the Outsourcing Agreement and the claims herding provisions of clause 34.10 shall apply in respect of this Local Agreement.
3.
AMENDMENTS TO AGREEMENT TERMS
The Outsourcing Agreement terms as incorporated into this Local Agreement are amended as follows:
3.1
Notices
(a)
The notice details for the Service Provider specified in clause 41.2 (Notices) of the body of the Outsourcing Agreement shall be replaced with the following:
For Service Provider:                [NAME]
[ADDRESS]
Facsimile:                     [NUMBER]
Marked for the attention of:             [TITLE]
(b)
The notice details for the Customer specified in clause 41.2 (Notices) of the body of the Outsourcing Agreement shall be replaced with the following:
For Customer Group Company:            [NAME]




[ADDRESS]
Facsimile:                     [NUMBER]
Marked for the attention of:             [TITLE]
3.2
[Other
Insert any country specific amendments or additions to the Outsourcing Agreement.
(a)
Taxation
Insert any country specific taxation requirements (if any)
(b)
Data Protection/Privacy
[Amend the definition of “Data Protection Legislation” (if necessary) in Schedule 21 of the Outsourcing Agreement terms and insert country specific privacy requirements (if any).]
IN WITNESS WHEREOF, the parties hereto have signed and executed this Local Agreement on the date last written below.
Signed for and on behalf of                Signed for and on behalf of
[Insert name of Customer Group Company]        [Insert name of Supplier Group Company]    

SIGNED:……………………                SIGNED:……………………
[Name and Title]                    [Name and Title]
………………………………………            ………………………………………

[For US Local Agreements Only:

For the purposes of acknowledging that Cognizant Technology Solutions US Corporation will be providing services on behalf of Cognizant Worldwide Limited in the United States only:

SIGNED:……………………                
[Name and Title]                    
………………………………………            ]






SCHEDULE 10

PRICEBOOK, CHARGES AND INVOICING
All pricing shall be in USD, unless agreed in a Local Agreement / Statement of Work that local currency shall apply, and the Service Provider agrees that its pricing shall not be contingent upon nor adjustable because of currency fluctuations.

1.
INTRODUCTION
1.1
This Schedule 10 (Pricebook, Charging & Invoicing) sets out the Charges, and charging principles for the agreement.
2.
GENERAL
2.1
In consideration of the Service Provider providing the Services in accordance with the terms of this Agreement, the Charges payable by the Customer shall be as set out in this Schedule 10 (Pricebook, Charging & Invoicing), subject always to clauses 22.9 and 22.10.
2.2
The Charges set out in this Schedule 10 (Pricebook, Charging & Invoicing) shall, together with any Charges it is entitled to recover pursuant to clause 21 (Customer Dependencies), be the only compensation to which the Service Provider shall be entitled, for the provision of Services provided under this Agreement. In this regard, where a fee or charge is not identified in the Agreement for an activity to be undertaken by the Service Provider, such activity shall be carried out by the Service Provider at no cost to the Customer beyond the payment of the Charges as set out or calculated in accordance with this Schedule 10 (Pricebook, Charging & Invoicing), or agreed pursuant to the Contract Change Control Procedure.
2.3
Either Party may propose variations to the Run Services or New Services; (in each case via the Contract Change Control Procedure) or Change Projects or other ad hoc Services, (in each case by following the process described in Annex 5 to Schedule 2). Any such varied or additional Services shall be subject to the terms of this Schedule 10 such that the Change Control Note, SOW or Work Request that sets out the detail of such Services shall provide for Charges based in part or wholly on the Price Book in Appendix 10-A (including, to the extent applicable, the Rate Card and other pricing principles set out therein) and, for Change Projects, the principles set out in Appendix 10-C to this Schedule 10.
2.4
The Service Provider will be required to demonstrate that New Services are competitive and the Customer may test this by utilising the Benchmarking procedures. The Service Provider is responsible for maintaining up to date records of current Services Charges.
2.5
Save in respect of the application of indexation pursuant to paragraph 4 below or increases in the volume of Services provided, there shall be no increases to the Charges except as agreed through the Contract Change Control Procedure.
2.6
Where the Transition Charges and Transformation Charges are stated to be fixed amounts, this statement is without prejudice to the application and operation of clause 21 (Customer Dependencies) and clause 21.3 (Service Provider Right to Recover Costs).
2.7
The Price Book attached as Appendix 10-A (Pricebook), along with Appendix 10-I (Rate Card), Appendix 10-G (Change Flex Initial Position) and Appendix 10-K (Service Catalogue) reflects the Charges as at the Effective Date. The Baseline Volumes agreed as being applicable to the Services as at the Effective Date are as set out in:




2.7.1
Appendix 10-D (Baseline Volumes)
2.7.2
Appendix 10-G (Change Flex Initial Position) and
2.7.3
Appendix 10-A (Pricebook), Change Project tab (Column C).
The Customer may change each planned Service Commencement Date as defined in the Transition Plan on a Service Tower by Service Tower basis, subject to the Contract Change Control Procedure. The Service Provider cannot unreasonably refuse a Change Control for this purpose.
2.8
The Service Provider shall ensure it pays its Personnel at least the living wage applicable to the location from which Service Provider Personnel provides the Services or, if higher, the statutory minimum wage.
2.9
The Customer and the Service Provider shall comply with the Appendices to this Schedule 10 (Pricebook, Charging & Invoicing).
2.10
Where it is expressly specified that the Parties can agree amendments to the charging arrangements in this Schedule 10 without using the Contract Change Control Procedure, these must be agreed in writing by the Customer’s Contract Manager and the Service Provider’s CIO prior to implementation.

3.
INVOICING
3.1
The Service Provider shall invoice each Customer for amounts due and payable under the Agreement or a SOW (as applicable) in accordance with the payment profile specified in this Schedule 10 (Pricebook, Charging & Invoicing) and its appendices and each applicable Local Agreement. Where agreed in a Local Agreement or a SOW or otherwise in writing, the Service Provider may also invoice the Customer Affiliates in accordance with that Local Agreement or SOW or as otherwise agreed in writing. The Customer agrees to provide the Service Provider in a timely manner the purchase reference ID information (e.g. purchase order number, purchase reference ID or contract ID) required to be used by the Service Provider in connection with its invoices.
3.2
Invoices shall be raised by the Service Provider in arrears by the end of the tenth (10th) day following the end of the month in which the Services were provided or the relevant Milestone was achieved or the relevant Charges were incurred (as applicable), or as otherwise specified in any SOW. Where Charges are specified as a quarterly amount, the Service Provider’s monthly invoice will include one-third of the said quarterly charges so as to convert it to monthly charges.
3.3
The Service Provider shall issue invoices in respect of Charges applicable to the provision of Transition Services and Transformation Services and invoices in respect of Charges applicable to the provision of other Services to: (i) the Customer Parties and (ii) such other Customer Affiliates as are parties to a Local Agreement or a SOW or as otherwise notified to the Service Provider in writing from time to time. Invoices shall be payable by the relevant Customer Party or Customer Affiliate pursuant to this Agreement, and/or any Local Agreements or SOWs that apply to such Customer Parties and/or Customer Affiliates The amounts referenced in such Local Agreements or SOWs shall be the amounts payable by the Customer Parties or Affiliates who are party to such Local Agreements or SOWs.
3.4
The relevant Customer Affiliate shall pay to the Service Provider or the Service Provider shall pay to the relevant Customer Affiliate (in the same proportion as the Charges paid by each Customer Affiliate) an adjustment ("Reconciliation Sum") to any invoice issued to the Customer to reflect:
Where the invoices were based on estimated volumes, the value of the difference between the number of units used to calculate that invoice and the number of units on which the charges should have been based, as set out in the relevant section of this Schedule 10;




Service Credits due to the Customer;
Liquidated Damages due to the Customer;
the value of any adjustment related to the Volume Discount set out in paragraph 22;
any adjustment for a period required under Schedule 11 (Benchmarking); or
any other adjustment agreed in writing by the Parties.
The Reconciliation Sum will be applied on a month by month basis, in arrears and where sums are owed to the Customer will be a reduction to the next monthly invoice and where sums are owed to the Service Provider these will be added to the next monthly invoice. The Customer may, where the Reconciliation Sum is greater than the amount of Charges to be invoiced, request that the Reconciliation Sum (where it is owed to Customer) be recoverable via a credit note.
3.5
Where it is agreed in an SOW or Contract Change Note that local currency invoicing is required, but the SOW or Contract Change Note stipulates the price in a different currency without a foreign exchange rate being specified, then the foreign exchange rate to be applied shall be that published by the Financial Times, London on the Service Commencement Date of the SOW or the effective date of the Contract Change Note (which shall be the date on which the final signature was given), unless otherwise agreed between the Parties in writing and the same will be applied for the duration of the SOW or Contract Change Note as applicable.
3.6
Each invoice shall specify the Charges payable by each Customer in respect of each Service Tower and, at the relevant Customer’s direction, provide a breakdown of the Charges by that Customer’s line of business. The Service Provider shall calculate the breakdown of Charges between the Customers based on the number of End Users in each Customer and, where applicable, in each line of business, it being agreed that the UK Customer shall be responsible for providing the Service Provider with an up to date summary of the breakdown of End Users by Customer and by line of business in order for this to occur.
3.7
Properly submitted and valid invoices shall be paid by the relevant Customer Affiliate in accordance with clause 22.3 (the agreed payment terms of the Agreement) provided that:
3.7.1
the invoice fulfils the requirement of paragraph 3.11 below;
3.7.2
the Service Provider provides all information in connection with its invoice as the Customer shall reasonably require; and
3.7.3
invoices reference the purchase reference ID (purchase order number or contract ID) as provided by the Customer to the Service Provider.
3.8
All invoices should be addressed to the relevant Customer Party or the Customer Affiliate with whom the Service Provider is contracted pursuant to a Local Agreement or SOW or as otherwise notified by the Customer. If in doubt, the Service Provider is expected to contact the UK Customer to confirm.
3.9
Electronic copies of the invoices are required and should be sent to the Customer’s then current e-billing address ([***]) with copies to such other email addresses as the Customer may notify the Service Provider of from time to time.
3.10
Only if an electronic invoice has not already been sent by email (as outlined in paragraph 3.9) and/or the Service Provider is unable to submit the invoice electronically, then the original invoices must be sent directly to the addresses specified in each applicable Local Agreement.




3.11
All invoices shall be submitted in a form specified by the Customer and shall:
3.11.1
specify the relevant Customer and the period to which the invoice relates;
3.11.2
separately itemise and specify each of the Charges and the associated Service to which the invoice relates;
3.11.3
For Maintenance and Support Services, separately itemise the Charges for local Users (as per the Operations and Service Delivery tab of Appendix 10-A)
3.11.4
separately itemise any expense or taxes said to be payable by the Customer;
3.11.5
separately itemise any Service Credits applied pursuant to Schedule 3 (Service Levels and Service Credits), Liquidated Damages payable pursuant to Schedule 8 (Transition and Transformation) or other deductions applied to the Charges as part of the Reconciliation Sum as set out in paragraph 3.4;
3.11.6
specify the Service Provider's VAT code;
3.11.7
contain any other information reasonably required by Customer, from time to time as notified by the Customer at least thirty (30) days prior to the Service Provider issuing the invoice; and
3.11.8
contain Customer's required purchase order number, purchase reference ID, and/or contract ID as confirmed by the Customer to the Service Provider from time to time.
3.11.9
In particular, invoices relating to Change Management Charges will include the period of the Services; level of resources utilised; rate cards used; applicable discounts, SOW reference number, Customer project code (where advised by the Customer), and such other matters as may be specified in both Appendix 10-B to this schedule and the applicable Statement of Work or Change Control Note.
3.12
The Service Provider shall in respect of each monthly invoicing run provide to the UK Customer a break‑down of the total amount of invoiced Charges arising during that month, pursuant to this Agreement, setting out the matters referenced in paragraph 3.11 together with the calculations used to reach the amount of Charges that are being invoiced. This will be accompanied by a break down as to which Customer Affiliate has been invoiced for the same, so as to demonstrate the amount of the Charges attributable to Services consumed by each Service Tower in respect of each Affiliate invoiced.
3.13
It is acknowledged that, during the Term, the Customers may implement changes to its purchase order and invoicing process, including without limitation, the introduction of an e‑portal for invoicing. The Service Provider shall comply with any such changes at no cost to the Customer (unless there is a charge for using such e-portal), in accordance with the Contract Change Control Procedure as required by the Customers.
3.14
All Charges shall be expressed, invoiced and payable in US Dollars except to the extent otherwise agreed in writing by the Parties. Any and all fluctuations or changes in any exchange rates shall be at the risk of the Service Provider and shall not be passed on to Customer in any form.
3.15
An invoice shall not be valid (and the associated payment obligation shall therefore become null and void) if it is raised more than one hundred and twenty (120) days after the end of the month in which such Services were performed or the relevant Milestone met and, if such happens the Service Provider shall, notwithstanding clause 46, be deemed to have waived its rights to be paid for such Services.
4.
INDEXATION




4.1
On:
4.1.1
1 October 2020, in respect of the resource elements of the Services referenced in Appendix 10-J of this Schedule (10) (which specifies the proportion of Services Charges to which indexation will apply (the “Indexation Sensitivity”)); and
4.1.2
each subsequent anniversary thereafter (in each case, the "Indexation Date"),
the Service Provider may perform an indexation review in accordance with this paragraph 4.
4.2
Unless otherwise agreed in writing between the Parties but subject to paragraphs 4.3 and 4.4 below:
4.2.1
the Charges for services delivered from India shall be adjusted by the annual percentage change in the Consumer Prices Index published by the Reserve Bank of India (measuring the immediate previous twelve (12) months) in the month prior to the Indexation Date, up to a maximum of [***] per cent ([***]%);
4.2.2
the Charges payable for UK Onshore Services shall be adjusted by the annual percentage change in the UK Consumer Prices Index published by the UK Office for National Statistics (measuring the immediate previous twelve (12) months) in the month prior to the Indexation Date, up to a maximum increase of [***] per cent ([***]%); and
4.2.3
the Charges payable for US Onshore Services shall be adjusted by the annual percentage change in the US Consumer Prices Index published by the US Federal Reserve (measuring the immediate previous twelve (12) months) in the month prior to the Indexation Date, up to a maximum increase of [***] per cent ([***]%);
4.2.4
to the extent other onshore resources are deployed in Bermuda or other Customer Locations, the Parties shall agree an applicable index but agree that save to the extent the Service Provider can demonstrate that circumstances require a different cap, any such indexation shall be capped at [***] per cent ([***]%);
(each, an "Applicable Increase").
4.3
The Service Provider shall confirm the results of the indexation review to the Customer by no later than the Indexation Date and meet with the Customer to discuss the results generated by paragraph 4.2 and the outcome of the indexation review, to allow the Customer to validate the calculations performed by the Service Provider and agree with the Customer the Applicable Increase(s) (if any).
4.4
Once the Applicable Increase(s) is calculated and determined pursuant to paragraphs 4.2 and 4.3, the Service Provider may apply such Applicable Increase(s) to the relevant Services Charges so as to adjust the Charges payable from the Indexation Date in respect of Services provided after the Indexation Date.
4.5
The Parties further agree that it is their intention that any impacts of inflation on the Services shall be managed by the delivery of annual improvements in efficiency and productivity. The Service Provider will, in all cases, endeavour to minimise the application of indexation through productivity improvements in the delivery of the Services. The Applicable Increase(s) will only be accepted by the Customer in event that the Service Provider can demonstrate that appropriate actions have been taken to minimise the application of the Applicable Increase(s). Any delay or dispute arising from Applicable Increase(s) will not have any negative impact to the Service delivery.
5.
TRANSITION CHARGES
5.1
The Transition Services as described in Schedule 8, Appendix 1 will be provided [***] from the Service Provider to the Customer, regardless of the actual effort undertaken, subject always to the terms of clause 21 (Customer Dependencies). This is because the Service Provider has agreed to waive these




charges, which are shown in Appendix 10-L (Transition Baseline Information) for information purposes only to support the validation of any Changes to Transition.
5.2
Notwithstanding paragraph 5.1 above, Charges for Transition may become payable where:
5.2.1
the parties agree a Change to Transition pursuant to the Contract Change Control Procedure and that such Change should be chargeable; or
5.2.2
pursuant to clause 21.3, the Service Provider is entitled to recovery of costs in the event the Customer fails to meet a Transition related Customer Dependency.
5.3
The day rates applicable to any Change Control for purposes identified in 5.2 above are set out in the Rate Card in Appendix 10-I of this Schedule (10). Where there are roles shown in Appendix 10-L (Transition Baseline Information) which do not align with the roles in the Rate Card, the Parties shall work in good faith to agree equivalent roles to be applied in calculating the Charges due.
5.4
Expenses will be billed pursuant to paragraph 17.
5.5
If the Service Provider fails to achieve the target Service Commencement Date for a specific Service Tower, the Service Provider shall be liable to pay:
5.5.1
Transition related Liquidated Damages pursuant to clause 10.1 (Liquidated Damages) of the Agreement, which will apply in the event the relevant Service Commencement Date of the relevant Service Tower is delayed beyond [***] as follows:
Service Tower
Liquidated Damages payable per Business Day
Cap on Liquidated Damages for this Service Tower
Common services
$ [***]
$ [***]
Infrastructure Management
$ [***]
$ [***]
Operations and Service Delivery
$ [***]
$ [***]
Application Management
$ [***]
$ [***]
Network
$ [***]
$ [***]

5.5.2
The following amounts to enable the Customer to realise the cost reductions planned to take effect at the planned Service Commencement Dates for each Service Tower, pursuant to clause 5.3 of the Agreement. These will apply in the event the Service Commencement Date is delayed beyond [***] and will accrue per Business Day of delay as follows:
Service Tower

Planned Service Commencement Date
Amount payable per UK Business Day of delay
Common Services
[***]
[***]
Infrastructure Management
[***]
[***]
Operations and Service Delivery
[***]
[***]
Application Management
[***]
[***]
Network Management
[***]
[***]






6.
SERVICE DISCOUNT
6.1
In addition to, and without prejudice to, the volume discounts referenced in paragraph 16 below, the Service Provider will give a one-time discount as a ‘Service Discount’ on the Run Services Charges amounting to [***] US Dollars (USD [***]). This shall be credited against the invoices for Run Charges in 2018 in the following amounts. In the event there are insufficient Run Charges in any calendar month for the Service Discount due in that month (including any carried forward form the previous month) to be applied in full, any residual amount will be credited the following calendar month (whether the invoice is issued in 2018 or after 2018).
 
Calendar Month
Service Discount
 
 
Sept 18
$ [***]
 
Oct 18
$ [***]
 
Nov 18
$ [***]
 
Dec 18
$ [***]

6.2
The application of the discount in paragraph 6.1 above shall not impact the calculation of the Charges, which shall be calculated as set out in the remainder of this Schedule 10. No further discount shall be applied in respect of this Service Discount.
6.3
In the event the Customer does not spend a total of $[***] ([***] US dollars) on Change Management Services in any one Contract Year, then the Customer shall pay to the Service Provider a sum equal to [***] in respect of that Contract Year. This amount shall be included in the next invoice after the end of the relevant Contract year.

7.
SERVICES CHARGES
7.1
The Services Charges are defined in two categories:
7.1.1
Run Services Charges which apply to the following Service Towers:
(i)
Common Services
(ii)
Infrastructure Management
(iii)
Operations and Service Delivery
(iv)
Application Management
(v)
Network Management
(vi)
Service Catalogue
(vii)
Committed Transformation and Future Transformation
7.1.2
Change Management Services Charges which apply to the following Service Towers:
(i)
Core/ Flex Change Teams




(ii)
Change Projects
7.2
The Run Services Charges are payable (and the provisions of this paragraph 7 along with Service Towers in paragraphs 8,9,10, 11 and 12 are applicable):
7.2.1
in respect of the Services set out in Annexes 1-7 (excluding Annex 5) of Schedule 2 (Service Description), and
7.2.2
from the Service Commencement Date for the relevant Service Tower.
7.3
It is expressly agreed that the Service Provider must provide such resources as are necessary to provide the Services to handle the Forecast Volumes identified pursuant to section 18 of this Schedule 10.

8.
COMMON SERVICES CHARGES
8.1
The Common Services Charges are set out in the Price Book (Appendix 10-A) in the table titled Common Services' (the "Common Services Charges").
8.2
The ‘Data Connectivity' elements of the Common Services Charges are chargeable to the Customer on a pass-through basis on the actual costs to the Service Provider, provided that any increases to the amounts set out in 'Common Services Charges' table in the Price Book that the Service Provider believes should be payable by the Customer, shall be subject to the Change Control Procedure.
8.3
The Service Provider acknowledges and accepts that the Common Services Charges will not increase according to volume of Services, unless agreed in writing between the parties.
8.4
Where there are incremental tools which the Service Provider utilises to deliver the Services, these are listed in the Common Services Charges in the Price Book (Appendix 10-A).
8.5
The Service Provider will supply for the duration of the Agreement the tools required to deliver the Services as set out in this Agreement at no additional cost to the Customer. If the tools are not fit for purpose, the Service Provider shall remediate or replace at its own cost. Should new tools be required to deliver the Services detailed within this Agreement, then the Service Provider will provide these free of any charges. However, should the Customer request a change to the Services or New Services that require new or additional tools then the Parties shall discuss the cost of such new tools as part of the overall discussion on charging for the changed Services or New Services and may use the Tooling Fund described in paragraphs 21.5-21.7 of this Schedule 10 for such purpose.
8.6
The Service Provider will provide a quarterly breakdown of the Common Services Charges and demonstrate they remain applicable to the total volume of Run Services and Change Management Services. Any proposed increases to the Common Services Charges by the Service Provider, shall not be by a greater percentage than the aggregate total percentage increase of Charges for the other Service Towers listed in paragraph 7.1.1. For avoidance of doubt, only material increases to Charges in respect of the other Service Towers that impact the Common Service Charges will be considered by the Customer and the Service Provider shall not at any time be entitled to propose increases proportionately greater than the percentage increase to the other Service Towers.

9.
INFRASTRUCTURE MANAGEMENT CHARGES
9.1
The applicable Infrastructure Management Charges are set out in Appendix 10-A (Price Book) in the tab ‘Infrastructure Mgt.’.
9.2
The monthly Infrastructure Management Charges are calculated on a P x Q basis, where:




P = the applicable Unit Rate per month in the ‘Infrastructure Services Charges’ tab of the Price Book set out in Appendix 10-A; and
Q = the number of units that is the applicable number of units as determined pursuant to paragraph 9.3 below.
9.3
The ‘Q’ measurement in 9.2 will be provided by the Service Provider on a calendar monthly basis at the start of each month, based on the volumes at the end of the previous month. The monthly Infrastructure Management Charges will be calculated using that Q measurement. There is a tolerance of plus/minus [***] for changes to unit volumes from month to month in any calendar quarter. Changes to Q within a calendar quarter which are less than [***] increase or decrease will not change the Q used to calculate the monthly Infrastructure Management Charges in that quarter. Once the change to Q within a quarter exceeds plus/minus [***] then the Infrastructure Management Charges will be calculated using the new Q in the following month. Q will be re-baselined at the start of each subsequent quarter using the Q measurement from the preceding month. No retrospective Infrastructure Management Charges will be applied.
9.4
The ‘P’ shown in the Price Book is valid up to [***] of the Baseline Volumes shown in Appendix 10-D, unless the Baseline volume is less than 10 in which case the ‘P’ shall be valid within the provisions shown in Appendix 10-M.
9.5
There are no minimum or maximum levels of units (‘Q’) in 9.2. The Customer may vary the volumes above or below the thresholds in paragraph 9.4 above by agreeing a revised unit rate (‘P’) for the revised number of units (‘Q’) via the Contract Change Control Procedure. The applicable unit rate (‘P’) will decrease as the number of units (‘Q’) increases over the baseline set out in Appendix 10-A of this Schedule (10). The applicable unit rate (‘P’) will not decrease except for the reductions which are defined in the Price Book (Appendix 10-A). Changes to the unit price (‘P’) will apply from the next full quarter after the change is agreed.

10.
OPERATIONS AND SERVICE DELIVERY CHARGES
10.1
The Operations and Service Delivery Charges are set out in Appendix 10-A (Price Book), in the tab ‘Operations & Service Del.’.
10.2
The Operations and Service Delivery Charges consist of two components;
10.2.1
Service Desk Charges
10.2.2
Maintenance and Support Charges
10.3
Both Service Desk Charges and Maintenance and Support Charges are calculated on a calculated on a P x Q basis, where:
P = the applicable Unit Rate per month in the ‘Operations and Service Del’ tables of the Price Book set out in Appendix 10-A; and
Q = for Service Desk Charges, the total number of End Users and for Maintenance and Support Charges, the total number of End Users in each category set out in Appendix 10-D Baseline Volumes, each as determined pursuant to paragraph 10.4 below.
10.4
In respect of both Service Desk Charges and Maintenance and Support Charges, the ‘Q’ measurement in 10.3 will be provided by the Service Provider on a calendar monthly basis at the start of each month, based on the volumes at the end of the previous month. The monthly Service Desk Charges and Maintenance and Support Charges will be calculated using that Q measurement. Pursuant to paragraph 3.6, the UK Customer shall advise the Service Provider of the breakdown of End User numbers by Customer and by line of business. There is a tolerance of plus/minus [***] percent ([***]%) for changes ’Q’ from month to month in any calendar quarter. Changes to ‘Q’ which are less than [***] percent ([***]%) increase or decrease will not change the Q used to calculate the Operations and




Service Delivery Services Charges in that quarter. Once the change to ’Q’ exceeds plus/minus [***] percent ([***]%) then the Operations and Service Delivery Charges will be calculated using the new ‘Q’ in the following month. Q will be re-baselined at the start of each subsequent quarter using the Q measurement from the preceding month. No retrospective Operations and Service Delivery Charges will be applied.
10.5
The ‘P’ shown in the Price Book is valid up to [***]% of the Baseline Volumes shown in Appendix 10-D. Charges for volumes outside this [***]% threshold will be agreed via the Contract Change Control Procedure.
10.6
Offshore Service Desk Option: the Parties acknowledge that the Service Provider’s costings for adopting an Offshore Service Desk are set out in Appendix 10-H. This option is not being invoked as at the Effective Date but if it ever is, then the associated Run Charges shall be reduced to reflect the difference between the then current Service Desk price and the Offshore Service Desk price set out in the Price Book. The parties shall agree the Charges for the migration of the Service Desk to the Offshore Service Desk via the Contract Change Control Procedure.

11.
APPLICATION MANAGEMENT CHARGES
11.1
The Application Management Charges, are shown in Appendix 10-A (Price Book) in the tab ‘Apps. Mgmt.’. Schedule 2, Appendix 2-C (Application List) sets out which Applications are in each category.
11.2
Appendix 10-B sets out the basis for the Application Management Charges and the approach to charging for additions/removals of applications.

12.
NETWORK MANAGEMENT CHARGES
12.1
The Network Management Charges are shown in Appendix 10-A (Price Book) in the tab ‘Network MS’.
12.2
The Network Management Charges are calculated on a P x Q basis, where:
P = the applicable Unit Rate per month in the ‘Network MS’ tab of the Price Book set out in Appendix 10-A; and
Q = the number of units that is the applicable number of units as determined pursuant to paragraph 12.3 below.
12.3
The ‘Q’ measurement in paragraph 12.2 above will be provided by the Service Provider on a calendar monthly basis at the start of each month, based on the volumes at the end of the previous month. The monthly Network Management Charges will be calculated using that Q measurement. There is a tolerance of plus/minus [***] percent ([***]%) for changes to unit volumes from month to month in any calendar quarter. Changes to Q within a calendar quarter which are less than [***] percent ([***]%) increase or decrease in a calendar quarter will not change the Q used to calculate the monthly Network Management Charges. Once the change to ‘Q’ within a quarter exceeds plus/minus [***] percent ([***]%) then the Network Management Charges will be calculated using the new Q in the following month . Q will be re-baselined at the start of each subsequent quarter using the Q measurement from the preceding month... No retrospective Run Services Charges will be applied.
12.4
The ‘P’ shown in the Price Book is up to [***]% of the Baseline Volumes shown in Appendix 10-D.
12.5
There are no minimum or maximum levels of units (‘Q’) for the purposes of paragraph 12.2. The Customer may vary the volumes above or below the [***]% threshold in paragraph 12.4 above by agreeing a revised unit rate (‘P’) for the revised number of units (‘Q’) via the Change Control procedure. The applicable unit rate (‘P’) will decrease as the number of units (‘Q’) increases over the baseline set out in Appendix 10-A of this Schedule (10). The applicable unit rate (‘P’) will not decrease except




for the reductions which are defined in the Price Book (Appendix 10-A). Changes to the unit price (‘P’) will apply from the next full quarter after the change is agreed.

13.
CHANGE MANAGEMENT CHARGES
13.1
The Change Management Charges are shown in Appendix 10-A (Price Book) in the tab ‘Change Project’ and the resource rates where they apply in Appendix 10-I (Rate Card). These are split into the following categories:
13.1.1
Programme Management and Common Services Change Support
13.1.2
Centres of Excellence, as follows:
(i)
Infrastructure and Security
(ii)
Duck Creek
(iii)
Guidewire-Claimscenter
(iv)
Agile - DevOps
(v)
Data
(vi)
Testing
(vii)
FSS
(viii)
Business Applications
The Service Descriptions applicable to 13.1.1 and 13.1.2 are contained within Schedule 2 Annex 5 (Change Management) which also describes the levers that the Service Provider will use to deliver agreed benefits to the Customer in the provision of the Change Management Services. Some of these benefits, such as FTE reductions and the offshoring of resources, are factored into the Change Management Charges shown in Appendix 10-A.
13.2
The Change Management Charges will only commence upon Service Commencement Date for the relevant Centre of Excellence being established and being utilised.
13.3
The FTE rates applicable will be as provided in the Rate Card as set out in Appendix 10-I (Rate Card).

CORE / FLEX MODEL
13.4
The applicable charges for the services set out in paragraph 13.1 will comprise a component which is fixed based on the annual forecast agreed between the two Parties (the ‘Core’) and a component which is flexible (the ‘Flex’) which is based on a monthly and quarterly review.
13.5
The initial Core resource levels are set out in the ‘Core FTE’ column of the Change Project tab of Appendix 10-A (Pricebook). The Parties agree to review the FTE volumes in the Core and Flex within 3 months of the Service Commencement Date to optimise the mix of Core and Flex resources.
13.6
The initial level of Flex resources will be set out in ‘Appendix 10-G (Change Flex Initial Position).




13.7
The Customer will be able to change the resource mix requirements of each Core team and the Flex resources as described in Annex 5 of Schedule 2 by giving at least 60 days’ notice to the Service Provider. In no circumstance can the Service Provider unreasonably refuse the requested resource mix requirements of the Customer.
13.8
The charges for the Core and Flex elements of each component of the Change Management Services set out in 13.1 along with the charging basis is set out in the table below




Category of Change Management Service
Charges for the Core
Charges for the Flex
Programme Management
As set out in in the relevant row of the Change Project tab of in the Price Book in Appendix 10-A
Based on the rate card set out in Appendix 10-I (Rate Card) and one of the Charging Options set out in Appendix 10-C
Common Services Change Support
As set out in in the relevant row of the Change Project tab of in the Price Book in Appendix 10-A
n/a
IT Infrastructure and Security
As set out in in the relevant row of the Change Project tab of in the Price Book in Appendix 10-A
Includes a level of BAU Change as set out in Schedule 2 Annex 2 (Infrastructure Services)
Based on the rate card set out in Appendix 10-I (Rate Card) and one of the Charging Options set out in Appendix 10-C.
Duck Creek
As set out in in the relevant row of the Change Project tab of in the Price Book in Appendix 10-A
Based on the rate card set out in Appendix 10-I (Rate Card) and one of the Charging Options set out in Appendix 10-C.
Guidewire
As set out in in the relevant row of the Change Project tab of in the Price Book in Appendix 10-A
Based on the rate card set out in Appendix 10-I (Rate Card) and one of the Charging Options set out in Appendix 10-C.
Agile DevOps
As set out in in the relevant row of the Change Project tab of in the Price Book in Appendix 10-A
Based on the rate card set out in Appendix 10-I (Rate Card) and one of the Charging Options set out in Appendix 10-C.
Data
As set out in in the relevant row of the Change Project tab of in the Price Book in Appendix 10-A
Based on the rate card set out in Appendix 10-I (Rate Card) and one of the Charging Options set out in Appendix 10-C.
Testing
As set out in in the relevant row of the Change Project tab of in the Price Book in Appendix 10-A
Based on the rate card set out in Appendix 10-I (Rate Card) and one of the Charging Options set out in Appendix 10-C.
FSS
As set out in in the relevant row of the Change Project tab of in the Price Book in Appendix 10-A
Based on the rate card set out in Appendix 10-I (Rate Card) and one of the Charging Options set out in Appendix 10-C.
Application Management
As set out in in the relevant row of the Change Project tab of in the Price Book in Appendix 10-A
Based on the rate card set out in Appendix 10-I (Rate Card) and one of the Charging Options set out in Appendix 10-C.





13.9
Any interim changes to the Core / Flex resource levels pursuit to paragraph 13.4 and 13.6 will be documented in a Change Control Note, or other suitable method of recording and agreeing the changes.
13.10
Every subsequent Contract Year, the ITO Delivery Board will review and agree the Core resource levels required for every component of service in paragraph 13.7 along with the corresponding charges. Any changes to the previous year (or current agreed Core / Flex resource levels) will be documented in a Change Control Note.
13.11
The Customer may require additional Centres of Excellence and/or other Change teams to be established during the course of this Agreement. The Customer will provide a forecast of demand in order for the Service Provider to establish an appropriate ‘Core/Flex’ approach. The Service Provider will demonstrate to the Customer’s reasonable satisfaction how the additional Centres of Excellence/ change teams will be priced in order to deliver value for money to the Customer.
CHARGES FOR PROJECTS
13.12
Large Projects, will be contracted under an SOW.
13.13
The delivery team for each Large Project will contain resources from the appropriate Core resources (depending on availability) to ensure knowledge of the Customer.
13.14
The SOW will document the Charges for the Large Project based on a combination of:
13.14.1
The level of Core resources being utilised (the Charges for which are already included per paragraph 13.7)
13.14.2
The level of Flex resources, with Charges for these being calculated in accordance with the agreed charging methodology (Appendix 10-C) and by reference to the relevant Rate Card (Appendix 10-I)
13.15
Small Projects will be performed by Core resources within the charges for the Core as set out in paragraph [3.7] above and therefore are not necessarily contracted under a SOW.
13.16
The draw-down of resource effort and the available capacity will be managed and agreed at the monthly ITO Delivery Board and managed by the Service Provider.
13.17
In the event that delivery of a Change Project is delayed and that Change Project is not charged on a T&M basis then, subject to clause 21, (Customer Dependencies), the Service Provider shall fund any additional Core resource time used to deliver work during the period of delay] through the crediting of equivalent additional Flex days to the Customer.
CHANGE SPEND COMMITMENT
13.18
The Service Provider has set out a number of value add initiatives for the Customer to benefits from throughout the Term of this agreement.
13.18.1    Service Discount (paragraph 6)
$[***]
13.18.2    Tooling Fund (paragraphs 21.5-21.7)
$[***]
13.18.3    Incremental Innovation Pool (paragraphs 21.1-21.4)
 
(being [***]% of the total available Innovation Pool)
$[***]
(for the Initial Term; may be extended pursuant to paragraph 21.1.5(iii))

13.19
The Parties agree that the benefits set out in paragraph 13.18 are subject to the Customer achieving a level of spend for all Change Management Services (as defined in this paragraph 13) of $[***] ([***]




US dollars) or more per Contract Year, except in respect of the Incremental Innovation Pool as set out in paragraph 21.1.2.
13.20
The level of spend on Change Management Services will be calculated based on the agreed Charges and timescales for the Change Management Services (as documented in the relevant SOW, Work Request or otherwise in Schedule 2, Annex 5). [***].
TIME TRACKING
13.21
For all Change Management Services charged on a T&M basis, work performed by COEs (but excluding any work charged under a fixed price Work Request or SOW) and for work performed by the Run Services Change Pool, the Service Provider will record time spent by Service Provider Personnel against each project code provided by the Customer in the Customer’s timesheet reporting system, as described in paragraph 4.10.6 of Schedule 2 Annex 5.
14.
TRANSFORMATION CHARGES
14.1
The Transformation Charges are fixed for the delivery of the Committed Transformation regardless of the actual effort undertaken, subject always to the terms of clause 21 (Customer Dependencies). The “Transformation” tab of the Price Book (Appendix 10-A) shows the total Charges for each Committed Transformation. Although shown monthly, these will be invoiced against Milestones as set out in paragraph 14.2 below.
14.2
The Charges for each of the Committed Transformations may be invoiced in the following proportions upon approval by the Customer of the relevant Transformation Milestone:
Key Milestone
Proportion of Charge in respect of a Committed Transformation
Initiation (start date for Detailed Design Phase)
[***]%
Plan and Design (end date for Detailed Design Phase)
[***]%
Build and Test (end date for Build and Test Phase)
[***]%
“Go Live”
[***]%
Holdback made pursuant to clause 10.4 (Holdback), payable two (2) months after the Go Live Date, except for Network Segmentation and Azure Public Cloud Migration which shall be payable three (3) months after the Go Live Date.
[***]%

For Future Transformations (performed pursuant to Schedule 8), the Parties may agree an alternative approach in writing, including as part of the adoption of agile delivery methodologies. In the event the Parties decide to change the delivery methodology, they shall work together to ensure that an equivalent milestone regime is agreed.
14.3
If the Service Provider fails to achieve the target Go Live Date for a specific Committed Transformation, then:
14.3.1
Where Liquidated Damages apply, the Service Provider shall be liable for Liquidated Damages pursuant to clause 10.1 (Liquidated Damages) and in accordance the table below These will apply in the event the Go Live Date for the relevant Committed Transformation is delayed beyond [***].




Ref
Committed Transformation
Liquidated Damages payable per Business Day
Cap on Liquidated Damages for this Committed Transformation
CT-1
[***]
[***]%
[***]%
CT-2
[***]
[***]%
[***]%
CT-3
[***]
[***]%
[***]%
CT-4 & CT-5
[***]
[***]%
[***]%
CT-8 & CT-9
[***]
[***]%
[***]%
CT-10
[***]
[***]%
[***]%

14.3.2
[***]:
(i)
[***]; and
(ii)
[***].
14.4
In relation to each Transformation Project, the Service Provider has provided an underwritten commercial benefit relating to Services Charges within the Run Charges in the Price Book.

15.
SERVICE CATALOGUE CHARGES
15.1
The Service Provider shall manage and maintain the Service Catalogue, each Catalogue Item with an agreed Charge and target time for the provision of the Service. The initial Service Catalogue is set out in Appendix 10-K.
15.2
The Service Catalogue Charges will only apply in the event;
15.2.1
Where the Service Catalogue item relates to Operations and Service Delivery, there is no available capacity within the Operations & Service Delivery team to perform the Service Catalogue based activities; or
15.2.2
the capacity within either the Run Services Change Pool and/or the capacity for the relevant Change Management COE (as set out in Annex 5 of Schedule 2) has been used up; or
15.2.3
for Large Projects, where the Service Catalogue items form part of the project and are agreed to be provided at the agreed Charges for those Service Catalogue Items, unless Customer directs the use of 15.2.1; or
15.2.4
the Customer requires them to be handled as Service Catalogue items so as to preserve the capacity within the Run Services Change Pool or the relevant Change Management COE.
15.3
For the avoidance of doubt, the Customer Contract Manager or their Representative must pre-approve any Service Catalogue item spend.
15.4
The Service Provider shall on an ongoing basis identify any repeat requests made by the Customer which would benefit from inclusion within the Service Catalogue and propose their inclusion within the Service Catalogue together with a proposed Charge and target. Inclusions shall be subject to written agreement.




15.5
A number of Catalogue Items within the Service Catalogue may be combined into a single Catalogue Item called a Bundle (“Bundle”). The Charge for a Bundle may be less than the sum of the charges for its constituent Catalogue Items but in any event will be no more than the sum of the charges for its constituent Catalogue Items.
15.6
The entire Charge for a Catalogue Item or Bundle (where a Charge is present in the Service Catalogue) is indicated against that item within the Service Catalogue.
15.7
Where 10 (ten) or more Physical IMACs are performed at the same location and at the same time, Customer may request these to be provided through a SOW. The charge for the SOW will be no more than the charge would have been through the Service Catalogue
15.8
The Service Catalogue will be updated as required via Change Control Procedure. The Customer may request additional items to be added to the Service Catalogue. The Service Provider may not unreasonably refuse to include these additional items.
15.9
The Service Catalogue will be formally reviewed annually in order to ensure that the Service Catalogue remains relevant to the Customers’ business requirements.

16.
RATE CARD
16.1
Where the Customer requires additional services that are within the scope of the Services, the parties may use the appropriate Rate Card from the Price Book in Appendix 10-I (Rate Card).
16.2
The rates set out in paragraph 16.1 above are the rates chargeable by the Service Provider in relation to the professional day, such that the amount charged will be reduced on a pro‑rated basis if the relevant Personnel member does not work the full day.
16.3
When calculating Charges pursuant to the rates, the Service Provider will ensure that it deploys the most appropriate resource to the required tasks and will, in any event, agree the grades of Personnel to be used to perform the Services with Customer.
16.4
The rates in the Rate Cards from which the Change Management Charges are calculated are all fully loaded fees and shall, for the avoidance of doubt and without limitation, include the following in respect of which no additional Charges shall be chargeable:
16.4.1
an FTE Working Day of no less than eight (8) Working Hours for Onshore Personnel and Landed Resource and nine (9) Working Hours for Offshore Personnel, in each case inclusive of contractual breaks. For avoidance of doubt, the Service Provider's standard ‘available production hours’ (i.e. excluding any time taken for vacation, holidays, weekends and contractual breaks of 1 hour per day) per year included in the Charges are one thousand five hundred and fifty four hours (1,540) for US and UK based Service Provider Personnel, and one thousand, seven hundred and seventy six (1,776) hours for India based Service Provider Personnel. Where time and materials charging applies, the actual time worked will be used and the Parties acknowledge that, where holidays have not been fully taken or additional days agreed to be worked, the billable hours per year may be more than the numbers above.
16.4.2
all remuneration for all Service Provider Personnel (including basic salaries, bonuses and marked allowances and other staff benefits such as healthcare) and pensions contributions;
16.4.3
all costs of staff training (in terms of time, materials and overheads);
16.4.4
all employee related taxes and National Insurance (or equivalent) contributions;
16.4.5
subsistence, travel, accommodation and expenses for all Service Provider Personnel (other than Landed Resources and any Service Provider resource travelling, at the Customer's




request, from their usual working location in respect of which clause 22.6 (Expenses) shall apply);
16.4.6
direct management and supervision overheads; and
16.4.7
all Service Provider premises and desk‑top technology.
16.5
Where new Services are requested by either the Customer or the Service Provider, these will be implemented via the Contract Change Control procedure. The Customer reserves the right to apply a market test when evaluating new Services.

17.
EXPENSES
17.1
[***].
17.2
The Service Provider and the Customer shall agree in advance and in writing (including by reference in a SOW) the situations in which the Customer will reimburse the Service Provider for a particular expense. If nothing is agreed in writing, then expenses cannot be charged.
17.3
Expenses for Change Projects activities will be capped at a maximum of [***]% of the total Charges for any individual Change Project unless agreed otherwise in writing by the Parties.
17.4
The Service Provider will only charge the value of expenses which are actually incurred to the Customer during the delivery of the Services, in accordance with paragraphs 17.6 to 17.12 inclusive. The Service Provider will retain (either physically or electronically) copies of all supporting expenses documentation (receipts, tickets etc) for a period of 3 years from the date of the expense incurred and made available for the Customer to audit upon request.
17.5
The Customer has the right to request to amend this clause at any time, including when there are changes to the Customer’s own internal expenses policy, in accordance with the Contract Change Control Procedure and the Service Provider may not unreasonably reject the Change Request.
17.6
No local travel expenses can be charged. For avoidance of doubt, local travel means travel for Service Provider Personnel that are based in a geographical area and are travelling for work purposes to a location within the same geographical area (for example, such geographical area may be a city or county but travel from county to county would not be considered to be within the same geographical area).
17.7
Expenses for air travel will be charged in accordance with the below guidelines:
17.7.1
airline tickets must be booked and expensed at the lowest air fare possible at the time of booking (taking into account any business need for specific flight times) and as far as possible in advance to receive the lowest fares;
17.7.2
all travel trips will be charged at Economy class rate, regardless of the actual travel class used;
17.7.3
all flights must be booked at best value, using restricted tickets or route deals versus a fully flexible fare where possible;
17.7.4
memberships in reward programs must not interfere with reserving the best available rates. The Service Provider is not permitted to book air travel at a higher fare in order to use frequent flyer program privileges when a lower fare exists on an offered flight; and
17.7.5
all effort should be made to re-use any unused ticket value from previously cancelled or changed itineraries.




17.8
Expenses for rail travel will be charged in accordance with the below guidelines:
17.8.1
tickets shall be standard class unless the Customer agrees in writing to the purchase of a first class ticket due to a business need;
17.8.2
non-flexible and off-peak train travel must be booked wherever possible;
17.8.3
single tickets shall be booked where two single tickets are cheaper than a round trip ticket; and
17.8.4
in the event where the Service Provider is making rail connections after flights, the Service Provider is actively encouraged to buy a flexible ticket or a ticket upon arrival in order to prevent fare losses or ticket penalties due to delayed flights.
17.9
Expenses for car rental will be charged in accordance with the below guidelines:
17.9.1
car rental should only be used when other safe forms of transportation are not readily available or where it makes economic sense to do so;
17.9.2
intermediate car size or smaller shall be used;
17.9.3
the Service Provider shall re-fuel the car before returning it rather than purchasing the rental company’s re-fueling option;
17.9.4
the Service Provider shall take the hire company vehicle insurance as part of the hire; and
17.9.5
traffic and parking violations while operating a vehicle for business purposes are not reimbursable.
17.10
Expenses for taxis will be charged in accordance with the below guidelines:
17.10.1
where limousines or similar vehicles are offered within the cost of an air ticket or hotel arrangement, they must be accepted unless there is a business justification for not doing so;
17.10.2
the Service Provider shall use public transport for travel around the city of the destination they are visiting unless there is a good business reason to use a taxi
17.11
Expenses for hotels will be charged in accordance with the below guidelines:
17.11.1
the Service Provider shall stay in a standard double room in a three star hotel, or equivalent. The maximum costs permitted per night will be [***].
17.11.2
room type is standard size only. Upgrades to higher quality of room are only permitted if there is no additional cost to the Customer; and
17.11.3
the Service Provider will be reimbursed for reasonable costs of valet and laundry services for any business trip; the cost will be limited to [***] per week.
17.12
Expenses for meals (including drinks) when travelling will be reimbursed up to a maximum of [***] per day per Service Provider Personnel. Accumulation of the daily maximum is not permitted.
18.
FORECASTING
18.1
The Service Provider is responsible for sufficiently understanding the Customer's business and the market in which the Customer operates so as to ensure that it appropriately manages the Service, in accordance with this paragraph 8, to enable it to meet demand for the Services.




18.2
On a monthly basis, the Service Provider will, taking into account any matters notified to it by the Customer (and in this regard the Service Provider will not be expected to cater for events of which it could not reasonably have been aware), inform the Customer of the expected number of work items in comparison to the Baseline Volume, together with any reasons for the deviation to the Baseline Volume over the coming twelve (12) months (the "Forecast Volumes").
18.3
The parties will meet at the Commercial Review Meeting to discuss such Forecast Volumes together with the perceived reasons giving rise to such Forecast Volumes, including such relevant factors as seasonality, performance and any other relevant issues, and in doing so shall agree whether any changes to the Services are required, and address via the Contract Change Control procedure.
18.4
Under no circumstances will there be an increase to the Charges where and to the extent that the increased Forecast Volume results from a delay in the Service Provider implementing any Transformation Projects or through any default on the part of the Service Provider. Accordingly, the Service Provider agrees that if, in order to meet the Performance Standards it must deploy additional resources then it shall do so at its own expense until it has addressed the underlying cause by implementing a Transition Project or otherwise addressing the root cause of its inability to otherwise meet the Performance Standards.

19.
INFLIGHT PROJECTS
19.1
The Term “Inflight Projects” means those projects that are anticipated to be in progress at the applicable Service Commencement Date for the aspect of the Services to which such Inflight Project relates and which may transfer to the Service Provider prior to their completion. A list of the Inflight Projects anticipated to be within the scope of this Agreement is set out in Appendix 10-F of this Schedule and will be refined during Transition with the applicable finalised list of Inflight Projects being agreed prior to each Service Commencement Date.
19.2
The Service Provider will take over the responsibility for the project delivery and the corresponding benefit realisation as set out in the relevant Inflight Project Handover Statement (which is expected to be contracted in the form of a SOW covering all Inflight Project Handover Statements).
19.3
It will be the responsibility of the Service Provider to complete the project in accordance with the Inflight Project Plan and for the Charges (if any) agreed in the Inflight Project Handover Statement. If no such Charges are specified then the Inflight Project in question shall be completed at no additional charge.
19.4
Any Charges set out in the agreed Inflight Project Handover Statement will be payable on completion of the relevant Key Milestone (as indicated by Acceptance of the relevant Deliverables).
19.5
It will be for the Service Provider to ensure that at Inflight Project completion that the project has delivered the objectives and benefits stated in the Inflight Project Handover Statement.
19.6
The Customer will provide information on each Inflight Project to the Service Provider through due diligence conducted prior to the preparation of an Inflight Project Handover Statement activity along with the anticipated state of the project at the point of transfer to the Service Provider.
19.7
The Customer and the Service Provider will jointly agree an Inflight Project handover statement (each, an “Inflight Project Handover Statement”) for each Inflight Project during Transition. The Inflight Project Handover Statement will include:
19.7.1
a description of the project work required to deliver the Inflight Project;
19.7.2
the business case and benefits to be delivered by the Service Provider upon completion;
19.7.3
a project plan to complete the Inflight Project (the “Inflight Project Plan”)




19.7.4
an estimation of the status of the Inflight Project at the point of handover (transfer of responsibility to the Service Prover) and the estimated time to complete, estimated Charges to complete, the Charging Option to be used and any Customer Dependencies associated with benefits realisation;
19.7.5
a resource plan and analysis;
19.7.6
information on any third party supplier involved in the delivery of the project along with the Service Provider responsibilities relating to the third party following handover;
19.7.7
a knowledge transfer plan, where required; and
19.7.8
a summary of key risks, issues, dependencies and constraints.
19.8
The Parties will update the Inflight Project Handover Statement within five (5) working days before the transfer of responsibility to the Service Provider, updating the status of the project at the point of transfer.
19.9
The Service Provider will use its skills and expertise to continue the delivery of the Inflight Projects without a detrimental impact to the ongoing service provision and overall transition activity, unless agreed otherwise.
19.10
The Inflight Projects will be carried out by the Service Provider under the methods agreed in the In Flight Project Handover Statement.
19.11
Any implications of the Inflight Projects to Run Services Charges have been included within the Charges as set out in Schedule 10, unless otherwise agreed between the Parties in writing. All open service requests, service catalogue items, minor projects, application maintenance minor enhancement, and service enhancements initiatives, for the avoidance of doubt including warranty period items such as bug fixes, patching and defect resolution, under way at the point of service transfer will become the responsibility of the Service Provider to be completed in accordance with the appropriate service line or defined timeline, within the Charges set out in Schedule 10 (no additional charge to be made) and in accordance with Schedule 2 Service Descriptions where appropriate.
19.12
In the event there are significant Inflight Projects (those that require dedicated FTE resourcing) at the appropriate point of service transfer that are not listed in Appendix 10-F then the parties will work together to create an Inflight Project Handover Statement for each such project. Pending completion of this activity:
19.12.1
the Service Provider will take responsibility for the Inflight Project and use its reasonable endeavours to continue to deliver until completion;
19.12.2
should there be additional cost to the Service Provider not included within the Charges schedule or a previously agreed Inflight Project Handover Statement or SOW, the Parties will work together in good faith to agree such additional charges through the Contract Change Control Procedure; and 
19.12.3
the Service Provider will use reasonable efforts to minimise these costs, and impact of such projects on the Services.
19.13
For the avoidance of doubt any new Projects that are planned but not in the process of being implemented at the point of transfer of responsibility of the appropriate service to the Service Provider will be subject to the agreement of an SOW in accordance with Annex 5 of Schedule 2 (Service Description). 
20.
GAINSHARE




20.1
The Parties agree that they may mutually benefit from savings delivered through distinct projects or programmes delivered by the Service Provider or the Customer in connection with the Services and designed to deliver Business Impact ("Business Impact Initiatives"). For the avoidance of doubt, the Committed Transformation projects shall not be capable of being Business Impact Initiatives pursuant to this paragraph.
20.2
All Business Impact Initiatives shall be considered at the Planning, Programme and Transformation Committee meeting. The Service Provider may present high level concepts for its ideas and suggested means of achieving Business Impacts at the Planning, Programme and Transformation Committee meetings. The Planning, Programme and Transformation Committee shall then jointly identify the ideas which shall be developed and formally proposed as "Gainshare Initiatives". No idea shall be considered to be a Gainshare Initiative until it has been approved by the Planning, Programme and Transformation Committee in accordance with this paragraph 14.2.
20.3
The approval of all Business Impact Initiatives will be provided by the Finance, Contract Billing and Commercial Meeting (which shall review recommendations made to it by the Planning, Programme and Transformation Committee meetings) and, once approved for taking forward, a Business Impact Initiative shall be considered a Gainshare Initiative.
20.4
For a project to qualify to be considered as a Business Impact Initiative, the services provided by the relevant project or programme and outlined in the Business Impact Initiative must:
20.4.1
represent a clearly‑defined financial benefit to the Customer; and
20.4.2
be jointly agreed in terms of scope, cost, Service Provider share and timing in writing between the Customer and the Service Provider (such agreement not to be unreasonably withheld or delayed).
For the avoidance of doubt the Customer shall not be obliged to accept any Business Impact Initiatives proposed by the Service Provider. If the Customer rejects a Business Impact Initiative proposed by the Service Provider, nothing in this Agreement shall prevent the Customer from making modification to its operations (including how it receives the Services) which are materially similar to or the same as the rejected Business Impact Initiative, provided that the Customer can reasonably demonstrate that it has already initiated the same or similar initiative or is in discussion with another party to do the same.
20.5
Once both parties have jointly decided to consider a Gainshare Initiative, the Service Provider will submit a proposal to the Customer at no cost to the Customer, including the following:
20.5.1
a full and detailed description of the specific situation, challenges and proposed improvements;
20.5.2
the cost, expected Business Impact and other non‑financial benefits;
20.5.3
an implementation plan setting out when the Gainshare Initiative implementation project would start, when it would complete, and how and when it would deliver benefits to the Customer including how the benefits will be measured;
20.5.4
any investments required from the Customer and/or the Service Provider to capture and sustain the Business impact over time. This would include whether the Gainshare Initiative involves a third party (and if so, details of whom between the Customer and the Service Provider is responsible for invoicing and collecting Charges from such third party);
20.5.5
the proposed criteria for determining Gainshare initiative success, including with the benefit definition and proposed benefit measurement mechanism on which the gain will be based;
20.5.6
the treatment of any investment costs suffered by either the Customer or the Service Provider and their recovery;




20.5.7
percentage of Service Provider share available to the Service Provider. [***]; and
20.5.8
an upper limit on Service Provider share accruing from the Business Impact project.
20.6
The Parties shall discuss and agree on each proposal submitted in accordance with the Contract Change Control Procedure. Upon agreeing a proposal in accordance with this paragraph, it shall constitute a "Gainshare Project" and shall be implemented in accordance with its terms.
21.
INNOVATION POOL AND TOOLING FUND
Innovation Pool
21.1
The Service Provider has agreed to establish an ‘Innovation Pool’ on the following terms:
21.1.1
the Innovation Pool shall be [***] US Dollars (USD [***]) per Contract Year;
21.1.2
In Contract Year 1, this will operate [***].
21.1.3
In subsequent Contract Years:
(i)
[***];
(ii)
[***];
21.1.4
Management of the Incremental Innovation Pool
(i)
[***];
(ii)
[***];
21.1.5
Carry Over
(i)
[***].
(ii)
[***];
(iii)
[***]:
(a)
[***]; or
(b)
[***].
(iv)
[***]
21.2
Attendees of the Commercial Meeting held pursuant to Schedule 12 (Governance and Service Management) shall, periodically, decide which Gainshare Initiatives the Innovation Pool will be used for (each to then be treated as an "Innovation Project/Initiative").
21.3
Not used
21.4
The provisions of paragraph 6.3 apply to paragraph 21.
Tooling Fund




21.5
The Service Provider has agreed to fund future re-tooling of the Customer’s IT estate (the “Tooling Fund”) on the following basis:
21.5.1
The Tooling Fund shall be [***] (subject always to agreement on the details being reached between the Parties pursuant to the Contract Change Control Procedure and/or SOW drawdown process as applicable). This can include [***]);
21.5.2
The Tooling Fund is contingent on [***];
21.6
In the event the Customer does not [***], then the Customer shall forfeit a sum equal to [***] in respect of the failure [***].
21.7
If at the end of the Initial Term there is any element of the Tooling Fund remaining then, provided the Customer has incurred Charges of at least [***] then it shall be entitled to carry over the Tooling Fund for use during any extension of the Term;
21.8
If at the end of the Agreement (whether through termination or expiry) there is any element of the Tooling Fund remaining and the Customer does not extend the Term, then [***].
21.9
Attendees of the Commercial Meeting held pursuant to Schedule 12 (Governance and Service Management) shall, periodically, decide which whether and how to use the Tooling Fund.

22.
VOLUME DISCOUNT
22.1
In addition to the Service Discount referred to at paragraph 6 above, the following discounts (“Volume Discount”) shall be applied to the corresponding level of charges relating to Change Management Services invoiced to the Customer under or in relation to this Agreement in a particular Contract Year), excluding for these purposes any value added or similar taxes, any reimbursed travel and expenses.
22.2
The Volume Discounts within the table below apply to the total spend on Change Management Services within each tier. The maximum discount will be applied from the start of each Contract Year . If the total spend on Change Management Services in any Contract Year is less than $[***], then the Service Provider will apply an adjustment to reflect the volume discount applicable to the achieved spend on Change Management Services in that Contract Year.
Change Spend (USD/$)
Tier Discount Percentage of Total Annual Change Spend
Over $[***] and up to $[***]
[***]%
Over $[***]
[***]%

23.
IT SERVICE CONTINUITY MANAGEMENT (ITSCM)
23.1
The Service Provider will maintain an ITSCM plan for the Customer as set out in Schedule 16.
23.2
The Charges relating to the provision of the ITSCM requirements in Schedule 16 to the Customer have been included within the following charges categories for the Term:
23.2.1
Common Services Charges (e.g. Data connectivity)
23.2.2
Infrastructure Management Charges
23.2.3
Application Management Charges




23.2.4
Network Services Charges

24.
BUSINESS CONTINUITY AND DISASTER RECOVERY (BCDR)
24.1
[***].
24.2
[***].
24.3
[***].
24.4
[***],
24.5
[***].
24.6
[***].
25.
EARLY TERMINATION PAYMENTS
25.1
[***]:
25.1.1
[***].
25.1.2
[***].
25.2
[***]:
25.2.1
[***]; plus
25.2.2
[***].
25.3
[***].
25.4
[***]:
25.4.1
[***];
25.4.2
[***]; or
25.4.3
[***].
25.5
[***].
25.6
[***].
25.7
[***]:
25.7.1
[***]
25.7.2
[***]:
aspen20itoschedule10p_1a01.gif




25.8
[***]:
Change Termination Value
Liquidated Damages payable
Less than or equal to USD [***]
As set out in [***]
USD [***]-USD [***]
[***]
USD [***]
As set out in [***]
USD [***]-USD [***]
[***]
USD [***] or more
As set out in [***]

25.9
[***]:
25.9.1[***]; and
25.9.2
[***].
25.10
[***].
26.
TERMINATION ASSISTANCE CHARGES
26.1
[***].
26.2
[***].
26.3
[***]:
26.3.1
[***]; and
26.3.2
[***].
26.4
[***].






APPENDIX 10‑A
PRICE BOOK
[***]

APPENDIX 10-B
APPLICATION MANAGEMENT CHARGES
As at the Effective Date, the Applications to be supported under the Application Management Service are categorised into five categories as detailed in Appendix 10-A:
a)
Bespoke. Applications which have been modified specifically to meet the Customer’s business requirements and processes and therefore require an in depth level of knowledge to provide adequate support. E.g [***] These are applications which are so bespoke that they can only be used within the Customer only in their current level of development.
b)
Catch/ Dispatch. Applications which can be triaged by the Service Desk but cannot be supported by the application support team. Incidents, where a resolver group is required, will be sent to the application vendor. Typically these are also web based applications.
c)
Commercial off the Shelf. Applications which are business enabling which require ‘how do I’ support and are utilised to a high level of complexity, e.g. Microsoft Excel. These applications require a level of support enhanced by the OSP aligned to the Customer usage.
d)
Specialist Support. Applications which are specifically used with the London Markets or Insurance business, or applications which have been developed in house specific to the Customer requirements. They have not been modified to the extent that they are unique to the Customer.
e)
MI. Applications used for reporting or analytics within the Customer

Each of the above categories is subdivided into a level of service, Gold, Silver or Bronze (which are defined in Schedule 3 Appendix 3-A).

For the first 6 months following the last Service Commencement Date for Application Management, the Application Management Charges shall apply as follows:




The annual Charge for the support of each category at each level of service is set out in the Price Book. For example, a bespoke application can receive a Gold, Silver or Bronze level of service.
To add an application, the parties shall categorise it into one of the above five categories, and the Customer shall advise the level of service desired.
To establish the category, the Service Provider will propose the appropriate category within 10 working days of the requirement to add an application, to which the Customer will have the right to agree or disagree. The final categorisation will be the decision of the Customer, acting reasonably and taking account of the definitions above. The relevant unit charge is then applied as defined in Appendix 10-A effective from the Service Commencement Date for that application.
The opposite process is effective to remove an application from the Application Management Service. In order to remove an application, at least 30 working days notice must be given by either party and the relevant charges will alter at the expiry of the notice period.
The Charges for bringing an Application into operation or decommissioning an Application shall be agreed via the Contract Change Control Procedure.
During this 6 month period, the Parties shall work in good faith to agree an alternative approach which takes into account complexity of Applications as an additional dimension and the procedures for adding and removing Applications. Any changes to the approach set out above shall be documented and agreed via the Contract Change Control Procedure. In the absence of any such agreement, this Appendix shall continue to operate without amendment.

APPENDIX 10-C
CHANGE MANAGEMENT CHARGING MODELS
1.
Introduction

1.1.
The Parties have agreed that as part of the Change Management Services, they will agree SOWs that set out the requirements of each Change Project, the applicable timing, the Charges payable, the payment profile and other commercial and technical matters.

1.2.
When agreeing such SOWs the Parties have agreed that any time and materials work will be provided by reference to the Rate Card set out in this Schedule and that they will also apply one of the charging models described below albeit that, by agreement, they may adopt other innovative or different pricing models.

1.3.
Each pricing model is described below together with when the Parties consider that it would be preferable to use it.





1.4.
The Service Provider cannot unreasonably reject a request from the Customer to use a particular Charging Option for a particular Change Project.  The Customer accepts that there will be commercial implications in the application of different charging models.

1.5.
The Customer may request to alter any of the Charging Options in section 3 below or add new Charging Options via the Contract Change Control procedure.


2.
Charging Options

2.1.
Simple Time and Materials

2.1.1.
Description: the Service Provider will charge for time spent on delivering the Services by reference to the time spent and the Rate Card. The Service Provider shall provide estimates of the likely total Charges and shall not exceed such estimates without first notifying and agreeing the same with the Customer. Time spent by back office staff (e.g. by billing clerks etc.) would not be chargeable.

2.1.2.
Payment Profile: while the payment profile would be agreed in the applicable SOW, the Parties expectation is that for simple time and materials engagements, the Service Provider would invoice monthly in arrears as part of the monthly billing run and in accordance with requirements of paragraph 3.

2.1.3.
Usage: the Parties agree that simple time and materials based charging would be appropriate where there is a lack of certainty around scope or volume of work required and a lack of certainty around the requirements to be delivered, for example during an initial “discovery” phase of a project.

2.2.
Time and Materials with payment Milestones

2.2.1.
Description: the Service Provider charge for time spent on delivering the Services by reference to the time spent and the Rate Card. The Service Provider shall provide estimates of the likely total Charges and shall not exceed such estimates without first notifying and agreeing the same with the Customer. Time spent by back office staff managing the provision of the Services (e.g. by billing clerks etc.) would not be chargeable.





2.2.2.
Payment Profile: the main difference to simple time and materials based charging is that while Charges would accrue based on a time and materials calculation, the Charges would only be invoiced once an applicable Milestone had been reached. The SOW would set out what the requirements of such Milestone were, this may be Acceptance of a Deliverable (or an interim Deliverable such as a specification document) or, for agile software development, completion of a sprint or series of sprints. Invoices for the time and materials Charges accrued in delivering a Milestone would be invoiced at the end of the month following the achievement of the Milestone in question and in accordance with requirements of paragraph 3.

2.2.3.
Usage: the Parties agree that time and materials based payments linked to Milestones would be preferable to simple time and materials based pricing and would be appropriate where there is a lack of certainty around scope or volume of work required but a degree of certainty over requirements to be delivered, for example during the detailed design phase of a project or, potentially, during a software build phase.

2.3.
Fixed Price

2.3.1.
Description: the Parties agree a fixed price for the scope of the Services to be provided. This fixed price may be linked to assumptions and dependencies.

2.3.2.
Payment Profile: the payments will be linked to Milestones. These Milestones may be simple monthly payments or linked to the delivery of certain Deliverables. The Parties agree that the latter would be preferable but recognise that particularly during an early stage of a project that may not be possible.

2.3.3.
Usage: the Service Provider recognizes that pricing certainty is of crucial importance to the Customer and that, as such, fixed prices with minimal assumptions would be the Customer’s preference. Fixed price Charging with payments linked to Milestones related to delivery of Deliverables to the Customer are therefore recognized to the Customer’s strong preference and shall be used where possible and in particular where there is a clear understanding of what is to be delivered and the effort required to deliver it.

2.4.
Fixed Price linked to Outcomes

2.4.1.
Description: this is the same as fixed price charging as described above save that the price is only payable once tangible benefit has been delivered to the Customer.





2.4.2.
Payment Profile: to be agreed in the applicable SOW.

2.4.3.
Usage: typically to be used where Gainshare is not applicable but the Parties consider that the business case for the Project is clearly linked to outcomes the Service Provider can enable. The Parties will need to agree a methodology for calculating the benefits realized as part of this commercial model and any actions that the Customer needs to take to realise the benefit shall be recorded as Customer Dependencies.

2.5.
Fixed price by Sprint (Agile only)

2.5.1.
Description: this is the same as fixed price charging as described above save that the price is payable by reference to the number of sprints (by resource capacity) planned to deliver working software to the Customer.

2.5.2.
Payment Profile: typically linked to completion of each sprint (it being recognized that monthly invoices may then cover two or more sprints completed in the preceding month).

2.5.3.
Usage: the Parties shall work together to refine an agile delivery methodology that lends itself to fixed pricing rather than time and materials based pricing.

2.6.
Target cost

2.6.1.
Description: here the Parties would agree a budget and then work would be carried out by the Service Provider in a mix of time and materials and fixed price models with it being agreed that the Service Provider would not charge more than the target cost. Such target cost may be linked to assumptions and dependencies.

2.6.2.
Payment Profile: typically linked to Milestones but, in the case of T&M, may be monthly.

2.6.3.
Usage: this model is typically to be used where the Customer and the Service Provider have not fully tied down a scope of work and the Service Provider is undertaking a discovery exercise or workshops with the Customer. Alternatively it can be used where there is a level of delivery risk that it is commercially appropriate to share.





2.7.
Risk and Reward

2.7.1.
Description: risk and reward mechanisms can be linked to most of the Charging Options referenced above and involve a balance of potential upside and downside for both Parties. For example:

2.7.1.1.
on a time and materials engagement, the Service Provider might agree that if it incurred more costs than its estimate it would not charge more than its estimate up to a certain percentage value (the risk) but, in return, if it came under its estimate it would be paid a percentage uplift on its charges (the reward). This twin incentive of risk and reward incentivizing it to manage costs.

2.7.1.2.
on a fixed price engagement, the risk and reward factors could relate to early delivery (a bonus) being offset against an agreement to accept the risk (up to an agreed limit) that if assumptions etc. were not met it would not seek to re-open the charges (the risk).

2.7.2.
Payment Profile: typically linked to the model already adopted with, perhaps, a true up mechanism built into the SOW.

2.7.3.
Usage: will largely depend upon the nature of the Change Project, the payment mechanism adopted and the appetite of the Parties to use such a mechanism.

2.8.
Gainshare (Outcome based)

2.8.1.
Description: please see paragraph 20 of this Schedule.

2.8.2.
Payment Profile: please see paragraph 20 of this Schedule.

2.8.3.
Usage: please see paragraph 20 of this Schedule.


3.
Other Pricing Factors

Where appropriate the following will apply to an SOW:





a.
Payment milestones: see section 2 above for further detail on how payment milestones might work;
b.
Risk and Reward: see section 2.7 above;
c.
Costed risks allowances / Joint costed risks: in addition to the references to risk and reward sharing etc. set out in section 2.7 above, the Parties agree to consider risks applicable to each Change Project and the extent to which the costs which may arise from such risks can be shared between them;
d.
Liquidated Damages: see clause 10 and paragraph 14 above, the Parties agree that the principles surround Liquidated Damages set out in clause 10 and paragraph 14 of this Schedule could apply to Change Projects also;
e.
Expenses on projects: see paragraph 17 above;
f.
User story/product backlog trading: the Parties shall work together to refine an agile delivery methodology that lends itself to user story/product backlog trading in a manner that complies with Good Industry Practice;
g.
Change control tolerances: here for both time and materials or fixed price engagement, the Service Provider would agree (and therefore have built into its pricing) a tolerance allowing for a certain volume of Change Requests to arise in relation to an agreed Change Project.
h.
On Change Project closure, the Parties will share learnings from the Project and the Service Provider shall update its estimation model(s) as appropriate.



4.
Contract Change Control Procedures

4.1.
In the event of the need for a Change, as part of the invocation of the Contract Change Control Procedure the Service Provider must provide the following:

4.1.1.
cost by Deliverable, showing time required broken down by resource role type needed to produce the deliverable and also the tasks/activities associated with producing the deliverable; and

4.1.2.
If applicable and as a supplement to the above, the Supplier will provide another document which contains all estimates for various backlog items and user stories. The estimates needs to be arrived using bottom up approach using standard templates (identifying changes involved like fields, business rules, activities, integration, testing types etc..) need to be validated and use it as a basis for conceptual sprint plan and subsequent planning.





4.2.
The Service Provider further recognises that changes to scope, requirements, time lines or other aspects of a Change Project is an inevitable consequence of undertaking any Change Project. Accordingly, the Service Provider agrees that it will not charge the Customer any additional fees for following the Contract Change Control Procedure.

4.3.
The Parties recognise that for agile software development projects, change is inherent to the delivery methodology and they agree that they shall work together to develop an agile delivery methodology that allows agile development to take place without invocation of the Contract Change Control Procedure save where material changes (e.g. an increase in an overall project budget or a fundamental rethink of a project scope) is required.

5.
Invoice detail for T&M projects

5.1.
For all Change Projects charged on a T&M basis, the Service Provider must provide invoices showing a breakdown of work conducted by role type for each week.

5.2.
This breakdown must include detail of the amount of hours worked on each Deliverable and any associated sub activities or standalone activities (those not associated with a Deliverable).

5.3.
Failure to provide sufficient detail in the invoice by the Service Provider is grounds for the Customer to reject an invoice or withhold payment.

APPENDIX 10-D
BASELINE VOLUMES
[***]
































APPENDIX 10-E
EARLY TERMINATION FEES
[***]

APPENDIX 10-F




INFLIGHT PROJECTS
[***]

APPENDIX 10-G
CHANGE FLEX INITIAL POSITION
[***]

APPENDIX 10-H
SERVICE DESK OFFSHORE OPTION
[***]


APPENDIX 10-I
RATE CARD
[***]



APPENDIX 10-J
INDEXATION SENSITIVITY
[***]




APPENDIX 10-K
SERVICE CATALOGUE
[***]







APPENDIX 10-L
TRANSITION BASELINE INFORMATION
[***]

APPENDIX 10-M
LOW VOLUME UNITS
[***]

SCHEDULE 11
BENCHMARKING
(INCLUDING QUALITY ASSURANCE REVIEW)
1.
PURPOSE OF THE SCHEDULE
1.1
The purpose of a benchmark review is to establish whether the Charges for those Services that are subject to a benchmarking exercise (the “Benchmarked Services”) are Market Competitive (as defined below). In no event shall a benchmark review result in any decrease in the quality of any Services or Performance Standards or any increase in the Charges. The Customer agrees it may only Benchmark the whole of a given aspect of the Services (e.g. a service tower, a cross-tower service or such future service categories as may be subject to this Agreement). The service categories for Benchmark are aligned to the Services in this Agreement:
1.1.1
Common Services;
1.1.2
Infrastructure Management;
1.1.3
Operations and Service Delivery;
1.1.4
Applications Management;
1.1.5
Network Management Services; and
1.1.6
[***].
1.2
Customer shall be entitled to Benchmark the Charges and/or Service Levels and performance of the Services by giving written notice to the Service Provider ("Benchmark Notice").
1.3
Market Competitive” shall mean that the Charges for the Benchmarked Services are less than or equal to the Comparative Charges on which services that are the same as or substantially similar to the Benchmarked Services and of similar volumes and complexity and which are, at the date of commencement of the benchmark review, being provided by a service provider of a similar scale and international, professional standing as the Service Provider (the “Equivalent Services”) on broadly comparable terms and conditions. For these purposes, the “Comparative Charges means the lowest quartile of charges paid for the relevant Equivalent Services over the previous twelve (12) month period by the customers receiving the Equivalent Services, having regard to all relevant factors including:
1.3.1
the financial and performance risks and the investment undertaken by the Parties in connection with this Agreement; and




1.3.2
the quality of service with which the Equivalent Services and the Services under this Agreement are provided.
1.4
The Benchmarker will align its output to the structure of the Pricebook agreed between the Customer and the Service Provider as detailed in Schedule 10 (Pricebook, Charges & Invoicing) of this Agreement.
2.
PROCEDURE
2.1
Subject to paragraph 2.2, the Customer may provide a Benchmark Notice the Service Provider requiring a benchmark review to be carried out at any time in relation to the service categories defined in paragraph 1.1.
2.2
The Customer may Benchmark up to three (3) service categories (as defined in paragraph 1.1) during any one year.
2.3
The Customer may not however require a benchmark review to be carried out either:
2.3.1
within twelve (12) months after the Service Commencement Date; or
2.3.2
within twelve (12) months after a previous benchmark review relating to some or all of the same Services.
2.4
Promptly following service of the Benchmark Notice pursuant to paragraph 2.1, the Parties shall meet and work in good faith to agree as many of the arrangements relating to the Benchmarking as possible. Any agreement in writing shall apply in respect of this Schedule. This paragraph 2.3 shall not limit, delay or prevent the application of any of this Schedule 11.
2.5
Benchmarking shall be performed by an independent third party which shall act as an independent consultant.
2.6
The Customer shall nominate three (3) potential candidates to perform the benchmark review. The Service Provider shall have ten (10) Business Days to reject one of these choices and the Customer shall then choose one of the remaining candidates (the “Benchmarker”). For the avoidance of doubt, different independent third parties may be appointed for different benchmark reviews. A Service Provider Competitor shall not however be selected as the Benchmarker and for these purposes the Service Provider agrees that the Benchmarking practices of Deloitte, EY, Gartner Group, KPMG, Hillbrooke, ISG, Hackett Group and PwC groups of companies shall not be Service Provider Competitors for the purposes of this Schedule 11, provided that those organisations put in place appropriate ethical walls between their benchmarking practices and those parts of their business which provide business and technology consulting and services to ensure that all information obtained by their benchmarking practices is not disclosed to parts of their business which may compete with the Service Provider.
2.7
The Customer shall enter into the following agreements with the Benchmarker:
2.7.1
an agreement to carry out the Benchmarking ("Benchmarking Agreement") consistent with paragraph 4 and imposing on the Benchmarker an obligation to act independently in carrying out the Benchmark without any conflict of interest between any individuals of the Benchmarker involved in the Benchmarking and either the Customer or the Service Provider and in accordance with Relevant Law; and
2.7.2
a non-disclosure agreement protecting the Confidential Information of the Service Provider and the Customer on terms equivalent to the Agreed Form NDA in all material respects.
2.8
The Service Provider shall not be party to the Benchmarking Agreement or the non-disclosure agreement between the Customer and the Benchmarker. However, the Benchmarker shall be required to sign a separate non-disclosure agreement with the Service Provider on terms equivalent to the Agreed Form NDA referred to in paragraph 2.7.2 above the Customer and the Service Provider shall be treated by the Benchmarker as equal parties.
2.9
The Customer shall prepare draft terms of reference for the Benchmarker, requiring the Benchmarker to as a minimum:




2.9.1
carry out the benchmark review specified in the Benchmark Notice;
2.9.2
if so requested following production of the final Benchmarking Report, determine the appropriate changes to this Agreement, as envisaged by paragraph 7.2 below;
2.9.3
keep confidential the fact of its appointment as Benchmarker; keep confidential all Confidential Information about the Parties (and/or their respective Groups) that is learnt by the Benchmarker as a result of the benchmark review and/or as a result of it being requested to determine the appropriate changes to this Agreement; and only use that Confidential Information for the purpose of carrying out its obligations as Benchmarker, as envisaged by this Schedule 11 and the terms of reference;
2.9.4
throughout the period from its appointment until three (3) years after the date of the final Benchmarking Report (or, if later, until three (3) years after its determination of the appropriate changes to this Agreement), hold the following insurance policies with an insurer of good standing and reasonably acceptable to the Customer and Service Provider: (i) professional liability insurance for a minimum amount of £[***] ([***] GBP); (ii) public liability insurance for a minimum amount of £[***] ([***] GBP); (iii) employer’s liability insurance for a minimum amount of £[***]; and (iv) product liability insurance for a minimum amount of £[***] ([***] GBP), in each case on an each and every claim basis with the exception of professional indemnity and product liability which may be aggregate for the period of insurance; and
2.9.5
perform its responsibilities in a professional, competent and timely manner having regard to the nature and purpose of its appointment.
2.10
The Customer shall provide the draft terms of reference to the Service Provider for review. The Service Provider may, within five (5) Business Days of receiving the draft terms of reference (but not thereafter), provide the Customer with suggested changes to them. The Customer shall not unreasonably refuse to make changes so proposed by the Service Provider.
2.11
The Customer shall provide the Benchmarker with the draft terms of reference (as the same may have been adjusted by the Customer to reflect any comments received from the Service Provider). Any changes proposed by the Benchmarker shall be considered by the Parties in good faith and consent to any such proposed changes shall not be unreasonably withheld or delayed.
2.12
The Customer shall then provide the final terms of reference to the Service Provider, and the selected Benchmarker shall be jointly appointed in accordance with those terms of reference.
3.
BENCHMARKING COSTS
3.1
The Benchmarker shall not be compensated on a contingency fee or incentive basis.
3.2
The Benchmarker’s costs and expenses shall be borne by the Customer.
3.3
Each Party shall bear its own costs in conducting and co-operating with the Benchmarking and complying with this Schedule 11.
4.
CONDUCT OF THE BENCHMARKING
4.1
The Customer and the Service Provider (and the Service Provider shall procure that all relevant Affiliates and subcontractors) shall;
4.1.1
co-operate fully, promptly and in good faith with the Benchmarker; and
4.1.2
promptly furnish to the Benchmarker all information and documentation, and all access to personnel, that is reasonably requested by the Benchmarker.
4.2
The Customer and the Service Provider may disclose the terms of the Agreement and any other Confidential Information reasonably required for the conduct of the Benchmarking exercise to the Benchmarker. The




Customer and the Service Provider shall each make all reasonable efforts to ensure that the Benchmarking is organised and conducted in accordance with all Relevant Laws.
4.3
Unless otherwise agreed in writing between the Parties, the Parties shall direct the Benchmarker to complete the Benchmark in ten (10) weeks from finalising the Benchmark Parameters referred to below (on the basis that Benchmarking will require approximately four (4) weeks of data gathering, two (2) weeks of analysis, two (2) weeks of report drafting and two (2) weeks for reviewing and redrafting). The Parties shall promptly respond to all reasonable requests by the Benchmarker for assistance, relevant documents and information ("Benchmark Information"). If either Party fails to respond promptly to the Benchmarker, then the Benchmarker may provide written notice to that Party to provide the requested Benchmark Information in full within five (5) Business Days. If, following notice, that Party fails to deliver the Benchmark Information within five (5) Business Days, then the Benchmarker will proceed using its industry expertise to provide estimated Benchmark Information provided that the Benchmarker shall disclose all such estimated Benchmark Information.
4.4
Both Parties’ representatives will be involved in all material discussions with the Benchmarker which are intended to drive the decisions of the Benchmarker provided that neither Party shall be entitled to attend meetings between the Benchmarker and the other Party where such meetings form part of the fact finding process of the Benchmarker.
5.
COMPARATORS & NORMALISATION
5.1
The Benchmarker shall use a minimum of five Comparators (as defined below) for the Reference Groups.
5.2
The Benchmarker shall propose in writing the process, governance, methods for normalising the Benchmark data (consistent with paragraph 5.4 and 5.5), milestones, deliverables, scope, Equivalent Services and representative samples (such representative samples being known as "Comparators") selected from reference groups of appropriate selected organisations which the Benchmarker will have available . The selected organisations will be similar in terms of size, scale and capability to the Service Provider ("Reference Groups"). The Benchmarker will propose metrics and any other items that may be required by the Benchmarker in order to carry out the Benchmarking (the "Benchmark Parameters") and deliver a fair, like-for-like comparison. The Parties shall use the following process for reviewing the Benchmark Parameters:
5.2.1
within five (5) Business Days of issue of the draft Benchmark Parameters by the Benchmarker, each Party shall review the draft and submit written comments to the Benchmarker (with a copy to the other Party);
5.2.2
the Benchmarker shall consult with the parties and produce the second draft, taking into account such of the Parties' comments as the Benchmarker (acting as independent consultant) deems appropriate and justified;
5.2.3
within five (5) Business Days of issue of the second draft, each Party shall review the second draft and submit written comments to the Benchmarker (with a copy to the other Party); and
5.2.4
Benchmarker shall produce a final draft of the Benchmark Parameters, taking into account such of the Parties' second round of comments as the Benchmarker (acting as independent consultant) deems appropriate and justified.
5.3
Notwithstanding paragraph 5.2, the Benchmarker shall have the final decision on the Benchmark Parameters and Equivalent Services. If the Service Provider considered these to create an unfair comparison, it shall escalate in accordance with the Dispute Resolution Procedure.
5.4
The Benchmarker shall examine the Service Levels over the previous twelve (12) months (or term to date if less) and the Charges for the Benchmarked Services and shall consider together the following:
5.4.1
the quality of the Benchmarked Services (as denoted by the service level measures); and
5.4.2
the Charges for the Benchmarked Services.




5.5
The Benchmarker shall normalise data collected from the Comparators in respect of the Equivalent Services against the relevant Benchmarked Services including (where relevant), but not limited to, taking account of:
5.5.1
scope and nature of the Services;
5.5.2
the hardware or software used or required to provide the Services, including maturity, stability and age;
5.5.3
Service Levels and service requirements (including regulatory and geographic restrictions);
5.5.4
locations of service delivery and receipt of the Services;
5.5.5
volumetrics (including number of users);
5.5.6
financial engineering, discount mechanisms, financial remedies/ adjustments set out in the contract and allocations;
5.5.7
that the Customer has not paid for Transition or staff restructuring; and
5.5.8
any other factors that the Parties agree (acting reasonably) in writing would be relevant to the benchmark review.
5.6
The Benchmarker shall provide a comprehensive overview (or such other information that the Benchmarker has agreed to provide pursuant to paragraph 5.2) of any normalisation carried out in accordance with paragraph 5.5. Nothing in this Schedule 11 is intended to require the Benchmarker to disclose the identity of any customers or any commercially sensitive information in breach of any obligation of confidence owed by the Benchmarker or the underlying proprietary algorithms supporting the normalisation factors.
5.7
For the avoidance of doubt, the Benchmarker may consider factors other than those set out in the Benchmarking Agreement (but may not disregard factors which are set out therein) where not to do so would result in the Benchmarking Report being materially unfair to either Party. In such circumstances, the Benchmarker shall advise both Parties of such factors and the reasons for its consideration of those factors.
6.
BENCHMARK REPORT
6.1
Upon completion of the Benchmarking, the Parties shall use the following process for reviewing and commenting on the Benchmark Report:
6.1.1
the Benchmarker shall produce its first draft report setting out the Charges in the market for Equivalent Services by reference to those Benchmarked Services ;
6.1.2
within ten (10) Business Days of issue of the first draft report, each Party shall review the first draft report and submit written comments to the Benchmarker (with a copy to the other Party);
6.1.3
the Benchmarker shall consult with the Parties and produce a second draft report, taking into account such of the Parties' comments as the Benchmarker deems appropriate and justified;
6.1.4
within ten (10) Business Days of issue of the second draft report each Party shall review the second draft report and submit written comments to the Benchmarker (with a copy to the other Party); and
6.1.5
Benchmarker shall produce a final report (the "Benchmark Report"), taking into account such of the Parties' second round of comments as the Benchmarker deems appropriate and justified.
7.
OUTCOME
7.1
If the Benchmark Report concludes that the Charges are not Market Competitive, the Parties shall, in accordance with the Contract Change Control Procedure, negotiate in good faith such fair and reasonable Changes to this Agreement as are necessary so that the Charges are Market Competitive (applying the criteria used in the Benchmark Report, in so far as those criteria are apparent from the Benchmark Report).




7.2
If the Parties do not agree such Changes within fifteen (15) Business Days after the date of the Benchmark Report, then the Parties shall escalate to the highest level of governance for further discussion. If the Parties are still not able to agree, [***].
7.3
[***].
8.
GENERAL
8.1
If for any reason the Benchmarker ceases performing, or is unable to perform, all or any of its responsibilities, as envisaged by this Schedule 11, a replacement Benchmarker shall be appointed to perform such of those responsibilities as remain unperformed.
8.2
In no event shall the Charges be increased or the Service Levels decreased as a result any Benchmarking.
8.3
The Customer may withdraw any Benchmarking Notice and cancel the appointment of the Benchmarker at any time. Cancellation by the Customer of any Benchmarking shall not prevent the Customer from commencing another Benchmarking. In the event of cancellation, the Customer shall bear all the charges of the Benchmarker.
8.4
Without prejudice to any right of the Service Provider to raise an issue under the Dispute Resolution Procedure where the Customer has not complied with this Schedule 11, the Benchmarker shall act as an expert and not as an arbitrator and subject to anything to the contrary in this Schedule 11, its decision will be final and binding on the Customer and the Service Provider.
9.
QUALITY ASSURANCE REVIEW
9.1
The Customer will endeavour to provide thirty (30) days written notice of a QA Review to the Service Provider, but may, at its absolute discretion, carry out a QA Review with at least ten (10) Business Days’ notice to the Service Provider. Prior to the commencement of the QA Review, the Customer will provide details of the methodologies to be followed to the Service Provider and will meet with the Service Provider to discuss the QA Review and such methodologies as reasonably required.
9.2
The Customer may, at its own discretion, conduct the QA Review itself or appoint an independent third party (provided that such third party shall not be a Service Provider Competitor in the provision of services equivalent to the Services) to undertake the QA Review, provided that the Customer procures that such third party complies with terms equivalent to this paragraph 9 in all material aspects and executes a non-disclosure agreement in favour of the Service Provider on terms equivalent to the Agreed Form NDA.
9.3
The Customer will, at the commencement of each QA Review, provide the Service Provider and any third party carrying out the QA Review, with a document that details, but is not limited to, QA terms of reference, required report layout, timescales and deliverables.
9.4
The Service Provider shall co-operate and participate fully in any QA Review and shall use all reasonable endeavours to ensure that requests for information from the Customer are dealt with in a timely manner. The Service Provider may only charge the Customer for the performance of its obligations in relation to a QA Review where the Service Provider can demonstrate to the Customer's satisfaction that it cannot perform such obligations using its then current resources and that to do so would have a material impact on its costs of providing the Services, in which case any additional Charges reasonably incurred may be reserved at the rates set out in Schedule 10 (Pricebook, Charges and Invoicing).
9.5
The Customer may not carry out a QA Review in the first six (6) months from the Service Commencement Date for that Service Tower.
9.6
If, following a QA Review, the Customer is not satisfied that the Service Provider is meeting the QA Requirements, the Customer will provide a written report to the Service Provider setting out the parts of the QA Requirements that are not being provided to the standards stated in the Agreement ("QA Report"). Within ten (10) Business Days of the date of the QA Report, the Service Provider will provide a written response to the Customer, such response to include an action plan and timetable (to be approved by the Customer) for implementing such changes as are required to be made by the Service Provider to ensure that the QA Requirements are provided to the standards stated in the Agreement. The Service Provider shall, where there




is a Service Provider Default, bear the cost of any remedial work or any repeat QA Review, further testing or verification processes required to ensure that such QA Requirements are met to the standard stated in the Agreement. Should the Customer request a change to the Services as a result of a QA Review, to the extent that such change is a change to the Service Description or a change to the way the Services are delivered, such changes, and the impact of them, shall be agreed via the Contract Change Control Procedure.
9.7
In no event shall the Charges be increased or the Service Levels decreased as a result of a QA Review.










SCHEDULE 12

GOVERNANCE AND SERVICE MANAGEMENT
Pursuant to clause 3.5 of the Outsourcing Agreement, the UK Customer has been appointed to act as agent for the other Customers. References in this document to the Customer are therefore references to the UK Customer acting as agent for all three contracting entities unless otherwise specified.
1
INTRODUCTION
1.1
This Schedule sets out the governance structure for the Agreement, including the roles and responsibilities of each Party that are required to maintain an effective working relationship. For clarity, the Customer shall own the governance process.
1.2
This Schedule also sets out the primary interfaces for the management of the Agreement and the management of the relationship between the Customer and the Service Provider. The Parties acknowledge that day-to-day operation of the Services will be under the governance of the applicable annexes of Schedule 2 (Service Descriptions).
1.3
Each Party shall appoint an individual with overall responsibility for operation of the Agreement and overall responsibility for performance of that Party’s obligations under the Agreement. As at the Effective Date, these people shall be:
(a)
Contract Manager and or named alternative for the Customer (the “Customer Individual”); and
(b)
Contract Manager and or named alternative for the Service Provider (the “Service Provider Individual”).
1.4
Each Party agrees that the performance and effectiveness of the governance processes defined in this Schedule 12 (Governance and Service Management) will be subject to regular review by the Customer. If the Customer considers that the performance and effectiveness of the governance process is not adequate, the Customer will propose changes to the relevant governance process for agreement by the Service Provider. The Service Provider will not unreasonably withhold or delay their agreement to the Customer’s proposed governance process changes.
1.5
The Parties agree that the governance provisions of Schedule 8 (Transition and Transformation) shall apply in respect of Transition, Committed Transformation and Change Projects undertaken pursuant to this Agreement.
1.6
The Parties agree that the hierarchy of governance is as follows:
(a)
Annual review (annually)
(b)
Steering Committee (quarterly, and monthly initially)
(c)
ITO operational governance (at least monthly)
(i)
ITO run board meeting
(ii)
ITO delivery board meeting
(iii)
ITO commercial board meeting




1.7
The interfaces between the governance of this Agreement and the Customer’s executive governance process is shown in Appendix 12-B
2
ANNUAL REVIEW
2.1
The Parties shall undertake an annual review six (6) months after the First Service Commencement Date and thereafter at regular intervals of twelve (12) months during the Term.
2.2
The Parties shall meet at the Customer’s offices or such other location as the Customer may reasonably request in order to undertake the annual review. The Parties may use video or audio conferencing facilities where offshore representatives are to be included.
2.3
The matters to be considered during the annual review shall include:
(a)
each Parties plans and objectives for the coming year;
(b)
commercial performance of the Agreement in comparison to the financial business case and the strategic objectives of the outsourcing agreement with (where applicable) the Service Provider providing (innovative) recommendations and action plans to improve commercial performance;
(c)
performance standards generally including progress against the Customer’s strategic, tactical and operational objectives, Services complaints and material Services downtime or performance issues impacting the Customer’s business operations with (where applicable) the Service Provider providing recommendations and action plans to improve overall Services performance;
(d)
the relationship between the Customer and the Service Provider;
(e)
any required or agreed material Change to the Services or Deliverables of the outsourcing arrangement;
(f)
any material Operational Risk, Services risk and issues identified in the performance of the Services and their associated mitigation;
(g)
disputes that have been agreed or are outstanding;
(h)
the Customer and the Service Provider’s business and technology strategies including innovation, transformation and service evolution;
(i)
advice and guidance regarding technology, market trends and planning specific to the Customer’s business requirements;
(j)
review of continuous improvement, efficiencies and innovation;
(k)
disaster recovery testing results;
(l)
cyber security review;
(m)
review of the performance of Third Party Providers, managed pursuant to Schedule 14 (Service Integration); and
(n)
such other matters as the Customer and Service Provider may require and/or the Parties may agree from time to time.




2.4
The Service Provider shall be responsible for providing such reports as may be required to enable the Parties to review the matters set out in paragraph 2.3 above.
2.5
The Service Provider shall be responsible for ensuring that the results of the annual review are issued for the Customer’s approval within ten (10) Business Days of such meeting, and thereafter the Service Provider shall as soon as reasonably practicable implement any agreed decisions arising out of the annual review, including, in respect of the Services, Charges and Service Levels.
2.6
The attendees of the annual review will be selected members of the Steering Committee as indicated in paragraph 3 below. Changes to the annual review committee members will be agreed by the Customer’s Steering Committee chairperson.
3
THE STEERING COMMITTEE
3.1
Each Party may appoint representatives to the Steering Committee who shall, subject to the Contract Change Control Procedure, have the authority to make decisions on behalf of their respective Parties.
3.2
Steering Committee meetings shall be held on a monthly basis for six (6) months (or longer as may be required) after the Effective Date with the first meeting being held no later than thirty (30) days after the Effective Date thereafter moving to quarterly intervals or at such other times as agreed between the Parties to:
(a)
review any significant reports provided by the Service Provider;
(b)
consider any matters escalated to the Steering Committee from the operational governance forums referenced in paragraph 4 below;
(c)
review the Balanced Scorecard in accordance with Appendix 12-A of this Schedule 12;
(d)
review the briefings and reports from the Transition Services Board on the general performance of the Transition (until such time as the Transition Plan is complete, Transition Milestones are achieved and the Transition is fully accepted by the Customer) and Transformation;
(e)
review and discuss commercial, financial, Run Service and Change Management Service performance and agree actions and timescales to remediate non-performance;
(f)
allow for a discussion between the Customer’s IT and business transformation leadership and the Service Provider’s Executive Sponsor, UKI Insurance Head, and CIO / Head of Change (or each Parties authorised and senior alternate) regarding all matters within the public domain pertaining to the Service Provider’s ongoing financial good standing, the Service Provider’s ability to continue to perform the Services and its strategic and investment plans pertaining to its ability to perform the Services on an ongoing basis;
(g)
review the status of the Service Provider change portfolio, confirm the execution of the change portfolio plan, identify any impediments to delivery, agree actions and plan to resolve any impediments;
(h)
deal with any matters referred to it for assessment under the Dispute Resolution Procedure;
(i)
review Operational Risk and significant risks and issues and confirm and approve Service Provider mitigating actions as required;
(j)
assess the progress of the Services and the working relationship of the Parties and key Third Party Providers;
(k)
review proposals for cost reduction or improvement in the Services;




(l)
request, and or review requested, specialist consulting and advisory papers on technology or market topics; and
(m)
Review the status of Transition, Committed Transformations and (if any) Future Transformations.
3.3
As at the Effective Date, the Steering Committee comprises the attendees listed in the table below. Those attendees with a “yes” in the “Annual Review Attendee” column are required attendees for the annual review described in section 2 of this Schedule 12 but are optional for all other Steering Committee meetings.
Customer Attendees
Annual Review Required Attendee
Service Provider Attendees
Annual Review Required Attendee
Group Chief Operating Officer (Chairperson)
Yes
Executive Sponsor
Yes
Director of Business Transformation
Yes
UKI Insurance Head
Yes
Chief Technology Officer
Yes
CIO / Head of Change
Yes
Global Head of Procurement
Yes
Delivery Lead
Yes
Head of Enterprise Portfolio Management Office (reporting conduit to the customer executive committees)
Yes
Delivery Lead (off shore)
 
Contract Manager
Yes
Run Service Lead UK
 
Relationship Manager
 
Run Service Lead US
 
Head(s) of Portfolio Delivery
 
Program Manager
 
Transition Manager (for the period of the Transition)
 
Transition Manager (for the period for the transition)
 
Specialist Subject Matter Experts as invited by Steering Committee chairperson
 
Specialist Subject Matter Experts as invited by Steering Committee chairperson
 

3.4
The Service Provider shall be responsible for ensuring that the results of the Steering Committee are issued for the Customer’s approval within five (5) Business Days of such meeting, and thereafter the Service Provider shall, as soon as reasonably practicable, implement agreed decisions arising from the Steering Committee.
4
ITO OPERATIONAL GOVERNANCE
4.1
Both Parties agree that day-to-day governance processes are defined in the annexes to Schedule 2 (Services Descriptions). The manner in which such matters will be reported to the operational governance committees is described in paragraph 4.2.
4.2
The Parties will establish the following operational governance committees and meetings by three (3) months after the Effective Date. These meetings will take place at least monthly, may take place concurrently and may be attended by the same or overlapping groups of attendees. The Service Provider shall circulate outputs of each meeting within five (5) Business Days of the meeting taking place.
(a)
The “ITO Run Board Meeting”




Key Attendees
Key Matters to be Considered
For the Customer:
o    Chief Technology Officer (Chairperson).
o    Heads of Aspen Run Functions.
o    Contract Manager.
o    Transition Manager (for the period of the Transition).
o    IT Procurement Lead.
For the Service Provider:
o    CIO / Head of Change.
o    Delivery Lead.
o    Run Service Lead UK.
o    Run Service Lead US.
o    Delivery Lead offshore.
o    Service Provider Tower Level Delivery Heads.
o    Transition Manager (for the period of the Transition).
o    Transformation Manager.
Such other attendees as the Parties deem appropriate.

Performance by the Service Provider against the Performance Standards – including review of the Service Level Reports and Weekly SL Reports.
Continuous improvement and innovation.
Any issues and risks arising with the performance of the Customer Dependencies.
Review each Service Tower’s end-to-end performance dashboard reports.
Review of Forecast Volumes and Firm Volumes.
Service Capacity & Demand.
Charges & Invoicing.
Transition progress and impact on the day to day run Services.
Change Requests (outstanding, implemented, proposed).
4.3    Security.
4.4    Tooling.

(a)
The “ITO Delivery Board Meeting”




Key Attendees
Key Matters to be Considered
For the Customer:
o    Director of Business Transformation (Chairperson).
o    Chief Technology Officer.
o    Head of UK Portfolio Delivery.
o    Head of US Portfolio Delivery.
o    Contract Manager.
o    Head of Enterprise Portfolio Management Office.
o    IT Procurement Lead.
For the Service Provider:
o    CIO / Head of Change.
o    Delivery Lead.
o    Change Lead.
o    Program Manager.
o    Lead Architect.
o    Change Delivery Lead offshore.
Such other attendees as the Parties deem appropriate.
Change Portfolio Status.
Change Portfolio Plan.
Change Portfolio conflicts and resolution.
Change Risks and Issues encountered in the delivery of Services.
Change Projects at risk or moving into at risk status.
New Change Proposals (transformation, innovation, business request).
Pipeline and Delivery Demand Planning.
Delivery Capability & Uplift.
Transformation status and performance.
4.5    Change Management.
4.6    Continuous Improvement and innovation.
4.7    Achievement of committed spend.
4.8    Tooling.

(a)
The “ITO Commercial Board Meeting”




Key Attendees
Key Matters to be Considered
For the Customer:
o    Contract Manager (Chairperson).
o    IT Procurement Lead.
o    Finance representative.
For the Service Provider:
o    Contract Manager
o    CIO/ Head of Change
o    Common Service Lead
o    Delivery Lead
o    Contract Manager (offshore)
o    Finance Lead (offshore). Delivery Lead (off shore)
Such other attendees as the Parties deem appropriate.
Financial and Budget Summary.
Third Party Service Provider Performance.
Contract Changes.
Risks & Issues.
Contract / Service Change Requests.
Benefit Realisation against ITO Business Case.
4.9    Savings and Improvement Proposals.
4.10    Service Credits and Debits.


5
REPORTING
5.1
The Service Provider shall prepare the following reports for the purposes of this Schedule 12:
5.1.1 Annual Review:
(a)
within three (3) months of the Effective Date, the Service Provider shall provide a template for the annual review; and
(b)
the Customer will review the annual review template within one (1) month of receipt of the template from the Service Provider. The Customer may request reasonable amendments to the template. The Service Provider will within one (1) month of receipt of the amendment request update the template as requested or provide justification as to why the amendment cannot be executed.
5.1.2
Steering Committee Reports:
i.
Reporting shall be at a consolidated level to enable the Customer and the Service Provider Executive Members of the Steering Committee to quickly access the status of the Agreement and make decisions as required;
ii.
for a period of three (3) months from the Effective Date, the Service Provider will provide to the Customer the Service Provider’s standard monthly Steering Committee Report incorporating the Steering Committee key matters as defined in paragraph 4.2 above. The report shall be in the form of “consolidated, run and change dashboard reports” enabling the review of end-to-end delivery of the Services, reports on both Customer and Service Provider performance and the hand offs between the Parties’ respective Service Provider and Customer management teams; and
(c)
within two (2) months of the Effective Date, the Service Provider will provide the Customer with a worked example of a Steering Committee and/or anonymised client Steering Committee Report. The




Customer will review the report and may request reasonable amendments to the report. The Service Provider will amend the reports as requested or provide reasonable justification as to why the amendment cannot be actioned. The Service Provider will implement the agreed Steering Committee report in month four (4) after the Effective Date;
5.1.3
Balanced Scorecard Report:
commencing in month four (4) after the Effective Date, the Balanced Scorecard report (it being agreed that this will initially be largely unpopulated as only sections where the Service Provider has completed Transition will be populated); and
5.1.4
any other reports that the Parties agree to prepare from time to time.
5.2
Pursuant to paragraph 4.1.2 of Schedule 2 (Service Description), the Service Provider shall meet the following Operational Reporting requirements for ITO Run, ITO Change and ITO Commercial Boards:
(a)
the Customer will use Service Provider standard reports or dashboards wherever possible;
(b)
for the first six (6) months after the Effective Date the Customer will use the standard Service Provider dashboard Reports. These Reports should enable the Customer to fully understand the status, performance, risks and issues of all aspects of the Services being provided by the Service Provider; and
(c)
after five (5) months, the Customer may request reasonable amendments to the reports provided. The Service Provider will amend the Reports as requested or provide a justification as to why the requested Reports cannot be actioned. The Service Provider shall implement the revised Report in month seven (7) after the Effective Date.
6
CHANGE AUTHORITIES
6.1
The Customer Change Authorities are responsible for ensuring that the consequences of technology and service change decisions are in alignment with Business and IT strategies and objectives such that business operations can be improved and benefits secured in a coordinated manner across the organisation. The Design Authorities are responsible for defining the overall Customer technology framework and for the approval of all change to that framework.
6.2
The Customer operates three (3) Change Authorities (which are anticipated to remain in place):
(a)
Enterprise Architecture Board (IT strategy, solution design, software and technical integration and data architecture);
(b)
Infrastructure Architecture Board (service and infrastructure design to meet the requirements of the business such as virtualisation, cloud and high availability); and
(c)
Change Advisory Board (production readiness quality assurance and approval of all change before production deployment).
6.3
The Service Provider will be requested by the Customer to provide appropriate technical experts to attend the Customer Change Authorities during the lifecycle of a change. The chairperson of the appropriate Customer Change Authority will initiate the invite and define the documentation required to support the Service Providers attendance.
7
Project Board




7.1
The Service Provider and the Customer agree that a Project may have its own Project Board or similar committee (“Project Steering Committee”) to govern and direct the delivery of that project. The governance arrangement for a Project Steering Committee is detailed in Annex 5 to Schedule 2 (Service Descriptions).
8
THIRD PARTY PROVIDER ISSUE MANAGEMENT
8.1
If the Service Provider is not receiving the cooperation that it requires from any Third Party Provider, for which the Customer owns the relationship of that Third Party Provider, and the lack of cooperation will impact on the Service Provider’s ability to perform any of the Services, then the Service Provider shall promptly notify the Customer’s Contract Manager in writing, pursuant to Schedule 14 (Service Integration).
8.2
In the first instance, the Service Provider shall use all reasonable efforts to resolve any dispute between the Service Provider and any Third Party Provider. The Customer hereby confirms its permission for the Service Provider to act on its behalf in this regard, subject to (i) complying with any specific guidelines provided by the Customer Contract Manager and (ii) that the Service Provider shall not discuss any financial matters on behalf of the Customer.
8.3
If the Service Provider is unable to resolve a dispute with a Third Party Provider, it shall refer the matter promptly to the Customer’s Individual. The Service Provider and the Customer shall co-operative fully to resolve the Third Party Provider non-performance.
8.4
The Third Party Service Provider performance will be reported by the Service Provider to the ITO Commercial Board pursuant to clause 4.3.
9
BALANCED SCORECARD
9.1
The Service Provider’s overall performance of the Services and of the relationship between the Parties will be monitored through the implementation of a performance management scorecard (the “Balanced Scorecard”).
9.2
At the request of the Customer, the Service Provider shall work with the Customer to agree a Balanced Scorecard within four (4) months of the Effective Date.
9.3
The Service Provider shall produce the Balanced Scorecard on a quarterly basis for submission to the Steering Committee.
9.4
The information to be contained in the Balanced Scorecard is set out in Appendix 12-A to this Schedule.
10
OPERATIONAL RISK
10.1
The Service Provider must inform the Customer Individual immediately when the Service Provider becomes aware of the potential for or an actual material deficiency in the provision of the Services or this Agreement (“Operational Risk”).
10.2
The Customer will inform the Service Provider Individual immediately when the Customer becomes aware of an Operational Risk in the provision of the Services, the Outsource Arrangement or this Agreement
10.3
The Service Provider will register and maintain a risk register of all Operational Risks raised by either the Service Provider or the Customer. The Operational Risk must be registered in the risk register by the Service Provider within one (1) working day of notification to the Service Provider’s Service Lead and Delivery Lead offshore (copied to the PMO Lead).
10.4
The Customer Individual will report the Operational Risk to the Customer local Head of Compliance, and the chairperson of the Steering Committee.





10.5
Within five (5) Business Days of the Operational Risk being registered in the risk register the Service Provider will provide, for agreement with the Customer, a mitigation plan to mitigate the Operational Risk.
10.6
Should the Service Provider, in their own reasonable opinion, believe that any existing or proposed Services be notified to a Regulator they should inform the Customer’s Contract Manager who will notify the Customer local Head of Compliance.
11
Escalation
11.1
Escalation between the Parties arising out of issues relating to the Governance arrangements set out in this Schedule 12 or the provision of Services, shall initially by dealt with by the Parties’ respective Contract Managers appointed under the Agreement; and if the dispute is not resolved by the respective Contract Manager(s):
(a)
then by the Customer’s Director of Business Transformation or Chief Technology Officer (or his or her or their designated nominee) and the CIO / Head of Change in the Service Provider’s organisation;
(b)
then by the Customer’s Group Operating Officer (or his/her designated nominee) and in the UKI Insurance Head the Service Provider’s organisation; and
(c)
then by the Customer’s Chief Executive Officer (or his/her designated nominee and the Executive Sponsor in the Service Provider Organisation.
11.2
Notwithstanding clauses 11.1, where one of the circumstance set out in clause 8.5 occurs, the Customer shall be free at any time to invoke the process set out in that clause.

















APPENDIX 12-A

BALANCED SCORECARD
1
PURPOSE
1.1
The purpose of the Balanced Scorecard is to drive the appropriate Service Provider and Customer behaviour in line with the Customer’s business objectives, in addition to the key performance metrics described in paragraph 3.2 of this Appendix 12-A.
1.2
The assessment of Balanced Scorecard metrics takes place throughout the quarter so that the Balanced Scorecard reflects performance across the whole quarter.
2
PRINCIPLES
2.1
The key principles of the Balanced Scorecard are: 
(a)
easy visibility of successes and failures through a dashboard approach;
(b)
create key performance metrics specifically important to the Customer and the Service Provider that can be adjusted through the life of the Agreement to reflect dynamic business;
(c)
promotes alignment of service and commercial goals and behaviours;
(d)
promotes continual service improvement;
(e)
the Balanced Scorecard shall be monitored through the Steering Committee;
(f)
the Parties may request that the Balanced Scorecard is amended to reflect (i) changes in the Customer business priorities and objectives and/ or (ii) service risks and concerns. These amendments may include but not be limited to specifying the Balance Scorecard structure, number and composition of the top-level elements, sub-elements, the specific measurements and their definition. The amendments will be advised by the Customer or the Service Provider at the Steering Committee to be mutually agreed;
(g)
the Customer shall be able to promote or demote with the written agreement of the Service Provider any existing and agreed measures on the Balanced Scorecard as it deems appropriate; and
(h)
the responsibility for the production and reporting of the Balanced Scorecard shall be with the Service Provider.
3
METHODOLOGY
Assessment
3.1
The Balance Scorecard will be assessed by a combination of ‘hard’ service measures taken from existing service performance statistics along with ‘soft’ perception measures obtained through governance review. Wherever possible, all metrics whether they be ‘hard’ or ‘soft’ should be objective measurements and not subject to interpretation. Relationship scores may be based on the number of escalations, the number of Business Impact Initiatives submitted, the number of Agreement Changes via the Contract Change Control Procedure (not relating to new Customer requirements), the number of Customer appreciations sent to the Service Provider as well as Customer satisfaction.

Key Performance Metrics




3.2
The key performance metrics (in addition to the Service Level Measures, as defined in Schedule 3 (Service Levels and Service Credits)) will be agreed between the Service Provider and the Customer prior to the First Service Commencement Date and will align with the Customer’s key objectives and requirements with regard to desired behaviour expected from the Service Provider and the Services. Each key performance metric will include:
(a)
description and objective of metric;
(b)
description of successful performance and how this will be measured, including duration of metric / review period; and
(c)
ownership and agreement/variation process (if different to the process in paragraph 3.1 of this Appendix 12-A).
3.3
The specific measures will be defined by the Parties prior to the applicable Service Commencement Date, to be mutually agreed. This will be included within the relevant Transition tollgate.
Balanced Scorecard Scoring
3.4
Scores will be agreed for each metric and will be expressed as ‘RAG’ in accordance with the Customer defined ratings. Weighting will be assigned to the top level elements and sub-elements by the Parties to reflect (i) Customer’s business priorities at that time and (ii) service risks and concerns, to be mutually agreed.
3.5
A historic record of the Balanced Scorecard will be kept for the duration of the Agreement so the trend analysis can be made. The Balanced Scorecard report will include a record of current status and a ‘RAG forecast’ for the next month.
3.6
Where red or amber scores are given for a metric, the Service Provider shall propose clear measurable actions intended to change the ‘RAG’ status to green for the next reporting period for agreement by the Customer at the Steering Committee.
Customer and Service Provider Responsibilities
3.7
In order for this reporting system to work effectively there are a number of responsibilities which must be undertaken by both Parties.
The responsibilities of the Service Provider
3.8
The Service Provider shall:
(a)
produce performance statistics and Balance Scorecard report;
(b)
present the Balanced Scorecard to the Steering Committee;
(c)
attend meetings in line with the Agreement;
(d)
produce a monthly Balance Scorecard report (notwithstanding that some measurements will be taken quarterly as specified by the Customer); and
(e)
document and implement agreed remedial actions.
The responsibilities of the Customer
3.9
The Customer shall:




(a)
participate in monthly Customer surveys and work to achieve participation rates to enable meaningful scorecard evaluation;
(b)
manage the Service Provider’s contact with the Customer; and
(c)
attend meetings in line with the Agreement.
3.10
If these Customer activities are not completed as agreed it may not be possible to generate accurate ratings for the Balanced Scorecard report, in which case no score (i.e. neutral) will be recorded and the matter will be reported by the Service Provider to the Steering Committee including reasons for there being no score and the actions and timescale required to complete the Balanced Scorecard.






APPENDIX 12-B

CUSTOMER GOVERNANCE
[***]





SCHEDULE 13

CONTRACT CHANGE CONTROL PROCEDURE
1.
INTRODUCTION

1.1
This Schedule sets out the procedure that shall apply to the classification, processing and approval or rejection of Changes.
1.2
Change Requests can emanate from either Party and shall be documented as a Change Request in accordance with paragraph 3 below. The Service Provider shall not charge the Customer for preparing or responding to a Change Request or for the preparation of any documentation relating to a Change Request.
1.3
All changes to the Services (including to any outputs of the Services such as Deliverables) shall be managed using the Contract Change Control Procedure unless such changes are those envisaged by individual Service Tower service descriptions in which case the procedures specified in such service description shall apply.
1.4
The Service Provider shall record and track the progress of all Change Requests and report the status of Change Requests as part of its standard reports to the Customer.
2.
NEW SERVICES

In the event that the Customer requests the Service Provider to provide a New Service and the Service Provider agrees to provide such New Service (such agreement not to be unreasonably withheld or delayed), the Service Provider and the Customer shall agree on the nature and scope of the New Service, including any Service Levels for performance (as may be applicable), the related Charges, and appropriate amendments to the part(s) of the Agreement affected (if any) and/or any changes needed in a SOW.
3.
CHANGE REQUEST PROCEDURE

3.1
Change Requests
3.1.1
While either Party may propose a Change, save to the extent specified in any applicable “fast-track” change process, the Service Provider must not unreasonably withhold or delay its consent to any Change proposed by or modified by the Customer.
3.1.2
All Change Requests shall be authorised by an authorised representative of the Party that requests the Change, who shall act as the Change Request sponsor throughout the Contract Change Control Procedure, and who shall complete Part A of the Change Control Note. Part B of the Change Control Note shall be completed by the Service Provider. Change Requests shall be presented to the appropriate authorised representative of the other Party who shall acknowledge receipt of the Change Request. The Parties shall agree within five (5) Business Days the timescale for completion of each Change Request. Each single Change shall generate a single Change Request.
3.2
Service Provider’s Obligations
Irrespective of which Party raises the Change Request, for each Change Request, the Service Provider shall assess the Change Request and complete Part B of the Change Control Note in accordance with the timescales agreed with the Customer, which in any event shall not exceed ten (10) Business Days. In completing Part B of the Change Control Note, at a minimum the Service Provider shall provide:
3.2.1
a description of the Change and whether the Service Provider considers that the Change is a New Service and should be dealt with in accordance with paragraph 2 above;
3.2.2
the information required in the Change Control Note pro-forma; and




3.2.3
the reasoning behind a proposed Change where the Change is proposed by the Service Provider;
3.2.4
the rationale for any proposed Charges arising from the proposed Change (it being acknowledged that the Service Provider shall not be obliged to disclose its actual costs or profit margins); and
3.2.5
any proposed amendments to the Agreement, as required.
4.
REVIEW AND APPROVAL

4.1
Prior to submission of the completed Change Request to the Customer, the Service Provider shall undertake its own internal review of the proposal and obtain all necessary internal approvals.
4.2
The Customer shall review the Change Request and following such review may:
4.2.1
accept or reject the Change Request;
4.2.2
require the Service Provider to resubmit the Change Request, providing reasonable details of the parts of the Change Request that do not meet with the Customer’s approval;
4.2.3
request more information from the Service Provider.
4.3
Where a Change Request does not meet with the Customer’s approval, the Parties shall negotiate in good faith. Any failure to reach agreement shall be referred to the Dispute Resolution Procedure, provided that the Customer shall be entitled to reject any Change proposed by the Service Provider in the event that any matter relating to such Change is not approved by the Customer.
4.4
Subject to paragraph 4.5 below, following an internal process of approval by the Customer and agreement between the Parties, Part C of the Change Control Note shall be signed by both Parties.
4.5
No Change to any part of this Agreement can be implemented without the prior written consent of the Parties. The Service Provider shall not take any action or implement any decision which may have a material effect on the Customer or which adversely affects the function or performance of, or decreases the resource efficiency of the Services, including implementing changes in technology, equipment and software configuration, without first obtaining the Customer’s written approval. If the Service Provider proceeds with a Change without the Customer’s prior written authorisation, such Change shall be entirely at the Service Provider’s cost and risk (and the Customer may require the Service Provider to undo the Change at its own expense).
4.6
A Change Request signed by both Parties shall constitute an amendment to this Agreement.
4.7
Subject to agreement by the Parties on the price of a Change (where a Change is chargeable and provided always the Service Provider acts reasonably in agreeing the Charges applicable to the Change by reference to the Rate Card and such other pricing factors as are reasonable in the circumstances) the Service Provider is obliged to implement all Changes at the Customer’s request unless: (i) this is not technically feasible for the Service Provider adopting Good Industry Practice; (ii) the Service Provider, adopting Good Industry Practice, cannot reasonably implement the Change in the required timescale; or (iii) implementing the Change would or might cause the Service Provider to contravene Relevant Law.
5.
REGULATORY CHANGE

5.1
The Parties each acknowledge and agree that if a Change is required to accommodate a Regulatory Change (applying after the Effective Date), then such Changes shall be implemented using the Contract Change Control Procedure and the costs relating to such Change shall be allocated as follows:
5.1.1
Regulatory Change that impacts Customer Applicable Regulations:
(a)
Subject to paragraph 5.1.1(b), if a Regulatory Change occurs during the Term and such change is due to a change in Customer Applicable Regulations, then the Customer shall be responsible for the costs of implementing the Regulatory Change.




(b)
[***].
5.1.2
Regulatory Changes due to Service Provider Applicable Regulation changes:
(a)
If a Regulatory Change occurs during the Term and such change is due to a change in Service Provider Applicable Regulations, then the Service Provider shall be responsible for the costs of implementing the Regulatory Change.
5.1.3
Regulatory Changes that are not covered by paragraphs 5.1.1 and 5.1.2:
(a)
If a Regulatory Change occurs during the Term which is not a Regulatory Change that comes within paragraph 5.1.1 or paragraph 5.1.2, then the Parties shall, acting in good faith, work together to agree how to allocate the costs of such Regulatory Change.











APPENDIX 1
PRO FORMA CHANGE CONTROL NOTE
Change Request
Change Request Number:
Part A: Initiation
 
Brief description: [insert reference to MSA or relevant SOW to ensure it is clear which document is being changed]
 
Originator:
 
Contact number:
 
Sponsor:
 
Contact number:
 
Date of initiation:
 
Required by date:
 
 
Details of Proposed Change
(Include reason for change and appropriate details/specifications. Identify any attachments as A1, A2, A3, etc)



Authorised by Customer :
Date:
Name:
 
Signature:
 
Received by Service Provider:
Date:
Name:
 
Signature:
 





Change Request:
Change Request Number:
Part B: Evaluation
 
(Identify any attachments as B1, B2, B3, etc.)
Changes to Services, terms of the Agreement, personnel to be provided, charging structure, payment profile, documentation, training and any other contractual issue.
Description of Change:


Impact:
(Refer to any impact analysis attachment where applicable)

Deliverables:

Timetable:

Customer Dependencies

Charges for Implementation:
(Include a schedule of payments. If not applicable, mark “Not Applicable”)

Other Relevant Information:
(Include value-added and acceptance criteria)

Amendments to the Agreement (or SOW) resulting from this Change:
(Clearly describe the changes to be made, e.g. Delete section 3 of the SOW and replace with new section 3 attached to this Change Control Note; Amend clause 4.2 of the Agreement as follows…)

Authorised by Service Provider:
Date:
Name:
 
Signature:
 





Change Request
Change Request Number:
Part C: Authority to Proceed
 
Implementation of this Change Request as submitted in Part A, in accordance with Part B, is:
(tick as appropriate)
 
Approved
or
Rejected
or
Requires Further Information (as follows, as Attachment 1, etc)
 
Pursuant to clause 3.5 of the Agreement, the Parties agree that the UK Customer is authorised to execute this Change Control Note for and on behalf of each of the US Customer and the Bermuda Customer.
 
For Customer
For Service Provider
Aspen Insurance UK Services Limited
Signature
Signature
Name
Name
Title
Title
Date
Date
 
Aspen Insurance U.S. Services Inc.
For the purposes of acknowledging that Cognizant Technology Solutions US Corporation will be providing services on behalf of Cognizant Worldwide Limited in the United States only
Signature
Signature
Name
Name
Title
Title
Date
Date
Aspen Bermuda Limited
 
Signature
 
Name
 




Title
 
Date
 






SCHEDULE 14

SERVICE INTEGRATION AND MANAGEMENT

“End-to-End Service” means the combination of the Services with third party and the Customer related elements identified in Appendix 14-A. 
OLA” means an operating level agreement being an agreement or understanding reached between the Service Provider and a TPP in relation to the handoffs between them and dependencies, and measurements they have on each other.
Service Integration” means the process by which various elements of the Services and third party and Customer provided services and inputs related to the Services are integrated with each other so as to create a seamless End- to-End Service for the Customer and the End Users.
Service Integration Services” means the Services to be performed by the Service Provider in order to enable Service Integration as further described in Schedule 14 (Service Integration and Management).
Service Integrator” means the entity that takes responsibility for Service Integration, in this Agreement, that shall be the Service Provider. 
Service Management” means the aspect of the Common Services described as such in paragraph [x] of Schedule 2 (Services Descriptions) which the Service Provider shall ensure are delivered in line with ITIL and industry best practice.
Third Party Management Services” means management of the performance of Customer’s Third Party Providers in the areas of Incident resolution, Problem Management and Change Management.
Third Party Provider” or “TPP” means a third party entity that provides goods or services to the Customer Group in relation to or otherwise connected to the End-to-End Services.  The contracts with such TPPs shall be Managed Agreements, pursuant to clause 14.3. Appendix 14-A to Schedule 14 defines the TPPs in scope.

PURPOSE
1.1
This Schedule 14 describes the Service Provider’s role as Service Integrator and the Service Integration Services to be provided under this Agreement. In this role, the Service Provider will provide the Third Party Management Services in accordance with this Schedule 14.
1.2
The Service Provider will be responsible for the management of the performance of the TPPs to their contracts with the Customer in respect of Incident resolution, Problem Management and Change Management, pursuant to clauses 14.3 and 14.4.
1.3
Service Provider will provide a single point of operational contact and operational escalation for Third Party Providers (TPPs).
1.4
The Service Provider’s management team will work with the Customer and TPPs to establish the documentation required in accordance with paragraph 3 of this Schedule 14.
1.5
The Service Provider will perform Service Management as set out in Schedule 2 (Service Descriptions) for the End-to-End Services, in accordance with the Schedule 12 (Governance and Service Management) as reasonably required.




1.6
For the avoidance of doubt the Service Provider obligations in respect of such TPPs are to manage them to the terms of their respective Managed Agreements in accordance with clauses 14.4 and 14.5 only and will exclude commercial management of the TPPs, with the objective of delivering the End-to-End Services.
1.7
The Service Provider will recommend to the Customer clear lines of responsibility between TPPs, the Customer and the Service Provider and defined interfaces.
1.8
The Service Provider shall provide a Service Management tool in which to record progress of Incidents, Problems and Changes which have been allocated to the TPPs. The Service Provider will establish an electronic interface (e-bonding) with the TPP’s own service management tools where the parties (including the relevant TPP) agree. This will be at the Customer’s cost unless it can be achieved without incremental cost.
1.9
As part of the continuous service improvement activities described in paragraph 2.1.7 of Schedule 2 (Service Descriptions), the Service Provider will make recommendations to the Customer and the TPPs, designed to reduce the volume of Incidents, Major Incidents, and Problems, as set out in clause 14.5.
1.10
The Service Provider shall support the delivery of an End-to-End Service in accordance with this Schedule 14 and the operational risk processes and procedures as set out in the Procedures Manual.
1.11
Service Integration Services will be provided in a manner that is consistent with the Service Provider.
1.12
Where the Service Provider is contractually responsible for a TPP (in which case the TPP will be considered an Approved Subcontractor) then it shall be fully responsible for the relevant End-to-End Service pursuant to the Agreement (including but not limited to as set out in Schedule 3 (Service Levels and Service Credit), including managing the performance and achievement of the required level of performance and/or Service Levels for that End-to-End Service irrespective of whether that service or Service or any element of that service or Service is delivered or performed by the Service Provider or the TPP.
OLA'S
1.13
The Customer and the Service Provider, working together, shall use reasonable endeavours to procure that:
(A)
all TPPs enter into an individual OLA with the Customer; and
(B)
all TPPs provide (or give permission for the Customer to provide) copies of the operational parts their contracts (including service description and service levels) to the Service Provider in order that the Service Provider can manage them to their contractual obligations, with the objective of delivering visibility of the End-to-End Service.
1.14
In the event that any required documentation with a TPP is not provided to the Service Provider prior to the applicable Service Commencement Date, the Customer will use its reasonable endeavours to procure that the relevant TPP provides the Service Provider with all information, assistance and cooperation reasonably required by the Service Provider to provide the Service Integration Services.
1.15
If any relevant documentation is still not provided 3 (three) months following the applicable Service Commencement Date, the matter will be escalated by the Customer in line with its dispute resolution arrangements with that TPP.

SERVICE INTEGRATION SERVICES
1.16
In order to provide the Service Integration Services, the Service Provider will deliver the Common Services as detailed in Annex 1 of Schedule 2 (Service Descriptions) and the Business Continuity and Disaster Recovery Services as detailed in Schedule 16. For the avoidance of doubt, the Service Provider has no responsibility for the business continuity or disaster recovery arrangements of the TPPs.




1.17
The Service Provider will be responsible for the management and co-ordination of the service provided by the TPPs pursuant to clause 14 of the Agreement.
1.18
The Service Provider will:
(A)
identify and propose improvements in the processes followed by the TPPs in handling Incidents, Problems and Changes; and
(B)
be the first escalation point for matters relating to such process.
1.19
The Customer will:
(A)
provide a focal point to support ongoing development of such processes;
(B)
review and provide feedback, annually, on such processes;
(C)
act as final escalation point for matters relating to the processes that the Service Provider has attempted to resolve but is unable to resolve; and
(D)
collaborate with the Service Provider and TPPs on enhancements to the processes.
EXCLUSIONS
1.20
The Service Provider is not responsible for the services provided to the Customer by the TPPs under any Managed Agreement (and thus the Service Provider shall not be liable for any failure by the TPPs, including any impact on Service Levels, or obligated to perform the services provided by any TPP if the relevant TPP fails to do so).










APPENDIX 14-A
CUSTOMER THIRD PARTY PROVIDERS

[***]








SCHEDULE 15

EXIT PLAN AND SERVICE TRANSFER ARRANGEMENTS
1.
OBJECTIVES
1.1
The purpose of Termination Assistance is:
1.1.1
to enable the Service Provider to cease supplying the Services or such part(s) of the Services as are to be terminated and for the Customer or the Successor Service Provider during and in any event no later than the end of the Termination Assistance Period to undertake the applicable Replacement Services; and
1.1.2
to eliminate or minimise any disruption or deterioration of the Services, or failure to achieve the Service Levels, during and as a result of the handover from the Service Provider and the commencement of the Replacement Services.
2.
TERMINATION PLANNING
2.1
The Service Provider shall develop a plan for the smooth and effective management of the termination or expiry of this Agreement (the “Exit Plan”) and, within ninety (90) days following each Service Commencement Date, shall submit the same for approval by the Customer. The Service Provider shall ensure that the Exit Plan shall be sufficiently clear and detailed to enable the Customer and the Service Provider to meet the objectives set out in paragraph 1 above. The level of detail of the Exit Plan shall be reasonable but in any event sufficient to provide the procedures and responsibilities for an orderly transition of Services. In the event that the Agreement terminates within ninety (90) days of the [first] Service Commencement Date, the Service Provider shall submit the Exit Plan to the Customer within twenty (20) days of the date of the termination notice. The Parties acknowledge that the Exit Plan may not be aligned with the Successor Service Provider’s transition plan and therefore may not be capable of enabling the Successor Service Provider to undertake the Replacement Services without changes.
2.2
The Service Provider shall during the Term:
2.2.1
maintain the Exit Plan through the Term and any Termination Assistance Period, ensuring that it is updated regularly (including upon completion of the Transition of each service tower and following completion of any Committed Transformations or Future Transformation project) to reflect the then current Services;
2.2.2
at the Customer’s request, provide information and assistance reasonably necessary to conduct the termination in accordance with the Exit Plan as efficiently and effectively as possible;
2.2.3
jointly review and verify the Exit Plan with the Customer at least once per year (or otherwise reasonably requested by the Customer) in such a way as to provide the Customer with a high level of confidence that the process and procedures required by the Exit Plan can be put into effect at the commencement of the Termination Assistance Period. Areas of the Exit Plan which are identified as failing or requiring improvement shall be identified and the steps necessary to remedy such failures or improve such areas clearly stated and then undertaken by the Service Provider as soon as reasonably practicable.
2.3
The Exit Plan shall, amongst other things:
2.3.1
provide details of the Service Provider functions and other resources that shall provide Termination Assistance as agreed between the Parties;




2.3.2
set out clearly how the Service Provider shall engage with the Customer any third party entities it may have appointed as Successor Service Providers and/or to assist it with the exit process;
2.3.3
be designed to address all the issues set out in this Schedule 15; and
2.3.4
provide a timetable, project milestones, generic timings, process, responsibilities of each of the Parties and specify critical controls for providing the Termination Assistance.
3.
GENERAL TERMINATION ASSISTANCE OBLIGATIONS
3.1
As soon as possible (but in any event within three (3) weeks) following receipt or submission of a notice of termination or notification that the Agreement shall not be renewed the Customer may request a Termination Assistance Period of up to nine (9) months (effective from the date of such notice), and the Service Provider shall update the Exit Plan to ensure it contains the most current information and accurately predicts the timescales for conducting Termination Assistance and deliver it to the Customer.
3.2
The Parties shall meet as soon as reasonably practical following commencement of the Termination Assistance Period and agree what additional resources may be required during the Termination Assistance Period to enable the provision of Termination Assistance, and the provisions of paragraph 3.3 below shall thereafter apply.
3.3
The Parties agree as follows:
3.3.1
the Service Provider shall provide the Continuation Services during the Termination Assistance Period for the Charges;
3.3.2
to the extent provided for in the Exit Plan (or otherwise agreed between the Parties in writing), the Service Provider may be relieved from liability for Service Credits in respect of a failure to meet the Service Levels if Service Provider Personnel are removed from provision of the Continuation Services or the termination of specific aspects of the Continuation Services during the Termination Assistance Period render it unreasonable for the Service Provider to achieve the applicable Service Levels. The Parties will discuss whether any reduction in the Charges is appropriate;
3.3.3
the Service Provider shall update the Procedures Manual at the start of the Termination Assistance Period to reflect the then current nature of the provision of the Services unless it had been updated within the three (3) months preceding the start of the Termination Assistance Period;
3.3.4
the Service Provider shall undertake the activities identified under the Exit Plan and shall use Commercially Reasonable Efforts to mitigate the costs of so doing (including by the reasonable use of the Service Provider’s internal support functions such as human resources, legal and finance in support of the Service Provider’s Termination Assistance obligations); and
3.3.5
the Service Provider shall undertake any further activities that are required under the Exit Plan.
3.4
The Customer shall have an option to extend the Termination Assistance Period two times by written notice of thirty (30) Business Days each time to the Service Provider provided that each such extension shall not extend beyond three (3) months after the expiry of the original Termination Assistance Period or the previous extension period subject to the Customer paying for the Termination Assistance performed during such extension periods regardless of the reason for termination.
3.5
The Customer shall have the right to terminate its requirement for Transitional Assistance Services by serving not less than twenty (20) days’ notice upon the Service Provider to such effect.
3.6
For the purposes of this Schedule 15 and the Exit Plan, a reference to the Customer includes any other person nominated by the Customer, including any Successor Service Provider, provided that the (i) Customer shall act as an intermediary between the Service Provider and such third parties and the Service Provider’s point




of contact for the obligations in Termination Assistance shall be the Customer’s [Contract Manager] and (ii) contractual enforcement rights and remedies under this Agreement remain between the Customer and Service Provider. The Service Provider may require the Successor Service Provider and the Customer to enter into the Service Provider’s reasonable standard form agreement addressing access to Service Provider Facilities and Service Provider Equipment, including the Service Provider and the Successor Service Provider entering into an Agreed Form NDA.
3.7
Each Party shall use Commercially Reasonable Efforts to ensure that any novation of a contract to be undertaken pursuant to the terms of this Schedule 15 shall be undertaken substantially on the terms set out in Annex 2.
3.8
Each Party shall bear its own internal costs in connection with assigning and/or novating any contracts pursuant to this Schedule 15.
3.9
Each Party shall use Commercially Reasonable Efforts to minimise any costs payable to third parties in connection with the implementation of the Exit Plan and the orderly transfer of service (including any consent and transfer fees associated with obtaining any third party consent to assignment, novation, licensing or sub-licensing).
3.10
If the terms of the Exit Plan are incomplete, unclear, ambiguous or contradictory to the terms of this Schedule 15, then they are to be interpreted and construed by reference to this Schedule 15.
4.
[***] TERMINATION ASSISTANCE AND CONTINUATION SERVICES
4.1
[***], but in any event, and for the avoidance of doubt, the Service Provider shall be obliged in all circumstances to provide the Termination Assistance and Continuation Services. [***].
4.2
[***].
5.
FURTHER TENDERS
5.1
At any time during the Term, at the Customer’s request the Service Provider shall provide to the Customer and/or its potential Successor Service Providers (subject to such potential Successor Service Providers entering into reasonable written confidentiality undertakings substantially in the form of the Pro-forma NDA) the following material and information in order to facilitate the preparation by the Customer of any invitation to tender and/or to facilitate any potential Successor Service Providers undertaking due diligence:
5.1.1
details of the Service(s);
5.1.2
an up-to-date copy of inventories of any Equipment or Software used in the provision of the Services;
5.1.3
an inventory of the Customer Data in the Service Provider's possession or control;
5.1.4
details of any Dedicated Third Party Contracts and any Non-Dedicated Third Party Contracts, including the identities of the third party suppliers, the nature of the relevant services, and such other information as the Customer reasonably requires to procure alternative third party contracts and/or services (but excluding any confidential information which the Service Provider is not permitted under the terms of such contracts to disclose to the Customer or commercially sensitive information);
5.1.5
a list of ongoing and/or potential delivery challenges which may impact the provision of the Services by a Successor Supplier of which the Service Provider is aware (or should reasonably be aware) provided such provision of information would not require the Service Provider to be in breach of its obligations under any third party contract;
5.1.6
to the extent permitted by Law, all information relating to Transfer Employees required to be provided by the Service Provider under Schedule 17 (Staff Transfer); and




5.1.7
such other material and information relevant to the Services or the Replacement Services as the Customer reasonably requires,
(together, the “Exit Information”).
5.2
Provided the Service Provider and Successor Service Provider have entered into an Agreed Form NDA, the Customer may disclose the Service Provider's Confidential Information to a Successor Service Provider solely to the extent that such disclosure is necessary in connection with such engagement (except that the Customer may not under this Schedule 15 disclose any of the Service Provider’s Confidential Information which is proprietary (including any Service Provider IPR or Pre-Existing IPR), commercially sensitive information or information relating to the Service Provider’s or its Approved Sub-Contractors’ prices or costs). Nothing in this Agreement shall prevent the Customer from disclosing to potential Successor Service Providers Customer-owned information, such as: asset inventory, incident and problem ticket data, policies and procedures manuals, staffing levels and Service Levels.
5.3
The Service Provider shall:
5.3.1
notify the Customer within five (5) Business Days of any material change to the Exit Information which may adversely impact upon the potential transfer and/or continuance of any Services and shall consult with the Customer regarding such proposed material changes; and
5.3.2
provide complete updates of the Exit Information on an as-requested basis as soon as reasonably practicable and in any event within ten (10) Business Days of a request in writing from the Customer.
5.4
The Service Provider may charge the Customer for its reasonable additional costs to the extent the Customer requests more than two (2) updates pursuant to paragraph 5.3.2 in any six (6) month period.
5.5
The Service Provider shall ensure that the Exit Information provided under this paragraph 5 is accurate and complete in all material respects and the level of detail to be provided by the Service Provider shall be such as would be reasonably necessary to enable a third party to:
5.5.1
prepare an informed offer for the provision of the Services; and
5.5.2
not be disadvantaged in any subsequent procurement process compared to the Service Provider (if the Service Provider is invited to participate).
6.
EQUIPMENT
As at the Effective Date, the Parties do not envisage any Customer Equipment being in the Service Provider’s possession or control. If subsequently during the Term the Service Provider is directed by the Customer to acquire Future Equipment (as defined in clause 13.4 of the Agreement) or any Customer Equipment falls within the Service Provider’s possession or control, the Parties shall agree the arrangements for the removal, delivery and installation (as applicable) of any such Customer Equipment and the costs of such arrangements.
7.
SOFTWARE
This paragraph 7 shall only apply to third party Software which is purchased by the Service Provider for the Customer after the Effective Date.
7.1
Subject to paragraph 7.4 below, in relation to third party Software required to perform the Replacement Services, the Service Provider shall (at the request of the Customer’s [Contract Manager]) use Commercially Reasonable Efforts (including in obtaining any third party consents) either to:
7.1.1
[***]; or
7.1.2
[***],




[***].
7.2
The terms of clause 25 (IPR) shall apply in relation to rights to use during and after the Termination Assistance Period.
7.3
Subject to paragraph 7.4, in relation to its obligations under paragraph 7.1.1, the Service Provider shall:
7.3.1
prepare and execute the relevant licences, novations or assignments; and
7.3.2
do all other things reasonably needed to effect the transfer of the relevant licences.
7.4
The Service Provider shall consult with the Customer and obtain the Customer’s consent to licensing and maintenance fees and other material licence terms before entering into any licences for third party Software during the Termination Assistance Period.
7.5
All licences, leases and authorisations granted by the Customer to the Service Provider in relation to this Agreement are terminated with effect from the Termination Date or the end of the Termination Assistance Period unless the Customer’s [Contract Manager] directs otherwise.
8.
THIRD PARTY SERVICES
8.1
At the request of the Customer, the Service Provider shall use Commercially Reasonable Efforts to either novate or assign any Dedicated Third Party Contracts to the Customer (including in obtaining any third party consents) or assist the Customer in entering into new contracts with the relevant third parties for the provision of services that are or were provided to the Service Provider under such contracts, on reasonable terms and conditions.
8.2
In respect of third party services (including for the avoidance of doubt maintenance agreements and third party Software licences) which relate exclusively to the Customer Equipment referred to in paragraph 6 above, the following shall apply:
8.2.1
the Service Provider shall use Commercially Reasonable Efforts to minimise any outstanding charges payable in respect of such services; and
8.2.2
the Customer shall assume financial obligations and accept transfer in respect of such services. Subject to pre-existing obligations of confidentiality, the Service Provider shall substantiate all amounts payable or otherwise certify (giving reasons) that the amounts payable are proper.
8.3
The Service Provider shall:
8.3.1
use Commercially Reasonable Efforts to obtain third party consents; and
8.3.2
do all other things reasonably necessary,
to give effect to the provisions of this paragraph 8.

9.
DATA AND MATERIAL
9.1
The Service Provider shall assist the Customer in transporting, loading and running the Customer Data and the Customer Material.
9.2
The Service Provider and the Customer shall each comply with its obligations to return Software, data and Material under clauses 18.6 and 27.3 of the MSA and without prejudice to such obligations the Parties shall




ensure that the Exit Plan sets out procedures to ensure an efficient transfer back to each Party of its proprietary materials, Confidential Information and data as part of the Termination Assistance process.
10.
PERSONNEL
10.1
The Service Provider shall use Commercially Reasonable Efforts to assist the Customer by liaising with any of the Service Provider’s Sub-Contractors to ensure that the termination is performed in accordance with the obligations under this Agreement and the Exit Plan.
10.2
Subject to the other provisions of this Schedule 15 and the Agreement generally, the Service Provider shall, as soon as reasonably practicable after a request, provide to the Customer Personnel such information and instruction as could reasonably be expected to enable the Customer to provide services similar to the Services, with minimum disruption and in accordance with service levels similar to the Service Levels. This instruction includes the Customer assigning Customer Personnel to work with the Service Provider Personnel to facilitate necessary knowledge transfer from the Service Provider to the Customer as set out in paragraph 11 below.
10.3
The Parties shall comply with their obligations under Schedule 17 (Human Resources Provisions).
11.
KNOWLEDGE TRANSFER
11.1
Subject to the provisions of paragraph 4 above, the Service Provider shall provide for the transfer of knowledge reasonably required for the provision of the Services to the Customer and/or its nominated Successor Service Provider(s), which may, as appropriate include information, records and documents. To facilitate the transfer of knowledge from the Service Provider to the Customer and/or its nominated Successor Service Provider(s), the Service Provider shall explain the relevant procedures and operations to the Customer’s and/or its nominated Successor Service Provider(s)’ personnel.
11.2
The information to be provided by the Service Provider to the Customer (or to such parties, including any Successor Service Provider(s), as the Customer may direct) pursuant to paragraph 11.1 above shall include:
11.2.1
copies of the Procedures Manual and any other operations manuals used by the Service Provider in connection with the delivery of the Services;
11.2.2
relevant System, Software and/or Hardware information;
11.2.3
a list of third party suppliers of goods and services which are to be transferred to the Customer;
11.2.4
key support contact details for third party supplier employees under contracts which are to be assigned or novated to the Customer (provided Service Provider is permitted to provide this information under Relevant Law);
11.2.5
information regarding work in progress and unresolved faults in progress at the commencement of the Termination Assistance Period as well as those expected to be in progress at the end of the Termination Assistance Period. This information shall be updated by the Parties at the end of the Termination Assistance Period; and
11.2.6
details of security processes and tools that shall be available to the Customer.
12.
OPERATIONAL TRANSITION
12.1
Subject to the provisions of paragraph 4 above, the Service Provider shall use Commercially Reasonable Efforts to perform the activities identified in the Exit Plan as required to effect a smooth transfer of operational responsibilities for the Replacement Services. This may include (to the extent applicable to the Replacement Services and where not already documented in this Schedule 15) the following:




12.1.1
carrying out such activities within the time frames specified in the Exit Plan and ensuring that the quality metrics and other acceptance and handover completion processes specified in the Exit Plan are complied with or, if none are specified, ensuring the quality levels achieved are consistent with Good Industry Practice;
12.1.2
documenting and delivering object libraries, reference files and software comprised in the Developed IPR;
12.1.3
delivering the existing systems support profiles, monitoring or system logs, the Documentation, problem tracking/resolution documentation and status reports;
12.1.4
providing work volumes, staffing requirements, actual Service Levels and information on historical performance for each service component, over the twelve (12) months preceding the commencement of the Termination Assistance Period;
12.1.5
with respect to work in progress as at the end of the Termination Assistance Period, documents the current status, stabilising for continuity during transition and providing any required training to achieve transfer of responsibility without loss of momentum or adverse impact on project timetables; and
12.1.6
providing information and raw data for reports, as required.
13.
GENERAL
13.1
If the Service Provider materially breaches or unreasonably and wilfully refuses to perform any of its Termination Assistance obligations set out in paragraphs 2.2.1, 2.2.2, 3.1, 3.3.4, 3.3.5, 5.1, 5.3, 10.2, 11 or 12 and such failure or refusal remains uncured for ten (10) days following receipt of written notice of such failure or refusal, then the Customer shall be entitled to exercise any of its rights and remedies set out in paragraph 13.3.
13.2
The Service Provider shall not be entitled to withhold performance of any of its Termination Assistance obligations for any reason (save where the Customer is in breach of its obligations to the pay the Service Provider in accordance with paragraph 4).
13.3
If paragraph 13.1 applies, then without prejudice to any of its other rights and remedies under this Agreement, the Customer shall be entitled to:
13.3.1
[***];
13.3.2
[***];
13.3.3
[***];
13.3.4
[***];
13.3.5
[***]; and/or
13.3.6
[***].





ANNEX 1
AGREED FORM NON-DISCLOSURE AGREEMENT
THIS CONFIDENTIALITY AGREEMENT is made on 20[ ]

BETWEEN

(1)
[SERVICE PROVIDER ENTITY], of [REGISTERED OFFICE ADDRESS] (the “Service Provider”); and

(2)
[THIRD PARTY SUPPLIER/SUCCESSOR SERVICE PROVIDER] of [REGISTERED OFFICE ADDRESS] (the “Third Party Supplier”),

each a “Party” and together the “Parties”.

BACKGROUND:

(A)
The Parties wish to provide protection for the Confidential Information (as defined below) that they may disclose to each other in the process of conducting their respective business activities.
(B)
The Parties therefore agree to disclose Confidential Information to each other on and subject to the terms set out below.

THE PARTIES AGREE as follows:
 
1.
Definitions

1.1
For the purpose of this Confidentiality Agreement, the following terms shall have the following meanings:





Affiliates
with respect to any entity, any other entity directly or indirectly Controlling, Controlled by or under common Control with such entity;

Confidential Information
any information that is marked as confidential or that may reasonably be regarded as confidential relating to the products, business, affairs, data, technology, know-how, methodology of supply, developments, finances, employees, customers or suppliers of a Party or its Affiliates, including information based on or otherwise derived from information and/or materials disclosed by that Party;

Control
and its derivatives means the power of a person to secure (i) by means of the holding of shares or the possession of voting power in an entity, or (ii) by virtue of any powers conferred by the articles of association or other document regulating or relating to an entity, that the affairs of that entity are conducted in accordance with that person’s wishes and “Controlled” and “Controlling” shall be construed accordingly;

Customer
[Aspen Insurance UK Services Limited];

Disclosing Party
the Party or its Affiliates disclosing Confidential Information;

Outsourcing Agreement

 the agreement executed by and between the Service Provider and the Customer dated ________________;

Receiving Party


the Party or its Affiliates receiving Confidential Information; and
Third Party Supplier Agreement
the agreement executed by and between the Third Party Supplier and the Customer dated _______________.


2.
Disclosure

2.1
Confidential Information will be disclosed either:

2.1.1
in writing;

2.1.2
by delivery of items;

2.1.3
by initiation of access to Confidential Information, such as may be in a database; or

2.1.4
by oral or visual presentation.

2.2
Confidential Information should be marked with a restrictive legend of the Disclosing Party. If Confidential Information is not marked with such legend or is disclosed orally, the Confidential Information shall be identified as confidential at the time of disclosure. In any event, Confidential Information will be protected by this




Confidentiality Agreement if by its nature it would reasonably be considered to be confidential even if it is not marked with a restrictive legend or identified as confidential at the time of disclosure.

3.
Obligations

3.1
The Receiving Party agrees to:

3.1.1
use the same care and discretion to avoid disclosure, publication or dissemination of the Disclosing Party’s Confidential Information as it uses with its own similar Confidential Information that it does not wish to disclose, publish or disseminate; and

3.1.2
use the Disclosing Party’s Confidential Information solely for the purpose for which it was disclosed or otherwise for the benefit of the Disclosing Party.

3.2
The Receiving Party may disclose Confidential Information to:

3.2.1
those of its employees and to those of its Affiliates’ employees and agents (such agents not being competitors of the Disclosing Party) to whom it is necessary to disclose such Confidential Information and only to the extent the such disclosure is necessary in order to carry out the purpose for which the Confidential Information was disclosed by the Disclosing Party provided always that (i) such employees and agents are subject to confidentiality obligations substantially the same as those set out in this Confidentiality Agreement and only to the extent such employees and agents require it in connection with their role; and (ii) processes are put in place (to be agreed with the Disclosing Party) that ensure that such employees and agents do not disclose the Disclosing Party’s Confidential Information to anyone else in the Receiving Party’s organisation who does not have a need to know the Confidential Information for the purpose for which it was disclosed hereunder;

3.2.2
any other party with the Disclosing Party’s prior written consent.

3.3
Before disclosure to other parties if permitted by a Disclosing Party under Clause 3.2.2, the Receiving Party will ensure that a written agreement is in place between it, the Disclosing Party and any such party sufficient to require that party to treat Confidential Information in accordance with this Confidentiality Agreement.

3.4
The Receiving Party may disclose Confidential Information to the extent required by law, provided that the Receiving Party shall use its best endeavours to limit such disclosure and provide the Disclosing Party with an opportunity to make representations to a relevant court and unless prohibited by law, the Receiving Party will give the Disclosing Party prompt notice to allow the Disclosing Party a reasonable opportunity to obtain a protective order. In respect of any Confidential Information disclosed under this clause the Receiving Party shall use its best endeavours to obtain onward confidential treatment for the relevant Confidential Information, notwithstanding the disclosure.

3.5
Notwithstanding the Parties’ obligations in this Clause 3, the Parties acknowledge that general ideas, concepts and know-how contained in the Disclosing Party’s Confidential Information related to the Outsourcing Agreement or the Third Party Supplier Agreement (as applicable) may be retained in the unaided memories (meaning that part of the memory that cannot be controlled or influenced by a person) of the Receiving Party’s employees who have had access to the Confidential Information in accordance with the terms of this Confidentiality Agreement. The Parties therefore agree that the Receiving Party shall not be in breach of this Confidentiality Agreement if the Receiving Party’s employees who have had access to such Confidential Information use such retained general ideas, concepts and know-how in conducting the Receiving Party’s business activities.

3.6
Nothing contained in Clause 3.5 gives the Receiving Party the right to disclose, publish or disseminate:

3.6.1
the source of Confidential Information;

3.6.2
any financial, statistical, proprietary or personnel data of the Disclosing Party;

3.6.3
any of the Customer’s client information and/or client object data;





3.6.4
the business plans of the Disclosing Party.

Without limiting the foregoing, neither Party shall use any ideas, concepts or know-how under clause 3.5 if such use (a) violates the other Party’s Confidential information or (b) involves the reproduction or reconstruction of any Confidential Information in such a form as involves or may involve an infringement of the other Party’s Intellectual Property Rights.

4.
Exceptions to Obligations

4.1
The Receiving Party may disclose, publish, disseminate and use Confidential Information that is:

4.1.1
already in its possession without obligation of confidentiality;

4.1.2
developed independently without recourse to the Confidential Information;

4.1.3
obtained from a source other than the Disclosing Party without obligation of confidentiality;

4.1.4
publicly available when received, or subsequently becomes publicly available through no fault of the Receiving Party; or

4.1.5
disclosed by the Disclosing Party to another person without obligation of confidentiality.

5.
Return of Confidential Information

5.1
All documents, files or other items containing any Confidential Information received or derived from the Disclosing Party shall remain the absolute property of the Disclosing Party.

5.2
The Receiving Party shall at the request of the Disclosing Party, return to the Disclosing Party or destroy forthwith all documents, files or other items containing any Confidential Information received or derived from the Disclosing Party.

6.
Notification of Disclosure

6.1
The Receiving Party shall promptly notify the Disclosing Party if the Receiving Party becomes aware of any unauthorised disclosure or use of any of the Confidential Information received or derived from the Disclosing Party by the Receiving Party, its employees or representatives, any of its Affiliates and/or the employees or representatives of any of its Associates.

7.
Disclaimers

7.1
The Disclosing Party provides Confidential Information without warranties of any kind in favour of the Receiving Party.

7.2
The Disclosing Party will not be liable to the Receiving Party for any damages arising out of the use of Confidential Information disclosed under this Confidentiality Agreement.

7.3
Neither this Confidentiality Agreement nor any disclosure of Confidential Information made under it grants the Receiving Party any right or licence under any trademark, copyright or patent now or subsequently owned or controlled by the Disclosing Party.

8.
General

8.1
This Agreement does not require either Party to disclose or to receive Confidential Information.





8.2
The Parties agree that the terms of this Confidentiality Agreement do not replace the obligations of confidence set out in any other agreement currently in force between either of the Parties and the Customer (the “Lead Agreement”) which shall apply to those Parties in addition to the terms of this Confidentiality Agreement. [In the event that there is a conflict between the terms of the Lead Agreement and these terms, the terms of the Lead Agreement shall prevail.]
 
8.3
Neither Party may assign, or otherwise transfer, its rights or delegate its duties or obligations under this Confidentiality Agreement without prior written consent. Any attempt to do so is void.

8.4
The receipt of Confidential Information under this Confidentiality Agreement will not in any way limit the Receiving Party from (subject always to the Receiving Party’s compliance with its confidentiality obligations hereunder):

8.4.1
providing to others products or services which may be competitive with products or services of the Disclosing Party;

8.4.2
providing products or services to others who compete with the Disclosing Party; or

8.4.3
assigning its employees in any way it may choose.

8.5
The Receiving Party will comply with all applicable export and import laws and regulations.

8.6
Only a written agreement signed by both Parties can modify this Confidentiality Agreement.

8.7
The Parties acknowledge that damages alone would not be an adequate remedy for any breach of the provisions of this Confidentiality Agreement. Accordingly, without prejudice to any other rights or remedies that any Party may have, the Parties agree that they shall be entitled to seek equitable relief, including injunctions and orders for specific performance, in the event of any breach of the provisions of this Confidentiality Agreement, in addition to all other remedies available at law or in equity.

8.8
This Confidentiality Agreement shall remain in force for as long as either Party is under an obligation to cooperate or provide assistance to the other Party and/or the Customer pursuant to the terms of the Outsourcing Agreement or the Third Party Supplier Agreement (as applicable).

9.
Governing Law and Jurisdiction

9.1
This Agreement and all matters arising out of or in connection with it (including any non-contractual dispute or claim) shall be governed by English law and the Parties irrevocably submit to the non-exclusive jurisdiction of the English courts in respect thereof.




9.2    
AGREED by the Parties through their duly authorised representatives on the date written at the start of this Agreement.


Signed for and on behalf of:
[SUPPLIER]    

Signed _______________________

Full Name ____________________

Title_________________________




Signed for and on behalf of:
[THIRD PARTY SUPPLIER/SUCCESSOR SERVICE PROVIDER]    

Signed_______________________
        
Full Name ____________________
    
Title_________________________






ANNEX 2
EXIT NOVATION AGREEMENT
This Novation Agreement is dated [ ]
BETWEEN:
(1)
[THIRD PARTY VENDOR], a company registered in England and Wales (with registered number [ ]) and whose registered office is at [ ] (the “Third Party Vendor”);
(2)
[EXISTING SERVICE PROVIDER], a company registered in England and Wales (with registered number [ ]) and whose registered office is at [     ] (the “Outgoing Service Provider”); and
(3)
[SUCCESSOR SERVICE PROVIDER/THE CUSTOMER], a company registered in England and Wales (with registered number [ ]) whose registered office is at [ ] (the “Successor”).
RECITALS:
(A)
The Third Party Vendor and the Outgoing Service Provider have entered into the agreement(s) listed in Schedule 1 (the “Agreement(s)”).
(B)
The Parties have agreed to enter into this Novation Agreement under which the rights and obligations of the Outgoing Service Provider under the Agreement(s) are transferred to and undertaken by the Successor, in the Outgoing Service Provider’s stead.
In consideration of the mutual undertakings given hereunder the Parties agree as follows:
1.
DEFINITIONS AND INTERPRETATION
1.1
The following words and phrases shall have the following meanings:
Agreement(s)            has the meaning given in Recital (A);
[Customer            ;]
Novation Agreement        means this agreement and the schedules attached hereto;
Novation Date
means in respect of [the][an] Agreement[s], the date shown in the relevant paragraph[s] in schedule 1 to this Novation Agreement;
Services Agreement
means the services agreement entered into between the Outgoing Service Provider and the Third Party Vendor on the [ ].
2.
COMMENCEMENT DATE
In relation to [the] [each] Agreement, the terms of this Novation Agreement shall come into effect on the [relevant] Novation Date.
3.
UNDERTAKINGS
3.1
Subject to clause 4, the Successor hereby undertakes to the Third Party Vendor and the Outgoing Service Provider that, with effect on and from the Novation Date, it shall accept and perform all obligations and discharge all liabilities and otherwise be bound by the Agreement(s) as if the Successor had at all times since the Agreement(s) entered into force been a Party to the Agreement(s) in place of the Outgoing Service Provider.




3.2
Subject to clause 4, the Third Party Vendor hereby undertakes to the Successor and the Outgoing Service Provider that, with effect from the Novation Date, it shall accept and perform all obligations and discharge all liabilities and otherwise be bound by the Agreement(s) as if the Successor had, at all times since the Agreement(s) entered into force been a Party to the Agreement(s) in place of the Outgoing Service Provider.
4.
RELEASE AND ONGOING OBLIGATIONS
4.1
In consideration for the undertakings given in this Novation Agreement, the Outgoing Service Provider and the Third Party Vendor, with effect on and from the Novation Date each releases and discharges the other from that Party’s obligations and liabilities to the other under or in relation to the Agreement(s), and, subject to the foregoing, the Outgoing Service Provider and the Third Party Vendor hereby waive any rights of action they may have under the Agreement(s) against each other in respect of the rights, obligations and liabilities assumed by the Successor.
4.2
The Outgoing Service Provider, the Third Party Vendor and the Successor hereby agree that, in respect of the Agreement(s):
(a)
the Outgoing Service Provider shall remain liable to the Third Party Vendor for all of the Outgoing Service Provider’s liabilities, obligations, acts and omissions that accrued or occurred prior to the Novation Date;
(b)
the Third Party Vendor shall remain liable to the Outgoing Service Provider for all of the Third Party Vendor’s liabilities, obligations, acts and omissions that accrued or occurred prior to the Novation Date;
(c)
the Successor shall be liable to the Third Party Vendor or the Outgoing Service Provider, as applicable, for all of the Successor’s liabilities, obligations, acts and omissions that accrue or occur on or after the Novation Date; and
(d)
the Successor shall not be liable to either the Outgoing Service Provider or the Third Party Vendor for any liabilities, obligations, acts or omissions that accrued or occurred prior to the Novation Date.
4.3
The Successor and the Third Party Vendor agree that, subject to clause 6.2 below, the Agreement(s) shall remain in full force and effect as novated by this Novation Agreement.
5.
RIGHTS
5.1
The Successor shall be entitled to rights and benefits identical to those to which the Outgoing Service Provider was entitled under or in relation to the Agreement(s) immediately prior to the Novation Date.
5.2
The Third Party Vendor shall be entitled to rights and benefits in relation to the Successor, identical to those to which it was entitled in relation to the Outgoing Service Provider under or in relation to the Agreement(s) immediately prior to the Novation Date.
5.3
The Outgoing Service Provider, the Third Party Vendor and the Successor hereby agree that, notwithstanding anything to the contrary in the Agreement(s), the Outgoing Service Provider shall be entitled to assign, novate or otherwise transfer any or all of its rights, obligations or liabilities under the Agreement(s) to Successor. The Third Party Vendor and the Successor undertakes to the Outgoing Service Provider that each shall execute all such documents, consent, waivers and do all such other things as are reasonably required to give effect to the provisions of this clause 5 or any other provision of this Novation Agreement.
6.
[SPECIFIC CONDITIONS AND AMENDMENTS]
6.1
[The terms and conditions of this Novation Agreement specific to each of the Agreement(s) are set out in Schedule 2 to this Novation Agreement.]




6.2
[The Outgoing Service Provider, the Successor and the Third Party Vendor agree that the Agreement(s) if amended, shall be amended as set out in Schedule 3 to this Novation Agreement. [Note to Draft: if any terms are to be amended as a result of negotiations between the Outgoing Service Provider and Customer then these should be set out in the Schedules.]
7.
CONFIDENTIALITY
The Outgoing Service Provider, the Third Party Vendor and the Successor agree to keep confidential the existence and terms of this Novation Agreement and any other document designated as confidential by the disclosing Party, save that, for the avoidance of doubt, they and their legal advisers may make a disclosure when under a legal or regulatory obligation to do so (provided that, where reasonably practicable and without breaking any legal or regulatory obligation, two (2) days’ prior written notice is provided by the Party making the disclosure to the other Parties), or to their respective professional advisors, auditors or insurers or in order to secure compliance with this Novation Agreement in the event of a breach by another Party (provided always that such third parties are placed under and comply with obligations of confidentiality no less onerous than those set out herein). The provision of confidentiality contained herein shall not apply to the extent that the information comprising the subject matter of this clause 7 falls into the public domain without breach by a Party of an obligation under this Novation Agreement, is otherwise acquired from a third party who owes no obligation in respect of the information, or is otherwise known by the receiving Party.
8.
WARRANTY OF AUTHORITY
Each Party warrants that this Novation Agreement constitutes its legal, valid and binding obligation, that it has full power and authority to enter into and perform and has taken all necessary action to authorise its entry into and performance of this Novation Agreement.
9.
COSTS
Each of the Parties shall pay its own costs in relation to the negotiation of this Novation Agreement and in relation to any legal documentation arising out of this Novation Agreement.
10.
ENTIRE AGREEMENT
Save in respect of any terms set out in the Services Agreement (which terms shall apply only as between the Third Party Vendor and the Successor), this Novation Agreement shall constitute the entire agreement between the Parties in relation to the subject matter of this Novation Agreement and all other terms, statements or undertakings are expressly excluded. The Parties acknowledge that in entering into this Novation Agreement they are not relying upon any statement or representation made by or on behalf of the other Party, whether or not in writing, at any time prior to the execution of this Novation Agreement, which is not expressly set out in this Novation Agreement. The foregoing does not exclude or limit any Party’s liability for any fraudulent misrepresentation upon which the other Party can prove it relied.
11.
COUNTERPARTS
This Novation Agreement may be executed in counterparts, each of which, when so executed and delivered, should be an original, but all the counterparts shall together constitute one and the same instrument.
12.
THIRD PARTY RIGHTS
A person who is not a party to this Novation Agreement has no rights under the Contracts (Rights of Third Parties) Act 1999 to enforce any term of this Novation Agreement but this does not affect any rights or remedy of a third party which exists or is available other than under that Act.
13.
GOVERNING LAW
This Novation Agreement shall be considered as a contract made in England and shall be interpreted and construed according to the laws of England and Wales and any dispute or issue arising under or pursuant to




this Novation Agreement shall be subject to the exclusive jurisdiction of the English Courts, to which all the Parties hereby irrevocably submit.





IN WITNESS whereof the Parties hereto duly enter into this Novation Agreement the day and year first before written.
SIGNED for and on behalf of [THIRD PARTY VENDOR] by:    
 
Signature:    ………………………………….

Name:        ………………………………….

Title:        ………………………………….


SIGNED for and on behalf of [EXISTING SUPPLIER] by:

Signature:    ………………………………….

Name:        ………………………………….

Title:        ………………………………….


SIGNED for and on behalf of [SUCCESSOR SERVICE PROVIDER/THE CUSTOMER] by:

Signature:    ………………………………….

Name:        ………………………………….

Title:        ………………………………….





SCHEDULE 1
Supplier Name :
Contract Number :
Contract Date
Schedule Number :
Agreement Description :
Product / Service :
Novation Date :





SCHEDULE 2
[SPECIFIC TERMS AND CONDITIONS]
 





SCHEDULE 3
[AMENDMENTS TO THE AGREEMENT(S)]








SCHEDULE 16

BUSINESS CONTINUITY AND DISASTER RECOVERY (BCDR)
1.
GENERAL
1.1
The scope of this schedule is the provision of Business Continuity and Disaster Recovery (BCDR) relating to the Service Provider’s provision of the Services to the Customer. The Customer IT BCDR provisions are covered in Schedule 2 (Service Descriptions) IT Service Continuity Management (ITSCM).
1.2
The Service Provider shall:
1.2.1
be responsible for developing and creating a detailed plan for the prompt and efficient handling of a Disaster in accordance with paragraph 2 of this Schedule 16 (the "Business Continuity Plan") as may be updated in accordance with this Schedule 16;
1.2.2
in the event of a Disaster, invoke and comply with the Business Continuity Plan for prompt and efficient handling of such Disaster;
1.2.3
in accordance with this Schedule 16, maintain the Business Continuity Plan; and
1.2.4
provide a copy of the up-to-date Business Continuity Plan to the Customer on request and implement any changes to the Business Continuity Plan as reasonably requested by the Customer.
1.3
The Service Provider shall appoint a representative who is a business continuity and IT disaster recovery specialist to act as a single point of contact for the Customer ("Service Provider BC Representative"). The Service Provider BC Representative must be knowledgeable in Business Continuity Plan best practice, maintenance and related planning activities and the actual Business Continuity Plan itself.
1.4
The Service Provider shall ensure that details of the Service Provider Personnel responsible for or directly involved in the Business Continuity Plan are kept up to date within the Business Continuity Plan and that such Service Provider Personnel are provided with the necessary training to fulfil their roles.
1.5
Pursuant to clause 17, the Service Provider shall remain fully responsible for any Approved Subcontractors or service providers, and ensure that each Approved Subcontractor or service provider has at all times in place robust and sufficient business continuity and disaster recovery plans that are:
1.5.1
integrated with the Business Continuity Plan, and do not in any way conflict with or undermine the effectiveness of the Business Continuity Plan;
1.5.2
in accordance with the requirements for the Business Continuity Plan as set out in this Agreement; and
1.5.3
tested and updated in accordance with the provisions of this Agreement as if such plans were the Business Continuity Plan.




1.6
The Charges for Service Provider’s BCDR provision including Business Continuity Plan development, and testing requirements are included within the Common Services Charges as set out in Schedule 10, whether they are shown as an individual Charges category or not.
1.7
Regardless of the occurrence of a Disaster or the invocation of the Business Continuity Plan, the Service Provider shall continue to use reasonable endeavours to provide the Services and to do so in accordance with the Service Levels.
2.
BUSINESS CONTINUITY PLAN
2.1
The Service Provider shall develop a draft Business Continuity Plan that reflects the Customer's business continuity and disaster recovery requirements and shall submit the draft Business Continuity Plan to the Customer for its approval within thirty (30) days of the Service Commencement Date for each relevant service, and in any event prior to the end date of the Detailed Design Phase set out in Appendix 1 to Schedule 8 (Transition and Transformation). The Customer will then provide feedback with fifteen (15) days of receipt of the draft Business Continuity Plan. The Service Provider will then provide an updated draft Business Continuity Plan within a further fifteen (15) days for the Customer final approval.
2.2
The Business Continuity Plan following its agreement by the Customer will become a controlled document. The plan should be updated by the Service Provider from time to time in accordance with paragraph 2.14. Any change to the Business Continuity Plan by the Service Provider will then be approved in writing by the Customer Representative. If as a result of the change there are associated changes to the charges for the provision of BCDR then this will be carried out in accordance with Schedule 13 (Contract Change Control Procedure). Once agreed in accordance with this procedure, it shall be deemed to be incorporated into this Schedule and shall form part of the Agreement.
2.3
The Service Provider shall ensure that at all times the Business Continuity Plan details the processes and arrangements which the Service Provider shall follow to ensure continuity of the Services, and the Service Provider's business processes and operations on which the Services depend, following any Disaster.
2.4
Without prejudice to the generality of paragraphs 2.1 and 2.3, the Service Provider shall ensure that at all times the Business Continuity Plan documents as a minimum will together address the following:
2.4.1
purpose and scope;
2.4.2
roles and responsibilities of the team, including specific task and actions lists for the team for particular scenarios;
2.4.3
criteria and process for activation of the Business Continuity Plan, including details of who can invoke the Business Continuity Plan and an activation call tree;
2.4.1
how the plan will deliver a Return To Operation (RTO) of a maximum of 72 hours for affected Support and Infrastructure Services, therefore enabling the system and services the Customer requires to effectively operate their business, from the point of invocation which includes utilizing associates in other Delivery locations, moving some of the support team to alternative locations within the country of delivery and enabling associates working from home temporarily.
2.4.2
activities required to implement the Business Continuity Plan;
2.4.3
key internal and external contact details for the Service Provider (and any sub-contractors or service providers) and for the Customer and the related roles and responsibilities;
2.4.4
an outline of the systems and business processes required to ensure continuity of Services including prioritisation of these elements;




2.4.5
a description of how the business continuity and disaster recovery elements of the Business Continuity Plan link to each other;
2.4.6
details of how the invocation of any element of the Business Continuity Plan may impact upon the operation of the Services;
2.4.7
examples of invocation scenarios;
2.4.8
detail regarding how the Business Continuity Plan links and interoperates with any overarching and/or connected disaster recovery or business continuity plans of the Customer and any of its other service providers, as notified to the Service Provider by the Customer from time to time;
2.4.9
a description of how the Service Provider will liaise with the Customer with respect to issues concerning business continuity and disaster recovery where applicable;
2.4.10
a risk analysis;
2.4.11
frequency of review and amendment of the Business Continuity Plan;
2.4.12
a description of test procedures and frequency of testing;
2.4.13
the procedures for reverting to "normal service";
2.4.14
a description of alternative processes (including business processes), options and responsibilities that may be adopted in the event of a failure in or disruption to the delivery of the Services;
2.4.15
a description of steps to be taken by the Service Provider upon resumption of the Services in order to address any prevailing effect of the failure or disruption including a root cause analysis of the failure or disruption, including details of short, medium and long-term recovery strategies for people, premises and IT;
2.4.16
details of the various possible levels of failures of or disruptions to Services and the steps to be taken to remedy the differing levels of failure and disruption. The Business Continuity Plan shall also clearly set out the conditions and/or circumstances under which escalation to the disaster recovery element of the plan is invoked;
2.4.17
details of the procedures and processes to be put in place by the Service Provider (and any sub-contractor (or service providers) in relation to the disaster recovery system and the provision of the disaster recovery services and any testing of the same;
2.4.18
high level description of the technical design and build specification of the disaster recovery system;
2.4.19
a description of the Service Provider’s internal data centre and disaster recovery site audits;
2.4.20
backup methodology and details of the Service Provider’s approach to data back up and data verification;
2.4.21
details of any agreed relaxation of the Service Levels during any period of invocation of the Business Continuity Plan;




2.4.22
details of how the Service Provider shall ensure compliance with security standards ensuring that compliance is maintained for any period during which the Business Continuity Plan is invoked;
2.4.23
access controls to any disaster recovery sites used by the Service Provider and any sub-contractor or service providers in relation to its obligations pursuant to this Schedule 16;
2.4.24
a list of primary and alternate recovery locations for each of the Service Provider Service Locations, as applicable;
2.4.25
resources required to support the response and recovery process; and
2.4.26
escalation and communication procedures and processes.
2.5
The Service Provider shall ensure that at all times the Business Continuity Plan is sufficient to ensure sustained delivery of the Services delivered by the Service Provider to the Customer, and failing that recovery of all such Services as soon as possible, and in any event in accordance with paragraph 5 of this Schedule 16.
2.6
The Service Provider shall ensure that at all times the Business Continuity Plan includes specific provisions detailing IT disaster recovery and business continuity plans and strategies (including data backup and restore procedures) for all systems, processes, infrastructure and service locations, which are such as to enable the Service Provider to meet the respective recovery times. The Service Provider shall ensure that at all time the parts of the customised Business Continuity Plan that detail the IT disaster recovery and business continuity plans for critical systems, infrastructure and service locations and critical services include the details listed in paragraph 2.4.
2.7
The Service Provider shall ensure that at all times the Business Continuity Plan includes a schedule of when all key components will be tested in the following twelve (12) month period and that the frequency of such testing as set out in the schedule complies with paragraph 3 of this Schedule 16.
2.8
In the event of a Disaster during the Transition and subject to paragraph 1.2.2 above, the Service Provider shall comply with the section of the Business Continuity Plan specific to the Transition activities that are ongoing at the time of the Disaster.
2.9
For planned projects, at least thirty (30) days in advance of the scheduled start date of each Transition Project, for unplanned projects (that arise with less than three (3) months’ notice), at least twenty (20) days in advance of the scheduled start date of each Transition Project, the Service Provider shall review the Business Continuity Plan, in cooperation with the Customer, to ensure that the section specific to the relevant Transition activities:
2.10
:
2.10.1
is adequate to ensure sustained delivery of the Services delivered by the Service Provider to the Customer as at that point in Transition, and failing that recovery of all such Services as soon as possible, and in any event in accordance with paragraph 5 of this Schedule 16; and
2.10.2
aligns with the Customer's business continuity and disaster recovery plan(s), processes and procedures relevant to the tasks and activities still being performed by the Customer as at that point in Transition, such that the roles and responsibilities of both the Customer and the Service Provider in relation to each activity and Service are clear and distinct and operate smoothly and effectively in conjunction with one another to ensure sustained delivery of all Services and related activities.




2.11
The Service Provider shall provide for the Customer's approval an updated Business Continuity Plan, showing any amendments, where any changes to the Business Continuity Plan are required (a) following the Service Provider's review pursuant to paragraph 2.9 above, or (b) by the Customer.
2.12
Where an updated Business Continuity Plan is submitted to the Customer pursuant to paragraph 2.11(a) above, such updated Business Continuity Plan shall be submitted no later than twenty-five (25) Business Days or such other period as the Parties may agree prior to the scheduled start date of the relevant Transition activities.
2.13
The Customer shall review the updated Business Continuity Plan and notify the Service Provider as to whether it accepts the updated Business Continuity Plan. Customer shall not unreasonably delay such review. If the Customer does not accept the updated Business Continuity Plan, the Customer shall inform the Service Provider of that fact and its reasons for finding the Business Continuity Plan unacceptable and any proposed amendments.
2.14
The Service Provider shall, within five (5) Business Days of receiving any proposed amendments from the Customer, amend the Business Continuity Plan so as to take into account any amendments reasonably requested by the Customer, or otherwise required to render the Business Continuity Plan compliant with the requirements of this Agreement and ISO22301, as appropriate, and re-issue the amended Business Continuity Plan to the Customer, in which case the provisions of paragraphs 2.11 and 2.12, and this paragraph 2.14, of this Schedule 16 shall re-apply.
2.15
In addition, the Service Provider shall, every twelve (12) months and whenever one or more of the following occurs:
2.15.1
the Service Provider commences the provision of any New Services or completes any Transition activities or Transformation activities (as set out in Appendix 1 of Schedule 8) in accordance with Schedule 8 (Transition & Transformation); or
2.15.2
the Services are otherwise modified such that the existing Business Continuity Plan is no longer sufficient to ensure continuity of the Services in the event of a Disaster,
review and update the Business Continuity Plan within thirty (30) days and re-submit to the Customer for review. The Customer shall not unreasonably delay such review. The provisions of paragraphs 2.13 and 2.14 above shall apply to the updated Business Continuity Plan in accordance with paragraph 1.1 of this Schedule 16.
3.
ENHANCED BCDR OPTIONS
3.1
The Service Provider will provide the Customer with an enhanced level of BCDR at Customer option and with 45 days prior written notice.
3.2
The enhanced BCDR will consist of “Dedicated” and/or “Shared” seats (as further described below) that are available to the Customer at its sole discretion.
3.2.1
A Dedicated Seat is reserved solely for the use of the Customer dedicated FTEs engaged in delivering the Services to the Customer from time to time in the event the Business Continuity Plan is invoked on the occurrence of a Disaster. Dedicated Seats located at the Service Provider’s Service Location in Noida, India shall have a Return to Operation (“RTO”) time of four (4) hours from the time the Business Continuity Plan is invoked.
3.2.2
A Shared Seat may be allocated to third parties, other than the Customer, for the purposes of business continuity and disaster recovery. The Service Provider shall not operate the Shared Seats in a manner that materially undermines the Customer’s ability to utilise its agreed Shared Seat allocation in the event the Business Continuity Plan is invoked. A Shared Seat shall have




a Return to Operation time of twelve (12) hours from the time the Business Continuity Plan is invoked.
3.3
A Dedicated Seat consists of the office space configuration as is applicable to the Service and Service Location of this Agreement and a Shared Seat shall be in a Service Provider office location fitted with, desk, chair, technology, and connectivity to enable access to the Customer’s Systems. The office space for Dedicated Seat shall be within a dedicated secure area and any Shared Seats shall be in a secure area within the relevant Service Location.
3.4
Each Dedicated and Shared Seat must be available to the Customer dedicated FTEs for use twenty-four (24) hours per day, three hundred and sixty five (365) days per annum. 
3.5
Should the Customer invoke the Business Continuity Plan the relevant Dedicated and Shared Seats must be available to the Customer dedicated FTEs for as long as is necessary and be operated such that the Customer dedicated FTEs can utilize the seats in multiple shifts.
3.6
The additional costs related to Dedicated and Shared Seats options are set out in Schedule 10 (Charges).
4.
TESTING
4.1
The Service Provider hereby undertakes to test and review all aspects of its Business Continuity Plan for effectiveness on a regular basis in accordance with the testing schedule within the Business Continuity Plan (and in any event no less frequently than once every six (6) months unless and until the Customer determines, in its sole discretion, that a minimum frequency of every twelve (12) months shall apply and notifies the Service Provider of this in writing), in cooperation with the Customer, its designated representatives, any testing and recovery providers, and any other Third Party Service Providers providing services to the Customer ("BCP Test"). The Service Provider shall give the Customer such reasonable notice in writing as allows the Customer to be present to witness any such testing of the Business Continuity Plan.
4.2
The Service Provider shall ensure the first BCP Test is carried out within six (6) months of the First Service Commencement Date.
4.3
The Customer may require the Service Provider to conduct additional tests of some or all aspects of the Business Continuity Plan at any time, where the Customer considers it reasonably necessary, including where there has been any change to Services provided or any underlying business processes, or on the occurrence of any event which may increase the likelihood of the need to implement the Business Continuity Plan. Except where an additional test relates to: (i) a failure by the Service Provider to implement successfully the Business Continuity Plan; (ii) a failure by the Service Provider to comply with its obligations; (iii) an existing obligation of the Service Provider; or (iv) any change proposed and made by the Service Provider, the Customer will reimburse the Service Provider for the reasonable costs incurred by the Service Provider in conducting a BCP Test more than twice in a twelve (12) month period, up to a maximum amount agreed between the Parties.
4.4
During the periodic BCP Tests, the Service Provider shall continue to provide the Services without any loss of performance.
4.5
The Service Provider will provide to the Customer a formal report of the results of the BCP Test and any other Business Continuity Plan testing, including any improvement actions identified by the Service Provider as being required by any such testing, and deliver this report to the Customer within thirty (30) days of the completion of any such test. The Customer shall provide to the Service Provider any comments it has in respect of such report and the Service Provider shall implement any actions or remedial measures which the Service Provider believes are necessary or which the Customer reasonably requires as a result of those tests in accordance with a remediation plan.




4.6
The Service Provider shall undertake and manage testing of the Business Continuity Plan in full consultation with the Customer and shall liaise with the Customer in respect of the planning, performance, and review, of each test, and shall comply with the reasonable requirements of the Customer in this regard.
4.7
If any component(s) of a BCP Test fails to achieve its objectives or satisfactory results, the Service Provider shall:
4.7.1
re-test such component(s) within thirty (30) days; and
4.7.2
update the Business Continuity Plan as necessary upon re-testing and verify and confirm to the Customer in writing within five (5) days after the re-test whether the remedy was successful.
4.8
Every Calendar Quarter, the Service Provider shall provide to the Customer a report on the status of Business Continuity Plan, testing and any identified risk and issues and remediation work.
4.9
the Customer and any Regulator shall have the right to inspect and audit (either by itself or through an external auditor) in accordance with clause 20 (Regulatory Matters and Audit Rights) of this Agreement any aspect of the Business Continuity Plan and the Service Provider's business continuity and disaster recovery processes. The Service Provider shall implement, any reasonable recommendations that may arise from any such audits as soon as reasonably practicable, provided that where any such recommendations require an extension to the scope of the Service Provider's Business Continuity Plan then, unless such extension was as a result of a failure of the Business Continuity Plan to comply with the terms of this Schedule and the Agreement, then parties shall discuss the allocation of the reasonable incremental costs associated with such extension via the Contract Change Control Procedure.
5.
IMPLEMENTATION
5.1
In the event that a Disaster occurs or is reasonably likely to occur, the Service Provider BC Representative (or, to the extent the Service Provider BC Representative is not available, a suitable alternative approved by the Customer) must notify the Customer immediately upon becoming aware of the occurrence of a Disaster. The Service Provider must activate the implementation of the Business Continuity Plan without delay, undertaking it in accordance with the agreed Business Continuity Plan.
5.2
The cost of invocation of the Business Continuity Plan will be borne by the Service Provider. It is anticipated any such costs will be recovered through the Service Provider’s Business Interruption Insurance.
5.3
Following any Disaster, the Service Provider shall promptly conduct a post-incident meeting with the Customer in order explain the cause of the Disaster, restore Services and Service Levels in accordance with this Agreement (to the extent these have not already been restored) and develop plans to eliminate or mitigate future occurrences.
5.4
Within thirty (30) days of the resolution of any Disaster, the Service Provider shall provide to the Customer a post-incident report detailing the root cause, subsequent business impact and lessons learnt.









SCHEDULE 17
HUMAN RESOURCES PROVISIONS



    




SCHEDULE 17
HUMAN RESOURCES PROVISIONS
EMPLOYMENT PROVISIONS
DEFINITIONS
In this Schedule 17, the following additional definitions apply, unless the context otherwise requires:
"Employment Liabilities" in respect of any matter, event or circumstance includes all demands, claims, actions, proceedings, damages, payments, losses, costs, expenses or other liabilities connected with or arising from all and any laws, including, without limitation, directives, statutes, secondary legislation, orders, codes of practice and common law, whether of the European Community or the United Kingdom or any other jurisdiction, relating to or connected with the employment of employees or the engagement of other workers, including in each case their health and safety at work ;
"Exit Transfer Employees" means those Service Provider Personnel employed by Service Provider as at the Relevant Termination Date under a contract of employment who are assigned to and work wholly or mainly in the Services and who the Service Provider reasonably believes will be subject to an automatic transfer of employment under the Transfer Regulations and in respect of whom Service Provider has provided Customer with the written particulars set out at paragraph 5.8(a) no later than 28 days before the Relevant Termination Date;
"Incumbent Service Provider" means a service provider, its affiliates and subcontractors (other than Service Provider or a member of the Service Provider Group) who, immediately prior to the relevant Service Commencement Date, supplied to Customer or a member of the Customer Group services which are being replaced by any of the Services;
"Incumbent Service Provider Personnel" means those persons listed at Appendix 17-A who are employed by an Incumbent Service Provider under a contract of employment and who are assigned to and work wholly or mainly in the services being replaced by any of the Services;
"Potential Exit Employee" means Service Provider Personnel employed by Service Provider at any time during the Protected Period under a contract of employment who are assigned to and work wholly or mainly in the Services in a jurisdiction to which the Transfer Regulations apply;
"Protected Acts" means:
(a)
the termination of the employment of any Potential Exit Employee for any reason other than gross misconduct, voluntary resignation or retirement;
(b)
the alteration or change of (or the promise to alter or change) any of the material terms and conditions of employment of any Potential Exit Employee (whether with or without their consent) other than a pay review or other changes which apply generally to other Service Provider Personnel in similar positions or grades;
(c)
the recruitment (except as a replacement for an employee whose employment is terminated and where the replacement is recruited on terms which are not materially better than those of the employee being replaced) of any employee to provide any part of the Services, unless Customer's prior consent has been given (such consent not to be unreasonably withheld), in which case such replacement employee will be deemed to be a Potential Exit Employee; or




(d)
the relocation or assignment to new duties of any Potential Exit Employee save to the extent the relocation or assignment:
(i)
was agreed by Service Provider with the employee in writing prior to the Protected Period;
(ii)
was agreed by Service Provider with both the employee and Customer in writing (such consent not to be unreasonably withheld by Customer) during the Initial Protected Period; or
(iii)
is permitted pursuant to an Exit Plan which is agreed between the parties in respect of any Subsequent Protected Period;
(ii)
is part of the ordinary course of business when providing the Services including normal rotation of staff.
"Protected Period":
(a)
commences on the earlier of:
(i)
the date which is six months before the termination or expiry of the whole or relevant part of the Agreement; or
(ii)
the date any notice of termination of the whole or relevant part of the Agreement is given, where the period of notice given is more than six months; and
(b)
ends on the date of termination or expiry of the whole or relevant part of the Agreement [(including a Supplement)].
"Relevant Termination Date" means the Termination Date or, in the event of a termination of part of this Agreement or the Services, the date of termination or expiry of the relevant part of the Agreement or the Services (however arising and including termination in breach by either party);
"Replacement Service Provider" means a party (which may include Customer or another member of the Customer Group but does not include the Service Provider or any member of the Service Provider Group) who will be providing, either wholly or partly, services to Customer which are provided in place of any of the Services;
“Service Provider Entity” means the Service Provider, any member of the Service Provider Group or any of their subcontractors;
"Service Provider Offer" means an offer to an Incumbent Service Provider Personnel under paragraph 2 or to a Transitioned Personnel under paragraph 3;
"Transfer Regulations" means the Acquired Rights Directive 77/187 (as amended and consolidated by Directive 2001/23) and any analogous or equivalent legislation or regulation in all relevant jurisdictions;
"Transferring Customer Employee" means those persons listed at Appendix 17-B who are employed by Customer or by any member of the Customer Group under a contract of employment who is assigned to and works wholly or mainly in the services being replaced by any of the Services




and who the parties agree are likely to be subject to an automatic transfer of employment under the Transfer Regulations;
"Transitioned Personnel" means those persons listed at Appendix 17-C who are employed or engaged by Customer or any member of the Customer Group (including contractors engaged directly or indirectly through a company) as at the date of this Agreement in the performance of the services which will be replaced by the Services but who the parties agree are not considered subject to an automatic transfer of employment under the Transfer Regulations.
Other capitalised terms used in this Schedule are defined in the context in which they are used and shall have the meanings there indicated. Capitalised terms used but not defined in this Schedule shall have the meanings set out in Schedule 1 of this Agreement.
1.
Transferring Customer Employees on commencement
1.1
Transfer of Transferring Customer Employees on commencement
(a)
Customer and Service Provider acknowledge that it is intended that Transferring Customer Employees will transfer under the Transfer Regulations to Service Provider with effect from the relevant Service Commencement Date.

(b)
In accordance with the Transfer Regulations the employment of the Transferring Customer Employees (and to the extent provided for by the Transfer Regulations, any associated rights, duties, liabilities, or obligations) will transfer with effect from the relevant Service Commencement Date to Service Provider, subject to paragraph 1.1(d).

(c)
Each of the parties shall comply with their respective obligations under the Transfer Regulations. As soon as reasonably practicable and in any event no later than 28 days prior to the relevant Service Commencement Date, Customer shall provide to Service Provider full and complete particulars (which may be anonymised) in respect of each Transferring Customer Employee of the information set out in paragraphs 5.8(a)(i) to (xii) (replacing references to Potential Exit Employee as appropriate).

(d)
If a Transferring Customer Employee voluntarily elects not to transfer in accordance with the Transfer Regulations, their employment or termination shall remain the responsibility of Customer or the relevant member of the Customer Group, and Customer shall indemnify and keep indemnified Service Provider against any Employment Liabilities in connection with such Transferring Customer Employee. Any such employee will still be considered a Transferring Customer Employee for the purposes of paragraph 4.2 despite that election.

(e)
If a Transferring Customer Employee ceases to work wholly or mainly in the services being replaced by any of the Services prior to the relevant Service Commencement Date due to redeployment, retirement or resignation, the employment of such Transferring Customer Employee will not transfer in accordance with the Transfer Regulations and they will cease to be a Transferring Customer Employee, save for the purposes of Paragraph 4.1 and Paragraph 4.2.

(f)
All salaries and other emoluments (including benefits) of the Transferring Customer Employees shall be the responsibility of and shall be discharged or provided by Customer or the relevant member of the Customer Group in respect of the period prior to the relevant




Service Commencement Date. In relation to bonuses, commission payments, incentive schemes, deferred payments or other benefits or bonuses, Customer shall be responsible for such amounts accrued in respect of the period prior to the relevant Service Commencement Date, whether or not such amounts are payable before or after that date.

(g)
All salaries and other emoluments (including benefits) of the Transferring Customer Employees or Incumbent Service Provider Personnel who transfer to Service Provider or any member of the Service Provider Group shall be the responsibility of and shall be discharged or provided by Service Provider or relevant member of the Service Provider Group in respect of the period on and after the relevant Service Commencement Date. In relation to bonuses, commission payments, incentive schemes, deferred payments or other benefits or bonuses, Service Provider shall be responsible for such amounts accrued in respect of the period on and after the relevant Service Commencement Date, whether or not such amounts are payable before or after that date.

1.2
Employees who incorrectly transfer or do not transfer
(a)
Save for those individuals referred to at paragraph 1.1(d) or 1.1(e), if any Transferring Customer Employee does not transfer pursuant to paragraph 1.1, Service Provider agrees that:
(i)
in consultation with Customer, it shall within ten (10) Business Days of being so requested by Customer (provided that request is made by Customer within one (1) month of the relevant Service Commencement Date) (the “Offer Period”) make to that person an offer in writing to employ him or her under a new contract of employment to take effect on the termination referred to below; and
(ii)
that offer of employment shall be on terms and conditions which are no less favourable overall than the terms and conditions of employment of that person immediately before the relevant Service Commencement Date and on the basis that Paragraph 1.3 applies to them.
Upon that offer being made, or at any time after the expiration of ten (10) Business Days after a request by Customer for Service Provider to make that offer but within one month of the expiry of the Offer Period (or, if that is not lawfully possible, as soon as a termination can be carried out lawfully and effectively pursuant to the Transfer Regulations), Customer or the relevant member of the Customer Group (as appropriate) may terminate the employment of the person concerned and, if it does so terminate, and provided that Customer has complied with the time limits set out in paragraph 1.2 (a), Service Provider shall indemnify and keep indemnified Customer and each member of the Customer Group against any Losses in connection with (aa) the employment of that person; and (bb) the termination of that person's employment.

(b)
If the employment or obligations arising from the employment of any employee of Customer or a member of the Customer Group or an Incumbent Service Provider who is not a Transferring Customer Employee or a member of Incumbent Service Provider Personnel transfers or is alleged to have transferred to Service Provider under the Transfer Regulations, the Parties agree that:
(i)
within seven days of becoming aware of such claim or allegation, the relevant party will notify the other in writing of the transfer or alleged transfer;




(ii)
the Parties will cooperate with each other to agree how that employee should be treated for the purposes of this paragraph 1.2(b);
(iii)
if the parties (acting reasonably and subject also to agreement of the Change Request referred to in this clause) agree within [10] days that the employee is subject to the Transfer Regulations and should have been listed as a Transferring Customer Employee or Incumbent Service Provider Personnel, then their employment will be treated as having transferred to Service Provider with effect from the relevant Service Commencement Date and that employee will be treated as a Transferring Customer Employee or Incumbent Service Provider Personnel for the purposes of this Schedule and their employment will be the subject of a Change Request to be submitted by Customer or Service Provider, unless paragraph 1.2(b)(iv) applies;
(iv)
if a Transferring Customer Employee or Incumbent Service Provider Personnel, whose employment transfers to Service Provider pursuant to paragraph 1.2(b)(iii), is redundant notwithstanding Service Provider having made reasonable efforts to identify suitable employment for such employee within Service Provider or a Service Provider Entity, the relevant Service Provider Entity may terminate the employment of such employee on grounds of redundancy and, provided that the relevant Service Provider Entity does so terminate such employment within ten weeks of the transfer of such employment, the indemnity in paragraph 1.2(b)(vi) will apply;
(v)
if the parties do not agree that the employee is subject to the Transfer Regulations and should have been listed as a Transferring Customer Employee or Incumbent Service Provider Personnel, Customer shall, where reasonably practicable within ten (10) Business Days of being so requested by Service Provider (provided that request is made by Service Provider within two (2) weeks of the relevant Service Commencement Date or the date of the notification referred to at clause1.2(b)(i) above, whichever is the later) (the “Commencement Offer Period”) make to that person an offer in writing to employ him/her under a new contract of employment to take effect on the termination or confirmation referred to below;
(vi)
upon an offer being made under paragraph 1.2(b)(v), or at any time after the expiration of ten (10) Business Days after a request by Service Provider for Customer to make that offer but in any event within one calendar month of the expiry of the Commencement Offer Period (or, if that is not lawfully possible, as soon as a termination can be carried out lawfully and effectively pursuant to local applicable law), the relevant Service Provider Entity may terminate the employment or alleged employment of the person concerned (if not already terminated) and, provided that the relevant Service Provider Entity does so terminate such alleged employment within the period specified in this paragraph, Customer shall indemnify and keep indemnified Service Provider for its benefit and that of any other Service Provider Entity against any Employment Liabilities in connection with (i) the employment (alleged or actual) of that person and (ii) the termination of that person's alleged or actual employment.
1.3
Service Provider undertaking in respect of Transferring Customer Employees
(a)
Subject to paragraph 1.3(b), the Service Provider undertakes to Customer that, in addition to the Transfer Regulations, the contractual terms and conditions of employment and other contractual benefits enjoyed by each of the Transferring Customer Employees in the period




of no less than 18 months from the Service Commencement Date shall be substantially equivalent in aggregate to those enjoyed by him or her immediately prior to the relevant Service Commencement Date (but without prejudice to any improvements to salaries, wages or conditions agreed in accordance with Service Provider's normal review procedures) and for this purpose:
(i)
on and after the relevant Service Commencement Date the continuity of service of the Transferring Customer Employees with Customer shall be preserved for the purpose of calculating their service with Service Provider and any service-related schemes and benefits; and
(ii)
if Service Provider effects a redundancy of any of the Transferring Customer Employees in the period of no less than 12 months from the relevant Service Commencement Date, having first used all reasonable endeavours to relocate any such Transferring Customer Employee, Service Provider shall make available or procure that there is available to those Transferring Customer Employees a redundancy package which is equivalent in all material respects to that which would have been made available to him or her had he or she still be an employee of Customer at the date of that redundancy. If Service Provider's redundancy package applicable at the date of the relevant redundancy is more favourable overall for such Transferring Customer Employee then Service Provider's redundancy package will apply.
(b)
Paragraph 1.3(a) will not apply to changes made by Service Provider that apply also to other employees of Service Provider such that the Transferring Customer Employees are not targeted or singled out with a view to treating them differently from the rest of the Service Provider personnel.
2.
INCUMBENT SERVICE PROVIDER PERSONNEL ON COMMENCEMENT
2.1
Transfer of Incumbent Service Provider Personnel on commencement
(a)
Customer and Service Provider acknowledge that, if any Incumbent Service Provider Personnel are subject to the Transfer Regulations, then such Incumbent Service Provider Personnel will transfer under the Transfer Regulations to Service Provider with effect from the relevant Service Commencement Date.
(b)
In accordance with the Transfer Regulations, the employment of such Incumbent Service Provider Personnel (and to the extent provided for by the Transfer Regulations, any associated rights, duties, liabilities, or obligations) will transfer with effect from the relevant Service Commencement Date to Service Provider.
(c)
Service Provider will comply with its obligations under the Transfer Regulations in respect of such Incumbent Service Provider Personnel. As soon as reasonably practicable prior to the relevant Service Commencement Date, Customer shall use reasonable endeavours to provide (in respect of Incumbent Service Provider Personnel), full and complete particulars (which may be anonymised) in respect of each Incumbent Service Provider Personnel of the information set out in paragraphs 5.8(a)(i) to (xii) (replacing references to Potential Exit Employee with Incumbent Service Provider Personnel as appropriate).
2.2
Offers to Incumbent Service Provider Personnel




(a)
If there are Incumbent Service Provider Personnel who will not transfer to the Service Provider pursuant to paragraph 2.1(a), Customer may require the Service Provider to make a Service Provider Offer to such person on terms that are substantially equivalent in aggregate to those enjoyed by him or her immediately prior to the relevant Service Commencement Date.
(b)
Those Incumbent Service Provider Personnel who accept such Service Provider Offer shall, with effect from the relevant Service Commencement Date, be deemed to be Service Provider Personnel for the purposes of this Schedule 17.
3.
TRANSITIONED PERSONNEL ON COMMENCEMENT
3.1
Offer to Transitioned Personnel
(a)
The Service Provider shall make a Service Provider Offer to the Transitioned Personnel. For Transitioned Personnel who are employees of the Customer or Customer Group, such offer shall be on terms that are substantially equivalent in terms of their aggregate value to those enjoyed immediately prior to the relevant Service Commencement Date as disclosed by Customer to Service Provider (excluding any non-contractual benefits, share schemes or any scheme linked or related to the shares or share value of the Customer or member of the Customer Group). Neither party shall take any steps which will or which may be seen to have the effect of discouraging any such person from accepting the Service Provider Offer. Further, Customer and Service Provider shall co-operate in good faith in determining what constitutes “substantially equivalent in terms of their aggregate value” for the purposes of this Paragraph 3.1(a). No offer of employment shall be made under this Paragraph 3.1(a) to Transitioned Personnel until Customer confirms that it can be made such confirmation not be unreasonably withheld.
(b)
Those Transitioned Personnel who accept the Service Provider Offer shall, with effect from the relevant Service Commencement Date, be deemed to be Service Provider Personnel for the purposes of this Schedule 17.
(c)
If any Transitioned Personnel wishes to accept the Service Provider Offer, Customer shall (or shall procure that the relevant member of the Customer Group shall) waive the requirement on the Transitioned Personnel concerned to give any period of notice of termination of his or her employment or engagement so that they can commence employment or engagement with the Service Provider at the relevant Service Commencement Date.
4.
INDEMNITIES
4.1
Customer indemnity
Subject to paragraph 4.2, Customer shall indemnify and keep indemnified Service Provider and each Service Provider Entity against any Employment Liabilities in connection with:
(a)
[***]; and
(b)
[***].
4.2
Service Provider indemnity




Service Provider shall indemnify and keep indemnified Customer and each member of the Customer Group against any Employment Liabilities in connection with:
(a)
[***];
(b)
[***]; and
(c)
[***].
5.
Termination
5.1
Protected Acts in Protected Period
(a)
Subject to paragraph 5.1(b), neither Service Provider, nor any relevant member of the Service Provider Group shall, without Customer's prior written consent, during the Protected Period carry out a Protected Act in relation to any Potential Exit Employee employed in a country to which the Transfer Regulations apply.

(b)
If Customer so requests (such request to be reasonable) at any time during the Protected Period, and except where the parties have agreed in any exit management plan or otherwise that certain individuals or teams are required for transition or know-how purposes and provided also that such request will not hinder the Service Provider in providing the Services to the standards agreed between the parties Service Provider will take reasonable steps to redeploy any Potential Exit Employees employed in a country to which the Transfer Regulations apply so that he or she ceases to work wholly or mainly in the Services. Any such Potential Exit Employee who is redeployed under this paragraph will continue to be considered Service Provider Personnel for the purposes of paragraph 5.4.

5.2
Transfer of Exit Transfer Employees if Transfer Regulations apply
(a)
The parties acknowledge that the Transfer Regulations may apply on expiry or termination (in whole or in part) of the Services or this Agreement and that the employment of the Exit Transfer Employees (and to the extent provided for by the Transfer Regulations, any associated rights, duties, liabilities, or obligations) may transfer with effect from the Relevant Termination Date to Customer, a member of the Customer Group or Replacement Service Provider (as appropriate), subject to paragraph 5.2(b). In such event, each of the parties shall comply with their respective obligations under the Transfer Regulations.

(b)
If an Exit Transfer Employee voluntarily elects not to transfer in accordance with the Transfer Regulations, their employment or termination shall remain the responsibility of Service Provider, the relevant member of the Service Provider Group and Service Provider shall indemnify and keep indemnified Customer for its benefit and that of any member of the Customer Group or Replacement Service Provider against any Employment Liabilities in connection with such Exit Transfer Employee. Any such employee will still be considered an Exit Transfer Employee for the purposes of paragraphs 5.4(a) and 5.5 despite that election.

5.3
Responsibility for Exit Transfer Employees
(a)
[***].




(b)
[***].
5.4
Service Provider indemnity on termination
Service Provider shall indemnify and keep indemnified Customer for its benefit and that of any member of the Customer Group or Replacement Service Provider against any Employment Liabilities in connection with:
(a)
[***];
(b)
[***]; and
(c)
[***].
5.5
Customer indemnity on termination
Subject to paragraph 5.6 Customer shall indemnify and keep indemnified Service Provider, each member of the Supplier Group and any of their subcontractors against any Employment Liabilities in connection with any Exit Transfer Employee who transfers in accordance with Paragraph 5.2 and which arise from:
(a)
[***];
(b)
[***]; and
(c)
[***].
5.6
Persons other than Exit Transfer Employees who incorrectly transfer
For the avoidance of doubt, it is not the intention of the parties that the employment or obligations arising from the employment of any person other than Exit Transfer Employees under paragraph 5.2 should transfer to Customer, any member of the Customer Group or Replacement Service Provider in connection with the termination or expiry (in whole or in part) of the Agreement or the Services and, if this is or is alleged to be the case, the Service Provider and Customer agree that:
(a)
The Customer shall notify the Service Provider within seven days of becoming aware of such claim or allegation;
(b)
in consultation with Customer, the Service Provider shall, where reasonably practicable, within ten (10) Business Days of being so requested by Customer (provided that request is made by Customer within two (2) weeks of the Relevant Termination Date or the date of the notification referred to at clause 5.6(a) above, whichever is the later) (the “Exit Offer Period”) make to that person an offer in writing to employ him or her under a new contract of employment to take effect on the termination referred to below; and

Upon that offer being made, or at any time after the expiration of ten (10) Business Days after a request by Customer for Service Provider to make that offer but in any event within one calendar month of the expiry of the Exit Offer Period (or, if that is not lawfully possible, as soon as a termination can be carried out lawfully and effectively pursuant to local applicable law), Customer, a member of the Customer Group or a Replacement Service Provider (as appropriate) may terminate the employment or alleged employment of the person concerned (if not already terminated) and, provided




it, the relevant member of the Customer Group or Replacement Service Provider does so terminate such alleged employment within the period specified in this paragraph, Service Provider shall (except in relation to any individual to whom employment has been offered and accepted pursuant to paragraph 5.7 of this schedule) indemnify and keep indemnified Customer for its benefit and that of any member of the Customer Group or Replacement Service Provider against any Employment Liabilities in connection with (i) the employment of that person and (ii) the termination of that person's employment.
5.7
Employment of Service Provider Personnel to whom Transfer Regulations do not apply
(a)
In respect of any Service Provider Personnel to whom the Transfer Regulations do not apply, during the Protected Period Customer may make (or procure Replacement Service Provider to make) an offer to employ such Service Provider Personnel, provided always, in respect of any such Service Provider Personnel who were not Transitioned Personnel who will continue to be engaged in the provision of the Services at the Relevant Termination Date, that Service Provider has expressly agreed in writing, in advance that such offer may be made (and the Service Provider may refuse such request at its sole discretion). Any such offer shall take effect on the Relevant Termination Date. If such offer is made, Service Provider shall not take any steps which will or which may be seen to have the effect of discouraging any such employee from accepting that offer.

(b)
If no offer is made, or if the Service Provider Personnel for any reason does not accept such an offer, that Service Provider Personnel shall remain the responsibility of Service Provider. If any such Service Provider Personnel wishes to accept that offer, Service Provider shall, where reasonably practicable, waive the requirement on that Service Provider Personnel to give any period of notice to terminate his or her employment so that the Service Provider Personnel can commence employment with Customer or a Replacement Service Provider on or after the Relevant Termination Date.

5.8
Copies of records
(a)
Within 14 days of a request by Customer, such request being made at any time during the Protected Period, Service Provider shall provide Customer with full and complete particulars (which may be anonymised) in respect of each Potential Exit Employee employed in a country to which the Transfer Regulations apply of:
(i)
their name (to the extent permissible under local applicable law), sex, job title, the identity of their employer, and the date on which continuity of employment began for each such person for statutory purposes;
(ii)
copies of standard terms of employment, including handbooks and policies (including any terms of any relevant collective agreement) applicable to any Potential Exit Employee;
(iii)
their material terms and conditions of employment;
(iv)
details of remuneration payable (including any bonus or commission entitlements) and any other emoluments and benefits provided or which the employer is bound to provide (whether now or in the future), together with the terms upon which such remuneration, emoluments and benefits are payable;
(v)
any terms relating to the termination of their employment, including any redundancy procedures and any contractual redundancy pay scheme;
(vi)
dismissals of any Potential Exit Employee or termination of employment effected within 12 months of the date of termination;




(vii)
information on any disciplinary action, grievances or claims brought by any Potential Exit Employees in the preceding two years, or as would be required to be disclosed pursuant to the Transfer Regulations;
(viii)
details of sickness absence during the period of 12 months prior to the date of the request and whether any Potential Exit Employees are in receipt of any permanent health insurance, long term sickness, disability benefit or similar;
(ix)
all agreements or arrangements entered into in relation to Potential Exit Employees between Service Provider or any relevant sub-contractor or relevant employer and any trade union or association of trade unions or organisation or body of employees including elected representatives;
(x)
all strikes or other industrial action taken by any Potential Exit Employee within 12 months prior to the date of the request;
(xi)
information as to how long each Potential Exit Employee has been assigned to the Services, whether each Potential Exit Employee is permanently assigned to the Services and how much of each Potential Exit Employee's working time is spent working on the Services (as a percentage of their overall working time); and
(xii)
Service Provider shall, as soon as reasonably practicable, provide updated information in the event of any material changes to such particulars.

(b)
Within 14 days of a request by Customer, made at any time during the Agreement, Service Provider shall supply Customer with the particulars set out in Appendix 17-D of this agreement in relation to those Service Provider Personnel employed in a country to which the Transfer Regulations apply.

(c)
Service Provider shall permit Customer or the relevant member of the Customer Group to provide such particulars to a potential or prospective Replacement Service Provider, subject to Customer ensuring that such Replacement Service Provider enters into an appropriate confidentiality agreement with Service Provider. This paragraph shall be subject to compliance on the part of both Service Provider and Customer with any relevant data protection or privacy laws or regulations. If the provisions of those laws or regulations prohibit Service Provider’s full compliance with its obligations under this paragraph, then Service Provider shall be under a continuing obligation to take all such steps as it can lawfully undertake to ensure as full compliance with its obligations as possible with this paragraph.

(d)
Following the Relevant Termination Date, Service Provider shall deliver promptly or procure the delivery promptly to Customer, the relevant member of the Customer Group or the Replacement Service Provider which Customer notifies Service Provider is taking over the Service(s), copies of all personnel and employment records for the Exit Transfer Employees including the employees' employment contracts, social security and payroll records (or local equivalents) and all other similar information held by Service Provider in relation to the employment of those persons.

5.9
Third Party Rights
The parties agree that the provisions of this Schedule 17 can by their written agreement be rescinded, varied or substituted so as to extinguish, alter or substitute the benefits granted to all or any Replacement Service Provider without notice and without the consent or approval of any Replacement Service Provider, and with immediate effect from the date of agreement of the parties to such rescission variation or substitution.




6.
MUTUAL ASSISTANCE
(a)
The parties shall give each other such assistance as either may reasonably require to comply with the Transfer Regulations in relation to Transferring Customer Employees, Incumbent Service Provider Personnel or Service Provider Personnel and in contesting any claim by any person resulting from or in connection with the Agreement.
(b)
Customer and Service Provider will consult and keep the other fully informed regarding any information they propose to give to Transferring Customer Employees, Potential Exit Employees, Exit Transfer Employees and their representatives, or any consultation they have with those employees and their representatives as required under the Transfer Regulations, and each will offer the other reasonable opportunity to attend and participate in any meetings at which such information is given to, or there is such consultation with, those employees and their representatives.
(c)
Customer and Service Provider shall use all reasonable endeavours to mitigate any Employment Liabilities which they or any Supplier Entity or Customer Group Member, Replacement Service Provide or Incumbent Service Provider (as the case may be) suffer or incur and which may be recoverable from the other under this Schedule 17.
(d)
Customer and Service Provider shall give each other such assistance as either may reasonably require in respect of any obligations arising under this Agreement regarding Transitioned Personnel and Service Provider Personnel to whom the Transfer Regulations do not apply and shall consult and keep each other fully informed regarding any information they propose to give to such individuals. Further, to the extent it is considered appropriate, each party will offer the other reasonable opportunity to attend and participate in any meetings at which such information is given to, or there is such discussion with, those individuals.










Appendix 17 – A


Personnel list under this category will be updated post due diligence with the incumbent supplier.
[***]











Appendix 17 – B

Employees IDs
[***]












Appendix 17 – C
TRANSITIONED PERSONNEL
[***]














Appendix 17 – D
TEMPLATE

schedule17appendix17d_image1.gif










SCHEDULE 18

KEY PERSONNEL
1.
The following named Service Provider Personnel shall be Key Personnel for the purposes of clause 15 (Personnel). The reference to “Duration of Commitment” shall be interpreted by reference to clause 15.6.
1.1
TRANSITION AND COMMITTED TRANSFORMATION SERVICES
Name
Role & Key responsibilities
Duration of Commitment
[***]
Transition Manager – Off Shore
    Design and deliver end to end Transition plan to meet/align customer requirements.
    Accountable and responsible for seamless execution of various phases of Transition.
    Single point of ownership for overall program management involving SMEs / Project / Program Managers and other enabling functions/partners involved in transition.
     Manage and Track Project Milestones and Project expenses
    Prepare the Project Plan
    Follow agreed Project Management and Governance model and Processes
    Work closely with Project Stake holders/delivery team/Partners as applicable.
    Provide project updates and reporting to stake holders.
    Coordinate with Technical and Management teams
    Own the communication plan working with Customer stakeholders
    Proactive identification of project/program risks and drawing mitigation plan
    Smooth Handover to operations teams.
Until completion of Transition




[***]
IT Transition & Transformation Manager – UK
    Design and deliver end to end Transition plan to meet/align customer requirements.
    Accountable and responsible for seamless execution of various phases of Transition.
    Single point of ownership for overall program management involving SMEs / Project / Program Managers and other enabling functions/partners involved in transition.
     Manage and Track Project Milestones and Project expenses
    Prepare the Project Plan
    Follow agreed Project Management and Governance model and Processes
    Work closely with Project Stake holders/delivery team/Partners as applicable.
    Provide project updates and reporting to stake holders.
    Coordinate with Technical and Management teams
    Proactive identification of project/program risks and drawing mitigation plan
    Smooth Handover to operations teams.
Until completion of Transition
[***]
SNOW Project Manager
    Prepare detailed Project Plan
    Procure [***] license and get required role-based access to team members
    Identify Client stakeholders for requirement gathering across region, sign off authority, UAT Sign off authority
    Share the Data templates (CMDB, Foundation data) required to gather foundation data with Client
    Review, agree to the assumptions and dependencies with respect to (but not limited to) data gathering and data loading in accordance with the Change Control Procedure.
    Prepare plan for Train the Trainer session for process tools training
    Prepare deployment checklist or go live checklist
    Schedule – Go no go calls
Until completion of SNOW implementation




[***]
Cloud Programme Manager
    Create a detailed migration plan based on the assessment findings
    Monitor and track the progress and establish governance as agreed with stakeholders
    Engage a team of Architects and Infra developers to execute the plan
    Liaise with CoE in bringing in Tools and Accelerators required for execution and ensure that best practices are followed
    Produce hardware data-driven forecasts and Publish cloud resource consumption reports
24 months

1.2
COMMON SERVICES
Name
Role & Key responsibilities
Duration of Commitment
[***]

Common Services Lead
    Single point of operational contact and operational escalation for Service Management processes including service integration where Third Party Providers (TPPs), tools and service coordination is required
    Document and maintain the Operational Procedures for each of the service management processes
    Establish operations and Service management quality assurance and control programs
    Participate in Service improvement opportunities with the Customer, and provide Good Industry Practice recommendations to the Customer
    Interface and coordinate with Customer and third parties for Incident and Problem Management Services activities
    Recommend process improvements or Continuous Service Improvements that can help reduce the demand (Incidents, Major Incidents)
24 months







1.3
INFRASTRUCTURE MANAGEMENT SERVICES
Name
Role & Key responsibilities
Duration of Commitment
[***]
Delivery Lead, Infrastructure
    Responsible for end to end management of the Infrastructure service delivery which includes service delivery processes, people practices, customer satisfaction, performance reviews, contractual deliverables, risk management and governance
    Ensure that delivery team is aligned with Aspen requirements
    Review progress with Cognizant Team Leads & Aspen stakeholders
    Ensure compliance to agreed governance
    Adhere to SLA compliance and delivery of project status/SLA reports
    Identify, Initiate and Implement Continual service improvements and discuss with customer stakeholders
    Risk Management
    Timely escalation of issues including delays with 3rd party suppliers
24 months

1.4
OPERATIONS AND SERVICE DELIVERY SERVICES




Name
Role & Key responsibilities
Duration of Commitment
[***]
Delivery Lead, Operations and Service Delivery
    Single Point of Contact for Operations and Service Delivery services
    Forecasting and scheduling
    Ensure that team is providing frequent updates to users on the Incidents / Service Requests
    Track and Monitor aged tickets
    Responsible for up-skilling the team to improve FCR through left-shift and Knowledge Management
    Ensure compliance to agreed governance
    Adhere to SLA compliance and delivery of project status/Service Level Reports
    Identify, Initiate and Implement Continual service improvements and discuss with customer stakeholders
    Proactively work with Resolver Groups in case of unusual spike in volumes
24 months


1.5
APPLICATION MANAGEMENT SERVICES
Name
Role & Key responsibilities
Duration of Commitment
[****]
Run Service Lead UK
    Responsible for day-to-day delivery of the managed services support engagement and reports to the Service Lead
    Responsible for effective triaging and faster resolution of high severity issues and Major Incidents
    Ensures SLAs, KPIs and associated OLAs are maintained and met
    Performs periodic analytics of the Service Management data to come up with operational improvements
    Creates and Implements a “forward looking” plan for Process and Continual Service Improvements
    Works with relevant stakeholders to prioritize minor enhancements
    Coordinates with offshore delivery team
    Participates in status meetings to provide delivery updates
24 months




[***]
Delivery Lead offshore
    Responsible for day-to-day delivery of the managed services support engagement
    Ensures SLAs, KPIs and associated OLAs are maintained and met
    Performs periodic analytics of the Service Management data to come up with operational improvements
    Creates and Implements a “forward looking” plan for Process and Continual Service Improvements
    Coordinates with onsite delivery teams
24 months
[***]
Run Service Lead US
    Responsible for day-to-day delivery of the managed services support engagement and reports to the Service Lead
    Responsible for effective triaging and faster resolution of high severity issues and Major Incidents
    Ensures SLAs, KPIs and associated OLAs are maintained and met
    Performs periodic analytics of the Service Management data to come up with operational improvements
    Creates and Implements a “forward looking” plan for Process and Continual Service Improvements
    Works with relevant stakeholders to prioritize minor enhancements
    Coordinates with offshore delivery team
    Participates in status meetings to provide delivery updates
24 months
[***]
Run Service Analyst UK
    Responsible for incident and problem resolution
    Automation of tasks/ health checks resulting in elimination of time consuming and error prone manual tasks
    Works with the team to fulfil ad-hoc service requests
    Performs root cause analysis to implement fix for high severity issues and major incidents
    Provides data fixes for resolving batch and online issues
    Analyses impact of planned patch upgrades and provides resolution for any issues caused in the system
24 months

1.6
CHANGE MANAGEMENT SERVICES




Name
Role & Key responsibilities
Duration of Commitment
[***]
Offshore Delivery Lead
    Provides offshore oversight for the delivery and performance of the ITO Change Management, Run and T&T towers.
    Supports the resolution of escalations on SLA’s and KPI’s for Change Management, Run and T&T towers
    Supports the issue escalation, and proposed recommended actions to Customer and to Service Provider governance groups of any items that impact successful Change Management, Run and T&T delivery Offshore
    Supports ITO updates to, and issue escalation to Customer and to Service Provider governance groups
24 months







1.7
NETWORK MANAGEMENT SERVICES
Name
Role & Key responsibilities
Duration of Commitment
[***]
Delivery Lead, Network Services
    Responsible for end to end management of the network service delivery which includes service delivery processes, people practices, customer satisfaction, performance reviews, contractual deliverables, risk management and governance
    Ensure compliance to agreed governance
    Adhere to SLA compliance and delivery of project status/SLA reports
    Identify, Initiate and Implement Continual service improvements and discuss with customer stakeholders
    Risk Management
    Timely escalation of issues including delays with 3rd party suppliers
24 months

1.8
SECURITY SERVICES
Name
Role & Key responsibilities
Duration of Commitment
[***]
Information Security Officer
    Single point of contact for all Security queries from Aspen for the engagement.
    Coordinate and work closely with the Aspen security team to ensure that Aspen’s security considerations and policies are applied to the services being delivered by Service Provider.
    Support and address any queries around security received from the Aspen security team.
    Provide guidance on security compliances, policy interpretation and processes for the Service Provider delivery team for this engagement.
Assist in the evaluation and estimation of any security services to be provided to Aspen as an additional scope in this engagement
24 months






1.9
EXECUTIVE OVERSIGHT AND RELATIONSHIP MANAGEMENT
Name
Role & Key responsibilities
Duration of Commitment
[***]
CIO/ Head of Change
    Overall responsibility for the design, delivery and performance of the ITO contract and all associated services and Change Projects
    Agrees all contract Change Controls, and escalates for Service Provider approval where necessary
    Escalation point within the Service Provider team for all issues, requests that are not within the remit of the Service Provider service Managers or leads to resolve/agree
    Provides ITO update to, and issue escalation to Customer and to Service Provider governance groups
    Pro-actively monitors the overall ITO contract and provides recommendations for improvements to services and Change Management
24 months
[***]
DevOps & Agile
    Provides oversight for the design, delivery and performance of the Agile & DevOps CoE and Change Projects to support the ITO team in delivering effectively in this area
    Supports the issue escalation, and proposed recommended actions to Customer and to Service Provider governance groups of any items that impact successful DevOps & Agile delivery
    Pro-actively provides recommendations for improvements to services and Change Management for new / improved Agile & DevOps ideas /tools
12 months
[***]
Chief Architect
    Provides oversight for the design, delivery and performance of the Innovation fund
    Provides architecture support across all of the services and Change Projects
    Supports the issue escalation, and proposed recommended actions to Customer and to Service Provider governance groups of any items of an enterprise or technical architecture basis
    Pro-actively provides recommendations for areas to be considered for innovation fund investment
12 months




[***]
Cloud Transformation
    Provides oversight for the design, delivery and performance of the Cloud transformation
    Supports the issue escalation, and proposed recommended actions to Customer and to Service Provider governance groups of any items that impact successful Cloud Transformation delivery
    Pro-actively provides recommendations for improvements to services and Change Management for new / improved Cloud ideas /tools
12 months
[***]
UKI Insurance Head
    Provides oversight for the design, delivery and performance of the ITO contract
    Agrees all escalated contract Change Controls, and escalates for Management Service Provider approval where necessary
    Next level of escalation point within the Service Provider team for all issues, requests that are not within the remit of the Service Provider CIO
    Supports ITO update to, and issue escalation to Customer and to Service Provider governance groups
24 months
[***]
UKI Delivery Head
    Provides oversight for the delivery and performance of the ITO contract
    Supports the resolution of escalations on SLA’s and KPI’s
    Next level of escalation point within the Service Provider team for all issues, requests that are not within the remit of the Service Leads
    Supports ITO update to, and issue escalation to Customer and to Service Provider governance groups
24 months
[***]
RTB – US
    Provides oversight for the delivery and performance of the ITO contract in the US
    Supports the resolution of escalations on SLA’s and KPI’s in the US
    Supports the issue escalation, and proposed recommended actions to Customer and to Service Provider governance groups of any items that impact successful Services or Change delivery in the US
    Supports ITO update to, and issue escalation to Customer and to Service Provider governance groups
 





2.
The Service Provider shall ensure that each of the Key Personnel devotes substantially their whole time to the performance of the Services for the "Duration of Commitment" period set out in the table above, with the exception of those listed in paragraph 1.10 (Executive Oversight and Relationship Management) who shall only be required to devote such time as is reasonably required to enable them to deliver their oversight and relationship management duties.
3.
The Service Provider shall provide to the Customer, upon request, the curriculum vitae of any of the Key Personnel.
4.
The Service Provider shall ensure that all Key Personnel are given the appropriate levels of support and have sufficient time to perform their respective roles described above.
5.
This Schedule shall be updated to reflect any changes in Key Personnel pursuant to clause 15.7 (Replacement of Key Personnel).






SCHEDULE 19

COTS VENDOR USAGE RESTRICTIONS AND RELATED OBLIGATIONS

The Parties have agreed that, during the Term, this Schedule shall be updated as and when COTS Vendors are identified and agreed.

1.    Terms Applicable to COTS Vendor 1 – [***]

1.1
The Parties have agreed that as at the Effective Date the only COTS Vendor in scope is a [***] that trades as “[***]” (see Schedule 5 (Sub-Contractor List and Service Provider Tools)).

1.2    The Parties have further agreed that:

1.2.1
in connection with the Service Provider’s use of [***] products and services, the terms of clause [*** ]shall not apply; and

1.2.2
for the purposes 25.12.2 (Additional Terms for COTS Vendors) the following documents shall apply to the Customer Group’s (and its subcontractors) use of the [***] elements of the Services [***]. References to “clauses” below shall be deemed to be clauses of the [***] Use Agreement unless stated otherwise;

1.2.3
the parties to the [***] Use Agreement [***];

1.2.3
clause [***]of the [***] Use Agreement shall only apply to the extent necessary to interpret the clauses of the [***] Use Agreement and Exhibit A – Data Security Guide that apply to this Agreement [***];

1.2.4
clause [***] of the [***] Use Agreement shall apply save that:

(a)
[***]; and

(b)
[***].

1.2.5
clause [***] of the [***] Use Agreement [***].

1.2.6
clause [***] of the [***] Use Agreement [***].

1.2.7
clause [***] of the [***] Use Agreement [***] but it is noted that [***].

1.2.8
clauses [***] to the Customer Group’s (or its subcontractors’) use of the Service Now products or technology.

1.2.9
The Parties agree that clause [***] of the [***] Use Agreement shall apply save that:

(a)
[***];

(b)
[***].


[***]

1.3    Customer Group’s [***] Usage Rights and Restrictions

1.3.1
Set out in Table 1 below are the types of licences offered by [***] and the usage rights granted to the Customer Group as at the Effective Date.





Table 1
 
License Type
Customer Group
Requester User licenses
[***]
Fulfiller User Licenses
[***]
Approver User Licenses
[***]
Cloud Management
[***]
[***] Instances
[***]

1.3.2
The Parties agree that in the event the Customer Group requires additional Fulfiller User licences, Approver User licences, Cloud Management nodes or [***] Instances over and above those set out in Table 1 that this shall be agreed pursuant to the Contract Change Control Procedure and additional Charges payable by the Customer to the Service Provider for the same shall be calculated on the basis set out in Appendix 10-K (Service Catalogue) of Schedule 10.

To be clear, Requester Licences are unlimited and hence not subject to any additional Charges.


1.3.3
Solely for the purposes of interpreting the “License Types” referenced in paragraph 1.3.1 and to link the same to the [***] Use Agreement, the Parties agree that the following terms shall have the meanings set out below.

"Cloud Management" is the [***] module to define, administer, and measure workflows for provisioning cloud resources.

“Node” is a public or private virtual server provisioned and/or managed by the Cloud Management application.

"Approver User" is any User performing any of the functions set forth in the table below for an Approver User. An Approver User may only perform the functions set forth in the table below for an Approver User.

"Requester User" is any User that performs only the functions set forth in the table below for a Requester User.

"Fulfiller User" is any User other than an Approver User or Requester User. Without limitation, a Fulfiller User is any User that performs any function other than an Approver User function or Requester User function, including those set forth in the table below for a Fulfiller User.

"Process User" has the same use rights as "Fulfiller User".

1.3.5
Usage Summary Table (it being agreed the terms below are terms from [***] and are not defined terms under this Agreement):

[***]

1.4
In the event of any conflict between the (i) [***] Use Agreement and/or Exhibit A – Data Security Guide and (ii) the terms of this Agreement (i.e. the agreement that this Schedule 19 forms part of) in respect of Customer Group’s use of [***] software hereunder, the [***] Use Agreement and/or Exhibit A – Data Security Guide shall prevail (as applicable). As between the [***] Use Agreement and/or Exhibit A – Data Security Guide, the former shall prevail.

2.    Future COTS Vendors

2.1
The Parties agree that any future COTS Vendors shall be listed in the Schedule by reference to numbered paragraphs that incorporate or reference any applicable additional terms and conditions.











SCHEDULE 20
SOW AND WORK REQUEST PRO FORMAS

1.
SOW PRO FORMA
The pro forma Statement of Work is as set out in Appendix 20-A of this Schedule 20.

2.
WORK REQUEST PRO FORMA
2.1
The Parties shall work together in good faith to agree a pro forma Work Request by the First Service Commencement Date, using the Customer’s internal work request template as a starting point.  
2.2
Once agreed pursuant to Paragraph 2.1, the pro forma Work Request shall be added as a new Appendix 20-B to this Schedule 20 via the Contract Change Control Procedure. 










PRO FORMA SOW
SOW Number: 000[x]
Statement of Work
BETWEEN:
(1)
[ASPEN INSURANCE UK SERVICES LIMITED a company incorporated in England with registered number 04270446, whose registered office is at 30 Fenchurch Street, London, EC3M 3BD (the “UK Customer”) and];
(2)
[ASPEN INSURANCE U.S. SERVICES INC. a company incorporated in Delaware, United States, whose registered office is at 1209 Orange Street, Wilmington, DE 19801 (the “US Customer”); and]
(3)
[ASPEN BERMUDA LIMITED a company incorporated in Bermuda with company number 127314 and registration number 32866, whose registered office is at 141 Front Street, Hamilton, HM 19, Bermuda (the “Bermuda Customer”)]; and [Note: See note above regarding the relevant Aspen contracting entity or entities.]
(2)
[Service Provider Entity and Details] (“Service Provider”).
1.
General
1.1.
This SOW is made pursuant to and in accordance with the terms of [the IT outsourcing agreement between Cognizant Worldwide Limited, Aspen Insurance UK Services Limited, Aspen Insurance U.S. Services Inc. and Aspen Bermuda Limited on [insert date]] / [the Local Agreement between [Service Provider LSA Signatory] and [insert Aspen entity] on [insert date]] (the “Agreement”).
1.2.
Unless stated otherwise in this SOW, capitalised terms have the meaning set out in Schedule 1 (Definitions) of the Agreement, except that:
1.2.1.
[“Customer” in the Agreement and the Schedules thereto shall be read as a reference to the Customer under this SOW, save that the reference to “the Customer” in clause 3.5,  shall be read as a reference to Aspen Insurance UK Services Limited; and] [Drafting note: delete if the Aspen contracting entity is the UK entity]
1.2.2.
where the Customer under this SOW is the UK Customer, the US Customer or the Bermuda Customer, references in the Agreement and the Schedules thereto to the “UK Customer”, the “US Customer” or “Bermuda Customer” as applicable shall be deemed to be a reference to the Customer under this SOW.




Service Commencement Date
[insert]
Term
[insert]
Type of Services
Change Management Services [Or reference some other form of services, e.g. professional services or training.]
Overview
[Insert high level description of project and context in which the Services are being provided.]
Charges
See Appendix 3
Key Personnel
See Appendix 5
Customer contact
Name: [insert]
Tel: [insert]
Email: [insert]
Service Provider contact
Name: [insert]
Tel: [insert]
Email: [insert]
Linked SOWs
[Set out any SOW linked to this one for the purposes of an overall delivery programme or recovery of costs.]
Linked Change Control Note(s)
[Note: Where a Change Project will have an impact on the Run Services, e.g. a new application will need to be supported under the Application Management Services, this will need to be captured in a Change Control Note. Set out here the related Change Control Note(s), including the reference number and a brief description.]

2.
Scope: Services/Products/Deliverables and Methodology
2.1.
The Service Provider shall perform the Services and provide the Deliverables in accordance with the Service Description described in Appendix 1 to this SOW.
2.2.
In providing the Services, the Service Provider shall deliver the Deliverables identified in Appendix 2.
2.3.
[The Parties agree that for Projects related to Future Transformation, the terms of Appendix 2 of Schedule 8 (Transition and Transformation) of the Agreement shall apply to this SOW.]
3.
Implementation Plan and Milestones
The Service Provider shall commence provision of the Services with effect from [insert date] and shall comply with the implementation plan referred to in Appendix 2 (“Implementation Plan”) and the Milestones set out in Appendix 3.
[Drafting note: Ensure any Key Milestones (which if missed would cause a Material Service Failure) are also identified in Appendix 3.]
4.
Acceptance Criteria




In the absence of any specific Acceptance Criteria being set out in this SOW in relation to a particular Deliverable or Service, clause 6 (Acceptance) of the Agreement shall apply. 
5.
Incentive Mechanisms
5.1.
[Incentive payments and mechanism (if any) to be set out or referred to here – e.g. “holdback”, LDs etc.]
6.
Assumptions and Dependencies (including additional Customer Dependencies)
The Customer Dependencies and Service Provider assumptions are set out in Appendix 4.
7.
Early Termination Charges
7.1.
’[Insert or state “not applicable”]
8.
Material Service Failure
8.1.
[Set out any events that would be Material Service Failures]
9.
Special Conditions
9.1.
[Insert or state “not applicable”]
9.2.
[Note: The parties have agreed in the Agreement that, for Change Projects, Service Provider will not develop any standalone modifications, functionality or derivatives of Service Provider IPR without Customer’s prior written consent. For each Change Project that may involve modifications to Service Provider IPR they will consider whether to proceed with the SOW and the implications of the default IPR ownership position prior to execution. If nothing is set out here, the default is that ownership would remain with the Service Provider.]
9.3.
[Note: If Third Party IPR (including any COTS Vendor products) and/or Service Provider Tools are relevant, list here and speak to Legal.]
9.4.
[Note: If the UK Customer is not a party to this SOW, then a special condition will be required to empower the appropriate Aspen Affiliate to instruct the Service Provider in accordance with clause 3.5 of the Agreement. In these circumstances, please consult with Legal but, as a minimum, clause 3.5 will need to be repeated here as a special condition for this SOW with “UK Customer” substituted for the Aspen Affiliate that will be empowered to direct the Service Provider.]
10.
Transition Plan and Transition Services
10.1.
[Insert or state “not applicable”. This would cover, for example, the transition into service (and thus support under the Run Services) probably by reference to a paragraph in Appendix 1 and by linking to the CCNs referenced on the front page of this SOW. Essentially this is to cover the process of transition from a “build” project under the SOW to support etc. of the built project under the Application Management Services Annex to Schedule 2. ]
11.
Approved Subcontractors
In addition to those listed in Schedule 5 (Subcontractor List), the following shall be deemed to be Approved Subcontractors:
11.1.
[Insert or state “not applicable”]




12.
Governance and Progress Reports
12.1.
The Service Provider shall comply with the governance obligations set out in Schedule 12 (Governance and Service Management) to the Agreement and provide the following information at the frequency specified below:
Information/Report
Frequency and delivery date
[insert]
[insert]
[insert]
[insert]

12.2.
In addition, for the Services set out in this SOW the Service Provider shall attend the following regular project forums: [Drafting note: amend table below as applicable]
Meeting
Frequency
Agenda
Customer Attendees
Service Provider Attendees
[the individual Project Board for this project)
Weekly, [unless an alternative schedule is agreed and documented here]
Review of weekly progress, actions, risks, issues
 
Project manager, Technical lead, such other attendees as the Parties deem appropriate
ITO Delivery Board
Monthly
Review high level project progress
 
CIO, CTB Lead, India Delivery Lead, Lead Architect, such other attendees as the Parties deem appropriate
Change Advisory Board
Weekly or as needed
Approvals for production ready changes, scheduling of production change requests
 
CTB Lead, RTB Lead, Lead Architect, Delivery Lead India, such other attendees as Parties deem appropriate
Enterprise Architecture Board
Weekly
IT Strategy, Solution Design, Software and Technical Integration and Data Architecture
 
Lead Enterprise Architect, Technical Architect, Business Architect, Solution Architect, such attendees as Parties deem appropriate
Infrastructure Architecture Board
Weekly
Service and Infrastructure design to meet business requirements
 
Lead Enterprise Architect, Lead Infrastructure Architect, such attendees as Parties deem appropriate

The weekly progress report will be submitted to the Customer’s Project Manager, Customer’s CoE Lead (where appropriate) and the EPMO, no later than 16:00 on the day preceding the Project Review Board.





This SOW has been executed by the Parties on the date last written below:
For the Customer:
Pursuant to clause 3.5 of the Agreement, the Parties agree that the UK Customer is authorised to execute this SOW for and on behalf of each of the US Customer and the Bermuda Customer.
Signed by
duly authorised for and on behalf of
ASPEN INSURANCE UK SERVICES LIMITED
 
 
 
 
 
 
 
 
 
Name
 
 
 
 
 
Signature
 
 
 
 
 
Title
 
 
 
 
 
Date
 
 
Signed by
duly authorised for and on behalf of
ASPEN INSURANCE U.S. SERVICES INC.
 
 
 
 
 
Name
 
 
 
 
 
Signature
 
 
 
 
 
Title
 
 
 
 
 
Date
 
 
Signed by
duly authorised for and on behalf of
ASPEN BERMUDA LIMITED
 
 
 
 
 
Name
 
 
 
 
 
Signature
 
 
 
 
 
Title
 
 
 
 
 
Date
 
 





For Service Provider:
Signed by
duly authorised for and on behalf of
COGNIZANT WORLDWIDE LIMITED
 
 
 
 
 
 
 
 
 
Name
 
 
 
 
 
Signature
 
 
 
 
 
Title
 
 
 
 
 
Date
 
 


[To include for SOWs which include US work:-

For the purposes of acknowledging that Cognizant Technology Solutions US Corporation will be providing services on behalf of Cognizant Worldwide Limited in the United States only:

Name
 
Signature
 
Title
 
Date ]





Appendix 1
Services Description
1.
Background and Context
[Insert overview of the background of the project, to give context as to why the project is being done and what Services are required from the Service Provider)
2.
Scope
2.1.
The scope of the Services is to provide suitably skilled personnel to perform the activities required so as to deliver the Deliverables identified herein.
2.2.
[Note: the expectation is that details of the activities to be performed will be set out in the Appendix 2, assumptions will be set out at Appendix 4 and the Charges will be set out at Appendix 3. Consider referring to all three elements if you wish but otherwise the reference above will suffice.]
3.
Implementation
3.1.
The Service Provider shall provide the Implementation Plan which shall set out full details of how the Services under this SOW shall be delivered by the Service Provider. [Drafting note: include in the Implementation Plan any details of customer sites and locations, if different to Schedule 22.]
3.2.
The Service Provider shall be responsible for the overall management of the project and shall identify and resolve, or assist the Customer in the identification and resolution of, any problems encountered in the timely completion of each task identified in the Transition Plan, whether the task is the responsibility of the Service Provider, the Customer or a third party.
3.3.
The Service Provider shall provide the Customer with weekly progress reports that describe in reasonable detail the current status of the transition, indicate the progress of the work being performed, identify any actual or anticipated problems or delays, assess the impact of such problems or delays on the Service Provider’s provision of the Services and describe all actions being taken or to be taken to remedy such problems or delays.
4.
Acceptance
4.1.
The Parties shall comply with clause 6 (Acceptance) of the Agreement and the acceptance testing methodology set out in [paragraph [x] of Appendix 2]/[the “Acceptance Test Plan” annexed [TBC]/referenced [TBC]].
4.2.
Acceptance Items delivered under this SOW will adhere to their corresponding Acceptance Criteria set out in [paragraph [x] of Appendix 2]/[the “Acceptance Test Plan” annexed [TBC]/referenced [TBC]] at the time the relevant tests are undertaken. If those acceptance tests are not passed any additional work to meet the relevant Acceptance Criteria will be carried out at the Service Provider’s expense.
5.
Warranties
5.1.
The Parties acknowledge that the warranties are as set out in clause 29 (Representation and Warranties) of the Agreement.
5.2.
[Either state: ‘Beyond those warranties no specific performance warranties are provided under this SOW’ or set out the specific performance warranties.]





SCHEDULE 21

DATA TRANSFER AND PROCESSING
PART A – DATA TRANSFER
1.
Pursuant to clause 27.11 of this Agreement, the Parties shall enter into the ‘Data Protection Model Clauses’ in the form set out in the Annex to this Schedule 21.
PART B – DATA PROCESSING
2.
Description of the data processing
2.1
The data processing activities carried out by the Service Provider under this Agreement may be described as follows, and as further described in Schedule 2 (Service Descriptions):
2.1.1
Nature, purpose and subject matter:
Processing the Customer Group’s employees and end customers’ personal data for the purposes of the provision of information technology outsourcing services by the Service Provider in relation to each of the following, as more particularly described in Schedule 2 (Service Descriptions):
1.
general service management and oversight activities related to the services described below;
2.
IT infrastructure management related services (including managing the Customer’s data centres and hardware and software estate);
3.
IT related operational and service delivery management related services;
4.
software application management (including support and maintenance) related services;
5.
services related to developing and delivering new and/or improved software applications and related materials; and
6.
services related to the management of the Customer’s networks.
2.1.2
Duration:
The Term of the Agreement.
2.1.3
Data categories:
Personal data contained within: employee records relating to the Customer Group’s employees (including dependents, partners and issue), consultants, temporary workers; and the insurance policy records relating to the Customer Group’s end customers (including insured, beneficiaries, claimants and third parties), such as, for example: names, addresses, dates of birth, national identity numbers and health conditions.
2.1.4
Data subjects:




The Customer Group’s employees (including dependents, partners and issue), consultants, temporary workers; and the Customer Group’s end customers (including insured, beneficiaries, claimants and third parties).
2.2
List of instructions with respect to the processing of Customer Personal Data
See Schedule 7 (Security – IT & Physical) and clause 27 (Data Protection) for the instructions on data protection and security.





ANNEX
DATA PROTECTION MODEL CLAUSES
The parties have agreed on the following contractual clauses (the “Clauses”) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the Data Exporter to the Data Importer of the Personal Data specified in Appendix 1.
1.
DEFINITIONS

For the purposes of the Clauses:
“Personal Data”, “Special Categories of Data”, “Process/Processing”, “Controller”, “Processor”, “Data Subject” and “Supervisory Authority”
shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the Processing of Personal Data and on the free movement of such data (the Directive);
“Data Exporter”
means the Controller who transfers the Personal Data;
“Data Importer”

means the Processor who agrees to receive from the Data Exporter Personal Data intended for Processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not subject to a third country’s system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC;
“Subprocessor”
means any Processor engaged by the Data Importer or by any other Subprocessor of the Data Importer who agrees to receive from the Data Importer or from any other Subprocessor of the Data Importer Personal Data exclusively intended for Processing activities to be carried out on behalf of the Data Exporter after the transfer in accordance with his instructions, the terms of the Clauses and the terms of the written subcontract;
“Applicable Data Protection Law”
means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the Processing of Personal Data applicable to a data Controller in the Member State in which the Data Exporter is established;
“Technical and Organisational Security Measures”
means those measures aimed at protecting Personal Data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the Processing involves the transmission of data over a network, and against all other unlawful forms of Processing.
    
2.
DETAILS OF THE TRANSFER





The details of the transfer and in particular the special categories of Personal Data where applicable are specified in Appendix 1 which forms an integral part of the Clauses.
3.
THIRD-PARTY BENEFICIARY CLAUSE

3.1
The Data Subject can enforce against the Data Exporter this Clause, Clause 4(b) to (i), Clause 5(a) to (e), and (g) to (j), Clause 6(1) and (2), Clause 7, Clause 8(2), and Clauses 9 to 12 as third-party beneficiary.

3.2
The Data Subject can enforce against the Data Importer this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where the Data Exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the Data Exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the Data Exporter, in which case the Data Subject can enforce them against such entity.

3.3
The Data Subject can enforce against the Subprocessor this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where both the Data Exporter and the Data Importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the Data Exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the Data Exporter, in which case the Data Subject can enforce them against such entity. Such third-party liability of the Subprocessor shall be limited to its own Processing operations under the Clauses.

3.4
The parties do not object to a Data Subject being represented by an association or other body if the Data Subject so expressly wishes and if permitted by national law.

4.
OBLIGATIONS OF THE DATA EXPORTER

The Data Exporter agrees and warrants:
(a)
that the Processing, including the transfer itself, of the Personal Data has been and will continue to be carried out in accordance with the relevant provisions of the Applicable Data Protection Law (and, where applicable, has been notified to the relevant authorities of the Member State where the Data Exporter is established) and does not violate the relevant provisions of that State;

(b)
that it has instructed and throughout the duration of the Personal Data Processing services will instruct the Data Importer to Process the Personal Data transferred only on the Data Exporters’ behalf and in accordance with the Applicable Data Protection Law and the Clauses;

(c)
that the Data Importer will provide sufficient guarantees in respect of the Technical and Organisational Security Measures specified in Appendix 2 to these Clauses;

(d)
that after assessment of the requirements of the Applicable Data Protection Law, the security measures are appropriate to protect Personal Data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the Processing involves the transmission of data over a network, and against all other unlawful forms of Processing, and that these measures ensure a level of security appropriate to the risks presented by the Processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;

(e)
that it will ensure compliance with the security measures;

(f)
that, if the transfer involves Special Categories of Data, the Data Subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC;





(g)
to forward any notification received from the Data Importer or any Subprocessor pursuant to Clause 5(b) and Clause 8(3) to the data protection Supervisory Authority if the Data Exporter decides to continue the transfer or to lift the suspension;

(h)
to make available to the Data Subjects upon request a copy of the Clauses, with the exception of Appendix 2, and a summary description of the security measures, as well as a copy of any contract for subprocessing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;

(i)
that, in the event of subprocessing, the Processing activity is carried out in accordance with Clause 11 by a Subprocessor providing at least the same level of protection for the Personal Data and the rights of Data Subject as the Data Importer under the Clauses; and

(j)
that it will ensure compliance with Clause 4(a) to (i).

5.
OBLIGATIONS OF THE DATA IMPORTER

The Data Importer agrees and warrants:
(a)
to Process the Personal Data only on behalf of the Data Exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the Data Exporter of its inability to comply, in which case the Data Exporter is entitled to suspend the transfer of data and/or terminate the contract;

(b)
that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the Data Exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the Data Exporter as soon as it is aware, in which case the Data Exporter is entitled to suspend the transfer of data and/or terminate the contract;

(c)
that it has implemented the Technical and Organisational Security Measures specified in Appendix 2 before Processing the Personal Data transferred;

(d)
that it will promptly notify the Data Exporter about:

(ii)
any legally binding request for disclosure of the Personal Data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation,

(iii)
any accidental or unauthorised access, and

(iv)
(any request received directly from the Data Subjects without responding to that request, unless it has been otherwise authorised to do so;

(a)
to deal promptly and properly with all inquiries from the Data Exporter relating to its Processing of the Personal Data subject to the transfer and to abide by the advice of the Supervisory Authority with regard to the Processing of the data transferred;

(b)
at the request of the Data Exporter to submit its data Processing facilities for audit of the Processing activities covered by the Clauses which shall be carried out by the Data Exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the Data Exporter, where applicable, in agreement with the Supervisory Authority;





(c)
to make available to the Data Subject upon request a copy of the Clauses, or any existing contract for subprocessing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Appendix 2 which shall be replaced by a summary description of the security measures in those cases where the Data Subject is unable to obtain a copy from the Data Exporter;

(d)
that, in the event of subprocessing, it has previously informed the Data Exporter and obtained its prior written consent;

(e)
that the Processing services by the Subprocessor will be carried out in accordance with Clause 11;

(f)
to send promptly a copy of any Subprocessor agreement it concludes under the Clauses to the Data Exporter.

6.
LIABILITY

6.1
The parties agree that any Data Subject, who has suffered damage as a result of any breach of the obligations referred to in Clause 3 or in Clause 11 by any party or Subprocessor is entitled to receive compensation from the Data Exporter for the damage suffered.

6.2
If a Data Subject is not able to bring a claim for compensation in accordance with paragraph 1 against the Data Exporter, arising out of a breach by the Data Importer or his Subprocessor of any of their obligations referred to in Clause 3 or in Clause 11, because the Data Exporter has factually disappeared or ceased to exist in law or has become insolvent, the Data Importer agrees that the Data Subject may issue a claim against the Data Importer as if it were the Data Exporter, unless any successor entity has assumed the entire legal obligations of the Data Exporter by contract of by operation of law, in which case the Data Subject can enforce its rights against such entity.

6.3
The Data Importer may not rely on a breach by a Subprocessor of its obligations in order to avoid its own liabilities.

6.4
If a Data Subject is not able to bring a claim against the Data Exporter or the Data Importer referred to in Clauses 6.1 and 6.2, arising out of a breach by the Subprocessor of any of their obligations referred to in Clause 3 or in Clause 11 because both the Data Exporter and the Data Importer have factually disappeared or ceased to exist in law or have become insolvent, the Subprocessor agrees that the Data Subject may issue a claim against the data Subprocessor with regard to its own Processing operations under the Clauses as if it were the Data Exporter or the Data Importer, unless any successor entity has assumed the entire legal obligations of the Data Exporter or Data Importer by contract or by operation of law, in which case the Data Subject can enforce its rights against such entity. The liability of the Subprocessor shall be limited to its own Processing operations under the Clauses.

7.
MEDIATION AND JURISDICTION

7.1
The Data Importer agrees that if the Data Subject invokes against it third-party beneficiary rights and/or claims compensation for damages under the Clauses, the Data Importer will accept the decision of the Data Subject:

(a)
to refer the dispute to mediation, by an independent person or, where applicable, by the Supervisory Authority;

(b)
to refer the dispute to the courts in the Member State in which the Data Exporter is established.
7.2
The parties agree that the choice made by the Data Subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law.

8.
COOPERATION WITH SUPERVISORY AUTHORITIES





8.1
The Data Exporter agrees to deposit a copy of this contract with the Supervisory Authority if it so requests or if such deposit is required under the Applicable Data Protection Law.

8.2
The parties agree that the Supervisory Authority has the right to conduct an audit of the Data Importer, and of any Subprocessor, which has the same scope and is subject to the same conditions as would apply to an audit of the Data Exporter under the Applicable Data Protection Law.

8.3
The Data Importer shall promptly inform the Data Exporter about the existence of legislation applicable to it or any Subprocessor preventing the conduct of an audit of the Data Importer, or any Subprocessor, pursuant to paragraph 2. In such a case the Data Exporter shall be entitled to take the measures foreseen in Clause 5 (b).

9.
GOVERNING LAW

The Clauses shall be governed by the law of the Member State in which the Data Exporter is established, namely ……………………………………………………………………………….
10.
VARIATION OF THE CONTRACT

The parties undertake not to vary or modify the terms of the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clause.
11.
SUBPROCESSING
 
11.1
The Data Importer shall not subcontract any of its Processing operations performed on behalf of the Data Exporter under the Clauses without the prior written consent of the Data Exporter. Where the Data Importer subcontracts its obligations under the Clauses, with the consent of the Data Exporter, it shall do so only by way of a written agreement with the Subprocessor which imposes the same obligations on the Subprocessor as are imposed on the Data Importer under the Clauses Where the Subprocessor fails to fulfil its data protection obligations under such written agreement the Data Importer shall remain fully liable to the Data Exporter for the performance of the Subprocessor's obligations under such agreement.
 
11.2
The prior written contract between the Data Importer and the Subprocessor shall also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the Data Subject is not able to bring the claim for compensation referred to in Clause 6.1 against the Data Exporter or the Data Importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the Data Exporter or Data Importer by contract or by operation of law. Such third-party liability of the Subprocessor shall be limited to its own Processing operations under the Clauses.

11.3
The provisions relating to data protection aspects for subprocessing of the contract referred to in paragraph 1 shall be governed by the law of the Member State in which the Data Exporter is established, namely [X,Y, Z]

11.4
The Data Exporter shall keep a list of subprocessing agreements concluded under the Clauses and notified by the Data Importer pursuant to Clause 5(j), which shall be updated at least once a year. The list shall be available to the Data Exporter's data protection Supervisory Authority.

12.
OBLIGATION AFTER THE TERMINATION OF PERSONAL DATA PROCESSING SERVICES

12.1
The parties agree that on the termination of the provision of data Processing services, the Data Importer and the Subprocessor shall, at the choice of the Data Exporter, return all the Personal Data transferred and the copies thereof to the Data Exporter or shall destroy all the Personal Data and certify to the Data Exporter that it has done so, unless legislation imposed upon the Data Importer prevents it from returning or destroying all or part of the Personal Data transferred. In that case, the Data Importer warrants that it will guarantee the




confidentiality of the Personal Data transferred and will not actively Process the Personal Data transferred anymore.

12.2
The Data Importer and the Subprocessor warrant that upon request of the Data Exporter and/or of the Supervisory Authority, it will submit its data Processing facilities for an audit of the measures referred to in paragraph 12.1.






On behalf of the data exporter:
Name (written out in full):    
Position:    
Address:    
Other information necessary in order for the contract to be binding (if any):    
Signature……………………………………….
(stamp of organisation)
On behalf of the data importer:
Name (written out in full):    
Position:    
Address:    
Other information necessary in order for the contract to be binding (if any):
Signature……………………………………….
(stamp of organisation)









APPENDIX 1
DETAILS OF THE TRANSFER
This Appendix forms part of the Clauses and must be completed and signed by the parties:
Data exporter
[Insert the data exporter and specify briefly the activities relevant to the transfer]
[List systems to which the processor has access]
Data importer
[Insert the data importer and specify briefly the activities relevant to the transfer]
[List systems to which the processor has access]
Data Subjects
The personal data transferred concern the following categories of data subjects (please specify):
………………….…...………………………………………………………………………………………
Categories of data
The personal data transferred concern the following categories of data (please specify):
………………………………………………………………………………………………………………

Special categories of data (if appropriate)
The personal data transferred concern the following special categories of data (please specify):
………………………………………………………………………………………………………………

Processing operations
The personal data transferred will be subject to the following basic processing activities (please specify):
………………………………………………………………………………………………………………

DATA EXPORTER                    DATA IMPORTER
Name: ............................... ...... ............................................

Authorised signature
.............................. ........... .... ............................................





APPENDIX 2
TECHNICAL AND ORGANISATIONAL SECURITY MEASURES

This Appendix forms part of the Clauses and must be completed and signed by the parties:
Description of the Technical and Organisational Security Measures implemented by the Data Importer in accordance with Clauses 4(d) and 5(c) (or document/legislation attached):
1.Definitions. Capitalized terms used in this Appendix 2 have the following meanings:

1.1
Personal Data means personal data (as defined under applicable data protection law) processed by Importer on behalf of Exporter pursuant to this Agreement.

1.2
Exporter Systems means information systems and resources supplied or operated by Exporter or its other service providers or operated by or in possession of Importer in order to provide Services, including network infrastructure, computer systems, workstations, laptops, hardware, software, databases, storage media, proprietary applications, printers, and internet connectivity.


1.3
Importer Infrastructure means information processing resources supplied or operated by Importer, including without limitation, network infrastructure, computer systems, workstations, laptops, hardware, software, databases, storage media, printers, proprietary applications, internet connectivity, printers and hard drives that are used, either directly or indirectly, in support of Importer’s Processing.

1.4
Importer Processing means any information collection, storage or processing (as defined by applicable data protection law) performed by Importer or its approved subcontractors: (a) that directly or indirectly supports the Services now or hereafter furnished to Exporter under the Agreement, and (b) using any Personal Information.

1.5
Security Incident means (i) any act or omission that compromises the security, confidentiality, privacy, availability, or integrity of Personal Data; (ii) the attempted or successful unauthorized access, use, disclosure, modification, or destruction of Personal Data or interference with system operations that contain Personal Data; (iii) a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored or otherwise processed. Provided, however, that the definition of Security Incident shall not include those non-material attempts.

1.6
When used in this Annex, “include” and similar words (like “includes”, “including”) are deemed to be followed by the phrase “without limitation.”

2.
Description of the technical and organizational measures implemented by the Data Importer within Importer Infrastructure

2.1
Taking into account the available technology, the costs of implementation and the nature, scope, context and purposes of processing, as well as the risk to data subjects’ rights, Importer has agreed to implement the following technical and organisational measures within Importer Infrastructure used to render services to Exporter in respect of the Personal Data, designed to provide a level of security appropriate to the risk.





2.2
Without prejudice to the generality of its obligations set out in this Appendix, Importer will ensure that any of its personnel engaged in processing Exporter’s Personal Data are aware of and comply with those of Exporter’s policies and procedures made available to Importer pursuant to the terms and conditions of the Outsourcing Agreement in place between them.

3.Information Security Management Programme and Policies.

3.1
Policies and Procedures. Importer shall maintain written security management policies and procedures designed with the intent to prevent, detect, contain, and correct breaches of measures taken to protect the confidentiality, integrity, availability, or security of Personal Data. These policies and procedures shall:
(a)
assign specific data security responsibilities and accountabilities to specific individual(s); and
(b)
include a risk management programme that includes periodic risk assessments.

3.2
Infrastructure Protection. To the extent applicable to the provision of the services provided to Exporter, Importer shall maintain policies and procedures to protect Importer Infrastructure, including:
(a)
security programmes (policies, standards, processes, etc.);
(b)
processes for becoming aware of, and maintaining, security patches and fixes;
(c)
procedures for employing mechanisms to restrict access to the Importer Infrastructure, including all local-site networks that may be accessed via the internet (whether or not such sites transmit information);
(d)
procedures designed to protect the Importer Infrastructure against attack and penetration; and
(e)
processes designed to prevent, detect, and eradicate viruses.

4.Access Control.

4.1
Identification and Authentication. Access to Personal Data or any Importer Infrastructure shall be Identified and Authenticated as defined in this clause. “Identification” or “Identified” refers to processes that establish the identity of the person requesting access to the Personal Data and/or Importer Infrastructure. “Authentication” refers to processes that validate the purported identity of the requestor. For access to Personal Data or Importer Infrastructure, Importer shall require Authentication by the use of an individual, unique user ID and an individual password or other appropriate Authentication technique. Importer shall maintain procedures designed for the protection, integrity, and soundness of any passwords created by Importer and/or used by Importer in connection with the performance of the services to Exporter.

4.2
Account Administration. Importer shall maintain appropriate processes for requesting, approving, and administering accounts and access privileges for Importer Infrastructure and Personal Data, and shall include procedures for granting and revoking emergency access to Importer Infrastructure.

4.3
Access Control. Importer shall maintain appropriate access control mechanisms designed with the intent to prevent access to Personal Data and/or Importer Infrastructure, except by authorized users. The access and privileges granted shall be limited to the minimum necessary to perform the assigned functions. Importer shall maintain appropriate mechanisms and processes designed to detect, record, analyze, and resolve unauthorized attempts to access Personal Data or Importer Infrastructure.


5.Personnel Security.





5.1
Access to Personal Data. Importer shall require its personnel and its approved sub-Importers’ personnel who have, or may be expected to have, access to Personal Data or Exporter Systems to comply with the provisions of this Annex. Importer shall remain responsible for any breach of this Annex by its personnel or the personnel of its approved sub-Importers.

5.2
Security Awareness. Importer shall require that its employees and approved sub-Importers remain aware of Importer’s security practices, and their responsibilities for protecting Personal Data. This shall include:
(a)
protection against viruses;
(b)
appropriate password protection and password management practices; and
(c)
appropriate use of workstations and computer system accounts.

6.Risk Management.

6.1
General Requirements. Importer shall maintain appropriate safeguards and controls and exercise due diligence designed to protect Personal Data and Importer Infrastructure against unauthorized access, use, and/or disclosure, considering:
(a)
the applicable data protection law;
(b)
information technology and industry practices;
(c)
the type of Personal Data; and
(d)
the relative level and severity of risk of harm should the integrity, confidentiality, availability or security of Personal Data be compromised, as determined by Importer as part of an overall risk management programme.

6.2
Security Evaluations. Importer shall periodically evaluate its processes and systems for compliance with obligations imposed by applicable data protection law or contract with respect to the confidentiality, integrity, availability, and security of Personal Data and Importer Infrastructure. Importer shall document the results of these evaluations and any remediation activities taken in response to these evaluations.

6.3
Internal Records. Importer shall maintain and implement policies and programmes to capture, record, and examine information relevant to Security Incidents and other security-related events. In response to such events, Importer shall take appropriate action to address and remediate identified vulnerabilities to Personal Data and Importer Infrastructure.

7.
Physical Security. Importer shall maintain appropriate physical security controls (including facility and environmental controls) designed to prevent unauthorized physical access to Importer Infrastructure and areas in which Personal Data are stored or processed. Importer shall adopt and implement a written facility security plan that documents these controls and the policies and procedures through which these controls will be maintained. Importer shall maintain appropriate records of maintenance performed on Importer Infrastructure and on the physical control mechanisms used to secure Importer Infrastructure.

8.Communications Security.

8.1
Encryption. Where applicable, Importer shall maintain encryption, in accordance with standards mutually agreed upon between the parties, for all transmission of Personal Data via public networks.

8.2
Protection of Storage Media. Importer shall delete Personal Data from all storage media prior to disposal or re-use. All media on which Personal Data is stored shall be protected against unauthorized access or modification. Importer shall maintain reasonable and appropriate processes and mechanisms designed to




maintain accountability and tracking of the receipt, removal and transfer of storage media used for Importer Processing or on which Personal Data has been stored.

8.3
Data Integrity. Importer shall maintain processes designed to prevent unauthorized or inappropriate modification of Personal Data that is processed by Importer.

9.
Remote Access to Exporter Systems. Importer’s remote access to Exporter Systems shall be limited to the extent minimally necessary to provide the services to Exporter.

10.
Security Incident Monitoring and Response. Importer shall maintain processes designed to detect, identify, report, respond to, and resolve Security Incidents in a timely manner, and will have processes and procedures in place to notify Exporter as required by applicable data protection law or as agreed otherwise between Importer and Exporter.

11.
Business Continuity Management. Importer shall have a plan in place designed to counteract interruptions to business activities and protect critical business processes from the effects of major failures of information systems or disasters. Such plans shall be designed to restore business operations in a timely manner.

12.
Exporter System Security. In relation to any Exporter Systems used or operated by or in possession of Importer in order to provide Services, Exporter agrees and acknowledges that Importer shall only be required to implement the security measures set forth in Annex 7 (Security Services) to Schedule 2 (Service Descriptions) of the Agreement. Exporter has performed an appropriate risk assessment to determine whether the security measures within Annex 7 (Security Services) to Schedule 2 (Service Descriptions) of the Agreement provide an adequate level of security, taking into account the nature, scope, context and purposes of the processing, the risks associated with the Personal Data and the Applicable Legal Requirements. The Exporter is solely responsible for determining the adequacy of the security measures set out in Annex 7 (Security Services) to Schedule 2 (Service Descriptions) in relation to any processing carried out by Importer using Exporter Systems. If during the term of the Agreement, Exporter determines that any additional security measures are required beyond the terms set forth in Annex 7 (Security Services) to Schedule 2 (Service Descriptions), the parties shall agree to mutually discuss and implement such measures in accordance with the change control procedure set out in the Agreement.

….    
DATA EXPORTER                    DATA IMPORTER
Name: ..................................... ............................................

Authorised signature
................................................. ............................................





SCHEDULE 22
LOCATIONS AND SITE LICENCE
1.
SCOPE AND PURPOSE
1.1
This purpose of this Schedule 22 is to set out:
1.1.1
the regime for the provision of specific services and facilities by the Customer at the Customer’s Sites to enable the Service Provider to provide the Services in accordance with the Agreement; and
1.1.2
the respective obligations of the Customer and Service Provider governing the use of the Customer’s Sites.
2.
LICENCE
2.1
The Customer hereby grants to the Service Provider a non-exclusive licence to enter and remain on so much of the Designated Areas only for so long as and to the extent necessary from time to time to enable the Service Provider to provide the Services (the “Site Licence”). The Parties shall keep the Designated Areas under review in order to ensure sufficient space is available to permit the Service Provider to effectively manage the provision of the Services.
2.2
The Site Licence shall continue until the expiry or termination of the Agreement for whatever reason or upon the Service Provider ceasing to provide the Services under the Agreement, whichever is sooner.
2.3
Subject always to the Service Provider’s compliance with clause 15 of the Agreement (Personnel), the Site Licence is exercisable by the Service Provider, its employees, agents and Approved Sub-Contractors (including employees and agents of its Affiliates and Approved Subcontractors) save in relation to the office accommodation provided at paragraph 5.1 which shall only be exercised by the Service Provider and Service Provider Personnel in accordance with paragraph 5.1.
2.4
The Service Provider acknowledges that the Customer is entitled to exclusive control and possession of the Designated Areas and other sites and nothing in the Site Licence is intended to create a letting of the Designated Areas or other sites or to confer any rights on the Service Provider, whether under common law or any enactment, greater than a bare licence on the terms of the Site Licence.
2.5
The Site Licence is personal to the Service Provider and cannot be transferred, assigned or sub-licenced except as part of a solvent restructure of the Service Provider group of companies or where all or the majority of the assets of the Service Provider are purchased by a third party.
3.
DESIGNATED AREAS
The Designated Areas of the Customer Sites, for the purposes of this Schedule, are set out in Appendix 1 to this Schedule.




4.
OTHER SITES
The Customer shall use Commercially Reasonable Efforts to procure access to Other Sites for the Service Provider for the purpose of performing the Services when reasonably requested by the Service Provider.
5.
PROVISION OF ON-SITE FACILITIES
5.1
At the Site(s) listed in Appendix 1, the Customer shall use Commercially Reasonable Efforts to provide, at no charge and at all relevant times, non-exclusive office accommodation as described in Appendix 1 for Service Provider Personnel and the office services as detailed in paragraph 5.2 for the Service Provider’s reasonable use at any one time for the purpose of providing the Services in accordance with the Agreement.
5.2
The Customer shall provide to the Service Provider Personnel, at no charge, the following office services in accordance with paragraph 5.1:
5.2.1
ID security cards (provided always that Service Provider Personnel who cease providing Services or who cease to provide Services at the applicable Designated Area shall surrender their ID security cards immediately);
5.2.2
office cleaning services and toilet facilities;
5.2.3
air conditioning (where available) in the same manner as it is provided to the Customer’s employees working in the vicinity of the relevant Service Provider Personnel;
5.2.4
lockable office filing cabinet storage facilities, with corresponding keys;
5.2.5
security services in the same manner as are provided to the Customer;
5.2.6
access to catering and staff restaurant facilities as are provided to the Customer’s employees from time to time;
5.2.7
photocopier facilities;
5.2.8
use of office furniture;
5.2.9
subject to appropriate control by the Customer, associated telephone and computer access facilities including computer ports for access to the Service Provider and Customer networks and e-mail; and
5.2.10
access to meeting rooms and associated equipment such as projector and speaker-phone in the same manner as provided to the Customer’s employees working in the Customer’s main offices from time to time.
5.3
For the avoidance of doubt, where the Service Provider does not utilise the services and facilities made available by the Customer in accordance with paragraphs 5.1 and 5.2 it shall pay for the cost of any alternatives to such services and facilities. Nothing in this Schedule shall require the Customer to bear the Service Provider’s cost of any requirements related to office accommodation or premises that it may have incurred from time to time that are not provided for under the Agreement.




6.
RELOCATION AND SUSPENSION OF OFFICE SERVICES
The Customer may at any time (subject to giving the Service Provider reasonable notice where practicable (except in an emergency)) relocate the Service Provider to alternative Customer Sites (including moving the Service Provider to physically separate sites) and/or suspend some or all of the office services referred to in paragraphs 5.1 and 5.2 provided that the Customer shall use Commercially Reasonable Efforts to ensure that any alternate Customer Sites enable the Service Provider to continue to provide the Services at the contracted levels.
7.
SERVICE PROVIDER’S OBLIGATIONS
7.1
In addition and without prejudice to its obligations under clause 15 (Personnel), the Service Provider warrants, represents and undertakes to the Customer that it shall:
7.1.1
keep the Designated Areas and Other Sites clean, tidy and in good order and not use the Designated Areas or Other Sites or permit them to be used in such a way as to cause: (i) any nuisance, obstruction, damage or disturbance to the Customer or its staff, contractors or visitors; or (ii) waste or damage to such Sites (except for normal wear and tear);
7.1.2
observe all Relevant Laws and Customer Standards and Policies applicable to the use or occupancy of any Designated Area or Other Site together with any other reasonable requests and other policies, conditions, timescales and security provisions (which for the avoidance of doubt includes all requests relating to security and/or health and safety) for use of the Designated Areas and Other Sites which the Customer makes available to the Service Provider from time to time and the Service Provider shall procure that the Service Provider Personnel and the Service Provider’s agents and sub-contractors observe and comply with the same;
7.1.3
only access Designated Areas or Other Sites during the times such areas and sites are normally open for the Customer’s employees, unless otherwise agreed between the Parties;
7.1.4
keep a record of all Service Provider Personnel and the Service Provider’s agents and sub-contractors who, at any time, are present at the Designated Areas and Other Sites, including a record of the date of the access to such areas and sites (it is agreed that such record can be in the form of a daily presence list). If requested by the Customer, the Service Provider shall provide a copy of such records to the Customer as soon as reasonably possible, but in any event within three (3) Business Days following receipt of the request from the Customer;
7.1.5
without prejudice to clause 15 (Personnel), if the Customer reasonably objects for operational reasons to the presence of any Service Provider Personnel or of the Service Provider’s agents and sub-contractors on any of the Designated Areas or Other Sites and the Customer notifies the Service Provider giving its reasons, promptly on receipt of such notification ensure that those Service Provider Personnel or agents and sub-contractors leave the Designated Areas or Other Sites, as applicable; and
7.1.6
not cause any damage to the Designated Areas or Other Sites. If the Service Provider does not comply with this obligation, it shall at the request of the Customer remove any alterations or additions to the Customer Sites and make good any damage caused to the reasonable satisfaction of the Customer except where damage, alterations or additions are necessary for the provision of the Services and the Customer’s prior written consent has been obtained.
7.2
Upon the Site Licence coming to an end in accordance with paragraph 2.2:
7.2.1
the Service Provider shall:
(a)
cease to operate on the Customer’s Sites and shall remove its employees, agents and sub-contractors from the Customer’s Sites; and




(b)
immediately return to the Customer all ID security cards issued in accordance with paragraph 5.2.1.
7.2.2
if the Service Provider leaves any goods or materials on the Customer’s Sites, the Customer may remove them from the Customer’s Sites, store and then dispose of them if they are not claimed by the Service Provider within two (2) weeks after the Site Licence comes to an end. The costs of removal, storage and disposal of any unusual or hazardous items or materials are to be paid by the Service Provider to the Customer on demand with credit being given for any sums received on their disposal.
7.3
The Service Provider shall be responsible for damage to the Sites caused by any Service Provider Personnel or agent or sub-contractor of the Service Provider or for any other breach of this Schedule (22) by virtue of their contract of employment or contract for service.














APPENDIX 1
DESIGNATED AREAS
During Transition, the parties shall identify any Designated Areas (if any), and shall update the table below accordingly.
Location
Address
Europe
The description of location within building including designated desks provided and the number of designated desks provided will be agreed within the Detailed Design Phase.
Plantation Place
30 Fenchurch Street
London
EC3M 3BD
The description of location within building including designated desks provided and the number of designated desks provided will be agreed within the Detailed Design Phase
Waterhouse Business Centre
Chelmsford
UK
The description of location within building including designated desks provided and the number of designated desks provided will be agreed within the Detailed Design Phase
3 Brindley Place
Birmingham
UK
The description of location within building including designated desks provided and the number of designated desks provided will be agreed within the Detailed Design Phase
Lansdowne Building
Croydon
UK
The description of location within building including designated desks provided and the number of designated desks provided will be agreed within the Detailed Design Phase
Aztec Centre
Bristol
UK
The description of location within building including designated desks provided and the number of designated desks provided will be agreed within the Detailed Design Phase
144 West George Street
Glasgow
UK
The description of location within building including designated desks provided and the number of designated desks provided will be agreed within the Detailed Design Phase
17 Marble Street
Manchester
UK
The description of location within building including designated desks provided and the number of designated desks provided will be agreed within the Detailed Design Phase
2430/ 2440 The Quadrant
Bristol
UK




The description of location within building including designated desks provided and the number of designated desks provided will be agreed within the Detailed Design Phase
2 Bond Court
Leeds
UK
The description of location within building including designated desks provided and the number of designated desks provided will be agreed within the Detailed Design Phase
Sihlstrasse 38
Zurich
Switzerland
The description of location within building including designated desks provided and the number of designated desks provided will be agreed within the Detailed Design Phase
48 Avenue Victor Hugo
Paris
France
The description of location within building including designated desks provided and the number of designated desks provided will be agreed within the Detailed Design Phase
2 Harbourmaster Place
Dublin
Ireland
United States

The description of location within building including designated desks provided and the number of designated desks provided will be agreed within the Detailed Design Phase
175 Capital Boulevard
Suite 300
Rocky Hill, CT 06067
The description of location within building including designated desks provided and the number of designated desks provided will be agreed within the Detailed Design Phase
590 Madison Ave
7th Floor
New York, NY 10022
The description of location within building including designated desks provided and the number of designated desks provided will be agreed within the Detailed Design Phase
125 Summer Street
Boston, MA

The description of location within building including designated desks provided and the number of designated desks provided will be agreed within the Detailed Design Phase
One Lincoln Centre
Oakbrook Terrace
United States

The description of location within building including designated desks provided and the number of designated desks provided will be agreed within the Detailed Design Phase
3500 Lenox Road
Suite 1710
Atlanta, Georgia

The description of location within building including designated desks provided and the number of designated desks provided will be agreed within the Detailed Design Phase
777 Lake Zurich Road
Barrington
United States





The description of location within building including designated desks provided and the number of designated desks provided will be agreed within the Detailed Design Phase
2121 North California Blvd
Walnut Creek
United States
The description of location within building including designated desks provided and the number of designated desks provided will be agreed within the Detailed Design Phase
777 South Figueroa Street
Los Angeles, CA

The description of location within building including designated desks provided and the number of designated desks provided will be agreed within the Detailed Design Phase
225 Manhattan Beach Blvd
Manhattan Beach
United States
The description of location within building including designated desks provided and the number of designated desks provided will be agreed within the Detailed Design Phase
1 Pennsylvania Plaza
New York, NY

The description of location within building including designated desks provided and the number of designated desks provided will be agreed within the Detailed Design Phase
999 Brickell Avenue
Miami, FL 
The description of location within building including designated desks provided and the number of designated desks provided will be agreed within the Detailed Design Phase
840 W. Sam Houston Parkway N.
Houston, TX

The description of location within building including designated desks provided and the number of designated desks provided will be agreed within the Detailed Design Phase
101 Hudson Street
Jersey City
United States
The description of location within building including designated desks provided and the number of designated desks provided will be agreed within the Detailed Design Phase
135 Main Street
San Francisco, CA
The description of location within building including designated desks provided and the number of designated desks provided will be agreed within the Detailed Design Phase
11414 West Park Place
Milwaukee, Wisconsin

The description of location within building including designated desks provided and the number of designated desks provided will be agreed within the Detailed Design Phase
7557 Rambler Dr
Dallas, TX





The description of location within building including designated desks provided and the number of designated desks provided will be agreed within the Detailed Design Phase
30 S Wacker Drive
Chicago, IL

The description of location within building including designated desks provided and the number of designated desks provided will be agreed within the Detailed Design Phase
600 Eagleview Blvd
Exton
United States
The description of location within building including designated desks provided and the number of designated desks provided will be agreed within the Detailed Design Phase
11350 McCormick Road
Hunt Valley
United States
Rest of the World

The description of location within building including designated desks provided and the number of designated desks provided will be agreed within the Detailed Design Phase
264 George Street
Sydney
Australia
The description of location within building including designated desks provided and the number of designated desks provided will be agreed within the Detailed Design Phase
701 Ave. Ponce de Leon
Puerto Rico
The description of location within building including designated desks provided and the number of designated desks provided will be agreed within the Detailed Design Phase
141 Front Street
Hamilton
Bermuda
The description of location within building including designated desks provided and the number of designated desks provided will be agreed within the Detailed Design Phase
1 Raffles Place
Singapore
The description of location within building including designated desks provided and the number of designated desks provided will be agreed within the Detailed Design Phase
138 Market Street
Singapore
The description of location within building including designated desks provided and the number of designated desks provided will be agreed within the Detailed Design Phase
Gate Precinct Building 3 – Level 5
Office 508
DIFC
Dubai, UAE
PO Box 507047
[***]
[***]





[***]
[***]

[***]
[***]



Stock widget

Investing forum

ASPEN INSURANCE HOLDINGS LTD Reports