Common use of DISASTER RECOVERY ELEMENT - PRINCIPLES AND CONTENTS Clause in Contracts

DISASTER RECOVERY ELEMENT - PRINCIPLES AND CONTENTS. The Disaster Recovery Plan shall be designed so as to ensure that upon the occurrence of a Disaster the Service Provider ensures continuity of the business operations of the Authority and Contracting Bodies supported by the Services following any Disaster or during any period of service failure or disruption with, as far as reasonably possible, minimal adverse impact. The Disaster Recovery Plan shall only be invoked upon the occurrence of a Disaster. The Disaster Recovery Plan shall to the extent agreed as necessary with the Authority include the following: the technical design and build specification of the Disaster Recovery System; details of the procedures and processes to be put in place by the Service Provider and any Sub-Contractor in relation to the Disaster Recovery System and the provision of the Disaster Recovery Services and any testing of the same including but not limited to the following: data centre and disaster recovery site audits; backup methodology and details of the Service Provider's approach to data back-up and data verification; identification of all potential disaster scenarios; risk analysis; documentation of processes and procedures; hardware configuration details; network planning including details of all relevant data networks and communication links; invocation rules; Services recovery procedures; steps to be taken upon Services resumption to address any prevailing effect of the Services failure or disruption; any applicable service levels with respect to the provision of Disaster Recovery Services and details of any agreed relaxation upon the Service Levels during any period of invocation of the Disaster Recovery Plan; details of how the Service Provider shall ensure compliance with security standards ensuring that compliance is maintained for any period during which the Disaster Recovery Plan is invoked; access controls (to any disaster recovery sites used by the Service Provider or any Sub-Contractor in relation to its obligations pursuant to this Schedule 10); and

DISASTER RECOVERY ELEMENT - PRINCIPLES AND CONTENTS. The Disaster Recovery Plan shall be designed so as to ensure that upon the occurrence of a Disaster the Service Provider Supplier ensures continuity of the business operations of the Authority and Contracting Bodies Customer supported by the Goods and Services following any Disaster or during any period of service failure or disruption with, as far as reasonably possible, minimal adverse impact. The Disaster Recovery Plan shall only be invoked upon the occurrence of a Disaster. The Disaster Recovery Plan shall to the extent agreed as necessary with the Authority include the following: the technical design and build specification of the Disaster Recovery System; details of the procedures and processes to be put in place by the Service Provider Supplier and any Sub-Contractor in relation to the Disaster Recovery System and the provision of the Disaster Recovery Goods and Services and any testing of the same including but not limited to the following: data centre and disaster recovery site audits; backup methodology and details of the Service ProviderSupplier's approach to data back-up and data verification; identification of all potential disaster scenarios; risk analysis; documentation of processes and procedures; hardware configuration details; network planning including details of all relevant data networks and communication links; invocation rules; Goods and Services recovery procedures; steps to be taken upon Goods and Services resumption to address any prevailing effect of the Goods and Services failure or disruption; any applicable service levels Service Levels with respect to the provision of Disaster Recovery Services and details of any agreed relaxation upon the Service Levels during any period of invocation of the Disaster Recovery Plan; details of how the Service Provider Supplier shall ensure compliance with security standards ensuring that compliance is maintained for any period during which the Disaster Recovery Plan is invoked; access controls (to any disaster recovery sites used by the Service Provider Supplier or any Sub-Contractor in relation to its obligations pursuant to this Schedule 105); andand testing and management arrangements.

DISASTER RECOVERY ELEMENT - PRINCIPLES AND CONTENTS. The Disaster Recovery Plan shall be designed so as to ensure that upon the occurrence of a Disaster the Service Provider Supplier ensures continuity of the business operations of the Authority and Contracting Bodies Customer supported by the Services following any Disaster or during any period of service failure or disruption with, as far as reasonably possible, minimal adverse impact. The Disaster Recovery Plan shall only be invoked upon the occurrence of a Disaster. The Disaster Recovery Plan shall to the extent agreed as necessary with the Authority include the following: the technical design and build specification of the Disaster Recovery System; details of the procedures and processes to be put in place by the Service Provider Supplier and any Sub-Contractor contractor in relation to the Disaster Recovery System and the provision of the Disaster Recovery Services and any testing of the same including but not limited to the following: data centre and disaster recovery site audits; backup methodology and details of the Service ProviderSupplier's approach to data back-up and data verification; identification of all potential disaster scenarios; risk analysis; documentation of processes and procedures; hardware configuration details; network planning including details of all relevant data networks and communication links; invocation rules; Services Service recovery procedures; steps to be taken upon Services Service resumption to address any prevailing effect of the Services Service failure or disruption; any applicable service levels Service Levels with respect to the provision of Disaster Recovery Services and details of any agreed relaxation upon the Service Levels during any period of invocation of the Disaster Recovery Plan; details of how the Service Provider Supplier shall ensure compliance with security standards ensuring that compliance is maintained for any period during which the Disaster Recovery Plan is invoked; access controls (to any disaster recovery sites used by the Service Provider Supplier or any Sub-Contractor contractor in relation to its obligations pursuant to this Schedule 10schedule 5); andand testing and management arrangements.

DISASTER RECOVERY ELEMENT - PRINCIPLES AND CONTENTS. The Disaster Recovery Plan shall be designed so as to ensure that upon the occurrence of a Disaster the Service Provider Supplier ensures continuity of the business operations of the Authority and Contracting Bodies Customer supported by the Services following any Disaster or during any period of service failure or disruption with, as far as reasonably possible, minimal adverse impact. The Disaster Recovery Plan shall only be invoked upon the occurrence of a Disaster. The Disaster Recovery Plan shall to the extent agreed as necessary with the Authority include the following: the technical design and build specification of the Disaster Recovery System; details of the procedures and processes to be put in place by the Service Provider Supplier and any Sub-Contractor in relation to the Disaster Recovery System and the provision of the Disaster Recovery Services and any testing of the same including but not limited to the following: data centre and disaster recovery site audits; backup methodology and details of the Service ProviderSupplier's approach to data back-up and data verification; identification of all potential disaster scenarios; risk analysis; documentation of processes and procedures; hardware configuration details; network planning including details of all relevant data networks and communication links; invocation rules; Services recovery procedures; steps to be taken upon Services resumption to address any prevailing effect of the Services failure or disruption; any applicable service levels Service Levels with respect to the provision of Disaster Recovery Services and details of any agreed relaxation upon the Service Levels during any period of invocation of the Disaster Recovery Plan; details of how the Service Provider Supplier shall ensure compliance with security standards ensuring that compliance is maintained for any period during which the Disaster Recovery Plan is invoked; access controls (to any disaster recovery sites used by the Service Provider Supplier or any Sub-Contractor in relation to its obligations pursuant to this Schedule 105); andand testing and management arrangements. PROVISION, REVIEW AND AMENDMENT OF THE BCDR PLAN The Supplier shall provide a draft of the BCDR Plan within twenty (20) Working Days following the Commencement Date. The Supplier shall review part or all of the BCDR Plan (and the risk analysis on which it is based): on a regular basis and as a minimum once every six (6) Months; within three (3) Months of the BCDR Plan (or any part) having been invoked pursuant to paragraph 8 of this Schedule; and where the Customer requests any additional reviews (over and above those provided for in paragraphs 6.2.1 and 6.2.2 of this Schedule) by notifying the Supplier to such effect in writing, whereupon the Supplier shall conduct such reviews in accordance with the Customer's written requirements. The costs of both Parties for any such additional reviews will be met by the Customer. Each review pursuant to paragraph 6.1 of the BCDR Plan shall be a review of the procedures and methodologies set out in the BCDR Plan and shall assess their suitability having regard to any change to the Customer and the Services or any underlying business processes and operations facilitated by or supported by the Services which have taken place since the later of the original approval of the BCDR Plan or the last review of the BCDR Plan and shall also have regard to the occurrence of any event since that date (or the likelihood of any such event taking place in the foreseeable future) which may increase the likelihood of the need to invoke the BCDR Plan. The review shall be completed by the Supplier within the period required by the BCDR Plan or if no such period is required within such period as the Customer shall reasonably require. The Supplier shall, within twenty (20) Working Days of the conclusion of each such review of the BCDR Plan, provide to the Customer a report ("Review Report") setting out: the findings of the review; any changes in the risk profile associated with the Services; and the Supplier's proposals ("Supplier's Proposals") for addressing any changes in the risk profile and its proposals for amendments to the BCDR Plan following the review detailing the impact (if any and to the extent that the Supplier can reasonably be expected to be aware of the same) that the implementation of such proposals may have on any services or systems provided by a third party. The Supplier shall as soon as is reasonably practicable after receiving the Customer's approval of the Supplier's Proposals (having regard to the significance of any risks highlighted in the Review Report) effect any change in its practices or procedures necessary so as to give effect to the Supplier's Proposals. Any such change shall be at the Supplier's expense unless it can be reasonably shown that the changes are required because of a material change to the project’s risk profile.