Common use of GENERAL PRINCIPLES AND REQUIREMENTS Clause in Contracts

GENERAL PRINCIPLES AND REQUIREMENTS. 3.1 The BCDR Plan shall: 3.1.1 set out how its business continuity and disaster recovery elements link to each other; 3.1.2 provide details of how the invocation of any element of the BCDR Plan may impact upon the operation of the Services; 3.1.3 contain an obligation upon the Supplier to liaise with the Customer and (at the Customer's request) any Related Service Provider with respect to issues concerning business continuity and disaster recovery where applicable; 3.1.4 detail how the BCDR Plan links and interoperates with any overarching and/or connected disaster recovery or business continuity plan of the Customer and any of its other Related Service Providers as notified to the Supplier by the Customer from time to time; 3.1.5 contain a communication strategy including details of an incident and problem management service and advice and help desk facility which can be accessed via multi-channels (including but without limitation a web-site (with FAQs), e-mail, phone and fax) for both portable and desk top configurations, where required by the Customer; 3.1.6 contain a risk analysis, including: 3.1.6.1 failure or disruption scenarios and assessments and estimates of frequency of occurrence; 3.1.6.2 identification of any single points of failure within the Services and processes for managing the risks arising therefrom; 3.1.6.3 identification of risks arising from the interaction of the Services with the services provided by a Related Service Provider; and 3.1.6.4 a business impact analysis (detailing the impact on business processes and operations) of different anticipated failures or disruptions; 3.1.7 provide for documentation of processes, including business processes, and procedures; 3.1.8 set out key contact details (including roles and responsibilities) for the Supplier (and any Sub-contractors) and for the Customer; 3.1.9 identify the procedures for reverting to "normal service"; 3.1.10 set out method(s) of recovering or updating data collected (or which ought to have been collected) during a failure or disruption to ensure that there is no more than [ ] of data loss and to preserve data integrity; [Guidance: Consider what an acceptable percentage of data loss would be and insert above.] 3.1.11 identify the responsibilities (if any) that the Customer has agreed it will assume in the event of the invocation of the BCDR Plan; and 3.1.12 provide for the provision of technical advice and assistance to key contacts at the Customer as notified by the Customer from time to time to inform decisions in support of the Customer‟s business continuity plans. 3.2 The BCDR Plan shall be designed so as to ensure that: 3.2.1 the Services are provided in accordance with the Contract at all times during and after the invocation of the BCDR Plan; 3.2.2 the adverse impact of any Disaster, service failure, or disruption on the operations of the Customer is minimal as far as reasonably possible; 3.2.3 it aligns with the relevant provisions of ISO/IEC17799:2000, BS15000 (as amended) and all other industry standards from time to time in force; and 3.2.4 there is a process for the management of disaster recovery testing detailed in the BCDR Plan. 3.3 The BCDR Plan must be upgradeable and sufficiently flexible to support any changes to the Services or to the business processes facilitated by and the business operations supported by the Services. 3.4 The Supplier shall not be entitled to any relief from its obligations under the Service Levels or to any increase in the Contract Charges to the extent that a Disaster occurs as a consequence of any breach by the Supplier of this Contract.

GENERAL PRINCIPLES AND REQUIREMENTS. 3.1 The BCDR Plan shall: 3.1.1 set out how its business continuity and disaster recovery elements link to each other; 3.1.2 provide details of how the invocation of any element of the BCDR Plan may impact upon the operation of the Services; 3.1.3 contain an obligation upon the Supplier to liaise with the Customer and (at the Customer's request) any Related Service Provider with respect to issues concerning business continuity and disaster recovery where applicable; 3.1.4 detail how the BCDR Plan links and interoperates with any overarching and/or connected disaster recovery or business continuity plan of the Customer and any of its other Related Service Providers as notified to the Supplier by the Customer from time to time; 3.1.5 contain a communication strategy including details of an incident and problem management service and advice and help desk facility which can be accessed via multi-channels (including but without limitation a web-site (with FAQs), e-mail, phone and fax) for both portable and desk top configurations, where required by the Customer; 3.1.6 contain a risk analysis, including: 3.1.6.1 failure or disruption scenarios and assessments and estimates of frequency of occurrence; 3.1.6.2 identification of any single points of failure within the Services and processes for managing the risks arising therefrom; 3.1.6.3 identification of risks arising from the interaction of the Services with the services provided by a Related Service Provider; and 3.1.6.4 a business impact analysis (detailing the impact on business processes and operations) of different anticipated failures or disruptions; 3.1.7 provide for documentation of processes, including business processes, and procedures; 3.1.8 set out key contact details (including roles and responsibilities) for the Supplier (and any Sub-contractors) and for the Customer; 3.1.9 identify the procedures for reverting to "normal service"; 3.1.10 set out method(s) of recovering or updating data collected (or which ought to have been collected) during a failure or disruption to ensure that there is no more than [ ] of data loss and to preserve data integrity; [Guidance: Consider what an acceptable percentage of data loss would be and insert above.] 3.1.11 identify the responsibilities (if any) that the Customer has agreed it will assume in the event of the invocation of the BCDR Plan; and 3.1.12 provide for the provision of technical advice and assistance to key contacts at the Customer as notified by the Customer from time to time to inform decisions in support of the Customer‟s Customer’s business continuity plans. 3.2 The BCDR Plan shall be designed so as to ensure that: 3.2.1 the Services are provided in accordance with the Contract at all times during and after the invocation of the BCDR Plan; 3.2.2 the adverse impact of any Disaster, service failure, or disruption on the operations of the Customer is minimal as far as reasonably possible; 3.2.3 it aligns with the relevant provisions of ISO/IEC17799:2000, BS15000 (as amended) and all other industry standards from time to time in force; and 3.2.4 there is a process for the management of disaster recovery testing detailed in the BCDR Plan. 3.3 The BCDR Plan must be upgradeable and sufficiently flexible to support any changes to the Services or to the business processes facilitated by and the business operations supported by the Services. 3.4 The Supplier shall not be entitled to any relief from its obligations under the Service Levels or to any increase in the Contract Charges to the extent that a Disaster occurs as a consequence of any breach by the Supplier of this Contract.

GENERAL PRINCIPLES AND REQUIREMENTS. 3.1 The BCDR Plan shall: 3.1.1 set out how its business continuity and disaster recovery elements link to each other; 3.1.2 provide details of how the invocation of any element of the BCDR Plan may impact upon the operation of the Services; 3.1.3 contain an obligation upon the Supplier to liaise with the Customer Contracting Body and (at the CustomerContracting Body's request) any Related Service Provider Supplier with respect to issues concerning business continuity and disaster recovery where applicable; 3.1.4 detail how the BCDR Plan links and interoperates with any overarching and/or connected disaster recovery or business continuity plan of the Customer Contracting Body and any of its the Contracting Body’s other Related Service Providers Suppliers as notified to the Supplier by the Customer Contracting Body from time to time; 3.1.5 contain a communication strategy including details of an incident Incident and problem management service and advice and help desk facility which can be accessed via multi-channels (including but without limitation limitation, via a web-site (with FAQs), e-mailemail, phone and fax) for both portable and desk top desktop configurations, where required by the CustomerContracting Body; 3.1.6 contain a risk analysis, including: 3.1.6.1 failure or disruption scenarios and assessments and estimates of frequency of occurrence; 3.1.6.2 identification of any single points of failure within the Services and processes for managing the risks arising therefrom; 3.1.6.3 identification of risks arising from the interaction of the Services with the services Services provided by a Related Service ProviderSupplier; and 3.1.6.4 a business impact analysis (detailing the impact on business processes and operations) of different anticipated failures or disruptions; 3.1.7 provide for documentation of processes, including business processes, and procedures; 3.1.8 set out key contact details (including roles and responsibilities) for the Supplier (and any Sub-contractorsSub- Contractors) and for the CustomerContracting Body; 3.1.9 identify the procedures for reverting to "normal service"; 3.1.10 set out method(s) of recovering or updating data collected (or which ought to have been collected) during a failure or disruption to ensure that there is no more than [ ] of data loss and to preserve data integrity; [Guidance: Consider what an acceptable percentage of data loss would be and insert above.]; 3.1.11 identify the responsibilities (if any) that the Customer Contracting Body has agreed it will assume in the event of the invocation of the BCDR Plan; and 3.1.12 provide for the provision of technical advice and assistance to key contacts at the Customer Contracting Body as notified by the Customer Contracting Body from time to time to inform decisions in support of the Customer‟s Contracting Body's business continuity plans.. Schedule 2: Business Continuity and Disaster Recovery Telephony Services 3.2 The BCDR Plan shall be designed so as to ensure that: 3.2.1 the Services are provided in accordance with the Contract at all times during and after the invocation of the BCDR Plan; 3.2.2 the adverse impact of any Disaster, service failureServices Failure, or disruption on the operations of the Customer Contracting Body is minimal as far as reasonably possible; 3.2.3 it aligns with the relevant provisions of ISO/IEC17799:2000, BS15000 (as amended) and all other industry standards from time to time in force; and 3.2.4 there is a process for the management of disaster recovery testing detailed in the BCDR Plan. 3.3 The BCDR Plan must be upgradeable and sufficiently flexible to support any changes to the Services or to the business processes facilitated by and the business operations supported by the Services. 3.4 The Supplier shall not be entitled to any relief from its obligations under the Service Levels or to any increase in the Contract Charges to the extent that a Disaster occurs as a consequence of any breach by the Supplier of this Contract.

GENERAL PRINCIPLES AND REQUIREMENTS. 3.1 The BCDR Plan shall: 3.1.1 set out how its the business continuity and disaster recovery elements of the Plan link to each other; 3.1.2 provide details of how the invocation of any element of the BCDR Plan may impact upon the operation of the ServicesServices [and any services provided to the Authority by a Related Service Provider]; 3.1.3 contain an obligation upon the Supplier Contractor to liaise with the Customer Authority and (at the CustomerAuthority's request) any Related Service Provider with respect to issues concerning business continuity and disaster recovery where applicable; 3.1.4 detail how the BCDR Plan links and interoperates with any overarching and/or connected disaster recovery or business continuity plan of the Customer Authority and any of its other Related Service Providers as notified to the Supplier Contractor by the Customer Authority from time to time; 3.1.5 contain a communication strategy including details of an incident and problem management service [and advice and help desk facility which can be accessed via multi-channels (including but without limitation a web-site (with FAQs), e-mail, phone and fax) for both portable and desk top configurations, where required by the CustomerAuthority;] 3.1.6 contain a risk analysis, including: 3.1.6.1 failure or disruption scenarios and assessments and estimates of frequency of occurrence; 3.1.6.2 identification of any single points of failure within the Services and processes for managing the risks arising therefrom; 3.1.6.3 identification of risks arising from the interaction of the Services with the services provided by a Related Service Provider; and 3.1.6.4 a business impact analysis (detailing the impact on business processes and operations) of different anticipated failures or disruptions; 3.1.7 provide for documentation of processes, including business processes, and procedures; 3.1.8 set out key contact details (including roles and responsibilities) for the Supplier Contractor (and any Sub-contractorsContractors) and for the CustomerAuthority; 3.1.9 identify the procedures for reverting to "normal service"; 3.1.10 set out method(s) of recovering or updating data collected (or which ought to have been collected) during a failure or disruption to ensure that there is no more than [ ] of data loss and to preserve data integrity; [Guidance: Consider what an acceptable percentage of data loss would be and insert above.appropriate time period] 3.1.11 identify the responsibilities (if any) that the Customer Authority has agreed it will assume in the event of the invocation of the BCDR Plan; andand [Guidance: Consider recording the responsibilities in schedule 3 (Authority responsible] 3.1.12 [provide for the provision of technical advice and assistance to key contacts at the Customer Authority as notified by the Customer Authority from time to time to inform decisions in support of the Customer‟s Authority’s business continuity plans.] 3.2 The BCDR Plan shall be designed so as to ensure that: 3.2.1 the Services are provided in accordance with the Contract Agreement at all times during and after the invocation of the BCDR Plan; 3.2.2 the adverse impact of any Disaster, service failure, or disruption on the operations of the Customer Authority is minimal as far as reasonably possible; 3.2.3 it aligns complies with the relevant provisions of ISO/IEC17799:2000, BS15000 (as amended) and all other industry standards from time to time in force; and 3.2.4 there is a process for the management of disaster recovery testing detailed in the BCDR Plan. 3.3 The BCDR Plan must be upgradeable and sufficiently flexible to support any changes to the Services or to the business processes facilitated by and the business operations supported by the Services. 3.4 The Supplier shall not be entitled to any relief from its obligations under the Service Levels or to any increase in the Contract Charges to the extent that a Disaster occurs as a consequence of any breach by the Supplier of this Contract.

GENERAL PRINCIPLES AND REQUIREMENTS. 3.1 The BCDR Plan shall: 3.1.1 set out how its business continuity and disaster recovery elements link to each other; 3.1.2 provide details of how the invocation of any element of the BCDR Plan may impact upon the operation of the Services; 3.1.3 contain an obligation upon the Supplier to liaise with the Customer and (at the Customer's request) any Related Service Provider Supplier with respect to issues concerning business continuity and disaster recovery where applicable; 3.1.4 detail how the BCDR Plan links and interoperates with any overarching and/or connected disaster recovery or business continuity plan of the Customer and any of its other Related Service Providers Suppliers as notified to the Supplier by the Customer from time to time; 3.1.5 contain a communication strategy including details of an incident and problem management service and advice and help desk facility which can be accessed via multi-channels (including but without limitation a web-site (with FAQs), e-mail, phone and fax) for both portable and desk top configurations, where required by the Customer; 3.1.6 contain a risk analysis, including: 3.1.6.1 failure or disruption scenarios and assessments and estimates of frequency of occurrence; 3.1.6.2 identification of any single points of failure within the Services and processes for managing the risks arising therefrom; 3.1.6.3 identification of risks arising from the interaction of the Services with the services provided by a Related Service ProviderSupplier ; and 3.1.6.4 a business impact analysis (detailing the impact on business processes and operations) of different anticipated failures or disruptions; 3.1.7 provide for documentation of processes, including business processes, and procedures; 3.1.8 set out key contact details (including roles and responsibilities) for the Supplier (and any Sub-contractors) and for the Customer; 3.1.9 identify the procedures for reverting to "normal service"; 3.1.10 set out method(s) of recovering or updating data collected (or which ought to have been collected) during a failure or disruption to ensure that there is no more than [ ] of data loss and to preserve data integrity; [Guidance: Consider what an acceptable percentage of data loss would be and insert above.] 3.1.11 identify the responsibilities (if any) that the Customer has agreed it will assume in the event of the invocation of the BCDR Plan; and 3.1.12 provide for the provision of technical advice and assistance to key contacts at the Customer as notified by the Customer from time to time to inform decisions in support of the Customer‟s Customer’s business continuity plans. 3.2 The BCDR Plan shall be designed so as to ensure that: 3.2.1 the Services are provided in accordance with the Contract at all times during and after the invocation of the BCDR Plan; 3.2.2 the adverse impact of any Disaster, service failure, or disruption on the operations of the Customer is minimal as far as reasonably possible; 3.2.3 it aligns with the relevant provisions of ISO/IEC17799:2000, BS15000 (as amended) and all other industry standards from time to time in force; and 3.2.4 there is a process for the management of disaster recovery testing detailed in the BCDR Plan. 3.3 The BCDR Plan must be upgradeable and sufficiently flexible to support any changes to the Services or to the business processes facilitated by and the business operations supported by the Services. 3.4 The Supplier shall not be entitled to any relief from its obligations under the Service Levels or to any increase in the Contract Charges to the extent that a Disaster occurs as a consequence of any breach by the Supplier of this Contract.

GENERAL PRINCIPLES AND REQUIREMENTS. 3.1 The BCDR Plan shall: 3.1.1 set out how its business continuity and disaster recovery elements link to each other; 3.1.2 provide details of how the invocation of any element of the BCDR Plan may impact upon the operation of the Services; 3.1.3 contain an obligation upon the Supplier to liaise with the Customer and (at the Customer's request) any Related Service Provider with respect to issues concerning business continuity and disaster recovery where applicable; 3.1.4 detail how the BCDR Plan links and interoperates with any overarching and/or connected disaster recovery or business continuity plan of the Customer and any of its other Related Service Providers as notified to the Supplier by the Customer from time to time; 3.1.5 contain a communication strategy including details of an incident and problem management service and advice and help desk facility which can be accessed via multi-channels (including but without limitation a web-site (with FAQs), e-mail, phone and fax) for both portable and desk top configurations, where required by the Customer; 3.1.6 contain a risk analysis, including: 3.1.6.1 failure or disruption scenarios and assessments and estimates of frequency of occurrence; 3.1.6.2 identification of any single points of failure within the Services and processes for managing the risks arising therefrom; 3.1.6.3 identification of risks arising from the interaction of the Services with the services provided by a Related Service Provider; and 3.1.6.4 a business impact analysis (detailing the impact on business processes and operations) of different anticipated failures or disruptions; 3.1.7 provide for documentation of processes, including business processes, and procedures; 3.1.8 set out key contact details (including roles and responsibilities) for the Supplier (and any Sub-contractors) and for the Customer; 3.1.9 identify the procedures for reverting to "normal service"; 3.1.10 set out method(s) of recovering or updating data collected (or which ought to have been collected) during a failure or disruption to ensure that there is no more than [ ] of data loss and to preserve data integrity; [Guidance: Consider what an acceptable percentage of data loss would be and insert above.] 3.1.11 identify the responsibilities (if any) that the Customer has agreed it will assume in the event of the invocation of the BCDR Plan; and 3.1.12 provide for the provision of technical advice and assistance to key contacts at the Customer as notified by the Customer from time to time to inform decisions in support of the Customer‟s business continuity plans. 3.2 The BCDR Plan shall be designed so as to ensure that: 3.2.1 the Services are provided in accordance with the Contract at all times during and after the invocation of the BCDR Plan; 3.2.2 the adverse impact of any Disaster, service failure, or disruption on the operations of the Customer is minimal as far as reasonably possible; 3.2.3 it aligns with the relevant provisions of ISO/IEC17799:2000, BS15000 (as amended) and all other industry standards from time to time in force; and 3.2.4 there is a process for the management of disaster recovery testing detailed in the BCDR Plan. 3.3 The BCDR Plan must be upgradeable and sufficiently flexible to support any changes to the Services or to the business processes facilitated by and the business operations supported by the Services. 3.4 The Supplier shall not be entitled to any relief from its obligations under the Service Levels or to any increase in the Contract Charges to the extent that a Disaster occurs as a consequence of any breach by the Supplier of this Contract.

GENERAL PRINCIPLES AND REQUIREMENTS. 3.1 The BCDR Plan shall: 3.1.1 set out how its the business continuity and disaster recovery elements of the BCDR Plan link to each other; 3.1.2 provide details of how the invocation of any element of the BCDR Plan may impact upon the operation of the ServicesOrdered IT Products and any services provided to the CUSTOMER by a Related Service Provider; 3.1.3 contain an obligation upon the Supplier CONTRACTOR to liaise with the Customer CUSTOMER and (at the CustomerCUSTOMER's request) any Related Service Provider with respect to issues concerning business continuity and disaster recovery where applicable; 3.1.4 detail how the BCDR Plan links and interoperates with any overarching and/or connected disaster recovery or business continuity plan of the Customer CUSTOMER and any of its other Related Service Providers as notified to the Supplier CONTRACTOR by the Customer CUSTOMER from time to time; 3.1.5 contain a communication strategy including details of an incident and problem management service and advice and help desk facility which can be accessed via multi-channels (including but without limitation a web-site website (with FAQs), e-mail, phone and fax) for both portable and desk top configurations, where required by the Customer;, 3.1.6 contain a risk analysis, including: 3.1.6.1 failure or disruption scenarios and assessments and estimates of frequency of occurrence; 3.1.6.2 identification of any single points of failure within the Services Ordered IT Products and processes for managing the risks arising therefromthere from; 3.1.6.3 identification of risks arising from the interaction of the Services Ordered IT Products with the services provided by a Related Service Provider; and 3.1.6.4 a business impact analysis (detailing the impact on business processes and operations) of different anticipated failures or disruptions; 3.1.7 provide for documentation of processes, including business processes, and procedures; 3.1.8 set out key contact details (including roles and responsibilities) for the Supplier CONTRACTOR (and any Sub-contractorsContractors) and for the CustomerCUSTOMER; 3.1.9 identify the procedures for reverting to "normal service"; 3.1.10 set out method(s) of recovering or updating data collected (or which ought to have been collected) during a failure or disruption to ensure that there is no more than [ ] a maximum of 24 hours worth of data loss and to preserve data integrity; [Guidance: Consider what an acceptable percentage of data loss would be and insert above.]; 3.1.11 identify the responsibilities (if any) that the Customer CUSTOMER has agreed it will assume in the event of the invocation of the BCDR Plan; and 3.1.12 provide for the provision of technical advice and assistance to key contacts at the Customer CUSTOMER as notified by the Customer CUSTOMER from time to time to inform decisions in support of the Customer‟s CUSTOMER’s business continuity plans. 3.2 The BCDR Plan shall be designed so as to ensure that: 3.2.1 the Services are provided in accordance with the Contract at all times during and after the invocation of the BCDR Plan; 3.2.2 the adverse impact of any Disaster, service failure, or disruption on the operations of the Customer is minimal as far as reasonably possible; 3.2.3 it aligns with the relevant provisions of ISO/IEC17799:2000, BS15000 (as amended) and all other industry standards from time to time in force; and 3.2.4 there is a process for the management of disaster recovery testing detailed in the BCDR Plan. 3.3 The BCDR Plan must be upgradeable and sufficiently flexible to support any changes to the Services or to the business processes facilitated by and the business operations supported by the Services. 3.4 The Supplier shall not be entitled to any relief from its obligations under the Service Levels or to any increase in the Contract Charges to the extent that a Disaster occurs as a consequence of any breach by the Supplier of this Contract.

GENERAL PRINCIPLES AND REQUIREMENTS. 3.1 The BCDR Plan shall: 3.1.1 set out how its the business continuity and disaster recovery elements of the BCDR Plan link to each other; 3.1.2 provide details of how the invocation of any element of the BCDR Plan may impact upon the operation of the ServicesOrdered IT Products and any services provided to the CUSTOMER by a Related Service Provider; 3.1.3 contain an obligation upon the Supplier CONTRACTOR to liaise with the Customer CUSTOMER and (at the CustomerCUSTOMER's request) any Related Service Provider with respect to issues concerning business continuity and disaster recovery where applicable; 3.1.4 detail how the BCDR Plan links and interoperates with any overarching and/or connected disaster recovery or business continuity plan of the Customer CUSTOMER and any of its other Related Service Providers as notified to the Supplier CONTRACTOR by the Customer CUSTOMER from time to time; 3.1.5 contain a communication strategy including details of an incident and problem management service and advice and help desk facility which can be accessed via multi-channels (including but without limitation a web-site (with FAQs), e-mail, phone and fax) for both portable and desk top configurations, where required by the Customerservice; 3.1.6 contain a risk analysis, including: 3.1.6.1 failure or disruption scenarios and assessments and estimates of frequency of occurrence; 3.1.6.2 identification of any single points of failure within the Services Ordered IT Products and processes for managing the risks arising therefrom; 3.1.6.3 identification of risks arising from the interaction of the Services Ordered IT Products with the services provided by a Related Service Provider; and 3.1.6.4 a business impact analysis (detailing the impact on business processes and operations) of different anticipated failures or disruptions; 3.1.7 provide for documentation of processes, including business processes, and procedures; 3.1.8 set out key contact details (including roles and responsibilities) for the Supplier CONTRACTOR (and any Sub-contractorsContractors) and for the CustomerCUSTOMER; 3.1.9 identify the procedures for reverting to "normal service"; 3.1.10 set out method(s) of recovering or updating data collected (or which ought to have been collected) during a failure or disruption to ensure that there is no more than [ ] 0% of data loss and to preserve data integrity; [Guidance: Consider what an acceptable percentage of data loss would be and insert above.]; 3.1.11 identify the responsibilities (if any) that the Customer CUSTOMER has agreed it will assume in the event of the invocation of the BCDR Plan; and 3.1.12 provide for the provision of technical advice and assistance to key contacts at the Customer CUSTOMER as notified by the Customer CUSTOMER from time to time to inform decisions in support of the Customer‟s CUSTOMER’s business continuity plans. 3.2 The BCDR Plan shall be designed so as to ensure that: 3.2.1 the Services are provided in accordance with the Contract at all times during and after the invocation of the BCDR Plan; 3.2.2 the adverse impact of any Disaster, service failure, or disruption on the operations of the Customer is minimal as far as reasonably possible; 3.2.3 it aligns with the relevant provisions of ISO/IEC17799:2000, BS15000 (as amended) and all other industry standards from time to time in force; and 3.2.4 there is a process for the management of disaster recovery testing detailed in the BCDR Plan. 3.3 The BCDR Plan must be upgradeable and sufficiently flexible to support any changes to the Services or to the business processes facilitated by and the business operations supported by the Services. 3.4 The Supplier shall not be entitled to any relief from its obligations under the Service Levels or to any increase in the Contract Charges to the extent that a Disaster occurs as a consequence of any breach by the Supplier of this Contract.

GENERAL PRINCIPLES AND REQUIREMENTS. 3.1 The BCDR Plan shall: 3.1.1 set out how its the business continuity and disaster recovery elements of the BCDR Plan link to each other; 3.1.2 provide details of how the invocation implementation of any element of the BCDR Plan may impact upon the operation of the ServicesGoods and/or Services and any services provided to the Authority by a Related Service Provider and/or by a Sub-Contractor to the Contractor; 3.1.3 contain an obligation upon the Supplier Contractor to liaise with the Customer Authority and (at the CustomerAuthority's request) any Related Service Provider and/or Sub-Contractor with respect to issues concerning business continuity and disaster recovery where applicable; 3.1.4 detail how the BCDR Plan links and interoperates with any overarching and/or connected disaster recovery or business continuity plan of the Customer Authority and any of its other Related Service Providers as notified to the Supplier Contractor by the Customer Authority from time to time; 3.1.5 where required by the Authority, contain a communication strategy including details of an incident and problem management service and advice and help desk facility which can be accessed via multi-channels (including but without limitation a web-site (with FAQs), e-mail, phone and fax) for both portable and desk top configurations, where required by the CustomerAuthority; 3.1.6 contain a risk analysis, including: 3.1.6.1 failure or disruption scenarios and assessments and estimates of frequency of occurrence; 3.1.6.2 identification of any single points of failure within the Goods and/or Services and processes for managing the risks arising therefrom; 3.1.6.3 3.1.6.2 identification of risks arising from the interaction of the Goods and/or Services with the services provided by a Related Service Provider; andProvider and/or a Sub-Contractor; 3.1.6.4 3.1.6.3 a business impact analysis (detailing the impact on business processes and operations) of different anticipated failures or disruptions; 3.1.6.4 where required by the Authority, failure or disruption scenarios and assessments and estimates of frequency of occurrence; 3.1.7 provide for documentation of processes, including business processes, and procedures; 3.1.8 set out key contact details (including roles and responsibilities) for the Supplier Contractor (and any Sub-contractorsContractors) and for the CustomerAuthority; 3.1.9 identify the procedures for reverting to "normal service"; 3.1.10 set out method(s) of recovering or updating data collected (or which ought to have been collected) during a failure or disruption to ensure that there is no more than [ ] of the data loss does not exceed the amount set out in Schedule 1 (Specification Schedule) and to preserve data integrity; [Guidance: Consider what an acceptable percentage of data loss would be and insert above.]; 3.1.11 identify the responsibilities (if any) that the Customer Authority has agreed it will assume in the event of the invocation of the BCDR Plan; and 3.1.12 provide for the provision of technical advice and assistance to key contacts at the Customer as notified by the Customer from time to time to inform decisions in support of the Customer‟s business continuity plans. 3.2 The BCDR Plan shall be designed so as to ensure that: 3.2.1 the Services are provided in accordance with the Contract at all times during and after the invocation of the BCDR Plan; 3.2.2 the adverse impact of any Disaster, service failure, or disruption on the operations of the Customer is minimal as far as reasonably possible; 3.2.3 it aligns with the relevant provisions of ISO/IEC17799:2000, BS15000 (as amended) and all other industry standards from time to time in force; and 3.2.4 there is a process for the management of disaster recovery testing detailed in the BCDR Plan. 3.3 The BCDR Plan must be upgradeable and sufficiently flexible to support any changes to the Services or to the business processes facilitated by and the business operations supported by the Services. 3.4 The Supplier shall not be entitled to any relief from its obligations under the Service Levels or to any increase in the Contract Charges to the extent that a Disaster occurs as a consequence of any breach by the Supplier of this Contract.